You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@mina.apache.org by "janardhanan vembunarayanan (JIRA)" <ji...@apache.org> on 2007/12/08 02:04:43 UTC
[jira] Created: (DIRMINA-494) SSL Filter IllegalStateException with
mutual auth and persist session
SSL Filter IllegalStateException with mutual auth and persist session
---------------------------------------------------------------------
Key: DIRMINA-494
URL: https://issues.apache.org/jira/browse/DIRMINA-494
Project: MINA
Issue Type: Bug
Affects Versions: 1.0.1
Environment: Solaris SunOS version 5.10 and Windows XP
java version "1.5.0_06"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_06-b05)
Java HotSpot(TM) Client VM (build 1.5.0_06-b05, mixed mode)
Reporter: janardhanan vembunarayanan
Hi,
I am using Mina and developing a proxy server
1. I am using SSL with Mutual Authentication and the sslProtocol is "TLS".
2. I am using tomcat as the webserver with ssl setup
3. Client => proxy server the protocol is http
4. proxy server => tomcat is https with mutual auth setup
I am using persistent connection between proxy server and tomcat. Instead of using the connection for each request I am pooling the session and reusing.
Under this scenario I get the following error
java.lang.IllegalStateException
at org.apache.mina.filter.SSLFilter.getSSLSessionHandler(SSLFilter.java:636)
at org.apache.mina.filter.SSLFilter.isSSLStarted(SSLFilter.java:190)
at org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:374)
at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:362)
at org.apache.mina.common.support.AbstractIoFilterChain.access$1200(AbstractIoFilterChain.java:54)
at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:800)
at org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilter.java:243)
at org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run(ExecutorFilter.java:305)
at edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:990)
at edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:531)
at java.lang.Thread.run(Thread.java:595)
I added the fix suggested in one of the bugs to change the call in onPreAdd and onPostAdd but did not fix the problem.
public void onPreAdd( IoFilterChain parent, String name, NextFilter nextFilter ) throws SSLException
{
if( parent.contains( SSLFilter.class ) )
{
throw new IllegalStateException( "A filter chain cannot contain more than one SSLFilter." );
}
IoSession session = parent.getSession();
session.setAttribute( NEXT_FILTER, nextFilter );
// Create an SSL handler and start handshake.
SSLHandler handler =
new SSLHandler( this, sslContext, session );
session.setAttribute( SSL_HANDLER, handler );
}
public void onPostAdd( IoFilterChain parent, String name, NextFilter nextFilter ) throws SSLException
{
getSSLSessionHandler( parent.getSession() ).handshake( nextFilter );
}
Not sure why the handler should be null in this method getSSLSessionHandler. This is removed only in onPreRemove method and we have special filter called RemoveSSLFilter and we are calling it in sessionClosed. The code is given below.
private SSLHandler getSSLSessionHandler( IoSession session )
{
SSLHandler handler = ( SSLHandler ) session.getAttribute( SSL_HANDLER );
if( handler == null )
{
throw new IllegalStateException();
}
if( handler.getParent() != this )
{
throw new IllegalArgumentException( "Not managed by this filter." );
}
return handler;
}
public class RemoveSSLFilter extends IoFilterAdapter {
@Override
public void sessionClosed(NextFilter nextFilter, IoSession session) throws Exception {
IoFilterChain chain = session.getFilterChain();
if (chain.contains("SSL")) {
chain.remove("SSL");
}
nextFilter.sessionClosed(session);
}
}
This happens only when do persist session for ssl with mutual auth it works fine without mutual auth.
Any pointers on this will be of great help?
Regards,
Jana
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
Re: [jira] Issue Comment Edited: (DIRMINA-494) SSL Filter IllegalStateException with mutual auth and persist session
Posted by Maarten Bosteels <mb...@gmail.com>.
Also have a look at this thread:
http://www.nabble.com/sending-receiving-a-byte---to14199165s16868.html#a14209316
And please note that there are two versions of the codec tutorial :
for mina 1.x : http://mina.apache.org/tutorial-on-protocolcodecfilter.html
for mina 2.0x :
http://mina.apache.org/tutorial-on-protocolcodecfilter-for-mina-2x.html
Maarten
On Dec 11, 2007 5:27 PM, Jeroen Brattinga <je...@gmail.com> wrote:
> Take a look at this tutorial:
> http://mina.apache.org/tutorial-on-protocolcodecfilter.html
>
> Oh, and try to give your question a better description in the subject of
> your e-mail next time!
>
>
> Jeroen Brattinga
>
>
>
> On Tue, 2007-12-11 at 20:47 +0800, Michael Qi wrote:
> > Hello,
> > I am using mina and try to write a IoHandler and my question is
> > messageReceived(IoSession session, Object msg) function:
> > My protocol binary and the msg is Object ! Can convert it to byte
> > array? Thank you!
> >
> >
> >
> >
> >
> >
> > HeQi
>
>
Re: [jira] Issue Comment Edited: (DIRMINA-494) SSL Filter
IllegalStateException with mutual auth and persist session
Posted by Jeroen Brattinga <je...@gmail.com>.
Take a look at this tutorial:
http://mina.apache.org/tutorial-on-protocolcodecfilter.html
Oh, and try to give your question a better description in the subject of
your e-mail next time!
