Tomcat, WebSockets, HTML5, jWebSockets, JSR-340, JSON and more
On my recent excursion into non-blocking servers I came across Comet, server push technologies and then Web Sockets. I was late arriving at the Comet party, but I think I have arrived at the Web Sockets party just in time. The final standard is still being evovled and at the time of writing, the only browser supporting it by default is Chrome. So to get started, I had a look at what was around. Initially, I wasn't going to write a blog article about it, I just wanted to learn about this new thing.
My only requirement was that the server implementation was Java based. The reason is simple - my entire technology stack is based on Java EE and I want to be able to integrate all my existing stuff into any new server, without the need for an integration bus. I like being able to drop a JAR file from one project into another one and to be up and running immediately.
So I had a quick look at jWebSockets, Grizzly (Glassfish), Jetty and Caucho's Resin. All similar, yet all somewhat different. Most different, was jWebSockets, because they have gone to the extent of building their own server, instead of basing their solution on an existing server. I had a good long rant about that kind of thing when I blogged about node.js, so I won't start again. But jWebSockets has a real issue to face in the coming years. JSR-340 talks about support for web technologies based around HTML5 and there is talk that this JSR will be part of Servlet 3.1 and be included in Java EE 7 at the end of next year. If that happens, jWebScokets will have the problem that their server implementation will become deprecated. And because their server doesn't offer anything else from Java EE, it is likely to lose a large part of it's market share. Don't get me wrong, they are still innovating on the client side, with a bridge to allow any browser to use websockets, and creating things like Java SE web socket clients. But server side isn't looking so hot - just take a look at the huge config file which you need to supply to get your plugins to work.
Anyway, I wasn't really enthusiastic about any of the solutions I saw. Some are servlet based (which is good), and all rely on you creating a new instance of a listener, handler, plugin or whatever they choose to call it. But what struck me was, by doing that, you lose the benefits of running inside the container. What I mean by this is that if you think about a servlet or an EJB (and I'm talking Java EE 6 and beyond here), the components you write have the benefit that the container can take care of cross cutting concerns like transactions, security and concurrency as well as provide you with injected resources, so that all you have left to do is write business code. So the reason I was not enthusiastic about any of the solutions listed above, was that what I felt to be glaringly obvious, has been missed. Sure, an inner class within a servlet could make use of resources from the servlet, but nothing I found on the net suggested that should be the normal way to program a web socket solution. And I'm not convinced that a reference in an inner class to a resource from the servlet couldn't go stale between messages received. I would rather the container always injected fresh resources just before my event handling method gets called, just as happens in the lifecycle of a servlet or EJB instance. Just think about a database connection timeout occurring between messages? If the container ensured the connection was always fresh, then the app developer wouldn't need to worry about technicalities.
An HttpServlet has methods for handling GETs, POSTs, et al. Why shouldn't a component handling a Web Socket not be a WebSocketServlet and have methods for handling the events for handshaking, opening, messaging, closing and error handling? I would benefit, because the servlet could have resources injected into it before the event handler methods get called, and the container could start any transactions that are required, or check security, etc.
So without realising that this would actually be quite hard to implement, I set upon taking Tomcat 7 apart, and building web sockets into it, in a way which fulfilled my requirements.
What resulted was (what I think is) a pretty sexy servlet solution. Please take a few minutes to study the code and especially the comments below, because it is the essence of this article.
/**
* a demo of what a web socket servlet could look like
*/
@WebServlet(urlPatterns={"/TestServlet"})
@ServletSecurity(@HttpConstraint(rolesAllowed = "registered"))
public class TestServlet extends WebSocketsServlet<CommandContainer> {
@WebServiceRef
private PricingSystem pricingSystem;
@EJB
private SalesLog salesLog;
@Override
protected void doJSONMessage(
WebSocketsServletRequest<CommandContainer> request,
WebSocketsServletResponse response) throws IOException {
//see how generics is helping me here,
//when i grab the request payload?
//CommandContainer is a class defined in the app!
CommandContainer c = request.getDataObject();
if("CLOSE".equals(c.getCommand())){
//closing connection to client
response.close();
//handle updates to say my model or whatever
actualClose(EventSubType.SESSION_END, request.getSession());
return;
}else if("PRICE".equals(c.getCommand())){
//hey wow - a call to an injected web service!
BigDecimal price = pricingSystem.getPrice(c.getData());
c.setResult(price.toString());
}else if("BUY".equals(c.getCommand())){
//data is e.g. GOOG,100@200.25 - equally I could have
//put it in the model
int idx = c.getData().indexOf(',');
String shareCode = c.getData().substring(0, idx);
idx = c.getData().indexOf('@');
String numShares = c.getData().substring(shareCode.length()+1, idx);
String price = c.getData().substring(idx+1, c.getData().length()-1);
//awesome - a call to an injected EJB!
salesLog.logPurchase(shareCode,
new BigDecimal(price),
Integer.parseInt(numShares));
//and again cool - I can access the logged in user
//in a familiar way (security)
c.setResult("sold " + numShares + " of " + shareCode +
" for " + request.getUserPrincipal().getName());
}else{
c.setResult("unknown command " + c.getCommand());
}
log("handled command " + c.getCommand() + " on session " +
request.getSession().getId() + ": " + c.getResult());
//the response takes care of the outputstream, framing,
//marshalling, etc - my life is really easy now!
response.sendJSONResponse(c);
}
@Override
protected void doError(EventSubType eventSubType,
WebSocketsSession session,
Exception e) {
System.out.println("error: " + eventSubType +
" on session " + session.getId() +
". ex was: " + e);
}
@Override
public void doClose(EventSubType eventSubType,
WebSocketsSession session) {
actualClose(eventSubType, session);
}
/**
* this is a method where we might do stuff like
* tidy up our model, free resources, etc.
*/
private void actualClose(EventSubType eventSubType,
WebSocketsSession session) {
System.out.println("closed session " +
session.getId() + ": " + eventSubType);
}
}
To me, this is what a serverside web socket component should look like. It is really similar to a sevlet or an EJB or a web service - things we are now familiar with. The learning curve is mini.
But getting Tomcat to use this thing was a little harder. First off, my approach was to simply write a new Connector and configure it in the server.xml. I gave it a port number and Tomcat willingly instantiated my new class:
<!-- NIO WebSockets connector -->
<Connector port="8082" protocol="org.apache.coyote.http11.WebSocketsNioProtocol"
connectionTimeout="20000"
/>
Of course, I cheated here a bit and stuck my class in a Coyote package. To get this to work, I unzipped the Tomcat 7.0.14 source and told Eclipse where to find it. I set up the build folder and added that to the classpath in the catalina.bat batch, before any of the other JARs on the classpath, and I did this just near the end of the batch where the call to the Java process is made. I then ran my modified Tomcat by simply starting the catalina batch, using remote debugging to make life easier.
I initially based my non-blocking connector on the non-blocking server which I have written and extended for my past few blog articles. My idea was intercept any web socket handshake requests that arrived and to quickly return a self built handshake response. I would then call the requested servlet and run it using Servlet 3.0 async support, so that the container would keep the connection open. The messages which the client then sent after the handshake would be handled by that servlet.
The idea didn't quite work though, because the servlet used the async support and my connector got callbacks from Tomcat in order for me to do stuff with threads, handle events and state changes. I was a little lost because I didn't understand the implementation details of Tomcat well enough, and after a while I gave up, because it was becoming clear that I would have to build quite a lot of stuff that already existed in the HTTP connectors which shipped with Tomcat. I came to realise that instead of reinventing the wheel, I would do better by creating my own versions (or even sub-classes) of the Coyote Http11NioProcessor and Http11NioProtocol which Tomcat uses to implement the HTTP connectors. While these are somewhat complicated, the advantages of specialising them are firstly that I am not reinventing the wheel, and secondly that I would get HTTPS (or WSS as it is with Web Sockets) for free (theoretically, I haven't yet tested it, but it is simply encapsulated so it should work with almost no problems).
