tags:

views:

16

answers:

1
Q: 

How can I embed an html page into a jsp whilst avoiding repeated logins yet hosting the html separately to the web app?

I have a tomcat hosted web-app, in one of the jsp pages the webapp displays I am using an iframe to embed an html document.

I need to have the html pages separate to the web-app so that they can be altered without requiring a relaunch of the original web-app or access by editors to the web-app.

It is also essential that html pages are secure and not available directly in any way, i.e. only available within this web-app or by authenticating the user. I also want to avoid making the user login to both the web-app and the page in the iframe.

I am not sure how to approach this, I have an apache server, php, and of course tomcat at my disposal.

I can think of two approaches but am not sure how to implement either:

  1. I pass through the authentication details from the jsp page and store all the usernames etc elsewhere for the .htaccess file to check against (not ideal as this means the upkeep of two username / password files)
  2. I somehow enforce that these pages can only be accessed when they are being shown within this iframe i.e. use the web-app as an authenticator and hold the web pages to be only accessible via it.

Presently I can only think of a rather clunky, double log-in way, using .htaccess on an apache server which will require the user to enter a username and password again before viewing the documents.

Can anyone think of a more elegant solution?

Thanks!

CJ

+1  A: 

Easiest approach would be to not serve the HTML pages by a public webserver, but just host them in some fixed path outside the public webcontent. Then you can create an servlet which gets an InputStream of the HTML file by FileInputStream and writes it to the OutputStream of the servlet response as obtained by HttpServletResponse#getOutputStream() the usual Java IO way.

Then, in your JSP just change the <iframe> src to point to that servlet instead, along with the desired HTML file as request parameter or pathinfo.

<iframe src="htmlservlet/file.html" />

This way you can control the authentication at one place, the JSP/Servlet webapp.

BalusC  2010-08-16 20:55:05
Hi Balus,Thanks for this - it's the solution I will follow I think :) I'm not marking this as 'answered' as it doesn't directly answer the question itself.It is however a great workaround - so thank you!CJ
CJ  2010-08-18 16:51:28
I don't see any elegant solutions :)
BalusC  2010-08-18 16:56:20

related questions

How do I add a MIME type to .htaccess?
Difference between the Apache HTTP Server and Apache Tomcat?
How do I support SSL Client Certificate authentication?
Why can't I connect to my CAS server with Perl's AuthCAS?
Cleanest & Fastest server setup for Django
Installing Apache Web Server on 64 Bit Mac
Running Apache alongside another web server?
Algorithm behind MD5Crypt
Can you compile Apache HTTP Server and redeploy its binaries to a different location ?
mod_rewrite rule to redirect all requests except for one specific path
How do I create a self signed SSL certificate to use while testing a web app.
Software for Webserver Log Analysis?
What is the difference between an endpoint, a service, and a port when working with webservices?
What are the proper permissions for an upload folder with PHP/Apache?
mod_rewrite to alias one file suffix type to another
How do you redirect HTTPS to HTTP?
Using mod_rewrite to Mimic SSL Virtual Hosts?
User authentication on Resin webserver
How do you set up Python scripts to work in Apache 2.0?
Block user access to internals of a site using HTTP_REFERER
.htaccess directives to *not* redirect certain URLs
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP