|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object org.apache.mina.io.IoFilterAdapter org.apache.mina.io.filter.SSLFilter
public class SSLFilter
An SSL filter that encrypts and decrypts the data exchanged in the session.
This filter uses an SSLEngine
which was introduced in Java 5, so
Java version 5 or above is mandatory to use this filter. And please note that
this filter only works for TCP/IP connections.
This filter logs debug information using Logger
.
You can use DISABLE_ENCRYPTION_ONCE
attribute to implement StartTLS:
public void messageReceived(ProtocolSession session, Object message) { if (message instanceof MyStartTLSRequest) { // Insert SSLFilter to get ready for handshaking IoSession ioSession = ((IoProtocolSession) session).getIoSession(); ioSession.getFilterChain().addLast(sslFilter); // Disable encryption temporarilly. // This attribute will be removed by SSLFilter // inside the Session.write() call below. session.setAttribute(SSLFilter.DISABLE_ENCRYPTION_ONCE, Boolean.TRUE); // Write StartTLSResponse which won't be encrypted. session.write(new MyStartTLSResponse(OK)); // Now DISABLE_ENCRYPTION_ONCE attribute is cleared. assert session.getAttribute(SSLFilter.DISABLE_ENCRYPTION_ONCE) == null; } }
Nested Class Summary |
---|
Nested classes/interfaces inherited from interface org.apache.mina.io.IoFilter |
---|
IoFilter.NextFilter |
Field Summary | |
---|---|
static String |
DISABLE_ENCRYPTION_ONCE
A session attribute key that makes next one write request bypass this filter (not encrypting the data). |
static String |
SSL_SESSION
A session attribute key that stores underlying SSLSession
for each session. |
Constructor Summary | |
---|---|
SSLFilter(SSLContext sslContext)
Creates a new SSL filter using the specified SSLContext . |
Method Summary | |
---|---|
void |
dataRead(IoFilter.NextFilter nextFilter,
IoSession session,
ByteBuffer buf)
Filters IoHandler.dataRead(IoSession, ByteBuffer) event. |
void |
dataWritten(IoFilter.NextFilter nextFilter,
IoSession session,
Object marker)
Filters IoHandler.dataWritten(IoSession, Object) event. |
void |
filterWrite(IoFilter.NextFilter nextFilter,
IoSession session,
ByteBuffer buf,
Object marker)
Filters IoSession.write(ByteBuffer, Object) method invocation. |
String[] |
getEnabledCipherSuites()
Returns the list of cipher suites to be enabled when SSLEngine
is initialized. |
String[] |
getEnabledProtocols()
Returns the list of protocols to be enabled when SSLEngine
is initialized. |
SSLSession |
getSSLSession(IoSession session)
Returns the underlying SSLSession for the specified session. |
boolean |
isNeedClientAuth()
Returns true if the engine will require client authentication. |
boolean |
isUseClientMode()
Returns true if the engine is set to use client mode when handshaking. |
boolean |
isWantClientAuth()
Returns true if the engine will request client authentication. |
void |
sessionClosed(IoFilter.NextFilter nextFilter,
IoSession session)
Filters IoHandler.sessionClosed(IoSession) event. |
void |
sessionOpened(IoFilter.NextFilter nextFilter,
IoSession session)
Filters IoHandler.sessionOpened(IoSession) event. |
void |
setEnabledCipherSuites(String[] cipherSuites)
Sets the list of cipher suites to be enabled when SSLEngine
is initialized. |
void |
setEnabledProtocols(String[] protocols)
Sets the list of protocols to be enabled when SSLEngine
is initialized. |
void |
setNeedClientAuth(boolean needClientAuth)
Configures the engine to require client authentication. |
void |
setUseClientMode(boolean clientMode)
Configures the engine to use client (or server) mode when handshaking. |
void |
setWantClientAuth(boolean wantClientAuth)
Configures the engine to request client authentication. |
Methods inherited from class org.apache.mina.io.IoFilterAdapter |
---|
exceptionCaught, sessionIdle |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
public static final String SSL_SESSION
SSLSession
for each session.
public static final String DISABLE_ENCRYPTION_ONCE
Boolean.TRUE
is preferred.) The attribute is automatically removed from the session
attribute map as soon as IoSession.write(ByteBuffer, Object)
is
invoked, and therefore should be put again if you want to make more
messages bypass this filter. This is especially useful when you
implement StartTLS.
Constructor Detail |
---|
public SSLFilter(SSLContext sslContext)
SSLContext
.
Method Detail |
---|
public SSLSession getSSLSession(IoSession session)
SSLSession
for the specified session.
SSLSession
is initialized yet.public boolean isUseClientMode()
public void setUseClientMode(boolean clientMode)
public boolean isNeedClientAuth()
public void setNeedClientAuth(boolean needClientAuth)
public boolean isWantClientAuth()
public void setWantClientAuth(boolean wantClientAuth)
public String[] getEnabledCipherSuites()
SSLEngine
is initialized.
SSLEngine
's default.'public void setEnabledCipherSuites(String[] cipherSuites)
SSLEngine
is initialized.
cipherSuites
- null means 'use SSLEngine
's default.'public String[] getEnabledProtocols()
SSLEngine
is initialized.
SSLEngine
's default.'public void setEnabledProtocols(String[] protocols)
SSLEngine
is initialized.
protocols
- null means 'use SSLEngine
's default.'public void sessionOpened(IoFilter.NextFilter nextFilter, IoSession session) throws SSLException
IoFilter
IoHandler.sessionOpened(IoSession)
event.
sessionOpened
in interface IoFilter
sessionOpened
in class IoFilterAdapter
SSLException
public void sessionClosed(IoFilter.NextFilter nextFilter, IoSession session) throws SSLException
IoFilter
IoHandler.sessionClosed(IoSession)
event.
sessionClosed
in interface IoFilter
sessionClosed
in class IoFilterAdapter
SSLException
public void dataRead(IoFilter.NextFilter nextFilter, IoSession session, ByteBuffer buf) throws SSLException
IoFilter
IoHandler.dataRead(IoSession, ByteBuffer)
event.
dataRead
in interface IoFilter
dataRead
in class IoFilterAdapter
SSLException
public void dataWritten(IoFilter.NextFilter nextFilter, IoSession session, Object marker)
IoFilter
IoHandler.dataWritten(IoSession, Object)
event.
dataWritten
in interface IoFilter
dataWritten
in class IoFilterAdapter
public void filterWrite(IoFilter.NextFilter nextFilter, IoSession session, ByteBuffer buf, Object marker) throws SSLException
IoFilter
IoSession.write(ByteBuffer, Object)
method invocation.
filterWrite
in interface IoFilter
filterWrite
in class IoFilterAdapter
SSLException
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |