-
1. Re: Seam PDF and SSL
Where/when do you get this exception? A full stack trace is more useful. Also, is it specific to PDFs? If so, something is odd - the SSL handshake happens way before any consideration about the resource type is relevant.
-
2. Re: Seam PDF and SSL
Thanks for the fast response, here are the relevant informations.
The error occurs only downloading the Seam generated PDFs. Other SSL secured pages are working well.Page Configuration:
<page view-id="/pdf/paddialog/pdf-journal-overview.xhtml" scheme="https"> <action execute="#{HelperCalendarService.queryJournalPeriodBegin}" /> <action execute="#{HelperCalendarService.queryJournalPeriodEnd}" /> <action execute="#{PaddialogJournalService.queryJournalList}" /> </page>The configured action are executed successfully, as visible in the log file.
Exception:
Error Rendering View[/pdf/paddialog/pdf-journal-overview.xhtml] java.lang.RuntimeException: ExceptionConverter: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at org.jboss.seam.pdf.ui.UIDocument.processHeaders(UIDocument.java:292) at org.jboss.seam.pdf.ui.UIDocument.encodeBegin(UIDocument.java:267) at javax.faces.component.UIComponent.encodeAll(UIComponent.java:884) at javax.faces.component.UIComponent.encodeAll(UIComponent.java:892) at com.sun.facelets.FaceletViewHandler.renderView(FaceletViewHandler.java:592) at org.ajax4jsf.application.ViewHandlerWrapper.renderView(ViewHandlerWrapper.java:100) at org.ajax4jsf.application.AjaxViewHandler.renderView(AjaxViewHandler.java:176) at com.sun.faces.lifecycle.RenderResponsePhase.execute(RenderResponsePhase.java:106) at com.sun.faces.lifecycle.LifecycleImpl.phase(LifecycleImpl.java:251) at com.sun.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:144) at javax.faces.webapp.FacesServlet.service(FacesServlet.java:245) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:83) at org.jboss.seam.web.IdentityFilter.doFilter(IdentityFilter.java:40) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.jboss.seam.web.MultipartFilter.doFilter(MultipartFilter.java:90) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.jboss.seam.web.ExceptionFilter.doFilter(ExceptionFilter.java:64) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.jboss.seam.web.RedirectFilter.doFilter(RedirectFilter.java:45) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.ajax4jsf.webapp.BaseXMLFilter.doXmlFilter(BaseXMLFilter.java:178) at org.ajax4jsf.webapp.BaseFilter.handleRequest(BaseFilter.java:290) at org.ajax4jsf.webapp.BaseFilter.processUploadsAndHandleRequest(BaseFilter.java:368) at org.ajax4jsf.webapp.BaseFilter.doFilter(BaseFilter.java:495) at org.jboss.seam.web.Ajax4jsfFilter.doFilter(Ajax4jsfFilter.java:56) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.jboss.seam.web.LoggingFilter.doFilter(LoggingFilter.java:60) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.jboss.seam.web.HotDeployFilter.doFilter(HotDeployFilter.java:53) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.jboss.seam.servlet.SeamFilter.doFilter(SeamFilter.java:158) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:179) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:432) at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446) at java.lang.Thread.run(Unknown Source) Caused by: ExceptionConverter: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
-
3. Re: Seam PDF and SSL
Hmm.. something is going on with the SSL configuration. Normally that exception is thrown when a certificate cannot be validated (see here for some details.
Are you hitting the same server when you access /pdf/... (i.e. is there a load balancer or something else in between that redirects the request to another server that has not been configured correctly for SSL)?
Use a command line utility like curl (make sure to use the version compiled with SSL support) to see the details of what's going on during the request. Or a sniffer like WireShark, you can debug the SSL handshake there.
Or, more quickly, add -Djavax.net.debug=all and see from there.
-
4. Re: Seam PDF and SSL
I had no problem setting scheme=
https
on PDF links in the seam-itext example app. -
6. Re: Seam PDF and SSL
I think I found the problem.
SSL was set up correctly and works fine for my application. I used images in my PDF's and seam somehow loads additional content over http.
Maybe i find a proper solution to fix that issue or use iText directly, because I am absolutly unsatisfied with the build in PDF mechanism.
Thanks for your help.
-
7. Re: Seam PDF and SSL
Consider using JodConverter to create your pdf documents and serve them as byte array from the database. This works fine for us.
-
8. Re: Seam PDF and SSL
Ok I will take a look at it, but it seems like a convert only tool and I need dynamic generated content. iText would be fine too, but thanks for the hint.
-