portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Glen Carl <g...@buonvia.com>
Subject Re: Iframe Portlet with Authentication for external website
Date Mon, 15 Sep 2003 17:20:51 GMT
The IframeProxyPortlet we created does exactly would you just described. You can 
get it at http://www.buonvia.com/jetspeed/ and unjar the jar file to get you 
started. It will also has an xslt feature.
Glen

Tim Reilly wrote:
> Sorry I must be tired I just realized you wanted iframe...
> in which case one approach is to start with what I sent, but make it a
> servlet that web proxies.
> You'll have to make the rewriter rewrite links, form actions, and other
> elements back to the servlet.
> Check out David's work with the rewriters for WebPagePortlet2.
> 
> The result of which might look something like:
>   was: href="http://xy.com/newpage.html"
>   becomes: href="myservlet?uri=http%3A%2F%2Fxy.com%2Fnewpage.html"
> 
> So in the end you would use the iframe portlet to point to your servlet that
> does the proxy-through.
> 
> Or you may consider a commercial product if you have budget;
> something like - WebSphere Transcoding Publisher
> I've not used it myself so I can't guess if it'll work for you.
> 
> 
>>-----Original Message-----
>>From: Tim Reilly [mailto:tim.reilly@consultant.com]
>>Sent: Saturday, September 13, 2003 12:02 AM
>>To: Jetspeed Developers List
>>Subject: RE: Iframe Portlet with Authentication for external website
>>
>>
>>I can share some code I was working on to integrate
>>commons-httpclient into
>>WebPagePortlet2. I'm still persuing this, but at this time I've changed my
>>scope to accomodate something similar for work. I'm currently working on a
>>service that exposes the httpclient functionality as a portlet service;
>>basically a very similar service exists in J2 (I thought, but
>>can't seem to
>>find it now) anyhow it doesn't use HttpClient... (additionally -
>>working on
>>a 'HttpClientProfile' and 'HttpClientProfileService'
>>'HttpClientProfileServiceImpl' to manage "Profiles" = certain
>>attributes of
>>httpclient.HostConfiguration, httpclient.HttpState, and HttpClient
>>attributes. (goal is to make these profiles sort of like Mozilla profiles,
>>but with an admin portlet to manage)
>>If your interested I could share some early work I've got, but here is
>>something less involved that may help you now.
>>
>>//I slapped this together so go easy and of course map this back
>>to portlet
>>methods
>>//I've been using the latest RC from Commons-HttpClient, possibly a full
>>release in Nov
>>//...
>>import java.io.IOException;
>>
>>import org.apache.commons.httpclient.Credentials;
>>import org.apache.commons.httpclient.HostConfiguration;
>>import org.apache.commons.httpclient.HttpClient;
>>import org.apache.commons.httpclient.HttpMethod;
>>import org.apache.commons.httpclient.HttpState;
>>import org.apache.commons.httpclient.URI;
>>import org.apache.commons.httpclient.UsernamePasswordCredentials;
>>import org.apache.commons.httpclient.methods.GetMethod;
>>
>>public class XSample {
>>    HttpClient client;
>>
>>    public void init(){
>>        client = new HttpClient();
>>    }
>>
>>    public byte[] getSiteContent(URI uri, Credentials creds)
>>        throws IOException{
>>        //May be able to move these to the init depending on your use
>>        HttpMethod method = new GetMethod();
>>        HostConfiguration config = new HostConfiguration();
>>        HttpState remoteSession = new HttpState();
>>
>>        config.setHost(uri);
>>        remoteSession.setCredentials(null, uri.getHost(), creds);
>>
>>            client.executeMethod(config, method, remoteSession);
>>        byte[] bytes = method.getResponseBodyAsString().getBytes();
>>        method.releaseConnection();
>>
>>        return bytes;
>>    }
>>
>>    public String getContent(URI uri, Credentials creds) throws
>>IOException{
>>      byte[] in = getSiteContent(uri, creds);
>>
>>    //...
>>    // you'll need pass 'in' through the rewriters just like
>>WebPagePortlet
>>    //...
>>
>>      return new String(in);
>>     }
>>
>>
>>    public static void main(String[] args) {
>>        try{
>>            URI uri = new URI("http://localhost/manager/html");
>>            Credentials creds =
>>                new UsernamePasswordCredentials("admin","secret");
>>            XSample foo = new XSample();
>>            foo.init();
>>            foo.getContent(uri, creds);
>>            System.out.print(foo.getContent(uri, creds));
>>        }catch(Exception e){
>>            e.printStackTrace();
>>        }
>>    }
>>}
>>
>>Best regards
>>
>>>-----Original Message-----
>>>From: Rajendra Kadam [mailto:rkadam@etouch.net]
>>>Sent: Friday, September 12, 2003 10:29 PM
>>>To: Jetspeed Developers List
>>>Subject: Re: Iframe Portlet with Authentication for external website
>>>
>>>
>>>Hi Tim,
>>>
>>>Thanks for your help.
