2018年12月23日(日) 2:10 Christopher Schultz :
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Keiichi,
>
> On 12/21/18 02:58, Keiichi Fujino wrote:
> > 2018年12月21日(金) 12:11 Christopher Schultz
> > :
> >
> > Tim,
> >
> > On 12/20/18 10:18, Tim K wrote:
> >
> > I just downloaded and tried 9.0.14 but I'm still getting
> > the same BadPaddingException upon starting the second
> > instance. I confirmed the encryptionKey matches on my two
> > instances.
> >
>
> Maybe something is wrong with my config? For this test, I
> have both Tomcats on the same server using different ports:
> >
> > This is the only thing that matters to the encryption interceptor:
> >
> className="org.apache.catalina.tribes.group.interceptors.EncryptInt
> erc
> >
>
> eptor"
>
>
> > encryptionKey="e0f2cdf931e99fdce0453964294f97f3" />
> >
> > I'm not sure if the order of encrypt/asyncdispatch interceptors
> > matters much.
> >
> >
> >
> >> Hi.
> >
> >> The case of using TcpFailureDetector, there is a case to write
> >> directly without passing through the interceptor chain.
> >
> >> TcpFailureDetector#memberAlive writes the channel data directly
> >> to outputstream without passing through the interceptor chain.
> >> However, when receiving this channel data, It passes through the
> >> interceptor chain. So, it must be received by TcpFailureDetector
> >> before decrypt of EncryptInterceptor. That is, the order is
> >> important. The order is EncryptInterceptor ->
> >> TcpFailureDetector.
>
> How's this for an update to the EncryptInterceptor documentation:
>
> "
> If using the TcpFailureDetector, the
> EncryptInterceptor
> must be inserted into the interceptor chain before the
> TcpFailureDetector. This is becuase the
> TcpFailureDetector writes channel data directly
> without using
> the remainder of the interceptor chain, but on the receiving side,
> the message still goes through the chain (in reverse). Because of this
> asymmetry, the EncryptInterceptor must execute
> before
> the TcpFailureDetector on the sender and after
> it on the receiver.
> "
>
>
Hi Chris.
Writing channel data directly is only for member verification.
Normal message are sent/received via the interceptor chain.
So, It may be better to add a sentence that interprets that writing channel
data directly is only for member verification.
such as, "When TcpFailureDetector validates cluster members..." etc.
> ??
>
> - -chris
> -BEGIN PGP SIGNATURE-
> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlweb+MACgkQHPApP6U8
> pFibAhAAuQWi3IGaGRGGwZEHYo9jMB9gdxGkZvQGMEK4naN2KgMkzZ56wTxWRwFh
> SEV6yHj6Tz+MERc6YL2st3Hm8VH6DgwEth1g1SmLZGM0JxD4HgqTwtVE9JZk9s4Y
> dMCgRR+O09bUh0fnCOybcOHeMZv1SewPFhXq8e/rquTbJAhljRhCrANkzRmo5/05
> WS+DsG78EVrjMG/X8uZIkkBOO43TzwTyAWNrX7u3DwUvf01idgHUceBQ/pRVC+L9
> a4TwypZjYkxJcLeHexzytXYLs8j/r8JtrPYFZfTeQvnlFdDkAcFgYL+CjfjKRTwo
> GPJyMU8HjxAfROe0HsRXwtX/OL0XTDq21bwE7yNTCtV1NcnsLSY74eh7WtwMgIKx
> kmNva4roGCeb+IQAC2QRnXmenB3qX2RN2ZrY3KWEq2s+UJP7PTf3Xga5ov/OJ0ce
> SE8UIuXfmh8IS7nZPn0mFwflbB9xjJZZV8c/oScQflAJKtVjc3mQ6b+29Jfx+zMI
> imvx+B7szFkccjtIjZQlPHqgW0MbnuflqiVBUb8tH29adDOWELRPook3V6htHdBA
> 1Izbpng+dVU2R2xEQdtdcevUKbaIvmB8xYGRgilu//o/1RrC8wzGqZuXaiomBT01
> Q/wIOQjjXKvVELoAu7Ym23KEv+IDrZAmtZy7QWiBP5azPwbc4sA=
> =wOVI
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
--
Keiichi.Fujino