Package org.apache.mina.filter.ssl
Class SslFilter
- java.lang.Object
-
- org.apache.mina.core.filterchain.IoFilterAdapter
-
- org.apache.mina.filter.ssl.SslFilter
-
- All Implemented Interfaces:
IoFilter
public class SslFilter extends IoFilterAdapter
A SSL processor which performs flow control of encrypted information on the filter-chain.The initial handshake is automatically enabled for "client" sessions once the filter is added to the filter-chain and the session is connected.
- Author:
- Jonathan Valliere, Apache MINA Project
-
-
Nested Class Summary
-
Nested classes/interfaces inherited from interface org.apache.mina.core.filterchain.IoFilter
IoFilter.NextFilter
-
-
Field Summary
Fields Modifier and Type Field Description protected String[]
enabledCipherSuites
The enabled Ciphers.protected String[]
enabledProtocols
The list of enabled SSL/TLS protocols.protected static Executor
EXECUTOR
Task executor for processing handshakesprotected static Logger
LOGGER
The loggerprotected boolean
needClientAuth
A flag set if client authentication is requiredprotected static AttributeKey
SSL_HANDLER
Returns the SSL2Handler objectstatic AttributeKey
SSL_SECURED
SSLSession object when the session is secured, otherwise null.protected SSLContext
sslContext
protected boolean
wantClientAuth
A flag set if client authentication is requested
-
Constructor Summary
Constructors Constructor Description SslFilter(SSLContext sslContext)
Creates a new SSL filter using the specifiedSSLContext
.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected SSLEngine
createEngine(IoSession session, InetSocketAddress addr)
Customization handler for creating the enginevoid
filterWrite(IoFilter.NextFilter next, IoSession session, WriteRequest request)
FiltersIoSession.write(Object)
method invocation.String[]
getEnabledCipherSuites()
String[]
getEnabledProtocols()
String
getEndpointIdentificationAlgorithm()
boolean
isNeedClientAuth()
boolean
isWantClientAuth()
void
messageReceived(IoFilter.NextFilter next, IoSession session, Object message)
FiltersIoHandler.messageReceived(IoSession,Object)
event.void
messageSent(IoFilter.NextFilter next, IoSession session, WriteRequest request)
FiltersIoHandler.messageSent(IoSession,Object)
event.protected void
onClose(IoFilter.NextFilter next, IoSession session, boolean linger)
Called when the session is going to be closed.protected void
onConnected(IoFilter.NextFilter next, IoSession session)
Internal method for performing post-connect operations; this can be triggered during normal connect event or after the filter is added to the chain.void
onPostAdd(IoFilterChain parent, String name, IoFilter.NextFilter next)
Invoked after this filter is added to the specifiedparent
.void
onPreAdd(IoFilterChain parent, String name, IoFilter.NextFilter next)
Invoked before this filter is added to the specifiedparent
.void
onPreRemove(IoFilterChain parent, String name, IoFilter.NextFilter next)
Invoked before this filter is removed from the specifiedparent
.void
sessionClosed(IoFilter.NextFilter next, IoSession session)
FiltersIoHandler.sessionClosed(IoSession)
event.void
sessionOpened(IoFilter.NextFilter next, IoSession session)
FiltersIoHandler.sessionOpened(IoSession)
event.void
setEnabledCipherSuites(String... enabledCipherSuites)
Sets the list of cipher suites to be enabled whenSSLEngine
is initialized.void
setEnabledProtocols(String... enabledProtocols)
Sets the list of protocols to be enabled whenSSLEngine
is initialized.void
setEndpointIdentificationAlgorithm(String identificationAlgorithm)
Sets the endpoint identification algorithm to be used whenSSLEngine
is initialized.void
setNeedClientAuth(boolean needClientAuth)
Configures the engine to require client authentication.void
setWantClientAuth(boolean wantClientAuth)
Configures the engine to request client authentication.-
Methods inherited from class org.apache.mina.core.filterchain.IoFilterAdapter
destroy, event, exceptionCaught, filterClose, init, inputClosed, onPostRemove, sessionCreated, sessionIdle, toString
-
-
-
-
Field Detail
-
SSL_SECURED
public static final AttributeKey SSL_SECURED
SSLSession object when the session is secured, otherwise null.
