Servlet 4.0 and HTTP/2 aim to improve web performance. HTTP/2 allows requests and responses to be multiplexed over a single connection, avoiding head-of-line blocking. It also includes header compression and server push. Servlet 4.0 leverages these features, allowing servers to proactively push resources to clients using push builders. Major servers and frameworks are adding support to take advantage of these new capabilities.
JDKIO: Java EE 8 what Servlet 4 and HTTP2 mean to youAlex Theedom
The goal of HTTP/2 is to increase the perceived performance of the web browsing experience. This is achieved by multiplexing over TCP and Server Push among other techniques. What implications does this have for developers? How does Servlet 4.0 embrace HTTP/2? We will see, with code examples, what the future of developing with HTTP/2 might look like.
Java EE 8: What Servlet 4 and HTTP2 MeanAlex Theedom
The goal of HTTP/2 is to increase the perceived performance of the web browsing experience. This is achieved by multiplexing over TCP and Server Push among other techniques. What implications does this have for developers? How does Servlet 4.0 embrace HTTP/2? We will see, with code examples, what the future of developing with HTTP/2 might look like.
Java EE 8: What Servlet 4.0 and HTTP/2 mean to youAlex Theedom
The goal of HTTP/2 is to increase the perceived performance of the web browsing experience. This is achieved by multiplexing over TCP and Server Push among other techniques. What implications does this have for developers? How does Servlet 4.0 embrace HTTP/2 and what support is there in JDK 9? We will see, with code examples, what the future of developing with HTTP/2 might look like.
A modern web browser supports a surprising number of protocols designed for fast, efficient, and secure communication. Even though some goals of these protocols might overlap, their features are different enough to make them all worth our attention. This session focuses on HTTP/2, SSE, and WebSocket. It is based on experience gained during development of popular Jersey and Tyrus libraries. It explains all mentioned protocols and compares them, in both theory and practice, using java-based examples.
Youtube: https://www.youtube.com/watch?v=G4V3b_z5TVk
an overview from the HTTP2 protocol including comparison with previous version, a deeper look over the protocol enhancements, compatibility matrix with the internet ecosystem and set of online demos that can show the performance optimization.
JDKIO: Java EE 8 what Servlet 4 and HTTP2 mean to youAlex Theedom
The goal of HTTP/2 is to increase the perceived performance of the web browsing experience. This is achieved by multiplexing over TCP and Server Push among other techniques. What implications does this have for developers? How does Servlet 4.0 embrace HTTP/2? We will see, with code examples, what the future of developing with HTTP/2 might look like.
Java EE 8: What Servlet 4 and HTTP2 MeanAlex Theedom
The goal of HTTP/2 is to increase the perceived performance of the web browsing experience. This is achieved by multiplexing over TCP and Server Push among other techniques. What implications does this have for developers? How does Servlet 4.0 embrace HTTP/2? We will see, with code examples, what the future of developing with HTTP/2 might look like.
Java EE 8: What Servlet 4.0 and HTTP/2 mean to youAlex Theedom
The goal of HTTP/2 is to increase the perceived performance of the web browsing experience. This is achieved by multiplexing over TCP and Server Push among other techniques. What implications does this have for developers? How does Servlet 4.0 embrace HTTP/2 and what support is there in JDK 9? We will see, with code examples, what the future of developing with HTTP/2 might look like.
A modern web browser supports a surprising number of protocols designed for fast, efficient, and secure communication. Even though some goals of these protocols might overlap, their features are different enough to make them all worth our attention. This session focuses on HTTP/2, SSE, and WebSocket. It is based on experience gained during development of popular Jersey and Tyrus libraries. It explains all mentioned protocols and compares them, in both theory and practice, using java-based examples.
Youtube: https://www.youtube.com/watch?v=G4V3b_z5TVk
an overview from the HTTP2 protocol including comparison with previous version, a deeper look over the protocol enhancements, compatibility matrix with the internet ecosystem and set of online demos that can show the performance optimization.
Introduction
Installing Apache HTTP Web Server
Installing mod_ssl for Secure Sockets Layer (SSL) Support
Installing PHP for Dynamic Web Pages
Setting Apache to Start on Bootup with chkconfig
Configuring Apache Server Settings (httpd.conf)
Creating the Web Site Directory Structure
Creating VirtualHost Configuration Files
Starting Apache and Viewing the Web Site
Other Things to Know for Using Apache
Conclusion
HTTP is one of the most widely used protocols in the world.
The version of HTTP 1.1, used to this day, was developed and described 18 years ago - 1999.
With the increasing complexity of web applications, the capabilities of HTTP 1.1 are already insufficient to provide increased demands on performance and responsiveness.
So in order to meet new requirements, HTTP must evolve. HTTP 2.0 is designed to make web applications faster, simple and reliable.
In this report I will tell about
- drawbacks of HTTP 1.1 and why we need a new version of HTTP.
- which advantages HTTP/2 offers in comparison with the previous version?
- how the new protocol affected the new version of SERVLET 4.0 and how we can use it.
ASP.NET Web API is the de facto framework for building HTTP-based services in the .NET ecosystem. With its WCF and MVC lineage, Web API brings to the table better architecture, easier configuration, increased testability, and as always, it's customizable from top to bottom. But to properly use Web API it is not enough to get familiar with its architecture and API, you also need to really understand what HTTP is all about. HTTP is the most common application layer protocol in the world, and yet, not many web developers are familiar with HTTP concepts such as of chunking, caching, and persisted connections. In this full-day tutorial, we will focus on designing and implementing HTTP-based services with ASP.NET Web API, and you will learn how to better use it to implement the features provided by HTTP.