Jeroen Brattinga
On Tue, 2007-12-11 at 20:47 +0800, Michael Qi wrote:
> Hello,
> I am using mina and try to write a IoHandler and my question is
> messageReceived(IoSession session, Object msg) function:
> My protocol binary and the msg is Object ! Can convert it to byte
> array? Thank you!
>
>
>
>
>
>
> HeQi
Re: [jira] Issue Comment Edited: (DIRMINA-494) SSL Filter IllegalStateException with mutual auth and persist session
Posted by Michael Qi <fo...@gmail.com>.
Hello,
I am using mina and try to write a IoHandler and my question is
messageReceived(IoSession session, Object msg) function:
My protocol binary and the msg is Object ! Can convert it to byte
array? Thank you!
HeQi
[jira] Reopened: (DIRMINA-494) SSL Filter IllegalStateException
with mutual auth and persist session
Posted by "janardhanan vembunarayanan (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DIRMINA-494?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
janardhanan vembunarayanan reopened DIRMINA-494:
------------------------------------------------
Hi,
Using mina-core-1.0.1.jar with mina-filter-ssl-1.0.5.jar as suggested by your I find the following
problem.
1. Client sends data using ssl to mina acceptor and gets the response back.
For some of the requests the acceptor is not able to get the complete data and it idle timesout
If I use mina-core-1.0.5.jar with mina-filter-ssl-1.0.5.jar the above case works fine.
Looks like there is a dependency in mina-filter-ssl-1.0.5.jar and mina-core-1.0.5.jar. Can you
confirm the same?
Do you suggest us to do the dependency changes to mina-core-1.0.1.jar or move to
mina-core-1.0.5.jar?
Regards,
Jana
> SSL Filter IllegalStateException with mutual auth and persist session
> ---------------------------------------------------------------------
>
> Key: DIRMINA-494
> URL: https://issues.apache.org/jira/browse/DIRMINA-494
> Project: MINA
> Issue Type: Bug
> Affects Versions: 1.0.1
> Environment: Solaris SunOS version 5.10 and Windows XP
> java version "1.5.0_06"
> Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_06-b05)
> Java HotSpot(TM) Client VM (build 1.5.0_06-b05, mixed mode)
> Reporter: janardhanan vembunarayanan
>
> Hi,
> I am using Mina and developing a proxy server
> 1. I am using SSL with Mutual Authentication and the sslProtocol is "TLS".
> 2. I am using tomcat as the webserver with ssl setup
> 3. Client => proxy server the protocol is http
> 4. proxy server => tomcat is https with mutual auth setup
> I am using persistent connection between proxy server and tomcat. Instead of using the connection for each request I am pooling the session and reusing.
> Under this scenario I get the following error
> java.lang.IllegalStateException
> at org.apache.mina.filter.SSLFilter.getSSLSessionHandler(SSLFilter.java:636)
> at org.apache.mina.filter.SSLFilter.isSSLStarted(SSLFilter.java:190)
> at org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:374)
> at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:362)
> at org.apache.mina.common.support.AbstractIoFilterChain.access$1200(AbstractIoFilterChain.java:54)
> at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:800)
> at org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilter.java:243)
> at org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run(ExecutorFilter.java:305)
> at edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:990)
> at edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:531)
> at java.lang.Thread.run(Thread.java:595)
> I added the fix suggested in one of the bugs to change the call in onPreAdd and onPostAdd but did not fix the problem.
> public void onPreAdd( IoFilterChain parent, String name, NextFilter nextFilter ) throws SSLException
> {
> if( parent.contains( SSLFilter.class ) )
> {
> throw new IllegalStateException( "A filter chain cannot contain more than one SSLFilter." );
> }
> IoSession session = parent.getSession();
> session.setAttribute( NEXT_FILTER, nextFilter );
>
> // Create an SSL handler and start handshake.
> SSLHandler handler =
> new SSLHandler( this, sslContext, session );
> session.setAttribute( SSL_HANDLER, handler );
> }
>
> public void onPostAdd( IoFilterChain parent, String name, NextFilter nextFilter ) throws SSLException
> {
> getSSLSessionHandler( parent.getSession() ).handshake( nextFilter );
> }
> Not sure why the handler should be null in this method getSSLSessionHandler. This is removed only in onPreRemove method and we have special filter called RemoveSSLFilter and we are calling it in sessionClosed. The code is given below.
> private SSLHandler getSSLSessionHandler( IoSession session )
> {
> SSLHandler handler = ( SSLHandler ) session.getAttribute( SSL_HANDLER );
> if( handler == null )
> {
> throw new IllegalStateException();
> }
> if( handler.getParent() != this )
> {
> throw new IllegalArgumentException( "Not managed by this filter." );
> }
> return handler;
> }
> public class RemoveSSLFilter extends IoFilterAdapter {
>
> @Override
> public void sessionClosed(NextFilter nextFilter, IoSession session) throws Exception {
> IoFilterChain chain = session.getFilterChain();
> if (chain.contains("SSL")) {
> chain.remove("SSL");
> }
> nextFilter.sessionClosed(session);
> }
>
> }
> This happens only when do persist session for ssl with mutual auth it works fine without mutual auth.
> Any pointers on this will be of great help?
> Regards,
> Jana
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Closed: (DIRMINA-494) SSL Filter IllegalStateException with
mutual auth and persist session
Posted by "janardhanan vembunarayanan (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DIRMINA-494?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
janardhanan vembunarayanan closed DIRMINA-494.
----------------------------------------------
Resolution: Fixed
Fix Version/s: 1.0.9
Moving to Mina 1.0.9 hence closing this issue..
