• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

passing url params for SSO authenticateUser?

 
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
My custom SSO class only needs to retrieve a token value from the request and then validate it using some imported classes.

The RequestContext object that is passed to the authenticateUser method on the SSO class doesn't seem to have them.

In other words, I want to do this:

href=http://www.example.com/myjforum?foo=somevalue

And in my authenticateUser method:



The url params don't seem to be in the RequestContext or in the SessionContext if I get that from it.

Is it possible to pass url params to a forum servlet and still have access to those values in the context available to the SSO class?

nate grover
[originally posted on jforum.net by Nate Grover]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
If I remember right, jForum parses the URL to extract it's own parameters (e.g. module, action, and the like). I think there was a bug in the 2.1.7 that would cause it to drop extra parameters but I thought it was fixed in 2.8. You might look at the WebRequestContext code to see if this is working correctly.

Also, the SSO model first uses isSessionValid to determine the user status. It only calls the authenticate user method if a login screen is used. Are you checking for your autologin parameter in that method too?

Note that every request will call isSessionValid. So you will need a way to validate the session after the initial call with your URL token. E.g. session variable or cookie.
[originally posted on jforum.net by monroe]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
From what I can tell, it uses authenticateUser first, but my logs could be wrong.

I've noticed that if I link to the forum root path, the url params are dropped.

ie. http://localhost:8080/jforum?tokenId=foo

but

http://localhost:8080/jforum/forums/list.page?tokenId=foo
seems to work.

This makes me realize I'd love to know the full breakdown of how a request is handled by jforum. There is a filter but even within the context of the filter servlet I had lost my url params by then.

Can someone break down the flow of how a request is handled? This may help, as I really just to need make sure a certian get request value is still available in the SSO methods contexts.


Thanks.

Nate Grover
[originally posted on jforum.net by Nate Grover]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I pass along quite alot of parameters that are being retrieved in my authenticateSSO implementation. I did it the "easy" way, by "rewriting" the jforum paramters...

instead of /forum/list i wrote module=forum&action=list ... then it works just dandy with adding new paramters afterwards.
[originally posted on jforum.net by Sid]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
" instead of /forum/list i wrote module=forum&action=list"

appending the params to what address? I tried that and it won't work on the default url.

Well I've discovered part of the problem. It's not clearly documented, but you can't pass url params to the default index, as it's just an html file that forwards you directly to /forums/list.page

so www.example.com/forums?args=arg or www.example.com/forums/?args=arg won't work since that is not a servlet mapping for the index.

nate grover

[originally posted on jforum.net by Nate Grover]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
<%= contextUrl %>jforum.page?<%= queryString %>

that's an excerpt of my iframe call

So i guess it's pretty much http://localhost:8080/supportforum/jforum.page?foo=bar&bar=foo ...

The jforum.page already jumps to action list of module forum as far as I remember. If you wish to overwrite this, you have to delete the old action and old module parameter on the jforum side and set the new action and module. Why you have to delete ? Because it's now a "bucket" which would allow multiple actions, which then results in weird behaviour ;)

had to adapt my code for 2.1.8 a bit there.

I've implemented the SSO to pass along username, email, group-id, aswell as a timestamp and cipher - to ensure there'S no way to get into the forum without permission.

[originally posted on jforum.net by Sid]
reply
    Bookmark Topic Watch Topic
  • New Topic