I can help u.
Here the CookieUSERSSO i used :
package net.jforum.sso;
import javax.servlet.http.Cookie;
import net.jforum.context.RequestContext;
import net.jforum.JForumExecutionContext;
import net.jforum.ControllerUtils;
import net.jforum.entities.UserSession;
import net.jforum.util.preferences.ConfigKeys;
import net.jforum.util.preferences.SystemGlobals;
import org.apache.log4j.Logger;
//JForumExecutionContext.getRequest()
//JForumExecutionContext.getRequest().getSession()
public class CookieUserSSO implements SSO {
static final Logger logger = Logger.getLogger(CookieUserSSO.class.getName());
public
String authenticateUser(RequestContext request) {
// myapp login cookie, contain logged username
Cookie myCookie = ControllerUtils.getCookie("JForumSSO");
String username = null;
if (myCookie != null) {
username = myCookie.getValue();
}
return username; // jforum username
}
public boolean isSessionValid(UserSession userSession, RequestContext request) {
Cookie SSOCookie = ControllerUtils.getCookie( SystemGlobals.getValue(ConfigKeys.COOKIE_NAME_USER ));
// myapp login cookie
String remoteUser = null;
if (SSOCookie != null) {
remoteUser = SSOCookie.getValue(); // jforum username
}
// user has since logged out
if(remoteUser == null && userSession.getUserId() != SystemGlobals.getIntValue(ConfigKeys.ANONYMOUS_USER_ID)) {
return false;
// user has since logged in
} else if(remoteUser != null && userSession.getUserId() == SystemGlobals.getIntValue(ConfigKeys.ANONYMOUS_USER_ID)) {
return false;
// user has changed user
} else if(remoteUser != null && !remoteUser.equals(userSession.getUsername())) {
return false;
}
return true; // myapp user and forum user the same
}
}
compile that
java file and put it into net/jforum/sso folder.
then u should make sso enable on SystemGlobals.properties file :
make some changes on ;
find : "authentication.type" and convert to ;
authentication.type = sso
sso.implementation = net.jforum.sso.CookieUserSSO
When you want to create user just use :
simple login :
login.jsp ;
<%
<br /> Cookie cookie = new Cookie("JForumSSO","TestUser");
<br /> cookie.setMaxAge( -1 );
<br /> cookie.setPath( "/" );
<br /> response.addCookie( cookie );
<br /> out.flush();
<br /> response.sendRedirect("http://www.mywebsite.com/jforum");
<br /> return;
<br /> %>
when u enter login.jsp ; TestUser will be created on forum
if this user is not created already.
But if TestUser is already created and user entered login.jsp ;
so user will just login.
U may ask when user get created whats default password and user information given ;
look at SystemGlobals.properties ;
sso.default.email = sso@user
sso.default.password = sso
Well , if u want to set them manually , u should use DAO or Temporary DB for user...
Also this login type is so vulnerable not secure.
Everybody can hack u easy.
I'll make some modifications and give u too when i done all.
Take care...
[originally posted on jforum.net by kadirbasol]