Thanks.
> SSL Filter IllegalStateException with mutual auth and persist session
> ---------------------------------------------------------------------
>
> Key: DIRMINA-494
> URL: https://issues.apache.org/jira/browse/DIRMINA-494
> Project: MINA
> Issue Type: Bug
> Affects Versions: 1.0.1
> Environment: Solaris SunOS version 5.10 and Windows XP
> java version "1.5.0_06"
> Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_06-b05)
> Java HotSpot(TM) Client VM (build 1.5.0_06-b05, mixed mode)
> Reporter: janardhanan vembunarayanan
> Fix For: 1.0.9
>
>
> Hi,
> I am using Mina and developing a proxy server
> 1. I am using SSL with Mutual Authentication and the sslProtocol is "TLS".
> 2. I am using tomcat as the webserver with ssl setup
> 3. Client => proxy server the protocol is http
> 4. proxy server => tomcat is https with mutual auth setup
> I am using persistent connection between proxy server and tomcat. Instead of using the connection for each request I am pooling the session and reusing.
> Under this scenario I get the following error
> java.lang.IllegalStateException
> at org.apache.mina.filter.SSLFilter.getSSLSessionHandler(SSLFilter.java:636)
> at org.apache.mina.filter.SSLFilter.isSSLStarted(SSLFilter.java:190)
> at org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:374)
> at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:362)
> at org.apache.mina.common.support.AbstractIoFilterChain.access$1200(AbstractIoFilterChain.java:54)
> at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:800)
> at org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilter.java:243)
> at org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run(ExecutorFilter.java:305)
> at edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:990)
> at edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:531)
> at java.lang.Thread.run(Thread.java:595)
> I added the fix suggested in one of the bugs to change the call in onPreAdd and onPostAdd but did not fix the problem.
> public void onPreAdd( IoFilterChain parent, String name, NextFilter nextFilter ) throws SSLException
> {
> if( parent.contains( SSLFilter.class ) )
> {
> throw new IllegalStateException( "A filter chain cannot contain more than one SSLFilter." );
> }
> IoSession session = parent.getSession();
> session.setAttribute( NEXT_FILTER, nextFilter );
>
> // Create an SSL handler and start handshake.
> SSLHandler handler =
> new SSLHandler( this, sslContext, session );
> session.setAttribute( SSL_HANDLER, handler );
> }
>
> public void onPostAdd( IoFilterChain parent, String name, NextFilter nextFilter ) throws SSLException
> {
> getSSLSessionHandler( parent.getSession() ).handshake( nextFilter );
> }
> Not sure why the handler should be null in this method getSSLSessionHandler. This is removed only in onPreRemove method and we have special filter called RemoveSSLFilter and we are calling it in sessionClosed. The code is given below.
> private SSLHandler getSSLSessionHandler( IoSession session )
> {
> SSLHandler handler = ( SSLHandler ) session.getAttribute( SSL_HANDLER );
> if( handler == null )
> {
> throw new IllegalStateException();
> }
> if( handler.getParent() != this )
> {
> throw new IllegalArgumentException( "Not managed by this filter." );
> }
> return handler;
> }
> public class RemoveSSLFilter extends IoFilterAdapter {
>
> @Override
> public void sessionClosed(NextFilter nextFilter, IoSession session) throws Exception {
> IoFilterChain chain = session.getFilterChain();
> if (chain.contains("SSL")) {
> chain.remove("SSL");
> }
> nextFilter.sessionClosed(session);
> }
>
> }
> This happens only when do persist session for ssl with mutual auth it works fine without mutual auth.
> Any pointers on this will be of great help?
> Regards,
> Jana
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (DIRMINA-494) SSL Filter IllegalStateException
with mutual auth and persist session
Posted by "Trustin Lee (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DIRMINA-494?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12549742 ]
Trustin Lee commented on DIRMINA-494:
-------------------------------------
Did you try to upgrade to 1.0.5?
> SSL Filter IllegalStateException with mutual auth and persist session
> ---------------------------------------------------------------------
>
> Key: DIRMINA-494
> URL: https://issues.apache.org/jira/browse/DIRMINA-494
> Project: MINA
> Issue Type: Bug
> Affects Versions: 1.0.1
> Environment: Solaris SunOS version 5.10 and Windows XP
> java version "1.5.0_06"
> Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_06-b05)
> Java HotSpot(TM) Client VM (build 1.5.0_06-b05, mixed mode)
> Reporter: janardhanan vembunarayanan
>
> Hi,
> I am using Mina and developing a proxy server
> 1. I am using SSL with Mutual Authentication and the sslProtocol is "TLS".
> 2. I am using tomcat as the webserver with ssl setup
> 3. Client => proxy server the protocol is http
> 4. proxy server => tomcat is https with mutual auth setup
> I am using persistent connection between proxy server and tomcat. Instead of using the connection for each request I am pooling the session and reusing.
> Under this scenario I get the following error
> java.lang.IllegalStateException
> at org.apache.mina.filter.SSLFilter.getSSLSessionHandler(SSLFilter.java:636)
> at org.apache.mina.filter.SSLFilter.isSSLStarted(SSLFilter.java:190)
> at org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:374)
> at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:362)
> at org.apache.mina.common.support.AbstractIoFilterChain.access$1200(AbstractIoFilterChain.java:54)
> at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:800)
> at org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilter.java:243)
> at org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run(ExecutorFilter.java:305)
> at edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:990)
> at edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:531)
> at java.lang.Thread.run(Thread.java:595)
> I added the fix suggested in one of the bugs to change the call in onPreAdd and onPostAdd but did not fix the problem.