Oracle WebLogic Server 12.2.1 Do More with LessEd Burns
Oracle WebLogic Server 12.2.1 (WLS) is the most significant release of WLS since Oracle added WLS to its product portfolio with the acquisition of BEA in 2008. This session by WebLogic developer and JCP Specification Lead Ed Burns goes behind the buzzwords and explains the enterprise value-add brought by WLS 12.2.1 in plain English. Ed infuses his decades long experience in web technologies throughout the presentation, addressing such topics as why app servers are still useful, what role standards play in transitioning to the cloud, and what is the difference between "full stack" and "monolith".
See an interview about this topic at <https: />.
Ed introduces the new version of WLS by taking a tour of two big ticket new features: multitenancy and Java EE 7. Other features such as continuous availability, REST management, and Docker/devops features will also be included.
The multitenancy features in WebLogic Server offer extreme efficiency, full isolation, application portability, and full automation, all in an easy to adopt format.
Java EE 7 is the latest version of the Java standard full stack of loosely coupled, highly cohesive technologies for building enterprise software. EE 7 features new versions of popular standards such as JAX-RS (REST), CDI, Servlet, JSF, JSON, WebSocket, JMS, and more.
WLS 12.2.1 delivers these and other new features, while continuing the promise of stability and scale developers expect.
Introduction
Installing Apache HTTP Web Server
Installing mod_ssl for Secure Sockets Layer (SSL) Support
Installing PHP for Dynamic Web Pages
Setting Apache to Start on Bootup with chkconfig
Configuring Apache Server Settings (httpd.conf)
Creating the Web Site Directory Structure
Creating VirtualHost Configuration Files
Starting Apache and Viewing the Web Site
Other Things to Know for Using Apache
Conclusion
HTTP is one of the most widely used protocols in the world.
The version of HTTP 1.1, used to this day, was developed and described 18 years ago - 1999.
With the increasing complexity of web applications, the capabilities of HTTP 1.1 are already insufficient to provide increased demands on performance and responsiveness.
So in order to meet new requirements, HTTP must evolve. HTTP 2.0 is designed to make web applications faster, simple and reliable.
In this report I will tell about
- drawbacks of HTTP 1.1 and why we need a new version of HTTP.
- which advantages HTTP/2 offers in comparison with the previous version?
- how the new protocol affected the new version of SERVLET 4.0 and how we can use it.
ASP.NET Web API is the de facto framework for building HTTP-based services in the .NET ecosystem. With its WCF and MVC lineage, Web API brings to the table better architecture, easier configuration, increased testability, and as always, it's customizable from top to bottom. But to properly use Web API it is not enough to get familiar with its architecture and API, you also need to really understand what HTTP is all about. HTTP is the most common application layer protocol in the world, and yet, not many web developers are familiar with HTTP concepts such as of chunking, caching, and persisted connections. In this full-day tutorial, we will focus on designing and implementing HTTP-based services with ASP.NET Web API, and you will learn how to better use it to implement the features provided by HTTP.
Oracle WebLogic Server 12.2.1 Do More with LessEd Burns
Oracle WebLogic Server 12.2.1 (WLS) is the most significant release of WLS since Oracle added WLS to its product portfolio with the acquisition of BEA in 2008. This session by WebLogic developer and JCP Specification Lead Ed Burns goes behind the buzzwords and explains the enterprise value-add brought by WLS 12.2.1 in plain English. Ed infuses his decades long experience in web technologies throughout the presentation, addressing such topics as why app servers are still useful, what role standards play in transitioning to the cloud, and what is the difference between "full stack" and "monolith".
See an interview about this topic at <https: />.
Ed introduces the new version of WLS by taking a tour of two big ticket new features: multitenancy and Java EE 7. Other features such as continuous availability, REST management, and Docker/devops features will also be included.
The multitenancy features in WebLogic Server offer extreme efficiency, full isolation, application portability, and full automation, all in an easy to adopt format.
Java EE 7 is the latest version of the Java standard full stack of loosely coupled, highly cohesive technologies for building enterprise software. EE 7 features new versions of popular standards such as JAX-RS (REST), CDI, Servlet, JSF, JSON, WebSocket, JMS, and more.
WLS 12.2.1 delivers these and other new features, while continuing the promise of stability and scale developers expect.
In a HTTP/2 World - DeccanRubyConf 2017Douglas Vaz
Why HTTP/1.1 needs to be phased out and how to leverage HTTP/2 features for improved web development practices. Also, the state of Ruby and how to use the new protocol even though support is limited.
What’s all the buzz about REST APIs, and why should you care? REST APIs are growing quickly, with enterprise and finance the fastest growing categories. REST APIs also enable apps for mobile, wearables, and Internet of Things. If you don’t yet have a content strategy for REST APIs, you may need it soon.
The job market for REST APIs is hot, and you can increase your marketability and value by understanding REST API content. Be prepared by getting a head-start on what you need to know!
This presentation was given at Information Development World on October 1, 2015.
HTTP/2 Comes to Java: Servlet 4.0 and what it means for the Java/Jakarta EE e...Edward Burns
Servlet is very easily the most important standard in server-side Java. The much awaited HTTP/2 standard is now complete, was fifteen years in the making and promises to radically speed up the entire web through a series of fundamental protocol optimizations.
In this session we will take a detailed look at the changes in HTTP/2 and discuss how it may change the Java ecosystem including the foundational Servlet 4 specification included in Java/Jakarta EE 8.
Build an Amazon Polly connector in 15 mins with MuleSoftAlex Theedom
Discover a new way of working with Java that emphasizes innovation over coding. It promotes reuse and a rapid development approach so your teams spend more time innovating. Watch a video of this presentation: http://bit.ly/InnovationOverCoding
Java EE 8 security and JSON binding APIAlex Theedom
Java EE Security and JSON Binding are two new APIs in the Java EE 8 release. The security API provides consistencies between containers with a simple annotation-driven model while JSON Binding completes Java EEs JSON APIs and is a real alternative to Jackson and Gson. In this presentation, I will walk through coding examples from both APIs and by the end of the presentation, you will understand how these two new APIs add to the advancement of the Java EE platform.
