I am trying to implement a web socket session manager and I have just encountered a road block that I hope someone can assist me with.
Basically a client will initiate a web socket session with my websocket server endpoint and I will take the HTTP request parameters, parse it and subscribe to web service producer endpoint. The Web service will return a response containing a subscription identifier of which will use as a key mapping (along with the HTTP session ID) to add to a java map cache with the session object. The proceed to send data to my published webservice consumer endpoint. My application will then take the data received from the producer, use the subscription id that comes with each packet and find the right session in the map caches to send the data back to.
Here is my problem..
I noticed that if the client opens another tab in the browser and sends a second subscription request, it would still be sent with the same HTTP Session ID yet tomcat will still be able to stream the data to the correct tab. This implies that the tomcat websocket implementation has a built in multiplex handling mechanism.
To exclude some unnecessary details unless asked, I want to to also be able identify all the channels that were multiplexed under the same session id. But I can't find any way in the API to identify it. As I need to be able to look up my map caches and remove sessions for tabs that have been closed (which triggers a close method in my web socket endpoint), but I'm not going to be able to do that as there could be many sockets/channels associated with the same HTTP Session ID.
The websocket framework does not provide any such implementation. Every tab opens a new socket. You can maintain a session info through adding a key in the request while initiating the websocket and on message check for that key(eg JSESSION id value) in the server and serve the request accordingly.
Related
I have come across many examples of implementing a simple http server in Java. This one fits my needs: http://www.rgagnon.com/javadetails/java-have-a-simple-http-server.html
However, I can't find an example of how to generate, return, and maintain a session id from such a simple http server.
Is that even possible? Is there a way to modify the sample code referred above to incorporate this functionality?
Thanks.
HTTP does not have session support on it self once it is a stateless application protocol. So you need implement it by your self.
For example, on servlet containers like Tomcat there is a cookie called JSESSIONID that is generated and stored on the browser. The client sends back the cookie to the server on each request. Once each client has a different cookie the server can identify the client session.
When cookies are not allowed the parameter JSESSIONID is added to the URL for each request. This technique is called URL Rewriting.
There is a question, not specific for Java HTTP servers, that has implementation details for this problem.
HTTP Session Tracking
I'd like to hear your opinion, what will be the best option to implement websocket queue using Spring and STOMP protocol, when there is no user session (stateless, restful web app).
Based on this explanation: https://stackoverflow.com/a/31577152/3076403 I know that Spring will use the queue when we use simpMessagingTemplate.convertAndSendToUser(...) method and pass the username associated with session id. Otherwise it will use a topic, where all subscribed clients will eventually read the same message returned from the server.
In my case, I have a RESTful app with Angular UI part. I want to implement the progress bar on the UI side. Initially UI sends the message to the server, with given ID that was determined earlier, ex: {id: 20}.
Then, the UI have to listen on the changes of the returned model for the particular ID and calculate the progress of internal processing. The message back can look like this: {id: 20, timeLeft: 30, totalTime: 60}
So for each Angular app that will subscribe to the websocket channel on the server, it should give different results.
As I have no session in the app and have to implement the websocket queue on the server, do you know other solutions using Spring and STOMP protocol different from that one I recently came up with:
Spring: simpMessagingTemplate.convertAndSend("/ui/progress/"+id, ...)
UI ng-stomp: $stomp.subscribe("/ui/progress/"+id, function(...))
I know that this will be a "fake" topic, rather than queue. Any comments and ideas appreciated.
I have a situation here .. maybe someone can help me with this.
I'm trying to provide a service where clients can "analyze" a specific URL. So I use a web service in Tomcat to work with the clients. The user accesses the web service webpage, inputs a URL and presses analyze. I now have to receive the URL in the web service, send it to a process that is running on the same server as Tomcat ( I do this through a pipe right now ).
The process adds the URL's in a queue, starts consuming it and analyzes every URL.
After the processing is done, I want to post a message from this process to the same session ID that sent me that URL ( lets' say I send the session ID through the pipe, together with the URL ).The URL after analyze, has to get to the client that pressed Analyze in the end.
Will what I want be possible?
I tried to find a solution where I would use only pipe communication between the web service and the local process, but a lot of complications appear when we are taking about multiple users connecting on the same time.
I am searching for a Java library (or a simple class) that is able to manage server sessions for any protocol. My application is not related in any way to HTTP. The sessions have to stay alive between different connections, just like HTTP cookies do.
I guess the way to go is:
client connects to server
client sends the login informations
server replies with a status and a session ID (a long string, just like JSESSIONID or PHPSESSID)
client sends requests to server (with existing or new TCP connections), always providing the session ID
client asks to logout
server deletes the session and invalidates the session ID
I'm just looking for something existing regarding the session management part, even if it's really easy to implement. Otherwise I guess a Map and a random string generator will do the job.
http://docs.oracle.com/javase/1.5.0/docs/api/java/util/UUID.html#randomUUID%28%29
http://www.javapractices.com/topic/TopicAction.do?Id=56
randomUUID() method could be useful in java.util.UUID see above links. It guarantees the id is unique.
If you want to make your session data to be scaled across multiple nodes, you can even try out frameworks like hazelcast, infinispan etc. They also have a provision to generate unique id across nodes.
Once a user is logged in, I create a Java session and store their userid and sessionid (sid) in the session, these two parameters are sent to GWT client and they are stored there in a base GWT client presenter (not as cookies). I am using MVP Architecture.
Every call made to sever there after is sent with these two parameters userID and SID, so I verify this on server, that the current session on server is equal to the session id provided and it belongs to given userid.
IF all is OK, only then I process the RPC request further.
Also, I am planning to make all my RPC handlers to extend a common RPC Handler which will accept these parameters.
I am new to GWT and GAE, any help will be greatly appreciated.
Thanks.
Using SSL and sending the session ID in the payload of every request are two good first steps. This LoginSecurityFAQ provides a good explanation with more details.
Anyone that can intercept the traffic on the wire/airwaves can take control of the user's session UNLESS you're sending session state over ssl/https.