You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@mina.apache.org by "Trustin Lee (JIRA)" <ji...@apache.org> on 2007/12/12 02:43:43 UTC

[jira] Resolved: (DIRMINA-494) SSL Filter IllegalStateException with mutual auth and persist session

     [ https://issues.apache.org/jira/browse/DIRMINA-494?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Trustin Lee resolved DIRMINA-494.
---------------------------------

    Resolution: Invalid

Marking as 'invalid' because it's fixed already.

> SSL Filter IllegalStateException with mutual auth and persist session
> ---------------------------------------------------------------------
>
>                 Key: DIRMINA-494
>                 URL: https://issues.apache.org/jira/browse/DIRMINA-494
>             Project: MINA
>          Issue Type: Bug
>    Affects Versions: 1.0.1
>         Environment: Solaris SunOS version 5.10 and Windows XP
> java version "1.5.0_06"
> Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_06-b05)
> Java HotSpot(TM) Client VM (build 1.5.0_06-b05, mixed mode)
>            Reporter: janardhanan vembunarayanan
>
> Hi,
> I am using Mina and developing a proxy server
> 1. I am using SSL with Mutual Authentication and the sslProtocol is "TLS".
> 2. I am using tomcat as the webserver with ssl setup
> 3. Client => proxy server the protocol is http
> 4. proxy server => tomcat is https with mutual auth setup
> I am using persistent connection between proxy server and tomcat. Instead of using the connection for each request I am pooling the session and reusing.
> Under this scenario I get the following error
> java.lang.IllegalStateException
> 	at org.apache.mina.filter.SSLFilter.getSSLSessionHandler(SSLFilter.java:636)
> 	at org.apache.mina.filter.SSLFilter.isSSLStarted(SSLFilter.java:190)
> 	at org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:374)
> 	at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:362)
> 	at org.apache.mina.common.support.AbstractIoFilterChain.access$1200(AbstractIoFilterChain.java:54)
> 	at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:800)
> 	at org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilter.java:243)
> 	at org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run(ExecutorFilter.java:305)
> 	at edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:990)
> 	at edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:531)
> 	at java.lang.Thread.run(Thread.java:595)
> I added the fix suggested in one of the bugs to change the call in onPreAdd and onPostAdd but did not fix the problem.
> public void onPreAdd( IoFilterChain parent, String name, NextFilter nextFilter ) throws SSLException
> {
>         if( parent.contains( SSLFilter.class ) )
>         {
>             throw new IllegalStateException( "A filter chain cannot contain more than one SSLFilter." );
>         }
>         IoSession session = parent.getSession();
>         session.setAttribute( NEXT_FILTER, nextFilter );
>         
>         // Create an SSL handler and start handshake.
>         SSLHandler handler =
>             new SSLHandler( this, sslContext, session );
>         session.setAttribute( SSL_HANDLER, handler );
>     }
>     
> public void onPostAdd( IoFilterChain parent, String name, NextFilter nextFilter ) throws SSLException
> {
> 	getSSLSessionHandler( parent.getSession() ).handshake( nextFilter );
> }
> Not sure why the handler should be null in this method getSSLSessionHandler. This is removed only in onPreRemove method and we have special filter called RemoveSSLFilter and we are calling it in sessionClosed. The code is given below.
>     private SSLHandler getSSLSessionHandler( IoSession session )
>     {
>         SSLHandler handler = ( SSLHandler ) session.getAttribute( SSL_HANDLER );
>         if( handler == null )
>         {
>         	throw new IllegalStateException();
>         }
>         if( handler.getParent() != this )
>         {
>             throw new IllegalArgumentException( "Not managed by this filter." );
>         }
>         return handler;
>     }
> public class RemoveSSLFilter extends IoFilterAdapter {
>    
>     @Override
>     public void sessionClosed(NextFilter nextFilter, IoSession session) throws Exception {
>     	IoFilterChain chain = session.getFilterChain();
> 		if (chain.contains("SSL")) {			
> 			chain.remove("SSL");
> 		}
>         nextFilter.sessionClosed(session);
>     }
>     
> }
> This happens only when do persist session for ssl with mutual auth it works fine without mutual auth.
> Any pointers on this will be of great help?
> Regards,
> Jana

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.