WebSockets in Enterprise Applications

6,522 views

Published on

WebSockets in (Java) Enterprise Applications

Published in: Technology
0 Comments
4 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
6,522
On SlideShare
0
From Embeds
0
Number of Embeds
1,490
Actions
Shares
0
Downloads
53
Comments
0
Likes
4
Embeds 0
No embeds

No notes for slide

WebSockets in Enterprise Applications

  1. 1. WebSocket in Enterprise apps Pavel Bucek (pavel.bucek@oracle.com) Oracle September 30, 2014 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
  2. 2. Safe Harbor Statement The following is intended to outline our general product direcPon. It is intended for informaPon purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or funcPonality, and should not be relied upon in making purchasing decisions. The development, release, and Pming of any features or funcPonality described for Oracle’s products remains at the sole discrePon of Oracle. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
  3. 3. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Program Agenda What is WebSocket When to use WebSocket Security (AuthenPcaPon, SSL, …), browser support, usability Code paUerns Advanced topics (monitoring, tracing, clustering, …) 1 2 3 4 5
  4. 4. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | WebSocket protocol • RFC 6455 (December 2011) • Two way communicaPon protocol, replacement for Long-­‐polling – BeUer resource uPlizaPon • Based on the HTTP/1.1 Upgrade mechanism – IniPal (WebSocket) handshake uses HTTP • Includes extensions and Sub protocol negoPaPon – Everything else is then encapsulated in WebSocket frames – ConnecPon/communicaPon can be closed using WebSocket or just by closing underlying TCP connecPon (will be detected as 1006 -­‐ CLOSED_ABNORMALLY)
  5. 5. When NOT to use WebSocket Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | • Non-­‐interacPve applicaPons • Single direcPonal communicaPon (client just waits/reads data from the server) – SSE – Server sent events • Forms based applicaPons • High throughput (*) – Video streaming can be implemented on top of WebSocket, but there are much beUer protocols for this purpose
  6. 6. When you should consider using WebSocket Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | • ApplicaPon needs to communicate with the server – Bi-­‐direcPonal communicaPon (not just polling!) • InteracPvity • Time criPcal data delivery – Once connecPons is established, the message overhead is quite low • High throughput (*) – Video streaming can be implemented on top of WebSocket, but there are much beUer protocols for this purpose
  7. 7. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | WebSocket usecases • Chat-­‐like applicaPons – Various implementaPons opPons – XMPP (Jabber) over WebSocket • Trading and transacPons – Fast feedback/execuPon • Real-­‐Pme monitoring – Depends on the data source – InteracPon with monitored object – (SSE?) • Remote control – Input with “real-­‐Pme” feedback – From industry applicaPon to fun apps • Games – HTML5 “naPve” transport – Supported by improvements in browsers 2D/3D canvas support • General collaboraPon – Customer service, Social apps, …
  8. 8. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | WebSocket API – Security • Server side – Standard servlet/container mechanism for securing web services – Container-­‐related configuraPon, not all of those relevant for websockets (depends) – Origin check • Client side – Java – Official API does not provide much in terms of AuthenPcaPon or other related sepngs support – Not only about AuthenPcaPon; SSL sepngs (TrustStore, KeyStore, HostnameVerifier) – Proxy authenPcaPon
  9. 9. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | WebSocket API – Security • Client side – Browsers – Client can connect only to the same host/port from which was the “staPc” page opened – SpecificaPon is very vague and does not really touch this subject – Passing properPes of current HTML page to WebSocket connecPons seem to be not as common as it could be • Using SSL client cerPficates • Passing credenPals (BASIC, DIGEST) to the WebSocket connecPon • Adding Cookies to headers of handshake response – Current browser API cannot influence or intercept request/response headers
  10. 10. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | WebSocket API – Usability • All modern browsers do support websocket – Including mobile devices (Android, iOS) – There are available soluPons for older browsers • Fallback transport/containers • Flash WebSocket client • Vendor proprietary soluPons – WebSocket over Long-­‐Polling etc. • HTTP Proxy is not an issue, same for firewalls
  11. 11. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Java API for WebSocket • JSR 356 – Part of Java EE 7 – 1.0 (May 2013) – 1.1 (August 2014) • Annotated and programmaPc way how to deploy and access WebSocket endpoints • Event-­‐driven model -­‐ @OnOpen, @OnMessage, @OnError, @OnClose • Encoders/Decoders, Path/Query parameter handling, Handshake headers interceptors, CDI integraPon, …
  12. 12. Java API for WebSocket – Annotated Endpoint Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
  13. 13. Java API for WebSocket – ProgrammaPc Endpoint Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
  14. 14. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Java API for WebSocket Concurrency/Threading • Different threading model compared to “standard” Servlet • Javax.webscoket.Session is thread-­‐safe. • Each method might be invoked from different thread – There is no guarantee that @OnMessage will be always called from the same thread – InvocaPons will be made in message order and next @OnMessage won’t be called unless previous execuPon ended – ImplicaPons: • Method implementaPons must be thread safe. • Double check the resources you are accessing from Endpoint implementaPons
  15. 15. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Java API for WebSocket Project Tyrus • Reference ImplementaPon for JSR 356 • WebSocket implementaPon of Oracle WebLogic Server and Glassfish • Current version is 1.8.3 • hUps://tyrus.java.net • Highlighted features: – Client improvements (SSL, Auth, Proxies, Reconnect, …), OpPmized broadcast, Tracing, Monitoring, Clustering (*), …