> public void onPreAdd( IoFilterChain parent, String name, NextFilter nextFilter ) throws SSLException
> {
> if( parent.contains( SSLFilter.class ) )
> {
> throw new IllegalStateException( "A filter chain cannot contain more than one SSLFilter." );
> }
> IoSession session = parent.getSession();
> session.setAttribute( NEXT_FILTER, nextFilter );
>
> // Create an SSL handler and start handshake.
> SSLHandler handler =
> new SSLHandler( this, sslContext, session );
> session.setAttribute( SSL_HANDLER, handler );
> }
>
> public void onPostAdd( IoFilterChain parent, String name, NextFilter nextFilter ) throws SSLException
> {
> getSSLSessionHandler( parent.getSession() ).handshake( nextFilter );
> }
> Not sure why the handler should be null in this method getSSLSessionHandler. This is removed only in onPreRemove method and we have special filter called RemoveSSLFilter and we are calling it in sessionClosed. The code is given below.
> private SSLHandler getSSLSessionHandler( IoSession session )
> {
> SSLHandler handler = ( SSLHandler ) session.getAttribute( SSL_HANDLER );
> if( handler == null )
> {
> throw new IllegalStateException();
> }
> if( handler.getParent() != this )
> {
> throw new IllegalArgumentException( "Not managed by this filter." );
> }
> return handler;
> }
> public class RemoveSSLFilter extends IoFilterAdapter {
>
> @Override
> public void sessionClosed(NextFilter nextFilter, IoSession session) throws Exception {
> IoFilterChain chain = session.getFilterChain();
> if (chain.contains("SSL")) {
> chain.remove("SSL");
> }
> nextFilter.sessionClosed(session);
> }
>
> }
> This happens only when do persist session for ssl with mutual auth it works fine without mutual auth.
> Any pointers on this will be of great help?
> Regards,
> Jana
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (DIRMINA-494) SSL Filter IllegalStateException
with mutual auth and persist session
Posted by "Trustin Lee (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DIRMINA-494?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12549910 ]
Trustin Lee commented on DIRMINA-494:
-------------------------------------
You could just upgrade only mina-ssl.jar to 1.0.5 to see if it fixes the problem.
> SSL Filter IllegalStateException with mutual auth and persist session
> ---------------------------------------------------------------------
>
> Key: DIRMINA-494
> URL: https://issues.apache.org/jira/browse/DIRMINA-494
> Project: MINA
> Issue Type: Bug
> Affects Versions: 1.0.1
> Environment: Solaris SunOS version 5.10 and Windows XP
> java version "1.5.0_06"
> Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_06-b05)
> Java HotSpot(TM) Client VM (build 1.5.0_06-b05, mixed mode)
> Reporter: janardhanan vembunarayanan
>
> Hi,
> I am using Mina and developing a proxy server
> 1. I am using SSL with Mutual Authentication and the sslProtocol is "TLS".
> 2. I am using tomcat as the webserver with ssl setup
> 3. Client => proxy server the protocol is http
> 4. proxy server => tomcat is https with mutual auth setup
> I am using persistent connection between proxy server and tomcat. Instead of using the connection for each request I am pooling the session and reusing.
> Under this scenario I get the following error
> java.lang.IllegalStateException
> at org.apache.mina.filter.SSLFilter.getSSLSessionHandler(SSLFilter.java:636)
> at org.apache.mina.filter.SSLFilter.isSSLStarted(SSLFilter.java:190)
> at org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:374)
> at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:362)
> at org.apache.mina.common.support.AbstractIoFilterChain.access$1200(AbstractIoFilterChain.java:54)
> at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:800)
> at org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilter.java:243)
> at org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run(ExecutorFilter.java:305)
> at edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:990)
> at edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:531)
> at java.lang.Thread.run(Thread.java:595)
> I added the fix suggested in one of the bugs to change the call in onPreAdd and onPostAdd but did not fix the problem.
> public void onPreAdd( IoFilterChain parent, String name, NextFilter nextFilter ) throws SSLException
> {
> if( parent.contains( SSLFilter.class ) )
> {
> throw new IllegalStateException( "A filter chain cannot contain more than one SSLFilter." );
> }
> IoSession session = parent.getSession();
> session.setAttribute( NEXT_FILTER, nextFilter );
>
> // Create an SSL handler and start handshake.
> SSLHandler handler =
> new SSLHandler( this, sslContext, session );
> session.setAttribute( SSL_HANDLER, handler );
> }
>
> public void onPostAdd( IoFilterChain parent, String name, NextFilter nextFilter ) throws SSLException
> {
> getSSLSessionHandler( parent.getSession() ).handshake( nextFilter );
> }
> Not sure why the handler should be null in this method getSSLSessionHandler. This is removed only in onPreRemove method and we have special filter called RemoveSSLFilter and we are calling it in sessionClosed. The code is given below.
