Hi Alexey,
While writing a simple test case this afternoon, I found what was wrong.
The main problem was the usage of Response.getOutputStream().
This is my understanding :
Before Grizzly 2.1.2, there were only 1 method : Response.getOutputStream().
AFAIU : This method return a blocking stream.
But from Grizzly 2.1.2, they are 2 methods :
Response.getOutputStream() and Response.getOutputStream( Boolean blocking )
The problem is that Response.getOutputStream() call the method Response.getOutputStream( false ); and it change the behavior comparing to the previous Grizzly version. Do you agree ?
Once I realize that, I modify my code to put getOutputStream(true), and now, no more problem.
My first tests seems ok.
But, I also use Jersey, and I had problem with it.
And basically the problem is the same, in Jersey 1.9, the Grizzly 2 connector use the method getOutputStream() and I have the same problem.
I quickly rewrite the Jersey connector by putting getOutputStream( false ) in the Jersey writer and now it works !
Is it really wanted to put the Jersey connector in non blocking mode ? I feel it's a mistake bug. But I may be wrong.
I don't know if it's normal/ok to assert that the non blocking mode is enable by default.
For me it's an advanced feature and should be enabled only by using the getOutputStream( Boolean blocking ) method.
Thanks and Regards
David
From: Oleksiy Stashok [mailto:oleksiy.stashok_at_oracle.com]
Sent: vendredi 9 septembre 2011 18:53
To: users_at_grizzly.java.net
Subject: Re: Grizzly 2 and SSL
Hi David,
I believe it's something configuration related.
Can you pls. send us a testcase to reproduce the issue?
Thanks.
WBR,
Alexey.
On 09/09/2011 04:15 PM, Gay David (Annecy) wrote:
Hi all,
I'm using Grizzly 2.1.2 and I have a problem when turning on SLL. I have this exception :
2011-09-09 15:59:23,697 GMT+0200 - [Grizzly(1)] WARN (DefaultFilterChain.execute:177) - Exception during FilterChain execution
org.glassfish.grizzly.TransformationException: javax.net.ssl.SSLException: Received fatal alert: unexpected_message
at org.glassfish.grizzly.ssl.SSLDecoderTransformer.transformImpl(SSLDecoderTransformer.java:175)
at org.glassfish.grizzly.ssl.SSLDecoderTransformer.transformImpl(SSLDecoderTransformer.java:66)
at org.glassfish.grizzly.AbstractTransformer.transform(AbstractTransformer.java:73)
at org.glassfish.grizzly.filterchain.AbstractCodecFilter.handleRead(AbstractCodecFilter.java:71)
at org.glassfish.grizzly.ssl.SSLFilter.handleRead(SSLFilter.java:176)
at org.glassfish.grizzly.filterchain.ExecutorResolver$9.execute(ExecutorResolver.java:119)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeFilter(DefaultFilterChain.java:286)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeChainPart(DefaultFilterChain.java:223)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.execute(DefaultFilterChain.java:155)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.process(DefaultFilterChain.java:134)
at org.glassfish.grizzly.ProcessorExecutor.execute(ProcessorExecutor.java:78)
at org.glassfish.grizzly.nio.transport.TCPNIOTransport.fireIOEvent(TCPNIOTransport.java:827)
at org.glassfish.grizzly.strategies.AbstractIOStrategy.fireIOEvent(AbstractIOStrategy.java:103)
at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.run0(WorkerThreadIOStrategy.java:111)
at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.access$100(WorkerThreadIOStrategy.java:55)
at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy$WorkerThreadRunnable.run(WorkerThreadIOStrategy.java:131)
at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:508)
at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.run(AbstractThreadPool.java:488)
at java.lang.Thread.run(Thread.java:662)
Caused by: javax.net.ssl.SSLException: Received fatal alert: unexpected_message
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:190)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1429)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1397)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1563)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1023)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:837)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:713)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:607)
at org.glassfish.grizzly.ssl.SSLDecoderTransformer.transformImpl(SSLDecoderTransformer.java:127)
... 18 more
And this is the code I use to init the SSL in Grizzly :
private static final String SSLCTX_TLS = "TLS";
private static final String KSTYPE_PKCS12 = "PKCS12";
public void startServer( SomeConfigurationObject conf ) throws Exception
{
...
HttpServer server = new HttpServer();
NetworkListener nl = new NetworkListener( identifier, host, port );
if( useSsl )
{
nl.setSecure( true );
nl.setSSLEngineConfig( createSSLConfiguration(conf) );
}
nl.setRcmSupportEnabled( false );
nl.setCompression( "on" );
nl.setChunkingEnabled( true );
nl.setDisableUploadTimeout( true );
nl.getFileCache().setEnabled( false );
server.addListener( nl );
// Add the http handlers
....
// Start
server.start();
}
private SSLEngineConfigurator createSSLConfiguration( SomeConfigurationObject conf ) throws IOException
{
ByteArrayInputStream bais;
KeyStore ks;
KeyManagerFactory kmFactory;
SSLContext sslContext;
SSLEngineConfigurator engineConf;
engineConf = null;
try
{
// Prepare a key manager using the provided keystore
kmFactory = KeyManagerFactory.getInstance( KeyManagerFactory.getDefaultAlgorithm() );
// .... some code to init the KeyManagerFactory
// Initialize the SSL context with the certificate as the server identity
sslContext = SSLContext.getInstance( SSLCTX_TLS );
sslContext.init( kmFactory.getKeyManagers(), null, null );
// Create the engine conf
engineConf = new SSLEngineConfigurator( sslContext, false, false, false );
engineConf.setEnabledProtocols( new String[] { "TLSv1", "SSLv3" } );
engineConf.setProtocolConfigured( true );
engineConf.setEnabledCipherSuites( conf.getEnabledCipherSuites() );
engineConf.setCipherConfigured( true );
}
catch( ... ) { .... }
Did someone have a clue of what's could be wrong ?
Thanks and regards
David