Antwerkz, Inc.

In what should be the last entry in this series, we’ll cover a late addition to port unification.  As I mentioned earlier, GlassFish 3.1 isn’t adding support for port unification, we’re simply introducing commands to make it accessible to people beside GlassFish hackers.  As often happens, though, once these commands were revealed to the wider community, one of the first questions was “How can I redirect to a different port?”  The short answer used to be “you can’t.”  But thanks to Ryan Lubke, now you can and we’ll see how below.

The steps are pretty similar to what we’ve seen so far.  There are 4 different use cases covered here.  HTTP->HTTPS (and vice versa), and redirecting on the same or a different port.  In the steps listed below, I’ve tried to reuse existing elements of the config as much as possible to avoid polluting the configuration file with too much cruft.  However, in some cases it was simpler to just create new structures because of some validation checks asadmin performs to try to prevent invalid configurations from cratering your instance.

### 
### HttpToHttpsRedirectOnSamePort
### 
asadmin create-protocol --securityenabled=false http-redirect
asadmin create-http-redirect --secure-redirect true http-redirect
asadmin create-protocol --securityenabled=false pu-protocol
asadmin create-protocol-finder --protocol pu-protocol --target-protocol http-listener-2 --classname com.sun.grizzly.config.HttpProtocolFinder http-finder
asadmin create-protocol-finder --protocol pu-protocol --target-protocol http-redirect --classname com.sun.grizzly.config.HttpProtocolFinder http-redirect
asadmin set configs.config.server-config.network-config.network-listeners.network-listener.http-listener-1.protocol=pu-protocol
 
### 
### HttpToHttpsRedirectOnDifferentPort
### 
asadmin create-protocol --securityenabled=false http-redirect
asadmin create-http-redirect --redirect-port 8181 --secure-redirect true http-redirect
asadmin create-protocol --securityenabled=false pu-protocol
asadmin create-protocol-finder --protocol pu-protocol --target-protocol http-listener-2 --classname com.sun.grizzly.config.HttpProtocolFinder http-finder
asadmin create-protocol-finder --protocol pu-protocol --target-protocol http-redirect --classname com.sun.grizzly.config.HttpProtocolFinder http-redirect
asadmin set configs.config.server-config.network-config.network-listeners.network-listener.http-listener-1.protocol=pu-protocol
 
### 
### HttpsToHttpRedirectOnSamePort
### 
asadmin create-protocol --securityenabled=true http-redirect
asadmin create-http-redirect --secure-redirect false http-redirect
asadmin create-ssl --certname s1as --type network-listener --ssl2enabled=false --ssl3enabled=false --tlsenabled=true --tlsrollbackenabled=true --clientauthenabled=false http-redirect
asadmin create-protocol --securityenabled=false pu-protocol
asadmin create-protocol-finder --protocol pu-protocol --target-protocol http-listener-1 --classname com.sun.grizzly.config.HttpProtocolFinder http-finder
asadmin create-protocol-finder --protocol pu-protocol --target-protocol http-redirect --classname com.sun.grizzly.config.HttpProtocolFinder http-redirect
asadmin set configs.config.server-config.network-config.network-listeners.network-listener.http-listener-2.protocol=pu-protocol
asadmin set configs.config.server-config.network-config.network-listeners.network-listener.http-listener-2.enabled=true
 
### 
### HttpsToHttpRedirectOnDifferentPort
### 
asadmin create-protocol --securityenabled=true http-redirect
asadmin create-http-redirect --redirect-port 8080 --secure-redirect false http-redirect
asadmin create-ssl --certname s1as --type network-listener --ssl2enabled=false --ssl3enabled=false --tlsenabled=true --tlsrollbackenabled=true --clientauthenabled=false http-redirect
asadmin create-protocol --securityenabled=false pu-protocol
asadmin create-protocol-finder --protocol pu-protocol --target-protocol http-listener-1 --classname com.sun.grizzly.config.HttpProtocolFinder http-finder
asadmin create-protocol-finder --protocol pu-protocol --target-protocol http-redirect --classname com.sun.grizzly.config.HttpProtocolFinder http-redirect
asadmin set configs.config.server-config.network-config.network-listeners.network-listener.http-listener-2.protocol=pu-protocol
asadmin set configs.config.server-config.network-config.network-listeners.network-listener.http-listener-2.enabled=true

A few of the options on the create-ssl commands you could probably remove if you’d like. I added them simply to make the created structures match the default ones to reduce any confusion and clutter while looking at the resulting domain.xml.

