Glen
Tim Reilly wrote:
Sorry I must be tired I just realized you wanted iframe... in which case one approach is to start with what I sent, but make it a servlet that web proxies. You'll have to make the rewriter rewrite links, form actions, and other elements back to the servlet. Check out David's work with the rewriters for WebPagePortlet2.
The result of which might look something like: was: href="http://xy.com/newpage.html"; becomes: href="myservlet?uri=http%3A%2F%2Fxy.com%2Fnewpage.html"
So in the end you would use the iframe portlet to point to your servlet that does the proxy-through.
Or you may consider a commercial product if you have budget; something like - WebSphere Transcoding Publisher I've not used it myself so I can't guess if it'll work for you.
-----Original Message----- From: Tim Reilly [mailto:[EMAIL PROTECTED] Sent: Saturday, September 13, 2003 12:02 AM To: Jetspeed Developers List Subject: RE: Iframe Portlet with Authentication for external website
I can share some code I was working on to integrate commons-httpclient into WebPagePortlet2. I'm still persuing this, but at this time I've changed my scope to accomodate something similar for work. I'm currently working on a service that exposes the httpclient functionality as a portlet service; basically a very similar service exists in J2 (I thought, but can't seem to find it now) anyhow it doesn't use HttpClient... (additionally - working on a 'HttpClientProfile' and 'HttpClientProfileService' 'HttpClientProfileServiceImpl' to manage "Profiles" = certain attributes of httpclient.HostConfiguration, httpclient.HttpState, and HttpClient attributes. (goal is to make these profiles sort of like Mozilla profiles, but with an admin portlet to manage) If your interested I could share some early work I've got, but here is something less involved that may help you now.
//I slapped this together so go easy and of course map this back to portlet methods //I've been using the latest RC from Commons-HttpClient, possibly a full release in Nov //... import java.io.IOException;
import org.apache.commons.httpclient.Credentials; import org.apache.commons.httpclient.HostConfiguration; import org.apache.commons.httpclient.HttpClient; import org.apache.commons.httpclient.HttpMethod; import org.apache.commons.httpclient.HttpState; import org.apache.commons.httpclient.URI; import org.apache.commons.httpclient.UsernamePasswordCredentials; import org.apache.commons.httpclient.methods.GetMethod;
public class XSample { HttpClient client;
public void init(){ client = new HttpClient(); }
public byte[] getSiteContent(URI uri, Credentials creds) throws IOException{ //May be able to move these to the init depending on your use HttpMethod method = new GetMethod(); HostConfiguration config = new HostConfiguration(); HttpState remoteSession = new HttpState();
config.setHost(uri); remoteSession.setCredentials(null, uri.getHost(), creds);
client.executeMethod(config, method, remoteSession); byte[] bytes = method.getResponseBodyAsString().getBytes(); method.releaseConnection();
return bytes; }
public String getContent(URI uri, Credentials creds) throws IOException{ byte[] in = getSiteContent(uri, creds);
//... // you'll need pass 'in' through the rewriters just like WebPagePortlet //...
return new String(in); }
public static void main(String[] args) { try{ URI uri = new URI("http://localhost/manager/html";); Credentials creds = new UsernamePasswordCredentials("admin","secret"); XSample foo = new XSample(); foo.init(); foo.getContent(uri, creds); System.out.print(foo.getContent(uri, creds)); }catch(Exception e){ e.printStackTrace(); } } }
Best regards
-----Original Message----- From: Rajendra Kadam [mailto:[EMAIL PROTECTED] Sent: Friday, September 12, 2003 10:29 PM To: Jetspeed Developers List Subject: Re: Iframe Portlet with Authentication for external website
Hi Tim,
Thanks for your help.
I want to access the web sites that are protected using "Basic" Authentication. And BasicAuthIFramePortlet does that one.
But the PROBLEM as you said is that it exposes userid and password to everybody as all urls becomes http://userid:[EMAIL PROTECTED]
Exposing userid/password is not at all acceptable solution for our requirement.
Is there any other way we can access the websites that are protected using Basic Authentication ?
I was trying to get the contents using following code snippet ------------------------------------------------------ public ConcreteElement getContent(RunData rundata) { URL url = new URL("http://userid:[EMAIL PROTECTED]"); URLConnection connection = url.openConnection(); InputStream stream = connection.getInputStream(); BufferedInputStream in = new BufferedInputStream(stream); int length = 0; byte[] buf = new byte[BUFFER_SIZE]; ByteArrayOutputStream out = new ByteArrayOutputStream(); while ((in != null) && ((length = in.read(buf)) != -1)) { // the data has already been read into buf out.write(buf, 0, length); } content = out.toString(); return new StringElement(content); } -----------------------------------------------------------
But here I was getting Error as " HTTP response code: 401 for URL: http://userid:[EMAIL PROTECTED]" How can I tackle it?
