Saturday, May 16, 2015

Websocket in Java

Covered the fundamentals of web sockets (vs HTTP) on previous post, here

Websocket protocol is part of HTML5 specification to provide full-duplex bi-directional communication channel over single TCP socket. It got added in Java EE version 7 (JRS 356). In this post, I will dig dipper into websockets and how can we implement it in Java. 

WebSocket uses HTTP connection to bootstrap itself. HTTP sends a normal request to initiate websocket connection but it has upgrade header (wiki link). Through this upgrade header, clients says that it would like to upgrade current HTTP connection to a different protocol connection.  If sever has support for it websocket connection gets established. Once connection is established, both ends can transfer data.

Life Cycle of WebSockets

  1. Client sends an HTTP request to server with an upgrade header having value upgrade.
  2. If Server supports WebSockets then it responds with HTTP header having status code 101, which means now onwards the connection is upgraded to WebSockets (no more HTTP).
  3. Now both client and server can send any number of message to each other.  Server needs to obtain the session object to send message to client. 
Image Source

Client Request
GET /chat HTTP/1.1
Upgrade: websocket
Connection: Upgrade
Sec-WebSocket-Key: x3JJHMbDL1EzLkh9GBhXDw==
Sec-WebSocket-Protocol: chat, superchat
Sec-WebSocket-Version: 13

Server Response
HTTP/1.1 101 Switching Protocols
Upgrade: websocket
Connection: Upgrade
Sec-WebSocket-Accept: HSmrc0sMlYUkAGmm5OPpG2HaGWk=
Sec-WebSocket-Protocol: chat


Specification JRS 356, covers standards for Java client side as well as server side websocket implementation. This is part of Java EE 7, so all Java EE 7 complaint application servers should provide websockets support. There are also independent libraries/jars which can be used to support this feature on non EE 7 complaint servers. 

Any POJO class can be turned into a websocket server end point by annotating it properly. As shown in below diagram, the class needs to be annotated with @ServerEndPoint and specify url as the value. You just need to provide implementations of the callback methods which will be called appropriately during the life span of the connection. Your server will ensure that these methods gets invoked appropriately.

Just like a sever end point, client end point can also be created in Java by annotating class with @ClientEndPoint and by providing implementations of lifecycle methods. WebSocket client endpoint initiates the connection and WebSocket server end points awaits for the request and establishes it. Once connection is established the request data will be received in onMessage callback method. So this is the place where business logic will be put. Both client and server can keep sending the data to the other party unless the the connection is closed.

Over internet, clients will mostly be browser, so make sure that your browser supports this. Both end points (client and server) have callback listeners- onOpen, onMessage, onError, onClose.

Please refer to this link which describes steps to create websocket in Java.

I have also hosted a hello world websocket application on GitHub (websockets).


This is a new technology and hence concern for security is legitimate. Here is a nice article which covers some of the important aspects. 

Final Note

  1. WebSocket protocol is supported in major browsers- Chrome, IE, Firefox, Safari. It also requires support from the server web app. Check for its support on your Android/iOS version if you want to use it for mobile client. 
  2. It opens connections on TCP port 80. 
  3. WebSockets transmissions are described as messages, where a single message can be optionally split across several data frames. 
  4. Good to validate Origin header before establishing connection on server side to avoid any security threat. 
  5. WebSocket protocol defines a ws:// and wss:// prefix to indicate a WebSocket and a secure WebSocket connection, respectively. 
  6. WebSocket is stateful (unlike http which is stateless), so it doesn't scale up nicely. 
  7. One of the issue with WebSockets is that, what if proxy times out connection after some inactivity? Client and server should re-handshake to ensure that connections gets established again. 
  8. Another legitimate question is, what if either of proxy or browser doesn't support it. You can use portable frameworks like Atmosphere. It transparently falls back to HTTP in such case. 


keep coding !

No comments:

Post a Comment