1. TO integrate Jforum with my application, once user logs into my application the user should be automatically login to Jforum
2. Every user in my application will be mapped to only one forum in Jforum and when the user loggs in to Jforum only that forum should be visible to him
My undustanding of the code.
1. Every page in Jforum ends with *.page
2. In the web.xml file every *.page is mapped to one file Jforum.java
In the Login.page when the user enters the login id and password the action method is called which calls jforum.page
which intern calls the "Jforum.java" file which in tern calls the JforumBaseservlet and calls init and startapplication methods are called
Question : Where is the userid and password getting authenticated here ?
2. Where is SSO comming in the picture ( have read the docs provided and it says to integrate without the login/password check we need SSO)
quite easy to find: click on "documentation" on the left hand side ;)
There's some brief info on SSO aswell as a sample implementation to be found.
This should give you a first understanding of jforum's sso mechanism. If the user has been authenticated successfully it would be taken to the jforum.page ... which results in /forum/list or something like that ;) so it's the forumaction class probably and the list action there...
As mentioned in pm, it's been quite a while that i last worked with jforum actively ... but I think this still gives a good point where to start.
You can also look at monroe's bookmarks here in the forum, as he's got some nice links handling sso aswell. In special there's a real neat cookiesso mechanism described fully by source code [originally posted on jforum.net by Sid]
I think this file should also be available in the sources. Within the IDE you can easily find out the methods/classes that reference to this sso methods, and then traverse upwards to find out the calling stack of that method.
This is how the authentication is being performed with/without sso. Within that stack it checks if it's sso mechanism, if so it'd call the sso classes to find out if it's still valid, otherwise it'd validate the user session wtih the normal mechanisms ... [originally posted on jforum.net by Sid]
... in my eyes, when using SSO, this is incorrect. When using SSO there's no username/password within the request. The only spot - when using SSO - where this could happen would be on the profile page, where the user currently has to provide an unknown password when trying to modify his jforum account ;)
When using SSO , the authentication information is being parsed within the methods specified by the SSO interface ^^
And according to your topic you want to know where/how SSO auth is being parsed ....
... if you now want to know about basic authentication... please open a new topic maybe [originally posted on jforum.net by Sid]