*
The moose likes JForum and the fly likes SSO /redirect / anonymous users Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of The Java EE 7 Tutorial Volume 1 or Volume 2 this week in the Java EE forum
or jQuery UI in Action in the JavaScript forum!
JavaRanch » Java Forums » Products » JForum
Bookmark "SSO /redirect / anonymous users" Watch "SSO /redirect / anonymous users" New topic
Author

SSO /redirect / anonymous users

Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
I'm using the latest jforum from csv and am implementing sso with cookies. I've written a class that implements SSO and can successfully have my app's login page set a cookie and have jforum use that cookie to create its user. The problem I am running into is if a user goes to my jforum without logging into my app first jforum automatically logs them in as Anonymous. I expected jforum to use the sso.redirect property in my jforum-custom.conf to redirect the user to my app's login page.
I am trying to make it so that jforum only allows users with the cookie set and redirects them to my login page if it is not. That way there are never any anonymous users. Is this possible?

Thanks,
Chris
[originally posted on jforum.net by cdollar]
Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
By "| jforum automatically logs them in as Anonymous" you mean, then show as logged as the "Anonymous" user, or they are browsing as an anonymous user?

You can't deny browsing to anonymous users

Rafael
[originally posted on jforum.net by Rafael Steil]
Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424

You can't deny browsing to anonymous users


What I did is the following:

I created a new group called "Deny all" and added the anonymous user to it. Now, if someone who has not logged on tries to view the forum, he just sees the header of the forum but no topics etc.
I'm using 2.1.7-b3.

Hope that helps.
[originally posted on jforum.net by TheSmile]
Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
I solved this issue with my SSO mechanism .

I used some URL SSO. Adding a timestamp and encoding the username, timestamp and some other parameters that are bypassed.

On the forum those parameters are encoded again to match the cipher. If it's validated, you can analyse the timestamp if like.. more than 5 minutes have passed.

If too much time has passed or if the cipher is invalid for the parameters (or missing), the user will be redirected to a page telling him he was supposed to log in via the given page... and providing a link for the user.

That pretty much limits them a bit
[originally posted on jforum.net by Sid]
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: SSO /redirect / anonymous users