> private SSLHandler getSSLSessionHandler( IoSession session )
> {
> SSLHandler handler = ( SSLHandler ) session.getAttribute( SSL_HANDLER );
> if( handler == null )
> {
> throw new IllegalStateException();
> }
> if( handler.getParent() != this )
> {
> throw new IllegalArgumentException( "Not managed by this filter." );
> }
> return handler;
> }
> public class RemoveSSLFilter extends IoFilterAdapter {
>
> @Override
> public void sessionClosed(NextFilter nextFilter, IoSession session) throws Exception {
> IoFilterChain chain = session.getFilterChain();
> if (chain.contains("SSL")) {
> chain.remove("SSL");
> }
> nextFilter.sessionClosed(session);
> }
>
> }
> This happens only when do persist session for ssl with mutual auth it works fine without mutual auth.
> Any pointers on this will be of great help?
> Regards,
> Jana
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Issue Comment Edited: (DIRMINA-494) SSL Filter
IllegalStateException with mutual auth and persist session
Posted by "Trustin Lee (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DIRMINA-494?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12549910 ]
trustin edited comment on DIRMINA-494 at 12/9/07 10:17 PM:
---------------------------------------------------------------
You could just upgrade only mina-filter-ssl.jar to 1.0.5 to see if it fixes the problem.
was (Author: trustin):
You could just upgrade only mina-ssl.jar to 1.0.5 to see if it fixes the problem.
> SSL Filter IllegalStateException with mutual auth and persist session
> ---------------------------------------------------------------------
>
> Key: DIRMINA-494
> URL: https://issues.apache.org/jira/browse/DIRMINA-494
> Project: MINA
> Issue Type: Bug
> Affects Versions: 1.0.1
> Environment: Solaris SunOS version 5.10 and Windows XP
> java version "1.5.0_06"
> Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_06-b05)
> Java HotSpot(TM) Client VM (build 1.5.0_06-b05, mixed mode)
> Reporter: janardhanan vembunarayanan
>
> Hi,
> I am using Mina and developing a proxy server
> 1. I am using SSL with Mutual Authentication and the sslProtocol is "TLS".
> 2. I am using tomcat as the webserver with ssl setup
> 3. Client => proxy server the protocol is http
> 4. proxy server => tomcat is https with mutual auth setup
> I am using persistent connection between proxy server and tomcat. Instead of using the connection for each request I am pooling the session and reusing.
> Under this scenario I get the following error
> java.lang.IllegalStateException
> at org.apache.mina.filter.SSLFilter.getSSLSessionHandler(SSLFilter.java:636)
> at org.apache.mina.filter.SSLFilter.isSSLStarted(SSLFilter.java:190)
> at org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:374)
> at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:362)
> at org.apache.mina.common.support.AbstractIoFilterChain.access$1200(AbstractIoFilterChain.java:54)
> at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:800)
> at org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilter.java:243)
> at org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run(ExecutorFilter.java:305)
> at edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:990)
> at edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:531)
> at java.lang.Thread.run(Thread.java:595)
> I added the fix suggested in one of the bugs to change the call in onPreAdd and onPostAdd but did not fix the problem.
> public void onPreAdd( IoFilterChain parent, String name, NextFilter nextFilter ) throws SSLException
> {
> if( parent.contains( SSLFilter.class ) )
> {
> throw new IllegalStateException( "A filter chain cannot contain more than one SSLFilter." );
> }
> IoSession session = parent.getSession();
> session.setAttribute( NEXT_FILTER, nextFilter );
>
> // Create an SSL handler and start handshake.
> SSLHandler handler =
> new SSLHandler( this, sslContext, session );
> session.setAttribute( SSL_HANDLER, handler );
> }
>
> public void onPostAdd( IoFilterChain parent, String name, NextFilter nextFilter ) throws SSLException
> {
> getSSLSessionHandler( parent.getSession() ).handshake( nextFilter );
> }
> Not sure why the handler should be null in this method getSSLSessionHandler. This is removed only in onPreRemove method and we have special filter called RemoveSSLFilter and we are calling it in sessionClosed. The code is given below.
> private SSLHandler getSSLSessionHandler( IoSession session )
> {
> SSLHandler handler = ( SSLHandler ) session.getAttribute( SSL_HANDLER );
> if( handler == null )
> {
> throw new IllegalStateException();
> }
> if( handler.getParent() != this )
> {
> throw new IllegalArgumentException( "Not managed by this filter." );
> }
> return handler;
> }
> public class RemoveSSLFilter extends IoFilterAdapter {
>
> @Override
> public void sessionClosed(NextFilter nextFilter, IoSession session) throws Exception {
> IoFilterChain chain = session.getFilterChain();
> if (chain.contains("SSL")) {
> chain.remove("SSL");
> }
> nextFilter.sessionClosed(session);
> }
>
> }
> This happens only when do persist session for ssl with mutual auth it works fine without mutual auth.
> Any pointers on this will be of great help?
> Regards,
> Jana
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Resolved: (DIRMINA-494) SSL Filter IllegalStateException
with mutual auth and persist session
Posted by "Trustin Lee (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DIRMINA-494?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Trustin Lee resolved DIRMINA-494.
---------------------------------
Resolution: Invalid
Marking as 'invalid' because it's fixed already.
> SSL Filter IllegalStateException with mutual auth and persist session
> ---------------------------------------------------------------------
>
> Key: DIRMINA-494
> URL: https://issues.apache.org/jira/browse/DIRMINA-494
> Project: MINA
> Issue Type: Bug
> Affects Versions: 1.0.1
> Environment: Solaris SunOS version 5.10 and Windows XP
> java version "1.5.0_06"
> Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_06-b05)
> Java HotSpot(TM) Client VM (build 1.5.0_06-b05, mixed mode)
> Reporter: janardhanan vembunarayanan
>
> Hi,
> I am using Mina and developing a proxy server
> 1. I am using SSL with Mutual Authentication and the sslProtocol is "TLS".
