Single Sign-On between Joomla (PHP) and a custom JSF / JSP login (JAVA)

Single sign-on (SSO) is a method of access control, that enables a user to authenticate once, and gain access to the resources of multiple software systems. Well in my case, the task i have given is to authenticate a user in a PHP and a JAVA (Web) system simultaneously.

My PHP web application is the well known Joomla CMS, and my JAVA web application is based on JSF and custom built. After some thinking and research I found several resources which are worth reading (JOSSO, OneSign ), but i couldn’t take any help from them, mostly those SSO frameworks are complex ( yeah 🙂 I couldn’t understand ) and aimed on a general pourpose and most of them are not for free.

So yeah I thought of doing some Hack to joomla and also make some changes in my Java web app’s authentication method. After talking with some of my geeky Friends (Sandaruwan and Anjana). I came up with two approaches. both are involved in handling the cookies manually up to certain extent.

The 1st approach is (Which i didn’t try and had to give up due to the reason that I am using JSF as the web application framework) to log-in to the Joomla site and after loged in to Joomla create a random named temp file in the server (possibly in /home/secrets with 777) with the user-name (if a valid log in) and set a cookie using set_cookie(“name”,$filename) and direct to a jsp page to do the java side authentication.

in this JSP, page read the secret file name from the cookie and read the file from the http server in-order to take the username of the loged-in user. By passing this to the authentication method of the java web app, the java side also can be authenticated.

yup it is pretty simple, but i had to give it up mainly because I use JSF. if I do the user authentication in the above way in the java side. I cannot add the user object to the FacesContext which will be used by my other java side components. so even though i log in. later on in other jsf pages my loged user cannot be found. (Shortly my java login process is not happening according to the JSF implementation procedures.) and secondly i had to give up this method because my Project manger didn’t like the idea of saving temp files in the server. 🙂

So the Second and the method which i have implemented is, automating the Joomla log-in process by making an http request to the http server from my JSF backing bean. and set the PHP cookie manually via Http Servlet response.

before i explain this method more broadly i have to mention about two nice tools which helped me to monitor the http requests and response.
Apache TCP Monitor
Live Http headers (FireFox ad-on)

Architecture

Implementation

There are two different scenarios.
1. User can visit teh home page of the joomla site 1st and the PHP Cookie is already set.
2. User visit the Java site PHP Cookie is not available.

Continue reading Single Sign-On between Joomla (PHP) and a custom JSF / JSP login (JAVA)

JSF : Setting a custom message from a backing bean

So yeah !! I thought of writing something about JSF. Since am working with it for Nealy 3 months now. So how about custom message handling for starters !! 🙂

JSF message tag is pretty useful in many places. for an example, for the use of validators. but what i wanted to write here is, not how a message is shown after validation.

Think after some database transaction you wanted to say “Transaction is successful or not successful” or in some random scenario if you wanted to show a message in anywhere in your web-page at anytime, you can do that from your backing bean with out much effort.

I will take the tomahawk fileupload tag as an example JSF tag. so in the JSP side it will look like



	
               value="#{bbaBean.theFile}" storage="file"
               styleClass="fileUploadInput"
               required="true">
        

               errorstyle="Color: red;">



                 action="#{bbaBean.uploadFile}" styleclass="linkbox">

And when the upload button is clicked the uploadFile method will be invoked in our backing bean. which will look like..

public String uploadFile throws IOException {

       FacesMessage messageErr =
               new FacesMessage(FacesMessage.SEVERITY_ERROR,
                     "ERROR : ",
                     "XML File you have uploaded is not compatible");

       FacesMessage messageSuc = new FacesMessage(
              "The XML File You have uploaded is successfully
                                           added to the Database");

       FacesContext fc = FacesContext.getCurrentInstance();

       try {
              //TODO: Transaction or logic....
               fc..addMessage("form1:fileupload", messageSuc);
       } catch(Exception e) {
               fc.addMessage("form1:fileupload", messageErr);
       }
}

Simply that is it. So when an exception occurs your JSP page shows the custom error message. One other thing is you can set the message type too. if its and error message as i have shown make it’s SEVERITY to ERROR. and add an error style class for the tag. so your error message will be shown different than the other messages..

so yeah enjoy..

Hello Java World

322px-java_logosvg.png

I think This is my 1st post on something related to java… Its not that I hated the language before, but I used rather C++ /.NET and PHP for my earlier work. With my Internship, it would be correct if i say that I said Hello World to the actual Java environment. Its true for my collage Assignments, that I have done some java work, but well it cannot be counted… Anyhow Its been almost 2 months, I am having hands on experience on Java programming or rather more in J2ME and j2EE.

With all the APIs and the systematic documentations of those APIs.. and also with plenty of online help..I must say my life was so easy past few weeks.

As a part of my work package I had to develop a tracking system based on GPS positioning. My self and two more guys work on the project and we developed a server and a mobile client for this task. (this is a small part of a European union project called s3ms). What I thought of writing here today… is about the nice Framework we used, to handle the database.

Hibernate01_oben_logo1.gif

Well it’s not something new, its been used in almost all the java projects carried out in my company… Hibernate is an Object to relational Mapping (ORM) system for java. Hibernate provides a framework which maps the object oriented model to a relational database. Some of the main benefits by using Hibernate is that it makes the application portable on any SQL database.

Hibernate keeps the details of the database in its configuration file hibernate.cfg.xml and by editing few fields in this xml file, makes it possible to transport the application from one database to another. Hibernate mapping is done via xml files which is named name.hbm.xml and in these files the mapping of Java data types to SQL data types are done. you can define the relationships of the tables also in these files using relationship tags. (<many-to-one>) .

I have found a good tutorial on Hibernate in Gary’s Blog.. if you are interested more, those tutorials will be a great help. I should also note that Hibernate provides tools (Hibernate tools) for Eclipse IDE as plugins to generate Java Classes and xml mapping files looking at the database tables.

The founders of Hibernate is also providing a similar framework which is very much the same in practice. Its called NHibernate and used in the .NET platform for database handling. Both the Frameworks are Licensed GPL and LGPL respectively.

So for the people who are like me who were doing the database handling in the usual and the traditional way… Hibernate will surely make your work much easer…