While it was straight forward to copy the two relevant classes, the next headache was to get the browser to accept the handshake response. I wasn't sending the handshake response as a self built String like I had with my own non-blocking connector. Instead I was making as much use of servlet technology as I could, and building the response by setting the relevant headers on it and pushing the 16 byte response key onto the output stream of the response. Unlike a normal HTTP response, the browser expects any handshake responses to stick to a pretty strict specification. Things like a simple date header in the response (which Tomcat kindly sends by default) cause the browser to close the web socket. So with a bit of fiddling in the WebSocketsNioProcessor#prepareResponse() method, I soon had the response header looking perfect, and the browser started to play along.
But the next problem wasn't as simple to fix. The message handling didn't work, at all. Connections kept getting closed quickly and I couldn't figure out what was going on.
After a few headaches, I thought back to how Comet is implemented in Tomcat. I slowly realised, that what I needed was to simply piggy back the Comet infrastructure in Tomcat. In Tomcat, you create a Comet handler by simply implementing the CometProcessor interface in your servlet. The container checks during the initial request whether the servlet which will service the request implements the interface, and if it does, the request is marked as being a comet request. That means the container keeps the connection open and forwards future events (e.g. bytes / messages) to the relevant handler method which your servlet implements. I made my base servlet (WebSocketsServlet) implement the CometProcessor interface, and added the event(CometEvent event) method using the final keyword, so that application developers wouldn't ever think of overriding it, meaning they were protected from having the option of knowing about Comet. This base class servlet then encapsulated the web sockets events by hiding the fact that I had cheated by using Comet. The event method from the Comet processor simply passes the event on to the relevant doXXX method in my base servlet, which application programmers would subclass. This is pretty much what the HttpServlet base class does in it's service method.
So, my WebSocketsServlet is the Web Sockets equivalent of the HttpServlet, and as such, I put it into the javax.servlet.websockets package - i.e. to be supplied as part of the JSR which gets around to specifying the way in which Java EE containers should handle web sockets.
The WebSocketsServlet also deals with WebSocketServletRequest, WebSocketServletResponse and WebSocketSession objects, rather than HTTP equivalents. Each of these derives from the relevant ServletXXX rather than HttpServletXXX object, because when handling a web socket frame, it makes no sense what so ever to be able to do things like setting the headers on the response. Headers are only relevant to the handshake, and not anything which an application developer needs to concern themselves with. Again, these interfaces also sit in the javax.servlet.websockets package, because they are the analagous classes belonging to the specification, rather than just Tomcat. Sadly, the ServletRequest class has stuff in it which is too specific to HTTP, like getParameter(String), as well as other stuff which I would prefer to hide for web sockets, like getInputStream(). In order to make the WebSocketsServletRequest fit really well into the javax package, I think the ServletRequest might need to be broken into a super and a sub-class. Whether that would be possible, considering the billions of lines of Java code already out there, I don't know...
Things like wrapping the response String (bytes) in a web socket frame (i.e. leading 0x00 and trailing 0xFF byte) are also handled transparently by the WebSocketsServletResponse implementation. In fact, I went a step further. After listening to two interesting videos (with Jerome Dochez, the Architect of Glassfish - The Future of Java EE and Jerome discusses early plans for Java EE 7) I was inspired by some of the things he talked about. He spoke about not wanting to mess around with parsing strings and getting the container to handle XML and JSON. So... I added that to Tomcat too. You'll notice in the code near the top, the handler method which is called for handling message events is called doJSONMessage(WebSocketsServletRequest, WebSocketsServletResponse) rather than say simply doMessage. The reason is, the web sockets client (running in the browser) lets you send a header containing the protocol which it will use. This protocol appears to be a free text which the application can choose. In my implementation I went with XML, JSON, TEXT and BIN (binary), although XML and BIN aren't fully implemented. So when the client creates the web socket like this:
new WebSocket("ws://localhost:8085/nio-websockets/TestServlet", "JSON");
that JSON parameter is used by the container to decide which exact handler method in the servlet it will call. It gets better too, because instead of then having to manually handle the JSON string, the container does the magic, and from the WebSocketsServletRequest which is passed into the message handler method, I can retrieve the object, using the #getDataObject() method. And thanks to generics, it even passes that object back to me without me having to use a cast - the application servlet which implements the WebSocketsServlet base servlet specifies what type of data object it expects.
How does that magic work, I hear you asking? Well, its not that complicated. The base servlet receives a byte array from the Comet event. It looks at the original request header and realises it should treat that request as a JSON object. It then uses XStream which knows XML as well as JSON to unmarshal the incoming request. One last bit of magic that is required is that it needs to know which class say a "container" object in the JSON string maps too - i.e. which class should it use to stick the JSON data into? Well, XStream lets you define such aliases. I had a think about where else this happens, and JAX-Binding does this. So instead of the @XmlType annotation for JAXB, I create the javax.json.bind.annotation.JsonType annotation, which is applied to data objects, like this:
@JsonType(name="container")
public class CommandContainer {
private String command;
private String result;
private String data;
.
.
.
Here, the "name" attribute of the annotation says that this class is mapped to JSON objects whose name is "container". So JSON like this:
var data = {"container":
{"command": "BUY",
"data": "GOOG,100@200.25",
"result": "sold"}
};
is simply unmarshalled into an instance of the CommandContainer class, so that the Java application can use the object immediately, rather than screwing around with strings and unmarshalling itself. The Tomcat container parses annotations during startup and I simply stuck some extra code in there to note down these mappings so that when the base servlet sets the raw data into the request, the request implementation (which is a Coyote object, rather than a javax object) can use something like XStream and these mappings to do the unmarshalling. I had to watch out for the class loader here to - luckily XStream lets you set the classloader, because if you don't set it, you are stuck with one that doesn't know the webapp. I simply took the classloader from the servlet context (which I got out of the HttpServletRequest which the container actually passes to the Comet processor in the Comet Event), and it has a classloader which knows the webapp classes. Regardless of whether such JSON annotated data classes are in the web-inf/classes folder, or in jars, the container can deal with them.
So what else is left? Well, security for starters. Chrome is very descent and because the Web Sockets path resides (in this case) under the same host as the one which serves the HTML containing the Javascript which opens the socket, it sends the JSESSIONID to the server during the Web Sockets handshake. That is really great, because so long as you had to log in to get the HTML, all web socket requests occur in the same session - so application developers have full access to the security framework supplied by Java EE! Hence I can mark my Servlet as requiring the user to be in a specific role in order to use it, as well as check their roles programmatically in my handler methods, using the request object. If the browser had not been so kind, my plan was to send the session ID to the server in the handshake as a request parameter in the query string of the requested URL, by putting the session ID into the URL using JSP.
On small problem with this security solution is that if the user isn't logged in, there is no way for the browser to handle the return code in the handshake properly. At least not in Chrome. In Chrome, the connection is simply closed, and the Javascript error console shows a slightly cryptic message indicating that a 403 code was returned. To avoid each browser implementing their own way to handle such problems, the IETF web sockets specification needs to clearly state that such problems should be sent as an event to the client's onerror callback method. Let's cross our fingers hey?
