Question

How to secure a Generated PDF in Mendix

2

Hi, We generate PDF Documents from within Mendix and send them to clients to review and sign. How do we secure the PDF at generation or after generation stage so that when we send to the client they cannot edit or alter the document. We are able to secure the PDF documents that don't change such as Terms and conditions by securing with Adobe PDF writer and then and storing it in the system and allowing the admin user to download the document. So in short how can we secure a generated PDF document within Mendix without securing them with Adobe writer after it has been generated in Mendix.

asked 2017-08-02

Desmond Chow

2 answers

Chris de Gelder · Answer 1 · 2017-08-02

If you already added Community Commons to your project you can create a java action (securePDF) with a filedocument as parameter. This will modify the filedocument.

The implementation is from the pdfbox documentation. Please note the hardcoded password. Consider this as a starting point. You could add the canEdit, canPrint etc as parameters.

		// BEGIN USER CODE
		IContext context = getContext();
		ILogNode logger = Core.getLogger("SecurePDF"); 
		logger.trace("Retrieve generated document");
		PDDocument inputDoc = PDDocument.load(Core.getFileDocumentContent(context, filedocument.getMendixObject()));
		
		// Define the length of the encryption key.
		// Possible values are 40 or 128 (256 will be available in PDFBox 2.0).
		int keyLength = 128;

		AccessPermission ap = new AccessPermission();

		// Disable printing, everything else is allowed
		ap.setCanPrint(false);
		ap.setCanAssembleDocument(false);
		ap.setCanExtractContent(false);
		ap.setCanExtractForAccessibility(false);
		ap.setCanModify(false);

		// Owner password (to open the file with all permissions) is "12345"
		// User password (to open the file but with restricted permissions, is empty here) 
		StandardProtectionPolicy spp = new StandardProtectionPolicy("12345", "", ap);
		spp.setEncryptionKeyLength(keyLength);
		spp.setPermissions(ap);
		inputDoc.protect(spp);
		ByteArrayOutputStream output = new ByteArrayOutputStream();
		inputDoc.save(output);
		InputStream newContent = new ByteArrayInputStream(output.toByteArray());		
		logger.trace("Store result in original document");
		Core.storeFileDocumentContent(context, filedocument.getMendixObject(), newContent);
		
		
		logger.trace("Close PDFs");
		inputDoc.close();
		
		logger.trace("Secure PDF done");
		return true;
		// END USER CODE

Rom van Arendonk · Answer 2 · 2017-08-02

Mendix can't do this natively. You can use the PDFBox Library (already part of the CommunityCommons module). See e.g. this StackOverflow thread or this tutorial.