>>>
>>>I want to access the web sites that are protected using
>>>"Basic" Authentication. And BasicAuthIFramePortlet does
>>>that one.
>>>
>>>But the PROBLEM as you said is that it exposes userid and
>>>password to everybody as all urls becomes
>>>http://userid:passwd@xy.com.
>>>
>>>Exposing userid/password is not at all acceptable solution
>>>for our requirement.
>>>
>>>Is there any other way we can access the websites that are
>>>protected using Basic Authentication ?
>>>
>>>I was trying to get the contents using following code
>>>snippet
>>>------------------------------------------------------
>>>public ConcreteElement getContent(RunData rundata)
>>>    {
>>> URL url = new URL("http://userid:passwd@web.net");
>>> URLConnection connection = url.openConnection();
>>> InputStream stream = connection.getInputStream();
>>> BufferedInputStream in = new BufferedInputStream(stream);
>>> int length = 0;
>>> byte[] buf = new byte[BUFFER_SIZE];
>>> ByteArrayOutputStream out = new ByteArrayOutputStream();
>>> while ((in != null) && ((length = in.read(buf)) != -1))
>>> {
>>>  // the data has already been read into buf
>>>  out.write(buf, 0, length);
>>> }
>>> content = out.toString();
>>> return new StringElement(content);
>>>}
>>>-----------------------------------------------------------
>>>
>>>But here I was getting Error as " HTTP response code: 401
>>>for URL: http://userid:passwd@web.net" How can I tackle it?
>>>
>>>Is above way is correct way of doing it ?
>>>Is there any secure way to access protected websites ?
>>>
>>>Please help me in finding the way to access websites that
>>>are protected using BASIC Authentication.
>>>
>>>Thanks for all your help.
>>>rajendra
>>>
>>>
>>>On Fri, 12 Sep 2003 01:00:19 -0400
>>> "Tim Reilly" <tim.reilly@consultant.com> wrote:
>>>
>>>>I'll try to share my understanding of the 3 general
>>>>methods available to
>>>>bring remote website content into the portal (pertaining
>>>>to straight http
>>>>request/response) There are many other ways such as WSRP,
>>>>etc, but that's
>>>>not related to your question I don't think:
>>>>
>>>>** Client/Browser technology:
>>>>The BasicAuthIFramePortlet falls into this category. This
>>>>sounds closest to
>>>>what you are looking for, I think.
>>>>The iframe portlet generates the markup for creating the
>>>>iframe html tag
>>>>within the portlet window.
>>>>
>>>>Frames, and iframes (and ilayer for earlier Netscape) can
>>>>be thought of as
>>>>chromeless browser windows embedded in the window.document
>>>>of a parent
>>>>window. So anything you could do within a html
>>>>frame/frameset as far as
>>>>single sign-on is possible.
>>>>
>>>>Two possible methods are:
>>>>1) the initial url parameter to the iframe is a url to a
>>>>document that you
>>>>create - use javascript in the document to post a login
>>>>form to the target
>>>>website's login action url. An example page might look
>>>>like:
>>>><html>
>>>>  <head>
>>>>     <title>Self posting page</title>
>>>>  </head>
>>>>  <body onload="document.forms[0].submit()">
>>>>	<form
>>>>action="https://www.myformsecuredsite.org/loginProcess.do"
>>>>method="post">
>>>>		<input type="hidden" name="username"
>>>>value="yourusername">
>>>>		<input type="hidden" name="password" value="secret">
>>>>     </form>
>>>>  </body>
>>>></html>
>>>>The page loads, the form posts to the target site, and as
>>>>long as the target
>>>>is not checking the http-referer or some other method to
>>>>prevent folks from
>>>>doing this... then the iframe (as a normal browser window
>>>>would)
>>>>communicates directly with the site.
>>>>2) If basic authentication is involved then you can login
>>>>to a basic auth
>>>>protect site using a url in the form of:
>>>>https://username:password@www.somebasicsite.org/thepath/
>>>>This how the
>>>>http://cvs.apache.org/viewcvs/jakarta-jetspeed/src/java/org/apach
>>>
>>>e/jetspeed/
>>>
>>>>portal/portlets/BASICAuthIFramePortlet.java?rev=1.2&content-type=
>>>
>>>text/vnd.vi
>>>
>>>>ewcvs-markup works.
