This week's book giveaway is in the OO, Patterns, UML and Refactoring forum. We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line! See this thread for details.
Can JForum provide an RSS feed of a non-public forum? I tried to look up in JIRA for any bugs or plans but can never connect to JIRA server. [originally posted on jforum.net by rhudson]
Migrated From Jforum.net
Joined: Apr 22, 2012
AFAIK, Secure RSS has not been standardized or is not well supported. Some RSS Readers support HTTP Basic Authentication for this, but not many.
That said, the current jForum code seems to do a security check and issue a "Authentication Required" 401 error back to the browser if a private forums RSS url is called and a current "autologin" cookie set (e.g. Remember me stuff) is not found.
However, I'm not sure if the code currently handles the response with the Authentication HTTP tag. E.g., using this to log the person in.
So, out of the box, if you log into jForum from a browser that has cookies enabled and has logged into jForum, the Browser can probably access the private forum's RSS feed (until the cookie times out). However, third party/no browser software probably can't.
A possible custom solution to this would be to create an SSO implementation that can use HTTP Basic Authentication tags to log existing users in if valid user/password info was found.