File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes JForum and the fly likes PATCH: Single SignOn Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Soft Skills this week in the Jobs Discussion forum!
JavaRanch » Java Forums » Products » JForum
Bookmark "PATCH: Single SignOn" Watch "PATCH: Single SignOn" New topic
Author

PATCH: Single SignOn

Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
I tested the SSO implementation in the cvs and it works fine with one exception: the SSO mechanism is used only for the first time a user visits the forum, when the forum user session is created, to be more specific. If a user visits the forum, then logs in to another restricted area of my web app and returns to the forum afterwards she will stay anonymous until the end of the forum session. So I patched ControllerUtils to call checkSSO also if a user session already exists. This way changes in identity caused by a login to my web app are also mirrored in the forum.


In addition I had to implement another feature/sso enhancement: the forum is open in read only mode to anonymous users. But when you try to post a message you have to login. At the moment the forum_login.htm template is displayed. In case an external SSO mechanism is used this makes no sense. What is needed is a way to trigger the external login mechanism (e.g. by redirecting the request to a JSP protected by a security constraint). Therefore I introduced an optional config property called sso.redirect and patched ViewCommons to set the redirect URL in case sso is on and sso.redirect is set.

Please see the diffs in the attachements for further details.
[originally posted on jforum.net by TheCooler]
Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
As there only 3 attachements allowed, here is the missing one for SystemGlobals.properties
[originally posted on jforum.net by TheCooler]
Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
Hey,

thanks for the patches. I'll apply as soon as I get some free time!!

thanks
Rafael
[originally posted on jforum.net by Rafael Steil]
Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
Rafael,

Could you please create a case in JIRA ? It will be pitty if this nice patch (by TheCooler) fall forgoten after some time ...

Greetings
[originally posted on jforum.net by Anonymous]
Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
Ok:

http://www.jforum.net/jira/browse/JF-317

Rafael
[originally posted on jforum.net by Rafael Steil]
Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
Done

Rafael
[originally posted on jforum.net by Rafael Steil]
Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
Does this mean that SSO is enabled in the latest release? I have a JForum up and running, but so far I haven't seen any easy way of logging in once and once only . I would prefer not to mess with the source code, so is there any documentation on this?

I thought about duplicating the user info, but how is the passwords encrypted in the JForum user table? If I insert user data from my unencrypted user table, how do I encrypt them when inserting them? This would solve my problem of having the users register twice... but need the SSO bit to make it perfect

I know there's been lots of threads on this but I'm still not sure how to do this

Cheers,
Christer
[originally posted on jforum.net by cnordvik]
Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
You actually made some docs! Sorry for not searching good enough....

http://www.jforum.net/confluence/display/sso/Home

-Christer
[originally posted on jforum.net by cnordvik]
Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
heheh.. no problem.. I should announce the docs, or otherwise nobody will see them

Rafael
[originally posted on jforum.net by Rafael Steil]
Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
SSO integration as for LoginAuhenticator , LDAP and etc. is not a problem - this is just separate java code. The problem, which is hard to solve, is web site integration:
how to integrate existing web site with jforum.
It is much harder to manage (and keep up-to date) jforum templates, than java code.

For SSOintegration a good API should be chosen, and this API shoild be on web link level, so no significant template modification is required.

I think the approach of http://www.coderanch.com/t/575225
about web link API is a reasonable one.
In a similar way many internet backing sites ( chaseonline.chase.com and many other) do sso integration: they have it on web link level. This approach simplifies sso integration a lot.
[originally posted on jforum.net by Anonymous]
Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
I 've checked out the tas SSO, is this PATCH included?
[originally posted on jforum.net by Anonymous]
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: PATCH: Single SignOn