Package org.jivesoftware.openfire.http

Class HttpBindManager

java.lang.Object
org.jivesoftware.openfire.http.HttpBindManager
All Implemented Interfaces:
CertificateEventListener
public final class HttpBindManager extends Object implements CertificateEventListener
Responsible for making available BOSH (functionality to the outside world, using an embedded web server.

  • Field Details

    • LOG_HTTPBIND_ENABLED

      public static final SystemProperty<Boolean> LOG_HTTPBIND_ENABLED
      Enable / disable logging of BOSH requests and responses.

    • HTTP_BIND_ENABLED

      public static final SystemProperty<Boolean> HTTP_BIND_ENABLED
      Enable / disable BOSH (HTTP Binding) functionality.

    • HTTP_BIND_PORT

      public static final SystemProperty<Integer> HTTP_BIND_PORT
      TCP port on which the non-encrypted (HTTP) BOSH endpoint is exposed.

    • HTTP_BIND_SECURE_PORT

      public static final SystemProperty<Integer> HTTP_BIND_SECURE_PORT
      TCP port on which the encrypted (HTTPS) BOSH endpoint is exposed.

    • HTTP_BIND_STOP_TIMEOUT

      public static final SystemProperty<Duration> HTTP_BIND_STOP_TIMEOUT
      Duration of the maximum duration of gracefully stopping the embedded webserver that is hosting the BOSH endpoint (among others).

    • HTTP_BIND_THREADS_MIN

      public static final SystemProperty<Integer> HTTP_BIND_THREADS_MIN
      Minimum amount of threads in the thread pool to perform the network IO related to BOSH traffic. Note: Apart from the network-IO threads configured in this property, the server also uses a thread pool for processing the inbound data (as configured in (HttpSessionManager.MAX_POOL_SIZE). BOSH installations expecting heavy loads may want to allocate additional threads to this worker pool to ensure timely processing of data

    • HTTP_BIND_THREADS

      public static final SystemProperty<Integer> HTTP_BIND_THREADS
      Maximum amount of threads in the thread pool to perform the network IO related to BOSH traffic. Note: Apart from the network-IO threads configured in this property, the server also uses a thread pool for processing the inbound data (as configured in (HttpSessionManager.MAX_POOL_SIZE). BOSH installations expecting heavy loads may want to allocate additional threads to this worker pool to ensure timely processing of data

    • HTTP_BIND_THREADS_TIMEOUT

      public static final SystemProperty<Duration> HTTP_BIND_THREADS_TIMEOUT
      Amount of time after which idle, surplus threads are removed from the thread pool to perform the network IO related to BOSH traffic. Note: Apart from the network-IO threads configured in this property, the server also uses a thread pool for processing the inbound data (as configured in (HttpSessionManager.INACTIVITY_TIMEOUT). BOSH installations expecting heavy loads may want to allocate additional threads to this worker pool to ensure timely processing of data

    • HTTP_BIND_AUTH_PER_CLIENTCERT_POLICY

      public static final SystemProperty<String> HTTP_BIND_AUTH_PER_CLIENTCERT_POLICY
      The TLS 'mutual authentication' policy that is applied to the BOSH endpoint.

    • HTTP_BIND_FORWARDED

      public static final SystemProperty<Boolean> HTTP_BIND_FORWARDED
      Enable / Disable parsing a 'X-Forwarded-For' style HTTP header of BOSH requests.

    • HTTP_BIND_FORWARDED_HEADER

      public static final SystemProperty<String> HTTP_BIND_FORWARDED_HEADER
      The HTTP header name for 'forwarded' (per RFC 7239).

    • HTTP_BIND_FORWARDED_FOR

      public static final SystemProperty<String> HTTP_BIND_FORWARDED_FOR
      The HTTP header name for 'forwarded for'

    • HTTP_BIND_FORWARDED_SERVER

      public static final SystemProperty<String> HTTP_BIND_FORWARDED_SERVER
      The HTTP header name for 'forwarded server'.

    • HTTP_BIND_FORWARDED_HOST

      public static final SystemProperty<String> HTTP_BIND_FORWARDED_HOST
      The HTTP header name for 'forwarded hosts'.

    • HTTP_BIND_FORWARDED_HOST_NAME

      public static final SystemProperty<String> HTTP_BIND_FORWARDED_HOST_NAME
      Sets a forced valued for the host header.