>>>>
>>>>There are security considerations involved here because
>>>>you are sending the
>>>>credentials over the network to the client (browser) to
>>>>use so keep your
>>>>security requirements in mind if you use one these (at a
>>>>minimum ssl enable
>>>>your portal. And realize viewing the page source will
>>>>expose the
>>>>credentials.)
>>>>There are also the usability issues that goes along with
>>>>frames and
>>>>framesets. Here I'm thinking of how users complain about
>>>>hitting the refresh
>>>>button in a frame based page and not understanding why it
>>>>reloaded to the
>>>>initial state. The same applies within the portal.
>>>>
>>>>** Server "one-off"
>>>>The WebPagePortlet falls into this category (IMHO). This
>>>>is great for
>>>>retrieving a single page of a remote website and bringing
>>>>that page or page
>>>>fragment into the portal. (The new WebClipper portlet is
>>>>also great for
>>>>getting part of a page) The portlet performs the task of
>>>>the client/browser
>>>
>>>>from the portal server. A url connection is used to
>>>
>>>>request the page. The
>>>>response to that request is added into the portal page
>>>>(after parsing and
>>>>rewriting  certain elements of the response such as urls)
>>>>Some manipulation
>>>>of the page is required to preserve links, images, etc.
>>>>Cross domain
>>>>security might be an issue - for say cookies, scripts,
>>>>objects, applets.
>>>>When the user clicks a link or submits a form the portal's
>>>>window will
>>>>either be cannibalized, or you can specify that the
>>>>portlet should rewrite
>>>>the link target so a new window is targeted.
>>>>
>>>>** Server proxy-through
>>>>This is part of what WebPagePortlet2 aims to achieve (not
>>>>yet complete last
>>>>I left off). The Safeweb free privacy service/site closed
>>>>sometime in 2001
>>>>but if you ever used it - its exactly the http
>>>>proxy-through that would be
>>>>needed IMO to present an entire remote site within the
>>>>portal if iframes are
>>>>not in the picture. (If you're not familiar -
>>>>http://www.pcworld.com/news/article/0,aid,75063,00.asp
>>>>basically it was a
>>>>http proxy web based front-end. The upper frame of the
>>>>site was like a
>>>>browser address bar, the bottom frame was the 'browser'
>>>>document window)
>>>>
>>>>** 2 Top of my head other options:
>>>>These require the target site to make the services
>>>>available.
>>>>WSRP
>>>>Cocoon has a web service proxy component
>>>>
>>>>I hope you find this helpful.
>>>>
>>>>
>>>>>-----Original Message-----
>>>>>From: Rajendra Kadam [mailto:rkadam@etouch.net]
>>>>>Sent: Thursday, September 11, 2003 9:14 PM
>>>>>To: jetspeed-dev@jakarta.apache.org
>>>>>Subject: Iframe Portlet with Authentication for external
>>>>
>>>>website
>>>>
>>>>>
>>>>>Hi all,
>>>>>
>>>>>This is in reference to post "Iframe Portlet with
>>>>
>>>>Parameter
>>>>
>>>>>Passing" that was posted by "Dan Elder" on this mailing
>>>>>list in month of Jun 2003.
>>>>>
>>>>>In that, Dan Elder has mentions  IFrame Portlet
>>>>
>>>>(extended
>>>>
>>>>>to original one ) which can pass userid and password (
>>>>
>>>>the
>>>>
>>>>>one used to log into Jetspeed Portal ) to websites that
>>>>>require Authentication so that it will provide seamless
>>>>>access to protected websites too.
>>>>>
>>>>>Does anybody has used that Portlet to access password
>>>>>protected websites ?
>>>>>
>>>>>Also want to know does it makes "Basic Authentication"
>>>>
>>>>as
>>>>
>>>>>well as "Form Based Authentication" ?
>>>>>
>>>>>Dan, do you have any examples that will help in
>>>>>understanding how protected websites can be accessed ?
>>>>>
>>>>>Thanks,
>>>>>rajendra
>>>>>
>>>>>
>>>>
>>>>---------------------------------------------------------------------
>>>>
>>>>>To unsubscribe, e-mail:
>>>>
>>>>jetspeed-dev-unsubscribe@jakarta.apache.org
>>>>
>>>>>For additional commands, e-mail:
>>>>
>>>>jetspeed-dev-help@jakarta.apache.org
>>>>
>>>>>
>>>>
>>>>---------------------------------------------------------------------
>>>>To unsubscribe, e-mail:
>>>>jetspeed-dev-unsubscribe@jakarta.apache.org
>>>>For additional commands, e-mail:
>>>>jetspeed-dev-help@jakarta.apache.org
>>>>
>>>
>>>
>>>---------------------------------------------------------------------
>>>To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
>>>For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org
>>>
>>>
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
>>For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org
>>
>>
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org
> 
> 


Mime
View raw message