-
Notifications
You must be signed in to change notification settings - Fork 1
/
tyrus-proprietary-config.html
1004 lines (926 loc) · 88.8 KB
/
tyrus-proprietary-config.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
<html><head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Chapter 8. Tyrus proprietary configuration</title><link rel="stylesheet" type="text/css" href="/tyrus-project.github.io/documentation.css"><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"><link rel="home" href="index.html" title="Tyrus 2.0.5 User Guide"><link rel="up" href="index.html" title="Tyrus 2.0.5 User Guide"><link rel="prev" href="injection.html" title="Chapter 7. Injection Support"></head><body class="contents"><div class="contents" bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 8. Tyrus proprietary configuration</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="injection.html">Prev</a> </td><th width="60%" align="center"> </th><td width="20%" align="right"> </td></tr></table><hr></div><div lang="en" class="chapter"><div class="titlepage"><div><div><h1 class="title"><a name="tyrus-proprietary-config"></a>Chapter 8. Tyrus proprietary configuration</h1></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl class="toc"><dt><span class="section"><a href="tyrus-proprietary-config.html#d0e1129">8.1. Client-side SSL configuration</a></span></dt><dd><dl><dt><span class="section"><a href="tyrus-proprietary-config.html#d0e1150">8.1.1. Host verification</a></span></dt></dl></dd><dt><span class="section"><a href="tyrus-proprietary-config.html#d0e1172">8.2. Asynchronous connectToServer methods</a></span></dt><dt><span class="section"><a href="tyrus-proprietary-config.html#d0e1185">8.3. Optimized broadcast</a></span></dt><dt><span class="section"><a href="tyrus-proprietary-config.html#d0e1198">8.4. Incoming buffer size</a></span></dt><dt><span class="section"><a href="tyrus-proprietary-config.html#d0e1216">8.5. Shared client container</a></span></dt><dd><dl><dt><span class="section"><a href="tyrus-proprietary-config.html#d0e1238">8.5.1. Custom masking key generator</a></span></dt></dl></dd><dt><span class="section"><a href="tyrus-proprietary-config.html#d0e1259">8.6. WebSocket Extensions</a></span></dt><dd><dl><dt><span class="section"><a href="tyrus-proprietary-config.html#d0e1284">8.6.1. ExtendedExtension sample</a></span></dt><dt><span class="section"><a href="tyrus-proprietary-config.html#d0e1305">8.6.2. Per Message Deflate Extension</a></span></dt></dl></dd><dt><span class="section"><a href="tyrus-proprietary-config.html#d0e1312">8.7. Client reconnect</a></span></dt><dt><span class="section"><a href="tyrus-proprietary-config.html#d0e1324">8.8. Client behind proxy</a></span></dt><dt><span class="section"><a href="tyrus-proprietary-config.html#d0e1332">8.9. JDK 7 client</a></span></dt><dd><dl><dt><span class="section"><a href="tyrus-proprietary-config.html#d0e1354">8.9.1. SSL configuration</a></span></dt></dl></dd><dt><span class="section"><a href="tyrus-proprietary-config.html#d0e1374">8.10. Tracing support</a></span></dt><dd><dl><dt><span class="section"><a href="tyrus-proprietary-config.html#d0e1382">8.10.1. Configuration</a></span></dt><dt><span class="section"><a href="tyrus-proprietary-config.html#d0e1448">8.10.2. Tracing Examples</a></span></dt></dl></dd><dt><span class="section"><a href="tyrus-proprietary-config.html#d0e1476">8.11. Client handshake request and response logging</a></span></dt><dt><span class="section"><a href="tyrus-proprietary-config.html#d0e1484">8.12. JMX Monitoring</a></span></dt><dd><dl><dt><span class="section"><a href="tyrus-proprietary-config.html#d0e1558">8.12.1. Configuration</a></span></dt></dl></dd><dt><span class="section"><a href="tyrus-proprietary-config.html#d0e1575">8.13. Maximal number of open sessions on server-side</a></span></dt><dd><dl><dt><span class="section"><a href="tyrus-proprietary-config.html#d0e1594">8.13.1. Maximal number of open sessions per application</a></span></dt><dt><span class="section"><a href="tyrus-proprietary-config.html#d0e1616">8.13.2. Maximal number of open sessions per remote address</a></span></dt><dt><span class="section"><a href="tyrus-proprietary-config.html#d0e1644">8.13.3. Maximal number of open sessions per endpoint</a></span></dt></dl></dd><dt><span class="section"><a href="tyrus-proprietary-config.html#d0e1659">8.14. Client HTTP Authentication</a></span></dt><dd><dl><dt><span class="section"><a href="tyrus-proprietary-config.html#d0e1684">8.14.1. Credentials</a></span></dt><dt><span class="section"><a href="tyrus-proprietary-config.html#d0e1692">8.14.2. Auth Configuration</a></span></dt><dt><span class="section"><a href="tyrus-proprietary-config.html#d0e1710">8.14.3. User defined authenticator</a></span></dt><dt><span class="section"><a href="tyrus-proprietary-config.html#d0e1737">8.14.4. Examples</a></span></dt></dl></dd><dt><span class="section"><a href="tyrus-proprietary-config.html#d0e1775">8.15. Client HTTP Redirect</a></span></dt><dd><dl><dt><span class="section"><a href="tyrus-proprietary-config.html#d0e1792">8.15.1. Supported HTTP response codes</a></span></dt><dt><span class="section"><a href="tyrus-proprietary-config.html#d0e1817">8.15.2. Configuration</a></span></dt><dt><span class="section"><a href="tyrus-proprietary-config.html#d0e1849">8.15.3. Exception handling</a></span></dt></dl></dd><dt><span class="section"><a href="tyrus-proprietary-config.html#d0e1886">8.16. Client support for HTTP status 503 - Service Unavailable with Retry-After header</a></span></dt><dd><dl><dt><span class="section"><a href="tyrus-proprietary-config.html#d0e1907">8.16.1. Configuration</a></span></dt></dl></dd></dl></div><p>Following settings do have influence on Tyrus behaviour and are <span class="emphasis"><em>NOT</em></span> part of WebSocket
specification. If you are using following configurable options, your application might not be easily transferable to
other WebSocket API implementation.</p><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="d0e1129"></a>8.1. Client-side SSL configuration</h2></div></div></div><p>When accessing "wss" URLs, Tyrus client will pick up whatever keystore and truststore is actually set for current JVM instance, but
that might not be always convenient. WebSocket API does not have this feature (yet, see <a class="link" href="https://java.net/jira/browse/WEBSOCKET_SPEC-210" target="_top">WEBSOCKET_SPEC-210</a>),
so Tyrus exposed two SSL configuration classes <a class="link" href="https://grizzly.java.net/docs/2.3/apidocs/org/glassfish/grizzly/ssl/SSLEngineConfigurator.html" target="_top">SSLEngineConfigurator</a>
and <a class="link" href="https://tyrus.java.net/apidocs/2.0.5/org/glassfish/tyrus/client/SslEngineConfigurator.html" target="_top">SslEngineConfigurator</a>
, which can be used for specifying all SSL parameters to be used with current client instance. The former configuration class
belongs to Grizzly configuration API and therefore works only with Grizzly client. The latter configuration class
works with both Grizzly and JDK client and offers some extensions over the Grizzly SSLEngineConfigurator
allowing more control of host verification during the SSL handshake. For more details
please refer to the following subsection dealing with host verification.
Additionally, WebSocket API does not have anything like a client, only WebSocketContainer and it does not have any properties, so you need to use Tyrus specific class -
<a class="link" href="https://tyrus.java.net/apidocs/2.0.5/org/glassfish/tyrus/client/ClientManager.html" target="_top">ClientManager</a>.</p><pre class="
 toolbar: false;
 brush: java;
 ">final ClientManager client = ClientManager.createClient();
System.getProperties().put("javax.net.debug", "all");
System.getProperties().put(SSLContextConfigurator.KEY_STORE_FILE, "...");
System.getProperties().put(SSLContextConfigurator.TRUST_STORE_FILE, "...");
System.getProperties().put(SSLContextConfigurator.KEY_STORE_PASSWORD, "...");
System.getProperties().put(SSLContextConfigurator.TRUST_STORE_PASSWORD, "...");
final SSLContextConfigurator defaultConfig = new SSLContextConfigurator();
defaultConfig.retrieve(System.getProperties());
// or setup SSLContextConfigurator using its API.
