Secure WebSocket Inbound Protocol
- Former user (Deleted)
- Former user (Deleted)
- Former user (Deleted)
The WSO2 ESB secure WebSocket inbound protocol implementation is based on the WebSocket protocol, and allows full-duplex, secure message mediation.
Following is a sample secure WebSocket inbound endpoint configuration:
<inboundEndpoint xmlns="http://ws.apache.org/ns/synapse" name="SecureWebSocketEP" onError="fault" protocol="wss" sequence="TestIn" suspend="false">
<parameters>
<parameter name="inbound.ws.port">9091</parameter>
<parameter name="ws.client.side.broadcast.level">0</parameter>
<parameter name="ws.outflow.dispatch.sequence">TestOut</parameter>
<parameter name="ws.outflow.dispatch.fault.sequence">fault</parameter>
<parameter name="wss.ssl.key.store.file">repository/resources/security/wso2carbon.jks</parameter>
<parameter name="wss.ssl.key.store.pass">wso2carbon</parameter>
<parameter name="wss.ssl.trust.store.file">repository/resources/security/client-truststore.jks</parameter>
<parameter name="wss.ssl.trust.store.pass">wso2carbon</parameter>
<parameter name="wss.ssl.cert.pass">wso2</parameter>
</parameters>
</inboundEndpoint>
WebSocket inbound endpoint parameters
| Parameter | Description | Required |
|---|---|---|
inbound.ws.port | The netty listener port on which the WebSocket inbound listens. | Yes |
ws.client.side.broadcast.level | The client broadcast level that defines how WebSocket frames are broadcasted from the WebSocket inbound endpoint to the client. Broadcast happens based on the subscriber path client connected to the WebSocket inbound endpoint. The three possible levels are as follows: 0 - Only a unique client can receive the frame from a WebSocket inbound endpoint. 1 - All the clients connected with the same subscriber path receives the WebSocket frame. 2 - All the clients connected with the same subscriber path, except the one who publishes the frame to the inbound, receives the WebSocket frame. | Yes |
ws.outflow.dispatch.sequence | The sequence for the back-end to client mediation. | Yes |
ws.outflow.dispatch.fault.sequence | The fault sequence for the back-end to client mediation path. | Yes |
wss.ssl.key.store.file | The keystore location where keys are stored. | Yes |
wss.ssl.key.store.pass | The password to access the keystore file. | Yes |
wss.ssl.trust.store.file | The truststore location where keys are stored. | Yes |
wss.ssl.trust.store.pass | The password to access the truststore file. | Yes |
wss.ssl.cert.pass | The SSL certificate password. | Yes |
ws.boss.thread.pool.size | The size of the netty boss pool. | No |
ws.worker.thread.pool.size | The size of the worker thread pool. | No |
ws.subprotocol.handler.class | The custom subprotocol handler classes separated by a semicolon. | No |
ws.default.content.type | Specifies the content type of the Web Socket frames that are received from the inbound endpoint. | No |
ws.shutdown.status.code | Specifies the status code of the closed web socket frame sent when the inbound endpoint is closed. | No |
ws.shutdown.status.message | Specifies the status message of the closed web socket frame when the inbound endpoint is closed. | No |
wss.ssl.protocols | Enables the SSL protocol for the particular WebSocket inbound endpoint. Default value is "TLS". You can change it to a TLS version(s), which is/are enabled with the SSL protocol (i.e., TLSv1,TLSv1.1,TLSv1.2). E.g., This parameter is introduced via the WUM update for WSO2 ESB 5.0.0, released on the 8th of February 2018. You can deploy a WUM update into production only if you have a paid subscription. If you do not have a paid subscription, you can use this parameter when the next version of the product is released. | No |
wss.ssl.cipher.suites | Enables the specified Cipher Suites for the particular WebSocket inbound endpoint. For example, <parameter name="wss.ssl.cipher.suites"> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA </parameter> This parameter is introduced via the WUM update for WSO2 ESB 5.0.0, released on the 8th of February 2018. You can deploy a WUM update into production only if you have a paid subscription. If you do not have a paid subscription, you can use this parameter when the next version of the product is released. | No |