• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

RSS feed of a private forum

 
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Can JForum provide an RSS feed of a non-public forum? I tried to look up in JIRA for any bugs or plans but can never connect to JIRA server.
[originally posted on jforum.net by rhudson]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
AFAIK, Secure RSS has not been standardized or is not well supported. Some RSS Readers support HTTP Basic Authentication for this, but not many.

That said, the current jForum code seems to do a security check and issue a "Authentication Required" 401 error back to the browser if a private forums RSS url is called and a current "autologin" cookie set (e.g. Remember me stuff) is not found.

However, I'm not sure if the code currently handles the response with the Authentication HTTP tag. E.g., using this to log the person in.

So, out of the box, if you log into jForum from a browser that has cookies enabled and has logged into jForum, the Browser can probably access the private forum's RSS feed (until the cookie times out). However, third party/no browser software probably can't.

A possible custom solution to this would be to create an SSO implementation that can use HTTP Basic Authentication tags to log existing users in if valid user/password info was found.

This would let URLs like http://user:pwd@site.com/forums/rss... work and probably let most RSS readers access private forums.


[originally posted on jforum.net by monroe]
 
reply
    Bookmark Topic Watch Topic
  • New Topic