You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by Himanshu Chhabra <hi...@patni.com> on 2001/12/26 11:07:49 UTC

false call

Hi !
Now, this problem is gruelling me.
The statement is thus :

I have a intranet site for our company. I have another intranet site which 
belongs to our client.
Now, we have a set of users which belong to the client network but still 
should be able to access our company site.
We can't open our intranet to the client intranet for that would open it to 
people outside the company.
Also, don't want to open any ports other than the default 80 for http.

One of the ways we have thought is to put up an application in the client 
network which will be the authenticated entry point.
This application will send SOAP messages to a service running on our 
intranet. This web-service would simulate a browser call and get the html 
which it would send back to the application. The application would then put 
it to the client browser.

Does this sound feasible ?

Please advise.

Also, do we have a configuration mechanism by which we can pass any request 
coming to the application server through a code piece which would be say 
responsible for security ?


--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>

Re: false call

Posted by Ted Husted <hu...@apache.org>.
Personally, I can envision an "wrapper" application running on your
client network that would make autenticated calls to your network and
relay the response. The wrapper application would consist entirely of
Actions that would capture the response from the SOAP exchange, write it
out as the response, and then return NULL to the controller. It may be
possible that it would be a single action configured through various
mappings. (Though, I can't help but think there might be simpler
solutions as well.)

For now, the best way to provide application-wide security is to
subclass ActionServlet, and scan the incoming requests at that level.
This ensures the request is authorized before it ever gets to an Action.


-- Ted Husted, Husted dot Com, Fairport NY USA.
-- "Building web applications with Struts."
-- Tel 585 737-3463.
-- http://www.husted.com/struts/



Himanshu Chhabra wrote:
> 
> Hi !
> Now, this problem is gruelling me.
> The statement is thus :
> 
> I have a intranet site for our company. I have another intranet site which
> belongs to our client.
> Now, we have a set of users which belong to the client network but still
> should be able to access our company site.
> We can't open our intranet to the client intranet for that would open it to
> people outside the company.
> Also, don't want to open any ports other than the default 80 for http.
> 
> One of the ways we have thought is to put up an application in the client
> network which will be the authenticated entry point.
> This application will send SOAP messages to a service running on our
> intranet. This web-service would simulate a browser call and get the html
> which it would send back to the application. The application would then put
> it to the client browser.
> 
> Does this sound feasible ?
> 
> Please advise.
> 
> Also, do we have a configuration mechanism by which we can pass any request
> coming to the application server through a code piece which would be say
> responsible for security ?
> 
> --
> To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
> For additional commands, e-mail: <ma...@jakarta.apache.org>

--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>