Help

Controls

PermLinkWikiLink
Switch Workspace

Built with Seam

You can find the full source code for this website in the Seam package in the directory /examples/wiki. It is licensed under the LGPL.

Forum: Seam Users Forum ListTopic List
07. Jul 2009, 14:03 America/New_York | Link

Hello, I'm using SSL to protect my application and it works well. But if I try to download PDF files, created by Seam PDF (worked fine before), with scheme="https" I'll get an error saying:

ExceptionConverter: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

If I change to scheme="http" it works fine, but how to enable SSL support for generated PDF files?

9 Replies:
07. Jul 2009, 16:52 America/New_York | Link

Where/when do you get this exception? A full stack trace is more useful. Also, is it specific to PDFs? If so, something is odd - the SSL handshake happens way before any consideration about the resource type is relevant.
07. Jul 2009, 17:36 America/New_York | Link

Thanks for the fast response, here are the relevant informations. The error occurs only downloading the Seam generated PDFs. Other SSL secured pages are working well.

Page Configuration: 

<page view-id="/pdf/paddialog/pdf-journal-overview.xhtml" scheme="https">
	<action execute="#{HelperCalendarService.queryJournalPeriodBegin}" />
	<action execute="#{HelperCalendarService.queryJournalPeriodEnd}" />
	<action execute="#{PaddialogJournalService.queryJournalList}" />
</page>

The configured action are executed successfully, as visible in the log file.

Exception: 

Error Rendering View[/pdf/paddialog/pdf-journal-overview.xhtml]
java.lang.RuntimeException: ExceptionConverter: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at org.jboss.seam.pdf.ui.UIDocument.processHeaders(UIDocument.java:292)
	at org.jboss.seam.pdf.ui.UIDocument.encodeBegin(UIDocument.java:267)
	at javax.faces.component.UIComponent.encodeAll(UIComponent.java:884)
	at javax.faces.component.UIComponent.encodeAll(UIComponent.java:892)
	at com.sun.facelets.FaceletViewHandler.renderView(FaceletViewHandler.java:592)
	at org.ajax4jsf.application.ViewHandlerWrapper.renderView(ViewHandlerWrapper.java:100)
	at org.ajax4jsf.application.AjaxViewHandler.renderView(AjaxViewHandler.java:176)
	at com.sun.faces.lifecycle.RenderResponsePhase.execute(RenderResponsePhase.java:106)
	at com.sun.faces.lifecycle.LifecycleImpl.phase(LifecycleImpl.java:251)
	at com.sun.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:144)
	at javax.faces.webapp.FacesServlet.service(FacesServlet.java:245)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:83)
	at org.jboss.seam.web.IdentityFilter.doFilter(IdentityFilter.java:40)
	at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
	at org.jboss.seam.web.MultipartFilter.doFilter(MultipartFilter.java:90)
	at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
	at org.jboss.seam.web.ExceptionFilter.doFilter(ExceptionFilter.java:64)
	at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
	at org.jboss.seam.web.RedirectFilter.doFilter(RedirectFilter.java:45)
	at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
	at org.ajax4jsf.webapp.BaseXMLFilter.doXmlFilter(BaseXMLFilter.java:178)
	at org.ajax4jsf.webapp.BaseFilter.handleRequest(BaseFilter.java:290)
	at org.ajax4jsf.webapp.BaseFilter.processUploadsAndHandleRequest(BaseFilter.java:368)
	at org.ajax4jsf.webapp.BaseFilter.doFilter(BaseFilter.java:495)
	at org.jboss.seam.web.Ajax4jsfFilter.doFilter(Ajax4jsfFilter.java:56)
	at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
	at org.jboss.seam.web.LoggingFilter.doFilter(LoggingFilter.java:60)
	at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
	at org.jboss.seam.web.HotDeployFilter.doFilter(HotDeployFilter.java:53)
	at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
	at org.jboss.seam.servlet.SeamFilter.doFilter(SeamFilter.java:158)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
	at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:179)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:432)
	at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
	at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
	at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
	at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
	at java.lang.Thread.run(Unknown Source)
Caused by: ExceptionConverter: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
07. Jul 2009, 18:45 America/New_York | Link

Hmm.. something is going on with the SSL configuration. Normally that exception is thrown when a certificate cannot be validated (see here for some details.

Are you hitting the same server when you access /pdf/... (i.e. is there a load balancer or something else in between that redirects the request to another server that has not been configured correctly for SSL)?

Use a command line utility like curl (make sure to use the version compiled with SSL support) to see the details of what's going on during the request. Or a sniffer like WireShark, you can debug the SSL handshake there.

Or, more quickly, add -Djavax.net.debug=all and see from there.
07. Jul 2009, 22:03 America/New_York | Link

I had no problem setting scheme=https on PDF links in the seam-itext example app.
10. Jul 2009, 11:36 America/New_York | Link

Maybe you haven't set up SSL correctly.

I found this useful link: SSL in JBoss
03. Aug 2009, 15:53 America/New_York | Link

I think I found the problem.

SSL was set up correctly and works fine for my application. I used images in my PDF's and seam somehow loads additional content over http.

Maybe i find a proper solution to fix that issue or use iText directly, because I am absolutly unsatisfied with the build in PDF mechanism.

Thanks for your help.
03. Aug 2009, 16:04 America/New_York | Link

Consider using JodConverter to create your pdf documents and serve them as byte array from the database. This works fine for us.
03. Aug 2009, 17:34 America/New_York | Link

Ok I will take a look at it, but it seems like a convert only tool and I need dynamic generated content. iText would be fine too, but thanks for the hint.
03. Aug 2009, 17:37 America/New_York | Link

I can take html too.