File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes JForum and the fly likes SSO IMPLEMENTATION Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » JForum


Migrated From
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424

i am trying to make sso for my site,i have configured what jforum tells.and i have used CookieUserSSo class.

when i logged in (site login) and entered into jforum .but didnt display user list , it didnt create create user on the fly ,

please guide me to set sso for my site .

The documentation says that if the username returned from authenticateUser() does not have an associated userid, then one is created on the fly. Does this mean that the username is added to the jforum_users table, permanently?


[originally posted on by askr03]
Migrated From
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
I can help u.
Here the CookieUSERSSO i used :
package net.jforum.sso;

import javax.servlet.http.Cookie;
import net.jforum.context.RequestContext;
import net.jforum.JForumExecutionContext;
import net.jforum.ControllerUtils;
import net.jforum.entities.UserSession;
import net.jforum.util.preferences.ConfigKeys;
import net.jforum.util.preferences.SystemGlobals;
import org.apache.log4j.Logger;
public class CookieUserSSO implements SSO {

static final Logger logger = Logger.getLogger(CookieUserSSO.class.getName());

public String authenticateUser(RequestContext request) {
// myapp login cookie, contain logged username
Cookie myCookie = ControllerUtils.getCookie("JForumSSO");
String username = null;

if (myCookie != null) {
username = myCookie.getValue();

return username; // jforum username

public boolean isSessionValid(UserSession userSession, RequestContext request) {
Cookie SSOCookie = ControllerUtils.getCookie( SystemGlobals.getValue(ConfigKeys.COOKIE_NAME_USER ));
// myapp login cookie
String remoteUser = null;

if (SSOCookie != null) {
remoteUser = SSOCookie.getValue(); // jforum username

// user has since logged out
if(remoteUser == null && userSession.getUserId() != SystemGlobals.getIntValue(ConfigKeys.ANONYMOUS_USER_ID)) {
return false;
// user has since logged in
} else if(remoteUser != null && userSession.getUserId() == SystemGlobals.getIntValue(ConfigKeys.ANONYMOUS_USER_ID)) {
return false;
// user has changed user
} else if(remoteUser != null && !remoteUser.equals(userSession.getUsername())) {
return false;

return true; // myapp user and forum user the same

compile that java file and put it into net/jforum/sso folder.

then u should make sso enable on file :
make some changes on ;
find : "authentication.type" and convert to ;
authentication.type = sso

sso.implementation = net.jforum.sso.CookieUserSSO

When you want to create user just use :
simple login :
login.jsp ;
<% <br /> Cookie cookie = new Cookie("JForumSSO","TestUser"); <br /> cookie.setMaxAge( -1 ); <br /> cookie.setPath( "/" ); <br /> response.addCookie( cookie ); <br /> out.flush(); <br /> response.sendRedirect(""); <br /> return; <br /> %>

when u enter login.jsp ; TestUser will be created on forum
if this user is not created already.
But if TestUser is already created and user entered login.jsp ;
so user will just login.
U may ask when user get created whats default password and user information given ;

look at ; = sso@user
sso.default.password = sso

Well , if u want to set them manually , u should use DAO or Temporary DB for user...
Also this login type is so vulnerable not secure.
Everybody can hack u easy.
I'll make some modifications and give u too when i done all.
Take care...
[originally posted on by kadirbasol]
Migrated From
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
i have configured before i saw u answer ,

thank u very much for ur reply ,i need ur help to enter as admin login , i am using hsqldb

[originally posted on by askr03]
I agree. Here's the link:
It's not a secret anymore!