Use the AJAX proxy in portlets
One way to create proxy URLs in a portlet is to register the AJAX proxy servlet in the web.xml file of the portlet. The base proxy URL is created using the portlet API. We append the target URL. The class name of the proxy servlet is...
com.ibm.wps.proxy.servlet.ProxyServlet
To have the proxy access resources that require authentication, specify a second servlet mapping associated with a security constraint. In the sample, only authenticated users can access proxy URLs that match the URL pattern...
/myproxy/*
Associate user roles set in web.xml with portal server user roles by creating the corresponding role mappings for the application in the WAS console.
Sample web.xml file
<?xml version="1.0" encoding="UTF-8"?> <web-app xmlns="http://java.sun.com/xml/ns/j2ee" ...> ... <servlet> <servlet-name>ProxyServlet</servlet-name> <servlet-class>com.ibm.wps.proxy.servlet.ProxyServlet</servlet-class> </servlet> ... <servlet-mapping> <servlet-name>ProxyServlet</servlet-name> <url-pattern>/proxy/*</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>ProxyServlet</servlet-name> <url-pattern>/myproxy/*</url-pattern> </servlet-mapping> ... <security-constraint id="SecurityConstraint_1"> <web-resource-collection id="WebResourceCollection_1"> <web-resource-name/> <url-pattern>/myproxy/*</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> <http-method>PUT</http-method> <http-method>HEAD</http-method> </web-resource-collection> <auth-constraint id="AuthConstraint_1"> <description>only for authenticated</description> <role-name>All Role</role-name> </auth-constraint> </security-constraint> ... <security-role id="SecurityRole_1"> <description>Everyone</description> <role-name>Everyone Role</role-name> </security-role> <security-role id="SecurityRole_2"> <description>All authenticated users</description> <role-name>All Role</role-name> </security-role> </web-app>Registering the proxy servlet in the Web deployment descriptor of a portlet does not imply the portlet is based on an application specific configuration. If no proxy-config.xml file is provided with the portlet, the proxy servlet uses the global proxy configuration instead. The only constraint that we need to consider is that for each servlet mapping, a corresponding context path mapping must exist in the proxy configuration. This can be either in the global or in the application specific configuration.