Many improvements were made, and bugs were fixed.
Details | Download
  • Is JForum useful for you? Please consider helping this project.
 
 
 
© JForum Team
Latest version is 2.1.8
Meet the team
 
 

Implementing your own SSO class

The default SSO mechanisms may not always be appropriate for your situation. Fortunately it is a simple matter to write your own class. Make sure you have read the SSO docs. These instructions assume full understanding of the SSO mechanism.

Your class must implement the net.forum.sso.SSO interface.

The automatic registration process will work fine without the email and password session attributes, but the users email address and password will be set to defualt values. I wanted my users email and password set correctly in their forum profile.

I also had an additional problem that my login cookie contained an encrypted email address and not the username.

Whatever authentication you use, the example below should make things a bit clearer if you decied to implement your own SSO handler.

In order to access my users database (I do a lookup on my user database to retreive the username) I had to JAR up the required classes from my app and placed it in the JForum WEB-INF/lib folder.

For performance reasons I 'shadow' my apps login-cookie with JFourmSSO to hold the username. You could repeat your authenticateUser() logic in isSessionValid() and use your exisiting auto login cookie.

I chose the to use the default name JforumSSO for my cookie, but you can use anything you like - the cookie will only be recerenced within this class.

01  package net.jforum.sso;
02  
03  import javax.servlet.http.HttpServletRequest;
04  import javax.servlet.http.HttpSession;
05  import javax.servlet.http.Cookie;
06  
07  import net.jforum.ActionServletRequest;
08  import net.jforum.ControllerUtils;
09  import net.jforum.entities.UserSession;
10  import net.jforum.util.preferences.ConfigKeys;
11  import net.jforum.util.preferences.SystemGlobals;
12  import net.jforum.JForum;
13  
14  // Import any other class you may need
15  
16  import org.apache.log4j.Logger;    // I use log4j
17  
18  public class MyUserSSO implements SSO {          // you must implement met.jforum.sso.SSO
19 
20      static final Logger  logger       = Logger.getLogger(MyUserSSO.class.getName())// init logging
21      
22      public String authenticateUser(ActionServletRequest request) { //  required method
23          UserVO      user        = new UserVO();
24          Cookie myCookie = ControllerUtils.getCookie("auto-login")// my app login cookie
25          
26          if (myCookie != null) {
27              DAOManager  manager     = new JndiDAOManager();        // my apps database  
28              UserDAO     userDAO     = manager.getUserDAO(manager.getConnection());
29              user  = userDAO.getUser(HexTool.hexToString(myCookie.getValue()));
30              manager.close();
31          else 
32              return null// no cookie found
33          
34          if (user.isDisabled()) {
35              logger.warn("***DISABLED_ATTEMPT on Forum: "+user.getUsername())// log disabled attempt.
36              return null;
37          }
38          
39          HttpSession session = JForum.getRequest().getSession();
40          session.setAttribute("password", user.getPassword())// set correct password
41          session.setAttribute("email", user.getUsername());    // and email address (my username)
42          ControllerUtils.addCookie("JforumSSO",user.getScreenName(), myCookie.getMaxAge())//refresh
43          
44          return user.getScreenName()// jforum username
45      }
46      
47      public boolean isSessionValid(UserSession userSession, HttpServletRequest request) {
48          String      remoteUser  = null;
49          Cookie SSOCookie = ControllerUtils.getCookie("JforumSSO");
50          if (SSOCookie != nullremoteUser = SSOCookie.getValue()//  jforum username
51          
52          // user has since logged out
53          if(remoteUser == null && 
54                  userSession.getUserId() != SystemGlobals.getIntValue(ConfigKeys.ANONYMOUS_USER_ID)) {
55              return false;
56              
57           // user has since logged in
58          else if(remoteUser != null && 
59                  userSession.getUserId() == SystemGlobals.getIntValue(ConfigKeys.ANONYMOUS_USER_ID)) {
60              return false;
61              
62          // user has changed user
63          else if(remoteUser != null && !remoteUser.equals(userSession.getUsername())) {
64              return false;
65          }
66          return true// myapp user and forum user the same
67      }
68  }
69  

make sure the following SystemGlobals.properties are set correctly, all other SSO related properties are assumed to have default values:

authentication.type=sso
sso.implementation = net.jforum.sso.MyUserSSO // your classname
sso.redirect = http:/mysite.com/login.jsp // I use full url, you may not need to.

now rebuild, deploy and login to your app, visit forum as a new user and look in your profile to check things are working as expected.

handy other things

  • after registration confirmation myapp sends the user to a welcome post on the forum. This creates the forum account automatically with correct date/time and also makes the user immediatelly availble for receiving Private Messages.
  • if you provide a simple method for getting the Jforum user's userid from the jforum database, you can present the correct 'my profile' and 'my bookmarks' urls in your main-site menus (the others will work already.
 
   
Home | Download | Support | Forum | Documentation | Contact