    • HTTP_BIND_FORWARDED_TRUSTED_PROXIES

      public static final SystemProperty<Set<String>> HTTP_BIND_FORWARDED_TRUSTED_PROXIES
      Defines the set of trusted reverse proxies. When this property is configured (non-empty), 'Forwarded' and 'X-Forwarded-*' HTTP headers are only honored if the direct peer (the socket-level remote address) of the request matches one of the configured trusted proxies. If the peer is not trusted, these headers are ignored and the request's original remote address is used instead. This setting helps prevent spoofing of client IP addresses via forged forwarding headers and should be configured when Openfire is deployed behind one or more reverse proxies. Values can be individual IP addresses (IPv4 or IPv6) as well as IP ranges (for example, in CIDR notation).
      See Also:

    • HTTP_BIND_CORS_ENABLED

      public static final SystemProperty<Boolean> HTTP_BIND_CORS_ENABLED
      Enable / Disable support for Cross-Origin Resource Sharing (CORS) headers in the BOSH endpoint.

    • HTTP_BIND_CORS_ALLOW_ORIGIN_ALL

      public static final String HTTP_BIND_CORS_ALLOW_ORIGIN_ALL
      The Cross-Origin Resource Sharing (CORS) header value that represents the 'allow all orgins' state.
      See Also:

    • HTTP_BIND_ALLOWED_ORIGINS

      public static final SystemProperty<Set<String>> HTTP_BIND_ALLOWED_ORIGINS
      The domain names that are accepted as values for the CORS 'Origin' header in the BOSH endpoint.

    • HTTP_BIND_CONTENT_SECURITY_POLICY_ENABLED

      public static final SystemProperty<Boolean> HTTP_BIND_CONTENT_SECURITY_POLICY_ENABLED
      Enable / Disable adding a 'Content-Security-Policy' HTTP header to the response to requests made against the BOSH endpoint.

    • HTTP_BIND_CONTENT_SECURITY_POLICY_RESPONSEVALUE

      public static final SystemProperty<String> HTTP_BIND_CONTENT_SECURITY_POLICY_RESPONSEVALUE
      The header value when adding a 'Content-Security-Policy' HTTP header to the response to requests made against the BOSH endpoint.

    • HTTP_BIND_CORS_ALLOW_METHODS

      public static final SystemProperty<Set<String>> HTTP_BIND_CORS_ALLOW_METHODS
      The HTTP methods that are accepted in the BOSH endpoint.

    • HTTP_BIND_CORS_ALLOW_HEADERS

      public static final SystemProperty<Set<String>> HTTP_BIND_CORS_ALLOW_HEADERS
      The name of HTTP headers that are accepted in requests to the BOSH endpoint.

    • HTTP_BIND_CORS_MAX_AGE

      public static final SystemProperty<Duration> HTTP_BIND_CORS_MAX_AGE
      How long the results of a preflight request (that is the information contained in the Access-Control-Allow-Methods and Access-Control-Allow-Headers headers) can be cached.

    • HTTP_BIND_REQUEST_HEADER_SIZE

      public static final SystemProperty<Integer> HTTP_BIND_REQUEST_HEADER_SIZE
      the maximum size in bytes of request headers in the BOSH endpoint. Larger headers will allow for more and/or larger cookies plus larger form content encoded in a URL. However, larger headers consume more memory and can make a server more vulnerable to denial of service attacks.

  • Method Details

    • getInstance

      public static HttpBindManager getInstance()

    • start

      public void start()

    • stop

      public void stop()

    • getSessionManager

      public HttpSessionManager getSessionManager()

    • isHttpBindEnabled

      public boolean isHttpBindEnabled()
      Returns true if the HTTP binding server is currently enabled.
      Returns:
      true if the HTTP binding server is currently enabled.

    • isHttpBindActive

      public boolean isHttpBindActive()
      Returns true if a listener on the HTTP binding port is running.
      Returns:
      true if a listener on the HTTP binding port is running.

    • isHttpsBindActive

      public boolean isHttpsBindActive()
      Returns true if a listener on the HTTPS binding port is running.
      Returns:
      true if a listener on the HTTPS binding port is running.