SSLEngineConfigurator sslEngineConfigurator =
new SSLEngineConfigurator(defaultConfig, true, false, false);
client.getProperties().put(ClientProperties.SSL_ENGINE_CONFIGURATOR,
sslEngineConfigurator);
client.connectToServer(... , ClientEndpointConfig.Builder.create().build(),
new URI("wss://localhost:8181/sample-echo/echo"));
}</pre><p>
If there seems to be a problem with Tyrus SSL connection, it is strongly recommended to use -Djavax.net.debug=all
system property as it provides invaluable information for troubleshooting.
</p><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="d0e1150"></a>8.1.1. Host verification</h3></div></div></div><p>
One of the key steps when establishing SSL connections is verifying that the host on the certificate
sent by the server matches the host Tyrus client tries to connect to and thus preventing a possibility of
a man-in-the-middle attack. Host verification is turned on by default in Tyrus, which means that Tyrus
will automatically check that the host provided in the URI in
</p><pre class="
 toolbar: false;
 brush: java;
 ">client.connectToServer(... , new URI("wss://target-server:8181/application/endpoint"));
</pre><p> matches exactly the host the certificate has been issued for. Exact match is
the key word in the previous sentence as host can be either hostname or IP address and those two cannot be used
interchangeably. For instance when a certificate has been issued for "localhost", establishing an SSL connection
to "wss://127.0.0.1:8181/application/endpoint" will fail as the host does not match the one in the certificate.
</p><p>
The default host verification can be too restrictive for some cases and therefore Tyrus provides users
with means to to either disable the host verification (highly unrecommended in production) or to implement
their own host verifier. Providing custom host verifier will disable the default one. It is also important
to note that Grizzly specific
<a class="link" href="https://grizzly.java.net/docs/2.3/apidocs/org/glassfish/grizzly/ssl/SSLEngineConfigurator.html" target="_top">SSLEngineConfigurator</a>
does not provide these options and for modifying the default host name verification policy
<a class="link" href="https://tyrus.java.net/apidocs/2.0.5/org/glassfish/tyrus/client/SslEngineConfigurator.html" target="_top">SslEngineConfigurator</a>
must be used instead. The following sample shows how to disable host name verification:
</p><pre class="
 toolbar: false;
 brush: java;
 ">SslEngineConfigurator sslEngineConfigurator = new SslEngineConfigurator(new SslContextConfigurator());
sslEngineConfigurator.setHostVerificationEnabled(false)
client.getProperties().put(ClientProperties.SSL_ENGINE_CONFIGURATOR, sslEngineConfigurator);
</pre><p>
The following sample shows how to register a custom host verifier:
</p><pre class="
 toolbar: false;
 brush: java;
 ">SslEngineConfigurator sslEngineConfigurator = new SslEngineConfigurator(new SslContextConfigurator());
sslEngineConfigurator.setHostnameVerifier(new HostnameVerifier() {
@Override
public boolean verify(String host, SSLSession sslSession) {
Certificate certificate = sslSession.getPeerCertificates()[0];
// validate the host in the certificate
}
});
client.getProperties().put(ClientProperties.SSL_ENGINE_CONFIGURATOR, sslEngineConfigurator);
</pre><p>
</p></div></div><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="d0e1172"></a>8.2. Asynchronous connectToServer methods</h2></div></div></div><p>WebSocketContainer.connectToServer(...) methods are by definition blocking - declared exceptions needs to
be thrown after connection attempt is made and it returns Session instance, which needs to be ready for sending
messages and invoking other methods, which require already established connection.</p><p>Existing connectToServer methods are fine for lots of uses, but it might cause issue when you are designing
application with highly responsible user interface. Tyrus introduces asynchronous variants to each connectToServer
method (prefixed with "async"), which returns Future<Session>. These methods do only simple check for provided
URL and the rest is executed in separate thread. All exceptions thrown during this phase are reported as cause
of ExecutionException thrown when calling Future<Session>.get().</p><p>Asynchronous connect methods are declared on Tyrus implementation of WebSocketContainer called ClientManager.</p><pre class="
 toolbar: false;
 brush: java;
 ">ClientManager client = ClientManager.createClient();
final Future<Session> future = client.asyncConnectToServer(ClientEndpoint.class, URI.create("..."));
try {
future.get();
} catch (...) {
}</pre><p>ClientManager contains async alternative to each connectToServer method.</p></div><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="d0e1185"></a>8.3. Optimized broadcast</h2></div></div></div><p>One of the typical usecases we've seen so far for WebSocket server-side endpoints is broadcasting messages
to all connected clients, something like:</p><pre class="
 toolbar: false;
 brush: java;
 ">@OnMessage
public void onMessage(Session session, String message) throws IOException {
for (Session s : session.getOpenSessions()) {
s.getBasicRemote().sendText(message);
}
}</pre><p>Executing this code might cause serious load increase on your application server. Tyrus provides optimized
broadcast implementation, which takes advantage of the fact, that we are sending exactly same message to all clients,
so dataframe can be created and serialized only once. Furthermore, Tyrus can iterate over set of opened connections
faster than Session.getOpenSession().</p><pre class="
 toolbar: false;
 brush: java;
 ">@OnMessage
public void onMessage(Session session, String message) {
((TyrusSession) session).broadcast(message);
}</pre><p>Unfortunately, WebSocket API forbids anything else than Session in @OnMessage annotated method parameter,
so you cannot use TyrusSession there directly and you might need to perform instanceof check.</p></div><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="d0e1198"></a>8.4. Incoming buffer size</h2></div></div></div><p>Sevlet container buffers incoming WebSocket frames and there must be a size limit to precede OutOfMemory
Exception and potentially DDoS attacks.</p><p>Configuration property is named <code class="code">"org.glassfish.tyrus.servlet.incoming-buffer-size"</code> and you can
set it in web.xml (this particular snipped sets the buffer size to 17000000 bytes (~16M payload):</p><pre class="
 toolbar: false;
 brush: xml;
 "><web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<context-param>
<param-name>org.glassfish.tyrus.servlet.incoming-buffer-size</param-name>
<param-value>17000000</param-value>
</context-param>
</web-app></pre><p>Default value is 4194315, which correspond to 4M plus few bytes to frame headers, so you should be able to
receive up to 4M long message without the need to care about this property.</p><p>Same issue is present on client side. There you can set this property via ClientManager:</p><pre class="
 toolbar: false;
 brush: java;
 ">ClientManager client = ClientManager.createClient();
client.getProperties().put("org.glassfish.tyrus.incomingBufferSize", 6000000); // sets the incoming buffer size to 6000000 bytes.
client.connectToServer( ... )</pre></div><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="d0e1216"></a>8.5. Shared client container</h2></div></div></div><p>By default, WebSocket client implementation in Tyrus re-creates client runtime whenever WebSocketContainer#connectToServer
is invoked. This approach gives us some perks like out-of-the-box isolation and relatively low thread count
(currently we have 1 selector thread and 2 worker threads). Also it gives you the ability to stop the client
runtime – one Session instance is tied to exactly one client runtime, so we can stop it when Session is closed.
This seems as a good solution for most of WebSocket client use cases – you usually use java client from
application which uses it for communicating with server side and you typically don’t need more than 10 instances
(my personal estimate is that more than 90% applications won’t use more than 1 connection). There are several
reasons for it – of it is just a client, it needs to preserve server resources – one WebSocket connection means
one TCP connection and we don’t really want clients to consume more than needed. Previous statement may be
invalidated by WebSocket multiplexing extension, but for now, it is still valid.</p><p>On the other hand, WebSocket client implementations in some other containers took another (also correct)
approach – they share client runtime for creating all client connections. That means they might not have this
strict one session one runtime policy, they cannot really give user way how he to control system resources,
but surely it has another advantage – it can handle much more opened connections. Thread pools are share among
client sessions which may or may not have some unforeseen consequences, but if its implemented correctly, it
should outperform Tyrus solution mentioned in previous paragraph in some use cases, like the one mentioned
in <a class="link" href="https://java.net/jira/browse/TYRUS-275" target="_top">TYRUS-275</a> - performance tests. Reporter
created simple program which used WebSocket API to create clients and connect to remote endpoint and he measured
how many clients can he create (or in other words: how many parallel client connections can be created; I guess
that original test case is to measure possible number of concurrent clients on server side, but that does not
really matter for this post). Tyrus implementation loose compared to some other and it was exactly because it
did not have shared client runtime capability.</p><p>How can you use this feature?</p><pre class="
 toolbar: false;
 brush: java;
 ">ClientManager client = ClientManager.createClient();
client.getProperties().put(ClientProperties.SHARED_CONTAINER, true);</pre><p>You might also want to specify container idle timeout:</p><pre class="
 toolbar: false;
 brush: java;
 ">client.getProperties().put(ClientProperties.SHARED_CONTAINER_IDLE_TIMEOUT, 5);</pre><p>Last but not least, you might want to specify thread pool sizes used by shared container (please use this feature only when you do know what are you doing. Grizzly by default does not limit max number of used threads,
so if you do that, please make sure thread pool size fits your purpose). Even though the default unlimited thread pool size is sufficient for the vast majority of client usages, it is also important ot note that
if the max. thread pool size is not specified and the clients which share the thread pool receive a large number of messages at the same moment, a new thread can be created for each of the received messages
which might demand large amount of system resources and might even lead to a program failure if the required resources are not available. Therefore for particularly busy clients setting the max thread pool
size can be only recommended. The following example shows how to set the maximal thread poll size.</p><pre class="
 toolbar: false;
 brush: java;
 ">client.getProperties().put(GrizzlyClientProperties.SELECTOR_THREAD_POOL_CONFIG, ThreadPoolConfig.defaultConfig().setMaxPoolSize(3));
client.getProperties().put(GrizzlyClientProperties.WORKER_THREAD_POOL_CONFIG, ThreadPoolConfig.defaultConfig().setMaxPoolSize(10));</pre><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="d0e1238"></a>8.5.1. Custom masking key generator</h3></div></div></div><p>
As a security measure, all frames originating on a websocket client have to be masked with a random 4B value, which must be generated for each frame.