Resources, like EJBs, Entity Managers (JPA) and Web Services are also easily used - because in Java EE 6 I can inject them all using the container. While Tomcat doesn't support EJBs/WebServices per se, I still stuck some into the above example, to illustrate how such a servlet might look in a fully fledged Java EE app server. To make it work, I hacked Tomcat to look for those annotations and if nothing was found in the JNDI tree, it simply injected a new instance of the class - ok, its cheating, but great for a proof of concept ;-)
Note that while the servlet shown above might not be a typical application needing web sockets (because its a basic request/response app), it demonstrates the way I would like to see web sockets added to Java EE. It wouldn't be hard at all to write a servlet like this which handled a chat app, or for example an app where a user draws on their screen, and all other members see the drawing update on their screens in pretty much realtime. I might go on to play with something like that, but this article already discusses some of the issues facing Web Sockets.
A few weeks ago, I blogged about how node.js would need to provide the things like I have described in this article to become mature. Java EE has exactly the same challenges if it is to remain mature in the future, as new technologies are integrated into it.
Well, that's pretty much it. What do you think?
Patches for Tomcat 7.0.14 are available here.
The webapp containing the servlet shown above can be downloaded here.
Other useful links:
- A blog article about Jetty websockets
- Source code for the Grizzly (Glassfish) web sockets solution
- JSR-340
- A discussion on whether Tomcat will have websockets soon
- jWebSockets - a standalone websocket server
- XStream - marshals/unmarshals XML & JSON
- A video of the conference presentation about the future of Java EE
- A video interview with Glassfish's architect
- Tomcat docs for Comet
- Caucho's Resin Websockets
- HTML5 Web sockets spec
- The link to start the demo I created, once you install it locally - http://localhost:8080/nio-websockets/index.jsp
Copyright © 2011 Ant Kutschera
Non-blocking (NIO) Server Push and Servlet 3
In my previous blog posting, I wrote about what I would expect node.js to do in order to become mature. I introduced the idea of having a framework which lets you define a protocol and some handlers in order to let the developer concentrate on writing useful business software, rather than technical code, in a very similar manner to which Java EE does. And through that posting, I came to learn about a thing called Comet. I had stated that using a non-blocking server wouldn't really be any more useful than a blocking one in a typical web application (HTTP), and so I created an example based on my own protocol and a VOIP server, for streaming binary data to many concurrently connected clients.
I have now read up on Comet and come to realise there is indeed a good case for having a non-blocking server in the web. That case is pushing data back to the client, like for continuously publishing latest stock prices. While this example could be solved using polling, true Comet uses long-polling or even better, full on push. A great introduction I read was here. The idea is that the client makes a call to the server and instead of the server returning data immediately, it keeps the connection open and returns data at some time in the future, potentially many times. This is not a new idea - the term Comet seems to have been invented in about 2006 and the article I refer to above is from 2009. I think I've arrived at this party very late :-)
My new found case of server push for non-blocking HTTP, and a strong curiosity drove me to knuckle down and start coding. Before long, I had a rough implementation of the HTTP protocol for my little framework, and I was able to write an app for my server using handlers that subclassed the HttpHandler, which was for all intents and purposes, a Servlet.
To get Comet push to work properly, you get the client to "log in" and register itself with the server. In my demo, I didn't check authorisations against a database, like you might do for a real app, but I had the concept of a channel, to which any browser client could subscribe. During this login, the client says which channel it wants to subscribe to, and the server adds the clients non-blocking connection to its model. The server responds using chunked transfer encoding, because that way, the connection stays open, and you don't need to state up front how much data you will send back. At some time in the future, when someone publishes something, the server can use the connection which is still open contained in its model, to push that published data back to the subscribed client, by sending another chunk of data.
The server implementation wasn't too hard, but the client posed a few problems, until I realised that the data was arriving in the ajax client with a ready state of 3, rather than the more usual 4. The ajax client's onreadystatechange callback function was also given every byte of data in it's responseText, rather than just the new stuff, so I had some fiddling around until I could get the browser to just append the new stuff to the innerHTML attribute of a div on my page. Anyway, after just a few hours, I had an app that worked quite well. But it wasn't entirely satisfactory, partly because as I stated in the previous posting, the server is still a little buggy, especially when the client drops a connection, because for example the browser page is closed. I had also ended up implementing the HTTP protocol for my framework, which seemed to be reinventing the wheel - servlet technology does all this stuff already, and much better than I can hope to do it. One of the reasons that I don't like node.js is that everything is being reinvented.
So, like the article which I referenced above indicated, version 3.0 of Servlets should be able to handle Comet. I downloaded Tomcat 7.0, which has a Servlet 3.0 container, and I ported my app code to proper Servlets. It took a while to work out exactly how to use the new asynchronous parts of servlets because there aren't all that many accurate tutorials out there. The servlet specs (JSR 315) helped a lot. Once I cracked how to use the async stuff properly, I had a really really satisfying solution to my push requirements.
The first step, was to reconfigure Tomcat so that it uses non-blocking (NIO) for its connector protocol. The point of this is that I want to keep a connection open to the client in order to push data to it. I can't rely on the one-thread-per-request paradigm, because context switching and thread memory requirements are likely to be a performance killer. In Tomcat's server.xml file, I configured the connector's protocol:
<!-- NIO HTTP/1.1 connector -->
<Connector port="8080" protocol="org.apache.coyote.http11.Http11NioProtocol"
connectionTimeout="20000"
redirectPort="8443" />
rather than the normal:
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
All you need to do to get Tomcat to turn into an NIO server is change the protocol attribute to the slightly longer class name.
The second step, was to create two servlets. The first LoginServlet handles the client "logging in" and subscribing to a channel. That servlet looks like this:
/*
* Copyright (c) 2011 Ant Kutschera
*
* This file is part of Ant Kutschera's blog,
* http://blog.maxant.co.uk
*
* This is free software: you can redistribute
* it and/or modify it under the terms of the
* Lesser GNU General Public License as published by
* the Free Software Foundation, either version 3 of
* the License, or (at your option) any later version.
*
* It is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
* PURPOSE. See the Lesser GNU General Public License for
* more details.
*
* You should have received a copy of the
* Lesser GNU General Public License along with this software.
* If not, see http://www.gnu.org/licenses/.
*/
package ch.maxant.blog.nio.servlet3;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import javax.servlet.AsyncContext;
import javax.servlet.ServletContext;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import ch.maxant.blog.nio.servlet3.model.Subscriber;
@WebServlet(name = "loginServlet", urlPatterns = { "/login" }, asyncSupported = true)
public class LoginServlet extends HttpServlet {
public static final String CLIENTS = "ch.maxant.blog.nio.servlet3.clients";
private static final long serialVersionUID = 1L;
public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException {
// dont set the content length in the response, and we will end up with chunked
// encoding so that a) we can keep the connection open to the client, and b) send
// updates to the client as chunks.
// *********************
// we use asyncSupported=true on the annotation for two reasons. first of all,
// it means the connection to the client isn't closed by the container. second
// it means that we can pass the asyncContext to another thread (eg the publisher)
// which can then send data back to that open connection.
// so that we dont require a thread per client, we also use NIO, configured in the
// connector of our app server (eg tomcat)
// *********************
// what channel does the user want to subscribe to?
// for production we would need to check authorisations here!
String channel = request.getParameter("channel");
// ok, get an async context which we can pass to another thread
final AsyncContext aCtx = request.startAsync(request, response);
// a little longer than default, to give us time to test.
