Hi
As per the documentation given in the Jforum website if I want to implement RemoteUserSSO, I have to keep the following in web.xml but this code is throwing 403.Its acting as a show stopper. If I remove this entry from web.xml it works fine without SSO stuff. But I need SSO and it should work. I changed only web.xml , SystemGlobals.properties and RemoteUserSSO. Please let me know whether i am doing properly or missing something. I am using Acegi security which holds all user info in session. I am fetching email,password from Acegi and setting it to Httpsession object in RemoteUserSSO.
web.xml
<security-role>
<role-name>user</role-name>
</security-role>
<security-constraint>
<web-resource-collection>
<web-resource-name>Restricted Area</web-resource-name>
<url-pattern>*.page</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
1) SystemGlobals.properties
# defines the authentication method to sso
authentication. Type = sso
# defines the default class RemoteUserSSO
sso.implementation = com.mob.forum.sso.RemoteUserSSO
RemoteUserSSO
public
String authenticateUser(RequestContext request)
{
HttpSession session = (HttpSession) JForumExecutionContext.getRequest().getSessionContext();
User userObj = (User) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
String username = userObj.getEmail();
String password = userObj.getPassword();
System.out.println(":::::::userObj "+userObj );
System.out.println(":::::::session "+session );
System.out.println(":::::::UserId"+username) ;
System.out.println(":::::::password"+password);
session.setAttribute("sso.password.attribute", password);
session.setAttribute("sso.email.attribute", username) ;
//HttpSession session = request.getSessionContext();
return request.getRemoteUser();
}
[originally posted on jforum.net by gregjhonson]