2018年12月23日(日) 2:10 Christopher Schultz <ch...@christopherschultz.net>:
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Keiichi, > > On 12/21/18 02:58, Keiichi Fujino wrote: > > 2018年12月21日(金) 12:11 Christopher Schultz > > <ch...@christopherschultz.net>: > > > > Tim, > > > > On 12/20/18 10:18, Tim K wrote: > >>>>> > >>>>> I just downloaded and tried 9.0.14 but I'm still getting > >>>>> the same BadPaddingException upon starting the second > >>>>> instance. I confirmed the encryptionKey matches on my two > >>>>> instances. > >>>>> > >>>> > >>>> Maybe something is wrong with my config? For this test, I > >>>> have both Tomcats on the same server using different ports: > > > > This is the only thing that matters to the encryption interceptor: > > > >>>> <Interceptor > >>>> className="org.apache.catalina.tribes.group.interceptors.EncryptInt > erc > > > >>>> > eptor" > >>>> > >>>> > > encryptionKey="e0f2cdf931e99fdce0453964294f97f3" /> > > > > I'm not sure if the order of encrypt/asyncdispatch interceptors > > matters much. > > > > > > > >> Hi. > > > >> The case of using TcpFailureDetector, there is a case to write > >> directly without passing through the interceptor chain. > > > >> TcpFailureDetector#memberAlive writes the channel data directly > >> to outputstream without passing through the interceptor chain. > >> However, when receiving this channel data, It passes through the > >> interceptor chain. So, it must be received by TcpFailureDetector > >> before decrypt of EncryptInterceptor. That is, the order is > >> important. The order is EncryptInterceptor -> > >> TcpFailureDetector. > > How's this for an update to the EncryptInterceptor documentation: > > " > If using the <code>TcpFailureDetector</code>, the > <code>EncryptInterceptor</code> > <i>must</i> be inserted into the interceptor chain <i>before</i> the > <code>TcpFailureDetector</code>. This is becuase the > <code>TcpFailureDetector</code> writes channel data directly > without using > the remainder of the interceptor chain, but on the receiving side, > the message still goes through the chain (in reverse). Because of this > asymmetry, the <code>EncryptInterceptor</code> must execute > <i>before</i> > the <code>TcpFailureDetector</code> on the sender and <i>after</i> > it on the receiver. > " > > Hi Chris. Writing channel data directly is only for member verification. Normal message are sent/received via the interceptor chain. So, It may be better to add a sentence that interprets that writing channel data directly is only for member verification. such as, "When TcpFailureDetector validates cluster members..." etc. > ?? > > - -chris > -----BEGIN PGP SIGNATURE----- > Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ > > iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlweb+MACgkQHPApP6U8 > pFibAhAAuQWi3IGaGRGGwZEHYo9jMB9gdxGkZvQGMEK4naN2KgMkzZ56wTxWRwFh > SEV6yHj6Tz+MERc6YL2st3Hm8VH6DgwEth1g1SmLZGM0JxD4HgqTwtVE9JZk9s4Y > dMCgRR+O09bUh0fnCOybcOHeMZv1SewPFhXq8e/rquTbJAhljRhCrANkzRmo5/05 > WS+DsG78EVrjMG/X8uZIkkBOO43TzwTyAWNrX7u3DwUvf01idgHUceBQ/pRVC+L9 > a4TwypZjYkxJcLeHexzytXYLs8j/r8JtrPYFZfTeQvnlFdDkAcFgYL+CjfjKRTwo > GPJyMU8HjxAfROe0HsRXwtX/OL0XTDq21bwE7yNTCtV1NcnsLSY74eh7WtwMgIKx > kmNva4roGCeb+IQAC2QRnXmenB3qX2RN2ZrY3KWEq2s+UJP7PTf3Xga5ov/OJ0ce > SE8UIuXfmh8IS7nZPn0mFwflbB9xjJZZV8c/oScQflAJKtVjc3mQ6b+29Jfx+zMI > imvx+B7szFkccjtIjZQlPHqgW0MbnuflqiVBUb8tH29adDOWELRPook3V6htHdBA > 1Izbpng+dVU2R2xEQdtdcevUKbaIvmB8xYGRgilu//o/1RrC8wzGqZuXaiomBT01 > Q/wIOQjjXKvVELoAu7Ym23KEv+IDrZAmtZy7QWiBP5azPwbc4sA= > =wOVI > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > -- Keiichi.Fujino