How to programmatically login to JForum using Crowd Authentication

Hello again,

I want to programmatically login to JForum. But when logging in to JForum you are authenticated against Crowd database and not against JForum database.

I don't know if this is an additional difficulty to overcome?

I have tried a numerous amount of things (including searching this entire forum for anything related to login to JForum and offcourse google). Nothing actually worked...

I have replied in some of the topics I found while searching here, but no answer so far

So I thought, maybe a new topic with all the specifics of my problem would be a better solution than answering and asking questions in several different topics.

Let me show you the code I have for the moment:

public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html"); String categoryName = request.getParameter("category"); PrintWriter out = response.getWriter(); String contents = ""; String loginUrl = "http://localhost:8080/jforum/user/login.page"; String url = "http://localhost:8080/jforum/jforum.page?" + "module=adminCategories" + "&action=insertSave" + "&category_name=" + categoryName + "&moderate=0" + "&groups=1" + "&groups=2" + "&groups=3" + "&groups=4"; out.println("<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">"); out.println("<HTML>"); out.println(" <HEAD><TITLE>A Servlet</TITLE></HEAD>"); out.println(" <BODY>"); // Create an instance of HttpClient. HttpClient client = new HttpClient(); client.getState().setCredentials( new AuthScope("localhost", 8080, "jforum"), new UsernamePasswordCredentials( "admin", "adminpw" ) ); // client.getParams().setParameter("http.useragent", "My Browser"); // // HostConfiguration hostconfig = client.getHostConfiguration(); // hostconfig.setHost(new URI("http://localhost:8080/jforum/user/login.page", true)); // Create a method instance. PostMethod method = new PostMethod(url); method.addParameter("username", "admin"); method.addParameter("password", "adminpw"); method.addParameter("returnPath", url); // NameValuePair[] data = { new NameValuePair("user", "admin"), // new NameValuePair("password", "adminpw") }; // method.setRequestBody(data); method.setDoAuthentication(true); try { // Execute the method. int statusCode = client.executeMethod(method); // HttpSession session = request.getSession(); // url += ";jsessionid=" + session.getId(); // method = new PostMethod(url); // // statusCode = client.executeMethod(method); if (statusCode != HttpStatus.SC_OK) { if(statusCode == HttpStatus.SC_MOVED_TEMPORARILY){ response.sendRedirect(url); } out.println("Method failed: " + method.getStatusLine()); } contents = method.getResponseBodyAsString(); //byte[] responseBody = method.getResponseBody(); //InputStream in = method.getResponseBodyAsStream(); // Deal with the response. // Use caution: ensure correct character encoding and is not binary // data //out.println(new String(responseBody)); method.releaseConnection(); out.println( contents ); } catch (HttpException e) { out.println("Fatal protocol violation: " + e.getMessage()); e.printStackTrace(); } catch (IOException e) { out.println("Fatal transport error: " + e.getMessage()); e.printStackTrace(); } finally { } out.println(" </BODY>"); out.println("</HTML>"); out.flush(); out.close(); }


What I think that is needed to be done is the following:

You first need to find the correct url to login to JForum. That is afaik " http://localhost:8080/jforum/user/login.page "

String loginUrl = "http://localhost:8080/jforum/user/login.page";

If you have that URL you can create a PostMethod with this url as parameter.

As you are trying to login you need to add some parameters (i.e. username and password) so this data can be filled in in the form.

This happens as follows:

PostMethod method = new PostMethod(loginUrl); method.addParameter("username", "admin"); method.addParameter("password", "adminpw");

Now, when you execute this code:

int statusCode = client.executeMethod(method);

You would expect to be logged in. I don't know if it's true or not, as I don't know how to test this.


What I do know is that after executing all of this code and I go take a look at my rendered page. I can see the login page (but not being logged in). When I hover over the login button, I can see in the url description a sessionId has been added.

The way to retrieve this sessionId is as follows:

HttpSession session = request.getSession(); int sessionId = session.getId();


I think the next step would be to add this sessionId to the back of the url you want to Post so that when the postmethod with the new url is executed JForum will know you've successfully identified before and therefore have permission to perform the action described in the url.

String url = "http://localhost:8080/jforum/jforum.page?" + "module=adminCategories" + "&action=insertSave" + "&category_name=" + categoryName + "&moderate=0" + "&groups=1" + "&groups=2" + "&groups=3" + "&groups=4"; url += ";jsessionid=" + session.getId(); method = new PostMethod(url); statusCode = client.executeMethod(method);

When I do this I get statuscode 302: Method has been Temporarily moved.

