[jira] Commented: (DIRMINA-494) SSL Filter IllegalStateException with mutual auth and persist session

Sat, 08 Dec 2007 12:39:05 -0800 

    [ 
https://issues.apache.org/jira/browse/DIRMINA-494?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12549746
 ] 

janardhanan vembunarayanan commented on DIRMINA-494:
----------------------------------------------------

No. I can give it a try. As we have a working version in production with 1.0.1 
moving to Mina 1.0.5 might not be feasible in the near future for us. Is this a 
know bug in 1.0.1? If so can I get the fix for this alone?

Thanks for your quick response I really appreciate it.

> SSL Filter IllegalStateException with mutual auth and persist session
> ---------------------------------------------------------------------
>
>                 Key: DIRMINA-494
>                 URL: https://issues.apache.org/jira/browse/DIRMINA-494
>             Project: MINA
>          Issue Type: Bug
>    Affects Versions: 1.0.1
>         Environment: Solaris SunOS version 5.10 and Windows XP
> java version "1.5.0_06"
> Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_06-b05)
> Java HotSpot(TM) Client VM (build 1.5.0_06-b05, mixed mode)
>            Reporter: janardhanan vembunarayanan
>
> Hi,
> I am using Mina and developing a proxy server
> 1. I am using SSL with Mutual Authentication and the sslProtocol is "TLS".
> 2. I am using tomcat as the webserver with ssl setup
> 3. Client => proxy server the protocol is http
> 4. proxy server => tomcat is https with mutual auth setup
> I am using persistent connection between proxy server and tomcat. Instead of 
> using the connection for each request I am pooling the session and reusing.
> Under this scenario I get the following error
> java.lang.IllegalStateException
>       at 
> org.apache.mina.filter.SSLFilter.getSSLSessionHandler(SSLFilter.java:636)
>       at org.apache.mina.filter.SSLFilter.isSSLStarted(SSLFilter.java:190)
>       at org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:374)
>       at 
> org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:362)
>       at 
> org.apache.mina.common.support.AbstractIoFilterChain.access$1200(AbstractIoFilterChain.java:54)
>       at 
> org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:800)
>       at 
> org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilter.java:243)
>       at 
> org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run(ExecutorFilter.java:305)
>       at 
> edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:990)
>       at 
> edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:531)
>       at java.lang.Thread.run(Thread.java:595)
> I added the fix suggested in one of the bugs to change the call in onPreAdd 
> and onPostAdd but did not fix the problem.
> public void onPreAdd( IoFilterChain parent, String name, NextFilter 
> nextFilter ) throws SSLException
> {
>         if( parent.contains( SSLFilter.class ) )
>         {
>             throw new IllegalStateException( "A filter chain cannot contain 
> more than one SSLFilter." );
>         }
>         IoSession session = parent.getSession();
>         session.setAttribute( NEXT_FILTER, nextFilter );
>         
>         // Create an SSL handler and start handshake.
>         SSLHandler handler =
>             new SSLHandler( this, sslContext, session );
>         session.setAttribute( SSL_HANDLER, handler );
>     }
>     
> public void onPostAdd( IoFilterChain parent, String name, NextFilter 
> nextFilter ) throws SSLException
> {
>       getSSLSessionHandler( parent.getSession() ).handshake( nextFilter );
> }
> Not sure why the handler should be null in this method getSSLSessionHandler. 
> This is removed only in onPreRemove method and we have special filter called 
> RemoveSSLFilter and we are calling it in sessionClosed. The code is given 
> below.
>     private SSLHandler getSSLSessionHandler( IoSession session )
>     {
>         SSLHandler handler = ( SSLHandler ) session.getAttribute( SSL_HANDLER 
> );
>         if( handler == null )
>         {
>               throw new IllegalStateException();
>         }
>         if( handler.getParent() != this )
>         {
>             throw new IllegalArgumentException( "Not managed by this filter." 
> );
>         }
>         return handler;
>     }
> public class RemoveSSLFilter extends IoFilterAdapter {
>    
>     @Override
>     public void sessionClosed(NextFilter nextFilter, IoSession session) 
> throws Exception {
>       IoFilterChain chain = session.getFilterChain();
>               if (chain.contains("SSL")) {                    
>                       chain.remove("SSL");
>               }
>         nextFilter.sessionClosed(session);
>     }
>     
> }
> This happens only when do persist session for ssl with mutual auth it works 
> fine without mutual auth.
> Any pointers on this will be of great help?
> Regards,
> Jana

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to