My favorites | Sign in
Project Home Downloads Wiki Issues Source
New issue   Search
  Advanced search   Search tips   Subscriptions
Issue 182: Export to PDF fails in secure pages (HTTPS)
1 person starred this issue and may be notified of changes. Back to list
Status:  Invalid
Owner:  ----
Closed:  Mar 2009

Sign in to add a comment
Reported by, Mar 2, 2009
What steps will reproduce the problem?
1. Use the export to PDF (ExportType.PDF, Flying Saucer) from a secure page

What is the expected output? What do you see instead?
The exported pdf. 0 bytes pdf, Exception that the jmesa.css can't be loaded

What version of the product are you using? On what operating system?
jmesa 2.4.1, core-renderer-r8pre2. Windows XP, Firefox, IE, ...

Please provide any additional information below.
I know that this is a xhtmlrenderer issue, but I was wondering if there is
something can be done to solve this problem (but keep using the Flying
Saucer, PDFP doesn't look very well...).
I debugged jmesa and xhtmlrenderer hard to find the exact point where the
problem occurs:

package org.xhtmlrenderer.swing;

public class NaiveUserAgent implements UserAgentCallback, DocumentListener {...
    protected InputStream resolveAndOpenStream(String uri) { is = null;
        uri = resolveURI(uri);
        try {
            is = new URL(uri).openStream();   <---- ERROR
        } catch ( e) {
            XRLog.exception("bad URL given: " + uri, e);
        } catch ( e) {
            XRLog.exception("item at URI " + uri + " not found");
        } catch ( e) {
            XRLog.exception("IO problem for " + uri, e);
        return is;
This method will fail if the uri of the jmesa css is an https path. Maybe a
possibility would be changing this in jmesa:

package org.jmesa.view.pdf;

public class PdfViewExporter extends AbstractViewExporter {
    private String getBaseUrl() {
        return request.getRequestURL().toString();
Forcing this base url to be http, for example. But only an idea.
I would appreciate any comment or help. Most of my pages have to be in
https and I would like to use the Flying Saucer export to pdf.

Mar 3, 2009
Ok, I found out what the problem was. It's not a bug in xhtmlrenderer and doesn't
need any change in any code...
The problem is that when the Java web application tries to load the css of jmesa to
export as a pdf, it tries to download it using a secure path (https:\\...). For this,
the Java default keystore of ssl trusted certificates
(%JAVA_HOME%\jre\lib\security\cacerts) MUST have the certificate of the server that
hosts the application. 
Java doesn't ask if you trust the server (even if it's the server running the java
app...) like the browser does, it will just throw the exception and tell that can't
load the css (some HandShakeSSLException)
So I close my own Issue, ;)
By the way, thanks for the good work and the best "table creator" I've seen.

Cheers from Spain
Mar 3, 2009
I forgot, if someone has the same problem and is using Tomcat this would help:

If you created your SSL Tomcat certificate like this:
%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA -validity 3650
then you have it in your OWN keystore (located in a .keystore file in your home
directory, the same in Windows and Unix)
You need it in the java keystore, so you can export it from there and import it to
the java keystore like this:
%JAVA_HOME%\jre\lib\security>keytool -export -alias tomcat -file tomcat.crt
%JAVA_HOME%\jre\lib\security>keytool -import -alias tomcat -file tomcat.crt -keystore

Hope this can help someone,

Mar 4, 2009
Project Member #3
(No comment was entered for this change.)
Status: Invalid
Apr 1, 2009
Is there another way to overcome this issue? I mean setting the jmesa-pdf.css in Java
Sep 29, 2010
Hi Alex

I have exactly the same problem that you faced.  I am new to the SSL stuff. 

I am rendering a PDF document using xhtmlrender and everything was fine until we moved to https.  I am facing the same problem when reading the style sheets through https.

I tried out the steps you've given for tomcat (generating a certificate, exporting and importing into java).  But the last step fails saying - 
keytool error: Keystore was tampered with, or password was incorrect

I've given the right password - i tried the pwd i gave while generating the certificate, i tried the default 'changeit' but it throws the same error.

Can you help???!!!!


Sign in to add a comment

Powered by Google Project Hosting