转载:http://www.jeedao.net/posts/list/0/44.page
本文以JForum v2.1.7和JOSSO v1.5为例说明,JForum论坛单点登录的集成。
JForum在设计之初就考虑了与其它系统进行SSO单点登录集成的接口,你需要做的是:
修改配置文件“SystemGlobals.properties”,更改JForum的认证模式。
对JOSSO和jforum的相关配置文件进行设置。
要与JOSSO集成,当然是先到http://www.josso.org/去下载一个JOSSO啦,呵呵。我下载的是“apache-tomcat-5.5.20_josso-1.5.zip”,这个包已经把大部分的配置设置好了,你不需要进行太多的设置工作。
下面我们来看看整个配置过程吧:
解开“apache-tomcat-5.5.20_josso-1.5.zip”得到目录“apache-tomcat-5.5.20_josso-1.5”,我们把jforum论坛拷贝到“\apache-tomcat-5.5.20_josso-1.5\webapps”目录下。
出于实验目的我们需要先在jforum论坛中注册一个用户“user1”,所以我们先启动tomcat,注册一个用户名为“user1”的论坛用户。
打开“\apache-tomcat-5.5.20_josso-1.5\bin”目录下的“josso-agent-config.xml”配置文件,参照原来的配置增加以下配置描述:
Code:
<partner-app> <context>/jforum</context> </partner-app>
为JForum论坛编写单点登录实现类,代码如下:
Code:
package net.jforum.sso; import net.jforum.context.RequestContext; import net.jforum.JForumExecutionContext; import net.jforum.entities.UserSession; import net.jforum.util.preferences.ConfigKeys; import net.jforum.util.preferences.SystemGlobals; import org.apache.log4j.Logger; public class Josso implements SSO { static final Logger logger = Logger.getLogger(Josso.class.getName()); public String authenticateUser(RequestContext request) { String remoteUser = null; remoteUser = request.getRemoteUser(); logger.info("remoteUser:" + remoteUser); if(remoteUser == null) { JForumExecutionContext.setRedirect(SystemGlobals.getValue(ConfigKeys.SSO_REDIRECT)); return null; } if (remoteUser == null || remoteUser.trim().equals("")) { JForumExecutionContext.setRedirect(SystemGlobals.getValue(ConfigKeys.SSO_REDIRECT)); return null; // no user found } return remoteUser; // jforum username } public boolean isSessionValid(UserSession userSession, RequestContext request) { String remoteUser = null; remoteUser = request.getRemoteUser(); // jforum username logger.info("remoteUser:" + remoteUser); // user has since logged out if(remoteUser == null && userSession.getUserId() != SystemGlobals.getIntValue(ConfigKeys.ANONYMOUS_USER_ID)) { return false; // user has since logged in } else if(remoteUser != null && userSession.getUserId() == SystemGlobals.getIntValue(ConfigKeys.ANONYMOUS_USER_ID)) { return false; // user has changed user } else if(remoteUser != null && !remoteUser.equals(userSession.getUsername())) { return false; } return true; // myapp user and forum user the same } }
更改JForum的配置文件“SystemGlobals.properties”:
authentication.type = sso
sso.implementation = net.jforum.sso.Josso
更改JForum论坛的web.xml文件,在web.xml文件增加以下配置:
Code:
<security-constraint> <!-- Sample Security Constraint --> <web-resource-collection> <!-- We're going to protect this resource and make it available only to users in "role1". --> <web-resource-name>public-resources</web-resource-name> <url-pattern>/resources/*</url-pattern> <http-method>HEAD</http-method> <http-method>GET</http-method> <http-method>POST</http-method> <http-method>PUT</http-method> <http-method>DELETE</http-method> </web-resource-collection> <!-- No roles required, it means that this are public resources ! Usefull to tell JOSSO that resources matching this security constraint should not be subject to SSO protection. --> </security-constraint> <security-constraint> <!-- Sample Security Constraint --> <web-resource-collection> <!-- We're going to protect this resource and make it available only to users in "role1". --> <web-resource-name>protected-resources</web-resource-name> <url-pattern>/josso/*</url-pattern> <url-pattern>/protected/*</url-pattern> <url-pattern>/forums/*</url-pattern> <http-method>HEAD</http-method> <http-method>GET</http-method> <http-method>POST</http-method> <http-method>PUT</http-method> <http-method>DELETE</http-method> </web-resource-collection> <!-- NOTE: This role names will be retrieved by Josso using the propper identity store. --> <auth-constraint> <role-name>role1</role-name> </auth-constraint> <user-data-constraint> <transport-guarantee>NONE</transport-guarantee> </user-data-constraint> </security-constraint> <!-- We only need tomcat to redirect the user --> <login-config> <auth-method>FORM</auth-method> <form-login-config> <!-- NOTE: This will redirect the user to the propper login page provided by JOSSO. --> <form-login-page>/login-redirect.jsp</form-login-page> <form-error-page>/login-redirect.jsp</form-error-page> </form-login-config> </login-config> <security-role > <description>Role 1</description> <role-name>role1</role-name> </security-role>
好了,现在你重新启动tomcat,并访问论坛:http://localhost:8080/jforum/forums/list.page
呵呵,页面被重定向到JOSSO的用户登录页面去了。请在登录页面输入用户名:user1,密码:user1pwd,成功登录后页面会自动重定向到http://localhost:8080/jforum/forums/list.page,并且jforum论坛显示用户:user1已经处于在线登录状态了。
细心查看JForum论坛的页面你会发现,论坛中的退出按钮已经不见了,这是因为退出功能应该由你的JOSSO来实现的原因。还有就是那个JForum原来的那个登录输入框也没有了。
呵呵,别以为你已经完成单点登录的整合了哦,还有很多工作要做呢。例如,用户注册的时候你必须同时把jforum论坛必须的信息也保存到jforum论坛的相关库表中;你需要为论坛安置一个正确的退出按钮连接;你需要美好JOSSO的登录界面等。
trackback: http://www.jeedao.net/posts/list/0/44.page