-
SSL_HANDLER
protected static final AttributeKey SSL_HANDLER
Returns the SSL2Handler object
-
LOGGER
protected static final Logger LOGGER
The logger
-
EXECUTOR
protected static final Executor EXECUTOR
Task executor for processing handshakes
-
sslContext
protected final SSLContext sslContext
-
needClientAuth
protected boolean needClientAuth
A flag set if client authentication is required
-
wantClientAuth
protected boolean wantClientAuth
A flag set if client authentication is requested
-
enabledCipherSuites
protected String[] enabledCipherSuites
The enabled Ciphers.
-
enabledProtocols
protected String[] enabledProtocols
The list of enabled SSL/TLS protocols. Must be an array of String, containing:- SSLv2Hello
- SSLv3
- TLSv1.1 or TLSv1
- TLSv1.2
- TLSv1.3
- NONE
-
-
Constructor Detail
-
SslFilter
public SslFilter(SSLContext sslContext)
Creates a new SSL filter using the specifiedSSLContext
.- Parameters:
sslContext
- The SSLContext to use
-
-
Method Detail
-
isNeedClientAuth
public boolean isNeedClientAuth()
- Returns:
true
if the engine will require client authentication. This option is only useful to engines in the server mode.
-
setNeedClientAuth
public void setNeedClientAuth(boolean needClientAuth)
Configures the engine to require client authentication. This option is only useful for engines in the server mode.- Parameters:
needClientAuth
- A flag set when client authentication is required
-
isWantClientAuth
public boolean isWantClientAuth()
- Returns:
true
if the engine will request client authentication. This option is only useful to engines in the server mode.
-
setWantClientAuth
public void setWantClientAuth(boolean wantClientAuth)
Configures the engine to request client authentication. This option is only useful for engines in the server mode.- Parameters:
wantClientAuth
- A flag set when client authentication is requested
-
getEnabledCipherSuites
public String[] getEnabledCipherSuites()
-
setEnabledCipherSuites
public void setEnabledCipherSuites(String... enabledCipherSuites)
Sets the list of cipher suites to be enabled whenSSLEngine
is initialized.- Parameters:
enabledCipherSuites
- The list of enabled Cipher.null
means 'useSSLEngine
's default.'
-
getEndpointIdentificationAlgorithm
public String getEndpointIdentificationAlgorithm()
-
setEndpointIdentificationAlgorithm
public void setEndpointIdentificationAlgorithm(String identificationAlgorithm)
Sets the endpoint identification algorithm to be used whenSSLEngine
is initialized.- Parameters:
identificationAlgorithm
-null
means 'useSSLEngine
's default.'
-
getEnabledProtocols
public String[] getEnabledProtocols()
-
setEnabledProtocols
public void setEnabledProtocols(String... enabledProtocols)
Sets the list of protocols to be enabled whenSSLEngine
is initialized.- Parameters:
enabledProtocols
- The list of enabled SSL/TLS protocols.null
means 'useSSLEngine
's default.'
-
onPreAdd
public void onPreAdd(IoFilterChain parent, String name, IoFilter.NextFilter next) throws Exception
Invoked before this filter is added to the specifiedparent
. Please note that this method can be invoked more than once if this filter is added to more than one parents. This method is not invoked beforeIoFilter.init()
is invoked.- Specified by:
onPreAdd
in interfaceIoFilter
- Overrides:
onPreAdd
in classIoFilterAdapter
- Parameters:
parent
- the parent who called this methodname
- the name assigned to this filternext
- theIoFilter.NextFilter
for this filter. You can reuse this object until this filter is removed from the chain.- Throws:
Exception
- If an error occurred while processing the event
-
onPostAdd
public void onPostAdd(IoFilterChain parent, String name, IoFilter.NextFilter next) throws Exception
Invoked after this filter is added to the specifiedparent
. Please note that this method can be invoked more than once if this filter is added to more than one parents. This method is not invoked beforeIoFilter.init()
is invoked.- Specified by:
onPostAdd
in interfaceIoFilter
- Overrides:
onPostAdd
in classIoFilterAdapter
- Parameters:
parent
- the parent who called this methodname
- the name assigned to this filternext
- theIoFilter.NextFilter
for this filter. You can reuse this object until this filter is removed from the chain.- Throws:
Exception
- If an error occurred while processing the event
-
onPreRemove
public void onPreRemove(IoFilterChain parent, String name, IoFilter.NextFilter next) throws Exception
