• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Rob Spoor
  • Tim Cooke
  • Junilu Lacar
Sheriffs:
  • Henry Wong
  • Liutauras Vilda
  • Jeanne Boyarsky
Saloon Keepers:
  • Jesse Silverman
  • Tim Holloway
  • Stephan van Hulst
  • Tim Moores
  • Carey Brown
Bartenders:
  • Al Hobbs
  • Mikalai Zaikin
  • Piet Souris

SSO one more time ;-)

 
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello everybody!

You have got a really nice forum software.

So I decided to integrate it into the new webpage I'm building.
But I've got a few questions.
What I want to do is, using the JForum user database for authentication to other parts of my page.
So when the user registers on my page I will use the JForum registration page. His data will be stored in the JForum default table for that (jforum_users). As login page I will use also the JForum default login page.

My problem now is, how can I detect that someone who requests a non JForum page has logged in in JForum.
I don't want to change anything in the JForum source code, because I think it would complicate a JForum update or switching to JForum3 in the future.

I read the SSO part in your support-page but I think this is written for developers who want to replace your login system by their own.

Is it possible to disable the password encryption, so the user passwords will be stored into the jforum_users table in plaintext?

Regards
Humppa!

Ah one more thing, I saw some really bad translations in the German translation file of JForum.
I would translate it like that:
User.job = Beruf
User.from = Ort

maybe there is more to refactor, I haven't looked through the whole file


[originally posted on jforum.net by Humppa]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
When you say "non-jforum page" what exactly do you mean? E.g., is it another JSP page inside the Java app server (like tomcat) or is it just an HTML page on the web server (like Apache HTTPD).

You might be able to use the standard security mechanisms that use information from the DB. I know Tomcat has a container level security Realm that uses DB entries.

As to not encrypting the passwords, you'll need to do a search for MD5.crypt calls related to passwords and remove them. Should only be a few of these.

If you are using JSP pages, you might be able to write a filter to deal with your non-jForum pages.
[originally posted on jforum.net by monroe]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Heya monroe,

thank You for Your reply.

Both, my webpage (build in JSF and ICEfaces(AJAX framework)) and the JForum are running on the same JBOSS application server. I'm also using a PostgreSQL DB which is running on the same server.

I'm new to the J2EE world, so I don't know the JBOSS server very well.

I thought it would be faster using your login stuff than writing a complete new login system.
But after reading what you wrote I think I was wrong with that opinion.
So I will write my own login system and use the SSO function of JForum.

Thank You so far
~Humppa


[originally posted on jforum.net by Humppa]
reply
    Bookmark Topic Watch Topic
  • New Topic