SE2016 - Java EE revisits design patterns 2016Alex Theedom
Design patterns are not only cool but represent the collective wisdom of many developers. Since the publication of Design Patterns: Elements of Reusable Object-Oriented Software by GoF many new concepts have extended the coverage of these design patterns, and now Java EE provides out-of-the box implementations of many of the most well known patterns. This talk will show how, by taking advantage of Java EE features such as CDI and the smart use of annotations, traditional design patterns can be implemented in a much cleaner and quicker way. Among the design patterns discuss there will be Singleton, Façade, Observer, Factory, Dependency Injection, Decorator and more.
Design patterns are not only cool but represent the collective wisdom of many developers. Since the publication of Design Patterns: Elements of Reusable Object-Oriented Software by GoF many new concepts have extended the coverage of these design patterns, and now Java EE provides out-of-the box implementations of many of the most well known patterns. This talk will show how, by taking advantage of Java EE features such as CDI and the smart use of annotations, traditional design patterns can be implemented in a much cleaner and quicker way. Among the design patterns discuss there will be Singleton, Façade, Observer, Factory, Dependency Injection, Decorator and more.
Design patterns are not only cool but represent the collective wisdom of many developers. Since the publication of Design Patterns: Elements of Reusable Object-Oriented Software by GoF many new concepts have extended the coverage of these design patterns, and now Java EE provide out of the box implementations of many of the most well known patterns. This talk will show how, by taking advantage of Java EE features such as CDI and the smart use of annotations, traditional design patterns can be implemented in a much cleaner and quicker way. Among the design patterns discuss there will be Singleton, Façade, Observer, Factory, Dependency Injection, Decorator and more.
Design patterns are not only cool but represent the collective wisdom of many developers. Since the publication of Design Patterns: Elements of Reusable Object-Oriented Software by GoF many new concepts have extended the coverage of these design patterns, and now Java EE provide out of the box implementations of many of the most well known patterns. This talk will show how, by taking advantage of Java EE features such as CDI and the smart use of annotations, traditional design patterns can be implemented in a much cleaner and quicker way. Among the design patterns discuss there will be Singleton, Façade, Observer, Factory, Dependency Injection, Decorator and more.
Design Patterns are not only cool but also bring years of collective wisdom to every level of developers. Since GoF, many books have been written and words shed, as well as many new concepts like Enterprise and Domain Design Patterns extended the coverage the Design Patterns, originally shared by the famous Gang of Four. Unlike the J2EE 1.4 era, Java EE provides easy and out of box implementations of many well known design patterns such as Singleton, Façade, Observer, Factory, Dependency Injection, Decorator, Data Access Patterns, MVC and even more. Many classical design patterns are actually just one annotation away from your project.
Java EE changes design pattern implementation: JavaDays Kiev 2015Alex Theedom
The implementation of traditional design patterns have changed in Java EE 7. By taking advantage of Java EE features such as CDI and the smart use of annotations, traditional design patterns can be implemented in a much cleaner and quicker way. With the use of code examples I will demonstrate how to implement some of the most commonly use design patterns in Java EE. Among the design patterns discuss there will be Factory, Singleton, Observer and Decorator.
Mobile Java with GWT: Still "Write Once, Run Everywhere"Alex Theedom
Times have changed, and although Java ME still has market share, it is not available on all devices anymore. Java/Java ME developers had no problem moving to BlackBerry or Android but faced challenges on iOS. HTML5 plus PhoneGap apps promised a silver bullet for a “write once, run on all devices” approach via several frameworks, which, in the end, offered painful JavaScript and CSS development. Although GWT offers a great Java-to-JavaScript compiler and debugger, mgwt introduces native-looking widgets on iOS, Android, and even BlackBerry. Also, with the addition of GWT/PhoneGap projects, you can now code native-looking HTML apps that can use native APIs with regular, type-safe, well-known beautiful Java without coding a single line of HTML plus JavaScript. Learn more in this session.
A new term starts and a group of fresh faced year 7's join our after school coders club for teens. I introduce the club and coders and talk about Java programming and java games programming that we will be doing in the sessions.
Devoxx UK 2015: How Java EE has changed pattern implementationAlex Theedom
The implementation of traditional design patterns have changed in Java EE 7. By taking advantage of Java EE features such as CDI and the smart use of annotations, traditional design patterns can be implemented in a much cleaner and quicker way. With the use of code examples I will demonstrate how to implement some of the most commonly use design patterns in Java EE. Among the design patterns discuss there will be Factory, Singleton, Observer and Decorator.
The implementation of traditional design patterns have changed in Java EE 7. By taking advantage of Java EE features such as CDI and the smart use of annotations, traditional design patterns can be implemented in a much cleaner and quicker way. With the use of code examples I will demonstrate how to implement some of the most commonly use design patterns in Java EE. Among the design patterns discuss there will be Factory, Singleton, Observer and Decorator.
Enhancing Performance with Globus and the Science DMZGlobus
ESnet has led the way in helping national facilities—and many other institutions in the research community—configure Science DMZs and troubleshoot network issues to maximize data transfer performance. In this talk we will present a summary of approaches and tips for getting the most out of your network infrastructure using Globus Connect Server.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Welcome to the first live UiPath Community Day Dubai! Join us for this unique occasion to meet our local and global UiPath Community and leaders. You will get a full view of the MEA region's automation landscape and the AI Powered automation technology capabilities of UiPath. Also, hosted by our local partners Marc Ellis, you will enjoy a half-day packed with industry insights and automation peers networking.
📕 Curious on our agenda? Wait no more!
