honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Netty: Move n2n filter in pipeline to first place 

The current IP filter kicks in after the SSL handler, which only
makes sense, if you check things like the SSL certificate. For
now it makes most sense to really put this at the first place.

Original commit: elastic/x-pack-elasticsearch@bbaed67a3c
This commit is contained in:
Alexander Reelsen 2014-09-12 08:32:38 +02:00
parent 176517ba7e
commit d604c63527
2 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/main/java/org/elasticsearch/shield/transport/netty/NettySecuredHttpServerTransport.java
View File

@ -57,14 +57,14 @@ public class NettySecuredHttpServerTransport extends NettyHttpServerTransport {
@Override @Override
public ChannelPipeline getPipeline() throws Exception { public ChannelPipeline getPipeline() throws Exception {
ChannelPipeline pipeline = super.getPipeline(); ChannelPipeline pipeline = super.getPipeline();
if (shieldUpstreamHandler != null) {
pipeline.addFirst("ipfilter", shieldUpstreamHandler);
}
if (ssl) { if (ssl) {
SSLEngine engine = sslConfig.createSSLEngine(); SSLEngine engine = sslConfig.createSSLEngine();
engine.setUseClientMode(false); engine.setUseClientMode(false);
pipeline.addFirst("ssl", new SslHandler(engine)); pipeline.addFirst("ssl", new SslHandler(engine));
} }
if (shieldUpstreamHandler != null) {
pipeline.addFirst("ipfilter", shieldUpstreamHandler);
}
return pipeline; return pipeline;
} }
} }

6
src/main/java/org/elasticsearch/shield/transport/netty/NettySecuredTransport.java
View File

@ -64,9 +64,6 @@ public class NettySecuredTransport extends NettyTransport {
@Override @Override
public ChannelPipeline getPipeline() throws Exception { public ChannelPipeline getPipeline() throws Exception {
ChannelPipeline pipeline = super.getPipeline(); ChannelPipeline pipeline = super.getPipeline();
if (shieldUpstreamHandler != null) {
pipeline.addFirst("ipfilter", shieldUpstreamHandler);
}
if (ssl) { if (ssl) {
SSLEngine serverEngine = sslConfig.createSSLEngine(); SSLEngine serverEngine = sslConfig.createSSLEngine();
serverEngine.setUseClientMode(false); serverEngine.setUseClientMode(false);
@ -74,6 +71,9 @@ public class NettySecuredTransport extends NettyTransport {
pipeline.addFirst("ssl", new SslHandler(serverEngine)); pipeline.addFirst("ssl", new SslHandler(serverEngine));
pipeline.replace("dispatcher", "dispatcher", new SecuredMessageChannelHandler(nettyTransport, logger)); pipeline.replace("dispatcher", "dispatcher", new SecuredMessageChannelHandler(nettyTransport, logger));
} }
if (shieldUpstreamHandler != null) {
pipeline.addFirst("ipfilter", shieldUpstreamHandler);
}
return pipeline; return pipeline;
} }
} }