練功房推薦書單

  • 猛虎出柙雙劍合璧版--最新 OCA / OCP Java SE 7 Programmer 專業認證 (電子書)
  • 流浪教師存零股存到3000萬(全新增修版)(書+DVD)
  • 開始在關西自助旅行(京都‧大阪‧神戶‧奈良)(全新增訂版)
  • 不敗教主的300張股票存股術
[v2.1.7] Cookie-based JForum Single Sign-On (SSO) RSS feed
Forum Index » JForum中文社群 JForum Chinese Users Community
Author Message
andowson

七段學員
[Avatar]

Joined: 2007/1/2
Messages: 706
Location: 台北
Offline
JForum預設cookie-based的sso.implementation是net.jforum.sso.CookieUserSSO,但是原始碼並沒有這個CookieUserSSO類別,所以如果我們照著文件做會失敗。

在此附上一份經過實際測試沒有問題的CookieUserSSO.java及CookieUserSSO.class檔,如果您的需求是很單純的用Cookie來作Single Sign-On,則下載後重新編譯,將編譯後的class檔放到WEB-INF/classes/net/jforum/sso目錄下,然後重新載入JForum即可。
package net.jforum.sso;

import javax.servlet.http.Cookie;
import net.jforum.context.RequestContext;
import net.jforum.JForumExecutionContext;
import net.jforum.ControllerUtils;
import net.jforum.entities.UserSession;
import net.jforum.util.preferences.ConfigKeys;
import net.jforum.util.preferences.SystemGlobals;
import org.apache.log4j.Logger;

public class CookieUserSSO implements SSO {

	static final Logger logger = Logger.getLogger(CookieUserSSO.class.getName());

	public String authenticateUser(RequestContext request) {		
		// myapp login cookie, contain logged username
		Cookie myCookie = ControllerUtils.getCookie(
				SystemGlobals.getValue(ConfigKeys.COOKIE_NAME_USER));		
		String username = null;
		
		if (myCookie != null) {
			username = myCookie.getValue();		
		}		 
		return username; // jforum username
	}

	public boolean isSessionValid(UserSession userSession, RequestContext request) {
		Cookie SSOCookie = ControllerUtils.getCookie(
				SystemGlobals.getValue(ConfigKeys.COOKIE_NAME_USER)); // myapp login cookie		
		String remoteUser = null;
		
		if (SSOCookie != null) {
			remoteUser = SSOCookie.getValue(); //  jforum username
		}

        // user has since logged out
        if(remoteUser == null && 
                userSession.getUserId() != SystemGlobals.getIntValue(ConfigKeys.ANONYMOUS_USER_ID)) {
			return false;
        // user has since logged in
        } else if(remoteUser != null && 
                userSession.getUserId() == SystemGlobals.getIntValue(ConfigKeys.ANONYMOUS_USER_ID)) {
            return false;
        // user has changed user
        } else if(remoteUser != null && !remoteUser.equals(userSession.getUsername())) {
            return false;
        }
        return true; // myapp user and forum user the same
	}
}


另外,還要設定一下jforum-custom.conf,設定範例如下:
authentication.type=sso
sso.implementation=net.jforum.sso.CookieUserSSO
sso.redirect=http://member.andowson.com/login.jsp
cookie.name.user=username

紅色字體部分即是您需要依您實際狀況修改的地方,例如上面的例子意思是您的會員登入是在member.andowson.com控管,而login.jsp在驗證完畢後,會寫入一個username的cookie(domain需是andowson.com),並讀出returnUrl參數來導回到原來的網址去。

參考資料:
http://www.jforum.net/posts/list/3619.page
http://www.coderanch.com/t/577176/jforum/Cookie-based-SSO
 Filename CookieUserSSO.java [Disk] Download
 Description CookieUserSSO.java
 Filesize 2 Kbytes
 Downloaded:  50 time(s)

 Filename CookieUserSSO.class [Disk] Download
 Description CookieUserSSO.class
 Filesize 2 Kbytes
 Downloaded:  39 time(s)


分享經驗 累積智慧
[WWW] [MSN]
windstorm

九級學員
[Avatar]

Joined: 2007/5/20
Messages: 13
Offline
最近我也在研究JForum的單點登錄,歡迎感興趣的朋友訪問《JForum與JOSSO集成單點登錄》:http://www.jeedao.net/posts/list/44.page
備用網址:http://pipo.iteye.com/blog/82999

Java EE 軟件之道
xiaofanku

十級學員

Joined: 2014/6/17
Messages: 2
Offline
很神奇的功能,如果在网站中用的密码,在jforum中登陆好用吗
 
Forum Index » JForum中文社群 JForum Chinese Users Community
Go to:   
Mobile view