10:00 Welcome note - UiPath Community in Dubai
Lovely Sinha, UiPath Community Chapter Leader, UiPath MVPx3, Hyper-automation Consultant, First Abu Dhabi Bank
10:20 A UiPath cross-region MEA overview
Ashraf El Zarka, VP and Managing Director MEA, UiPath
10:35: Customer Success Journey
Deepthi Deepak, Head of Intelligent Automation CoE, First Abu Dhabi Bank
11:15 The UiPath approach to GenAI with our three principles: improve accuracy, supercharge productivity, and automate more
Boris Krumrey, Global VP, Automation Innovation, UiPath
12:15 To discover how Marc Ellis leverages tech-driven solutions in recruitment and managed services.
Brendan Lingam, Director of Sales and Business Development, Marc Ellis
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™UiPathCommunity
In questo evento online gratuito, organizzato dalla Community Italiana di UiPath, potrai esplorare le nuove funzionalità di Autopilot, il tool che integra l'Intelligenza Artificiale nei processi di sviluppo e utilizzo delle Automazioni.
📕 Vedremo insieme alcuni esempi dell'utilizzo di Autopilot in diversi tool della Suite UiPath:
Autopilot per Studio Web
Autopilot per Studio
Autopilot per Apps
Clipboard AI
GenAI applicata alla Document Understanding
👨🏫👨💻 Speakers:
Stefano Negro, UiPath MVPx3, RPA Tech Lead @ BSP Consultant
Flavio Martinelli, UiPath MVP 2023, Technical Account Manager @UiPath
Andrei Tasca, RPA Solutions Team Lead @NTT Data
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
4. @readlearncode readlearncode.com
• Why Do We Need HTTP/2
• Workarounds to HTTP1.1
• HTTP Sockets
• Topline HTTP/2 Features
• Servlet 4.0 Features
• Server Support
• Status Update
• Extract Bits
• Q&A
What’s on?
6. @readlearncode readlearncode.com
• Increase perceived performance of web
• HTTP protocol not suitable
• Since April 2011 average web page size
• increased by over 300%
• The problem with HTTP/1.1
300%
Source: HTTPArchive.com
Why Do We Need HTTP/2?
The Goal of HTTP/2
7. @readlearncode readlearncode.com
• Requests resources in parallel HTTP 1.0
• One request per TCP connection
• HTTP1.1 Pipelining: multiple requests
• Responds in sequence
• Delay causes head-of-line blocking
How a browser loads a webpage?
open
close
client server
no pipelining
index.html
style_1.css
logo.jpg
open
close
client server
pipelining
time
index.html
style_1.css
logo.jpg
Why Do We Need HTTP/2?
9. @readlearncode readlearncode.com
• Multiple connections
• Acceptable but has issues
• TCP sockets expensive
• Browser max connections
Workarounds to HTTP1.1
Solution to Head-Of-Line Blocking
open
close
client server
connection 1
style_1.css
open
close
client server
connection 2
javaScript_1.js
open
close
client server
connection 3
image_1.png
13. @readlearncode readlearncode.com
• One image file consists of many smaller images
Workarounds to HTTP1.1
Image Sprite Sheet
Image sprites from Amazon, Google and Facebook.
18. @readlearncode readlearncode.com
HTTP Sockets
All connections now operate as one connection
open
close
client server
open
close
client server
open
close
client server
open
close
client server
open
close
client serveropen
close
client server
20. @readlearncode readlearncode.com
• HTTP/2 is comprised of two specifications
• Hypertext Transfer Protocol version 2 - RFC7540
• HPACK - Header Compression for HTTP/2 - RFC7541
• Binary Protocol Based on Frames
Topline HTTP/2 Features
What’s new
22. @readlearncode readlearncode.com
• Most important feature
• Request and response is multiplexed
• Fully bi-directional communication
• Concepts
• Connection - A TCP socket
• Stream – A channel of communication
• Message – A request/response and control message
• Frame –The smallest unit within a communication
• Resolves head-of-line blocking
• Communication broken down into frames
• Frames facilitate interweaving the logical stream
Topline HTTP/2 Features
Request/Response Multiplexing
24. @readlearncode readlearncode.com
• Interweave the logical stream over a single TCP
• Stream 3 send header then body and server responds with
stream 2 before it receives completed stream 3
Topline HTTP/2 Features
Request/Response Multiplexing
STREAM 1
HEADERS
STREAM 3
DATA
STREAM 1
DATA
STREAM 2
HEADERS
STREAM 3
HEADERS
STREAM 2
DATA
browser server
25. @readlearncode readlearncode.com
• Decomposition of the frame
• Type fields can be
• HEADERS corresponds to the HTTP headers
• DATA corresponds to the HTTP request body
• PUSH_PROMISE server notifies of push intent
• RST_STREAM notifying error, client rejects push
• PRIORITY specifies stream priority
• SETTING, PING, GOAWAY, WINDOW_UPDATE, CONTINUATION
Topline HTTP/2 Features
Binary Framing
LENGTH (24)
TYPE (8) FLAGS (8)
R STREAM IDENTIFIER (31)
FRAME PAYLOADS (0.. n)
26. @readlearncode readlearncode.com
• Mapping the HTTP Request to Frames
Topline HTTP/2 Features
Header Compression
HTTP request Header Frame
GET /index.html HTTP/1.1
Host: example.com
Accept: text/html
HEADERS
- END_STREAM
+ END_HEADERS
:method: GET
:scheme: http
:path: /index.html
:authority: example.com
accept: text/html
27. @readlearncode readlearncode.com
• Mapping the HTTP Response to Frames
Topline HTTP/2 Features
Header Compression
HTTP response Frames
HTTP/1.1 200 OK
Content-Length: 11
Content-Type: text/html
May The Force Be With You
HEADERS
- END_STREAM
+ END_HEADERS
:status: 200
content-length: 11
content-type: text/html
DATA
+ END_STREAM
May The Force Be With You
29. @readlearncode readlearncode.com
• Attach priority information to streams
• Priority located in the header frame or the priority frame
• Only a suggestion to the server
Topline HTTP/2 Features
Stream Prioritization
B D C
A
2 14 10
B C
A
4 8
30. @readlearncode readlearncode.com
• Eliminate the need for resource inlining
• The sever can proactively send resources to the client
• Client can reject PUSH_PROMISE by responding
RST_STREAM
Topline HTTP/2 Features
Server Push
32. @readlearncode readlearncode.com
Servlet 4.0 Features
Server Push
• Most visible improvements in servlets
• Best place to know what resources a request needs
