-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Keiichi,
On 12/25/18 02:33, Keiichi Fujino wrote:
> 2018年12月23日(日) 2:10 Christopher Schultz
> :
>
> Keiichi,
>
> On 12/21/18 02:58, Keiichi Fujino wrote:
2018年12月21日(金) 12:11 Christopher Schultz
:
Tim,
On 12/20/18 10:18, Tim K wrote:
I just downloaded and tried 9.0.14 but I'm still
getting the same BadPaddingException upon starting
the second instance. I confirmed the encryptionKey
matches on my two instances.
>>>
>>> Maybe something is wrong with my config? For this
>>> test, I have both Tomcats on the same server using
>>> different ports:
This is the only thing that matters to the encryption
interceptor:
>>> >> className="org.apache.catalina.tribes.group.interceptors.Encrypt
Int
>
>>>
erc
>>>
> eptor"
>>>
>>>
encryptionKey="e0f2cdf931e99fdce0453964294f97f3" />
I'm not sure if the order of encrypt/asyncdispatch
interceptors matters much.
> Hi.
> The case of using TcpFailureDetector, there is a case to
> write directly without passing through the interceptor
> chain.
> TcpFailureDetector#memberAlive writes the channel data
> directly to outputstream without passing through the
> interceptor chain. However, when receiving this channel
> data, It passes through the interceptor chain. So, it must
> be received by TcpFailureDetector before decrypt of
> EncryptInterceptor. That is, the order is important. The
> order is EncryptInterceptor -> TcpFailureDetector.
>
> How's this for an update to the EncryptInterceptor documentation:
>
> " If using the TcpFailureDetector, the
> EncryptInterceptor must be inserted into the
> interceptor chain before the
> TcpFailureDetector. This is becuase the
> TcpFailureDetector writes channel data directly
> without using the remainder of the interceptor chain, but on the
> receiving side, the message still goes through the chain (in
> reverse). Because of this asymmetry, the
> EncryptInterceptor must execute before the
> TcpFailureDetector on the sender and after it
> on the receiver. "
>
>
>> Hi Chris.
>
>> Writing channel data directly is only for member verification.
>> Normal message are sent/received via the interceptor chain. So,
>> It may be better to add a sentence that interprets that writing
>> channel data directly is only for member verification. such as,
>> "When TcpFailureDetector validates cluster members..." etc.
How about this:
"
If using the TcpFailureDetector, the
EncryptInterceptor
must be inserted into the interceptor chain before the
TcpFailureDetector. This is becuase when validating cluster
members, TcpFailureDetector writes channel data directly
to the other members without using the remainder of the interceptor chai
n,
but on the receiving side, the message still goes through the chain (in
reverse).
Because of this asymmetry, the EncryptInterceptor must
execute
before the TcpFailureDetector on the sender and
after
it on the receiver, otherwise message corruption will occur.
"
- -chris
-BEGIN PGP SIGNATURE-
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlwo1DkACgkQHPApP6U8
pFj5RxAAhhhMiY//Q5JqJOUSD4whffm64N0jlq1tpmQzVp5bU9Xu6qL36aelFZMP
YH4VTQOvWwcPDyYBirix1feBBYWTIfIHCGtRw26fWj7OilE+EouiMM1gVPyfKSqj
LdrTlDpTzQ7LeZdukkYKIDNpaI02k9EbeYWCNi3AHIp3YCB0dX3XnpN4dmnm7lsw
idwc8B2ExmkdSqy/4Yzn21IIia2DSfAA8BrdHlwlWiAF8VQZyVMO/gkeXk4HQ4Fg
jwKdRtZxNcwyMW4o2S2owYNFdd85pNyPiFihTS7M0+WHoLHRO29kR/c0yeVlBfCf
AijiVpTjKyYZ/Al0cavuBRDty5Cg0AEX0DDwj1PvxUQ+i1Teiv3Y7f8IhpEnwmFI
AFoVFN3lghJ5U/cMkm+TzDjwME2TbTup35zabclzNTpDx7EKjPve66MJmOs4xxoJ
jtKepyt9W5z9/FlhAvxxrLJjj5T3LJSqBrtSw+YUlj0DKqrW92sxf5s3hHoy4tkH
Fji36KYx8Sryj+jQsyd+w7YlZHZ7A6W7wRIKBtqc/zxECowHSD5Q2fpqC9hUTMfN
TB9JPhFvwOBRgDWp5UWTT3JHidOQSiL/0OFdvW2d5RutZq424MpY2gObFJIoRYMp
uRIwO+AU7kyt6kkSYpN/dShScGOJ8sdX0TBK2K9CyrbK8OD5H4U=
=y0zP
-END PGP SIGNATURE-
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org