Slide 1

Slide 1 text

Production-ready chat server in 10 minutes with the Java API for WebSocket (JSR 356) Mahmoud Ben Hassine @b_e_n_a_s https://benas.github.io #jsr356-DevoxxMA

Slide 2

Slide 2 text

Introduction #jsr356-DevoxxMA 2 @b_e_n_a_s

Slide 3

Slide 3 text

Agenda • Introduction • Overview of WebSockets • Overview of JSR 356: Java API for WebSocket • Tyrus in action • Advanced topics • Monitoring • Security • Performance & Scalability • Handling disconnections #jsr356-DevoxxMA 3 @b_e_n_a_s

Slide 4

Slide 4 text

WebSockets overview #jsr356-DevoxxMA 4 @b_e_n_a_s

Slide 5

Slide 5 text

WebSockets overview • WebSocket: full-duplex communication channel over a single TCP connection • Protocol: defined by the IETF in RFC 6455 • API: defined by the W3C in Web IDL
 #jsr356-DevoxxMA 4 @b_e_n_a_s

Slide 6

Slide 6 text

WebSockets overview • WebSocket: full-duplex communication channel over a single TCP connection • Protocol: defined by the IETF in RFC 6455 • API: defined by the W3C in Web IDL
 • Use cases: • chat/social apps • Real time games • Real time collaboration apps #jsr356-DevoxxMA 4 @b_e_n_a_s

Slide 7

Slide 7 text

JSR 356 overview #jsr356-DevoxxMA 5 @b_e_n_a_s

Slide 8

Slide 8 text

JSR 356 overview • Part of Java EE 7 #jsr356-DevoxxMA 5 @b_e_n_a_s

Slide 9

Slide 9 text

JSR 356 overview • Part of Java EE 7 • Annotated and Programmatic ways to define websocket endpoints #jsr356-DevoxxMA 5 @b_e_n_a_s

Slide 10

Slide 10 text

JSR 356 overview • Part of Java EE 7 • Annotated and Programmatic ways to define websocket endpoints • Event-driven: @OnOpen, @OnClose, @OnMessage #jsr356-DevoxxMA 5 @b_e_n_a_s

Slide 11

Slide 11 text

JSR 356 overview • Part of Java EE 7 • Annotated and Programmatic ways to define websocket endpoints • Event-driven: @OnOpen, @OnClose, @OnMessage • Encoders/Decoders, Path/Query parameters handling #jsr356-DevoxxMA 5 @b_e_n_a_s

Slide 12

Slide 12 text

JSR 356 overview • Part of Java EE 7 • Annotated and Programmatic ways to define websocket endpoints • Event-driven: @OnOpen, @OnClose, @OnMessage • Encoders/Decoders, Path/Query parameters handling • Integration with Java EE technologies #jsr356-DevoxxMA 5 @b_e_n_a_s

Slide 13

Slide 13 text

JSR 356 overview • Part of Java EE 7 • Annotated and Programmatic ways to define websocket endpoints • Event-driven: @OnOpen, @OnClose, @OnMessage • Encoders/Decoders, Path/Query parameters handling • Integration with Java EE technologies • Reference implementation: https://tyrus.java.net #jsr356-DevoxxMA 5 @b_e_n_a_s

Slide 14

Slide 14 text

Agenda • Introduction • Overview of WebSockets • Overview of JSR 356: Java API for WebSocket • Tyrus in action • Advanced topics • Monitoring • Security • Performance & Scalability • Handling disconnections #jsr356-DevoxxMA 6 @b_e_n_a_s

Slide 15

Slide 15 text

Agenda • Introduction • Overview of WebSockets • Overview of JSR 356: Java API for WebSocket • Tyrus in action • Advanced topics • Monitoring • Security • Performance & Scalability • Handling disconnections #jsr356-DevoxxMA 7 @b_e_n_a_s

