no registration

Is it possible to configure anonymous user so that he can't register himself?
I need that the forum is not open to the extern users, so i assign some username and passowrd no one can register in the forum without my permission.
[originally posted on jforum.net by agori]

It is not possible in the current version, although it should be pretty easy to implement it in jforum.
[originally posted on jforum.net by jamesyong]

You don't need to change the source code for that.
Go to the Administration Panel -> Groups -> Permissions, then in the section "Deny anonymous posts" select the forums where you want to deny anonymous posting.

Rafael
[originally posted on jforum.net by Rafael Steil]

Ok thanks. Now i want to disable anonymous user.
How to change the cose so that anonymous user is send always sent to login page? (which class and method should i modify?)
It is not so clear for me the source code.
[originally posted on jforum.net by agori]

Sorry, maybe i didn't explain very well! ;)

I don't want anonymous visit the site, see the forums and read the posts!
It should be a restriceted forum!

Now anonymous is only restricted in posting messages.

[originally posted on jforum.net by agori]

Ahh..

Well, currently an option is to use the "Restricted Forums" and "Restricted Categories", so users that are not in a group which has access rights will not see the forums / categories. Does that fit in your needs?

However, if you neither want to allow the user to see the main page ( even if empty ), then a possible solution is to write a ServletFilter, which checks for registered users. Is simple to implement, but will require that "auto login" is "on", just to quote an example. ( eg, is too error prone )

Rafael
[originally posted on jforum.net by Rafael Steil]

agori wrote:Sorry, maybe i didn't explain very well! ;)

I don't want anonymous visit the site, see the forums and read the posts!
It should be a restriceted forum!

Now anonymous is only restricted in posting messages.

That is possible.
1) Log on as adminstrator.
2) Click on the Admin Control Panel below the page
3) There is a menu on the left. Click on Users.
4) Click on the permission of the Anonymous user.
5) Under the Restricted Forum section, shift + click those forums that you don't want the Anonymous user to see.
6) Save the settings.

That's all.
[originally posted on jforum.net by Anonymous]

Just to say that the above post is by me :?

Regards,
James Yong
[originally posted on jforum.net by jamesyong]

thanks!
this is almost what i want.
Anonymous can visit last registered user and maybe some others, but I have to say that are not important things.

[originally posted on jforum.net by agori]

Inform me:

How can I block Anonymous Users to post on the forum, but, he can see & read those forums.
[originally posted on jforum.net by kunal2383]

Admin Panel -> Groups -> Permissions -> Anonymous posts

Rafael
[originally posted on jforum.net by Rafael Steil]

Rafael Steil wrote:Ahh..

Well, currently an option is to use the "Restricted Forums" and "Restricted Categories", so users that are not in a group which has access rights will not see the forums / categories. Does that fit in your needs?

However, if you neither want to allow the user to see the main page ( even if empty ), then a possible solution is to write a ServletFilter, which checks for registered users. Is simple to implement, but will require that "auto login" is "on", just to quote an example. ( eg, is too error prone )

Rafael

I would like to implement a method of preventing anonymous login. Can you be more specific as to the ServletFilter that you described? What do I need to do to redirect an anonymous user?

[originally posted on jforum.net by dbd-mark]

Well, if you want to provent access to JForum's login page, the way to go is to deny access to the action "login" and "validateLogin", of UserAction.java

Rafael
[originally posted on jforum.net by Rafael Steil]

Actually, my problem involves users going directly to the forum page (jforum/forums/list.page) instead of through my system's login page (the user then connects via SSO). I would like to prevent the user from connecting to the forum when he/she doesn't go through my system's login. As it is now, if the user goes directly to the forum, he/she is logged in as Anonymous. What is a good method to prevent this?
[originally posted on jforum.net by dbd-mark]

Open header.htm and put the following line at the beginning of the file:

Note that you don't close the if. Next, open bottom.htm and add an </#if> to the end of the file. That should do what you want.

Rafael
[originally posted on jforum.net by Rafael Steil]

Rafael,

Thanks for the code. I added that to the pages as you described. However, it generated an error indicating that there was an unexpected end of file. So, I added the </#if> tag at the end of the header.htm file, and I place an <#if logged> tag around the entire bottom.htm file. This worked. Unfortunately, it also prevented logged-in users from accessing the forum. Would you check my work to make sure that I didn't miss something?

header.htm file:

footer.htm file:

[originally posted on jforum.net by dbd-mark]

If "logged" is false, then your "logged" users are not logged. Maybe a SSO problem?

Rafael
[originally posted on jforum.net by Rafael Steil]

I used the sample SSO that was supplied in the support pages, with simple modifications. How do I debug the "logged" variable setting? I'm including my SSO code for reference.
[originally posted on jforum.net by dbd-mark]

Just connect a debugger to the servlet, using any modern ide like Eclipse, Netbeans or IntelliJ IDEA

Rafael
[originally posted on jforum.net by Rafael Steil]

Please excuse my ignorance in this matter. The custom SSO that I used doesn't set a logged variable or field. How am I to debug something when I don't know where it is in the programming, or even how my SSO affects it?

Referencing the logged value seems like a viable option for the redirect. I'm just not clear how any of my SSO code impacts that value. Any guidance that you can give me would be very helpful. For instance, when is logged set and how does SSO relate to that? Otherwise, I'll just be searching for that proverbial needle in the code haystack.
[originally posted on jforum.net by dbd-mark]

Hi dbd-mark,

of course your SSO implementation does not set the logged "variable" in the html code. This is freemarker notation. But it references to the information on if the user is of group "anonymous users" or if he logged on successfully... and that is where it is linked to the SSO implementation:

The SSO Implementaiton has two methods - one to authenticate, and one to validate if the user is still logged on ...

In case those methods return "false", the forum will run with anonymous user permissions in the given session, and therefore the field "logged" will return false ... simple as that.

Hence you can debug your java code easily to see if it returns false or not. If you dont like to debug, simply add some "system.out.println" statements giving information on if it's anonymous or not, and look it up in your stdout.log of tomcat for instance ...

I hope by now it's easier for you to find the "needle"

[originally posted on jforum.net by Sid]

Sid,

Thanks for your help.

My final implementation ended up being the following (for those who may be interested):

The above code was placed in the header.htm file. Entering an <#if> tag in the header.htm file without an </#if> tag until the footer.htm file didn't work for me. Therefore, I used a <span> tag to cover the entire body content and made it not visible. The </span> tag is in the footer.htm file as follows:

[originally posted on jforum.net by dbd-mark]

The code that I listed previous works just fine. However, the system logs anonymous attempts and shows these attempts as users online. It also shows each one in the admin control panel. This makes sense for a system that allows anonymous users to connect.

In my case, I don't want any unregistered user to access the system (I have this part working). I also don't want to log any anonymous attempts. Is there a way to prevent the logging of this information? If not, is there a way to not show the anonymous users in the control panel?
[originally posted on jforum.net by dbd-mark]

For the first question, "prevent anonymous attemps", the answer is "no" - at least not without a lot of change to JForum.

For the second question, "admin panel", you can open the welcome_admin.html template and put a freemarker statement there to filter anonymous users (userId == 1)

Rafael
[originally posted on jforum.net by Rafael Steil]