If you have that URL you can create a PostMethod with this url as parameter.
As you are trying to login you need to add some parameters (i.e. username and password) so this data can be filled in in the form.
This happens as follows:
Now, when you execute this code:
You would expect to be logged in. I don't know if it's true or not, as I don't know how to test this.
What I do know is that after executing all of this code and I go take a look at my rendered page. I can see the login page (but not being logged in). When I hover over the login button, I can see in the url description a sessionId has been added.
The way to retrieve this sessionId is as follows:
I think the next step would be to add this sessionId to the back of the url you want to Post so that when the postmethod with the new url is executed JForum will know you've successfully identified before and therefore have permission to perform the action described in the url.
When I do this I get statuscode 302: Method has been Temporarily moved.
The reason I think I'm getting this is because to execute that method you really need to be logged in and not just logged in, you need to have admin rights. When I redirect I get to the login page, but this time in my address bar I can see the actual JForum login link whereas before I saw the link of my application trying to execute this code.
from the point of sso mechanisms, theres two parts - one is the authentication, one is the revalidation.
I havent looked at the jfroum code in a while so I dont know exactly the mechanisms. But I'd think that in your case it authenticates, but when you access the page again it would check if you are still a valid user, and in this case it'd return false (i.e. at each call to the forum it'd check if you are a valid user).
Having a look at the code would be a good start probably, especially when it comes to the authentication code (authenticateUser Method i think).
Another workaround to this generally would be using the jforum built in sso mechanisms (by writing your own sso class). The crowd authentication would be used ,and if valid, a cookie or whatever could be generated, that'd be used to authenticate the user to the forum. There should be heaps of information and even implementation examples throughout the forum for this. [originally posted on jforum.net by Sid]