Eclipse Community Forums: EMF » [CDO] Websocket transport layer

Help

Home

Home » Modeling » EMF » [CDO] Websocket transport layer(Using secure websockets)

Show: Today's Messages :: Show Polls :: Message Navigator

[CDO] Websocket transport layer [message #1834268]

Fri, 06 November 2020 09:56

Eclipse User

I saw that a websocket transport layer was added a couple of months ago.
Thanks for that! By looking at the test samples, it was quite easy to set up.

What I would also like to try is a secure websocket connection. But I could not find any sample code for this. Is it even possible at the current point?

[Updated on: Fri, 06 November 2020 09:57] by Moderator

Report message to a moderator

Re: [CDO] Websocket transport layer [message #1834313 is a reply to message #1834268]

Sat, 07 November 2020 04:41

Eclipse User

You're welcome. Thanks also go to Obeo who funded this interesting new feature.

I did not test the transport over WSS, but I know that Obeo successfully did. I'll try to get someone to comment on it...

Report message to a moderator

Re: [CDO] Websocket transport layer [message #1834372 is a reply to message #1834313]

Mon, 09 November 2020 09:21

Eclipse User

Hi Eike, Robert,

At the current point, the websocket transport layer which has been added to CDO does not allow to have/configure a secure websocket connections.

I have a working prototype on my side but it is not yet ready for production / contribution.
For the moment, I should not have time to continue the work on it before the end of the year.

Regards

Report message to a moderator

Re: [CDO] Websocket transport layer [message #1834384 is a reply to message #1834372]

Mon, 09 November 2020 12:58

Eclipse User

Maxime, thanks for the information!
Out of curiosity: did you need to change cdo/net4j itself, or can this be implemented externally?

Report message to a moderator

Re: [CDO] Websocket transport layer [message #1834386 is a reply to message #1834384]

Mon, 09 November 2020 13:21

Eclipse User

I had to change CDO on server and client side in order to provide new transport, react to a new uri scheme and correcly configure the sockets.
I can now use wss:// scheme and and have a secure web socket created by CDO.
I should be able to work on this and industrialize/polish my PoC around the end of the year.

Regards

Report message to a moderator

Re: [CDO] Websocket transport layer [message #1837269 is a reply to message #1834386]

Tue, 26 January 2021 14:39

Eclipse User

We would very much like this feature to be integrated to CDO.
Is there any way that we could help in the process? E.g. performing tests?

Report message to a moderator

Re: [CDO] Websocket transport layer [message #1838686 is a reply to message #1837269]

Wed, 03 March 2021 14:35

Eclipse User

I implemented this myself now. See attached files.
There was really not much change necessary with respect to the existing websocket implementation.
I basically copied the according WS*.java files and added the following:

* Allow to set cookies. I think a common use case will be a connection through a secure reverse proxy. Usually, you will need to perform a separate login via https to retreive the login cookie.
* Option to trust all certificates. I needed this for testing purposes.

A note on the server-side if anyone wants to implement this as well: if you use a reverse-proxy, you will not need to change anything. The connection will be secured up to the reverse-proxy and then continue in clear. This has the advantage (so I was told) that the network guys can perform analyses for security intrusions. But if you want to encrypt all the way to the CDO server, you can configure the jetty server to use SSL/TLS. There are numerous examples on the web for that.

Attachment: WSSClientConnector.java
(Size: 5.77KB, Downloaded 132 times)
Attachment: WSSConnectorFactory.java
(Size: 3.47KB, Downloaded 723 times)
Attachment: WSSUtil.java
(Size: 2.90KB, Downloaded 80 times)