Firstly, a big thank you and well done to the developers of this fantastic software - it's excellently written, superbly structured, and find it very easy use.
I'm doing some investigations into integrating JForum with a J2EE application which relies on Tomcat Realm security.
I've successfully got the SSO stuff working - right out of the box (thanks again )
Reading through the code, I think I understand the relationship between Users, Groups, and Roles...Users go in Groups, Groups are assigned permissions.
What I'm working towards in an integration mechanism whereby the JForum groups are taken from the java.security.Principal object obtained from the HttpServletRequest. I'm had a look at modifying ControllerUtils, or maybe an Authenticator (but I can't see a straightforward way of getting the request)...any thoughts?
Jase [originally posted on jforum.net by jgc195]
Migrated From Jforum.net
posted 14 years ago
Take a look at SecurityRepository & related classes. For JForum 3 we're thinking in some way to allow plugable permission engines.
Let us know your ideas and needs, as this way we can build a strong code base for it.
Rafael [originally posted on jforum.net by Rafael Steil]
Migrated From Jforum.net
posted 13 years ago
Thanks for the pointers. I concentrated on the area you mentioned and was able to come up with a (hopefully) elegant solution.
I only needed to change a single method in a single file, although I'm sure a more complete solution would require further modification. Here's my code - a replacement 'selectById' method in the 'GenericUserDAO' class.
Easy as that! The main J2EE application defines a number of 'roles' which must include all of the 'groups' defined in JForum. When the user logs into the J2EE app, these roles are associated with that user and session. When the user enters JForum, they are signed on in the normal way using the RemoteUserSSO stuff. And the modification above takes the 'group' information from the roles associated with the request.
Hope that makes sense....
My only query is with JForumExecutionContext.getRequest() - I have assumed that it returns the correct request no matter where it is called from - I'm pretty sure this is the case as it relies on a ThreadLocal...
Thanks again for a fantastic bit of software, and I hope that the above is useful.
Jason [originally posted on jforum.net by jgc195]
This guy is skipping without a rope. At least, that's what this tiny ad said:
Building a Better World in your Backyard by Paul Wheaton and Shawn Klassen-Koop