• Not a replacement for websockets
34. @readlearncode readlearncode.com
• Browser requests index.html
• Server discovers need for css and js
• Get PushBuilder from HTTP request
• Set path to css and invoke push
• Set path to js and invoke push
• Then responds with index.html
• The PushBuilder can be reused
Servlet 4.0 Features
Typical Journey
35. @readlearncode readlearncode.com
Servlet 4.0 Features
PushBuilder Dive Deeper
• Constructed with request method set to GET by default
• Conditional, range, expectation, authorization and request headers
are removed
• Cookies are only added if the maxAge has not expired
• Only required setting is the URI path to the resource
• Must be set before every call to push()
38. @readlearncode readlearncode.com
• Web framework use case most important
• Dependent on knowing the resources the client requires
• Frameworks best placed to take advantage of server push
• JSF users get server push for free
Servlet 4.0 Features
JSF Use Case
39. @readlearncode readlearncode.com
• SETTINGS_ENABLE_PUSH clients disable server push
• RST_STREAM rejects cached resources
• Servlet containers must honour request to not receive
Servlet 4.0 Features
Disable/Reject Server Push
40. @readlearncode readlearncode.com
• Perfectly backward compatible
• Rework to take advantage of Server Push
• Consider removing frontend HTTP 1.1 workarounds
• JSF developers get it for free
Servlet 4.0 Features
Backward Compatible
42. @readlearncode readlearncode.com
• GlassFish 5.0 (nightly)
Reference implementation
• Payara 5.0
Has a branch for Java EE 8 development
• Jetty Stable-9 (9.4.5.v20170502)
org.eclipse.jetty.servlets.PushCacheFilter/PushBuilder
Server Implementation
Servlet Support
43. @readlearncode readlearncode.com
• WildFly 10 (Undertow)
Initial PushBuilder support implemented in Undertow master
• Tomcat 9.0.0.M20
PushBuilder support in thejavax.servlets.http package
• Netty 4.1
HTTP/2 implementation takes full advantage of headline
features
Server Implementation
Servlet Support
47. @readlearncode readlearncode.com
• The goal of HTTP/2 is to improve performance
• Cloudflare HTTP/2 demonstration tool
www.cloudflare.com/http2
• Anthum's HTTP vs HTTPS
www.httpvshttps.com
Performance Tests
Show me the performance
Here is how I am going to spend the next 45 mins or so.
I will establish the reasons why we need HTTP/2
Then I will look at the some of the work arounds that are used to overcome the short comings in HTTP1.1
Then I will focus in on the constrasting ways that HTTP1 and 2 percieve the usage of sockets
Then I will look at the topline features of HTTP/2
And then how they manifest themselves in servlets 4 with plenty of code examples
A quick look at the current state of server support for Servlets
Current status of java ee and sevlet spec
If there is time. I will look at some extra goodies and
Then I will finish with some questions and answers
The goal of HTTP/2 is to increase the perceived performance of the web browsing experience.
Web pages download more resource now compared to 22 years ago when the HTTP protocol was standardised. A typical page back then was just a simple HTML page with a few images and weighed less than 1K in size. The HTTP protocol was designed to serve this kind of page.
Fast forward to 2017 and the average web page looks completely different. It is still essentially HTML but now it is dependent on an average of 120 resources and these 120 resources are essential for today’s rich web experiences and we want this experience.
The HTTP protocol wasn't designed to deliver this kind of web experience and is very inefficient at delivering the kind of content we are now accustomed to. Over the last 22 years, as the demands on the HTTP protocol increased, web developers looked for ways to overcome the protocol's limitations and have developed some very effective solution. However good they are, they are just workarounds, hacks to compensate for the protocols limitations. We will be looking at some of those workarounds later on.
If the protocol was better these workarounds would not be necessary.
In fact over the last six years, since April 2011, the average size of a top 1000 web page has increased by over 300% to 2,101 bytes according to the HTTP Archive and the average web page now loads over 120 resources.
Lets start by looking at the problems with HTTP 1.
The browser requests the webpages from the server and finds that it requires more resources in order to render the page properly.
It then starts to request these resources one at a time.
So the browser will load the stylesheet and wait for the server to respond with this resource, then the browser requests the logo image and waits for the response, and so on until all the resources are loaded. In the beginning HTTP 1.0 allowed only one request to be made via a single TCP connection.
In HTTP/1.1 this was addressed with pipelining and the browser was able to make multiple requests.
A request is sent for all the required resources. Firstly a request for the index page, then a request is sent for the style sheet, then the image file and so on and the browsers waits for the server to respond with the requested resources. The server will respond in the order in which the resources were requested, but what happens if the style sheet takes time to return to the client: the browser must wait until it is received, the other requested resources are not returned until the server responds with the style sheet file.
This problem is called head-of-line blocking.
So instead of one connection, multiple connections are set up. For example: on connection 1 the browsers loads the stylesheet on connection 2 it loads the javaScript on connection 3 it loads the image file and so on.
This an acceptable solution but this solution has two main issues.
TCP sockets are expensive to create, not an efficient use of TCP connections and
For a given browser there is maximum number of connection per host
Given these restrictions we looked for a different way to optimize page loading.