// TODO if we use a heartbeat, then time that to pulse at a similar rate
aCtx.setTimeout(20000L);
// create a data object for this new subscription
Subscriber subscriber = new Subscriber(aCtx, channel);
// get the application scope so that we can add our data to the model
ServletContext appScope = request.getServletContext();
// fetch the model from the app scope
@SuppressWarnings("unchecked")
Map
The inline comments describe most of the choices I made. I added a listener to the context so that we get an event in the case of a disconnected client, so that we can tidy up our model - the full code is in the ZIP at the end of this article. Importantly, this servlet does no async processing itself. It simply prepares the request and response objects for access at some time in the future. We stick them (via the async context) into a model which is in application scope. That model can then be used by the servlet which receives a request to publish something to a given channel:
/*
* Copyright (c) 2011 Ant Kutschera
*
* This file is part of Ant Kutschera's blog,
* http://blog.maxant.co.uk
*
* This is free software: you can redistribute
* it and/or modify it under the terms of the
* Lesser GNU General Public License as published by
* the Free Software Foundation, either version 3 of
* the License, or (at your option) any later version.
*
* It is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
* PURPOSE. See the Lesser GNU General Public License for
* more details.
*
* You should have received a copy of the
* Lesser GNU General Public License along with this software.
* If not, see http://www.gnu.org/licenses/.
*/
package ch.maxant.blog.nio.servlet3;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
import java.util.Map;
import javax.servlet.AsyncContext;
import javax.servlet.ServletContext;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import ch.maxant.blog.nio.servlet3.model.Subscriber;
@WebServlet(name = "publishServlet", urlPatterns = { "/publish" }, asyncSupported = true)
public class PublishServlet extends HttpServlet {
private static final long serialVersionUID = 1L;
public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException {
// *************************
// this servlet simply spawns a thread to send its message to all subscribers.
// this servlet keeps the connection to its client open long enough to tell it
// that it has published to all subscribers.
// *************************
// add a pipe character, so that the client knows from where the newest model has started.
// if messages are published really quick, its possible that the client gets two at
// once, and we dont want it to be confused! these messages also arrive at the
// ajax client in readyState 3, where the responseText contains everything since login,
// rather than just the latest chunk. so, the client needs a way to work out the
// latest part of the message, containing the newest version of the model it should
// work with. might be better to return XML or JSON here!
final String msg = "|" + request.getParameter("message") + " " + new Date();
// to which channel should it publish? in prod, we would check authorisations here too!
final String channel = request.getParameter("channel");
// get the application scoped model, and copy the list of subscribers, so that the
// long running task of publishing doesnt interfere with new logins
ServletContext appScope = request.getServletContext();
@SuppressWarnings("unchecked")
final Map
Again, there are plenty of comments in the code. In this servlet, we actually do some (potentially) long running task. In many online examples of Servlet 3.0 Async Support, they show handing off work to an Executor. The async context provides the ideal way to do this via the container though, using its start(Runnable) method. The container implementation then descides how to handle the task, rather than the developer having to worry about spawning threads, which on app servers like WebSphere is illegal and leads to errors. In true Java EE fashion, the developer can concentrate on business code, rather than technicalities.
Something else which might be important in the above code, is that the publishing is done on a different thread. Imagine publishing data to ten thousand clients. In order to finish within a second, each push it going to have to complete in less than a tenth of a millisecond. That means doing something useful like a database lookup is not going to be feasible. On a non-blocking server, we can't afford to take a second to do something, and many would argue a second is eternity in such an environment. The ability to hand off such work to a different thread is invaluable, and sadly, something node.js cannot currently do, although you can hand off the task to a different process, albeit potentially messier than that shown here.
Now, we just need to create a client to subscribe to the server. This client is an ajax request object which is created when the HTML is loaded which runs some JavaScript in a library I have written. The HTML looks like this:
<html>
<head>
<script language="Javascript" type="text/javascript" src="push_client.js"></script>
</head>
<body>
<p>Boo!</p>
<div id="myDiv"></div>
</body>
<script language="Javascript" type="text/javascript">
function callback(model){
//simply append the model to a div, for demo purposes
var myDiv = document.getElementById("myDiv");
myDiv.innerHTML = myDiv.innerHTML + "<br>" + model;
}
new PushClient("myChannel", callback).login();
</script>
</html>
As you can see, it simply needs to define a callback function which will handle each message published from the server. The published message could be text, XML or JSON - the publisher chooses. The JavaScript in that library is a little more complicated, but basically creates an XHR requester which sends a request to the login servlet. Any data it receives from the server, it parses, and returns the newest part of the data back to the callback.
/*
* Copyright (c) 2011 Ant Kutschera
*
* This file is part of Ant Kutschera's blog,
* http://blog.maxant.co.uk
*
* This is free software: you can redistribute
* it and/or modify it under the terms of the
* Lesser GNU General Public License as published by
* the Free Software Foundation, either version 3 of
* the License, or (at your option) any later version.
*
* It is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
* PURPOSE. See the Lesser GNU General Public License for
* more details.
*
* You should have received a copy of the
* Lesser GNU General Public License along with this software.
* If not, see http://www.gnu.org/licenses/.
*/
function PushClient(ch, m){
this.channel = ch;
this.ajax = getAjaxClient();
this.onMessage = m;
// stick a reference to "this" into the ajax client, so that the handleMessage
// function can access the push client - its "this" is an XMLHttpRequest object
// rather than the push client, coz thats how javascript works!
this.ajax.pushClient = this;
function getAjaxClient(){
/*
* Gets the ajax client
* http://en.wikipedia.org/wiki/XMLHttpRequest
* http://www.w3.org/TR/XMLHttpRequest/#responsetext
*/
var client = null;
try{
// Firefox, Opera 8.0+, Safari
client = new XMLHttpRequest();
}catch (e){
// Internet Explorer
try{
client = new ActiveXObject("Msxml2.XMLHTTP");
}catch (e){
client = new ActiveXObject("Microsoft.XMLHTTP");
}
}
return client;
};
/**
* pass in a callback and a channel.
* the callback should take a string,
* which is the latest version of the model
*/
PushClient.prototype.login = function(){
try{
var params = escape("channel") + "=" + escape(this.channel);
var url = "login?" + params;
this.ajax.onreadystatechange = handleMessage;
this.ajax.open("GET",url,true); //true means async, which is the safest way to do it
// hint to the browser and server, that we are doing something long running
// initial tests only seemed to work with this - dont know, perhaps now it
// works without it?
this.ajax.setRequestHeader("Connection", "Keep-Alive");
this.ajax.setRequestHeader("Keep-Alive", "timeout=999, max=99");
this.ajax.setRequestHeader("Transfer-Encoding", "chunked");
//send the GET request to the server
this.ajax.send(null);
}catch(e){
alert(e);
}
};
function handleMessage() {
//states are:
// 0 (Uninitialized) The object has been created, but not initialized (the open method has not been called).
// 1 (Open) The object has been created, but the send method has not been called.
// 2 (Sent) The send method has been called. responseText is not available. responseBody is not available.
// 3 (Receiving) Some data has been received. responseText is not available. responseBody is not available.
