In what should be the last entry in this series, we'll cover a late addition to port unification.  As I mentioned earlier, GlassFish 3.1 isn't adding support for port unification, we're simply introducing commands to make it accessible to people beside GlassFish hackers.  As often happens, though, once these commands were revealed to the wider community, one of the first questions was "How can I redirect to a different port?"  The short answer used to be "you can't."  But thanks to Ryan Lubke, now you can and we'll see how below. The steps are pretty similar to what we've seen so far.  There are 4 different use cases covered here.  HTTP->HTTPS (and vice versa), and redirecting on the same or a different port.  In the steps listed below, I've tried to reuse existing elements of the config as much as possible to avoid polluting the configuration file with too much cruft.  However, in some cases it was simpler to just create new structures because of some validation checks asadmin performs to try to prevent invalid configurations from cratering your instance.

###
### HttpToHttpsRedirectOnSamePort
###
asadmin create-protocol --securityenabled=false http-redirect
asadmin create-http-redirect --secure-redirect true http-redirect
asadmin create-protocol --securityenabled=false pu-protocol
asadmin create-protocol-finder --protocol pu-protocol --targetprotocol http-listener-2 --classname com.sun.grizzly.config.HttpProtocolFinder http-finder
asadmin create-protocol-finder --protocol pu-protocol --targetprotocol http-redirect --classname com.sun.grizzly.config.HttpProtocolFinder http-redirect
asadmin set configs.config.server-config.network-config.network-listeners.network-listener.http-listener-1.protocol=pu-protocol

###
### HttpToHttpsRedirectOnDifferentPort
###
asadmin create-protocol --securityenabled=false http-redirect
asadmin create-http-redirect --redirect-port 8181 --secure-redirect true http-redirect
asadmin create-protocol --securityenabled=false pu-protocol
asadmin create-protocol-finder --protocol pu-protocol --target-protocol http-listener-2 --classname com.sun.grizzly.config.HttpProtocolFinder http-finder
asadmin create-protocol-finder --protocol pu-protocol --target-protocol http-redirect --classname com.sun.grizzly.config.HttpProtocolFinder http-redirect
asadmin set configs.config.server-config.network-config.network-listeners.network-listener.http-listener-1.protocol=pu-protocol

###
### HttpsToHttpRedirectOnSamePort
###
asadmin create-protocol --securityenabled=true http-redirect
asadmin create-http-redirect --secure-redirect false http-redirect
asadmin create-ssl --certname s1as --type network-listener --ssl2enabled=false --ssl3enabled=false --tlsenabled=true --tlsrollbackenabled=true --clientauthenabled=false http-redirect
asadmin create-protocol --securityenabled=false pu-protocol
asadmin create-protocol-finder --protocol pu-protocol --targetprotocol http-listener-1 --classname com.sun.grizzly.config.HttpProtocolFinder http-finder
asadmin create-protocol-finder --protocol pu-protocol --targetprotocol http-redirect --classname com.sun.grizzly.config.HttpProtocolFinder http-redirect
asadmin set configs.config.server-config.network-config.network-listeners.network-listener.http-listener-2.protocol=pu-protocol
asadmin set configs.config.server-config.network-config.network-listeners.network-listener.http-listener-2.enabled=true

###
### HttpsToHttpRedirectOnDifferentPort
###
asadmin create-protocol --securityenabled=true http-redirect
asadmin create-http-redirect --redirect-port 8080 --secure-redirect false http-redirect
asadmin create-ssl --certname s1as --type network-listener --ssl2enabled=false --ssl3enabled=false --tlsenabled=true --tlsrollbackenabled=true --clientauthenabled=false http-redirect
asadmin create-protocol --securityenabled=false pu-protocol
asadmin create-protocol-finder --protocol pu-protocol --targetprotocol http-listener-1 --classname com.sun.grizzly.config.HttpProtocolFinder http-finder
asadmin create-protocol-finder --protocol pu-protocol --targetprotocol http-redirect --classname com.sun.grizzly.config.HttpProtocolFinder http-redirect
asadmin set configs.config.server-config.network-config.network-listeners.network-listener.http-listener-2.protocol=pu-protocol
asadmin set configs.config.server-config.network-config.network-listeners.network-listener.http-listener-2.enabled=true

A few of the options on the create-ssl commands you could probably remove if you'd like. I added them simply to make the created structures match the default ones to reduce any confusion and clutter while looking at the resulting domain.xml.

