[ https://issues.apache.org/jira/browse/DIRMINA-494?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12549746 ]
janardhanan vembunarayanan commented on DIRMINA-494: ---------------------------------------------------- No. I can give it a try. As we have a working version in production with 1.0.1 moving to Mina 1.0.5 might not be feasible in the near future for us. Is this a know bug in 1.0.1? If so can I get the fix for this alone? Thanks for your quick response I really appreciate it. > SSL Filter IllegalStateException with mutual auth and persist session > --------------------------------------------------------------------- > > Key: DIRMINA-494 > URL: https://issues.apache.org/jira/browse/DIRMINA-494 > Project: MINA > Issue Type: Bug > Affects Versions: 1.0.1 > Environment: Solaris SunOS version 5.10 and Windows XP > java version "1.5.0_06" > Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_06-b05) > Java HotSpot(TM) Client VM (build 1.5.0_06-b05, mixed mode) > Reporter: janardhanan vembunarayanan > > Hi, > I am using Mina and developing a proxy server > 1. I am using SSL with Mutual Authentication and the sslProtocol is "TLS". > 2. I am using tomcat as the webserver with ssl setup > 3. Client => proxy server the protocol is http > 4. proxy server => tomcat is https with mutual auth setup > I am using persistent connection between proxy server and tomcat. Instead of > using the connection for each request I am pooling the session and reusing. > Under this scenario I get the following error > java.lang.IllegalStateException > at > org.apache.mina.filter.SSLFilter.getSSLSessionHandler(SSLFilter.java:636) > at org.apache.mina.filter.SSLFilter.isSSLStarted(SSLFilter.java:190) > at org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:374) > at > org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:362) > at > org.apache.mina.common.support.AbstractIoFilterChain.access$1200(AbstractIoFilterChain.java:54) > at > org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:800) > at > org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilter.java:243) > at > org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run(ExecutorFilter.java:305) > at > edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:990) > at > edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:531) > at java.lang.Thread.run(Thread.java:595) > I added the fix suggested in one of the bugs to change the call in onPreAdd > and onPostAdd but did not fix the problem. > public void onPreAdd( IoFilterChain parent, String name, NextFilter > nextFilter ) throws SSLException > { > if( parent.contains( SSLFilter.class ) ) > { > throw new IllegalStateException( "A filter chain cannot contain > more than one SSLFilter." ); > } > IoSession session = parent.getSession(); > session.setAttribute( NEXT_FILTER, nextFilter ); > > // Create an SSL handler and start handshake. > SSLHandler handler = > new SSLHandler( this, sslContext, session ); > session.setAttribute( SSL_HANDLER, handler ); > } > > public void onPostAdd( IoFilterChain parent, String name, NextFilter > nextFilter ) throws SSLException > { > getSSLSessionHandler( parent.getSession() ).handshake( nextFilter ); > } > Not sure why the handler should be null in this method getSSLSessionHandler. > This is removed only in onPreRemove method and we have special filter called > RemoveSSLFilter and we are calling it in sessionClosed. The code is given > below. > private SSLHandler getSSLSessionHandler( IoSession session ) > { > SSLHandler handler = ( SSLHandler ) session.getAttribute( SSL_HANDLER > ); > if( handler == null ) > { > throw new IllegalStateException(); > } > if( handler.getParent() != this ) > { > throw new IllegalArgumentException( "Not managed by this filter." > ); > } > return handler; > } > public class RemoveSSLFilter extends IoFilterAdapter { > > @Override > public void sessionClosed(NextFilter nextFilter, IoSession session) > throws Exception { > IoFilterChain chain = session.getFilterChain(); > if (chain.contains("SSL")) { > chain.remove("SSL"); > } > nextFilter.sessionClosed(session); > } > > } > This happens only when do persist session for ssl with mutual auth it works > fine without mutual auth. > Any pointers on this will be of great help? > Regards, > Jana -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.