// 4 (Loaded)
try{
if(this.readyState == 0){
//this.pushClient.onMessage("0/-/-");
}else if (this.readyState == 1){
//this.pushClient.onMessage("1/-/-");
}else if (this.readyState == 2){
//this.pushClient.onMessage("2/-/-");
}else if (this.readyState == 3){
//for chunked encoding, we get the newest version of the entire response here,
//rather than in readyState 4, which is more usual.
if (this.status == 200){
this.pushClient.onMessage("3/200/" + this.responseText.substring(this.responseText.lastIndexOf("|")));
}else{
this.pushClient.onMessage("3/" + this.status + "/-");
}
}else if (this.readyState == 4){
if (this.status == 200){
//the connection is now closed.
this.pushClient.onMessage("4/200/" + this.responseText.substring(this.responseText.lastIndexOf("|")));
//start again - we were just disconnected!
this.pushClient.login();
}else{
this.pushClient.onMessage("4/" + this.status + "/-");
}
}
}catch(e){
alert(e);
}
};
}
The important parts here are that we need to listen for events on both ready state 3 and 4, rather than the usual 4. While the connection is kept open, the client only receives data in ready state 3, and everytime it receives a chunk, the ajax.responseText attribute contains all chunks since login, rather than just the newest chunk. This could be bad, if the connection receives tons of data - eventually the browser will run out of memory! You could measure the number of bytes sent to any client on the server, and when its above a given threshold, force the client to disconnect by ending the stream (call the complete() method on the async context of the relevant client just after publishing a message to it). The client above automatically logs itself back into the server when the server disconnects.
Instead of the reconnect solution for dropped / timed-out connections (which is very similar to long polling) we could add a heartbeat which the server sends to each subscribed client. The heartbeat period would need to be slightly less than the timeout. The exact details could get messy - do you consider sending a heartbeat every second, but only do it to clients who need it? Or do you send it to every client, say every 25 seconds, if the timeout is say 30 seconds? You could use performance tuning to determine if that is better than the reconnecting I have shown above. Then again, a heartbeat is good for culling closed connections, because it tests the connection every so often, and gets an exception if the push fails. And then again, the container informs the listener that we added to the login async context if a disconnect occurs too, so perhaps we don't need a heartbeat - you decide :-)
Now, we need a way to publish data - that's easy - I just type the following URL into the browser, and it sends a GET request to the publish servlet:
http://localhost:8080/nio-servlet3/publish?channel=myChannel&message=javaIsAwesome
Keep refreshing the browser window with that protocol, and the other window almost instantly gets updates, showing the latest message at the bottom. I tested it using Firefox as the subscriber, and Chrome as the publisher.
I haven't checked out scalability, because I have assumed that Tomcat's NIO connector has been well tested and performs well. I'll let someone else play with the scalability of Servlet 3.0 for a push solution. This article is about showing how easy it is to implement Comet push, using Java EE Servlets. Note, it used to be easy too, because servers like Jetty and Tomcat and others provided bespoke Comet interfaces, but now, with the advent of Servlet 3.0, there is a standardised way to do it.
There are plenty of profesional and open source solutions which do what I have done in this article. See this article, which lists many, whackiest of all, APE - another project which puts JavaScript on the server!? Well, better than PHP I guess :-)
The complete code for this demo is downloadable here.
Copyright © 2011 Ant Kutschera
Java non-blocking servers, and what I expect node.js to do if it is to become mature
The argument goes, that a typical web server "handles each request using a thread, which is relatively inefficient and very difficult to use." As an example they state that "Node will show much better memory efficiency under high loads than systems which allocate 2MB thread stacks for each connection."
They go on to state that "users of Node are free from worries of dead-locking the process — there are no locks. Almost no function in Node directly performs I/O, so the process never blocks. Because nothing blocks, less-than-expert programmers are able to develop fast systems".
Well, reading those statements makes me think that I have problems in my world which need addressing! But then I look at my world, and realise that I don't have problems. How can that be? Well first of all, because we don't have a thread per request, rather we use a thread pool, reducing the memory overhead, and queuing incoming requests if we can't run them in a thread instantly, until a thread becomes free in the pool.
The second reason I don't have threading problems is because I work with Java EE. I write business software which is written as components which get deployed to an app server. That app server is what does all the hard work with threads. All I have to do is follow some simple and common sense rules to avoid threading issues, like ensuring that shared resources like a Map(dictionary) are instantiated using the thread safe API which Java offers. In more extreme cases, I use the
synchronized keyword to protect methods or objects being shared. All this means that we Java programmers have become very efficient at writing software to solve business problems, rather than writing software to solve technical problems like concurrency, scalability, security, transactions, resources, object and resource pooling, etc., etc.
So when do I need to solve those problems which lots of threads introduce, namely memory problems? Any server which needs to maintain an open connection to the client, in order to say stream video or Voice over IP (VOIP), or handle instant messaging, is a server where I'm going to have problems with memory if I have a thread per connection.
Now, the Java EE specifications tend to focus on multithreaded servers. And to my knowledge, there is no Java EE specification which tells vendors how to make a server which lets people deploy software components to it, which are handled in a non-blocking manner. Sure, you could write a Servlet compliant server like Tomcat with a non-blocking engine under the hood, but Java EE doesn't talk about streaming. And probably 99% of websites out there don't do the kind of streaming which is going to cause memory issues.
So there certainly are times when something like node.js will be useful. Or at least the idea of a non-blocking server. But looking into the details, node.js isn't something that I would seriously use if I needed such a server. The main problems are that:
- you deploy Javascript to the server
- it doesn't seem to specify a standardised way of writing components so that I can concentrate on writing business software rather than solving technical issues
- while it is rumoured to be fast, studies such as this suggest it's half as slow as Java
- compared to Java, the node.js API and Javascript libraries available today are immature - think about things like sending email, ORM, etc.
- node.js has political problems because it relies on Google. If Google don't want to support Javascript on the server (their V8 engine is designed for Chrome, client side), and node.js needs a patch or development on V8 to handle a serverside issue, they might never get it. OK, like I have a chance to get a Java bug patched by Oracle ;-)
var net = require('net');
var server = net.createServer(function (socket) {
socket.write("Echo server\r\n");
socket.pipe(socket);
});
server.listen(1337, "127.0.0.1");
Well, if the point of node.js is to make it really easy to create a server, and pass it a function for handling requests, I can do that in Java too:
TCPProtocol protocol = new TCPProtocol(){
public void handleRequest(ServerRequest request,
ServerResponse response) {
//echo what we just received
try {
response.write(request.getData());
} catch (IOException e) {
e.printStackTrace();
}
}
};
Configuration config = new Configuration(1337, protocol);
ServerFactory.createServer(config).listen();
OK, it's a tiny bit more complicated. But the reason is, I decided to write a non-blocking server which can be configured to handle any kind of request. The configuration takes a port number for the server to run on, and a protocol object. The protocol object is a subclass of an abstract protocol, and its job is to look at the data coming in from the wire and decide how to handle it. A TCPProtocol as shown above is simplest protocol, in that it does nothing. You need to tell it what to do, by overriding the
handleRequest() method (analagous to supplying a function
in Javascript), for example as shown above, by returning to the client what it sent to the server.But I wanted to do something more useful, so I extended what I wrote to handle voice over IP, or at least a client streaming an MP3 to a different client, to simulate a phone call between the two of them.
The first step was to design the protocol. At the byte level, the first byte in a packet sent to the server contains the command, or action, the second byte contains the length of the payload, if any, and the subsequent bytes contain the payload.
The protocol then lets a caller login (returning a session ID), start a call (returning an OK/NOK), send data for the call, end a call, and quit (logout).
After a few hours I had my laptop playing my favourite MP3s, streamed to my laptop from a different PC. But it looked clunky. I had a think, and took inspiration from the Servlet and EJB specifications in Java EE. Namely, I wanted to have deployable components whose sole job was to handle a business requirement.
In .NET and Java you can define a web service or web page (Servlet) by annotating the class. In the annotation, you provide a URL path, which the server uses to determine when to call your servlet or web service. This is similar to a "command" or "action" as I had in my VOIP protocol.
So I wrote a little container, which sits inside the non-blocking server. The server takes the incoming request and once it has handled the low level non-blocking stuff, it passes the request over to the configured protocol. The VOIP protocol then extracts the command (first byte) from the incoming request. It then uses a "context" object, which it gets injected into it from the container, to send the incoming request to a Handler. The handler is a class which has an annotation to state which command it can handle. The handler is then analagous to a web service or servlet. It is a piece of busienss code which handles an incoming request, based on the command (path) which the client is requesting.