> 2. I am using tomcat as the webserver with ssl setup
> 3. Client => proxy server the protocol is http
> 4. proxy server => tomcat is https with mutual auth setup
> I am using persistent connection between proxy server and tomcat. Instead of using the connection for each request I am pooling the session and reusing.
> Under this scenario I get the following error
> java.lang.IllegalStateException
> at org.apache.mina.filter.SSLFilter.getSSLSessionHandler(SSLFilter.java:636)
> at org.apache.mina.filter.SSLFilter.isSSLStarted(SSLFilter.java:190)
> at org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:374)
> at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:362)
> at org.apache.mina.common.support.AbstractIoFilterChain.access$1200(AbstractIoFilterChain.java:54)
> at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:800)
> at org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilter.java:243)
> at org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run(ExecutorFilter.java:305)
> at edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:990)
> at edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:531)
> at java.lang.Thread.run(Thread.java:595)
> I added the fix suggested in one of the bugs to change the call in onPreAdd and onPostAdd but did not fix the problem.
> public void onPreAdd( IoFilterChain parent, String name, NextFilter nextFilter ) throws SSLException
> {
> if( parent.contains( SSLFilter.class ) )
> {
> throw new IllegalStateException( "A filter chain cannot contain more than one SSLFilter." );
> }
> IoSession session = parent.getSession();
> session.setAttribute( NEXT_FILTER, nextFilter );
>
> // Create an SSL handler and start handshake.
> SSLHandler handler =
> new SSLHandler( this, sslContext, session );
> session.setAttribute( SSL_HANDLER, handler );
> }
>
> public void onPostAdd( IoFilterChain parent, String name, NextFilter nextFilter ) throws SSLException
> {
> getSSLSessionHandler( parent.getSession() ).handshake( nextFilter );
> }
> Not sure why the handler should be null in this method getSSLSessionHandler. This is removed only in onPreRemove method and we have special filter called RemoveSSLFilter and we are calling it in sessionClosed. The code is given below.
> private SSLHandler getSSLSessionHandler( IoSession session )
> {
> SSLHandler handler = ( SSLHandler ) session.getAttribute( SSL_HANDLER );
> if( handler == null )
> {
> throw new IllegalStateException();
> }
> if( handler.getParent() != this )
> {
> throw new IllegalArgumentException( "Not managed by this filter." );
> }
> return handler;
> }
> public class RemoveSSLFilter extends IoFilterAdapter {
>
> @Override
> public void sessionClosed(NextFilter nextFilter, IoSession session) throws Exception {
> IoFilterChain chain = session.getFilterChain();
> if (chain.contains("SSL")) {
> chain.remove("SSL");
> }
> nextFilter.sessionClosed(session);
> }
>
> }
> This happens only when do persist session for ssl with mutual auth it works fine without mutual auth.
> Any pointers on this will be of great help?
> Regards,
> Jana
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (DIRMINA-494) SSL Filter IllegalStateException
with mutual auth and persist session
Posted by "janardhanan vembunarayanan (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DIRMINA-494?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12549746 ]
janardhanan vembunarayanan commented on DIRMINA-494:
----------------------------------------------------
No. I can give it a try. As we have a working version in production with 1.0.1 moving to Mina 1.0.5 might not be feasible in the near future for us. Is this a know bug in 1.0.1? If so can I get the fix for this alone?
Thanks for your quick response I really appreciate it.
> SSL Filter IllegalStateException with mutual auth and persist session
> ---------------------------------------------------------------------
>
> Key: DIRMINA-494
> URL: https://issues.apache.org/jira/browse/DIRMINA-494
> Project: MINA
> Issue Type: Bug
> Affects Versions: 1.0.1
> Environment: Solaris SunOS version 5.10 and Windows XP
> java version "1.5.0_06"
> Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_06-b05)
> Java HotSpot(TM) Client VM (build 1.5.0_06-b05, mixed mode)
> Reporter: janardhanan vembunarayanan
>
> Hi,
> I am using Mina and developing a proxy server
> 1. I am using SSL with Mutual Authentication and the sslProtocol is "TLS".
> 2. I am using tomcat as the webserver with ssl setup
> 3. Client => proxy server the protocol is http
> 4. proxy server => tomcat is https with mutual auth setup
> I am using persistent connection between proxy server and tomcat. Instead of using the connection for each request I am pooling the session and reusing.
> Under this scenario I get the following error
> java.lang.IllegalStateException
> at org.apache.mina.filter.SSLFilter.getSSLSessionHandler(SSLFilter.java:636)
> at org.apache.mina.filter.SSLFilter.isSSLStarted(SSLFilter.java:190)
> at org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:374)
> at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:362)
> at org.apache.mina.common.support.AbstractIoFilterChain.access$1200(AbstractIoFilterChain.java:54)
> at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:800)
> at org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilter.java:243)
> at org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run(ExecutorFilter.java:305)
> at edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:990)
> at edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:531)
> at java.lang.Thread.run(Thread.java:595)
> I added the fix suggested in one of the bugs to change the call in onPreAdd and onPostAdd but did not fix the problem.