Moreover to fully comply with the security requirements of RFC 6455, a masking key of a frame must not be predictable from masking keys of previous frames
and therefore Tyrus uses <code class="code">java.security.SecureRandom</code> as a default masking key generator. While this is perfectly OK for most Tyrus client use cases,
usage of <code class="code">java.security.SecureRandom</code> might prove to be a performance issue, when the client is used for instance for highly parallel stress testing,
as it uses a synchronized singleton as a random entropy provider in its internals.
</p><p>
To overcome the limitations mentioned above, Tyrus allows replacing the default <code class="code">java.security.SecureRandom</code> with more scalable masking key generator.
Please, be aware that there might be security implications if you decide not to use a cryptographically secure random number generator
in production like the one in the following sample. Moreover the supplied random number generator should be also thread safe.
The following example shows, how a custom masking key generator can be configured:
</p><pre class="
 toolbar: false;
 brush: java;
 ">ClientManager client = ClientManager.createClient();
client.getProperties().put(ClientProperties.MASKING_KEY_GENERATOR, new MaskingKeyGenerator() {
private final Random random = new Random();
@Override
public int nextInt() {
return random.nextInt();
}
});</pre><p>
</p><p>
It is also important to note that the scalability issue connected to the default masking key generator is not limited to the shared container client configuration,
but it is discussed in this section as it is assumed that shared container is used for highly parallel clients handling a lot of traffic, where the method
of masking key generation starts to matter.
</p></div></div><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="d0e1259"></a>8.6. WebSocket Extensions</h2></div></div></div><p>Please note that Extensions support is considered to be experimental and any API can be changed anytime. Also,
you should ask yourself at least twice whether you don't want to achieve your goal by other means - WebSocket
Extension is very powerful and can easily break your application when not used with care or enough expertise.
</p><p>WebSocket frame used in ExtendedExtension:</p><pre class="
 toolbar: false;
 brush: java;
 ">public class Frame {
public boolean isFin() { .. }
public boolean isRsv1() { .. }
public boolean isRsv2() { .. }
public boolean isRsv3() { .. }
public boolean isMask() { .. }
public byte getOpcode() { .. }
public long getPayloadLength() { .. }
public int getMaskingKey() { .. }
public byte[] getPayloadData() { .. }
public boolean isControlFrame() { .. }
public static Builder builder() { .. }
public static Builder builder(Frame frame) { .. }
public final static class Builder {
public Builder() { .. }
public Builder(Frame frame) { .. }
public Frame build() { .. }
public Builder fin(boolean fin) { .. }
public Builder rsv1(boolean rsv1) { .. }
public Builder rsv2(boolean rsv2) { .. }
public Builder rsv3(boolean rsv3) { .. }
public Builder mask(boolean mask) { .. }
public Builder opcode(byte opcode) { .. }
public Builder payloadLength(long payloadLength) { .. }
public Builder maskingKey(int maskingKey) { .. }
public Builder payloadData(byte[] payloadData) { .. }
}</pre><p>Frame is immutable, so if you want to create new one, you need to create new builder, modify what you want
and build it:</p><pre class="
 toolbar: false;
 brush: java;
 ">Frame newFrame = Frame.builder(originalFrame).rsv1(true).build();</pre><p>Note that there is only one convenience method: isControlFrame. Other information about frame type etc needs
to be evaluated directly from opcode, simply because there might not be enough information to get the correct
outcome or the information itself would not be very useful. For example: opcode 0×00 means continuation frame,
but you don’t have any chance to get the information about actual type (text or binary) without intercepting
data from previous frames. Consider Frame class as raw representation as possible. isControlFrame() can be also
gathered from opcode, but it is at least always deterministic and it will be used by most of extension
implementations. It is not usual to modify control frames as it might end with half closed connections or
unanswered ping messages.</p><p>ExtendedExtension representation needs to be able to handle extension parameter negotiation and actual processing
of incoming and outgoing frames. It also should be compatible with existing jakarta.websocket.Extension class, since we
want to re-use existing registration API and be able to return new extension instance included in response
from List<Extension> Session.getNegotiatedExtensions() call. Consider following:</p><pre class="
 toolbar: false;
 brush: java;
 ">public interface ExtendedExtension extends Extension {
Frame processIncoming(ExtensionContext context, Frame frame);
Frame processOutgoing(ExtensionContext context, Frame frame);
List onExtensionNegotiation(ExtensionContext context, List requestedParameters);
void onHandshakeResponse(ExtensionContext context, List responseParameters);
void destroy(ExtensionContext context);
interface ExtensionContext {
Map<String, Object> getProperties();
}
}</pre><p>ExtendedExtension is capable of processing frames and influence parameter values during the handshake.
Extension is used on both client and server side and since the negotiation is only place where this fact
applies, we needed to somehow differentiate these sides. On server side, only onExtensionNegotiation(..)
method is invoked and on client side onHandshakeResponse(..). Server side method is a must, client side could
be somehow solved by implementing ClientEndpointConfig.Configurator#afterResponse(..) or calling
Session.getNegotiatedExtenions(), but it won’t be as easy to get this information back to extension instance
and even if it was, it won’t be very elegant. Also, you might suggest replacing processIncoming and
processOutgoing methods by just oneprocess(Frame) method. That is also possible, but then you might have to
assume current direction from frame instance or somehow from ExtensionContext, which is generally not a bad
idea, but it resulted it slightly less readable code.</p><p>ExtensionContext and related lifecycle method is there because original jakarta.websocket.Extension is singleton
and ExtendedExtension must obey this fact. But it does not meet some requirements we stated previously, like per
connection parameter negotiation and of course processing itself will most likely have some connection state.
Lifecycle of ExtensionContext is defined as follows: ExtensionContext instance is created right before onExtensionNegotiation
(server side) or onHandshakeResponse (client side) and destroyed after destroy method invocation. Obviously, processIncoming
or processOutgoing cannot be called before ExtensionContext is created or after is destroyed. You can think of handshake
related methods as @OnOpenand destroy as @OnClose.</p><p>For those more familiar with WebSocket protocol: process*(ExtensionContext, Frame) is always invoked with unmasked
frame, you don’t need to care about it. On the other side, payload is as it was received from the wire, before any
validation (UTF-8 check for text messages). This fact is particularly important when you are modifying text
message content, you need to make sure it is properly encoded in relation to other messages, because encoding/decoding
process is stateful – remainder after UTF-8 coding is used as input to coding process for next message. If you
want just test this feature and save yourself some headaches, don’t modify text message content or try binary
messages instead.</p><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="d0e1284"></a>8.6.1. ExtendedExtension sample</h3></div></div></div><p>Let’s say we want to create extension which will encrypt and decrypt first byte of every binary message. Assume we have a key (one byte) and our symmetrical cipher will be XOR. (Just for simplicity (a XOR key XOR key) = a, so encrypt() and decrypt() functions are the same).</p><pre class="
 toolbar: false;
 brush: java;
 ">public class CryptoExtension implements ExtendedExtension {
@Override
public Frame processIncoming(ExtensionContext context, Frame frame) {
return lameCrypt(context, frame);
}
@Override
public Frame processOutgoing(ExtensionContext context, Frame frame) {
return lameCrypt(context, frame);
}
private Frame lameCrypt(ExtensionContext context, Frame frame) {
if(!frame.isControlFrame() && (frame.getOpcode() == 0x02)) {
final byte[] payloadData = frame.getPayloadData();
payloadData[0] ^= (Byte)(context.getProperties().get("key"));
return Frame.builder(frame).payloadData(payloadData).build();
} else {
return frame;
}
}
@Override
public List onExtensionNegotiation(ExtensionContext context,
List requestedParameters) {
init(context);
// no params.