Put together, it looks as follows. The first bit is the protocol's handler method which determines the command and sends it to a handler:
public void handleRequest(ServerRequest request,
ServerResponse response) {
String criterion = String.valueOf(request.getData()[0]);
try{
//call through to the context for help - it
//will call the handler for us.
getContext().handleRequest(criterion, request, response);
} catch (UnknownHandlerException e) {
//send NOK to client because of unknown command
response.write(new Packet(UNKNOWN_COMMAND).marshal());
}
}
A
Packet object in the above code is simply an encapsulation of the data sent over the wire, but knows that the first byte is the command,
the second is the length and
subsequent bytes are the payload. In an HTTP request, this Packet object would be something which knew about the HTTP header's attributes and
the HTTP payload, rather than the ServerRequest and ServerResponse objects which only know about byte arrays and
sockets/channels.The second part of the solution are then the handlers. These are contained in the configuration, either created programatically as shown in the TCP example above, or created using XML which the server reads upon startup. The container then locates, instantiates and calls these handlers on behalf of the protocol, when the protocol object calls
getContext().handleRequest(criterion, request, response) in the above
snippet. A typical handler looks like this:
@Handler(selector=VoipProtocol.LOGIN)
public class VoipLoginHandler extends VoipHandler {
public void service(VoipRequest request,
VoipResponse response)
throws IOException {
String name = request.getPacket().getPayloadAsString();
Participant p = new Participant(
name, response.getSocketChannel());
getProtocol().getModel().addParticipant(p);
request.getKey().attach(p);
//ACK
String sessId = p.getSessId().getBytes(VoipProtocol.CHARSET);
Packet packet = new Packet(sessId, VoipProtocol.LOGIN)
response.write(packet);
}
}
So, the
service method is the only one in a handler,
and is in charge of doing business stuff. There is no techy stuff here. The code works out who is logging in,
creates an instance of them (the Participant object) in the
model. The model is contained in the protocol object, which exists just once in the server. Compared to a servlet, the call to get the model
is analagous to putting data into the application scope. The code then attaches the participant object
to the client connection using the attach(Object) method (see Java NIO Package) so that we can always get straight to the
relevant part of the data model from the connection object, when subsequent requests arrive. Finally, the code responds to the client with
the session ID as an aknowledgement. Note that here, I haven't bothered to authenticate the password - the payload only contains the username.
But if I were writing a complete app, I would have more data in my payload, perhaps even something like XML or JSON, and I would authenticate
the username and password.The
@Handler annotation at the top of the handler class is analagous to the @WebServlet annotation applied to
Java EE Servlets. It has a "selector" attribute which the container uses to compare to the criterion which the protocol extracts from the
request. This is analagous to the URL patterns attribute in @WebServlet which tells a Java EE web container to which path
the servlet should be mapped. There is a little bit of hidden magic too - the service method in the
handler already knows VoipRequest and VoipResponse, rather than ServerRequest and
ServerResponse. The superclass does this magic, by implementing
the standard service method and calling the specialised abstract service method, implemented in subclasses.So, being creative, I added a further attribute to the
@Handler annotation. It is called runAsync and defaults to false.
But, if it is set to true, then the container sends the handler to a thread pool for execution sometime in the future. I don't actually use this in the
VOIP example, but I did this, to show that it is perfectly feasible, that an app server can do such things. The developer doesn't need to worry
about threads or anything - they simple configure the annotation and the container handles the hard parts. This is typical of Java EE! And it
becomes extremely useful in cases where a request needs a little more time to execute. In a non-blocking single threaded process,
while connections are concurrently connected to the server, they are serviced sequentially, meaning that they MUST return fast, if you don't want
those in the queue to wait too long. This is something which node.js CANNOT do, because it has no way of starting threads. Their solution is to
send an async request to a different process. But to do that, the developer is spending time working on technical issues, rather than getting
on and trusing the container to do it for them, so that they can spend more time writing cost effective business code. One of the main
reasons to use Java EE is that the developer can spend more time writing business software and less time handling techie problems.
There is no reason why a handler couldn't also have other annotations:
@Handler(selector=VoipProtocol.QUIT)
@RolesAllowed({"someRole", "someOtherRole"})
@TransactionManagement(TransactionManagementType.CONTAINER)
public class VoipQuitHandler extends VoipHandler {
@PersistenceContext(unitName="persistenceUnitName")
private EntityManager em;
.
.
.
}
The
@RolesAllowed@TransactionManagement annotation means that transactions will be handled by the container
rather than by the programmer. When the handler is executed, the @PersistenceContext annotation causes the container to
inject a JPA entity manager so that the business code has access to a database. This is exactly the same way that a Servlet or EJB gets resources
from the container. Those resources are created based on the app server configuration, in a standardised way and are managed by the
container too (pooling, reconnecting, etc.), again, relieving the programmer from that burden.So what do we have now? Instead of a low level API like node.js provides, we have a high level container for running software components within a non-blocking server. What we don't have, is Javascript running on the server, because it seemed like the ideal language for handling callbacks in a non-blocking environment, because it has an event queue and function pointers.
Could this little exercise be the basis of a JSR? Well, is it really useful? Only really in cases where you have clients which need to keep connections open to the server for a long time, and you have thousands of clients. There won't be many people needing to do this, and there are more important JSRs awaiting acceptance and implementation. But who knows what the future will bring.
To summarise, node.js makes me uneasy, because I don't like the idea of Javascript and its immature stack of libraries being deployed on a production server. Whenever I develop with Javascript I spend a lot more time with the debugger than I would like to, because the language is not entirely checkable using static analysis because it is duck typed. But the idea of building a non-blocking server using Java - now that's interesting (to me at least). But like I said, I'm just not sure how often will it be useful.
It seems to me, that the revolution that node.js is starting isn't really about Javascript on the server. It is more about using a non-blocking server. But the problem is, probably 99% of our needs are already satisfied with standard multithreaded servers. And we can already write scalable websites, without all those problems which node.js claims we have. So let's not rebuild the world based on non-blocking I/O, just because node.js has arrived. Let's build/rebuild just those very special cases, where non-blocking I/O will really help us.
Does node.js deserve the hype it is getting? I don't think that it deserves hype because you can run Javascript on the server - that's a bad thing. Douglas Crockford (senior JavaScript architect at Yahoo!) even hints this, when he says:
"The big surprise for me in this is we're about to take maybe the most important step we've ever taken in terms of the technology of the web, and JavaScript is leading the way."
He seems to be saying that Javascript is leading the way in the most important step we are ever taking, and not that Javascript IS the most important step we are taking. That is, non-blocking servers are the most important step, and having an event loop on the server is the way forward. The way I understand it, he is saying that non-blocking is the revolution. The problem I have in joining in on this revolution is that non-blocking servers are not ncessarily the best thing ever. They only really help, when you have thousands of clients needing to keep their connections to the server open. HTTP (99% of the web) doesn't need non-blocking I/O to become the technology leader of the web - it already is. So instead of joining in this revolution and all the hype that node.js is stirring up, I will ignore it and continue building software the way I have been.
The code for the examples given above are in two Eclipse projects, which you can download here. The first project is the framework itself, including the non-blocking server, container and relevant classes and interfaces. The second project is an example of how to use the framework to build (business) apps. It contains the
TCPServerRunner class for running a TCP echo server.
It also contains the VoipServerRunner which starts the VOIP Server.
