The authentication is added in the content handler in the get and save method implementations, including getDocumentContent, validateCache, and saveDocumentContent.

VirtualViewer passes along any cookies that are associated with the html page. This mechanism is how we support single sign on (SSO). Additionally, if the HTTP session ID is not part of the cookie string, then VirtualViewer HTML5 for Java will automatically add the HTTP session ID to the cookie string. This way, the content handler has the information it needs to verify the current user is authorized to view or save the current document.

If you need to pass more authentication information to your custom content handler, you can use the ClientInstanceId to pass it encrypted in whatever way you like. You have to decrypt it before using it.

When customizing the VirtualViewer content handler to connect to your document storage, you may need to request or store authentication tokens as part of the process.

You can store the tokens in the session object within the content handler. Use the HttpServletRequest session object in the content handler to achieve this.

The user can get a handle to HttpServletRequest session object in the content handler by using this line of code:

HttpServletRequest request = (HttpServletRequest) input.get(ContentHandlerInput.KEY_HTTP_SERVLET_REQUEST);

The user can then get or set session attributes:

request.getSession().getAttribute(arg0);
request.getSession().setAttribute(arg0, arg1)

Single Sign On (SSO)

Single sign on (SSO) related information can be stored in the ClientInstanceId parameter or more often in the HTTP session ID. VirtualViewer HTML5 for Java should pass along any cookies that are associated with the HTML page that contains VirtualViewer HTML5 for Java.

This mechanism is how we support single sign on (SSO). Additionally, if the HTTP session ID is not part of the cookie string, then VirtualViewer HTML5 for Java will automatically add the HTTP session ID to the cookie string.