encrypt.groovy — Modified: password fetched from database endExtractDocument 
/*
 *
 * 1. This script should be used for achieving PDF report
 *    encryption capabilities.
 *
 * 2. The script should be executed during the endExtractDocument
 *    report bursting lifecycle phase.
 *
 * 3. Please copy and paste the content of this sample script
 *    into the existing scripts/burst/endExtractDocument.groovy
 *    script.
 *
 * 4. Following PDF encryption scenarios are possible:
 *
 *      4.1 -  Set the owner and user PDF passwords. Default is none.
 *      4.2 -  Digitally sign the report with a X.509 cert file.
 *             Default is none.
 *      4.3 -  Set the assemble permission. Default is true.
 *      4.4 -  Set the extraction permission. Default is true.
 *      4.5 -  Set the fill in form permission. Default is true.
 *      4.6 -  Set the modify permission. Default is true.
 *      4.7 -  Set the modify annots permission. Default is true.
 *      4.8 -  Set the print permission. Default is true.
 *      4.9 -  Set the print degraded permission. Default is true.
 *      4.10 - Sets the number of bits for the encryption key.
 *             Default is 40.
 *
 * 5. For a full list and documentation of the various PDF encryption
 *    capabilities please see
 *    http://pdfbox.apache.org/commandline/
 *
 */

import groovy.ant.AntBuilder
import groovy.sql.Sql

import com.sourcekraft.documentburster.variables.Variables

/*
 *
 * Warning:
 *
 * 1. Normally it should not be any need for you to modify
 *    the value of pdfBoxClassPath.
 *
 * 2. You should only double check that the values of
 *    the hard-coded jar paths/versions are still valid.
 *    With new releases of new software the jar paths/versions
 *    might become obsolete.
 *
 * 3. If required, modify the paths/versions with care.
 *    Having the pdfBoxClassPath wrong will result in the
 *    following ant.exec/pdfbox call to fail.
 *
 */

def pdfBoxClassPath="lib/burst/pdfbox-2.0.20.jar"
pdfBoxClassPath+=";lib/burst/pdfbox-tools-2.0.20.jar"
pdfBoxClassPath+=";lib/burst/jcl-over-slf4j-1.7.30.jar;lib/burst/slf4j-api-1.7.30.jar"
pdfBoxClassPath+=";lib/burst/xmpbox-2.0.20.jar"
pdfBoxClassPath+=";lib/burst/fontbox-2.0.20.jar"
pdfBoxClassPath+=";lib/burst/bcmail-jdk15-1.46.jar"
pdfBoxClassPath+=";lib/burst/bcprov-jdk15-1.46.jar"

/*
 * =========================================================================
 * DATABASE CONNECTION SETTINGS - MODIFY THESE TO MATCH YOUR ENVIRONMENT
 * =========================================================================
 */

// SQLite example (modify path to your database)
// def dbUrl = 'jdbc:sqlite:/path/to/your/database.db'
// def dbDriver = 'org.sqlite.JDBC'
// def dbUser = ''
// def dbPass = ''

// MySQL example
// def dbUrl = 'jdbc:mysql://localhost:3306/your_database'
// def dbDriver = 'com.mysql.jdbc.Driver'
// def dbUser = 'username'
// def dbPass = 'password'

// PostgreSQL example
// def dbUrl = 'jdbc:postgresql://localhost:5432/your_database'
// def dbDriver = 'org.postgresql.Driver'
// def dbUser = 'username'
// def dbPass = 'password'

// SQL Server example
// def dbUrl = 'jdbc:sqlserver://localhost:1433;databaseName=your_database'
// def dbDriver = 'com.microsoft.sqlserver.jdbc.SQLServerDriver'
// def dbUser = 'username'
// def dbPass = 'password'

// Oracle example
// def dbUrl = 'jdbc:oracle:thin:@localhost:1521:orcl'
// def dbDriver = 'oracle.jdbc.pool.OracleDataSource'
// def dbUser = 'username'
// def dbPass = 'password'

// --- UNCOMMENT AND MODIFY ONE OF THE ABOVE ---
def dbUrl = 'jdbc:sqlite:/path/to/your/database.db'
def dbDriver = 'org.sqlite.JDBC'
def dbUser = ''
def dbPass = ''

/*
 * =========================================================================
 * FETCH PASSWORD FROM EMPLOYEE TABLE
 * =========================================================================
 */

def burstToken = ctx.token
def password = null

try {
    def sql = Sql.newInstance(dbUrl, dbUser, dbPass, dbDriver)

    // Query the Employee table to get the password preference
    // Modify column names to match your table structure:
    //   - EmployeeID or employee_id or EmployeeIdentifier
    //   - Password or pdf_password or document_password
    def employeeRow = sql.firstRow(
        'SELECT Password FROM Employees WHERE EmployeeID = ?',
        [burstToken]
    )

    if (employeeRow != null && employeeRow.Password != null) {
        password = employeeRow.Password
        log.info("Password retrieved from Employee table for token: ${burstToken}")
    } else {
        log.warn("No password found in Employee table for token: ${burstToken}")
        // Optional: Fall back to using the burst token as password
        // password = burstToken
    }

    sql.close()

} catch (Exception e) {
    log.error("Error fetching password from database: ${e.message}")
    // Optional: Fall back to using the burst token as password
    // password = burstToken
}

// Skip encryption if no password was found
if (password == null) {
    log.warn("No password available - skipping encryption for token: ${burstToken}")
    return
}

def inputFile = ctx.extractedFilePath

/*
 *
 * 1. By changing the encryptOptions arguments you can
 *    achieve more PDF encryption features such as applying
 *    certification files, modifying the permissions on the report
 *    and modifying the length of the key which is used
 *    during encryption.
 *
 * 2. For a full list and documentation of the various
 *    PDF encryption capabilities please see
 *    http://pdfbox.apache.org/commandline/
 *
 * 3. Gotchas: Take care if you want to pass an argument
 *    that contains white space since it will be split into
 *    multiple arguments. This is the reason why
 *    in encryptOptions all the string arguments are
 *    surrounded with the \" character.
 *
 *    For more details please read
 *    http://groovy.codehaus.org/Executing%20External%20Processes%20From%20Groovy
 *
 */

def encryptOptions = "-O \"${password}\" -U \"${password}\" \"${inputFile}\""

log.info("encryptOptions = ${encryptOptions}")

def ant = new AntBuilder()

ant.exec(outputproperty:"cmdOut",
        errorproperty: "cmdErr",
        resultproperty:"cmdExit",
        failonerror: "false",
        executable: 'java') {
            arg(line:"-cp ${pdfBoxClassPath} org.apache.pdfbox.tools.Encrypt ${encryptOptions}")
        }

println "return code:  ${ant.project.properties.cmdExit}"
println "stderr:       ${ant.project.properties.cmdErr}"
println "stdout:       ${ant.project.properties.cmdOut}"

What You Need to Customize

1. Database Connection (lines ~80–110)
Uncomment the correct database type and update dbUrl, dbDriver, dbUser, dbPass to match your environment.
2. SQL Query (line ~126)
Modify column names to match your Employees table structure:
Password → your password column name
EmployeeID → your employee identifier column name
3. JDBC Driver
Ensure the appropriate JDBC driver JAR is in /reportburster/lib/burst/

⚠ Important Notes