To run the streaming example, first run the ListeningClient, followed by the SendingClient.
Change line 74 of the SendingClient to use your favourite MP3, and you should hear it stream the first 20 seconds.
The VOIP server itself isn't 100% reliable - especially once clients have
disconnected. But I guess node.js wasn't that stable after only a small number of hours of development. Good luck!PS. Performance: streaming at 192 kilobits a second, the server told me it was running around half a percent load (i.e. the event loop was idle 99.5% of the time). GSM, rather than high quality MP3 uses around 30 Kbps, so for a real VOIP server, you could probably get away with 1200 simultaneous calls. That doesn't seem that many, but I have no idea really. I guess I have 2 CPU cores which I could use so that I could use a load balancer to spread the load among two processes, which is the node.js way of using all the cores. But the load balancer wouldn't be doing much less work than my server does, so might not be able to handle any extra load itself. Or I could stick my handlers in a thread pool, using the
runAsync attribute of my @Handler annotation.
So a low cost commodity server could handle nearly 2500 simultaneous calls. Still not many? Again, I really don't know. But I should say that I
didn't try optimising the server. My packet sizes are based on sending one packet of sound data every 12 milliseconds.
Perhaps I could get away with sending them less frequently which might improve throughput and still have good call quality with low latency.
Who knows - anyone wanting to optimise it, let me know the results! One thing for sure is that a server using one thread per connection with
2500 simultaneous connections, will struggle. While my
previous blog article
showed it is possible to have many thousand threads open,
the context switching is likely to become the bottle neck. A non-blocking server is certainly the way forward for this use case.
Download the code here.
Copyright © 2011 Ant Kutschera
Sharing, using Social Media Links
Below is some Javascript which lets users share the current page on several social media sites. It relies on simple anchor tags wrapping images, like those on the top right of this blog. You could equally use serverside code to fill the link, just my Blog (Pebble) doesn't seem to let me do that (the template doesn't let you add Java tags to the JSP?!). Note how some use an escaped URL and others don't.
---------------------------
var title = escape("Ant's blog");
var url = escape(window.location.href);
var facebookLink = document.getElementById("facebookLink");
facebookLink.href = "http://www.facebook.com/sharer.php?u=" + url + "&t=" + title;
var twitterLink = document.getElementById("twitterLink");
twitterLink.href = "http://www.twitter.com/home?status=" + window.location.href;
var googleLink = document.getElementById("googleLink");
googleLink.href = "http://www.google.com/bookmarks/mark?op=add&bkmk=" + url + "&title=" + title;
var diggLink = document.getElementById("diggLink");
diggLink.href = "http://www.digg.com/submit?phase=2&url=" + window.location.href + "&title=" + title;
var myspaceLink = document.getElementById("myspaceLink");
myspaceLink.href = "http://www.myspace.com/Modules/PostTo/Pages/?u=" + url + "&t=" + title + "&c=" + title;
var deliciousLink = document.getElementById("deliciousLink");
deliciousLink.href = "http://del.icio.us/post?url=" + url + "&title=" + title;
var redditLink = document.getElementById("redditLink");
redditLink.href = "http://reddit.com/submit?url=" + url + "&title=" + title;
var stumbleUponLink = document.getElementById("stumbleUponLink");
stumbleUponLink.href = "http://www.stumbleupon.com/submit?url=" + url + "&title=" + title;
Node JS and Server side Java Script
Let's start right at the beginning. Bear with me, it might get long...
The following snippet of Java code could be used to create a server which receives TCP/IP requests:
class Server implements Runnable {
public void run() {
try {
ServerSocket ss = new ServerSocket(PORT);
while (!Thread.interrupted())
Socket s = ss.accept();
s.getInputStream(); //read from this
s.getOutputStream(); //write to this
} catch (IOException ex) { /* ... */ }
}
}
This code runs as far as the line with ss.accept(), which blocks until an incoming request is received. The accept method then returns and you have access to the input and output streams in order to communicate with the client.
There is one issue with this code. Think about multiple requests coming in at the same time. You are dedicated to completing the first request before making the next call to the accept method. Why? Because the accept method blocks. If you decided you would read a chunk off the input stream of the first connection, and then be kind to the next connection and accept it and handle its first chunk before continuing with the original (first) connection, you would have a problem, because the accept method blocks. If there were no second request, you wouldn't be able to finish off the first request, because the JVM blocks on that accept method. So, you must handle an incoming request in its entirety, before accepting a second incoming request.
This isn't so bad, because you can create the ServerSocket with an additional parameter, called the backlog, which tells it how many requests to queue up before refusing further connections. While you are busy handling the first request, subsequent requests are simply queued up.
This strategy would work, although it's not really efficient. If you have a multicore CPU, you will only be doing work on one core. It would be better to have more threads, so that the load can be balanced across the cores (watch out, this is JVM and OS dependent!).
A more typical multi-threaded server gets built like this:
class Server implements Runnable {
public void run() {
try {
ServerSocket ss = new ServerSocket(PORT);
while (!Thread.interrupted())
new Thread(new Handler(ss.accept())).start();
// one thread per socket connection every thread
// created this way will essentially block for I/O
} catch (IOException ex) { /* ... */ }
}
}
The above code hands off each incoming request to a new thread, allowing the main thread to handle new incoming requests, while spawned threads handle individual requests. This code also balances the load across CPU cores, where the JVM and OS allow it. Ideally, we probably wouldn't create a thread per new request, but rather hand off the request to a thread pool executor (see the java.util.concurrent package). On the other hand, there are times when a thread per request is required. If the conversation between server and client is longer lasting (rather than a simple HTTP request that is typically serviced in anything from milliseconds to seconds), then the socket can stay open. An example of when this is required are things like chat servers, or VOIP, or anything else where a continual conversation is required. But in such situations, the above code, even though it is multi-threaded, has it's limits. Those limits are actually because of the threads! Consider the following code:
public class MaxThreadTest {
static int numLive = 0;
public static void main(String[] args) {
while(true){
new Thread(new Runnable(){
public void run() {
numLive++;
System.out.println("running " + Thread.currentThread().getName() + " " + numLive);
try {
Thread.sleep(10000L);
} catch (InterruptedException e) {
e.printStackTrace();
}
numLive--;
}
}).start();
}
}
}
This code creates a bunch of threads, until the process crashes. With 64 MB heap size, it crashed (out of memory) after around 4000 threads, while testing on my Windows XP Thinkpad laptop. I upped the heap size to 256 MB and Eclipse crashed while in debug mode... I started the process from the command line and managed to open 5092 threads, but it was unstable and unresponsive. Interestingly, I upped the heap size to 1 GB, and then I could only open 2658 threads... This shows, I don't really understand the OS or JVM at this level! Anyway, if we were writing a system to handle a million simultaneous conversations, we would probably need over two hundred servers. But theoretically, we could reduce our costs to less than 10% of that, because we are allowed to open just over 65,000 threads per server (well, say 63,000 by the time we account for all the ports used by the OS and other processes). We could theoretically get away with just having 16 servers per million simultaneous connections.
The way to do this is, is to use non-blocking I/O. Since Java 1.4 (around 2002?), the java.nio package has been around to help us. With it, you can create a system which handles many simultaneous incoming requests using just one thread. The way it works is roughly by registering with the OS to get events when something happens, for example when a new request is accepted, or when one of the clients sends data over the wire.
