File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes JForum and the fly likes RSS feed of a private forum Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » JForum
Bookmark "RSS feed of a private forum" Watch "RSS feed of a private forum" New topic

RSS feed of a private forum

Migrated From
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
Can JForum provide an RSS feed of a non-public forum? I tried to look up in JIRA for any bugs or plans but can never connect to JIRA server.
[originally posted on by rhudson]
Migrated From
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
AFAIK, Secure RSS has not been standardized or is not well supported. Some RSS Readers support HTTP Basic Authentication for this, but not many.

That said, the current jForum code seems to do a security check and issue a "Authentication Required" 401 error back to the browser if a private forums RSS url is called and a current "autologin" cookie set (e.g. Remember me stuff) is not found.

However, I'm not sure if the code currently handles the response with the Authentication HTTP tag. E.g., using this to log the person in.

So, out of the box, if you log into jForum from a browser that has cookies enabled and has logged into jForum, the Browser can probably access the private forum's RSS feed (until the cookie times out). However, third party/no browser software probably can't.

A possible custom solution to this would be to create an SSO implementation that can use HTTP Basic Authentication tags to log existing users in if valid user/password info was found.

This would let URLs like work and probably let most RSS readers access private forums.

[originally posted on by monroe]
I agree. Here's the link:
subject: RSS feed of a private forum
It's not a secret anymore!