You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@xalan.apache.org by Larry Tan <lt...@standard.com> on 2000/10/31 20:59:02 UTC

Xalan-J 1.2 XSLTInputSource References Behind FireWall

Greetings,
 
I have apps that are protected resources in our extranet.  Upon initial
access, the server queries the user (ID & password) and authenticates that
user against the requested resource, and places session information in the
HTTP header.  Any subsequent resource (URL) access would be authenticated
via the header info; hence the user needn't re-authenticate for each
request.  
 
When I pass the URL of a (protected) stylesheet into XSLTInputSource, all is
well until the I attempt to reconcile my XML against the referenced
stylesheet, at which time I get an error to the effect of "stylesheet not
found."  Yet, when I remove the protection from the stylesheet, all is well.
What I observe leads me to believe that when the URL request is generated to
actually retrieve the XSLTInputSource object, it would appear "not found" if
the web server expects the incoming request to re-authenticate.  The only
reason the web server would want re-authentication is if the HTTP request
header info that was defined upon initial authentication, was somehow not
used.  Is Xalan or Xerces is not using the original HTTP header (which
contains current, authenticated session information)?  An obvious workaround
is to place the XSL files in an unprotected location, yet that would not
bode well with our security folks.  I'd appreciate any suggestions.  Thanks.
 
--------------------------------------------------------
Larry Tan <lt...@standard.com>
Advanced Technology Group
Standard Insurance Company
1100 SW 6th Ave
Portland, OR 97204-1093
Phone: 503.321.8019, Fax: 503.321.6313
--------------------------------------------------------

Help required in extracting the tag names from XML to put in data portion of HTML

Posted by Vasanth Kumar Kumarswamy <va...@wipro.com>.

Hi,

Subject : Help required in extracting the tag names from XML to put in data
portion of HTML

We are facing a problem in converting an XML document to HTML Document using
XSL style sheets.
We have converted it to HTML without column headings.
(It is required to extract the tag names(column-1, column-2, column-3)  into
<TH>column-1</TH>...
tags in the HTML output.

The sample XML will be as follows :

xml Structure :

<table_name>
   <Record>
       <column-1>Data1</column-1>
       <column-2>Data2</column-2>
       <column-3>Data3</column-3>
   </Record>
   . . .
  </table_name>

We require the HTML Layout as follows :

HTML Structure:

<HTML>
 <HEAD>
  table_name
 </HEAD>
  <BODY>
     <TABLE>
        <TH>column-1</TH>
        <TH>column-2</TH>
        <TH>column-3</TH>
        <TR>
            <TD>Data1</TD>
            <TD>Data2</TD>
            <TD>Data3</TD>
       </TR>
     </TABLE>
  </BODY>
</HTML>

We will be verymuch thankful if anyone provide us a solution.


Regards
Vasanth

Re: Xalan-J 1.2 XSLTInputSource References Behind FireWall

Posted by Gary L Peskin <ga...@firstech.com>.

Larry Tan wrote:
> 
> Greetings,
> 
> I have apps that are protected resources in our extranet.  Upon initial
> access, the server queries the user (ID & password) and authenticates that
> user against the requested resource, and places session information in the
> HTTP header.  Any subsequent resource (URL) access would be authenticated
> via the header info; hence the user needn't re-authenticate for each
> request.
> 
> When I pass the URL of a (protected) stylesheet into XSLTInputSource, all is
> well until the I attempt to reconcile my XML against the referenced
> stylesheet, at which time I get an error to the effect of "stylesheet not
> found."  Yet, when I remove the protection from the stylesheet, all is well.
> What I observe leads me to believe that when the URL request is generated to
> actually retrieve the XSLTInputSource object, it would appear "not found" if
> the web server expects the incoming request to re-authenticate.  The only
> reason the web server would want re-authentication is if the HTTP request
> header info that was defined upon initial authentication, was somehow not
> used.  Is Xalan or Xerces is not using the original HTTP header (which
> contains current, authenticated session information)?  An obvious workaround
> is to place the XSL files in an unprotected location, yet that would not
> bode well with our security folks.  I'd appreciate any suggestions.  Thanks.

Larry, it sounds like your apps are keeping this security information
somewhere and then supplying it in the HTTP header when you send a
request off to your server.  The Xalan XSLTInputSource just receives
your target URL.  Xalan doesn't know that you have this security
information off somewhere that it's supposed to add into the HTTP
header.  In fact, it doesn't really know anything about the HTTP stuff. 
It's just calling methods on the URLConnection, via Xerces, I believe.

If you want to supply HTTP header information on your HTTP header
requests, I think you should look at creating your own URLStreamHandler
that could create your own URLConnection subclass.  Alternatively, you
might want to look at http://www.innovation.ch/java/HTTPClient which
does a lot of this for you.

If I didn't understand your problem, please come back and let me know
where I went wrong.

Gary