wood burning stoves 2.0*
The moose likes JForum and the fly likes Integration / SSO / Authntication issues Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of OCA/OCP Java SE 7 Programmer I & II Study Guide this week in the OCPJP forum!
JavaRanch » Java Forums » Products » JForum
Bookmark "Integration / SSO / Authntication issues" Watch "Integration / SSO / Authntication issues" New topic
Author

Integration / SSO / Authntication issues

Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
Hi all

I have been trying to study the code for Jforum.

Requirements:

1. TO integrate Jforum with my application, once user logs into my application the user should be automatically login to Jforum

2. Every user in my application will be mapped to only one forum in Jforum and when the user loggs in to Jforum only that forum should be visible to him

My undustanding of the code.

1. Every page in Jforum ends with *.page
2. In the web.xml file every *.page is mapped to one file Jforum.java

In the Login.page when the user enters the login id and password the action method is called which calls jforum.page
which intern calls the "Jforum.java" file which in tern calls the JforumBaseservlet and calls init and startapplication methods are called

Question : Where is the userid and password getting authenticated here ?

2. Where is SSO comming in the picture ( have read the docs provided and it says to integrate without the login/password check we need SSO)

Any help will be helpful



[originally posted on jforum.net by anilhk]
Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
http://www.jforum.net/Wiki.jsp

quite easy to find: click on "documentation" on the left hand side ;)

There's some brief info on SSO aswell as a sample implementation to be found.

This should give you a first understanding of jforum's sso mechanism. If the user has been authenticated successfully it would be taken to the jforum.page ... which results in /forum/list or something like that ;) so it's the forumaction class probably and the list action there...

As mentioned in pm, it's been quite a while that i last worked with jforum actively ... but I think this still gives a good point where to start.

You can also look at monroe's bookmarks here in the forum, as he's got some nice links handling sso aswell. In special there's a real neat cookiesso mechanism described fully by source code
[originally posted on jforum.net by Sid]
Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
Hi Sid,

thanks appreciate tht .. however I would like to know that Where is the userid and password getting authenticated ?

ie . Jforum.java files never calls a class which authenticates the user.

awating your earliest reply



[originally posted on jforum.net by anilhk]
Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
Hi,

without looking at the code of my impl here's a way where to start looking:

http://www.jforum.net/doc/ImplementSSO

I think this file should also be available in the sources. Within the IDE you can easily find out the methods/classes that reference to this sso methods, and then traverse upwards to find out the calling stack of that method.

This is how the authentication is being performed with/without sso. Within that stack it checks if it's sso mechanism, if so it'd call the sso classes to find out if it's still valid, otherwise it'd validate the user session wtih the normal mechanisms ...
[originally posted on jforum.net by Sid]
Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
I am a newbie to integration and working with java so pls excuse if ths is a basic question..

In my previous post above I had a querry


Question : Where is the userid and password getting authenticated here ?


Have studied the code and according to me the login id and password for a particular user is getting authenticated in the UserAction.java file in the
validatelogin() function.



please correct me if I am wrong !!

thanks !!
[originally posted on jforum.net by anilhk]
Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
... in my eyes, when using SSO, this is incorrect. When using SSO there's no username/password within the request. The only spot - when using SSO - where this could happen would be on the profile page, where the user currently has to provide an unknown password when trying to modify his jforum account ;)

When using SSO , the authentication information is being parsed within the methods specified by the SSO interface ^^

And according to your topic you want to know where/how SSO auth is being parsed ....

... if you now want to know about basic authentication... please open a new topic maybe
[originally posted on jforum.net by Sid]
Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
Hi sid,

this is indeed regarding basic authentication.. this was one of the doubs which I had raised in my main topic ..

would appreciate if any one could confirm my findings ..


[originally posted on jforum.net by anilhk]
Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
Hey sid,

will check the code for SSO too and revert with my findings..
[originally posted on jforum.net by anilhk]
Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
Hi there,

the method name already sounds like it'd be the right one for validating standard-login.

When it comes to working with JForum, and getting to know the workflow, I'd also suggest you download the source, set up a project in an IDE and debug the application.

Then you can easily set the breakpoints at will and see if it passes the suspected methods :-)
[originally posted on jforum.net by Sid]
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Integration / SSO / Authntication issues