return null;
}
@Override
public void onHandshakeResponse(ExtensionContext context,
List responseParameters) {
init(context);
}
private void init(ExtensionContext context) {
context.getProperties().put("key", (byte)0x55);
}
@Override
public void destroy(ExtensionContext context) {
context.getProperties().clear();
}
@Override
public String getName() {
return "lame-crypto-extension";
}
@Override
public List getParameters() {
// no params.
return null;
}
}</pre><p>You can see that ExtendedExtension is slightly more complicated that original Extension so the implementation
has to be also not as straightforward.. on the other hand, it does something. Sample code above shows possible
simplification mentioned earlier (one process method will be enough), but please take this as just sample
implementation. Real world case is usually more complicated.</p><p>Now when we have our CryptoExtension implemented, we want to use it. There is nothing new compared to standard
WebSocket Java API, feel free to skip this part if you are already familiar with it. Only programmatic version
will be demonstrated. It is possible to do it for annotated version as well, but it is little bit more complicated
on the server side and I want to keep the code as compact as possible.</p><p>Client registration</p><pre class="
 toolbar: false;
 brush: java;
 ">ArrayList extensions = new ArrayList();
extensions.add(new CryptoExtension());
final ClientEndpointConfig clientConfiguration =
ClientEndpointConfig.Builder.create()
.extensions(extensions).build();
WebSocketContainer client = ContainerProvider.getWebSocketContainer();
final Session session = client.connectToServer(new Endpoint() {
@Override
public void onOpen(Session session, EndpointConfig config) {
// ...
}
}, clientConfiguration, URI.create(/* ... */));</pre><p>Server registration:</p><pre class="
 toolbar: false;
 brush: java;
 ">public class CryptoExtensionApplicationConfig implements ServerApplicationConfig {
@Override
public Set getEndpointConfigs(Set<Class<? extends Endpoint>> endpointClasses) {
Set endpointConfigs = new HashSet();
endpointConfigs.add(
ServerEndpointConfig.Builder.create(EchoEndpoint.class, "/echo")
.extensions(Arrays.asList(new CryptoExtension())).build()
);
return endpointConfigs;
}
@Override
public Set<Class<?>> getAnnotatedEndpointClasses(Set<Class<?>> scanned) {
// all scanned endpoints will be used.
return scanned;
}
}
public class EchoEndpoint extends Endpoint {
@Override
public void onOpen(Session session, EndpointConfig config) {
// ...
}
}</pre><p>CryptoExtensionApplicationConfig will be found by servlets scanning mechanism and automatically used for
application configuration, no need to add anything (or even have) web.xml.</p></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="d0e1305"></a>8.6.2. Per Message Deflate Extension</h3></div></div></div><p>The original goal of whole extension support was to implement Permessage extension as defined in
draft-ietf-hybi-permessage-compression-15 and we were able to achieve that goal. Well, not completely, current
implementation ignores parameters. But it seems like it does not matter much, it was tested with Chrome and it
works fine. Also it passes newest version of Autobahn test suite, which includes tests for this extension.</p><p>see PerMessageDeflateExtension.java (compatible with draft-ietf-hybi-permessage-compression-15, autobahn test suite) and
XWebKitDeflateExtension.java (compatible with Chrome and Firefox – same as previous, just different extension name)
</p></div></div><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="d0e1312"></a>8.7. Client reconnect</h2></div></div></div><p>If you need semi-persistent client connection, you can always implement some reconnect logic by yourself,
but Tyrus Client offers useful feature which should be much easier to use. See short sample code:</p><pre class="
 toolbar: false;
 brush: java;
 ">ClientManager client = ClientManager.createClient();
ClientManager.ReconnectHandler reconnectHandler = new ClientManager.ReconnectHandler() {
private int counter = 0;
@Override
public boolean onDisconnect(CloseReason closeReason) {
counter++;
if (counter <= 3) {
System.out.println("### Reconnecting... (reconnect count: " + counter + ")");
return true;
} else {
return false;
}
}
@Override
public boolean onConnectFailure(Exception exception) {
counter++;
if (counter <= 3) {
System.out.println("### Reconnecting... (reconnect count: " + counter + ") " + exception.getMessage());
// Thread.sleep(...) or something other "sleep-like" expression can be put here - you might want
// to do it here to avoid potential DDoS when you don't limit number of reconnects.
return true;
} else {
return false;
}
}
@Override
public long getDelay() {
return 1;
}
};
client.getProperties().put(ClientProperties.RECONNECT_HANDLER, reconnectHandler);
client.connectToServer(...)</pre><p>ReconnectHandler contains three methods, onDisconnect, onConnectFailure and getDelay. First will be executed
whenever @OnClose annotated method (or Endpoint.onClose(..)) is executed on client side - this should happen when
established connection is lost for any reason. You can find the reason in methods parameter. Other one, called
onConnectFailure is invoked when client fails to connect to remote endpoint, for example due to temporary network
issue or current high server load. Method getDelay is called after any of previous methods returns <code class="code">true</code>
and the returned value will be used to determine delay before next connection attempt. Default value is 5 seconds.</p></div><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="d0e1324"></a>8.8. Client behind proxy</h2></div></div></div><p>
Tyrus client supports traversing proxies, but it is Tyrus specific feature and its configuration is shown
in the following code sample:
</p><pre class="
 toolbar: false;
 brush: java;
 ">
ClientManager client = ClientManager.createClient();
client.getProperties().put(ClientProperties.PROXY_URI, "http://my.proxy.com:80");
</pre><p>
Value is expected to be proxy URI. Protocol part is currently ignored, but must be present.
</p></div><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="d0e1332"></a>8.9. JDK 7 client</h2></div></div></div><p>
As has been said in previous chapters both Tyrus client and server were implemented on top of Grizzly NIO framework.
This still remains true, but an alternative Tyrus Websocket client implementation based on Java 7 Asynchronous Channel
API has been available since version 1.6. There are two options how to switch between client implementations.
If you do not mind using Tyrus specific API, the most straightforward way is to use:
</p><pre class="
 toolbar: false;
 brush: java;
 ">
final ClientManager client = ClientManager.createClient(JdkClientContainer.class.getName());
</pre><p>
You just have to make sure that the dependency on JDK client is included in your project:
</p><pre class="
 toolbar: false;
 brush: xml;
 gutter: false;">
<dependency>
<groupId>org.glassfish.tyrus</groupId>
<artifactId>tyrus-container-jdk-client</artifactId>
<version>2.0.5</version>
</dependency>
</pre><p>
Grizzly client is the default option, so creating a client without any parameters will result in Grizzly client being used.
</p><p>
There is also an option how to use JDK client with the standard Websocket API.
</p><pre class="
 toolbar: false;
 brush: java;
 ">
final WebSocketContainer client = ContainerProvider.getWebSocketContainer();
</pre><p>
The code listed above will scan class path for Websocket client implementations. A slight problem with this
approach is that if there is more than one client on the classpath, the first one discovered will be used.
Therefore if you intend to use JDK client with the standard API, you have to make sure that there is not
a Grizzly client on the classpath as it might be used instead.
</p><p>
The main reason why JDK client has been implemented is that it does not have any extra dependencies
except JDK 7 and of course some other Tyrus modules, which makes it considerable more lightweight compared
to Tyrus Grizzly client, which requires 1.4 MB of dependencies.
</p><p>
It is also important to note that the JDK client has been implemented in a way similar to Grizzly client
shared container option, which means that there is one thread pool shared among all clients.
</p><p>
Proxy configuration for JDK client is the same as for Grizzly client shown above.
</p><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="d0e1354"></a>8.9.1. SSL configuration</h3></div></div></div><p>
Alike in case of Grizzly client, accessing "wss" URLs will cause Tyrus client to pick up whatever keystore
and trust store is actually set for the current JVM instance. However, specifying SSL parameters
to be used with JDK client instance is little different from Grizzly client, because Grizzly client supports
both
<a class="link" href="https://grizzly.java.net/docs/2.3/apidocs/org/glassfish/grizzly/ssl/SSLEngineConfigurator.html" target="_top">SSLEngineConfigurator</a>
end
<a class="link" href="https://grizzly.java.net/docs/2.3/apidocs/org/glassfish/grizzly/ssl/SSLContextConfigurator.html" target="_top">SSLContextConfigurator</a>
from Grizzly project and
<a class="link" href="https://tyrus.java.net/apidocs/2.0.5/org/glassfish/tyrus/client/SslEngineConfigurator.html" target="_top">SslEngineConfigurator</a>
and
<a class="link" href="https://tyrus.java.net/apidocs/2.0.5/org/glassfish/tyrus/client/SslContextConfigurator.html" target="_top">SslContextConfigurator</a>
from Tyrus project, but JDK client supports only the Tyrus version of these classes.
