We currently have AEM OSGI REST endpoint that takes XDP name+location and XML data and renders PDF editable form. The PDF form is sent from the OSGI servlet as a byte array back to our Spring application. Our application then renders the PDF inside the browser page. The user enters data in the editable PDF form and submit the form.
Because rendering PDF forms inside the browsers (e.g., Chrome) has a number of limitations, we're trying to convert our forms to HTML5 instead. I'm able to successfully test AEM OOTB endpoint to render XDP to HTML5. However, I have the following questions:
1) What are the ways by which our application can securely connect to AEM HTML5 rendering endpoint? The HTML forms should be accessible only by our application - not opened to the internet. Our application currently uses basic authentication on the server-side (Spring RestTemplate) to call the PDF rendering endpoint (on AEM OSGI side). Since the call to HTML5 rendering endpoint will be from the client-side, basic authentication is not an option. The user should not login to AEM to view the form as long as they are authenticated with our application.
2) Is it possible to stream the HTML5 form DOM back to our application, in a similar fashion as our current PDF rendering endpoint? If that's possible, the user will not need to be redirected to AEM to view and edit the forms.
I can suggest the following ways on how much I understood from your requirement.
1. Can't we send HTML5 form as a byte from OSGI servlet to Spring Application ?
2. I would suggest that you can setup some redirect rule at dispatcher level where when any user access the HTML5 form he should be redirected to the Spring Authentication then if authentication is successful that form can be rendered at client side.