Create one large CSS file containing all the site's styles and one large JavaScript file with all the required dynamic logic, even the page itself could contain all it's required CSS and JavaScript.
This can reduce the number of HTTP requests for a given web page to one.
Another way is to use assest inlining.
Inlining assets is a special case of file concatenation. It’s the practice of embedding CSS stylesheets, external JavaScript files, and images directly into an HTML page. For example, if you have web page that looks like this:
You could run it through an inlining tool to get something like this.
You can see that the stylesheet is now embeded inline with the HTML code as is the javascript and the image.
This can reduce the number of HTTP requests for a given web page to one.
As we have just seen, resources can be embedded directly inside the web page. We have seen that the CSS and JavaScript can be embedded into the HTML.
The way images are embeded is that the image is base64 encoded and inserted into the web page, it is deployed to the webserver with the image encoding inline, and then when the web page is loaded it is extracted and decoded using base 64.
A lot of time is spent encoding and decoding and caching cannot be easily done.
An image sprite is a single image file made up of all the sprites you use on the web page. Instead of 10 images we have just one. Each sprite is cut from the sprite sheet on the client side before use.
Image sprites in the wild from Amazon, Google and Facebook.
To over come the maximum number of connection to a host by the browser we can host the style sheets on one host and the JavaScript on another. This way we are not bound to one host.
Here we open a connection to server 1 and request the logo.jpg and icon.jpg files and we open a connection to a different server and request the header.css and the menu.css. So we have opened two connections to two domains rather than 4 connections to one domain.
What does HTTP1.1 say about sockets.
Socket are seen by HTTP1.1 as a throw away resource as the specification does not say much about how they are to be used nor is there any mention of how many sockets a browser should open to a given host.
It just by industry consensus that they open 5 or 8 connections. Mosaic opened just one and then Internet Explorer opened 4.
Even though the specification says nothing about the number of open sockets the browsers decided to restrict it to an arbitory number
In contrast sockets are seen as a scares resource and the specification talks much about how they are to be used. But essentially, a browser should ideally open only one socket to the server and do all it needs over this one socket.
The consequence of this is that everything that was done in N sockets in HTTP1.1 is now done over just one socket connection in HTTP/2.
Lets now have a look at the topline features of HTTP/2 Specification.
HTTP/2 is comprised of two specifications:
Hypertext Transfer Protocol version 2 - RFC7540
HPACK - Header Compression for HTTP/2 - RFC7541
Request/Response Multiplexing – the most important change - Over a single TCP connection request and response is multiplexed with full bi-directional communication.
Binary Framing - The TCP connection is broken down into frames
Header Compression – removes duplication from headers
Stream Prioritization – give priority processing to streams
Server Push – anticipates required assets
Upgrade From HTTP1.1 – how to upgrade to HTTP/2
Top Line Features of HTTP/2
Request/Response Multiplexing
Over a single TCP connection request and response is multiplexed with full bi-directional communication.
Lets defined some terms used when talking about multiplexing:
Connection – A single TCP socket
Stream – A channel within a connection
Message – A logical message, such as a request or a response and control message
Frame – The smallest unit of communication in HTTP/2. A request/response is broken down into smaller parts.
In HTTP 1.1, for a given request you would have just one HTTP request now, with HTTP/2, we break it down into smaller frames and this is how we resolve head of line blocking.
Now that communication has been broken down into frames, you can interweave the logical streams over a single TCP connection, and the issue of head-of-line blocking is removed.
The TCP connection is broken down into frames.
For a given connection you have multiple streams, for each stream you can have multiple messages and for each message you have multiple frames.
You can see that there is a hierarchy.
Frame is the fundamental unit of communication
Once broken down into frames you can interweave the logical stream over a single TCP connection.
Stream 3 sends its headers first then later it sends its data which is its HTTP request body and before the server receives the completed stream 3 its sends back response to stream 2.
Because the server does not have to wait for the completed communication before it does something else the head of line blocking problem does not occur.
Solves head-of-line blocking problem
Type fields. The frame has a header and the header consists of some information:
A frame consists of length of payload (24), type(8), some configuration flags(8), a reserved bit, Stream identifier(31) and Frame Payload (0 ...)
The stream identifier refers to the 1, 2, 3 in the previous diagram.
There are many different types of frames: Type fields can be
HEADERS, corresponds to the HTTP headers
DATA corresponds to the HTTP request body. If you have a large body you may have multiple of them data 1, data2 etc
PUSH_PROMISE
RST_STREAM, notifies there is an error, and allows the client to rejects server push promise request because it already has resource
PRIORITY, refers to the stream priority
SETTING,
PING,
GOAWAY,
WINDOW_UPDATE,
CONTINUATION
Lets see how the HTTP request is mapped to frames
On the left we have an HTTP request and on the right we have it mapped into a header frame.
In the header frame you have two configurations the first is END_STREAM which is set to false (the minus means false) this means that this is NOT the last frame for this request and you should expect more frames and if you set END_HEADERS to true then this frame is the last frame in the stream that contains header information.
Then we map the familiar header information from the HTTP 1.1 request.
The colon denotes that this is a sudo header and references its definition in the HTTP2 specification.
Lets look at the response.
On the left is an HTTP1.1 header response. This splits into two frames: header frame and a data frame.
In the header frame the end_stream is minus because this is not the last frame and the end_header is true as this is the last frame with header information.
In the data frame the end_stream is marked plus as it is the last frame.
The header frame contains a lot of information that has been duplicated between requests. How can we optimize this?
Between requests there is a lot of information that is the same. Between request 1 and 2 the only difference is the path. So why send the same information over and over again?
Instead of sending the data over and over again. We use HPACK header compression. HPACK keeps a table of the headers on the client and server, then when the second and subsequent headers are sent across it just references the header number on the header table.
