Secure WebSocket Inbound Protocol

The secure WebSocket inbound protocol implementation is based on the WebSocket protocol, and allows full-duplex, secure message mediation.

Following is a sample secure WebSocket inbound endpoint configuration:

<inboundEndpoint name="SecureWebSocketEP" onError="fault" protocol="wss" sequence="TestIn" suspend="false">
  <parameters>
     <parameter name="inbound.ws.port">9091</parameter>
     <parameter name="ws.client.side.broadcast.level">0</parameter>
     <parameter name="ws.outflow.dispatch.sequence">TestOut</parameter>
     <parameter name="ws.outflow.dispatch.fault.sequence">fault</parameter>
     <parameter name="wss.ssl.key.store.file">repository/resources/security/wso2carbon.jks</parameter>
     <parameter name="wss.ssl.key.store.pass">wso2carbon</parameter>
     <parameter name="wss.ssl.trust.store.file">repository/resources/security/client-truststore.jks</parameter>
     <parameter name="wss.ssl.trust.store.pass">wso2carbon</parameter>
     <parameter name="wss.ssl.cert.pass">wso2</parameter>
   </parameters>
</inboundEndpoint>

WebSocket inbound endpoint parameters

Parameter	Description	Required
`inbound.ws.port`	The netty listener port on which the WebSocket inbound listens.	Yes
`ws.client.side.broadcast.level`	The client broadcast level that defines how WebSocket frames are broadcasted from the WebSocket inbound endpoint to the client. Broadcast happens based on the subscriber path client connected to the WebSocket inbound endpoint. The three possible levels are as follows: 0 - Only a unique client can receive the frame from a WebSocket inbound endpoint. 1 - All the clients connected with the same subscriber path receives the WebSocket frame. 2 - All the clients connected with the same subscriber path, except the one who publishes the frame to the inbound, receives the WebSocket frame.	Yes
`ws.outflow.dispatch.sequence`	The sequence for the back-end to client mediation.	Yes
`ws.outflow.dispatch.fault.sequence`	The fault sequence for the back-end to client mediation path.	Yes
`wss.ssl.key.store.file`	The keystore location where keys are stored.	Yes
`wss.ssl.key.store.pass`	The password to access the keystore file.	Yes
`wss.ssl.trust.store.file`	The truststore location where keys are stored.	Yes
`wss.ssl.trust.store.pass`	The password to access the truststore file.	Yes
`wss.ssl.cert.pass`	The SSL certificate password.	Yes
`ws.boss.thread.pool.size`	The size of the netty boss pool.	No
`ws.worker.thread.pool.size`	The size of the worker thread pool.	No
`ws.subprotocol.handler.class`	Specify one or more custom subprotocol handler classes that are required. Separate each custom subprotocol handler class using a semicolon.	No
`ws.default.content.type`	Specifies the content type of the Web Socket frames that are received from the inbound endpoint.	No
`ws.shutdown.status.code`	Specifies the status code of the closed web socket frame sent when the inbound endpoint is closed.	No
`ws.shutdown.status.message`	Specifies the status message of the closed web socket frame when the inbound endpoint is closed.	No
`ws.pipeline.handler.class`	The fully qualified class name of a pipeline handler class that you implemented.	No
`wss.ssl.protocols`	Enables the SSL protocol for the particular WebSocket inbound endpoint. Default value is "TLS". You can change it to a TLS version(s), which is/are enabled with the SSL protocol (i.e., TLSv1,TLSv1.1,TLSv1.2). E.g., `<parameter name="wss.ssl.protocols">TLSv1.1,TLSv1.2</parameter>`	No
`wss.ssl.cipher.suites`	Enables the specified Cipher Suites for the particular WebSocket inbound endpoint. For example, <parameter name="wss.ssl.cipher.suites"> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA </parameter>	No