Hi Norbert,
Thanks for u r help.
i have implemetner SSO as bellow following
public class MyuserSSO implements SSO { // you must implement met.jforum.sso.SSO
static final Logger logger = Logger.getLogger(MyuserSSO.class.getName()); // init logging
private
String username=null;
private Connection conn;
public String authenticateUser(RequestContext request) { // required method
HttpServletRequest req=(HttpServletRequest)request;
HttpSession session =req.getSession();
username=session.getAttribute("email").toString();
net.jforum.entities.User user=null ;
String mysession=session.getAttribute("auto-login").toString();
System.out.println("mysession-->"+mysession);
if(mysession!=null){
session.removeAttribute("auto-login");
String users=null;
DataSourceConnection dsc =null;
try{
dsc = new DataSourceConnection(); // my apps database
dsc.init();
conn = (Connection) dsc.getConnection();
DAOManager managerDAO =new DAOManager();
managerDAO.getUserDAO(conn);
user = managerDAO.getUserByName(username);
username=user.getUsername();
}catch(Exception e){
e.printStackTrace();
}
finally{
try{
dsc.releaseConnection(conn);
}catch(Exception e){}
}
session.setAttribute("password", user.getPassword()); // set correct password
session.setAttribute("email", user.getUsername()); // and email address (my username)
Cookie cookie = new Cookie("JforumSSO", user.getUsername());
cookie.setMaxAge(60*60*1);
cookie.setPath("/");
JForumExecutionContext.getResponse().addCookie(cookie);
if (user == null ) {
logger.warn("***DISABLED_ATTEMPT on Forum: "+user.getUsername()); // log disabled attempt.
return null;
}else{
return username;
}
}else{
return null;
}
}
public boolean isSessionValid(UserSession userSession, RequestContext request) {
String remoteUser = null;
Cookie SSOCookie = ControllerUtils.getCookie("JforumSSO");
if (SSOCookie != null) remoteUser = SSOCookie.getValue(); // jforum username
// user has since logged out
if(remoteUser == null &&
userSession.getUserId() != SystemGlobals.getIntValue(ConfigKeys.ANONYMOUS_USER_ID)) {
return false;
// user has since logged in
} else if(remoteUser != null &&
userSession.getUserId() == SystemGlobals.getIntValue(ConfigKeys.ANONYMOUS_USER_ID)) {
return false;
// user has changed user
} else if(remoteUser != null && !remoteUser.equals(userSession.getUsername())) {
return false;
}
return true; // myapp user and forum user the same
}
}
Can u Please tell where i need to modify
Note : i am not interesting to store in cookies is any alternative solutions .
[originally posted on jforum.net by gopal.g]