Pick the scenario you need and cut and paste the relevant part of the above script into your terminal window and let glassfish do the rest. You can verify your set up by using wget -S to request index.html at the end of whichever url you need and look at the header responses to make sure you’re properly getting the relocation information. For example, if you’re doing https -> http redirection on different ports, you’d do (and see) this:

wget -q -S --no-check-certificate https://localhost:8181
 
  HTTP/1.1 302 Moved Temporarily
  Location: http://localhost:8080/
  Connection:close
  Cache-control: private
  HTTP/1.1 200 OK
  Content-Type: text/html
  Content-Length: 5212
  Date: Mon, 30 Aug 2010 16:35:24 GMT
  Connection: Keep-Alive

There you go. Redirecting HTTPS on 8181 to HTTP on 8080. It’s that easy. At this point I feel I should point out that redirect from secure to nonsecure connections is almost always a monumentally bad idea but I’m sure there are a handful of uses for it. Regardless, these 4 use cases should cover anything you might need. These steps require a nightly build of GlassFish 3.1 but if you’re already using/experimenting with those builds, please try it out. Let us know if you have any issues on the users list and we’d be happy to help.

Technorati Tags: glassfishv3, Java

With this third installment, we’re getting to the most interesting feature:  serving multiple protocols on one port.  The uses of this are fairly obvious:  simpler administration, easier on firewalls, etc.  Many of the elements we’ve already seen and so should be fairly familiar.  We’ll simply build on things we’ve seen and take them just one step further.  In this simple demo, we’ll be serving up HTTP traffic and a “dummy” protocol.  We’ll look at at the code needed to implement this protocol once we cover how to configure it.

The first step we need to is to copy the attached protocol zip file in to GlassFish so it’s ready for us to use.  Once you’ve downloaded the zip file, copy it to <glassfish>/domains/domain1/autodeploy/bundles/.  (You might need to create this directory first.)  If you’re watching the server logs, you’ll notice in a few seconds that GlassFish has detected the file and has deployed it.  With that done, we can configure the system to serve up that protocol.

This script is very similar to what we’ve already seen:

asadmin create-protocol pu-protocol
 
asadmin create-protocol-finder --protocol pu-protocol --target-protocol http-listener-1 --classname com.sun.grizzly.http.portunif.HttpProtocolFinder http-finder
 
asadmin create-protocol pu-dummy-protocol
asadmin create-protocol-finder --protocol pu-protocol --target-protocol pu-dummy-protocol --classname org.glassfish.devtests.web.portunif.DummyProtocolFinder dummy-finder
asadmin create-protocol-filter --protocol pu-dummy-protocol --classname org.glassfish.devtests.web.portunif.DummyProtocolFilter dummy-filter
 
asadmin set configs.config.server-config.network-config.network-listeners.network-listener.http-listener-1.protocol=pu-protocol

As you can see the steps here are almost identical to what we’ve done in the past. In this case, we’re reusing the http-listener-1 <protocol> definition and pointing the HttpProtocolFinder there. This is the default protocol definition that ships with GlassFish. We’re creating a new protocol definition for the dummy protocol and creating the finder and filter for the protocol. As a last step, we update the http-listener-1 <network-listener> to use the new pu-protocol we defined. And with that we’re ready to test.

The HTTP test is simple enough: point your browser and http://localhost:8080. You should seen the standard GlassFish welcome (or an app if you’ve deployed one to that location). Testing the dummy protocol is a little more involved but not too bad. The protocol is simple enouugh. It looks for the text dummy-protocol and then responds with Dummy-Protocol-Response. If you have the nc command installed, you can simply do this:

echo dummy-protocol | nc localhost 8080

If not, you can you the telnet command. Simply telnet into localhost port 8080 and and the prompt enter dummy-protocol and hit the enter key. The server will respond with Dummy-Protocol-Response. Then you know you’re done. We’ve seen this kind of configuration several times before. Let’s look at the code that drives.

The first player in all this is the finder. This code detects the dummy protocol and responds accordingly. The finder looks like this:

public class DummyProtocolFinder implements ProtocolFinder {
    private final static String name = "dummy-protocol";
    private byte[] signature = name.getBytes();
 
    public String find(Context context, PUProtocolRequest protocolRequest)
            throws IOException {
        ByteBuffer buffer = protocolRequest.getByteBuffer();
        int position = buffer.position();
        int limit = buffer.limit();
        try {
            buffer.flip();
            if (buffer.remaining() >= signature.length) {
                for(int i=0; i

This code simply scans the incoming bytes looking for “dummy-protocol.” if it can’t find it, it returns null telling the underlying grizzly code to keep looking. If it finds it, returns that string to the caller signifying it’s found the protocol. At that point, control gets handed off to the DummyProtocolFilter:

public class DummyProtocolFilter implements ProtocolFilter {
    public boolean execute(Context ctx) throws IOException {
        SelectableChannel channel = ctx.getSelectionKey().channel();
        OutputWriter.flushChannel(channel, ByteBuffer.wrap("Dummy-Protocol-Response".getBytes()));
        ctx.getSelectorHandler().closeChannel(channel);
        return false;
    }
 
    public boolean postExecute(Context ctx) throws IOException {
        return true;
    }
}

The filter is simple enough. It just prints back the text we’ve been expecting. When it’s done it returns false to show that execution is finished and the response can be closed out. Obviously a more complex protocol would require a more complex filter, but this is the basis of any such filter.

That’s all it takes. If you wanted to serve up more protocols, you’d simply add more filters and finders as needed.

