This article describes the configuration options for the HTTP/S transport listeners and senders
HttpNIOListener
The HttpNIOListener is a HTTP transport listener based on the Apache HttpComponents/HttpCore project. It uses Java Non-Blocking IO (NIO) to process thousands of concurrent connections efficiently. By moving away from the Servlet model where one thread is required to process each request, the use of NIO offers the UltraESB exceptional capability to deal with many concurrent connections and clients using a much smaller thread pool, which allows it to disaccociate a thread from a socket, and release threads for re-use while waiting for remote servers to respond over connected sockets. The HttpNIOListener exposes the following properties for configuration
-
Constructor
A reference to a 'FileCache' implementation, which will serve memory mapped files to write messages being read by the transport
-
Properties
Table 7.1.
port The HTTP listen port replaceOriginServer When set to false, will prevent the UltraESB from writing its product name as the HTTP origin server bindAddress Specify the specific bind address over which to listen for requests. By default the transport will bind on all interfaces defaultContextPath The default context path for services exposed over the HTTP transport. This defaults to "/service" requestFilters A List of request filters to intercept messages (e.g. ServiceResourceRequestFilter, BasicAuthenticationFilter, DigestProcessingFilter or any custom implementation of the RequestFilter interface) properties Additional HTTP listener properties such as "http.socket.timeout" which specifies the default listen socket timeout
The HttpNIOListsner optionally allows the following advanced properties to be tuned - however they should only be altered after specific confirmation from AdroitLogic.
-
http.lst_io_threads (http.snd_io_threads for the HttpNIOSender) - defaults to the number of CPU cores available on the system
-
http.socket.buffer-size
-
http.tcp.nodelay
-
http.connection.stalecheck
-
http.socket.linger
-
http.connection.stalecheck
-
http.connection.max-line-length
-
http.connection.max-header-count
The HttpsNIOListener is the HTTPS variant of the HTTP protocol transport listener. It extends the HttpNIOListener, and thus inherits all of its properties, and exposes the following additional properties for configuration.
Table 7.2.
| sslVerifyClient | One of 'none', 'optional' or 'require'. Defaults to 'none', which implies that client authentication (i.e. 2-way SSL authentication) is disabled. If set to 'optional' the client may authenticate itself, and if set to 'require' a request will not be accepted from an unauthenticated client. |
| identityStorePath | The path to the identity keystore to be used. See 'conf/keys/identity.jks' for a sample identity keystore |
| identityStoreType | The Java keystore type of the identity store. Defaults to "JKS" |
| identityKeyPassword | The private key password for the identity certificate |
| identityStorePassword | The keystore password for the identity keystore |
| trustStorePath | The path to the trust keystore to be used. See 'conf/keys/trust.jks' for a sample trust keystore. The trust store is used to validate the credentials of connecting clients when 2-way authentication is used. The default trust store is a copy of the JDK 1.6.x trust store. If a trust store is not specified, it will default to the JDK trust store. |
| trustStoreType | The Java keystore type of the trust store. Defaults to "JKS" |
| trustStorePassword | The keystore password for the trust keystore |
| nonProductionNoRemoteCertValidation | If set to true, this will disable remote certificate validation - but this setting should NEVER be used in a production deployment. |
The HttpNIOSender is the HTTP request sender of the UltraESB. It exposes the following configuration options.
-
Constructor
A reference to a 'FileCache' implementation, which will serve memory mapped files to write response messages being read by the transport.
-
Properties
Table 7.3.
replaceUserAgent Will not use the UltraESB product identifier as the HTTP User Agent if this flag is set to false. By default this is set to true. unzipResponseEntities Default to true. When turned off, the transport will not unzip compressed response entities, and could be enabled when the response is not read in the outSequence to improve performance. proxyHost The HTTP Proxy server hostname to use proxyPort The HTTP Proxy server port to use proxyBypassList A list of hostnames for which the HTTP Proxy should be bypassed
The HttpsNIOSender is the HTTPS variant of the HTTP protocol transport sender. It extends the HttpNIOSender, and thus inherits all of its properties, and exposes the following additional properties for configuration
Table 7.4.
| hostnameVerifier | One of 'Strict', 'AllowAll', 'DefaultAndLocalhost' or 'Default' (i.e. the default). See below for more information. |
| identityStorePath | Same as per the HttpsNIOListener |
| identityStoreType | Same as per the HttpsNIOListener |
| identityStorePassword | Same as per the HttpsNIOListener |
| identityKeyPassword | Same as per the HttpsNIOListener |
| trustStorePath | Same as per the HttpsNIOListener |
| trustStoreType | Same as per the HttpsNIOListener |
| trustStorePassword | Same as per the HttpsNIOListener |
The 'Strict' HostnameVerifier works the same way as java.net.URL in Sun Java 1.4, Sun Java 5, Sun Java 6. It's also pretty close to IE6. The hostname must match either the first CN, or any of the subject-alts. A wildcard can occur in the CN, and in any of the subject-alts. A wildcard such as "*.foo.com" matches only subdomains in the same level, for example "a.foo.com". It does not match deeper subdomains such as "a.b.foo.com".
The 'Default' HostnameVerifier works the same way as Curl and Firefox. The hostname must match either the first CN, or any of the subject-alts. A wildcard can occur in the CN, and in any of the subject-alts. The only difference between DEFAULT and STRICT is that a wildcard (such as "*.foo.com") with DEFAULT matches all subdomains, including "a.b.foo.com".
The 'AllowAll' HostnameVerifier essentially turns hostname verification off completely, while the 'DefaultAndLocalhost' HostnameVerifier works like the 'Default' one with one additional relaxation: a host of "localhost", "localhost.localdomain", "127.0.0.1", "::1" will always pass, no matter what is in the server's certificate.
See the Javadocs of the org.adroitlogic.ultraesb.transport.http.util.HostnameVerifier for more details or refer the original code by Julius Davies at [http://juliusdavies.ca/commons-ssl/src/java/org/apache/commons/ssl/HostnameVerifier.java]
| < Prev | Next > |
|---|