Pick the scenario you need and cut and paste the relevant part of the above script into your terminal window and let glassfish do the rest. You can verify your set up by using wget -S to request index.html at the end of whichever url you need and look at the header responses to make sure you're properly getting the relocation information. For example, if you're doing https -> http redirection on different ports, you'd do (and see) this:

wget -q -S --no-check-certificate https://localhost:8181

  HTTP/1.1 302 Moved Temporarily
  Location: http://localhost:8080/
  Connection:close
  Cache-control: private
  HTTP/1.1 200 OK
  Content-Type: text/html
  Content-Length: 5212
  Date: Mon, 30 Aug 2010 16:35:24 GMT
  Connection: Keep-Alive

There you go. Redirecting HTTPS on 8181 to HTTP on 8080. It's that easy. At this point I feel I should point out that redirect from secure to nonsecure connections is almost always a monumentally bad idea but I'm sure there are a handful of uses for it. Regardless, these 4 use cases should cover anything you might need. These steps require a nightly build of GlassFish 3.1 but if you're already using/experimenting with those builds, please try it out. Let us know if you have any issues on the users list and we'd be happy to help.

With this third installment, we're getting to the most interesting feature:  serving multiple protocols on one port.  The uses of this are fairly obvious:  simpler administration, easier on firewalls, etc.  Many of the elements we've already seen and so should be fairly familiar.  We'll simply build on things we've seen and take them just one step further.  In this simple demo, we'll be serving up HTTP traffic and a "dummy" protocol.  We'll look at at the code needed to implement this protocol once we cover how to configure it. The first step we need to is to copy the attached protocol zip file in to GlassFish so it's ready for us to use.  Once you've downloaded the zip file, copy it to <glassfish>/domains/domain1/autodeploy/bundles/.  (You might need to create this directory first.)  If you're watching the server logs, you'll notice in a few seconds that GlassFish has detected the file and has deployed it.  With that done, we can configure the system to serve up that protocol.

This script is very similar to what we've already seen:

asadmin create-protocol pu-protocol

asadmin create-protocol-finder --protocol pu-protocol --target-protocol http-listener-1 --classname com.sun.grizzly.http.portunif.HttpProtocolFinder http-finder

asadmin create-protocol pu-dummy-protocol
asadmin create-protocol-finder --protocol pu-protocol --target-protocol pu-dummy-protocol --classname org.glassfish.devtests.web.portunif.DummyProtocolFinder dummy-finder
asadmin create-protocol-filter --protocol pu-dummy-protocol --classname org.glassfish.devtests.web.portunif.DummyProtocolFilter dummy-filter

asadmin set configs.config.server-config.network-config.network-listeners.network-listener.http-listener-1.protocol=pu-protocol

As you can see the steps here are almost identical to what we've done in the past. In this case, we're reusing the http-listener-1 <protocol> definition and pointing the HttpProtocolFinder there. This is the default protocol definition that ships with GlassFish. We're creating a new protocol definition for the dummy protocol and creating the finder and filter for the protocol. As a last step, we update the http-listener-1 <network-listener> to use the new pu-protocol we defined. And with that we're ready to test.

The HTTP test is simple enough: point your browser and http://localhost:8080. You should seen the standard GlassFish welcome (or an app if you've deployed one to that location). Testing the dummy protocol is a little more involved but not too bad. The protocol is simple enouugh. It looks for the text dummy-protocol and then responds with Dummy-Protocol-Response. If you have the nc command installed, you can simply do this:

echo dummy-protocol | nc localhost 8080

If not, you can you the telnet command. Simply telnet into localhost port 8080 and and the prompt enter dummy-protocol and hit the enter key. The server will respond with Dummy-Protocol-Response. Then you know you're done. We've seen this kind of configuration several times before. Let's look at the code that drives.

The first player in all this is the finder. This code detects the dummy protocol and responds accordingly. The finder looks like this:

public class DummyProtocolFinder implements ProtocolFinder {
    private final static String name = "dummy-protocol";
    private byte[] signature = name.getBytes();

    public String find(Context context, PUProtocolRequest protocolRequest)
            throws IOException {
        ByteBuffer buffer = protocolRequest.getByteBuffer();
        int position = buffer.position();
        int limit = buffer.limit();
        try {
            buffer.flip();
            if (buffer.remaining() >= signature.length) {
                for(int i=0; i

This code simply scans the incoming bytes looking for "dummy-protocol." if it can't find it, it returns null telling the underlying grizzly code to keep looking. If it finds it, returns that string to the caller signifying it's found the protocol. At that point, control gets handed off to the DummyProtocolFilter:

public class DummyProtocolFilter implements ProtocolFilter {
    public boolean execute(Context ctx) throws IOException {
        SelectableChannel channel = ctx.getSelectionKey().channel();
        OutputWriter.flushChannel(channel, ByteBuffer.wrap("Dummy-Protocol-Response".getBytes()));
        ctx.getSelectorHandler().closeChannel(channel);
        return false;
    }

    public boolean postExecute(Context ctx) throws IOException {
        return true;
    }
}

The filter is simple enough. It just prints back the text we've been expecting. When it's done it returns false to show that execution is finished and the response can be closed out. Obviously a more complex protocol would require a more complex filter, but this is the basis of any such filter.

That's all it takes. If you wanted to serve up more protocols, you'd simply add more filters and finders as needed.