Slide 16

Slide 16 text

Monitoring Server side monitoring through JMX (number of open sessions, messages count, etc) // Endpoint-level monitoring: serverProperties.put(
 APPLICATION_EVENT_LISTENER,
 new SessionlessApplicationMonitor() ); // Session-level monitoring: serverProperties.put(
 APPLICATION_EVENT_LISTENER,
 new SessionAwareApplicationMonitor() ); #jsr356-DevoxxMA 8 @b_e_n_a_s

Slide 17

Slide 17 text

Security (server side) #jsr356-DevoxxMA 9 @b_e_n_a_s

Slide 18

Slide 18 text

Security (server side) #jsr356-DevoxxMA 9 @b_e_n_a_s

Slide 19

Slide 19 text

Security (server side) • Use "wss" protocol
 #jsr356-DevoxxMA 9 @b_e_n_a_s

Slide 20

Slide 20 text

Security (server side) • Use "wss" protocol
 • Use servlet security mechanisms (chapter 8 of the spec)
 #jsr356-DevoxxMA 9 @b_e_n_a_s

Slide 21

Slide 21 text

Security (server side) • Use "wss" protocol
 • Use servlet security mechanisms (chapter 8 of the spec)
 • Set maximal number of open sessions
 (per application, per remote address, per endpoint) #jsr356-DevoxxMA 9 @b_e_n_a_s

Slide 22

Slide 22 text

Security (client side) #jsr356-DevoxxMA 10 @b_e_n_a_s

Slide 23

Slide 23 text

Security (client side) // use HTTP authentication clientProperties().put( ClientProperties.CREDENTIALS,
 new Credentials("user", "pwd")
 ); #jsr356-DevoxxMA 10 @b_e_n_a_s

Slide 24

Slide 24 text

Security (client side) // use HTTP authentication clientProperties().put( ClientProperties.CREDENTIALS,
 new Credentials("user", "pwd")
 ); // Enable SSL SslContextConfigurator scc = new SslContextConfigurator(); scc.setTrustStoreFile("..."); scc.setTrustStorePassword("..."); SslEngineConfigurator sec = new SslEngineConfigurator(ssc, true, false, false); clientProperties().put(
 ClientManager.SSL_ENGINE_CONFIGURATOR, sec); #jsr356-DevoxxMA 10 @b_e_n_a_s

Slide 25

Slide 25 text

Performance and Scalability #jsr356-DevoxxMA 11 @b_e_n_a_s

Slide 26

Slide 26 text

Performance and Scalability • WebSocket performance testing is tricky: • File Descriptor limits • Ephemeral Port limits #jsr356-DevoxxMA 11 @b_e_n_a_s

Slide 27

Slide 27 text

Performance and Scalability • WebSocket performance testing is tricky: • File Descriptor limits • Ephemeral Port limits • Clustering web socket servers is challenging: • How to talk to another session directly ? • JSR 356 API is not very friendly in regards to clustering..
 => sticky sessions +distributed cache + load balancer ? #jsr356-DevoxxMA 11 @b_e_n_a_s

Slide 28

Slide 28 text

Performance and Scalability • WebSocket performance testing is tricky: • File Descriptor limits • Ephemeral Port limits • Clustering web socket servers is challenging: • How to talk to another session directly ? • JSR 356 API is not very friendly in regards to clustering..
 => sticky sessions +distributed cache + load balancer ? • Common practice: broadcast (mass-notification) • Might require mode application code (proper handling on client side) • More bandwidth usage #jsr356-DevoxxMA 11 @b_e_n_a_s

Slide 29

Slide 29 text

Handling disconnections Automatic client reconnection ClientManager.ReconnectHandler { long getDelay(); boolean onConnectFailure(Exception exception); boolean onDisconnect(CloseReason closeReason); } #jsr356-DevoxxMA 12 @b_e_n_a_s

Slide 30

Slide 30 text

Thank you! • slides: http://speakerdeck.com/benas/jsr356-devoxxma-2016 • code: http://github.com/benas/web-socket-lab #jsr356-DevoxxMA @b_e_n_a_s