9 Replies Latest reply on Aug 3, 2009 5:37 PM by Shervin Asgari

    Seam PDF and SSL

    Matthias Preier Newbie

      Hello,
      I'm using SSL to protect my application and it works well. But if I try to download PDF files, created by Seam PDF (worked fine before), with scheme="https" I'll get an error saying:


      ExceptionConverter: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target


      If I change to scheme="http" it works fine, but how to enable SSL support for generated PDF files?


        • 1. Re: Seam PDF and SSL
          Jean Luc Apprentice

          Where/when do you get this exception? A full stack trace is more useful. Also, is it specific to PDFs? If so, something is odd - the SSL handshake happens way before any consideration about the resource type is relevant.

          • 2. Re: Seam PDF and SSL
            Matthias Preier Newbie

            Thanks for the fast response, here are the relevant informations.
            The error occurs only downloading the Seam generated PDFs. Other SSL secured pages are working well.


            Page Configuration:


            <page view-id="/pdf/paddialog/pdf-journal-overview.xhtml" scheme="https">
                 <action execute="#{HelperCalendarService.queryJournalPeriodBegin}" />
                 <action execute="#{HelperCalendarService.queryJournalPeriodEnd}" />
                 <action execute="#{PaddialogJournalService.queryJournalList}" />
            </page>





            The configured action are executed successfully, as visible in the log file.


            Exception:


            Error Rendering View[/pdf/paddialog/pdf-journal-overview.xhtml]
            java.lang.RuntimeException: ExceptionConverter: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
                 at org.jboss.seam.pdf.ui.UIDocument.processHeaders(UIDocument.java:292)
                 at org.jboss.seam.pdf.ui.UIDocument.encodeBegin(UIDocument.java:267)
                 at javax.faces.component.UIComponent.encodeAll(UIComponent.java:884)
                 at javax.faces.component.UIComponent.encodeAll(UIComponent.java:892)
                 at com.sun.facelets.FaceletViewHandler.renderView(FaceletViewHandler.java:592)
                 at org.ajax4jsf.application.ViewHandlerWrapper.renderView(ViewHandlerWrapper.java:100)
                 at org.ajax4jsf.application.AjaxViewHandler.renderView(AjaxViewHandler.java:176)
                 at com.sun.faces.lifecycle.RenderResponsePhase.execute(RenderResponsePhase.java:106)
                 at com.sun.faces.lifecycle.LifecycleImpl.phase(LifecycleImpl.java:251)
                 at com.sun.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:144)
                 at javax.faces.webapp.FacesServlet.service(FacesServlet.java:245)
                 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
                 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
                 at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:83)
                 at org.jboss.seam.web.IdentityFilter.doFilter(IdentityFilter.java:40)
                 at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
                 at org.jboss.seam.web.MultipartFilter.doFilter(MultipartFilter.java:90)
                 at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
                 at org.jboss.seam.web.ExceptionFilter.doFilter(ExceptionFilter.java:64)
                 at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
                 at org.jboss.seam.web.RedirectFilter.doFilter(RedirectFilter.java:45)
                 at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
                 at org.ajax4jsf.webapp.BaseXMLFilter.doXmlFilter(BaseXMLFilter.java:178)
                 at org.ajax4jsf.webapp.BaseFilter.handleRequest(BaseFilter.java:290)
                 at org.ajax4jsf.webapp.BaseFilter.processUploadsAndHandleRequest(BaseFilter.java:368)
                 at org.ajax4jsf.webapp.BaseFilter.doFilter(BaseFilter.java:495)
                 at org.jboss.seam.web.Ajax4jsfFilter.doFilter(Ajax4jsfFilter.java:56)
                 at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
                 at org.jboss.seam.web.LoggingFilter.doFilter(LoggingFilter.java:60)
                 at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
                 at org.jboss.seam.web.HotDeployFilter.doFilter(HotDeployFilter.java:53)
                 at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
                 at org.jboss.seam.servlet.SeamFilter.doFilter(SeamFilter.java:158)
                 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
                 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
                 at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
                 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
                 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
                 at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
                 at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
                 at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:179)
                 at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:432)
                 at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
                 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
                 at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
                 at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
                 at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
                 at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
                 at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
                 at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
                 at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
                 at java.lang.Thread.run(Unknown Source)
            Caused by: ExceptionConverter: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target



            • 3. Re: Seam PDF and SSL
              Jean Luc Apprentice

              Hmm.. something is going on with the SSL configuration. Normally that exception is thrown when a certificate cannot be validated (see here for some details.


              Are you hitting the same server when you access /pdf/... (i.e. is there a load balancer or something else in between that redirects the request to another server that has not been configured correctly for SSL)?


              Use a command line utility like curl (make sure to use the version compiled with SSL support) to see the details of what's going on during the request. Or a sniffer like WireShark, you can debug the SSL handshake there.


              Or, more quickly, add -Djavax.net.debug=all and see from there.

              • 4. Re: Seam PDF and SSL
                Norman Richards Expert

                I had no problem setting scheme=https on PDF links in the seam-itext example app.

                • 5. Re: Seam PDF and SSL
                  Shervin Asgari Master

                  Maybe you haven't set up SSL correctly.


                  I found this useful link:
                  SSL in JBoss

                  • 6. Re: Seam PDF and SSL
                    Matthias Preier Newbie

                    I think I found the problem.


                    SSL was set up correctly and works fine for my application. I used images in my PDF's and seam somehow loads additional content over http.


                    Maybe i find a proper solution to fix that issue or use iText directly, because I am absolutly unsatisfied with the build in PDF mechanism.


                    Thanks for your help.

                    • 7. Re: Seam PDF and SSL
                      Shervin Asgari Master

                      Consider using JodConverter to create your pdf documents and serve them as byte array from the database. This works fine for us.

                      • 8. Re: Seam PDF and SSL
                        Matthias Preier Newbie

                        Ok I will take a look at it, but it seems like a convert only tool and I need dynamic generated content. iText would be fine too, but thanks for the hint.

                        • 9. Re: Seam PDF and SSL
                          Shervin Asgari Master

                          I can take html too.