Hi,
We have a
servlet that streams a PDF file into the ServletOutputStream of the response object. We set the content type in the header to be application/pdf. There is nothing special in the logic and there is nothing else in the response object except this stream of binary file.
However, when the application is run using https connection the browser would always issue a warning message "This page contains both secure and non-secure items. Would you like to view the non-secure items?" Clicking Yes (or No!) actually displays the PDF.
But why is this? Does it mean that the binary stream is not encrypted automatically if using ServletOutputStream (thus making it a non-secure item in the page)? What do we need to do to ensure that the file we send through ServletOutputStream will be automatically encrypted when viewed in an https connection?
Please help.
Thanks
Eric