> public void onPreAdd( IoFilterChain parent, String name, NextFilter nextFilter ) throws SSLException
> {
> if( parent.contains( SSLFilter.class ) )
> {
> throw new IllegalStateException( "A filter chain cannot contain more than one SSLFilter." );
> }
> IoSession session = parent.getSession();
> session.setAttribute( NEXT_FILTER, nextFilter );
>
> // Create an SSL handler and start handshake.
> SSLHandler handler =
> new SSLHandler( this, sslContext, session );
> session.setAttribute( SSL_HANDLER, handler );
> }
>
> public void onPostAdd( IoFilterChain parent, String name, NextFilter nextFilter ) throws SSLException
> {
> getSSLSessionHandler( parent.getSession() ).handshake( nextFilter );
> }
> Not sure why the handler should be null in this method getSSLSessionHandler. This is removed only in onPreRemove method and we have special filter called RemoveSSLFilter and we are calling it in sessionClosed. The code is given below.
> private SSLHandler getSSLSessionHandler( IoSession session )
> {
> SSLHandler handler = ( SSLHandler ) session.getAttribute( SSL_HANDLER );
> if( handler == null )
> {
> throw new IllegalStateException();
> }
> if( handler.getParent() != this )
> {
> throw new IllegalArgumentException( "Not managed by this filter." );
> }
> return handler;
> }
> public class RemoveSSLFilter extends IoFilterAdapter {
>
> @Override
> public void sessionClosed(NextFilter nextFilter, IoSession session) throws Exception {
> IoFilterChain chain = session.getFilterChain();
> if (chain.contains("SSL")) {
> chain.remove("SSL");
> }
> nextFilter.sessionClosed(session);
> }
>
> }
> This happens only when do persist session for ssl with mutual auth it works fine without mutual auth.
> Any pointers on this will be of great help?
> Regards,
> Jana
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (DIRMINA-494) SSL Filter IllegalStateException
with mutual auth and persist session
Posted by "janardhanan vembunarayanan (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DIRMINA-494?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12550784 ]
janardhanan vembunarayanan commented on DIRMINA-494:
----------------------------------------------------
I upgraded just the ssl alone to Mina 1.0.5 by taking the mina-filter-ssl-1.0.5.jar and the issue reported in the bug went away. The results are very good compared to what it was before. Thanks for your inputs.
But sometimes I get a different exception once in a while. Is this a known bug?
Exception caught SSL handshake failed.javax.net.ssl.SSLHandshakeException: SSL handshake failed.
at org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:416)
at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:362)
at org.apache.mina.common.support.AbstractIoFilterChain.access$1200(AbstractIoFilterChain.java:54)
at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:800)
at org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilter.java:243)
at org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run(ExecutorFilter.java:305)
at edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:990)
at edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:531)
at java.lang.Thread.run(Thread.java:595)
Caused by: javax.net.ssl.SSLException: illegal change cipher spec msg, state = 6
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:166)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1352)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1320)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:965)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:782)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:674)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:566)
at org.apache.mina.filter.support.SSLHandler.unwrap0(SSLHandler.java:665)
at org.apache.mina.filter.support.SSLHandler.unwrapHandshake(SSLHandler.java:621)
at org.apache.mina.filter.support.SSLHandler.handshake(SSLHandler.java:496)
at org.apache.mina.filter.support.SSLHandler.messageReceived(SSLHandler.java:307)
at org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:392)
> SSL Filter IllegalStateException with mutual auth and persist session
> ---------------------------------------------------------------------
>
> Key: DIRMINA-494
> URL: https://issues.apache.org/jira/browse/DIRMINA-494
> Project: MINA
> Issue Type: Bug
> Affects Versions: 1.0.1
> Environment: Solaris SunOS version 5.10 and Windows XP
> java version "1.5.0_06"
> Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_06-b05)
> Java HotSpot(TM) Client VM (build 1.5.0_06-b05, mixed mode)
> Reporter: janardhanan vembunarayanan
>
> Hi,
> I am using Mina and developing a proxy server
> 1. I am using SSL with Mutual Authentication and the sslProtocol is "TLS".
> 2. I am using tomcat as the webserver with ssl setup
> 3. Client => proxy server the protocol is http
> 4. proxy server => tomcat is https with mutual auth setup
> I am using persistent connection between proxy server and tomcat. Instead of using the connection for each request I am pooling the session and reusing.
> Under this scenario I get the following error
> java.lang.IllegalStateException
> at org.apache.mina.filter.SSLFilter.getSSLSessionHandler(SSLFilter.java:636)
> at org.apache.mina.filter.SSLFilter.isSSLStarted(SSLFilter.java:190)
> at org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:374)
> at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:362)
> at org.apache.mina.common.support.AbstractIoFilterChain.access$1200(AbstractIoFilterChain.java:54)
> at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:800)
> at org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilter.java:243)
> at org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run(ExecutorFilter.java:305)
> at edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:990)
> at edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:531)
> at java.lang.Thread.run(Thread.java:595)
> I added the fix suggested in one of the bugs to change the call in onPreAdd and onPostAdd but did not fix the problem.
> public void onPreAdd( IoFilterChain parent, String name, NextFilter nextFilter ) throws SSLException
> {
> if( parent.contains( SSLFilter.class ) )
> {
> throw new IllegalStateException( "A filter chain cannot contain more than one SSLFilter." );
> }
> IoSession session = parent.getSession();
> session.setAttribute( NEXT_FILTER, nextFilter );
>
> // Create an SSL handler and start handshake.
