仅允许已登录的用户查看托管在同一服务器和域上的外部html站点（在子文件夹中）

Create a proxy

I would use .htaccess to redirect any url pointing to pages in the book to a custom action in the CakePHP application.

This action checks for credentials and if OK then reads from disk the actual requested file and sends it to the browser. Do not redirect back or you will cause a redirect loop!

Of course you need to create a redirect that passes the original requested page as a parameter so you know what file to read.

Granted this is not supper efficient but it works. I had to solve the exact same issue in an old project.

Notes

Make sure your .htaccess rules only intercept/redirect HTML links or else you need to pay attention to setting up proper response headers for CSS or Image files.

Example of .htaccess

This needs to be in the ROOT folder of the book

<IfModule mod_rewrite.c>
    RewriteEngine on
    RewriteRule    ^(.*html)$    http://[FULL_LINK_TO_CAKE_APP]/proxy/load/$1
</IfModule>

Example of the proxy controller

namespace App\Controller;

/**
 * Static content controller
 *
 * This controller will render a html file 
 *
 */
class ProxyController extends AppController
{

    public function load($file=null){
        if( !$file ){
            return $this->response->body( "Error: no file specified" );
        }

        //THIS NEEDS TO RESOLVE THE FULL DISK PATH OF YOUR PROTECTED FILES
        $pathToFiles = WWW_ROOT . '/subfolder/';

        if( file_exists( $pathToFiles . $file )){
            $this->response->body( file_get_contents( $pathToFiles.$file) );
            return $this->response;
        }

        $this->response->body('Could not load the file: ' . $pathToFiles . $file);
        return $this->response;
    }
}

Security

Of course I assume you have setup the Auth component correctly in your AppController so the controller above will only execute if the user is logged in!