Invoked before this filter is removed from the specifiedparent
. Please note that this method can be invoked more than once if this filter is removed from more than one parents. This method is always invoked beforeIoFilter.destroy()
is invoked.- Specified by:
onPreRemove
in interfaceIoFilter
- Overrides:
onPreRemove
in classIoFilterAdapter
- Parameters:
parent
- the parent who called this methodname
- the name assigned to this filternext
- theIoFilter.NextFilter
for this filter. You can reuse this object until this filter is removed from the chain.- Throws:
Exception
- If an error occurred while processing the event
-
onConnected
protected void onConnected(IoFilter.NextFilter next, IoSession session) throws SSLException
Internal method for performing post-connect operations; this can be triggered during normal connect event or after the filter is added to the chain.- Parameters:
next
- The nextFilter to call in the chainsession
- The session instance- Throws:
SSLException
- Any exception thrown by the SslHandler closing
-
onClose
protected void onClose(IoFilter.NextFilter next, IoSession session, boolean linger) throws SSLException
Called when the session is going to be closed. We must shutdown the SslHandler instance.- Parameters:
next
- The nextFilter to call in the chainsession
- The session instancelinger
- if true, write any queued messages before closing- Throws:
SSLException
- Any exception thrown by the SslHandler closing
-
createEngine
protected SSLEngine createEngine(IoSession session, InetSocketAddress addr)
Customization handler for creating the engine- Parameters:
session
- source sessionaddr
- socket address used for fast reconnect- Returns:
- an SSLEngine
-
sessionOpened
public void sessionOpened(IoFilter.NextFilter next, IoSession session) throws Exception
FiltersIoHandler.sessionOpened(IoSession)
event.- Specified by:
sessionOpened
in interfaceIoFilter
- Overrides:
sessionOpened
in classIoFilterAdapter
- Parameters:
next
- theIoFilter.NextFilter
for this filter. You can reuse this object until this filter is removed from the chain.session
- TheIoSession
which has received this event- Throws:
Exception
- If an error occurred while processing the event
-
sessionClosed
public void sessionClosed(IoFilter.NextFilter next, IoSession session) throws Exception
FiltersIoHandler.sessionClosed(IoSession)
event.- Specified by:
sessionClosed
in interfaceIoFilter
- Overrides:
sessionClosed
in classIoFilterAdapter
- Parameters:
next
- theIoFilter.NextFilter
for this filter. You can reuse this object until this filter is removed from the chain.session
- TheIoSession
which has received this event- Throws:
Exception
- If an error occurred while processing the event
-
messageReceived
public void messageReceived(IoFilter.NextFilter next, IoSession session, Object message) throws Exception
FiltersIoHandler.messageReceived(IoSession,Object)
event.- Specified by:
messageReceived
in interfaceIoFilter
- Overrides:
messageReceived
in classIoFilterAdapter
- Parameters:
next
- theIoFilter.NextFilter
for this filter. You can reuse this object until this filter is removed from the chain.session
- TheIoSession
which has received this eventmessage
- The received message- Throws:
Exception
- If an error occurred while processing the event
-
messageSent
public void messageSent(IoFilter.NextFilter next, IoSession session, WriteRequest request) throws Exception
FiltersIoHandler.messageSent(IoSession,Object)
event.- Specified by:
messageSent
in interfaceIoFilter
- Overrides:
messageSent
in classIoFilterAdapter
- Parameters:
next
- theIoFilter.NextFilter
for this filter. You can reuse this object until this filter is removed from the chain.session
- TheIoSession
which has received this eventrequest
- TheWriteRequest
that contains the sent message- Throws:
Exception
- If an error occurred while processing the event
-
filterWrite
public void filterWrite(IoFilter.NextFilter next, IoSession session, WriteRequest request) throws Exception
FiltersIoSession.write(Object)
method invocation.- Specified by:
filterWrite
in interfaceIoFilter
- Overrides:
filterWrite
in classIoFilterAdapter
- Parameters:
next
- theIoFilter.NextFilter
for this filter. You can reuse this object until this filter is removed from the chain.session
- TheIoSession
which has to process this invocationrequest
- TheWriteRequest
to process- Throws:
Exception
- If an error occurred while processing the event
-
-