File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes General Computing and the fly likes Single Sing-in Strategy for Forum, Bog, Wiki Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » General Computing
Bookmark "Single Sing-in Strategy for Forum, Bog, Wiki" Watch "Single Sing-in Strategy for Forum, Bog, Wiki" New topic

Single Sing-in Strategy for Forum, Bog, Wiki

Ashik Uzzaman
Ranch Hand

Joined: Jul 05, 2001
Posts: 2373

I will be building a web site as a volunteer for an IT professionals group where I want to use some open source forum, blog, wiki software written in Java to keep my development time minimal. I have chosen the following components.

Forum - JSForum
Blog - JRoller
Wiki - VeryQuickWiki
Hosting - Java Pipe (They provide Tomcat web hosting)
Event Calendar - I will code it myself with some other additional pages.

I would like to know what should be my optimal single sing-in strategy in this scenario. I want my users to register in my site once and with that username/password he should be able to post messages in forum, edit some wiki topic, open a blog of his own etc.

One way to do this would be, to use forum's database as the primary user database and use one kind of interceptor that checks every request/response for user session and if not found redirects to login page of forum or my custom login page finally to be authenticated with the forum database. In that case, all the user details of wiki and blogs must be the same as in the forum or must be synchronized. Seems a little bit overwork...

Any idea how to do it in a clean way? Thanks in advance.

Ashik Uzzaman
Senior Software Engineer, TubeMogul, Emeryville, CA, USA.
Stan James
(instanceof Sidekick)
Ranch Hand

Joined: Jan 29, 2003
Posts: 8791
Your interceptor idea sounds similar to commercial products like SiteMinder. You could have a stand-alone authentication application and essentially disable authentication in all the other apps. When a request comes in...

I've seen a home-made system do this with filters.

BTW: This is "Identity 1.0". See Dick Hardt's presentations ... Do You Know Dick? and Who's the Dick on Your Site? for some other ideas.

A good question is never answered. It is not a bolt to be tightened into place but a seed to be planted and to bear more seed toward the hope of greening the landscape of the idea. John Ciardi
I agree. Here's the link:
subject: Single Sing-in Strategy for Forum, Bog, Wiki
It's not a secret anymore!