You can also use the DisableEncryptionWriteRequesf to wrap your WriteRequest you want to bypass the SSL filter.
On Fri, Jan 21, 2022 at 3:58 AM Emmanuel Lécharny <[email protected]> wrote: > I have it working. The filter approach is actually the silmpler way to > deal with the requirement, I don't even have to leverage the crypt > bypass flag. I just check if the message to be written is the > StartTlsResponse one, and if so, I 'jump' over the SslFilter: > > public void filterWrite(NextFilter nextFilter, IoSession session, > WriteRequest writeRequest) throws Exception { > if ( writeRequest.getOriginalMessage() instanceof > StartTlsResponse ) > { > // We need to bypass the SslFilter > IoFilterChain chain = session.getFilterChain(); > > for ( IoFilterChain.Entry entry : chain.getAll() ) > { > IoFilter filter = entry.getFilter(); > > if ( filter instanceof SslFilter ) > { > entry.getNextFilter().filterWrite( session, > writeRequest ); > } > } > } > else > { > nextFilter.filterWrite(session, writeRequest); > } > } > > Note: I set up the SslFilter first in the chain, immediately followed by > the StartTLS filter: > > chain.addFirst( "startTls", startTlsFilter ); > chain.addFirst( "sslFilter", sslFilter ); > > Simple, easy. > > > Thanks Jonathan ! > > On 20/01/2022 18:22, Emmanuel Lécharny wrote: > > > > > > On 20/01/2022 13:25, Jonathan Valliere wrote: > >> The old method was unsafe from a concurrency standpoint. This > >> switching logic should be in a filter. > > > > Agreed. StartTLS is by itself very intrusive and I think it deserves to > > be made a MINA filter, instead of expecting MINA to be twisted in a way > > that is not natural. > > > > Actually, with such a filter, we wouldn't even require the flag you have > > added as a substitute for the session attribute. > > > > Thanks Jonathan ! > > > > -- > *Emmanuel Lécharny - CTO* 205 Promenade des Anglais – 06200 NICE > T. +33 (0)4 89 97 36 50 > P. +33 (0)6 08 33 32 61 > [email protected] https://www.busit.com/ >
