We need to distinguish two different aspects: printing and saving.
You can encrypt a file and set the permissions in such a way that printing isn't allowed. However: if you only encrypt a document with an owner password, it is very easy to decrypt the document and to remove the restrictions. Encrypting a document with an owner password only works on a psychological level: for instance: you indicate that the original producer of the document doesn't want the document to be printed.
If you want to avoid that an end users saves a PDF document, you are asking something that is impossible. The only way to avoid that an end user doesn't have a copy of the PDF is by not sending him the PDF. A PDF can't be opened in Adobe Reader without having the actual bytes on the disk. Even if you would disable saving (for instance in the context of a web application), you'd always find the PDF somewhere in the temp files and people would be able to copy that file as many times as they want.
In your code snippet, you try hiding the toolbar (a viewer preference), but that doesn't make sense. Whether or not this viewer preference will be respected entirely depends on the PDF viewer. For instance: in Adobe Reader X and later, you have a special widget that appears when you hover over the document. This widget allows users to save the document.
Even with Adobe Reader 9, hiding the toolbar isn't sufficient: if the user chooses the appropriate menu item or hits the appropriate "hot key", the toolbar would appear and they could happily click the Save button. In addition, they could have right-clicked and chosen "Save" as well.
In short, you're asking the wrong question.
What you need to do is NOT prevent saving BUT control the actual use of the PDF and that's where DRM (Digital Rights Management) comes in. DRM however is usually very expensive, it requires a custom PDF viewer and it's out of the scope of iText.
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…