This documentation is for WSO2 Enterprise Service Bus version 5.0.0. View documentation for the latest ESB.
Skip to end of metadata
Go to start of metadata

The WSO2 ESB secure WebSocket inbound protocol implementation is based on the WebSocket protocol, and allows full-duplex, secure message mediation.

Following is a sample secure WebSocket inbound endpoint configuration:

<inboundEndpoint xmlns="http://ws.apache.org/ns/synapse" name="SecureWebSocketEP" onError="fault" protocol="wss" sequence="TestIn" suspend="false">
  <parameters>
     <parameter name="inbound.ws.port">9091</parameter>
     <parameter name="ws.client.side.broadcast.level">0</parameter>
     <parameter name="ws.outflow.dispatch.sequence">TestOut</parameter>
     <parameter name="ws.outflow.dispatch.fault.sequence">fault</parameter>
     <parameter name="wss.ssl.key.store.file">repository/resources/security/wso2carbon.jks</parameter>
     <parameter name="wss.ssl.key.store.pass">wso2carbon</parameter>
     <parameter name="wss.ssl.trust.store.file">repository/resources/security/client-truststore.jks</parameter>
     <parameter name="wss.ssl.trust.store.pass">wso2carbon</parameter>
     <parameter name="wss.ssl.cert.pass">wso2</parameter>
   </parameters>
</inboundEndpoint>

WebSocket inbound endpoint parameters

ParameterDescriptionRequired
inbound.ws.portThe netty listener port on which the WebSocket inbound listens.Yes
ws.client.side.broadcast.level The client broadcast level that defines how WebSocket frames are broadcasted from the WebSocket inbound endpoint to the client. Broadcast happens based on the subscriber path client connected to the WebSocket inbound endpoint. The three possible levels are as follows:
0 - Only a unique client can receive the frame from a WebSocket inbound endpoint.
1 - All the clients connected with the same subscriber path receives the WebSocket frame.
2 - All the clients connected with the same subscriber path, except the one who publishes the frame to the inbound, receives the WebSocket frame.
Yes
ws.outflow.dispatch.sequenceThe sequence for the back-end to client mediation.Yes
ws.outflow.dispatch.fault.sequenceThe fault sequence for the back-end to client mediation path.Yes
wss.ssl.key.store.fileThe keystore location where keys are stored.Yes
wss.ssl.key.store.passThe password to access the keystore file.Yes
wss.ssl.trust.store.fileThe truststore location where keys are stored.Yes
wss.ssl.trust.store.passThe password to access the truststore file.Yes
wss.ssl.cert.passThe SSL certificate password.Yes
ws.boss.thread.pool.sizeThe size of the netty boss pool.No
ws.worker.thread.pool.sizeThe size of the worker thread pool.No
ws.subprotocol.handler.classThe custom subprotocol handler classes separated by a semicolon.No
ws.default.content.type

Specifies the content type of the Web Socket frames that are received from the inbound endpoint.

No
ws.shutdown.status.codeSpecifies the status code of the closed web socket frame sent when the inbound endpoint is closed.No
ws.shutdown.status.messageSpecifies the status message of the closed web socket frame when the inbound endpoint is closed.No
wss.ssl.protocols

Enables the SSL protocol for the particular WebSocket inbound endpoint. Default value is "TLS". You can change it to a TLS version(s), which is/are enabled with the SSL protocol (i.e., TLSv1,TLSv1.1,TLSv1.2). E.g., <parameter name="wss.ssl.protocols">TLSv1.1,TLSv1.2</parameter>

This parameter is introduced via the WUM update for WSO2 ESB 5.0.0, released on the 8th of February 2018. You can deploy a WUM update into production only if you have a paid subscription. If you do not have a paid subscription, you can use this parameter when the next version of the product is released.

No
wss.ssl.cipher.suites

Enables the specified Cipher Suites for the particular WebSocket inbound endpoint. For example,

<parameter name="wss.ssl.cipher.suites">
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
</parameter>

This parameter is introduced via the WUM update for WSO2 ESB 5.0.0, released on the 8th of February 2018. You can deploy a WUM update into production only if you have a paid subscription. If you do not have a paid subscription, you can use this parameter when the next version of the product is released.

No
  • No labels