jsr356-devoxxma-2016

Transcript

1. Production-ready chat server in 10 minutes with the Java API

   for WebSocket (JSR 356) Mahmoud Ben Hassine @b_e_n_a_s https://benas.github.io #jsr356-DevoxxMA

2. Introduction #jsr356-DevoxxMA 2 @b_e_n_a_s

3. Agenda • Introduction • Overview of WebSockets • Overview of

   JSR 356: Java API for WebSocket • Tyrus in action • Advanced topics • Monitoring • Security • Performance & Scalability • Handling disconnections #jsr356-DevoxxMA 3 @b_e_n_a_s

4. WebSockets overview #jsr356-DevoxxMA 4 @b_e_n_a_s

5. WebSockets overview • WebSocket: full-duplex communication channel over a single

   TCP connection • Protocol: defined by the IETF in RFC 6455 • API: defined by the W3C in Web IDL
 #jsr356-DevoxxMA 4 @b_e_n_a_s

6. WebSockets overview • WebSocket: full-duplex communication channel over a single

   TCP connection • Protocol: defined by the IETF in RFC 6455 • API: defined by the W3C in Web IDL
 • Use cases: • chat/social apps • Real time games • Real time collaboration apps #jsr356-DevoxxMA 4 @b_e_n_a_s

7. JSR 356 overview #jsr356-DevoxxMA 5 @b_e_n_a_s

8. JSR 356 overview • Part of Java EE 7 #jsr356-DevoxxMA

   5 @b_e_n_a_s

9. JSR 356 overview • Part of Java EE 7 •

   Annotated and Programmatic ways to define websocket endpoints #jsr356-DevoxxMA 5 @b_e_n_a_s

10. JSR 356 overview • Part of Java EE 7 •

    Annotated and Programmatic ways to define websocket endpoints • Event-driven: @OnOpen, @OnClose, @OnMessage #jsr356-DevoxxMA 5 @b_e_n_a_s

11. JSR 356 overview • Part of Java EE 7 •

    Annotated and Programmatic ways to define websocket endpoints • Event-driven: @OnOpen, @OnClose, @OnMessage • Encoders/Decoders, Path/Query parameters handling #jsr356-DevoxxMA 5 @b_e_n_a_s

12. JSR 356 overview • Part of Java EE 7 •

    Annotated and Programmatic ways to define websocket endpoints • Event-driven: @OnOpen, @OnClose, @OnMessage • Encoders/Decoders, Path/Query parameters handling • Integration with Java EE technologies #jsr356-DevoxxMA 5 @b_e_n_a_s

13. JSR 356 overview • Part of Java EE 7 •

    Annotated and Programmatic ways to define websocket endpoints • Event-driven: @OnOpen, @OnClose, @OnMessage • Encoders/Decoders, Path/Query parameters handling • Integration with Java EE technologies • Reference implementation: https://tyrus.java.net #jsr356-DevoxxMA 5 @b_e_n_a_s

14. Agenda • Introduction • Overview of WebSockets • Overview of

    JSR 356: Java API for WebSocket • Tyrus in action • Advanced topics • Monitoring • Security • Performance & Scalability • Handling disconnections #jsr356-DevoxxMA 6 @b_e_n_a_s

15. Agenda • Introduction • Overview of WebSockets • Overview of

    JSR 356: Java API for WebSocket • Tyrus in action • Advanced topics • Monitoring • Security • Performance & Scalability • Handling disconnections #jsr356-DevoxxMA 7 @b_e_n_a_s

16. Monitoring Server side monitoring through JMX (number of open sessions,

    messages count, etc) // Endpoint-level monitoring: serverProperties.put(
 APPLICATION_EVENT_LISTENER,
 new SessionlessApplicationMonitor() ); // Session-level monitoring: serverProperties.put(
 APPLICATION_EVENT_LISTENER,
 new SessionAwareApplicationMonitor() ); #jsr356-DevoxxMA 8 @b_e_n_a_s

17. Security (server side) #jsr356-DevoxxMA 9 @b_e_n_a_s

18. Security (server side) #jsr356-DevoxxMA 9 @b_e_n_a_s

19. Security (server side) • Use "wss" protocol
 #jsr356-DevoxxMA 9 @b_e_n_a_s

20. Security (server side) • Use "wss" protocol
 • Use servlet

    security mechanisms (chapter 8 of the spec)
 #jsr356-DevoxxMA 9 @b_e_n_a_s

21. Security (server side) • Use "wss" protocol
 • Use servlet

    security mechanisms (chapter 8 of the spec)
 • Set maximal number of open sessions
 (per application, per remote address, per endpoint) #jsr356-DevoxxMA 9 @b_e_n_a_s

22. Security (client side) #jsr356-DevoxxMA 10 @b_e_n_a_s

23. Security (client side) // use HTTP authentication clientProperties().put( ClientProperties.CREDENTIALS,
 new

    Credentials("user", "pwd")
 ); #jsr356-DevoxxMA 10 @b_e_n_a_s

24. Security (client side) // use HTTP authentication clientProperties().put( ClientProperties.CREDENTIALS,
 new

    Credentials("user", "pwd")
 ); // Enable SSL SslContextConfigurator scc = new SslContextConfigurator(); scc.setTrustStoreFile("..."); scc.setTrustStorePassword("..."); SslEngineConfigurator sec = new SslEngineConfigurator(ssc, true, false, false); clientProperties().put(
 ClientManager.SSL_ENGINE_CONFIGURATOR, sec); #jsr356-DevoxxMA 10 @b_e_n_a_s

25. Performance and Scalability #jsr356-DevoxxMA 11 @b_e_n_a_s

26. Performance and Scalability • WebSocket performance testing is tricky: •

    File Descriptor limits • Ephemeral Port limits #jsr356-DevoxxMA 11 @b_e_n_a_s

27. Performance and Scalability • WebSocket performance testing is tricky: •

    File Descriptor limits • Ephemeral Port limits • Clustering web socket servers is challenging: • How to talk to another session directly ? • JSR 356 API is not very friendly in regards to clustering..
 => sticky sessions +distributed cache + load balancer ? #jsr356-DevoxxMA 11 @b_e_n_a_s

28. Performance and Scalability • WebSocket performance testing is tricky: •

    File Descriptor limits • Ephemeral Port limits • Clustering web socket servers is challenging: • How to talk to another session directly ? • JSR 356 API is not very friendly in regards to clustering..
 => sticky sessions +distributed cache + load balancer ? • Common practice: broadcast (mass-notification) • Might require mode application code (proper handling on client side) • More bandwidth usage #jsr356-DevoxxMA 11 @b_e_n_a_s

29. Handling disconnections Automatic client reconnection ClientManager.ReconnectHandler { long getDelay(); boolean

    onConnectFailure(Exception exception); boolean onDisconnect(CloseReason closeReason); } #jsr356-DevoxxMA 12 @b_e_n_a_s

30. Thank you! • slides: http://speakerdeck.com/benas/jsr356-devoxxma-2016 • code: http://github.com/benas/web-socket-lab #jsr356-DevoxxMA @b_e_n_a_s