Port Unification in GlassFish 3 – Part 3

With this third installment, we're getting to the most interesting feature:  serving multiple protocols on one port.  The uses of this are fairly obvious:  simpler administration, easier on firewalls, etc.  Many of the elements we've already seen and so should be fairly familiar.  We'll simply build on things we've seen and take them just one step further.  In this simple demo, we'll be serving up HTTP traffic and a "dummy" protocol.  We'll look at at the code needed to implement this protocol once we cover how to configure it. The first step we need to is to copy the attached protocol zip file in to GlassFish so it's ready for us to use.  Once you've downloaded the zip file, copy it to <glassfish>/domains/domain1/autodeploy/bundles/.  (You might need to create this directory first.)  If you're watching the server logs, you'll notice in a few seconds that GlassFish has detected the file and has deployed it.  With that done, we can configure the system to serve up that protocol.

This script is very similar to what we've already seen:

asadmin create-protocol pu-protocol

asadmin create-protocol-finder --protocol pu-protocol --target-protocol http-listener-1 --classname com.sun.grizzly.http.portunif.HttpProtocolFinder http-finder

asadmin create-protocol pu-dummy-protocol
asadmin create-protocol-finder --protocol pu-protocol --target-protocol pu-dummy-protocol --classname org.glassfish.devtests.web.portunif.DummyProtocolFinder dummy-finder
asadmin create-protocol-filter --protocol pu-dummy-protocol --classname org.glassfish.devtests.web.portunif.DummyProtocolFilter dummy-filter

asadmin set configs.config.server-config.network-config.network-listeners.network-listener.http-listener-1.protocol=pu-protocol

As you can see the steps here are almost identical to what we've done in the past. In this case, we're reusing the http-listener-1 <protocol> definition and pointing the HttpProtocolFinder there. This is the default protocol definition that ships with GlassFish. We're creating a new protocol definition for the dummy protocol and creating the finder and filter for the protocol. As a last step, we update the http-listener-1 <network-listener> to use the new pu-protocol we defined. And with that we're ready to test.

The HTTP test is simple enough: point your browser and http://localhost:8080. You should seen the standard GlassFish welcome (or an app if you've deployed one to that location). Testing the dummy protocol is a little more involved but not too bad. The protocol is simple enouugh. It looks for the text dummy-protocol and then responds with Dummy-Protocol-Response. If you have the nc command installed, you can simply do this:

echo dummy-protocol | nc localhost 8080

If not, you can you the telnet command. Simply telnet into localhost port 8080 and and the prompt enter dummy-protocol and hit the enter key. The server will respond with Dummy-Protocol-Response. Then you know you're done. We've seen this kind of configuration several times before. Let's look at the code that drives.

The first player in all this is the finder. This code detects the dummy protocol and responds accordingly. The finder looks like this:

public class DummyProtocolFinder implements ProtocolFinder {
    private final static String name = "dummy-protocol";
    private byte[] signature = name.getBytes();

    public String find(Context context, PUProtocolRequest protocolRequest)
            throws IOException {
        ByteBuffer buffer = protocolRequest.getByteBuffer();
        int position = buffer.position();
        int limit = buffer.limit();
        try {
            buffer.flip();
            if (buffer.remaining() >= signature.length) {
                for(int i=0; i

This code simply scans the incoming bytes looking for "dummy-protocol." if it can't find it, it returns null telling the underlying grizzly code to keep looking. If it finds it, returns that string to the caller signifying it's found the protocol. At that point, control gets handed off to the DummyProtocolFilter:

public class DummyProtocolFilter implements ProtocolFilter {
    public boolean execute(Context ctx) throws IOException {
        SelectableChannel channel = ctx.getSelectionKey().channel();
        OutputWriter.flushChannel(channel, ByteBuffer.wrap("Dummy-Protocol-Response".getBytes()));
        ctx.getSelectorHandler().closeChannel(channel);
        return false;
    }

    public boolean postExecute(Context ctx) throws IOException {
        return true;
    }
}

The filter is simple enough. It just prints back the text we've been expecting. When it's done it returns false to show that execution is finished and the response can be closed out. Obviously a more complex protocol would require a more complex filter, but this is the basis of any such filter.

That's all it takes. If you wanted to serve up more protocols, you'd simply add more filters and finders as needed.

Port Unification in GlassFish 3 – Part 2

It's taken more time to get back to this topic but it's time.  In part 1, I covered how to set up GlassFish to push all HTTP traffic to HTTPS.  In this post, I'll show you how to set up the reverse.  In the next post, I'll cover how to configure GlassFish to serve up multiple protocols from the same port.  The steps are basically the same so this will be a short one.  Similar to last time, we'll issue a few simple commands:

asadmin create-protocol --securityenabled=true https-redirect
asadmin create-protocol-filter --protocol https-redirect --classname com.sun.grizzly.config.HttpRedirectFilter redirect-filter
asadmin create-ssl --certname s1as --type network-listener --ssl2enabled false --ssl3enabled false --clientauthenabled false https-redirect

asadmin create-protocol pu-protocol
asadmin create-protocol-finder --protocol pu-protocol --target-protocol http-listener-1 --classname com.sun.grizzly.config.HttpProtocolFinder http-finder
asadmin create-protocol-finder --protocol pu-protocol --target-protocol https-redirect --classname com.sun.grizzly.config.HttpProtocolFinder https-redirect

asadmin set configs.config.server-config.network-config.network-listeners.network-listener.http-listener-2.protocol=pu-protocol
asadmin set configs.config.server-config.network-config.network-listeners.network-listener.http-listener-2.enabled=true

This should familiar if you've read part 1. We do a little extra work to set up some ssl config elements primarily to preserve the standard settings in case you want to roll back these changes when you're done. If you do, you simply need to delete those new protocol elements.