The reason I think I'm getting this is because to execute that method you really need to be logged in and not just logged in, you need to have admin rights. When I redirect I get to the login page, but this time in my address bar I can see the actual JForum login link whereas before I saw the link of my application trying to execute this code.

after redirect: http://localhost:8080/jforum/...

application link: http://localost:8080/jforumconfigurator-1.0-SNAPSHOT/ThreadServlet


Anyone who might be able to tell me what I'm doing wrong?
[originally posted on jforum.net by jeetn]

just a shot in the dark:

from the point of sso mechanisms, theres two parts - one is the authentication, one is the revalidation.

I havent looked at the jfroum code in a while so I dont know exactly the mechanisms. But I'd think that in your case it authenticates, but when you access the page again it would check if you are still a valid user, and in this case it'd return false (i.e. at each call to the forum it'd check if you are a valid user).

Having a look at the code would be a good start probably, especially when it comes to the authentication code (authenticateUser Method i think).

Another workaround to this generally would be using the jforum built in sso mechanisms (by writing your own sso class). The crowd authentication would be used ,and if valid, a cookie or whatever could be generated, that'd be used to authenticate the user to the forum. There should be heaps of information and even implementation examples throughout the forum for this.
[originally posted on jforum.net by Sid]

Hi,

Just to inform everyone that it worked for me

This is my final code:

public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html"); String categoryName = request.getParameter("category"); PrintWriter out = response.getWriter(); String contents = ""; String loginUrl = "http://localhost:8080/jforum/user/login.page"; String url = "http://localhost:8080/jforum/jforum.page?" + "module=adminCategories" + "&action=insertSave" + "&category_name=" + categoryName + "&moderate=0" + "&groups=1" + "&groups=2" + "&groups=3" + "&groups=4"; out .println("<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">"); out.println("<HTML>"); out.println(" <HEAD><TITLE>A Servlet</TITLE></HEAD>"); out.println(" <BODY>"); // Create an instance of HttpClient. HttpState initialState = new HttpState(); HttpClient client = new HttpClient(); client.getParams().setCookiePolicy(CookiePolicy.BROWSER_COMPATIBILITY); client.setState(initialState); // Create a method instance. GetMethod get = new GetMethod(loginUrl); int result = client.executeMethod(get); Cookie[] cookies = client.getState().getCookies(); System.out.println("Present cookies: "); for (int i = 0; i < cookies.length; i++) { System.out.println(" - " + cookies[i].toExternalForm()); } get.releaseConnection(); PostMethod method = new PostMethod(loginUrl); method.addParameter("username", "admin"); method.addParameter("password", "adminpw"); method.addParameter("module", "user"); method.addParameter("action", "validateLogin"); method.addParameter("returnPath", "http://localhost:8080/jforum/forums/list.page"); method.addParameter("login", "Login"); for (int i = 0; i < cookies.length; i++) { method.setRequestHeader("Cookie:", cookies[i].toExternalForm()); } try { // Execute the method. int statusCode = client.executeMethod(method); String s = request.getParameter("returnPath"); if(statusCode == HttpStatus.SC_MOVED_TEMPORARILY){ response.sendRedirect("http://localhost:8080/jforum/forums/list.page"); } method = new PostMethod(url); for (int i = 0; i < cookies.length; i++) { method.setRequestHeader("Cookie:", cookies[i].toExternalForm()); } statusCode = client.executeMethod(method); if(statusCode == HttpStatus.SC_MOVED_TEMPORARILY){ response.sendRedirect("http://localhost:8080/jforum/admBase/login.page"); } contents = method.getResponseBodyAsString(); method.releaseConnection(); out.println(contents); } catch (HttpException e) { out.println("Fatal protocol violation: " + e.getMessage()); e.printStackTrace(); } catch (IOException e) { out.println("Fatal transport error: " + e.getMessage()); e.printStackTrace(); } finally { } out.println(" </BODY>"); out.println("</HTML>"); out.flush(); out.close(); }

What you need to do is add every parameter you find on the page that has a value. So every input field with a value needs to be added to the method. This only if you want to login!

After that just keep using the cookie to do whatever you want
[originally posted on jforum.net by jeetn]