Web Sockets in Java EE 7

Sivasubramaniam Arunachalam

February 23, 2013

@sivaa_in

http://www.meetup.com/BangaloreOpenJUG/events/102904102/

Java Day

It’s me!

• Application Developer

• Web/Enterprise/Middleware/B2B

• Java/Java EE, Python/Django

• 2002

• Technical Consultant

• Process Mentor • Speaker

Agenda

• Introduction to Web Sockets

• History

• Protocol Spec

• Adoption

• Java EE 7 Support

• Demo

Tweet Ping

Web 1.0 Web 1.0

Web 2.0

Web 3.0 Web 4.0

https://www.facebook.com/sitetour/chat.php

600+ M Active Users/Day

http:// 1991

1995

2013 Still 22 Years Old

http?

http/tcp (1974) (1991)

request / response

~ 2k bytes

~ 150 ms

State less

Real Time Real Time ~

Pull Based (Polling) Periodic Polling (JS/AJAX)

Server Client

AUS 312/7

Latest Score?

Latest Score?

Latest Score?

Same

Same

Latest Score?

AUS 316/7

Latest Score?

Same

Push Based (Comet) Server Push/Long Polling (JS/AJAX/iframe)

Server Client

AUS 312/7

Latest Score?

Latest Score?

AUS 316/7

Latest Score?

• Request / Response

• Too Many

• Server Connections

• Heavy Headers

• Outdated Content

Streaming Server Side Hack

Server Client

AUS 312/7 (1/n)

Latest Score?

AUS 316/7 (2/n)

IND 0/0 (n/n)

Server Client

AUS 312/7

Latest Score?

AUS 312/7 AUS 316/7 IND 0/0

Server Buffer

AUS 316/7

IND 0/0

PROXY

(1/n) (n-1 to go)

(n/n)

(2/n)

(n-2 to go)

• RTMP • Adobe

• Are you Still using Flash?

• RTD • Windows/Excel

• Non Web

Others

Web Sockets (to rescue)

The Web Socket Way The Original Route

Server Client

Hi Client!

Hey Server!

AUS 312/7

Update me the Score

AUS 316/7

IND 0/0

Not Interested. Bye

Server Client

Hi Client!

Hey Server!

AUS 312/7

Update me the Score

AUS 316/7

IND 0/0

Not Interested. Bye

Update Over info too

(0.0 ov)

(95.0 ov)

(93.0 ov)

(94.0 ov)

The Background

http://www.tavendo.de/webmq/resources/faq

Let’s Meet Next Year (2014)

http://www.tavendo.de/webmq/resources/faq

Server Side • Hand Shake

• Data Transfer

RFC 6455

Client Side • Java Script API

• Browser Behavior

• tcp • Full Duplex (Bi-Directional)

• Native Browser Support

• No Hacks

• Not Limited to Web

Fundamentals

+ http

• 80 / 443 (plain/secure)

• No Proxy/Firewall pains

• Stream of Messages (Not Bytes)

• ws:// & wss://

• Only ONE Connection (up/down streams)

The Spec

2 Bytes Header (for each message)

Still Why?

~ 50 ms (Latency)

1000 x

3 x

http://www.codeproject.com/Articles/437342/DotNet-WebSocket-Programming

1 Message/Second per Client

1,000 clients 10,000 clients 1,00,000 clients

• GET (request)

• 101 (response code)

• Not 200 OK

• http:// -> ws://

The Upgrade

GET /demo HTTP/1.1

Origin : http://sivaa.in

Host : sivaa.in

Connection : Upgrade

Upgrade : WebSocket

WebSocket-Protocol : json, chat, <protocol>

WebSocket-Version : 10

WebSocket-extensions : compression, <extn>

Client Request

HTTP/1.1 101 Switching Protocols

Connection : Upgrade

Upgrade : WebSocket

WebSocket-Protocol : json, chat, <protocol>

WebSocket-Origin : http://sivaa.in

WebSocket-Location : ws://sivaa.in/demo

Server Response

Challenge by Client

Sec-WebSocket-Key : Key (Random 128 bits -> Base 64)

Response By Server

Sec-WebSocket-Accept : Key + GUID* (SHA1)

[NOT FOR SECURITY]

