<![CDATA[Latest posts for the topic "[v2.1.7] Cookie-based JForum Single Sign-On (SSO)"]]>

<![CDATA[Latest posts for the topic "[v2.1.7] Cookie-based JForum Single Sign-On (SSO)"]]> http://www.andowson.com/posts/list/7.page JForum - http://www.jforum.net [v2.1.7] Cookie-based JForum Single Sign-On (SSO)
在此附上一份經過實際測試沒有問題的CookieUserSSO.java及CookieUserSSO.class檔，如果您的需求是很單純的用Cookie來作Single Sign-On，則下載後重新編譯，將編譯後的class檔放到WEB-INF/classes/net/jforum/sso目錄下，然後重新載入JForum即可。
[code]package net.jforum.sso;

import javax.servlet.http.Cookie;
import net.jforum.context.RequestContext;
import net.jforum.JForumExecutionContext;
import net.jforum.ControllerUtils;
import net.jforum.entities.UserSession;
import net.jforum.util.preferences.ConfigKeys;
import net.jforum.util.preferences.SystemGlobals;
import org.apache.log4j.Logger;

public class CookieUserSSO implements SSO {

static final Logger logger = Logger.getLogger(CookieUserSSO.class.getName());

public String authenticateUser(RequestContext request) {
// myapp login cookie, contain logged username
Cookie myCookie = ControllerUtils.getCookie(
SystemGlobals.getValue(ConfigKeys.COOKIE_NAME_USER));
String username = null;

if (myCookie != null) {
username = myCookie.getValue();
}
return username; // jforum username
}

public boolean isSessionValid(UserSession userSession, RequestContext request) {
Cookie SSOCookie = ControllerUtils.getCookie(
SystemGlobals.getValue(ConfigKeys.COOKIE_NAME_USER)); // myapp login cookie
String remoteUser = null;

if (SSOCookie != null) {
remoteUser = SSOCookie.getValue(); // jforum username
}

// user has since logged out
if(remoteUser == null &&
userSession.getUserId() != SystemGlobals.getIntValue(ConfigKeys.ANONYMOUS_USER_ID)) {
return false;
// user has since logged in
} else if(remoteUser != null &&
userSession.getUserId() == SystemGlobals.getIntValue(ConfigKeys.ANONYMOUS_USER_ID)) {
return false;
// user has changed user
} else if(remoteUser != null && !remoteUser.equals(userSession.getUsername())) {
return false;
}
return true; // myapp user and forum user the same
}
}
[/code]

另外，還要設定一下jforum-custom.conf，設定範例如下：
[quote]authentication.type=sso
sso.implementation=net.jforum.sso.CookieUserSSO
sso.redirect=[color=red]http://member.andowson.com/login.jsp[/color]
cookie.name.user=[color=red]username[/color][/quote]
紅色字體部分即是您需要依您實際狀況修改的地方，例如上面的例子意思是您的會員登入是在member.andowson.com控管，而login.jsp在驗證完畢後，會寫入一個username的cookie（domain需是andowson.com)，並讀出returnUrl參數來導回到原來的網址去。

參考資料：
http://www.jforum.net/posts/list/3619.page]]> http://www.andowson.com/posts/preList/72/94.page http://www.andowson.com/posts/preList/72/94.page GMT 回覆:[v2.1.7] Cookie-based JForum Single Sign-On (SSO) http://www.andowson.com/posts/preList/72/111.page http://www.andowson.com/posts/preList/72/111.page GMT