Production-ready chat server in 10 minutes with the Java API for WebSocket (JSR 356) Mahmoud Ben Hassine @b_e_n_a_s https://benas.github.io #jsr356-DevoxxMA

Introduction #jsr356-DevoxxMA 2 @b_e_n_a_s

Agenda • Introduction • Overview of WebSockets • Overview of JSR 356: Java API for WebSocket • Tyrus in action • Advanced topics • Monitoring • Security • Performance & Scalability • Handling disconnections #jsr356-DevoxxMA 3 @b_e_n_a_s

WebSockets overview #jsr356-DevoxxMA 4 @b_e_n_a_s

WebSockets overview • WebSocket: full-duplex communication channel over a single TCP connection • Protocol: defined by the IETF in RFC 6455 • API: defined by the W3C in Web IDL
 #jsr356-DevoxxMA 4 @b_e_n_a_s

WebSockets overview • WebSocket: full-duplex communication channel over a single TCP connection • Protocol: defined by the IETF in RFC 6455 • API: defined by the W3C in Web IDL
 • Use cases: • chat/social apps • Real time games • Real time collaboration apps #jsr356-DevoxxMA 4 @b_e_n_a_s

JSR 356 overview #jsr356-DevoxxMA 5 @b_e_n_a_s

JSR 356 overview • Part of Java EE 7 #jsr356-DevoxxMA 5 @b_e_n_a_s

JSR 356 overview • Part of Java EE 7 • Annotated and Programmatic ways to define websocket endpoints #jsr356-DevoxxMA 5 @b_e_n_a_s

JSR 356 overview • Part of Java EE 7 • Annotated and Programmatic ways to define websocket endpoints • Event-driven: @OnOpen, @OnClose, @OnMessage #jsr356-DevoxxMA 5 @b_e_n_a_s

JSR 356 overview • Part of Java EE 7 • Annotated and Programmatic ways to define websocket endpoints • Event-driven: @OnOpen, @OnClose, @OnMessage • Encoders/Decoders, Path/Query parameters handling #jsr356-DevoxxMA 5 @b_e_n_a_s

JSR 356 overview • Part of Java EE 7 • Annotated and Programmatic ways to define websocket endpoints • Event-driven: @OnOpen, @OnClose, @OnMessage • Encoders/Decoders, Path/Query parameters handling • Integration with Java EE technologies #jsr356-DevoxxMA 5 @b_e_n_a_s

JSR 356 overview • Part of Java EE 7 • Annotated and Programmatic ways to define websocket endpoints • Event-driven: @OnOpen, @OnClose, @OnMessage • Encoders/Decoders, Path/Query parameters handling • Integration with Java EE technologies • Reference implementation: https://tyrus.java.net #jsr356-DevoxxMA 5 @b_e_n_a_s

Agenda • Introduction • Overview of WebSockets • Overview of JSR 356: Java API for WebSocket • Tyrus in action • Advanced topics • Monitoring • Security • Performance & Scalability • Handling disconnections #jsr356-DevoxxMA 6 @b_e_n_a_s

Agenda • Introduction • Overview of WebSockets • Overview of JSR 356: Java API for WebSocket • Tyrus in action • Advanced topics • Monitoring • Security • Performance & Scalability • Handling disconnections #jsr356-DevoxxMA 7 @b_e_n_a_s

Monitoring Server side monitoring through JMX (number of open sessions, messages count, etc) // Endpoint-level monitoring: serverProperties.put(
 APPLICATION_EVENT_LISTENER,
 new SessionlessApplicationMonitor() ); // Session-level monitoring: serverProperties.put(
 APPLICATION_EVENT_LISTENER,
 new SessionAwareApplicationMonitor() ); #jsr356-DevoxxMA 8 @b_e_n_a_s

Security (server side) #jsr356-DevoxxMA 9 @b_e_n_a_s

Security (server side) #jsr356-DevoxxMA 9 @b_e_n_a_s

Security (server side) • Use "wss" protocol
 #jsr356-DevoxxMA 9 @b_e_n_a_s

Security (server side) • Use "wss" protocol
 • Use servlet security mechanisms (chapter 8 of the spec)
 #jsr356-DevoxxMA 9 @b_e_n_a_s

Security (server side) • Use "wss" protocol
 • Use servlet security mechanisms (chapter 8 of the spec)
 • Set maximal number of open sessions
 (per application, per remote address, per endpoint) #jsr356-DevoxxMA 9 @b_e_n_a_s

Security (client side) #jsr356-DevoxxMA 10 @b_e_n_a_s

Security (client side) // use HTTP authentication clientProperties().put( ClientProperties.CREDENTIALS,
 new Credentials("user", "pwd")
 ); #jsr356-DevoxxMA 10 @b_e_n_a_s

Security (client side) // use HTTP authentication clientProperties().put( ClientProperties.CREDENTIALS,
 new Credentials("user", "pwd")
 ); // Enable SSL SslContextConfigurator scc = new SslContextConfigurator(); scc.setTrustStoreFile("..."); scc.setTrustStorePassword("..."); SslEngineConfigurator sec = new SslEngineConfigurator(ssc, true, false, false); clientProperties().put(
 ClientManager.SSL_ENGINE_CONFIGURATOR, sec); #jsr356-DevoxxMA 10 @b_e_n_a_s

Performance and Scalability #jsr356-DevoxxMA 11 @b_e_n_a_s

Performance and Scalability • WebSocket performance testing is tricky: • File Descriptor limits • Ephemeral Port limits #jsr356-DevoxxMA 11 @b_e_n_a_s

Performance and Scalability • WebSocket performance testing is tricky: • File Descriptor limits • Ephemeral Port limits • Clustering web socket servers is challenging: • How to talk to another session directly ? • JSR 356 API is not very friendly in regards to clustering..
 => sticky sessions +distributed cache + load balancer ? #jsr356-DevoxxMA 11 @b_e_n_a_s

Performance and Scalability • WebSocket performance testing is tricky: • File Descriptor limits • Ephemeral Port limits • Clustering web socket servers is challenging: • How to talk to another session directly ? • JSR 356 API is not very friendly in regards to clustering..
 => sticky sessions +distributed cache + load balancer ? • Common practice: broadcast (mass-notification) • Might require mode application code (proper handling on client side) • More bandwidth usage #jsr356-DevoxxMA 11 @b_e_n_a_s

Handling disconnections Automatic client reconnection ClientManager.ReconnectHandler { long getDelay(); boolean onConnectFailure(Exception exception); boolean onDisconnect(CloseReason closeReason); } #jsr356-DevoxxMA 12 @b_e_n_a_s

Thank you! • slides: http://speakerdeck.com/benas/jsr356-devoxxma-2016 • code: http://github.com/benas/web-socket-lab #jsr356-DevoxxMA @b_e_n_a_s