we have a webpage where the user has to be identified with another username and password in order to enter to the site. In this site we have a link to the forum but the problem is when the user reaches the forum he has to login again. We want that the username and password is valid and connected to the forum, so you don�t need to login again when you need to enter the forum.
How do I connect the forum to the website??
I almost forget: I am using Tomcat 5.5, mysql 4.1. The passwords in the sites�s database are not encrypted.
it have(had) the same problem. I wanted to integrate that marvelous
forum (version 2.1.4) to my webpage. Problem 1 was, that each user
would have to register for website AND Forum. Problem 2 was to
do the sso with that version. (Dont have a clue how the Database
would have changed and I already using 2.1.4 for a while)
Problem1 (register for website and forum at the same time):
Actually I tried to build some static Methods to achieve that. But I
failed in some case. So I did it another way:
I just added a user to theJForum-DB on my own. The only thing you have
to do is to insert one row to jforum_users. (That one have a lot of olumns,
but the only important things are uername, user_password, user_email,
Insert it somehow to DB (I used torque http://db.apache.org/torque/ as DB-Mapper! But only because I'm
already using it! It's nice! You have some XML that describes the DB-Schema and torque generates Java-Classes with a lot of nice
methods (foreignkey and so on) to insert/update/delete data in DB.)
Now you have to add that new user to a group. Insert a row in table
jforum_user_groups. There are only two columns in there.
Set group_id to 1 (cause that is the id of the default-group)
and set user_id to the value the user got you just added before.
That's it! Now you could login with the account you created from outside.
PS: I used MD5.crypt(..) to encode the password as it happens when
a 'real' JForum-User registers. (I need this afterwards)
Problem2 (Login with your websites login)
Well, this is not such a problem! (in 2.1.5 i heard the will be sso but as
i told, i used 2.1.4 already and didnt want to migrate)
When you login to my website I (the tomcat) put a user-object in
the session. Now there comes one little modification in the UserAction-Class (package net.jave.jform.view.forum).
So it should look before:
There the method validateLogin is called from somewhere with username
and password as parameters. That one is passed through to the
usermodel that have an instance of the LoginAuthenticator, that says
YES you ARE permitted to enter the site or NOT.
My approach is to look in session if a user-object is in there. If not
do as usual, but if yes take username and password of the Session-User-Object (not the Jforum-User, the Site-User) and pass
it to the Authenticator instead of the parameters: