-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Keiichi,
On 12/21/18 02:58, Keiichi Fujino wrote: > 2018年12月21日(金) 12:11 Christopher Schultz > <ch...@christopherschultz.net>: > > Tim, > > On 12/20/18 10:18, Tim K wrote: >>>>> >>>>> I just downloaded and tried 9.0.14 but I'm still getting >>>>> the same BadPaddingException upon starting the second >>>>> instance. I confirmed the encryptionKey matches on my two >>>>> instances. >>>>> >>>> >>>> Maybe something is wrong with my config? For this test, I >>>> have both Tomcats on the same server using different ports: > > This is the only thing that matters to the encryption interceptor: > >>>> <Interceptor >>>> className="org.apache.catalina.tribes.group.interceptors.EncryptInt erc > >>>> eptor" >>>> >>>> > encryptionKey="e0f2cdf931e99fdce0453964294f97f3" /> > > I'm not sure if the order of encrypt/asyncdispatch interceptors > matters much. > > > >> Hi. > >> The case of using TcpFailureDetector, there is a case to write >> directly without passing through the interceptor chain. > >> TcpFailureDetector#memberAlive writes the channel data directly >> to outputstream without passing through the interceptor chain. >> However, when receiving this channel data, It passes through the >> interceptor chain. So, it must be received by TcpFailureDetector >> before decrypt of EncryptInterceptor. That is, the order is >> important. The order is EncryptInterceptor -> >> TcpFailureDetector. How's this for an update to the EncryptInterceptor documentation: " If using the <code>TcpFailureDetector</code>, the <code>EncryptInterceptor</code> <i>must</i> be inserted into the interceptor chain <i>before</i> the <code>TcpFailureDetector</code>. This is becuase the <code>TcpFailureDetector</code> writes channel data directly without using the remainder of the interceptor chain, but on the receiving side, the message still goes through the chain (in reverse). Because of this asymmetry, the <code>EncryptInterceptor</code> must execute <i>before</i> the <code>TcpFailureDetector</code> on the sender and <i>after</i> it on the receiver. " ?? - -chris -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlweb+MACgkQHPApP6U8 pFibAhAAuQWi3IGaGRGGwZEHYo9jMB9gdxGkZvQGMEK4naN2KgMkzZ56wTxWRwFh SEV6yHj6Tz+MERc6YL2st3Hm8VH6DgwEth1g1SmLZGM0JxD4HgqTwtVE9JZk9s4Y dMCgRR+O09bUh0fnCOybcOHeMZv1SewPFhXq8e/rquTbJAhljRhCrANkzRmo5/05 WS+DsG78EVrjMG/X8uZIkkBOO43TzwTyAWNrX7u3DwUvf01idgHUceBQ/pRVC+L9 a4TwypZjYkxJcLeHexzytXYLs8j/r8JtrPYFZfTeQvnlFdDkAcFgYL+CjfjKRTwo GPJyMU8HjxAfROe0HsRXwtX/OL0XTDq21bwE7yNTCtV1NcnsLSY74eh7WtwMgIKx kmNva4roGCeb+IQAC2QRnXmenB3qX2RN2ZrY3KWEq2s+UJP7PTf3Xga5ov/OJ0ce SE8UIuXfmh8IS7nZPn0mFwflbB9xjJZZV8c/oScQflAJKtVjc3mQ6b+29Jfx+zMI imvx+B7szFkccjtIjZQlPHqgW0MbnuflqiVBUb8tH29adDOWELRPook3V6htHdBA 1Izbpng+dVU2R2xEQdtdcevUKbaIvmB8xYGRgilu//o/1RrC8wzGqZuXaiomBT01 Q/wIOQjjXKvVELoAu7Ym23KEv+IDrZAmtZy7QWiBP5azPwbc4sA= =wOVI -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org