I am concerned that it is bad precedent to add handler methods based on
specific filters. The purpose of the filter system is that each filter has
no direct knowledge of what is before or after it. Maybe there could be a
generic “event” handler as part of the receive chain that the SECURED event
could flow down instead?
On Thu, Apr 5, 2018 at 6:14 AM, Jeff MAURY <jeffma...@jeffmaury.com> wrote:
> I always felt such an event was missing.
>
> +1
> ᐧ
>
> On Thu, Apr 5, 2018 at 10:04 AM, Emmanuel Lécharny <elecha...@gmail.com>
> wrote:
>
> > Hi guys,
> >
> > as a follow up of a discussion we have had with Jonathan, I would like
> > to suggest we add the 'secured()' event in the IoHandler. Th idea is to
> > make it simpler for MINA users to be informed when teh TLS handshake has
> > been completed.
> >
> > Currently, one need to add the USE_NOTIFICATION attribute in the session
> > before adding the SslFilter in the chain, in order to receive a
> > SESSION_SECURED message. This is kind of convoluted solution, which
> > requires to check for every received message if it's a SESSION_SECURED
> > message in the messageReceived() method.
> >
> > Having a secured() event would eliminate this attribute, and this
> > message, making app implementers life easier.
> >
> > Typically, in the Apache LDAP API, we implement the startTLS extended
> > operation, which allows the caller to setup a secured communication over
> > an existing connection. That forces us to write such code :
> >
> > ...
> > ldapSession.setAttribute( SslFilter.USE_NOTIFICATION, Boolean.TRUE );
> > ldapSession.setAttribute( "HANDSHAKE_FUTURE", handshakeFuture );
> > ldapSession.getFilterChain().addFirst( SSL_FILTER_KEY, sslFilter );
> > ...
> >
> > (the future is used to be informed when the TLS handshake has been
> > completed)
> >
> > and in order to process the SESSION_SECURED message, we have to do :
> >
> > public void messageReceived( IoSession session, Object message ) throws
> > Exception
> > {
> > // Feed the response and store it into the session
> > if ( message instanceof SslFilter.SslFilterMessage )
> > {
> > // This is a SSL message telling if the session has been
> > secured or not
> > HandshakeFuture handshakeFuture = ( HandshakeFuture )
> > ldapSession.getAttribute( "HANDSHAKE_FUTURE" );
> >
> > if ( message == SslFilter.SESSION_SECURED )
> > {
> > // SECURED
> > handshakeFuture.secured();
> > }
> > else
> > {
> > // UNSECURED
> > handshakeFuture.cancel();
> > }
> >
> > ldapSession.removeAttribute( "HANDSHAKE_FUTURE" );
> >
> > return;
> > }
> >
> > which is kind of complicated...
> >
> > wdyt ?
> >
> > --
> > Emmanuel Lecharny
> >
> > Symas.com
> > directory.apache.org
> >
> >
>
>
> --
> Jeff MAURY
>
>
> "Legacy code" often differs from its suggested alternative by actually
> working and scaling.
> - Bjarne Stroustrup
>
> http://www.jeffmaury.com
> http://riadiscuss.jeffmaury.com
> http://www.twitter.com/jeffmaury
>
