Well, currently I’m working on my project filesio, a platform for distributing large files via web interface instead of FTP.

One of the core abilities of my application is to provide widgets for third-party sites, allowing my users to include download-links to their files in their own web pages. These widgets are simple iframes that load content from my domain.

However, when implementing my app I struggled with the problem that Microsoft Internet Explorer per default blocks cookies set from within an iframe (of course, all other browsers don’t do this).

Lucklily, I found a really ..hm…interesting solution for this problem:

You can make IE trust your page by setting a special HTTP header. Well, the funny thing is: everyone can to this without any autorization, so what did the guys of Microsoft think when elaborating this “security feature”??

Nevertheless, you can read about the rescuing p3p HTTP header here and there.

I adopted the solution to JSF with Seam and implemented a custom filter that simply adds the mentioned header to every HTTPServletResponse. The code is as follows:

  1. public class  ResponseFilter extends AbstractFilter {
  3.     @Override
  4.        public void doFilter(final ServletRequest request, final ServletResponse response,
  5.                final FilterChain chain) throws IOException, ServletException {
  7.             HttpServletResponse resp = (HttpServletResponse) response;
  9.             //add the mysterious header
  10.             resp.addHeader(“p3p”,“CP=\”IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\”);
  12.             chain.doFilter(request, resp);
  13.     }
  16. }

Finally, you can activate this filter either by using the @Filter annotation of Seam or in your web.xml. I preferred the second way, because this allows to apply the filter only on these views that actually need to return the header. In my case, this was my widget called widget.seam.

  1. <filter>
  2.         <filter-name>P3P Response Filter</filter-name>
  3.         <filter-class>de.jw.filesio.webapp.filters.ResponseFilter</filter-class>
  4.     </filter>
  5.     <filter-mapping>
  6.         <filter-name>P3P Response Filter</filter-name>
  7.         <url-pattern>widget.seam</url-pattern>
  8.     </filter-mapping>

Download Files with Download Dialog
Seam, Spring and jBPM integration HowTo
Jazoon 08 (Java Conference in Zurich) - Ajax Push

Are you interested in reading more from CodingClues?
Then subscribe to new postings via RSS or via E-Mail.

close Reblog this comment
blog comments powered by Disqus