Rafael, Zafe ...
Did anything come of the integration in this
thread? I'm working on a similar application using the 2.1.7 codebase, but with a generic custom registry as target for user validation and privilege grants, and a slightly different approach. But of course I'd rather build on existing code, all things equal.
The approach we're taking towards integrating with an enterprise Java app in the same appserver is to entirely replace the jforum database tables as a source of identity information, and while keeping the JForum object model the same, populate the JForum objects with identity information from the enterprise application by means of some custom field mapping at runtime.
So far this involves activating SSO with the usual SSO class (the default is fine!), a replacement of the SSOUtils class that seems to do the heavy lifting for making the user available in the app, a few mods to the ControllerUtilities and maybe some changes to get the groups and roles associated with the User object, hence the overlap with this topic.
Anything current on this or should I forge ahead in a custom way?
The use case is:
1. User logs into master enterprise application
2. Identity is created by the enterprise app
3. User navigates to forum, invoking the ControllerUtilities
4. CU does the usual SSO invocation to establish validity, then invokes the replaced/overridden SSOUtils
5. SSOUtils, now a custom class for a particular integration, constructs a normal JForum User object using custom identity information derived from the enterprise app
To this point I have a working prototype that yields a happy JForum user, but not yet a working JForum app.
Next and maybe last steps are invoking the JForum SecurityRepository to map JForum groups and roles to the JForum user.
I could use some guidance here, in terms of keeping in the spirit of the JForum application. The default permissions model for JForum seems to map multiple roles, each of which controls a permission, to a group, with two groups existing at startup. Is that right?
Are those permissions worked deeply enough into the application that I should leave the roles alone in the database, map groups in the enterprise application to groups in JForum, and use the SecurityRepository to keep doing the group-to-role mapping?
Or does it make more sense to move the roles up to
J2EE; that is, define the 5 or 6 JForum roles I see in the database directly in the deployment descriptor and directly map existing Enterprise App J2EE groups to them?
It would be nice if I could do this in a generic enough way that I could kick back to you a configurable SSO that allows for the complete user and group replacement model I'm planning to implement.
I've got some studying to do in how you implement your interfaces for the DAO layer -- I'm used to spring and factories and haven't quite figured out what you're doing to tie the two together. Hints gratefully received.
R.
[originally posted on jforum.net by robinpc]