Help coderanch get a
new server
by contributing to the fundraiser
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Devaka Cooray
  • Liutauras Vilda
Sheriffs:
  • Jeanne Boyarsky
  • paul wheaton
  • Henry Wong
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Tim Moores
  • Carey Brown
  • Mikalai Zaikin
Bartenders:
  • Lou Hamers
  • Piet Souris
  • Frits Walraven

Help with RemoteUserSSO

 
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi, after of must investigations, i find that editing "authenticateUser" of RemoteUserSSO class, JForum log one use that i pass of my webapp, OK.

But, i have one problem, What do i do to integrate Jforum with my webapp to load my user in "request.getRemoteUser()"?

I try to load password and email with this method: http://www.jforum.net/doc/SSOremote, but, allways appear user how "anonymous"...
[originally posted on jforum.net by MiLLeN]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The request.getRemoteUser() method is based on the HTTP CGI security model where the web server is responsible for setting the REMOTE_USER environmental variable.

Generally, in J2EE usage, this has been set by one of th layers above the web app. E.g., Tomcat's SingleSignOnValve or the web server that is front ending your app server.

However, there is also the servlet Filter interface available to intercept all requests and modify them. Some security models use these to replace the servlet engine provided request with a "wrapped" request that will reply with the correct remote user info.

One thing to remember is that if you have two separate web applications, they are running with two separate class loader/memory sets. So, what is known in static fields or the ServletContexts are going to be different.


[originally posted on jforum.net by monroe]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

monroe wrote:The request.getRemoteUser() method is based on the HTTP CGI security model where the web server is responsible for setting the REMOTE_USER environmental variable.

Generally, in J2EE usage, this has been set by one of th layers above the web app. E.g., Tomcat's SingleSignOnValve or the web server that is front ending your app server.

However, there is also the servlet Filter interface available to intercept all requests and modify them. Some security models use these to replace the servlet engine provided request with a "wrapped" request that will reply with the correct remote user info.

One thing to remember is that if you have two separate web applications, they are running with two separate class loader/memory sets. So, what is known in static fields or the ServletContexts are going to be different.



First, thank you Monroe again for help me.

I have put all JForum source embed into my webapp, and i have configurated it using JForum documentation, and found perfect, so i believe that ServletContexts is the same.

If i havent misunderstood, all that i need to do is modifi a cgi server variable REMOTE_USER (http://livedocs.adobe.com/coldfusion/6.1/htmldocs/expres34.htm)?

[originally posted on jforum.net by MiLLeN]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Given your situation, it might be easier just to put the user id in the application Session space and write your own SSO implementation.

FWIW, in the jForum web environment, the RequestContext interface is implemented by the WebRequestContext with is just a "wrapped" HttpServletRequest. So, you can cast this object to HttpServletRequest and get all the normal methods like getSession(), etc.

If you're wondering why it's this way, it is to abstract the application a little bit from the underlying application environment. This makes it easy to create the StandardRequestContext implementations which can be used in testing harnesses and other non-J2EE environments.


[originally posted on jforum.net by monroe]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

monroe wrote:Given your situation, it might be easier just to put the user id in the application Session space and write your own SSO implementation.

FWIW, in the jForum web environment, the RequestContext interface is implemented by the WebRequestContext with is just a "wrapped" HttpServletRequest. So, you can cast this object to HttpServletRequest and get all the normal methods like getSession(), etc.

If you're wondering why it's this way, it is to abstract the application a little bit from the underlying application environment. This makes it easy to create the StandardRequestContext implementations which can be used in testing harnesses and other non-J2EE environments.



I not understand..., if user is load in session, Can't i use one Servlet of my webapp out of JForum to load it, and when JForum load, load user too?, what is the problem of this?.

You say me that i cast WebRequestContext and edit it to load my user..., but, if I havent loaded JForum before.

I must load JForum class, before that i cast my edit WebRequestContext?, because i believe that JForum must is load in this moment..., is correct?
[originally posted on jforum.net by MiLLeN]
 
reply
    Bookmark Topic Watch Topic
  • New Topic