0

I am new to Spring framework, now I chose it for a new project.

The project is actually an online consulting application. when a customer chooses to query by open page window, A consulting engineer will be assigned to him(many to one). to sum up, this app requires the following considerations.

1- anonymity connections for customer and authentication for consulting engineers. 2- one engineer can serve several customers at a time. 3- the way to assign customer could be configured. 4- WebSocket session should remain open while HTTP session expired.

so I have two questions:

for 1-3 items, I am not sure if I should choose STOMP or plain WebSocket in Spring. it seems STOMP is more advanced but more likely to fit a general messaging requirement (topics, subscriptions ... etc). WebSocket in another hand is simpler and more flexible. I wonder which one is better in this consulting application?

for point 4, session expired. google result suggests spring-session. but I can only found its tutorial about integration spring-session with STOMP. if WebSocket is the better choice, how can I integrate spring-session with Plain WebSocket?

Thanks

Korben
  • 734
  • 1
  • 7
  • 26
  • Too general a question and you're asking for opinions, or possibly a chapter in a book. You need to clarify some of your terminology. There is no such thing as an HTTP Session. HTTP protocol is a request/response protocol. Client makes request/Server responds/socket closed. The idea of "session" is something that has to be layered on. Obviously websocket is an alternative protocol designed for sustained socket communication exactly because HTTP doesn't have session. You need to clarify what you mean. – gview Jul 17 '17 at 02:26
  • @gview sorry for the misleading information, When I Say HTTPSession I meant Server side session for a User. – Korben Jul 17 '17 at 02:52

1 Answers1

1

When you talk about websocket you have to have in mind that it is a simple and "raw" communication protocol without many defined message controls. If you choose to use plain websocket you should be able to authenticate using basic authentication [1]. In this case, your websocket connection, once opened, will stay open and working indefinitely.

But it's also up to you to control the message flow, deciding how to specify the target for each message. That's where STOMP should help you.

Using STOMP you could define "channels" to which customers and consulting enginners would "subscribe" to and begin communication. And you could also send private messages using the "Principal" from an authenticated Spring Security session.

So, answering your points:

1- anonymity connections for customer and authentication for consulting engineers.

It is possible to define multiple endpoints within Spring Websocket configuration [2]. You could try to request authentication with only one of the endpoints using a implementation of ChannelInterceptorAdapter.

2- one engineer can serve several customers at a time.

Using the definition of channels, with the help of STOMP, you could subscribe the enginner in multiple channels, each for one customer... Or use private messages between them.

3- the way to assign customer could be configured.

I'm not sure what you meant... But it should be easy to assign a customer to a "channel".

4- WebSocket session should remain open while HTTP session expired.

The HTTP session is only used in the initial process, to connect to the websocket. After that the websocket will remain open or, if you use SockJS for fallback, the HTTP session will be constantly renewed.

I have coded an example of websocket server and client using Spring API. It's not exactly what you need, but I think it'll give a good idea.

Jairton Junior
  • 674
  • 6
  • 16