OpenAjax security and remote web content rendering with WSRP and the Web Content Viewer
The Enabler from the Mashups 3.0.0.1 component that is included in IBM® WebSphere® Portal as a theme module implements some features that are specified by the OpenAjax Alliance. One of them is a generic override for Dojo XMLHttpRequests
It adds the following extra HTTP request headers:
- com.ibm.lotus.openajax.virtualhost
- This header specifies the virtual host name that the portal uses to create absolute URLs.
- com.ibm.lotus.openajax.virtualport
- This header specifies the virtual host port that the portal uses to create absolute URLs.
If
you experience issues when you configure the consumed Web Content
Viewer portlet as described earlier, you can choose one of the following
options:
- As the Enabler component implements the override for Dojo XMLHttpRequests, check whether your portal really requires that component. If you find that you do not need any Enabler functions on your web content delivery portal, you can change your theme and theme modules to prevent the mm_enabler theme module from being loaded. For more information, read The module framework.
- Configure the WSRP resource proxy of the WSRP Consumer to prevent it from forwarding the com.ibm.lotus.openajax.virtualhost and com.ibm.lotus.openajax.virtualport HTTP headers that are set by the Enabler component. If the headers are not present in the Dojo XMLHttpRequests, the WSRP resource proxy addresses the remote web content portal correctly. For more information, read Customizing the WSRP resource proxy HTTP header forwarding behavior.