With this API, we can create a server, which is, sadly, a little more complicated than those above, but which handles lots and lots of sockets all from one thread:
public class NonBlockingServer2 {
public static void main(String[] args) throws IOException {
System.out.println("Starting NIO server...");
Charset charset = Charset.forName("UTF-8");
CharsetDecoder decoder = charset.newDecoder();
CharsetEncoder encoder = charset.newEncoder();
ByteBuffer buffer = ByteBuffer.allocate(512);
Selector selector = Selector.open();
ServerSocketChannel server = ServerSocketChannel.open();
server.socket().bind(new InetSocketAddress(30032));
server.configureBlocking(false);
SelectionKey serverkey = server.register(selector, SelectionKey.OP_ACCEPT);
boolean quit = false;
while(!quit) {
selector.select(); //blocks until something arrives, of type OP_ACCEPT
Set keys = selector.selectedKeys();
for (SelectionKey key : keys) {
if (key == serverkey) {
if (key.isAcceptable()) {
SocketChannel client = server.accept();
if(client != null){ //can be null if theres no pending connection
client.configureBlocking(false);
SelectionKey clientkey = client.register(selector,
SelectionKey.OP_READ); //register for the read event
numConns++;
}
}
} else {
SocketChannel client = (SocketChannel) key.channel();
if (!key.isReadable()){
continue;
}
int bytesread = client.read(buffer);
if (bytesread == -1) {
//whens this happen?
key.cancel();
client.close();
continue;
}
buffer.flip();
String request = decoder.decode(buffer).toString();
buffer.clear();
if (request.trim().equals("quit")) {
client.write(encoder.encode(CharBuffer.wrap("Bye.")));
key.cancel();
client.close();
}else if (request.trim().equals("hello")) {
String id = UUID.randomUUID().toString();
key.attach(id);
String response = id + "\r";
client.write(encoder.encode(CharBuffer.wrap(response)));
}else if (request.trim().equals("time")) {
numTimeRequests++;
String response = "hi " + key.attachment() + " the time here is " + new Date() + "\r";
client.write(encoder.encode(CharBuffer.wrap(response)));
}
}
}
}
System.out.println("done");
}
}
The above code is based on that found here. By reducing the number of threads being used, and not blocking, but rather relying on the OS to tell us when something is up, we can handle many more requests. I tested some code very similar to this to see how many connections I could handle. Windows XP proved its high reliability, when reproducibly and consistently, more than 12,000 connections lead to blue screens of death! Time to move to Linux (Fedora Core). I had no problems creating 64,000 clients all simultaneously connected to my server. Let me re-prase... I didn't have problems having the clients simply connect and keep the connection open, but getting the server to also handle just 100 requests a second caused problems. Now 100 requests a second on a web server, on hardware which was a 5 year old cheap Dell laptop, sounds quite impressive to me. But on a server with 64,000 concurrent connections, that means each client making a request every ten minutes! Not very good for a VOIP application... The connection speeds also slowed down from around 3 milliseconds with 500 concurrent connections, down to 100 milliseconds with 60,000 concurrent connections.
So, perhaps I better get to the point of this posting? A few days ago, I read about Voxer, and Node.js on The Register. I had difficulty with this article. Why would anyone want to build a framework for Javascript on the server? I have developed plenty of rich clients, and have the experience to understand how to do rich client development. I have also developed plenty of rich internet apps (RIA), which use Javascript, and I can only say, it's not the best. I'm not some script kiddie or script hacker who doesn't know how to design Javascript code, and I understand the problems of Javascript development well. And I have developed lots and lots of server side code, mostly in Java and appreciate where Java out punches Javascript.
It seems to me, that the developers of Node.js, and those following it and using it, don't understand server development. While writing in Javascript might initially be quicker, the lack of tools and libraries in comparison to Java make it a non-competition in my opinion.
If I were a venture capitalist, and knew my money was being spent on application development based on newly developed frameworks, instead of extremely mature technologies, when the mature technologies suffice (as shown with the non-blocking server code above), I would flip out and can the project.
Maybe though, this is why I have never worked at a start up!
To wrap up, let's consider a few other points. Before anyone says that the performance of my example server was poor because it's just Java which is slow, let me comment. First of all, Java will always be faster than Javascript. Secondly, using top to monitor the server, I noticed that 50% of the CPU time was spent by the OS working out what events to throw, rather than Java handling those requests.
In the above server, everything runs on one thread. To improve performance, once a request comes in, it could be handed off to a thread pool to respond. This would help balance load across multiple cores, which is definitely required to make the server production ready.
While I'm at it, here is a quote from Node JS's home page:
"But what about multiple-processor concurrency? Aren't threads necessary to scale programs to multi-core computers? Processes are necessary to scale to multi-core computers, not memory-sharing threads. The fundamentals of scalable systems are fast networking and non-blocking design—the rest is message passing. In future versions, Node will be able to fork new processes (using the Web Workers API ) which fits well into the current design."
Actually, I'm not so sure... Java on Linux can spread threads across cores, so individual processes are not actually required. And the above statement just proves that Node JS is not mature for building really professional systems - I mean come on, no threading support?!
So, in the interests of completion, here is the client app I used to connect to the server:
public class Client {
private static final int NUM_CLIENTS = 3000;
static Timer serverCallingTimer = new Timer("servercaller", false);
static Random random = new Random();
/**
* this client is asynchronous, because it does not wait for a full response before
* opening the next socket.
*/
public static void main(String[] args) throws UnknownHostException, IOException, InterruptedException {
final InetSocketAddress endpoint = new InetSocketAddress("192.168.1.103", 30032);
System.out.println(new SimpleDateFormat("HH:mm:ss.SSS").format(new Date()) + " Starting async client");
long start = System.nanoTime();
for(int i = 0; i < NUM_CLIENTS; i++){
startConversation(endpoint);
}
System.out.println(new SimpleDateFormat("HH:mm:ss.SSS")
.format(new Date())
+ "Done, averaging "
+ ((System.nanoTime() - start) / 1000000.0 / NUM_CLIENTS)
+ "ms per call");
}
protected static void startConversation(InetSocketAddress endpoint) throws IOException {
final Socket s = new Socket();
s.connect(endpoint, 0/*no timeout*/);
s.getOutputStream().write(("hello\r").getBytes("UTF-8")); //protocol dictates \r is end of command
s.getOutputStream().flush();
//read response
String str = readResponse(s);
System.out.println("New Client: Session ID " + str);
//send a request at regular intervals, keeping the same socket! eg VOIP
//we cannot use this thread, its the main one which created the socket
//simply create another task to be carried out by the scheduler at a later time
//the interval below is 4 minutes, otherwise the server gets REALLY slow handling
//so many requests. This is equivalent to ~260 reqs/sec
serverCallingTimer.scheduleAtFixedRate(
new ConversationContainer(s, str),
random.nextInt(240000/*in the next 4 mins*/),
240000L/*every 4 mins*/);
}
private static String readResponse(Socket s) throws IOException {
InputStream is = s.getInputStream();
int curr = -1;
ByteArrayOutputStream baos = new ByteArrayOutputStream();
while((curr = is.read()) != -1){
if(curr == 13) break; //protocol dictates a new line is the end of a response
baos.write(curr);
}
return baos.toString("UTF-8");
}
private static class ConversationContainer extends TimerTask {
Socket s;
String id;
public ConversationContainer(Socket s, String id){
this.s = s;
this.id = id;
}
@Override
public void run() {
try {
s.getOutputStream().write("time\r".getBytes("UTF-8")); //protocol dictates \r is end of command
s.getOutputStream().flush();
String response = readResponse(s);
if(random.nextInt(1000) % 1000 == 0){
//we dont want to log everything, because it will kill our server!
System.out.println(id + " - server time is '" + response + "'");
}
} catch (Exception e) {
e.printStackTrace();
}
}
}
}
Copyright © 2010 Ant Kutschera