aspose file tools*
The moose likes JForum and the fly likes Single Signon.. automatic login Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » JForum
Bookmark "Single Signon.. automatic login" Watch "Single Signon.. automatic login" New topic
Author

Single Signon.. automatic login

Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
Hi
Thanks for a great open source app.

I have a custom built app with users etc. What will be the easiest way to log them into jforum automatically after they are logged into my app.

Thanks for any help.

[originally posted on jforum.net by Anonymous]
Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
At JForum.java, method service(), remove the call to checkCookies(). Now you'll need to configure some cookies and session manually. Follow these steps:

:arrow: Create an instance of UserSession. It will be necessary to properly configure the session.

:arrow: Set the session id and user id, as well the username.



Now, if you want to have the functionality of displaying the new messages to the user ( the new ones since his last visit ), you should retrieve some information from the database. This is done in the method checkCookies(), and you could use a simmilar approach. In that method, look for the part



it is located at line ~389.

Note that the next lines make a call to



this is where I get the information about the user's session when it enters in the forum for the first time.

The "last" step is where you set the UserSession object you have to an entyr at SessionFacade, calling



A last point: in order to use jforum's DataAccessDriver, you need to have the ThreadLocal stuff configured. As currently there is no public method to do that, put the following code at JForum.java:



Please note that doing that, you are responsible for release the connection from the connection pool.
Also remember that you only need to call configureThreadLocal if you don't make any request to jforum's servlet. In other words, just call this method ( and the other stuff ) and you are your own login / auth system.

Rafael
[originally posted on jforum.net by Rafael Steil]
Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
So I guess to integrate an existing j2ee app with users / access control we'll still have to maintain 2 user tables?
[originally posted on jforum.net by Anonymous]
Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
Hm, it depends. If you want to use your existing users table, you can merge jforum_users and your table, and then alter the .sql files to use your table.
The another solution is to keep two tables, yes. You can use your own table for username, password and email management ( for example ) and then use jforum_users for stuff related only to the message board.

Rafael
[originally posted on jforum.net by Rafael Steil]
Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
This was extremely helpful, thank you!

What I did was modify the checkCookies method to get the userId out of my users table instead of the cookie and login that way. Works like a charm.
[originally posted on jforum.net by mattcoz]
Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
Can you give the code for this login. I think it would be great.

Thanx,

Henk
[originally posted on jforum.net by henkie]
Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
Hi Rafael,

I'm loving the software but I am having a nightmare integrating the login.

I want to automatically log the user into JForum as soon as the have logged into my own system. Currently, they have to log in twice and this is unacceptable.

I have read all the related documentation on the site, and on the wiki. The code in this thread (292) could be useful, but I cannot understand what it means.

Is it possible for you to post a full code solution to this problem?

Barry
[originally posted on jforum.net by bpbrooe]
Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
Well, it's hard to say exactly without knowing your system.

JForum will search for an attribute named "logged" in the session. If the value is "1", then the user is logged. Also, it will try to get user information from the session using the session's id as key. The object is an instance of net.jforum.entities.UserSession.

You can set all of this by hand, in your login, or get JForum 2.1.5 from the CVS and make an implementation of net.jforum.sso.LoginAuthenticator. Please see

http://www.jforum.net/confluence/display/sso/Home

Rafael
[originally posted on jforum.net by Rafael Steil]
Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
As far as I understand with the LoginAuthenticator, it makes it possible to write code to automatically log into another system when you log into JForum. Ideally, the user should be able to log into my web application and there should be code to automatically log the user into JForum. Is this possible with the SSO LoginAuthenticator or have I just misunderstood the documentation?

I don't really have any relevant code to post, as I just have a simple login form with a username and password field that fires an action. This action checks the database and stores the users details in the HttpSession.

Ideally, there would be a method somewhere in JForum called 'login(String username, String password)' that does the equivalent of the user typing their details and pressing the button. Currently, I am trying to hack the code using HttpUnit to generate a mock login http request to the JForum servlet, but I am getting confused with the session state before and after login and what effect cookies has on the login function.
[originally posted on jforum.net by bpbrooe]
Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
When I logged using this mechanism... the userId of jforum database have the same of userId that my database contains.

Sorry, but my english is very elementery.


Portuguese:

Quando eu logo usando esse mecanismo descrito acima, o userId da tabela de usu��rios do jforum precisa ser igual ao userId da tabela usu��rio do meu banco de dados?

Obrigado.
[originally posted on jforum.net by Anonymous]
Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
No, it doesnt

Rafael
[originally posted on jforum.net by Rafael Steil]
Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
bpbrooe wrote:As far as I understand with the LoginAuthenticator, it makes it possible to write code to automatically log into another system when you log into JForum. Ideally, the user should be able to log into my web application and there should be code to automatically log the user into JForum. Is this possible with the SSO LoginAuthenticator or have I just misunderstood the documentation?


That behaviour is from the SSO interface, most of the time. You can use a LoginAuthenticator to match user credentials agains a different datasource - or anything like that -, but if you want to set the user as logged in automatically if he is already logged from your application, then SSO is the better choice.

Rafael
[originally posted on jforum.net by Rafael Steil]
Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
Sorry, I'm new at this. It is actually a nullpointerexception at line 83 of ForumAction.java, which is a this.context.put statement.
[originally posted on jforum.net by Anonymous]
Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
I have the following code for single sign on by the way:


[originally posted on jforum.net by Anonymous]
Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
When I try to implement this code, I get a
java.lang.reflect.InvocationTargetException
on line 83 of ForumAction.java, which is a "this.context.put" statement. I used the Jforum.getRequest().getSession().getSessionId() to set the session_id.
Am I missing something?
Any help would be appreciated. Thanks so much.

[originally posted on jforum.net by Anonymous]
Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
" java.lang.reflect.InvocationTargetException " is just a reclection exception - you should look at the page source code to get the real error.

Rafael
[originally posted on jforum.net by Rafael Steil]
Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
Looks like you forgot to add the context to the ThreadLocal. It is an instance of the class SimpleHash (freemarker)

Rafael
[originally posted on jforum.net by Rafael Steil]
Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
What do I set the context to? Thanks so much for your patience.
[originally posted on jforum.net by Anonymous]
Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
I tried using the configurethreadlocal function as follows

configureThreadLocal(conn, JForum.getRequest(), JForum.getResponse());

and get an error that request cannot be null. I put it up in the init function, directly below the try,throw,catch statement. I have access to the JForum.getRequest down in the checkCookies function though, because I pull out the cookies from it. Am I close?

Any help would be really appreciated. I think it is great that you actually monitor this board by the way. Thanks again.

[originally posted on jforum.net by rzavi4jc]
Toni Mergeani
Greenhorn

Joined: Aug 26, 2014
Posts: 4
Hi, I have the exact same problem. I tried to follow your post step by step, but your post is from 2004 and now we are in 2014. Some things are changed in JForum source code. Could you please take a look, and tell me how to do my own login/auth system? Thank you
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Single Signon.. automatic login