Then the server/client knows which header you are actually using.
HTTP/2 provides the ability to attach priority information to streams which gives priority to one resource over another.
The priority can be entered in the header frame or the priority frame.
We can also define a hierarchy between streams, however it is only advice to the server, which is completely free to ignore the priority information. If it cannot respect the priority it can ignore it.
Stream A, b, d, c
C will take 3 times the resources as B
Eliminate the need for resource inlining.
The sever can proactively send resources to the client. The server tries to prepopulates the browsers cache with resources so that when the resource is needed it is already available, and does not need to be requested again, saving time.
The way it works.
The client sends header frames to the server to get a file, in this case an index.html at some point the server will respond with the file. The server knows that if I am requesting that file I will also want to request the resources that the file requires to render that html file.
In this case a CCS and an image. The Server can decide to proactively send those resources to the client even though the client has not asked for those resources. The server knows that those resources will be requested. So the server sends a push promise frame for the CSS and a push promise frame for the image. Then the server sends the index file.
The client can ignore those resources. It knows that those resources are in the cache so it declines the push promise so it will not be sent to the client.
Server push is the most visible of the many improvements in HTTP/2 to appear in the servlet API. All of the new features in HTTP/2, including server push, are aimed at improving the perceived performance of the web browsing experience.
Server push is enabled to improve perceived browser performance because servers are in a much better position than clients to know what additional assets (such as images, stylesheets and javascripts) a request might ask for next.
For example, it is possible for servers to know that whenever a browser requests an index.html page, it will then request an image, a stylesheet and javascript, etc. Since servers know this, they can pre-emptively start sending these assets while processing the index.html.
Server push is not a replacement for web sockets. it just allows you to populate the browser cache.
To use server push, obtain a reference to a PushBuilder from an HttpServletRequest, mutate the builder as desired, then call push().
The browser requests the index.html page. The server will discover that it needs the style_1.css and the javaScript_1.js files, so we get a pushbuilder from the HTTP request and set the path to the style_1.css file and invoke push, then we set the path to the javaScript_1.js file and invoke a push again.
Note in this case the css and javascript will return to the client first and then the index returns.
Its simply you get the push builder from the HTTP Request request and set the path to the resource and push.
There are two things to note in this sequence diagram,
the push builder can be reused. In the example I use the push builder to push two resources the css file and the javaScript file.
the second thing is that the index.html is returned to the browser after the push resource.
The reason is that if the index returns before the push resources the browser will analysis it and see that it needs the two resources. It will look in the cache and see that it does not have those resources and it will request them. At this point the browser cache will not be prepopulated. So the pushed resources must be returned first before the index is sent.
One of the frames types mentioned earlier was a RST_STREAM this is how the client can decline a push promise. So if the server pushes a resource and the browser already has it in the cache then rather than let the server send the file it will send an RST_STREAM frame saying that it already has the files file so don't send it.
This builds a push request based on the HttpServletRequest from which this builder was obtained.
PushBuilder pushBuilder = request.getPushBuilder();
The push request is constructed with the request method set to GET. Conditional, range, expectation, authorization and request headers are removed. Cookies are only added if the maxAge has not expired. The request header will be set to the request URL and any query string that was present. If either of the headers If-Modified-Since or If-None-Match were present then isConditional() will be set to true.
The only required setting is the URI path to be used for the push request. This must be called before every call to push(). If the path includes a query string, the query string will be appended to the existing query string (if any) and no de-duplication will occur.
Paths beginning with '/' are treated as absolute paths. All other paths are treated as relative to the context path of the request used to create this builder instance. The path may include a query string.
pushBuilder.path("/images/logo.png")
The resource is pushed by calling the push() method on the pushBuilder instance.
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { request.getPushBuilder().path("/images/logo.png").push(); }
This code snippet pushes the header.jpg image to the client that made this request.
This code snippet pushes the header.jpg image to the client that made this request.
You can test if Server Push is supported by the browser by calling the isPushSupported method.
A different way of solving this problem is to implement the server push in a filter.
jetty has a PushCacheFilter in the org.eclipse.jetty.servlets package
One of the most important use cases for the server push is the framework case.
It is completely dependent on the server having prior knowledge of the resources that the client will ask for before the client asks for them.
So web frameworks, not just JSF, are in a very good position to take advantage of server push, because the page author has to explicitly indicate at runtime which resources relates with which pages.
All this means is that JSF users get this feature for free without having to refactor their code.
So JSF is able to use server push very easily. Every time JSF is going to render a style sheet for example it will call the method encodeResourceURL and this is the entry point and here we can initialize the call the server push.
The client can explicitly disabled server push by sending a SETTINGS_ENABLE_PUSH setting value of 0 (zero).
In addition to allowing clients to disable server push with the SETTINGS_ENABLE_PUSH setting, servlet containers must honor a client’s request to not receive a pushed response on a finer grained basis by heeding the CANCEL or REFUSED_STREAM code that references the pushed stream’s stream identifier.
One common use of this interaction is when a browser already has the resource in its cache.
Your current code is perfectly compatible with Servlet 4 and you can run it without modification.
However if you want to take advantage of the Server Push feature you will need do some work, but as we have seen this can be implemented as a filter, so the rework change can be transparent.
And as just mentioned JSF gets if for free
The reference implementation for the Java EE 8 is the GlassFish project Version 5.0. This is progressing nicely.
Jetty Jetty is a Web Server and Servlet container which supports HTTP/2, WebSockets, OSGi, JMX, JNDI, JAAS. Jetty's stable release 9.3.x has had PushBuilder support for a few months and it is being actively used by their HTTP/2 adopters
They have implemented their own packaging for Servlet 4.0 API and includes a PushCacheFilter in the org.eclipse.jetty.servlets package. This is a more sophisticated implementation of the example we saw earlier.