The following code sample shows an example of some SSL parameters configuration for the JDK client:
</p><pre class="
 toolbar: false;
 brush: java;
 ">
SslContextConfigurator sslContextConfigurator = new SslContextConfigurator();
sslContextConfigurator.setTrustStoreFile("...");
sslContextConfigurator.setTrustStorePassword("...");
sslContextConfigurator.setTrustStoreType("...");
sslContextConfigurator.setKeyStoreFile("...");
sslContextConfigurator.setKeyStorePassword("...");
sslContextConfigurator.setKeyStoreType("...");
SslEngineConfigurator sslEngineConfigurator = new SslEngineConfigurator(sslContextConfigurator, true, false, false);
client.getProperties().put(ClientProperties.SSL_ENGINE_CONFIGURATOR, sslEngineConfigurator);
</pre><p>
</p></div></div><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="d0e1374"></a>8.10. Tracing support</h2></div></div></div><p>
Apart from logging, Tyrus supports another useful means for debugging and diagnosing a deployed application which will
be referred to as tracing on the following lines. Tracing consists of including vital information about handshake
handling into a handshake response. The provided information includes among other things an insight into how Tyrus matches
handshake request URI against the URI of the deployed endpoints and how the best matching endpoint is selected.
The tracing information is included in a handshake response as a content of HTTP headers with
<code class="code">X-Tyrus-Tracing-</code> as the header names prefix.
All the tracing information will also be available in the server log if the appropriate logging level is set.
If it is still unclear, how Tyrus tracing works, please refer to the subsection with title Tracing Examples.
</p><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="d0e1382"></a>8.10.1. Configuration</h3></div></div></div><p>
Tracing support is disabled by default. You can enable it either "globally" for all application handshake requests
or selectively per handshake request. The tracing support activation is controlled by setting the
<code class="code">org.glassfish.tyrus.server.tracingType</code> configuration property. The property value is expected to be one of the following:
</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>OFF - tracing support is disabled (default value).</p></li><li class="listitem"><p>ON_DEMAND - tracing support is in a stand-by mode; it is enabled selectively per handshake, via a special
X-Tyrus-Tracing-Accept HTTP header in a handshake request.</p></li><li class="listitem"><p>ALL - tracing support is enabled for all handshake requests.</p></li></ul></div><p>
The level of detail of the information provided by Tyrus tracing facility - the tracing threshold - can be customized.
The tracing threshold can be set at the application level via <code class="code">org.glassfish.tyrus.server.tracingThreshold</code>
application configuration property in both Glassfish and Grizzly as will be shown in the following samples,
or at a request level, via X-Tyrus-Tracing-Threshold HTTP header in a handshake request. The request-level configuration
overrides any application level setting. There are 2 supported levels of detail for Tyrus tracing:
</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>SUMMARY - very basic summary information about handshake processing</p></li><li class="listitem"><p>TRACE - detailed information about handshake processing (default threshold value).</p></li></ul></div><p>
</p><div class="section"><div class="titlepage"><div><div><h4 class="title"><a name="d0e1412"></a>8.10.1.1. Global configuration examples</h4></div></div></div><p>
As has been already said, tracing is disabled by default. The following code sample shows, how <code class="code">ON_DEMAND</code> tracing with
level set to <code class="code">SUMMARY</code> can be enabled on Grizzly server:
</p><pre class="
 toolbar: false;
 brush: java;
 ">
serverProperties.put(TyrusWebSocketEngine.TRACING_TYPE, ON_DEMAND);
serverProperties.put(TyrusWebSocketEngine.TRACING_THRESHOLD, SUMMARY);
</pre><p>
Similarly <code class="code">ALL</code> tracing with level set to <code class="code">TRACE</code> (the default) can be enabled on Glassfish server in web.xml:
</p><pre class="
 toolbar: false;
 brush: xml;
 "><web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<context-param>
<param-name>org.glassfish.tyrus.server.tracingType</param-name>
<param-value>ALL</param-value>
</context-param>
</web-app></pre><p>
It has been also already mentioned that the tracing threshold configured on application level can be overridden per handshake request as
will be shown in the following section.
</p></div><div class="section"><div class="titlepage"><div><div><h4 class="title"><a name="d0e1435"></a>8.10.1.2. Configuring tracing via handshake request headers</h4></div></div></div><p>
Whenever the tracing support is active (ON_DEMAND or ALL) you can customize the tracing behaviour by including one or more of the following request HTTP headers
in the individual handshake requests:
</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>X-Tyrus-Tracing-Accept - used to enable the tracing support for the particular request. It is applied only when the application-level tracing support is configured to
ON_DEMAND mode. The value of the header is not used by the Tyrus tracing facility and as such it can be any arbitrary (even empty) string.</p></li><li class="listitem"><p>X-Tyrus-Tracing-Threshold - used to override the tracing threshold. Allowed values are: SUMMARY, TRACE.</p></li></ul></div><p>
</p></div></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="d0e1448"></a>8.10.2. Tracing Examples</h3></div></div></div><p>
An example of a handshake request to a server in <code class="code">ON_DEMAND</code> tracing mode requesting <code class="code">SUMMARY</code> tracing information:
</p><pre class="screen"> 1 GET /endpoint/b HTTP/1.1
2 Connection: Upgrade
3 Host: localhost:8025
4 Origin: localhost:8025
5 Sec-WebSocket-Key: YrFldD8nhRW+6hJ2K/TMqw==
6 Sec-WebSocket-Version: 13
7 Upgrade: websocket
8 X-Tyrus-Tracing-Accept: Whatever
9 X-Tyrus-Tracing-Threshold: SUMMARY</pre><p>
An example of a possible response to the request above:
</p><pre class="screen"> 1 HTTP/1.1 404 Not found
2 x-tyrus-tracing-00 : [0 ms] Matching request URI /samples-debug/endpoint/b against /samples-debug/endpoint/{a}/b
3 x-tyrus-tracing-01 : [0 ms] URIs /samples-debug/endpoint/b and /samples-debug/endpoint/{a}/b have different length
4 x-tyrus-tracing-02 : [0 ms] Matching request URI /samples-debug/endpoint/b against /samples-debug/endpoint/{a}/{b}
5 x-tyrus-tracing-03 : [0 ms] URIs /samples-debug/endpoint/b and /samples-debug/endpoint/{a}/{b} have different length
6 x-tyrus-tracing-04 : [0 ms] Matching request URI /samples-debug/endpoint/b against /samples-debug/endpoint/a/b
7 x-tyrus-tracing-05 : [1 ms] URIs /samples-debug/endpoint/b and /samples-debug/endpoint/a/b have different length
8 x-tyrus-tracing-06 : [1 ms] Matching request URI /samples-debug/endpoint/b against /samples-debug/endpoint/a/a
9 x-tyrus-tracing-07 : [1 ms] URIs /samples-debug/endpoint/b and /samples-debug/endpoint/a/a have different length
10 x-tyrus-tracing-08 : [1 ms] Matching request URI /samples-debug/endpoint/b against /samples-debug/endpoint/a
11 x-tyrus-tracing-09 : [1 ms] Segment "a" does not match
12 x-tyrus-tracing-10 : [1 ms] Matching request URI /samples-debug/endpoint/b against /samples-debug/endpoint/a/{b}
13 x-tyrus-tracing-11 : [1 ms] URIs /samples-debug/endpoint/b and /samples-debug/endpoint/a/{b} have different length
14 x-tyrus-tracing-12 : [3 ms] Endpoints matched to the request URI: []</pre><p>
The time in the square brackets in the sample above is the time since the handshake request has been received.