  16. 16. Tyrus – Client improvements Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | • Client distributed as part of the applicaPon server or as a standalone bundle – convenient for standalone app use – Grizzly based container (JDK 1.6+) – Java 7 NIO based container (JDK 1.7+) • Client properPes – AuthenPcaPon – BASIC/DIGEST/custom – SSL – TrustStore, KeyStore, HostnameVerifier – Proxy support – Reconnect Handler, …
  17. 17. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Tyrus – Broadcast • WebSocket API provides single way how to perform broadcast • Don’t • Call session.isOpen() • Throw excepPon from method or try-­‐catch whole iteraPon • Do • getAsyncRemote()
  18. 18. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Tyrus – Broadcast • Tyrus provides single method • Proprietary • No Encoders • No need to compose new frame for each session/client. • Parallel (*) • Cluster-­‐ready (*)
  19. 19. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Tyrus – Monitoring • Tyrus provides SPI for monitoring events – (up to session level) • Tyrus contains implementaPon which exposes these staPsPcs as JMX Beans • Also included in Oracle WebLogic Server • Monitored data – Sent/received messages per session (*)/endpoint/applicaPon – Message types (text/binary/control)
  20. 20. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Tyrus – Tracing • Feature which allows per-­‐request diagnosPcs • Useful when developing an applicaPon – Logged messages related to runPme processing – Handshake request/response – Endpoint path matching process – Encoders/Decoders, MessageHandlers
  21. 21. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Tyrus – Clustering • JSR 356 does not say much about deploying applicaPons to the cluster – (There is only small noPon in Session#getUserProperPes() javadoc) • Currently, applicaPon will behave the same way as it would be deployed to single node. – Issues with Session.getOpenSessions() and javax.websocket.Session • Custom API required to make this work – RemoteSession – Distributed properPes
  22. 22. Tyrus – Clustering – Coherence Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | • Message based architecture with persisted state(s) – JMS does not offer to store state + harder to setup • Coherence Cluster used as backing framework – Several NamedCaches • Endpoints, Sessions, Messages, Broadcast, DistributedProperPes – Scopes of the coherence values are limited by Coherence ContainerAdapter • One scope per applicaPon per parPPon (MT) – Each distributed operaPon can be mapped to Map.put() + corresponding listener
  23. 23. Tyrus – Clustering – Coherence Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Sending a message Coherence Cluster sendText() m = new Message(…) msgCache.addListener(m.getId()) sessionCache.put(sessionId, m) Node 2 Node 1 RemoteSession.sendText [session created] sessionCache.registerListener(…); sessionCache.noPfy() getLocalSession(sessionId); r = localSession.sendText(m.getM()); msgCache.noPfy() msgCache.put(m.getId, r);
  24. 24. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Tyrus – Clustering – HA • CreaPng new Session on the server might be expensive (allocaPng resources, registraPons, gepng id(s) from database, …) • Session cannot be persisted as a whole, since the underlying TCP connecPon will be broken and this is recognized by WebSocket protocol and MUST BE interpreted as Close with 1006: CLOSED_ABNORMALLY – We can persist part of the session – distributed properPes • When client connects to the cluster, it will be given an ID and if this will be re-­‐send when client wants to reconnect (“persistent connecPon”), server implementaPon will set distributed properPes from the lost session
  25. 25. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Tyrus – Clustering – HA – Client will receive tyrus-­‐cluster-­‐connecPon-­‐id, will store it and add as a header when reconnecPng – Server: @OnOpen • IniPalize resources and save properPes to distributed properPes (TyrusSession#getDistributedProperPes()) – Server: @On* • Distributed properPes can be used. Please be aware that every read/write performs de/serializaPon. – When connecPon is broken, Session is closed. Client reconnects with added header. – Server: @OnOpen • Check whether distributed properPes already contain properPes. If not, reiniPalize, otherwise use them (meaning that this is reconnected session).
  26. 26. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Tyrus – Clustering – HA – Client will receive tyrus-­‐cluster-­‐connecPon-­‐id, will store it and add as a header when reconnecPng – Server: @OnOpen • IniPalize resources and save properPes to distributed properPes (TyrusSession#getDistributedProperPes()) – Server: @On* • Distributed properPes can be used. Please be aware that every read/write performs de/serializaPon. – When connecPon is broken, Session is closed. Client reconnects with added header. – Server: @OnOpen • Check whether distributed properPes already contain properPes. If not, reiniPalize, otherwise use them (meaning that this is reconnected session).
  27. 27. Tyrus – Clustering – Coherence Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Client Handshake request Cluster Node 1 Node 2 Handshake response + cluster conn. ID messages Close (1006) Handshake request + cluster conn. ID Handshake response messages @OnOpen Distributed properPes Are restored TCP connecPon #1 TCP connecPon #2
  28. 28. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Tyrus – Clustering • SPI is part of project Tyrus, implementaPon should be available in the next Oracle WebLogic Server release – Built on top of Coherence • Demo – Rumpetroll – hUp://rumpetroll.com
  29. 29. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Tyrus – Clustering
  30. 30. WebSocket.NEXT – QuesPons? Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | • WebSocket API 1.1.NEXT • WebSocket-­‐spec: hUps://java.net/projects/websocket-­‐spec – hUps://java.net/jira/browse/WEBSOCKET_SPEC • Reference ImplementaPon: Tyrus hUps://tyrus.java.net – users@tyrus.java.net – hUps://java.net/jira/browse/TYRUS • Pavel Bucek: pavel.bucek@oracle.com
  31. 31. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |

×