How can I embed an html page into a jsp whilst avoiding repeated logins yet hosting the html separately to the web app?
I have a tomcat hosted web-app, in one of the jsp pages the webapp displays I am using an iframe to embed an html document.
I need to have the html pages separate to the web-app so that they can be altered without requiring a relaunch of the original web-app or access by editors to the web-app.
It is also essential that html pages are secure and not available directly in any way, i.e. only available within this web-app or by authenticating the user. I also want to avoid making the user login to both the web-app and the page in the iframe.
I am not sure how to approach this, I have an apache server, php, and of course tomcat at my disposal.
I c开发者_开发技巧an think of two approaches but am not sure how to implement either:
- I pass through the authentication details from the jsp page and store all the usernames etc elsewhere for the .htaccess file to check against (not ideal as this means the upkeep of two username / password files)
- I somehow enforce that these pages can only be accessed when they are being shown within this iframe i.e. use the web-app as an authenticator and hold the web pages to be only accessible via it.
Presently I can only think of a rather clunky, double log-in way, using .htaccess on an apache server which will require the user to enter a username and password again before viewing the documents.
Can anyone think of a more elegant solution?
Thanks!
CJ
Easiest approach would be to not serve the HTML pages by a public webserver, but just host them in some fixed path outside the public webcontent. Then you can create an servlet which gets an InputStream
of the HTML file by FileInputStream
and writes it to the OutputStream
of the servlet response as obtained by HttpServletResponse#getOutputStream()
the usual Java IO way.
Then, in your JSP just change the <iframe>
src to point to that servlet instead, along with the desired HTML file as request parameter or pathinfo.
<iframe src="htmlservlet/file.html" />
This way you can control the authentication at one place, the JSP/Servlet webapp.
精彩评论