Netty: Move n2n filter in pipeline to first place
The current IP filter kicks in after the SSL handler, which only makes sense, if you check things like the SSL certificate. For now it makes most sense to really put this at the first place. Original commit: elastic/x-pack-elasticsearch@bbaed67a3c
This commit is contained in:
Alexander Reelsen
parent
176517ba7e
commit
d604c63527
|
|
@ -57,14 +57,14 @@ public class NettySecuredHttpServerTransport extends NettyHttpServerTransport {
|
|||
@Override
|
||||
public ChannelPipeline getPipeline() throws Exception {
|
||||
ChannelPipeline pipeline = super.getPipeline();
|
||||
if (shieldUpstreamHandler != null) {
|
||||
pipeline.addFirst("ipfilter", shieldUpstreamHandler);
|
||||
}
|
||||
if (ssl) {
|
||||
SSLEngine engine = sslConfig.createSSLEngine();
|
||||
engine.setUseClientMode(false);
|
||||
pipeline.addFirst("ssl", new SslHandler(engine));
|
||||
}
|
||||
if (shieldUpstreamHandler != null) {
|
||||
pipeline.addFirst("ipfilter", shieldUpstreamHandler);
|
||||
}
|
||||
return pipeline;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -64,9 +64,6 @@ public class NettySecuredTransport extends NettyTransport {
|
|||
@Override
|
||||
public ChannelPipeline getPipeline() throws Exception {
|
||||
ChannelPipeline pipeline = super.getPipeline();
|
||||
if (shieldUpstreamHandler != null) {
|
||||
pipeline.addFirst("ipfilter", shieldUpstreamHandler);
|
||||
}
|
||||
if (ssl) {
|
||||
SSLEngine serverEngine = sslConfig.createSSLEngine();
|
||||
serverEngine.setUseClientMode(false);
|
||||
|
|
@ -74,6 +71,9 @@ public class NettySecuredTransport extends NettyTransport {
|
|||
pipeline.addFirst("ssl", new SslHandler(serverEngine));
|
||||
pipeline.replace("dispatcher", "dispatcher", new SecuredMessageChannelHandler(nettyTransport, logger));
|
||||
}
|
||||
if (shieldUpstreamHandler != null) {
|
||||
pipeline.addFirst("ipfilter", shieldUpstreamHandler);
|
||||
}
|
||||
return pipeline;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue