I need help understanding where this is falling apart. Apache HTTP
Server & Tomcat 4.1.24 on HP-UX.

Previously, we created pdf's, placed them on the web server, and
redirected the browser to https://example.com/user/some.pdf so that
Apache would serve them up over SSL.

Now, however, I'm trying to avoid jumping through so many hoops, and am
using iText to generate the PDF and attempting to send it directly to
the browser. So the Struts webapp does its thing, then forwards to /pdf
with some information in the session. That means Tomcat is serving the
PDF, with this code in a Servlet:

ByteArrayOutputStream baosPDF = null;
baosPDF = generatePDFDocumentBytes( ... );
ServletOutputStream sos;
sos = resp.getOutputStream();
baosPDF.writeTo( sos );

It works fine, but I get a browser (IE6) prompt saying "This page
contains both secure and nonsecure items. " Because I'm forwarding,
the URL in the browser is still https://, but I don't think the pdf data
is being encrypted.

Can someone help me sort this out? Do I need to use different code to
write the pdf out to the browser? I think Apache is handling the
encryption during the normal request/response cycles, but because I'm
taking over the output stream, am I avoiding Apache on this last
response when the pdf goes out?

Thanks,
--
Wendy Smoak
Application Systems Analyst, Sr.
ASU IA Information Resources Management

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@(protected)
For additional commands, e-mail: tomcat-user-help@(protected)