Is above way is correct way of doing it ? Is there any secure way to access protected websites ?
Please help me in finding the way to access websites that are protected using BASIC Authentication.
Thanks for all your help. rajendra
On Fri, 12 Sep 2003 01:00:19 -0400 "Tim Reilly" <[EMAIL PROTECTED]> wrote:
I'll try to share my understanding of the 3 general methods available to bring remote website content into the portal (pertaining to straight http request/response) There are many other ways such as WSRP, etc, but that's not related to your question I don't think:
** Client/Browser technology: The BasicAuthIFramePortlet falls into this category. This sounds closest to what you are looking for, I think. The iframe portlet generates the markup for creating the iframe html tag within the portlet window.
Frames, and iframes (and ilayer for earlier Netscape) can be thought of as chromeless browser windows embedded in the window.document of a parent window. So anything you could do within a html frame/frameset as far as single sign-on is possible.
Two possible methods are: 1) the initial url parameter to the iframe is a url to a document that you create - use javascript in the document to post a login form to the target website's login action url. An example page might look like: <html> <head> <title>Self posting page</title> </head> <body onload="document.forms[0].submit()"> <form action="https://www.myformsecuredsite.org/loginProcess.do"; method="post"> <input type="hidden" name="username" value="yourusername"> <input type="hidden" name="password" value="secret"> </form> </body> </html> The page loads, the form posts to the target site, and as long as the target is not checking the http-referer or some other method to prevent folks from doing this... then the iframe (as a normal browser window would) communicates directly with the site. 2) If basic authentication is involved then you can login to a basic auth protect site using a url in the form of: https://username:[EMAIL PROTECTED]/thepath/ This how the http://cvs.apache.org/viewcvs/jakarta-jetspeed/src/java/org/apach
e/jetspeed/
portal/portlets/BASICAuthIFramePortlet.java?rev=1.2&content-type=
text/vnd.vi
ewcvs-markup works.
There are security considerations involved here because you are sending the credentials over the network to the client (browser) to use so keep your security requirements in mind if you use one these (at a minimum ssl enable your portal. And realize viewing the page source will expose the credentials.) There are also the usability issues that goes along with frames and framesets. Here I'm thinking of how users complain about hitting the refresh button in a frame based page and not understanding why it reloaded to the initial state. The same applies within the portal.
** Server "one-off" The WebPagePortlet falls into this category (IMHO). This is great for retrieving a single page of a remote website and bringing that page or page fragment into the portal. (The new WebClipper portlet is also great for getting part of a page) The portlet performs the task of the client/browser
from the portal server. A url connection is used to
request the page. The response to that request is added into the portal page (after parsing and rewriting certain elements of the response such as urls) Some manipulation of the page is required to preserve links, images, etc. Cross domain security might be an issue - for say cookies, scripts, objects, applets. When the user clicks a link or submits a form the portal's window will either be cannibalized, or you can specify that the portlet should rewrite the link target so a new window is targeted.
** Server proxy-through This is part of what WebPagePortlet2 aims to achieve (not yet complete last I left off). The Safeweb free privacy service/site closed sometime in 2001 but if you ever used it - its exactly the http proxy-through that would be needed IMO to present an entire remote site within the portal if iframes are not in the picture. (If you're not familiar - http://www.pcworld.com/news/article/0,aid,75063,00.asp basically it was a http proxy web based front-end. The upper frame of the site was like a browser address bar, the bottom frame was the 'browser' document window)
** 2 Top of my head other options: These require the target site to make the services available. WSRP Cocoon has a web service proxy component
I hope you find this helpful.
-----Original Message----- From: Rajendra Kadam [mailto:[EMAIL PROTECTED] Sent: Thursday, September 11, 2003 9:14 PM To: [EMAIL PROTECTED] Subject: Iframe Portlet with Authentication for external
website
Hi all,
This is in reference to post "Iframe Portlet with
Parameter
Passing" that was posted by "Dan Elder" on this mailing list in month of Jun 2003.
In that, Dan Elder has mentions IFrame Portlet
(extended
to original one ) which can pass userid and password (
the
one used to log into Jetspeed Portal ) to websites that require Authentication so that it will provide seamless access to protected websites too.
Does anybody has used that Portlet to access password protected websites ?
Also want to know does it makes "Basic Authentication"
as
well as "Form Based Authentication" ?
Dan, do you have any examples that will help in understanding how protected websites can be accessed ?
Thanks, rajendra
---------------------------------------------------------------------
To unsubscribe, e-mail:
[EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