</p><p>
An example of a possible handshake response from a server in <code class="code">ALL</code> tracing mode with tracing threshold set to <code class="code">TRACE</code>:
</p><pre class="screen"> 1 HTTP/1.1 101
2 connection: Upgrade
3 sec-websocket-accept: C8/QbF4Mx9sX31sihUcnI19yqto=
4 upgrade: websocket
5 x-tyrus-tracing-00 : [0 ms] Matching request URI /samples-debug/endpoint/a/b against /samples-debug/endpoint/{a}/b
6 x-tyrus-tracing-01 : [0 ms] Matching request URI /samples-debug/endpoint/a/b against /samples-debug/endpoint/{a}/{b}
7 x-tyrus-tracing-02 : [0 ms] Matching request URI /samples-debug/endpoint/a/b against /samples-debug/endpoint/a/b
8 x-tyrus-tracing-03 : [1 ms] Matching request URI /samples-debug/endpoint/a/b against /samples-debug/endpoint/a/a
9 x-tyrus-tracing-04 : [1 ms] Segment "a" does not match
10 x-tyrus-tracing-05 : [1 ms] Matching request URI /samples-debug/endpoint/a/b against /samples-debug/endpoint/a
11 x-tyrus-tracing-06 : [1 ms] URIs /samples-debug/endpoint/a/b and /samples-debug/endpoint/a have different length
12 x-tyrus-tracing-07 : [1 ms] Matching request URI /samples-debug/endpoint/a/b against /samples-debug/endpoint/a/{b}
13 x-tyrus-tracing-08 : [3 ms] Choosing better match from /samples-debug/endpoint/{a}/b and /samples-debug/endpoint/a/b
14 x-tyrus-tracing-09 : [3 ms] /samples-debug/endpoint/a/b is an exact match
15 x-tyrus-tracing-10 : [3 ms] Choosing better match from /samples-debug/endpoint/a/{b} and /samples-debug/endpoint/{a}/b
16 x-tyrus-tracing-11 : [3 ms] /samples-debug/endpoint/a/{b} is a better match, because it has longer exact path
17 x-tyrus-tracing-12 : [3 ms] Choosing better match from /samples-debug/endpoint/a/{b} and /samples-debug/endpoint/{a}/b
18 x-tyrus-tracing-13 : [3 ms] /samples-debug/endpoint/a/{b} is a better match, because it has longer exact path
19 x-tyrus-tracing-14 : [3 ms] Choosing better match from /samples-debug/endpoint/a/{b} and /samples-debug/endpoint/a/b
20 x-tyrus-tracing-15 : [3 ms] /samples-debug/endpoint/a/b is an exact match
21 x-tyrus-tracing-16 : [3 ms] Choosing better match from /samples-debug/endpoint/{a}/{b} and /samples-debug/endpoint/a/{b}
22 x-tyrus-tracing-17 : [4 ms] /samples-debug/endpoint/a/{b} is a better match, because it has longer exact path
23 x-tyrus-tracing-18 : [4 ms] Choosing better match from /samples-debug/endpoint/{a}/{b} and /samples-debug/endpoint/{a}/b
24 x-tyrus-tracing-19 : [4 ms] /samples-debug/endpoint/{a}/b is a better match, because /samples-debug/endpoint/{a}/{b} has more variables
25 x-tyrus-tracing-20 : [4 ms] Endpoints matched to the request URI: [/samples-debug/endpoint/a/b, /samples-debug/endpoint/a/{b}, /samples-debug/endpoint/{a}/b, /samples-debug/endpoint/{a}/{b}]
26 x-tyrus-tracing-21 : [4 ms] Endpoint selected as a match to the handshake URI: /samples-debug/endpoint/a/b </pre><p>
</p></div></div><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="d0e1476"></a>8.11. Client handshake request and response logging</h2></div></div></div><p>
Tyrus client offers a possibility, how to enable printing of handshake requests and responses to standard output without having to configure Java logging,
which is essential when debugging a misbehaving websocket application. This feature is particularly useful with tracing enabled. The following sample shows,
how the handshake logging can be enabled:
</p><pre class="
 toolbar: false;
 brush: java;
 ">
ClientManager client = ClientManager.createClient();
client.getProperties().put(ClientProperties.LOG_HTTP_UPGRADE, true);
</pre><p>
</p></div><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="d0e1484"></a>8.12. JMX Monitoring</h2></div></div></div><p>
Tyrus allows monitoring and accessing some runtime properties and metrics at the server side using JMX (Java management extension technology).
The monitoring API has been available since version 1.6 and the following properties are available at runtime
through MXBeans. Number of open sessions, maximal number of open session since the start of monitoring and
list of deployed endpoint class names and paths are available for each application. Endpoint class name and path
the endpoint is registered on, number of open session and maximal number of open sessions are available for each
endpoint. Apart from that message as well as error statistics are collected both per application and per individual endpoint.
</p><p>
The following message statistics are monitored for both sent and received messages:
</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>messages count</p></li><li class="listitem"><p>messages count per second</p></li><li class="listitem"><p>average message size</p></li><li class="listitem"><p>smallest message size</p></li><li class="listitem"><p>largest message size</p></li></ul></div><p>
Moreover all of them are collected separately for text, binary and control messages and apart from the statistics being available
for the three separate categories, total numbers summing up statistics from the three types of messages are also available.
</p><p>
As has been already mentioned above, Tyrus also monitors errors on both application and endpoint level.
An error is identified by the Throwable class name that has been thrown. Statistics are collected about number of times each
Throwable has been thrown, so a list of errors together with a number of times each error occurred is available on both application and endpoint level.
The monitored errors correspond to invocation of @OnError method on an annotated endpoint or its equivalent on a programmatic endpoint
(The invocation of @OnError method is just an analogy and an error will be monitored even if no @OnError method is provided on the endpoint).
Errors that occur in @OnOpen, @OnClose methods and methods handling incoming messages are monitored. Errors that occurred during handshake
will not be among the monitored errors.
</p><p>
The collected metrics as well as the endpoint properties mentioned above are accessible at runtime through Tyrus MXBeans.
As has been already mention the information is available on both application and endpoint level with each application
or endpoint being represented with four MXBeans. One of those MXBeans contains total message statistics for both sent and received
messages as well as any properties specific for applications or endpoints such as endpoint path in the case of an endpoint.
The other three MXBeans contain information about sent and received text, binary and control messages.
</p><p>
When a user connects to a tyrus application MBean server using an JMX client such as JConsole, they will see
the following structure:
</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>
Application 1 - MXBean containing a list of deployed endpoint class names and paths, number of open sessions,
maximal number of open sessions, error and total message statistics for the application.
</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: circle; "><li class="listitem"><p>
message statistics - a directory containing message statistics MXBeans
</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: square; "><li class="listitem"><p>
text - MXBean containing text message statistics
</p></li><li class="listitem"><p>
binary - MXBean containing binary message statistics
</p></li><li class="listitem"><p>
control - MXBean containing control message statistics
</p></li></ul></div></li><li class="listitem"><p>
endpoints - a directory containing application endpoint MXBeans
</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: square; "><li class="listitem"><p>
Endpoint 1 - MXBean containing Endpoint 1 class name and path, number of open sessions,
maximal number of open sessions, error and total message statistics for the endpoint.
</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>
text - MXBean containing text message statistics
</p></li><li class="listitem"><p>
binary - MXBean containing binary message statistics
</p></li><li class="listitem"><p>
control - MXBean containing control message statistics
</p></li></ul></div></li><li class="listitem"><p>
Endpoint 2
</p></li></ul></div></li></ul></div></li><li class="listitem"><p>
Application 2
</p></li></ul></div><p>
</p><p>
In fact the monitoring structure described above was a little bit simplistic, because there is an additional
monitoring level available, which causes message metrics being also available per session.
The monitoring structure is very similar to the one described above, with a small difference that there are
four MXBeans registered for each session, which contain text, binary, control and total message statistics.
In order to distinguish the two monitoring levels, they will be referred to as endpoint-level monitoring
and session-level monitoring.
</p><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="d0e1558"></a>8.12.1. Configuration</h3></div></div></div><p>
As has been already mentioned, monitoring is supported only on the server side and is disabled by default.
The following code sample shows, how endpoint-level monitoring can be enabled on Grizzly server:
</p><pre class="
 toolbar: false;
 brush: java;
 ">
serverProperties.put(ApplicationEventListener.APPLICATION_EVENT_LISTENER, new SessionlessApplicationMonitor());
</pre><p>
Similarly endpoint-level monitoring can be enabled on Grizzly server in the following way:
</p><pre class="
 toolbar: false;
 brush: java;
 ">
serverProperties.put(ApplicationEventListener.APPLICATION_EVENT_LISTENER, new SessionAwareApplicationMonitor());
</pre><p>
Monitoring can be configured on Glassfish in web.xml and the following code sample shows endpoint-level configuration:
</p><pre class="
 toolbar: false;
 brush: xml;
 "><web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<context-param>
<param-name>org.glassfish.tyrus.core.monitoring.ApplicationEventListener</param-name>
<param-value>org.glassfish.tyrus.ext.monitoring.jmx.SessionlessApplicationMonitor</param-value>
</context-param>
</web-app>
</pre><p>
Similarly session-level monitoring can be configured on Glassfish in web.xml in the following way:
</p><pre class="
 toolbar: false;
 brush: xml;
 "><web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<context-param>
<param-name>org.glassfish.tyrus.core.monitoring.ApplicationEventListener</param-name>
<param-value>org.glassfish.tyrus.ext.monitoring.jmx.SessionAwareApplicationMonitor</param-value>
</context-param>
</web-app>
</pre><p>
</p></div></div><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="d0e1575"></a>8.13. Maximal number of open sessions on server-side</h2></div></div></div><p>
Tyrus offers a few ways to limit the number of open sessions, which can be used to save limited resources
on a server hosting system. The limits can be configured in several scopes:
</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">per whole application</li><li class="listitem">per endpoint</li><li class="listitem">per remote address (client IP address)</li></ul></div><p>
If the number of simultaneously opened sessions exceeds any of these limits, Tyrus will close the session
with close code 1013 - Try Again Later.
