1. package net.jforum.sso;   
2.   
3. import javax.servlet.http.Cookie;   
4.   
5. import net.jforum.ControllerUtils;   
6. import net.jforum.context.RequestContext;   
7. import net.jforum.entities.UserSession;   
8. import net.jforum.util.preferences.ConfigKeys;   
9. import net.jforum.util.preferences.SystemGlobals;   
10.   
11. import org.apache.log4j.Logger;   
12.   
13. /**
14. * jforum 与 web 项目整合的的处理类
15. * @author Rafael Steil
16. * @version $Id: $
17. */  
18. public class CookieUserSSO implements SSO{   
19.     static final Logger logger = Logger.getLogger(CookieUserSSO.class.getName());   
20.        
21.     public String authenticateUser(RequestContext request) {   
22.         // login cookie set by my web LOGIN application   
23. //       Cookie cookieNameUser = ControllerUtils.getCookie(SystemGlobals.getValue(ConfigKeys.COOKIE_NAME_USER));//这种写法会获取null，不解啊   
24.          Cookie cookieNameUser = ControllerUtils.getCookie("jforumSSOCookieNameUser");   
25.          String username = null;   
26.   
27.         if (cookieNameUser != null) {   
28.          username = cookieNameUser.getValue();   
29.          }   
30.          System.out.println(cookieNameUser+" ======== "+username+" ==========");   
31.         return username; // return username for jforum   
32.         // jforum will use this name to regist database or set in HttpSession   
33.   
34.      }   
35.   
36.     public boolean isSessionValid(UserSession userSession,   
37.              RequestContext request) {   
38.          Cookie cookieNameUser = ControllerUtils.getCookie(SystemGlobals   
39.                  .getValue(ConfigKeys.COOKIE_NAME_USER)); // user cookie   
40.                  String remoteUser = null;   
41.   
42.                 if (cookieNameUser != null) {   
43.                  remoteUser = cookieNameUser.getValue(); // jforum username   
44.                  }   
45.   
46.                 if (remoteUser == null  
47.                  && userSession.getUserId() != SystemGlobals   
48.                  .getIntValue(ConfigKeys.ANONYMOUS_USER_ID)) {   
49.                 // user has since logged out   
50.                 return false;   
51.                  } else if (remoteUser != null  
52.                  && userSession.getUserId() == SystemGlobals   
53.                  .getIntValue(ConfigKeys.ANONYMOUS_USER_ID)) {   
54.                 // anonymous user has logged in   
55.                 return false;   
56.                  } else if (remoteUser != null  
57.                  && !remoteUser.equals(userSession.getUsername())) {   
58.                 // not the same user (cookie and session)   
59.                 return false;   
60.                  }   
61.                 return true; // myapp user and forum user the same. valid user.   
62.   
63.      }   
64.   
65. }  

package net.jforum.sso;

import javax.servlet.http.Cookie;

import net.jforum.ControllerUtils;
import net.jforum.context.RequestContext;
import net.jforum.entities.UserSession;
import net.jforum.util.preferences.ConfigKeys;
import net.jforum.util.preferences.SystemGlobals;

import org.apache.log4j.Logger;

/**
 * jforum 与 web 项目整合的的处理类
 * @author Rafael Steil
 * @version $Id: $
 */
public class CookieUserSSO implements SSO{
 static final Logger logger = Logger.getLogger(CookieUserSSO.class.getName());
 
 public String authenticateUser(RequestContext request) {
  // login cookie set by my web LOGIN application
//  Cookie cookieNameUser = ControllerUtils.getCookie(SystemGlobals.getValue(ConfigKeys.COOKIE_NAME_USER));//这种写法会获取null，不解啊
  Cookie cookieNameUser = ControllerUtils.getCookie("jforumSSOCookieNameUser");
  String username = null;

  if (cookieNameUser != null) {
  username = cookieNameUser.getValue();
  }
  System.out.println(cookieNameUser+" ======== "+username+" ==========");
  return username; // return username for jforum
  // jforum will use this name to regist database or set in HttpSession

 }

 public boolean isSessionValid(UserSession userSession,
   RequestContext request) {
  Cookie cookieNameUser = ControllerUtils.getCookie(SystemGlobals
    .getValue(ConfigKeys.COOKIE_NAME_USER)); // user cookie
    String remoteUser = null;

    if (cookieNameUser != null) {
    remoteUser = cookieNameUser.getValue(); // jforum username
    }

    if (remoteUser == null
    && userSession.getUserId() != SystemGlobals
    .getIntValue(ConfigKeys.ANONYMOUS_USER_ID)) {
    // user has since logged out
    return false;
    } else if (remoteUser != null
    && userSession.getUserId() == SystemGlobals
    .getIntValue(ConfigKeys.ANONYMOUS_USER_ID)) {
    // anonymous user has logged in
    return false;
    } else if (remoteUser != null
    && !remoteUser.equals(userSession.getUsername())) {
    // not the same user (cookie and session)
    return false;
    }
    return true; // myapp user and forum user the same. valid user.

 }

}

修改systemglobals.properties文件中的SSO片段

#############################
# SSO / User authentication
#############################
# Auhentication type: use one of the following options
#
# sso: SSO based authentication. The called class will be the one
# specified by the key "sso.implementation", whic must be an implementation
#  of net.jforum.sso.SSO
#
# default: Non-SSO authentication, which relies on the key 
# "login.authenticator" to validate users. For more information, please see
# net.jforum.sso.LoginAuthenticator and the default implementation.

#authentication.type = default
authentication.type = sso

# The above key will be used when "authentication.type" is set to "default"
# Can be any implementation of net.jforum.sso.LoginAuthenticator
#
# For LDAP authentication, set the value to net.jforum.sso.LDAPAuthenticator. Also,
# see the LDAP section below
login.authenticator = net.jforum.sso.DefaultLoginAuthenticator

# When using authentication.type = default, you may choose to disable
# the automatic login feature, which will prevents users to get 
# automatic logged in when they come back to the forum
auto.login.enabled = true

# The above key will be be used then "authentication.type" is set to "sso"
# The default implementation (used here) only checks if request.getRemoteUser()
# is not null. This may be enough for many situations.

#sso.implementation = net.jforum.sso.RemoteUserSSO
sso.implementation = net.jforum.sso.CookieUserSSO
#cookie.name.user = jforumSSOCookieNameUser这里不需要重写cookie.name.user了，因为在下面还有一个这个属性，直接修改就可以了

# Special attributes used when creating a new user
# Only if auhentication.type = sso
# The attribute name to search in the session for the password.
sso.password.attribute = password

# Same as above
sso.email.attribute = email

# The default email to use if sso.email.attribute is empty
sso.default.email = sso@user

# The default password to use if sso.password.attribute is empty
sso.default.password = sso 

# Optional redirect for SSO
#
# If a value is set, the user will be redirected to the defined
# URL, using the following logic:
#
# ${sso.redirect}?returnUrl=${forum.link} + 
#
# The value MUST start with the protocol (http:// or https://)
#
sso.redirect = http://localhost:8082/jforum

然后，在web项目的登陆处理中加入cookie的设置

//与jforum整合代码，设置cookic
   Cookie cookie = new Cookie("jforumSSOCookieNameUser", username);
      cookie.setMaxAge(-1);
      cookie.setPath("/");
      response.addCookie(cookie);

退出处理类中，加入

Cookie cookie = new Cookie("jforumSSOCookieNameUser", "");
     cookie.setMaxAge(0); // delete the cookie.
     cookie.setPath("/");
     response.addCookie(cookie);