* 258EAFA5-E914-47DA- 95CA-C5AB0DC85B11 (RFC 6455)

Challenge - Response

Client / Server Client / Server

Peer <-> Peer

• Frames (TCP) •

• No request / response behavior • No Correlation too

• Independent

• # of requests != # of responses

Data Transfer

• Headers

• Cookies

• Authentication

And No

• Custom Message Patterns

• Technical / Business

• Request / Response • 1 – 1

• 1 to Many

• Acknowledgements

Sub Protocols

Client -> Ping

Server -> Pong

Ping / Pong

• Keep-Alive

• Heart Beat

• Latency Metrics

• N/W Status Probing

• Detect Failed Connections

Browser Support

http://caniuse.com/#feat=websockets

Server Support

IDL (Java Script)

http://www.w3.org/TR/websockets/

http://www.w3.org/TR/websockets/

http://www.w3.org/TR/websockets/

http://www.w3.org/TR/websockets/

http://www.w3.org/TR/websockets/

1. var ws = new WebSocket("ws://sivaa.in/demo");

2. ws.onopen = function() {

ws.send("Hello Server!");

};

3. ws.onmessage = function(event) {

alert("Reply from Server " + event.data);

};

n-1. ws.send("This is the message sent by the client");

n. ws.close()

Developer Friendly

CONNECTING

OPEN

CLOSING

CLOSED

• Closing Long Lived Connections

• Unresponsive Server

• Buffering Server Response

• Non Encryption

• More Latency

The Guards (Proxy / Firewall)

• Web Sockets doesn’t Proxy

• Stripping HTTP Headers • Upgrade

• Options to disable

• Rejecting Server Response

• Frames (HTTP Headers Expected)

• wss:// - No issues

Web Sockets and

The Guards

• 301

• Limited Support

• Inconsistent Behavior

The Hidden Blades

• JSR 356

• Java EE 7

• Tyrus ( http://tyrus.java.net/ )

• Web Socket SDK

• Reference Implementation

Java EE 7 & Web Socket

• Handshake Response to Clients

• Source/Origin Check

• URI Resolving & Matching

• Sub Protocols Negotiation

• Extension Negotiation

Server Side Capabilities (Expected)

• End point (to handle life cycle events)

• Session (Current Active Session)

• Remote End Point (Peer)

• Message Handler (incoming messages)

• Error Handler

Handlers

• javax.websocket.*

• javax.net.websocket.*

http://java.net/projects/websocket-spec/sources/source-code-repository/show/tags/javax.net.websocket-api-1.0-b08/src/main/java?rev=213

Packages

• Apache Tomcat 7

• GlassFish 3.1

• Jetty 7

• JBoss 7 • And much more

Web Server Support

• Annotations

• Reference Implementation

• Web Sockets SDK / mvn

• Samples to Begin with

GlassFish

• GlassFish Promoted Build

• # svn checkout https://svn.java.net/svn/websocket-sdk~source-code-repository

• # mvn clean install (in websocket-sdk~source-code-repository\trunk\samples)

• Import in Latest Net Beans

• Run it

Demo

Thank You! siva@sivaa.in

bit.ly/sivasubramaniam bit.ly/sivaa_in

References

• http://www.inc.com/ss/brief-history-time-management#7 • http://resources3.news.com.au/images/2013/01/30/1226564/845955-tim-berners-lee.jpg • http://netdna.webdesignerdepot.com/uploads/2009/01/macii.jpg#old%20apple%20computer%20559x450 • http://3.bp.blogspot.com/_zVkfb2MIt4A/S8f_qzhuhRI/AAAAAAAAAjg/2idf7_G4wxo/s1600/apple-imac.png • http://www.softwareforeducation.com/wikileki/images/c/c4/Simplex-half-full.gif • http://www.mediafly.com/wp-content/uploads/Speed_Rocket-2.png • http://weaponsman.com/wp-content/uploads/2013/01/thumbs-down.png • http://m.flikie.com/ImageData/WallPapers/d1bef9f8be6d479387953929c766699a.jpg • http://www.tavendo.de/webmq/resources/faq • http://deadliestwebattacks.com/tag/websocket/ • http://en.wikipedia.org/wiki/WebSocket • http://www.infoq.com/articles/Web-Sockets-Proxy-Servers