</p><p>
Limits mentioned above can be combined together. For example, let's say we have
an application with two endpoints. Overall limit per application will be 1000 open sessions and the first
one, non-critical endpoint, will be limited to 75 open sessions at maximum. So we know that the second
endpoint can handle 925-1000 opened sessions, depends on how many open sessions are connected to
the first endpoint (0-75).
</p><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="d0e1594"></a>8.13.1. Maximal number of open sessions per application</h3></div></div></div><p>
This configuration property can be used to limit overall number of open sessions per whole application.
The main purpose of this configurable limit is to restrict how many resources the application can
consume.
</p><p>
The number of open sessions per whole application can be configured by setting property
<code class="code">org.glassfish.tyrus.maxSessionsPerApp</code>. Property can be used as
<code class="code"><context-param></code>
in
<code class="code">web.xml</code>
or as an entry in parameter map in (standalone) Server properties.
</p><p>
Note that only positive integer is allowed.
</p><p>This example will set maximal number of open sessions per whole application to 500:</p><pre class="
 toolbar: false;
 brush: xml;
 gutter: false;">
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<context-param>
<param-name>org.glassfish.tyrus.maxSessionsPerApp</param-name>
<param-value>500</param-value>
</context-param>
</web-app>
</pre></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="d0e1616"></a>8.13.2. Maximal number of open sessions per remote address</h3></div></div></div><p>
The number of open sessions per remote address can be configured by setting property
<code class="code">org.glassfish.tyrus.maxSessionsPerRemoteAddr</code>. Property can be used as
<code class="code"><context-param></code>
in
<code class="code">web.xml</code>
or as an entry in parameter map in (standalone) Server properties.
</p><p>
<code class="code">Remote address</code>
value is obtained from
<a class="link" href="http://docs.oracle.com/javaee/6/api/javax/servlet/ServletRequest.html#getRemoteAddr()" target="_top">
ServletRequest#getRemoteAddr()
</a>
or its alternative when using Grizzly server implementation.
Beware that this method returns always the last node which sending HTTP request, so all clients
behind one proxy will be treated as clients from single remote address.
</p><p>
Note that only positive integer is allowed.
</p><p>This example will set maximal number of open sessions from unique IP address or last proxy to 5:
</p><pre class="
 toolbar: false;
 brush: xml;
 gutter: false;">
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<context-param>
<param-name>org.glassfish.tyrus.maxSessionsPerRemoteAddr</param-name>
<param-value>5</param-value>
</context-param>
</web-app>
</pre></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="d0e1644"></a>8.13.3. Maximal number of open sessions per endpoint</h3></div></div></div><p>
Set maximum number of sessions in annotated endpoint:
</p><pre class="
 toolbar: false;
 brush: java;
 ">
import jakarta.websocket.OnOpen;
import jakarta.websocket.Session;
import jakarta.websocket.server.ServerEndpoint;
import org.glassfish.tyrus.core.MaxSessions;
/**
* Annotated endpoint.
*/
@MaxSessions(100)
@ServerEndpoint(value = "/limited-sessions-endpoint")
public static class LimitedSessionsEndpoint {
@OnOpen
public void onOpen(Session s) {
...
}
...
}
</pre><p>
</p><p>
Set maximum number of sessions for programmatic endpoint:
</p><pre class="
 toolbar: false;
 brush: java;
 ">
TyrusServerEndpointConfig.Builder.create(LimitedSessionsEndpoint.class,
"/limited-sessions-endpoint").maxSessions(100).build();
</pre><p>
</p><p>
Note that only positive integer is allowed.
</p></div></div><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="d0e1659"></a>8.14. Client HTTP Authentication</h2></div></div></div><p>
For server endpoints which is protected by HTTP authentication, Tyrus provides a mechanism to authenticate
client.
When client receives HTTP response status code<code class="code">401 - Unauthorized</code>, then Tyrus extracts required
scheme from
<code class="code">WWW-Authenticate</code>
challenge. Then it chooses an
authenticator from a map of registered authenticators and uses configured<code class="code">credentials</code>.
If no proper authenticator is found or credentials are missing, then
<code class="code">AuthenticationException</code>
is thrown before the handshake can be done.
There are implementations of the two most used authentication schemes in Tyrus: BASIC and DIGEST, but it is
also possible to implement your own authenticator and register it with a configuration builder
<code class="code">org.glassfish.tyrus.client.auth.AuthConfig.Builder</code>
or even to override default BASIC or DIGEST
auth implementations.
If no
<code class="code">org.glassfish.tyrus.client.auth.AuthConfig</code>
client property is set, then default
configuration is used. It is constructed as you can see bellow: BASIC and DIGEST internal implementations
are
enabled by default.
</p><p>
Please note that Basic Authentication scheme should be used over HTTPS connection only.
</p><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="d0e1684"></a>8.14.1. Credentials</h3></div></div></div><p>
Credentials are required for both implemented authentication schemes in Tyrus. You can pass an instance
into ClientManager as a property:
</p><pre class="
 toolbar: false;
 brush: java;
 ">
client.getProperties().put(ClientProperties.CREDENTIALS, new Credentials("ws_user", "password".getBytes(AuthConfig.CHARACTER_SET));
</pre><p>
</p></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="d0e1692"></a>8.14.2. Auth Configuration</h3></div></div></div><p>
<code class="code">org.glassfish.tyrus.client.auth.AuthConfig</code>
provides a way to configure of HTTP authentication schemes.
Creating an instance of
<code class="code">org.glassfish.tyrus.client.auth.AuthConfig</code>
is optional.
If you don't specify AuthConfig, then default instance will be created like in following code listing
</p><p>
</p><pre class="
 toolbar: false;
 brush: java;
 ">
AuthConfig authConfig = AuthConfig.Builder.create().build();
ClientManager client = ClientManager.createClient();
client.getProperties().put(ClientProperties.AUTH_CONFIG, authConfig);
</pre><p>
</p><p>
If authentication is required after an initial upgrade request, Tyrus chooses a proper authentication
scheme based on a received challenge from server. There are two HTTP authentication scheme implemented
and registered
by default.
</p></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="d0e1710"></a>8.14.3. User defined authenticator</h3></div></div></div><p>
Tyrus provides an option to implement your own client HTTP authenticator by extending
<code class="code">org.glassfish.tyrus.client.auth.Authenticator</code>
and implementing<code class="code">generateAuthorizationHeader</code>.
Request URI,
<code class="code">WWW-Authenticate</code>
response header and provided
<code class="code">Credentials</code>
are
passed as parameters. Method must return response to authentication challenge as it is required by HTTP
server.
An instance of the implemented class must be passed to the Tyrus configuration with
<code class="code">org.glassfish.tyrus.client.auth.AuthConfig.Builder#setAuthScheme(String scheme, Authenticator
userDefinedAuthenticator)
</code>
and created
<code class="code">AuthConfig</code>
instance must be put into client properties.
</p><p>Authenticator.java</p><pre class="
 toolbar: false;
 brush: java;
 ">
package org.glassfish.tyrus.client;
import java.net.URI;
/**
* Http Authentication provider.
* Class generates authorization token as a input for {@code Authorization} HTTP request header.
*
* @author Ondrej Kosatka (ondrej.kosatka at oracle.com)
*/
public abstract class Authenticator {
/**
* Generates authorization tokens as a input for {@code Authorization} HTTP request header.
* @param uri URI is needed for generating authorization tokens for some authentication scheme (DIGEST: {@link DigestAuthenticator})
* @param wwwAuthenticateHeader a value of header {@code WWW-Authenticate} from HTTP response.
* @param credentials credentials.
* @return generated {@link String} value of {@code Authorization}.
* @throws AuthenticationException if is not possible to create auth token.
