PDF secure/unsecure

[Michael]

All,

I am working on a web application and have hit a sticking point. The
user clicks on a link and the app returns a PDF. The site is accessed
via https. However, when I return the PDF, I am getting a message
saying the page I am about to view contains both secure and unsecure
items. Would I like to display the unsecure items? Everything I am
returning is via https, so I'm not sure what I'm doing wrong. The
code I am using to return the PDF is as follows:

response.reset();
response.setContentType("application/pdf");
response.setHeader("Content-Disposition", "inline;");
response.setContentLength(pdf.length);
OutputStream out = response.getOutputStream();

out.write(pdf);
out.flush();
out.close();

pdf is a byte array containing the PDF. Any help anyone can provide
would be appreciated.

Thanks,
Mike

 

[Wendy S]

I am working on a web application and have hit a sticking point. The
user clicks on a link and the app returns a PDF. The site is accessed
via https. However, when I return the PDF, I am getting a message
saying the page I am about to view contains both secure and unsecure
items. Would I like to display the unsecure items? Everything I am
returning is via https, so I'm not sure what I'm doing wrong. The
code I am using to return the PDF is as follows:

Is this IE 6 by any chance? Are you POSTing to this Servlet? If so, I
chased down the same error recently. The problem was explained to me as "a
bug with IE's implementation of non-html content over https from a post
form".

In short, you have to send IE some HTML before you send it the bytes of the
PDF, or it will complain. Try forwarding to a page that does a meta-refresh
instead of going directly to your Servlet. You may have to rework the flow
of your application a bit. Here's what I did:

1. POST to a Struts Action, which stores a filename, whatever.pdf, in
request scope

2. Forward to 'redirect.jsp' which contains:
<%@ taglib uri="http://java.sun.com/jstl/core" prefix="c" %>
<html>
<head>
<meta http-equiv="refresh" content="0; url=<cut
value="${browserFilename}"/>">
</head>
<body>
Please wait while your <a href="<cut
value="${browserFilename}"/>">file</a> is generated.
</body>
</html>

3. PDFServlet is mapped to the *.pdf URL pattern, so it gets invoked, and
sends the PDF.

And IE doesn't complain anymore. In my case I don't mind the extra round
trip to the server (the redirect) because it allows me to show a "please
wait" splash screen.

 

[Jayaram]

All,

I am working on a web application and have hit a sticking point. The
user clicks on a link and the app returns a PDF. The site is accessed
via https. However, when I return the PDF, I am getting a message
saying the page I am about to view contains both secure and unsecure
items. Would I like to display the unsecure items? Everything I am
returning is via https, so I'm not sure what I'm doing wrong. The
code I am using to return the PDF is as follows:

response.reset();
response.setContentType("application/pdf");
response.setHeader("Content-Disposition", "inline;");
response.setContentLength(pdf.length);
OutputStream out = response.getOutputStream();

out.write(pdf);
out.flush();
out.close();

pdf is a byte array containing the PDF. Any help anyone can provide
would be appreciated.

Thanks,
Mike

Mike,
Try using the HTML embed tag. You can find more details at:
http://www.planetpdf.com/mainpage.asp?webpageid=1682
Embedding dynamically generated PDF's into an HTML page solves another
IE bug that sends two requests (one after the other) for the same pdf
document if streamed back to the browser directly from the Servlet.
Even now, you may be unknowingly generating the same PDF twice per
user request.
Regards,
Jayaram