jQuery in Action, 3rd edition
The moose likes JForum and the fly likes SSO one more time ;-) Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » JForum
Bookmark "SSO one more time ;-)" Watch "SSO one more time ;-)" New topic

SSO one more time ;-)

Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
Hello everybody!

You have got a really nice forum software.

So I decided to integrate it into the new webpage I'm building.
But I've got a few questions.
What I want to do is, using the JForum user database for authentication to other parts of my page.
So when the user registers on my page I will use the JForum registration page. His data will be stored in the JForum default table for that (jforum_users). As login page I will use also the JForum default login page.

My problem now is, how can I detect that someone who requests a non JForum page has logged in in JForum.
I don't want to change anything in the JForum source code, because I think it would complicate a JForum update or switching to JForum3 in the future.

I read the SSO part in your support-page but I think this is written for developers who want to replace your login system by their own.

Is it possible to disable the password encryption, so the user passwords will be stored into the jforum_users table in plaintext?


Ah one more thing, I saw some really bad translations in the German translation file of JForum.
I would translate it like that:
User.job = Beruf
User.from = Ort

maybe there is more to refactor, I haven't looked through the whole file

[originally posted on jforum.net by Humppa]
Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
When you say "non-jforum page" what exactly do you mean? E.g., is it another JSP page inside the Java app server (like tomcat) or is it just an HTML page on the web server (like Apache HTTPD).

You might be able to use the standard security mechanisms that use information from the DB. I know Tomcat has a container level security Realm that uses DB entries.

As to not encrypting the passwords, you'll need to do a search for MD5.crypt calls related to passwords and remove them. Should only be a few of these.

If you are using JSP pages, you might be able to write a filter to deal with your non-jForum pages.
[originally posted on jforum.net by monroe]
Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
Heya monroe,

thank You for Your reply.

Both, my webpage (build in JSF and ICEfaces(AJAX framework)) and the JForum are running on the same JBOSS application server. I'm also using a PostgreSQL DB which is running on the same server.

I'm new to the J2EE world, so I don't know the JBOSS server very well.

I thought it would be faster using your login stuff than writing a complete new login system.
But after reading what you wrote I think I was wrong with that opinion.
So I will write my own login system and use the SSO function of JForum.

Thank You so far

[originally posted on jforum.net by Humppa]
I agree. Here's the link: http://aspose.com/file-tools
subject: SSO one more time ;-)
It's not a secret anymore!