CODEWITHSUNDEEP
spring-mvcpdftomcatitext
saidfagan
saidfagan

Reputation: 841

How to show generated PDF in JSP page?

I have a Spring MVC app, deployed to Apache Tomcat. One of the pages must show PDF file generated with itext pdf library.

So I've added object tag to JSP file:

<object data="<c:url value="/view-pdf" />"></object>

And I have method inside controller that handles this URL:

@RequestMapping(value = "/view-pdf", method = RequestMethod.GET)
protected void viewPdf(HttpServletResponse response) {

    ServletOutputStream out = response.getOutputStream();

    //generate pdf here
    Document document = new Document();
    PdfWriter.getInstance(document, out);
    document.setPageSize(PageSize.A4);
    document.open();
    document.add(new Paragraph("Hello, World"));
    document.close();

    out.close();    
}

Now, when I open the page where PDF should be shown it doesn't show PDF file. Chrome console displays this error:

Refused to display 'http://localhost:8080/MyApp/view-file' in a frame because it set 'X-Frame-Options' to 'deny'.

And it is possible to access the PDF when typing http://localhost:8080/MyApp/view-pdf URL directly in the address bar. So there is no problems with PDF generation.

Some answers here suggested adding these lines to the web.xml file:

    <filter>
        <filter-name>httpHeaderSecurity</filter-name>
        <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
        <async-supported>true</async-supported>
        <init-param>
            <param-name>antiClickJackingEnabled</param-name>
            <param-value>true</param-value>
        </init-param>
        <init-param>
            <param-name>antiClickJackingOption</param-name>
            <param-value>ALLOW-FROM</param-value>
        </init-param>
        <init-param>
            <param-name>antiClickJackingUri</param-name>
            <param-value>http://localhost:8080/MyApp/*</param-value>
        </init-param>
    </filter>
    <filter-mapping>
        <filter-name>httpHeaderSecurity</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

I did so, but no effect at all. What am I doing wrong here? How to avoid this error?

My Spring version is 5.0.4.RELEASE, Tomcat version is 8.0.48.

Upvotes: 0

Views: 721

Answers (2)

salah-1
salah-1

Reputation: 1399

At issue is the 'X-Frame-Options' response header in Spring security. Check your spring security config -because by default it’s set to deny for security reasons - see the below link for options to supply.

How to disable 'X-Frame-Options' response header in Spring Security?

Upvotes: 1

user4602302
user4602302

Reputation:

what about changing the viewPdf Method to this:

@RequestMapping(value = "/view-pdf", method = RequestMethod.GET)
protected void viewPdf(HttpServletResponse response) {

    ServletOutputStream out = response.getOutputStream();
    // The next line could fix your problem
    response.setHeader("X-Frame-Options", "SAMEORIGIN");
    //generate pdf here
    Document document = new Document();
    PdfWriter.getInstance(document, out);
    document.setPageSize(PageSize.A4);
    document.open();
    document.add(new Paragraph("Hello, World"));
    document.close();

    out.close();    
}

Upvotes: 0

Related Questions