Technorati Tags: glassfishv3, Java

It’s taken more time to get back to this topic but it’s time.  In part 1, I covered how to set up GlassFish to push all HTTP traffic to HTTPS.  In this post, I’ll show you how to set up the reverse.  In the next post, I’ll cover how to configure GlassFish to serve up multiple protocols from the same port.  The steps are basically the same so this will be a short one.  Similar to last time, we’ll issue a few simple commands:

asadmin create-protocol --securityenabled=true https-redirect
asadmin create-protocol-filter --protocol https-redirect --classname com.sun.grizzly.config.HttpRedirectFilter redirect-filter
asadmin create-ssl --certname s1as --type network-listener --ssl2enabled false --ssl3enabled false --clientauthenabled false https-redirect
 
asadmin create-protocol pu-protocol
asadmin create-protocol-finder --protocol pu-protocol --target-protocol http-listener-1 --classname com.sun.grizzly.config.HttpProtocolFinder http-finder
asadmin create-protocol-finder --protocol pu-protocol --target-protocol https-redirect --classname com.sun.grizzly.config.HttpProtocolFinder https-redirect
 
asadmin set configs.config.server-config.network-config.network-listeners.network-listener.http-listener-2.protocol=pu-protocol
asadmin set configs.config.server-config.network-config.network-listeners.network-listener.http-listener-2.enabled=true

This should familiar if you’ve read part 1. We do a little extra work to set up some ssl config elements primarily to preserve the standard settings in case you want to roll back these changes when you’re done. If you do, you simply need to delete those new protocol elements.

To see it in action, simply issue the following command:

wget -q -S --no-check-certificate https://localhost:8181/

You should see something like the following:

HTTP/1.1 302 Moved Temporarily
Location: http://localhost:8181/
Connection:close
Cache-control: private
HTTP/1.1 200 OK
X-Powered-By: Servlet/3.0 JSP/2.2 (GlassFish Server Open Source Edition 3.1-SNAPSHOT Java/Apple Inc./1.6)
Server: GlassFish Server Open Source Edition 3.1-SNAPSHOT
Accept-Ranges: bytes
ETag: W/"5212-1279828070000"
Last-Modified: Thu, 22 Jul 2010 19:47:50 GMT
Content-Type: text/html
Content-Length: 5212
Date: Fri, 23 Jul 2010 16:50:22 GMT
Connection: Keep-Alive

As you can see, the https request received an initial 302 response pushing off to the http url which then returns the 200 response we’d expect. To verify even further, use wget to fetch the http url and you’ll see something like this:

HTTP/1.1 200 OK
X-Powered-By: Servlet/3.0 JSP/2.2 (GlassFish Server Open Source Edition 3.1-SNAPSHOT Java/Apple Inc./1.6)
Server: GlassFish Server Open Source Edition 3.1-SNAPSHOT
Accept-Ranges: bytes
ETag: W/"5212-1279828070000"
Last-Modified: Thu, 22 Jul 2010 19:47:50 GMT
Content-Type: text/html
Content-Length: 5212
Date: Fri, 23 Jul 2010 16:57:31 GMT
Connection: Keep-Alive

That’s it. As promised, short and sweet. Currently this approach does not allow you redirect to a different port number. We have added a new configuration element that simplifies this setup and allows for cross-port redirects. However since there isn’t asadmin support for it yet, I’ll defer discussion until we can get those commands written. That’s in the works so it should be in the next week or two.

With that, though, I’ll wrap this one up and start working on the more interesting Part 3.

Technorati Tags: glassfishv3, Java

Today marks the official(ish) release of GlassFish v3.  v3 is the product of years of hard work in what is, in some ways, a rewrite of v2.  Built on top of OSGi, v3 offers a modularity and extensibility leap over v2.  It’s also the first to fully support the JEE 6 specification.  I’ve been a spring guy for a long time now but honestly (and employer imposed bias aside)  JEE 6 makes a compelling case for skipping spring altogether.  At least for my uses.

GlassFish v3 and JEE 6 offers a number of profiles so you can install as much or as little as you’d like.  Using the web profile gives you everything you need to run many web apps.  You can add additional features via the updatecenter as you need them often without needing to restart the server.  If you’re a v2 user most of that should be very familiar to you already.  Borrowing from Eduardo’s blog entry:

Key links available now:

• GlassFish v3 Main Product Page
• JavaEE 6 Hub
• JavaEE 6 Downloads (multiple bundles)
• Java EE 6 Feature Article (also see Overview White Paper).

You can read more here.  You can also find all the GlassFish v3 related blogs on blogs.sun.com (at least those tagged as such) here.  I’m really quite excited about this release but at the risk of sounding too press releasey about it all, I’ll leave the gushing to others.  You can check it for yourself by downloading it.

Download it.  Kick the tires.  Take it for a spin.  I think you’re going to like what you find.  Especially if you haven’t given glassfish a look in some time.  This is truly a different creature.

Technorati Tags: glassfish, glassfishv3, Java