2 Replies Latest reply on Jan 29, 2009 2:15 AM by dleerob

    IFrame cannot redirect to secure Intranet



      We have JBoss Portal sitting on our web server which sits inside our DMZ (outside our company intranet). This web server has secure access to our company Intranet, where other servers sit, such as our LDAP server etc.

      We use IFrames in our Portal, to display other web applications. Problem being, if the IFrame points to a web application sitting on our intranet, it wont have access and cant view the web app, as the IFrame merely redirects the browser to the URL (public cannot see web apps on our intranet).

      Does anyone know of a way to get our web applications which sit on our secure intranet, to be displayed on our public web server through JBoss Portal?

      Many thanks.

        • 1. Re: IFrame cannot redirect to secure Intranet

          So, unless I misunderstood your problem, it sounds to me that there's a problem with your approach.

          The HTML iframe tag takes a URL in its src attribute, much like an img tag. Your web browser then downloads the src of the iframe just as it would an image.

          In other words, with iframes, images, external scripts and css - your web browser sends HTTP get requests on your behalf to download those resources. So, if the "public cannot see web apps" on your intranet, then they won't be able to see them with an iframe - because the user will be the one requesting the iframe's src, not the portal server.

          To your question, there are various ways to tackle your problem, though there will be effort involved:
          - move the desired secured intranet applications to the DMZ (probably security risks)
          - write new portlets that access the same data/services as your internal apps (large development effort)

          Good luck,

          • 2. Re: IFrame cannot redirect to secure Intranet

            Thank you Andy for the response.
            You are exactly correct in explaining my problem. I am trying to decide on what approach I should take to get my desired functionality. I also came up with the two ideas you mentioned. However, it would be a security risk moving our intranet apps into the DMZ - we may have to end up doing it this way, but we'll try not.
            And I thought about somehow creating a portlet, problem is, each of our applications are independant and complex, so we couldn't possibly re-develop as a portlet.

            If anyone has any other ideas/approaches, I would greatly appreciate it.

            Thanks again.