WildFly 10 (Undertow) They have an initial PushBuilder support implemented in Undertow master, however it is not part of any release yet. It should be possible to use it in Wildfly by simply replacing the existing Undertow and Servlet API jars.
https://github.com/payara/Payara/tree/Payara-5
WildFly 10 (Undertow)
They have an initial PushBuilder support implemented in Undertow master, however it is not part of any release yet. It should be possible to use it in Wildfly by simply replacing the existing Undertow and Servlet API jars.
Tomcat 9
Currently supports Servlets 4.0's PushBuilder in the javax.servlets.http package.
Netty 4.1
Its worth mentioning that Netty 4.1, an asynchronous event-driven network application framework, has an HTTP/2 implemetations that takes full advantage of the main headline features.
The specification is currently in public review the last stage finishes 20th May
and hopefully ready for JavaOne in 1st week in October.
HTTP/2 is the main issue but the Expert Group are tackling other issue which you can follow on the issue tracker.
The issue tracker has moved to github. This is the link to the issue tracker where you can review the current issues that are being ironed out
And the full JCP specification is available at this link here.
The goal of HTTP/2 is to improve performance. So lets see just how much faster it really is.
Cloudflare has a neat online tool (cloudflare.com/http2) that downloads 200 image slices in both HTTP1.1 and HTTP/2. The browser has to use many separate TCP connections to load the slices. This incurs significant amount of overhead because only a small number of images are downloaded in parallel.
I ran this a few days ago and the demo showed that HTTP/2 was 4.0x faster than HTTP/1.1.
HTTP1.1 vs HTTP/2 HTTPS
Another tool that tests HTTP1.1 against HTTP/2 is Anthum's HTTP vs HTTPS (httpvshttps.com). Plaintext HTTP/1.1 is compared against encrypted HTTP/2 HTTPS on a non-caching, nginx server with a direct, non-proxied connection.
We can use ALPN which is a TLS extension and in the handshake you send an extension and the server will determine that the communication is h2 and will continue using h2.
One of the changes in Tomcat 9 is that TLS virtual hosting and multiple certificate are supported for a single connector with each virtual host able to support multiple certificates.
Open the conf/server.xml file and make the following configuration changes.
SPDY's primary focus is to reduce web page load time by reducing latency, essentially satisfying the same goal as HTTP/2 and it formed the first draft of the HTTP/2. Its a bridge between HTTP1.1 and HTTP/2 and will not be support be support by Chrome going forward. Instead chrome will favour support for HTTP/2 from early this year.
Talk about JSR JCP Java EE Guardians etc
Servers can advise that they support HTTP/2 during the SSL handshake and with modification made to Shodan by John Matherly that track the negotiated HTTP versions searches of the data collected can be made using the ssl.alpn filter.
Shodan is the world's first search engine for Internet-connected devices
If we analyse the two graphs (December full report, April full report) by looking at the percentage of all reported server support for each protocol type we can see that the adoption of HTTP/2 has increased 100% to 10% of all surveyed servers.
However further analysis shows that growth has come from providers upgrading the incumbent version of HTTP/2 to the latest specification. It can be implied that providers have upgraded from draft versions 14 and 17 and from HTTP/2 (cleartext). The clear text version is not supportedby Firefox or Chrome.
Looking deeper into data by combining all HTTP 1.x versions into one group, all HTTP 2 into another group and all SPDY versions in a different group we can see that there is no significant change in protocols supported.
As expected HTTP 1.x dominates the list of support protocols, with SPDY in second place and HTTP/2 trailing last. There is still a lot of work to be done.
Servers can advise that they support HTTP/2 during the SSL handshake and with modification made to Shodan by John Matherly that track the negotiated HTTP versions searches of the data collected can be made using the ssl.alpn filter.
Shodan is the world's first search engine for Internet-connected devices
If we analyse the two graphs (December full report, April full report) by looking at the percentage of all reported server support for each protocol type we can see that the adoption of HTTP/2 has increased 100% to 10% of all surveyed servers.
However further analysis shows that growth has come from providers upgrading the incumbent version of HTTP/2 to the latest specification. It can be implied that providers have upgraded from draft versions 14 and 17 and from HTTP/2 (cleartext). The clear text version is not supportedby Firefox or Chrome.
Looking deeper into data by combining all HTTP 1.x versions into one group, all HTTP 2 into another group and all SPDY versions in a different group we can see that there is no significant change in protocols supported.
As expected HTTP 1.x dominates the list of support protocols, with SPDY in second place and HTTP/2 trailing last. There is still a lot of work to be done.
So how do we talk in HTTP2. Two ways.
If you are using HTTP in clear text you can use the upgrade mechanism in HTTP1.1 to send upgraded header to promote to a protocol called h2c, the c means clear text, then the server will react and upgrade to h2c.
If you are using HTTPS you can use ALPN (application layer protocol negation) which is a TLS extension. You send an extension during the handshake to the server side and the server figures out that it is h2 and the communication continues in h2.
However Firefox or Chrome does not support h2c.
HTTP/2 over TLS and HTTP/2 over TCP have been defined as 2 different protocols, identified respectively by h2 and h2c.
Abstraction: Servlet API well positioned to enable HTTP/2 optimisation and to allow frameworks to leverage server push.
So how might Servlets expose HTTP /2 features? Servlets are the right abstraction for the RFC. You don't want to have to program frames and streams so a high level API to hide the network layer would be nice. In the Servlets layer you can do the server push with out doing the low level stuff.
One of the changes in the Servlet API is that in HTTP 1 we had one request and one response. In HTTP /2 this is no longer true. There can be one request and the server may decide to push several resources and then finally it responds with the originally requested page. You have one request and multiple responses at the same time and this is a challenge for the Servlet API.
To use server push, obtain a reference to a PushBuilder from an HttpServletRequest, mutate the builder as desired, then call push().