Win a copy of JDBC Workbook this week in the JDBC and Relational Databases forum
or A Day in Code in the A Day in Code forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
  • Campbell Ritchie
  • Paul Clapham
  • Jeanne Boyarsky
  • Junilu Lacar
  • Henry Wong
  • Ron McLeod
  • Devaka Cooray
  • Tim Cooke
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Frits Walraven
  • Tim Holloway
  • Carey Brown
  • Piet Souris
  • salvin francis
  • fred rosenberger

How to programmatically login to JForum using Crowd Authentication

Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello again,

I want to programmatically login to JForum. But when logging in to JForum you are authenticated against Crowd database and not against JForum database.

I don't know if this is an additional difficulty to overcome?

I have tried a numerous amount of things (including searching this entire forum for anything related to login to JForum and offcourse google). Nothing actually worked...

I have replied in some of the topics I found while searching here, but no answer so far

So I thought, maybe a new topic with all the specifics of my problem would be a better solution than answering and asking questions in several different topics.

Let me show you the code I have for the moment:

What I think that is needed to be done is the following:

You first need to find the correct url to login to JForum. That is afaik " http://localhost:8080/jforum/user/ "

If you have that URL you can create a PostMethod with this url as parameter.

As you are trying to login you need to add some parameters (i.e. username and password) so this data can be filled in in the form.

This happens as follows:

Now, when you execute this code:

You would expect to be logged in. I don't know if it's true or not, as I don't know how to test this.

What I do know is that after executing all of this code and I go take a look at my rendered page. I can see the login page (but not being logged in). When I hover over the login button, I can see in the url description a sessionId has been added.

The way to retrieve this sessionId is as follows:

I think the next step would be to add this sessionId to the back of the url you want to Post so that when the postmethod with the new url is executed JForum will know you've successfully identified before and therefore have permission to perform the action described in the url.

When I do this I get statuscode 302: Method has been Temporarily moved.

The reason I think I'm getting this is because to execute that method you really need to be logged in and not just logged in, you need to have admin rights. When I redirect I get to the login page, but this time in my address bar I can see the actual JForum login link whereas before I saw the link of my application trying to execute this code.

after redirect: http://localhost:8080/jforum/...

application link: http://localost:8080/jforumconfigurator-1.0-SNAPSHOT/ThreadServlet

Anyone who might be able to tell me what I'm doing wrong?
[originally posted on by jeetn]
Migrated From
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
just a shot in the dark:

from the point of sso mechanisms, theres two parts - one is the authentication, one is the revalidation.

I havent looked at the jfroum code in a while so I dont know exactly the mechanisms. But I'd think that in your case it authenticates, but when you access the page again it would check if you are still a valid user, and in this case it'd return false (i.e. at each call to the forum it'd check if you are a valid user).

Having a look at the code would be a good start probably, especially when it comes to the authentication code (authenticateUser Method i think).

Another workaround to this generally would be using the jforum built in sso mechanisms (by writing your own sso class). The crowd authentication would be used ,and if valid, a cookie or whatever could be generated, that'd be used to authenticate the user to the forum. There should be heaps of information and even implementation examples throughout the forum for this.
[originally posted on by Sid]
Migrated From
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Just to inform everyone that it worked for me

This is my final code:

What you need to do is add every parameter you find on the page that has a value. So every input field with a value needs to be added to the method. This only if you want to login!

After that just keep using the cookie to do whatever you want
[originally posted on by jeetn]
Story like this gets better after being told a few times. Or maybe it's just a tiny ad:
Devious Experiments for a Truly Passive Greenhouse!
    Bookmark Topic Watch Topic
  • New Topic