To see it in action, simply issue the following command:

wget -q -S --no-check-certificate https://localhost:8181/

You should see something like the following:

HTTP/1.1 302 Moved Temporarily
Location: http://localhost:8181/
Connection:close
Cache-control: private
HTTP/1.1 200 OK
X-Powered-By: Servlet/3.0 JSP/2.2 (GlassFish Server Open Source Edition 3.1-SNAPSHOT Java/Apple Inc./1.6)
Server: GlassFish Server Open Source Edition 3.1-SNAPSHOT
Accept-Ranges: bytes
ETag: W/"5212-1279828070000"
Last-Modified: Thu, 22 Jul 2010 19:47:50 GMT
Content-Type: text/html
Content-Length: 5212
Date: Fri, 23 Jul 2010 16:50:22 GMT
Connection: Keep-Alive

As you can see, the https request received an initial 302 response pushing off to the http url which then returns the 200 response we'd expect. To verify even further, use wget to fetch the http url and you'll see something like this:

HTTP/1.1 200 OK
X-Powered-By: Servlet/3.0 JSP/2.2 (GlassFish Server Open Source Edition 3.1-SNAPSHOT Java/Apple Inc./1.6)
Server: GlassFish Server Open Source Edition 3.1-SNAPSHOT
Accept-Ranges: bytes
ETag: W/"5212-1279828070000"
Last-Modified: Thu, 22 Jul 2010 19:47:50 GMT
Content-Type: text/html
Content-Length: 5212
Date: Fri, 23 Jul 2010 16:57:31 GMT
Connection: Keep-Alive

That's it. As promised, short and sweet. Currently this approach does not allow you redirect to a different port number. We have added a new configuration element that simplifies this setup and allows for cross-port redirects. However since there isn't asadmin support for it yet, I'll defer discussion until we can get those commands written. That's in the works so it should be in the next week or two.

With that, though, I'll wrap this one up and start working on the more interesting Part 3.

Apache, Oracle, and the JCK

The Apache/Sun rift is well-known to most following the Java world. Apache has long demanded that the field of use restrictions be dropped.  There's some consensus that the FOU clause actually violates the JCP's charter.  I'm not a lawyer so I can't really comment either way.  This has prevented Apache Harmony from certifying as a Java implementation and, at least in part, has led to the development of the Dalvik VM up on which Android based applications run.  A new article in The Register reports that talks between Apache and Oracle have started to break down and that should worry anyone who works with Java. Java's promise and value has long been platform portability.  Except for a few corner cases here and there, an application written in Java could run on any platform which had a JVM.  Even most of those cases can be mitigated if your application is written correctly.  With the rising popularity of "non-computer" computing devices (smart phones, tablets, etc.), Android has become an considerable presence in the industry.  Whether or not Google chooses to certify Dalvik as a JVM or not, it isn't allowed to even try, really.  The Java JCK won't allow it.  And that poses a real threat to Java.

The FOU restriction was added, in part, to protect Sun's JavaME business.  This made business sense to a degree as that's an enormous market.  Back when devices couldn't support a full JVM, JME made a lot of sense.  That's changing rapidly these days.  Personally, I think the days of JME are numbered.  I think Android is going to be a huge player in the years to come.  And it isn't Java.  Already, dozens of times I've personally helped debug someone's "Java" code only to find that the tried and true answer doesn't apply because, surprise!, that code was actually running on an Android device.

The mobile market is already huge and it's only getting bigger.  There's little reason for Oracle to retain the FOU clause.  Oracle doesn't need the JME market the way Sun did.  Opening that up will allow Dalvik, and others, to certify as a Java implementation and push Java into even more markets.  If Oracle fails to do this, it could ultimately end up ceding the mobile market to others.  I've long agreed with Apache that the FOU is unfair and violates the spirit (and probably the letter) of the JCP agreement.  Oracle should drop the clause as they've said in the past that Sun should.  Vendors who still need JME can still pay for it.  But, increasingly, JME is looking more and more anachronistic.  I see very little reason to protect it any longer and every reason to push Java in to more and more markets.

Update: Yes, in some ways I'm conflating Harmony and Dalvik.  They're both emblematic of the larger issue.  The problem of the FOU and the viability of the JVM on an embedded device is the main point.  Please don't get too caught up in the finer technical points.  I apologize for any confusion.

Disclaimer:  These opinions are my own.  I do not speak for any of the parties involved nor do I have any inside knowledge despite my employment at Oracle.  I am simply a passionate Java advocate expressing an opinion.