> SSLHandler handler =
> new SSLHandler( this, sslContext, session );
> session.setAttribute( SSL_HANDLER, handler );
> }
>
> public void onPostAdd( IoFilterChain parent, String name, NextFilter nextFilter ) throws SSLException
> {
> getSSLSessionHandler( parent.getSession() ).handshake( nextFilter );
> }
> Not sure why the handler should be null in this method getSSLSessionHandler. This is removed only in onPreRemove method and we have special filter called RemoveSSLFilter and we are calling it in sessionClosed. The code is given below.
> private SSLHandler getSSLSessionHandler( IoSession session )
> {
> SSLHandler handler = ( SSLHandler ) session.getAttribute( SSL_HANDLER );
> if( handler == null )
> {
> throw new IllegalStateException();
> }
> if( handler.getParent() != this )
> {
> throw new IllegalArgumentException( "Not managed by this filter." );
> }
> return handler;
> }
> public class RemoveSSLFilter extends IoFilterAdapter {
>
> @Override
> public void sessionClosed(NextFilter nextFilter, IoSession session) throws Exception {
> IoFilterChain chain = session.getFilterChain();
> if (chain.contains("SSL")) {
> chain.remove("SSL");
> }
> nextFilter.sessionClosed(session);
> }
>
> }
> This happens only when do persist session for ssl with mutual auth it works fine without mutual auth.
> Any pointers on this will be of great help?
> Regards,
> Jana
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (DIRMINA-494) SSL Filter IllegalStateException
with mutual auth and persist session
Posted by "Trustin Lee (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DIRMINA-494?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12550786 ]
Trustin Lee commented on DIRMINA-494:
-------------------------------------
I have not seen such an exception message. If it's reproduceable by myself, I could fix it. Any help is appreciated.
> SSL Filter IllegalStateException with mutual auth and persist session
> ---------------------------------------------------------------------
>
> Key: DIRMINA-494
> URL: https://issues.apache.org/jira/browse/DIRMINA-494
> Project: MINA
> Issue Type: Bug
> Affects Versions: 1.0.1
> Environment: Solaris SunOS version 5.10 and Windows XP
> java version "1.5.0_06"
> Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_06-b05)
> Java HotSpot(TM) Client VM (build 1.5.0_06-b05, mixed mode)
> Reporter: janardhanan vembunarayanan
>
> Hi,
> I am using Mina and developing a proxy server
> 1. I am using SSL with Mutual Authentication and the sslProtocol is "TLS".
> 2. I am using tomcat as the webserver with ssl setup
> 3. Client => proxy server the protocol is http
> 4. proxy server => tomcat is https with mutual auth setup
> I am using persistent connection between proxy server and tomcat. Instead of using the connection for each request I am pooling the session and reusing.
> Under this scenario I get the following error
> java.lang.IllegalStateException
> at org.apache.mina.filter.SSLFilter.getSSLSessionHandler(SSLFilter.java:636)
> at org.apache.mina.filter.SSLFilter.isSSLStarted(SSLFilter.java:190)
> at org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:374)
> at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:362)
> at org.apache.mina.common.support.AbstractIoFilterChain.access$1200(AbstractIoFilterChain.java:54)
> at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:800)
> at org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilter.java:243)
> at org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run(ExecutorFilter.java:305)
> at edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:990)
> at edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:531)
> at java.lang.Thread.run(Thread.java:595)
> I added the fix suggested in one of the bugs to change the call in onPreAdd and onPostAdd but did not fix the problem.
> public void onPreAdd( IoFilterChain parent, String name, NextFilter nextFilter ) throws SSLException
> {
> if( parent.contains( SSLFilter.class ) )
> {
> throw new IllegalStateException( "A filter chain cannot contain more than one SSLFilter." );
> }
> IoSession session = parent.getSession();
> session.setAttribute( NEXT_FILTER, nextFilter );
>
> // Create an SSL handler and start handshake.
> SSLHandler handler =
> new SSLHandler( this, sslContext, session );
> session.setAttribute( SSL_HANDLER, handler );
> }
>
> public void onPostAdd( IoFilterChain parent, String name, NextFilter nextFilter ) throws SSLException
> {
> getSSLSessionHandler( parent.getSession() ).handshake( nextFilter );
> }
> Not sure why the handler should be null in this method getSSLSessionHandler. This is removed only in onPreRemove method and we have special filter called RemoveSSLFilter and we are calling it in sessionClosed. The code is given below.
> private SSLHandler getSSLSessionHandler( IoSession session )
> {
> SSLHandler handler = ( SSLHandler ) session.getAttribute( SSL_HANDLER );
> if( handler == null )
> {
> throw new IllegalStateException();
> }
> if( handler.getParent() != this )
> {
> throw new IllegalArgumentException( "Not managed by this filter." );
> }
> return handler;
> }
> public class RemoveSSLFilter extends IoFilterAdapter {
>
> @Override
> public void sessionClosed(NextFilter nextFilter, IoSession session) throws Exception {
> IoFilterChain chain = session.getFilterChain();
> if (chain.contains("SSL")) {
> chain.remove("SSL");
> }
> nextFilter.sessionClosed(session);
> }
>
> }
> This happens only when do persist session for ssl with mutual auth it works fine without mutual auth.
> Any pointers on this will be of great help?
> Regards,
> Jana
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.