directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Maarten Bosteels <m.boste...@pandora.be>
Subject Re: [mina] running code after ssl handshake
Date Mon, 28 Nov 2005 20:30:59 GMT
Trustin Lee wrote:

> Hi Maarten,
>
> 2005/11/23, Maarten Bosteels <m.bosteels@pandora.be 
> <mailto:m.bosteels@pandora.be>>:
>
>     Hello,
>
>     I have some (server-side) code that should run after SSL
>     handshaking is
>     complete, and before any 'real' data is read,
>     but I don't find the correct hook (using mina 0.8.1).
>
>
> SSLFilter in MINA 0.9-SNAPSHOT provides a session attribute called 
> 'ENABLE_NOTIFICATION'.  If you set the attribute, SSLFilter fires 
> messageReceived event with SSLFilter.SESSION_SECURED or 
> SSLFilter.SESSION_UNSECURED messages whenever the session gets secured 
> or is not secure anymore.  Please refer to JavaDoc for more precise 
> information. (This is written by my half-dead mid-term memory ;)
>
> HTH,
> Trustin
> -- 
> what we call human nature is actually human habit
> --
> http://gleamynode.net/ 

Hi Trustin,

Before I read your reply I had naively modified the 0.8.1 version of 
SSLHandler in a similar way:
I added the following code:

              initialHandshakeComplete = true;
+            try   {
+               session.setAttribute("SSL_HANDSHAKE_COMPLETE", Boolean,TRUE)
+                nextFilter.sessionOpened(session);
+              } catch (Exception e) {
+                  log.error ("calling nextFilter.sessionOpened() 
failed", e);
+              }
              return;

Thus I abuse the sessionOpened event for notification. And my event 
handler checks the session attribute to see if hanshake is complete.

  public void sessionOpened(ProtocolSession session) throws Exception {
    if (session.getAttribute("SSL_HANDSHAKE_COMPLETE") == null) {
      doThis(session);
    } else {
      doThat(session);
    }
  }

Everything seemed to work just fine,  for every connection two 
sessionOpened events are fired : one before and one after the handshake.
But when I create a lot of simultaneous connections, it sometimes 
happens that the session attribute is already set when the first 
sessionOpened event
is checking it, resulting in two calls to doThis() and no call to doThat().

The only solution I see, is setting and checking a second session 
attribute in sessionOpened. (that seems to work now :-)
Do you see a better solution based on mina-0.8.1 ?
Do you see any other gaping holes in my approach ?

Thanks in advance.
Maarten

Mime
View raw message