Hi guys, as a follow up of a discussion we have had with Jonathan, I would like to suggest we add the 'secured()' event in the IoHandler. Th idea is to make it simpler for MINA users to be informed when teh TLS handshake has been completed.
Currently, one need to add the USE_NOTIFICATION attribute in the session before adding the SslFilter in the chain, in order to receive a SESSION_SECURED message. This is kind of convoluted solution, which requires to check for every received message if it's a SESSION_SECURED message in the messageReceived() method. Having a secured() event would eliminate this attribute, and this message, making app implementers life easier. Typically, in the Apache LDAP API, we implement the startTLS extended operation, which allows the caller to setup a secured communication over an existing connection. That forces us to write such code : ... ldapSession.setAttribute( SslFilter.USE_NOTIFICATION, Boolean.TRUE ); ldapSession.setAttribute( "HANDSHAKE_FUTURE", handshakeFuture ); ldapSession.getFilterChain().addFirst( SSL_FILTER_KEY, sslFilter ); ... (the future is used to be informed when the TLS handshake has been completed) and in order to process the SESSION_SECURED message, we have to do : public void messageReceived( IoSession session, Object message ) throws Exception { // Feed the response and store it into the session if ( message instanceof SslFilter.SslFilterMessage ) { // This is a SSL message telling if the session has been secured or not HandshakeFuture handshakeFuture = ( HandshakeFuture ) ldapSession.getAttribute( "HANDSHAKE_FUTURE" ); if ( message == SslFilter.SESSION_SECURED ) { // SECURED handshakeFuture.secured(); } else { // UNSECURED handshakeFuture.cancel(); } ldapSession.removeAttribute( "HANDSHAKE_FUTURE" ); return; } which is kind of complicated... wdyt ? -- Emmanuel Lecharny Symas.com directory.apache.org