*/
public abstract String generateAuthorizationHeader(final URI uri, final String wwwAuthenticateHeader, final Credentials credentials) throws AuthenticationException;
}
</pre></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="d0e1737"></a>8.14.4. Examples</h3></div></div></div><p>
The simplest way to setup Tyrus authentication is by adding client property
<code class="code">ClientProperties.CREDENTIALS</code>
</p><pre class="
 toolbar: false;
 brush: java;
 ">
client.getProperties().put(ClientProperties.CREDENTIALS, new Credentials("ws_user", "password");
</pre><p>
</p><p>
How to configure Tyrus with suppressing Basic authentication, even if server side challenges Basic
authentication scheme.
</p><pre class="
 toolbar: false;
 brush: java;
 ">
AuthConfig authConfig = AuthConfig.Builder.create().
disableBasicAuth().
build();
Credentials credentials = new Credentials("ws_user", "password");
client.getProperties().put(ClientProperties.AUTH_CONFIG, authConfig);
client.getProperties().put(ClientProperties.CREDENTIALS, credentials);
</pre><p>
</p><p>
How to configure Tyrus using user defined DIGEST authentication and Tyrus Basic authentication. User
defined
authentication provider
<code class="code">MyOwnDigestAuthenticator</code>
must extend<code class="code">org.glassfish.tyrus.client.auth.Authenticator</code>.
</p><pre class="
 toolbar: false;
 brush: java;
 ">
AuthConfig authConfig = AuthConfig.Builder.create().
putAuthProvider("Digest", new MyOwnDigestAuthenticator()).
build();
Credentials credentials = new Credentials("ws_user", "password");
client.getProperties().put(ClientProperties.AUTH_CONFIG, authConfig);
client.getProperties().put(ClientProperties.CREDENTIALS, credentials);
</pre><p>
</p><p>
How to configure Tyrus using user defined NTLM authentication and suppress Tyrus Basic authentication,
even if server side challenges Basic authentication scheme.. User defined
authentication provider
<code class="code">MyOwnNTLMAuthenticator</code>
must extend<code class="code">org.glassfish.tyrus.client.auth.Authenticator</code>.
</p><pre class="
 toolbar: false;
 brush: java;
 ">
AuthConfig authConfig = AuthConfig.Builder.create().
disableBasicAuth().
putAuthProvider("NTLM", new MyOwnNTLMAuthenticator()).
build();
Credentials credentials = new Credentials("ws_user", "password");
client.getProperties().put(ClientProperties.AUTH_CONFIG, authConfig);
client.getProperties().put(ClientProperties.CREDENTIALS, credentials);
</pre><p>
</p></div></div><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="d0e1775"></a>8.15. Client HTTP Redirect</h2></div></div></div><p>
Another Tyrus feature is HTTP redirect. If client received 3xx HTTP Redirect response code during a
handshake and HTTP Redirect is allowed (by <code class="code">ClientProperty.REDIRECT_ENABLED</code>
property) then client engine transparently follows the URI contained in received HTTP response header
<code class="code">Location</code> and sends upgrade request to the new URI. Redirects can be chained up to limit set in
<code class="code">ClientProperty.REDIRECT_THRESHOLD</code>, whilst default value is 5.
If HTTP redirect failed by any reason, <code class="code">RedirectException</code> is thrown.
</p><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="d0e1792"></a>8.15.1. Supported HTTP response codes</h3></div></div></div><p>
List of 3xx HTTP response codes which can be automatically redirect
</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>300 - Multiple Choices</p></li><li class="listitem"><p>301 - Moved permanently</p></li><li class="listitem"><p>302 - Found</p></li><li class="listitem"><p>303 - See Other (since HTTP/1.1)</p></li><li class="listitem"><p>307 - Temporary Redirect (since HTTP/1.1)</p></li><li class="listitem"><p>308 - Permanent Redirect (Experimental RFC; RFC 7238)</p></li></ul></div><p>
</p></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="d0e1817"></a>8.15.2. Configuration</h3></div></div></div><div class="section"><div class="titlepage"><div><div><h4 class="title"><a name="d0e1820"></a>8.15.2.1. Enabling</h4></div></div></div><p>
For enabling HTTP Redirect feature, <code class="code">ClientProperty.REDIRECT_ENABLED</code> must be explicitly set to
<code class="code">true</code> (default value is<code class="code">false</code>), otherwise <code class="code">RedirectException</code>
will be thrown, when any of supported HTTP Redirect response codes (see above).
</p><pre class="
 toolbar: false;
 brush: java;
 gutter: false;">
client.getProperties().put(ClientProperties.REDIRECT_ENABLED, true);
</pre></div><div class="section"><div class="titlepage"><div><div><h4 class="title"><a name="d0e1839"></a>8.15.2.2. Threshold</h4></div></div></div><p>
<code class="code">ClientProperty.REDIRECT_THRESHOLD</code> is property which can be used to limit maximal
number of chained redirect. Positive integer is expected and default value is 5.
</p><pre class="
 toolbar: false;
 brush: java;
 gutter: false;">
client.getProperties().put(ClientProperties.REDIRECT_THRESHOLD, 3);
</pre></div></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="d0e1849"></a>8.15.3. Exception handling</h3></div></div></div><p>
<code class="code">RedirectException</code>
is set as a cause of DeploymentException when any of the supported Redirection HTTP response
status codes (see above) was received and WebSocketContainer.connectToServer(...) fails
because of any of the following reasons:
</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>
<code class="code">ClientProperties.REDIRECT_ENABLED</code> property is not set to true.
</p></li><li class="listitem"><p>
Value of <code class="code">ClientProperties.REDIRECT_THRESHOLD</code> is not assignable to Integer.
</p></li><li class="listitem"><p>
Number of chained redirection exceeds a value of <code class="code">ClientProperties.REDIRECT_THRESHOLD</code>
(default value is 5).
</p></li><li class="listitem"><p>Infinite redirection loop is detected.</p></li><li class="listitem"><p>
<code class="code">Location</code> response header is missing, is empty or does not contain a valid URI.
</p></li></ul></div><p>
</p></div></div><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="d0e1886"></a>8.16. Client support for HTTP status 503 - Service Unavailable with Retry-After header</h2></div></div></div><p>
Tyrus offers automatic handling of HTTP status code <code class="code">503 - Service Unavailable</code>, which can be
returned from server when temporarily overloaded or down for maintenance. When <code class="code">Retry-After</code>
header is included in the response, client will parse the value and schedule another reconnect attempt.
</p><p>This feature is disabled by default.</p><p>
The implementation limits connection attempts to 5, each with reconnect delay not bigger than 300
seconds. Other values or conditions can be handled by custom <code class="code">ReconnectHandler</code>
(see <code class="code">RetryAfterException</code>).
</p><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="d0e1907"></a>8.16.1. Configuration</h3></div></div></div><p>
</p><pre class="
 toolbar: false;
 brush: java;
 ">
final ClientManager client = ClientManager.createClient();
client.getProperties().put(ClientProperties.RETRY_AFTER_SERVICE_UNAVAILABLE, true);
</pre><p>
</p></div></div></div><link href="http://tyrus.java.net/sh/shCore.css" rel="stylesheet" type="text/css"><link href="http://tyrus.java.net/sh/shThemeDefault.css" rel="stylesheet" type="text/css"><script src="http://tyrus.java.net/sh/shCore.js" type="text/javascript"></script><script src="http://tyrus.java.net/sh/shAutoloader.js" type="text/javascript"></script><script type="text/javascript">
function path() {
var args = arguments,
result = []
;
for(var i = 0; i < args.length; i++)
result.push(args[i].replace('@', 'http://tyrus.java.net/sh/'));
return result
};
SyntaxHighlighter.autoloader.apply(null, path(
'applescript @shBrushAppleScript.js',
'actionscript3 as3 @shBrushAS3.js',
'bash shell @shBrushBash.js',
'coldfusion cf @shBrushColdFusion.js',
'cpp c @shBrushCpp.js',
'c# c-sharp csharp @shBrushCSharp.js',
'css @shBrushCss.js',
'delphi pascal @shBrushDelphi.js',
'diff patch pas @shBrushDiff.js',
'erl erlang @shBrushErlang.js',
'groovy @shBrushGroovy.js',
'java @shBrushJava.js',
'jfx javafx @shBrushJavaFX.js',
'js jscript javascript @shBrushJScript.js',
'perl pl @shBrushPerl.js',
'php @shBrushPhp.js',
'text plain @shBrushPlain.js',
'py python @shBrushPython.js',
'ruby rails ror rb @shBrushRuby.js',
'sass scss @shBrushSass.js',
'scala @shBrushScala.js',
'sql @shBrushSql.js',
'vb vbnet @shBrushVb.js',
'xml xhtml xslt html @shBrushXml.js'
));
SyntaxHighlighter.all();
</script><script>
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
})(window,document,'script','//www.google-analytics.com/analytics.js','ga');