    • getWebsocketUnsecureAddress

      public String getWebsocketUnsecureAddress()

    • getWebsocketSecureAddress

      public String getWebsocketSecureAddress()

    • getHttpBindUnsecureAddress

      public String getHttpBindUnsecureAddress()

    • getHttpBindSecureAddress

      public String getHttpBindSecureAddress()

    • isAllOriginsAllowed

      public boolean isAllOriginsAllowed()

    • isThisOriginAllowed

      public boolean isThisOriginAllowed(String origin)

    • createBoshHandler

      protected org.eclipse.jetty.ee8.servlet.ServletContextHandler createBoshHandler()
      Creates a Jetty context handler that can be used to expose BOSH (HTTP-Bind) functionality. Note that an invocation of this method will not register the handler (and thus make the related functionality available to the end user). Instead, the created handler is returned by this method, and will need to be registered with the embedded Jetty webserver by the caller.
      Returns:
      A Jetty context handler (never null).

    • createWebsocketHandler

      protected org.eclipse.jetty.ee8.servlet.ServletContextHandler createWebsocketHandler()
      Creates a Jetty context handler that can be used to expose Websocket functionality. Note that an invocation of this method will not register the handler (and thus make the related functionality available to the end user). Instead, the created handler is returned by this method, and will need to be registered with the embedded Jetty webserver by the caller.
      Returns:
      A Jetty context handler (never null).

    • createStaticContentHandler

      protected org.eclipse.jetty.ee8.servlet.ServletContextHandler createStaticContentHandler()
      Creates a Jetty context handler that can be used to expose static files. Note that an invocation of this method will not register the handler (and thus make the related functionality available to the end user). Instead, the created handler is returned by this method, and will need to be registered with the embedded Jetty webserver by the caller.
      Returns:
      A Jetty context handler, or null when the static content could not be accessed.

    • addJettyHandler

      public void addJettyHandler(@Nonnull org.eclipse.jetty.ee8.nested.ContextHandler handler)
      Adds a Jetty handler to be added to the embedded web server that is used to expose Openfire's public web-bindings (eg: BOSH / HTTP-bind and websocket).
      Parameters:
      handler - The handler (cannot be null).

    • removeJettyHandler

      public void removeJettyHandler(@Nonnull org.eclipse.jetty.ee8.nested.ContextHandler handler)
      Removes a Jetty handler to be added to the embedded web server that is used to expose Openfire's public web-bindings (eg: BOSH / HTTP-bind and websocket).
      Parameters:
      handler - The handler (should not be null).

    • addJettyHandler

      public void addJettyHandler(@Nonnull org.eclipse.jetty.server.Handler handler)
      Adds a Jetty handler to be added to the embedded web server that is used to expose BOSH (HTTP-bind) functionality.
      Parameters:
      handler - The handler (cannot be null).

    • removeJettyHandler

      public void removeJettyHandler(@Nonnull org.eclipse.jetty.server.Handler handler)
      Removes a Jetty handler to be added to the embedded web server that is used to expose BOSH (HTTP-bind) functionality. Removing a handler, even when null, or non-existing, might have side-effects as introduced by the Jetty implementation. At the time of writing, Jetty will re
      Parameters:
      handler - The handler (should not be null).

    • isScriptSyntaxEnabled

      public boolean isScriptSyntaxEnabled()
      Returns true if script syntax is enabled. Script syntax allows BOSH to be used in environments where clients may be restricted to using a particular server. Instead of using standard HTTP Post requests to transmit data, HTTP Get requests are used.
      Returns:
      true if script syntax is enabled.
      See Also:

    • setScriptSyntaxEnabled

      public void setScriptSyntaxEnabled(boolean isEnabled)
      Enables or disables script syntax.
      Parameters:
      isEnabled - true to enable script syntax and false to disable it.
      See Also:

    • restart

      public static void restart(Object ignored)
      Static reference for restartServer() that can be used as a listener of a SystemProperty. The provided argument is ignored.

    • storeContentChanged

      public void storeContentChanged(CertificateStore store)
      Description copied from interface: CertificateEventListener
      Event triggered when the content of a certificate store was changed.
      Specified by:
      storeContentChanged in interface CertificateEventListener
      Parameters:
      store - The store for which the content was changed.

    • updateStopTimeout

      public static void updateStopTimeout(Duration stopTimeout)
      Static reference for setStopTimeout(Duration) that can be used as a listener of a SystemProperty.

    • setStopTimeout

      public void setStopTimeout(Duration stopTimeout)