jQuery in Action, 2nd edition*
The moose likes JForum and the fly likes passing url params for SSO authenticateUser? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Products » JForum
Bookmark "passing url params for SSO authenticateUser?" Watch "passing url params for SSO authenticateUser?" New topic
Author

passing url params for SSO authenticateUser?

Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
My custom SSO class only needs to retrieve a token value from the request and then validate it using some imported classes.

The RequestContext object that is passed to the authenticateUser method on the SSO class doesn't seem to have them.

In other words, I want to do this:

href=http://www.example.com/myjforum?foo=somevalue

And in my authenticateUser method:



The url params don't seem to be in the RequestContext or in the SessionContext if I get that from it.

Is it possible to pass url params to a forum servlet and still have access to those values in the context available to the SSO class?

nate grover
[originally posted on jforum.net by Nate Grover]
Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
If I remember right, jForum parses the URL to extract it's own parameters (e.g. module, action, and the like). I think there was a bug in the 2.1.7 that would cause it to drop extra parameters but I thought it was fixed in 2.8. You might look at the WebRequestContext code to see if this is working correctly.

Also, the SSO model first uses isSessionValid to determine the user status. It only calls the authenticate user method if a login screen is used. Are you checking for your autologin parameter in that method too?

Note that every request will call isSessionValid. So you will need a way to validate the session after the initial call with your URL token. E.g. session variable or cookie.
[originally posted on jforum.net by monroe]
Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
From what I can tell, it uses authenticateUser first, but my logs could be wrong.

I've noticed that if I link to the forum root path, the url params are dropped.

ie. http://localhost:8080/jforum?tokenId=foo

but

http://localhost:8080/jforum/forums/list.page?tokenId=foo
seems to work.

This makes me realize I'd love to know the full breakdown of how a request is handled by jforum. There is a filter but even within the context of the filter servlet I had lost my url params by then.

Can someone break down the flow of how a request is handled? This may help, as I really just to need make sure a certian get request value is still available in the SSO methods contexts.


Thanks.

Nate Grover
[originally posted on jforum.net by Nate Grover]
Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
I pass along quite alot of parameters that are being retrieved in my authenticateSSO implementation. I did it the "easy" way, by "rewriting" the jforum paramters...

instead of /forum/list i wrote module=forum&action=list ... then it works just dandy with adding new paramters afterwards.
[originally posted on jforum.net by Sid]
Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
" instead of /forum/list i wrote module=forum&action=list"

appending the params to what address? I tried that and it won't work on the default url.

Well I've discovered part of the problem. It's not clearly documented, but you can't pass url params to the default index, as it's just an html file that forwards you directly to /forums/list.page

so www.example.com/forums?args=arg or www.example.com/forums/?args=arg won't work since that is not a servlet mapping for the index.

nate grover

[originally posted on jforum.net by Nate Grover]
Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
<%= contextUrl %>jforum.page?<%= queryString %>

that's an excerpt of my iframe call

So i guess it's pretty much http://localhost:8080/supportforum/jforum.page?foo=bar&bar=foo ...

The jforum.page already jumps to action list of module forum as far as I remember. If you wish to overwrite this, you have to delete the old action and old module parameter on the jforum side and set the new action and module. Why you have to delete ? Because it's now a "bucket" which would allow multiple actions, which then results in weird behaviour ;)

had to adapt my code for 2.1.8 a bit there.

I've implemented the SSO to pass along username, email, group-id, aswell as a timestamp and cipher - to ensure there'S no way to get into the forum without permission.

[originally posted on jforum.net by Sid]
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: passing url params for SSO authenticateUser?
 
Similar Threads
SSO and email
SSO question
Cross context SSO
about SSO
Problem with my SSO Implementation