So, unless I misunderstood your problem, it sounds to me that there's a problem with your approach.
The HTML iframe tag takes a URL in its src attribute, much like an img tag. Your web browser then downloads the src of the iframe just as it would an image.
In other words, with iframes, images, external scripts and css - your web browser sends HTTP get requests on your behalf to download those resources. So, if the "public cannot see web apps" on your intranet, then they won't be able to see them with an iframe - because the user will be the one requesting the iframe's src, not the portal server.
To your question, there are various ways to tackle your problem, though there will be effort involved:
- move the desired secured intranet applications to the DMZ (probably security risks)
- write new portlets that access the same data/services as your internal apps (large development effort)
Thank you Andy for the response.
You are exactly correct in explaining my problem. I am trying to decide on what approach I should take to get my desired functionality. I also came up with the two ideas you mentioned. However, it would be a security risk moving our intranet apps into the DMZ - we may have to end up doing it this way, but we'll try not.
And I thought about somehow creating a portlet, problem is, each of our applications are independant and complex, so we couldn't possibly re-develop as a portlet.
If anyone has any other ideas/approaches, I would greatly appreciate it.