[java.net.http.HttpClient] Active monitoring of resolved IP addresses
Daniel Fuchs
daniel.fuchs at oracle.com
Fri Nov 15 17:19:42 UTC 2019
Hi Bernd,
The HttpClient uses nio SocketChannels in non blocking mode,
not java.net.Socket.
best regards,
-- daniel
On 15/11/2019 17:10, Bernd Eckenfels wrote:
> Hello,
>
> Another possible extension point would be a custom socket factory. This
> has the additional benefit that the sockets from this factory also can
> implement a happy eyeballs algorithm (which would connect in parallel to
> multiple IP address candidates, which is especially helpful for IPv6
> problems).
>
> Havent looked closely, but the current API might already allow this with
> a custom proxy selector?
>
> Gruss
> Bernd
> --
> http://bernd.eckenfels.net
> ------------------------------------------------------------------------
> *Von:* net-dev <net-dev-bounces at openjdk.java.net> im Auftrag von Daniel
> Fuchs <daniel.fuchs at oracle.com>
> *Gesendet:* Freitag, November 15, 2019 5:18 PM
> *An:* Nicolas Henneaux
> *Cc:* OpenJDK Network Dev list
> *Betreff:* Re: [java.net.http.HttpClient] Active monitoring of resolved
> IP addresses
> Hi Nicolas,
>
> Sorry for the late reply...
>
> On 07/11/2019 17:13, Pavel Rappo wrote:
> >> On 7 Nov 2019, at 14:24, Nicolas Henneaux
> <nicolas.henneaux at gmail.com> wrote:
> >>
> >> Hi,
> >>
> >> *I am trying to build an HTTP client based on
> java.net.http.HttpClient and
> >> I would like to have some control on the IP addresses resolved under
> the
> >> hood.*
> >>
> >> I would like such mechanism to use all the IP addresses behind the
> host of
> >> the request. The underlying problem, I am trying to solve, is to
> react as
> >> soon as possible to an unavailability of a target IP. It could be
> done by
> >> doing active monitoring for each IP and use only the addresses
> available
> >> (at TCP, TLS or HTTP level) when sending an HTTP request. I also
> would like
> >> to load balance the traffic between all the IP’s and actively detect
> change
> >> in the DNS resolution. I am maintaining a long live connection to an
> >> external HTTPS service.
> >>
> >> At the moment, only one IP address is used by the HTTP java client
> and pool
> >> of connections is maintained to target this IP.
> >>
> >> I have built a work-around by using the IP address in the URL
> provided to
> >> the HTTP client and using a specific trust manager matching the
> expected
> >> name to keep the TLS validation. It has several limitation. In
> particular
> >> it changes the HTTP request which could impact the response you
> received
> >> depending on the server you target. It also forces to use one HTTP
> client
> >> by host you want to target. I have created a small GitHub repository
> >> <https://github.com/nhenneaux/resilient-httpclient> to illustrate this
> >> workaround.
> >>
> >> I explored a bit the HTTP client implementation and so far I have
> not found
> >> any way to implement such mechanism. In particular, I am stuck in
> >> jdk.internal.net.http.HttpRequestImpl#getAddress which is package
> visible
> >> and prevents any extension.
> >>
> >> Such mechanism exists in Jetty HTTP client (see
> >> org.eclipse.jetty.util.SocketAddressResolver) or in HTTP Apache client.
> >>
> >> *Is there any existing mechanism I could use to properly solve such
> >> problem? If none, is there a way to contribute or to submit a
> request of
> >> improvement? *
>
> I don't think there is any existing mechanism, besides hardcoding
> the server's address in the URL. One thing we could potentially
> consider for future evolution is add an API to pass a lambda to the
> HttpClient.Builder that would take a hostname and a port and return
> an InetSocketAddress.
> The HttpRequestImpl could use that when its getAddress() method
> is called. Note however that this would only help when no proxy is
> used (except maybe in case of tunneling?).
>
> Would that be enough to allow you to implement your logic?
>
> There are security implications (permission checking) that would
> need to be carefully considered however, if we decided to that.
>
> On the other hand having the server address in the URL instead
> should work even in the presence of proxies.
>
> best regards,
>
> -- daniel
>
> >>
> >>
> >>
> >> Thank you in advance for your help!
> >>
> >>
> >>
> >> Best regards,
> >>
> >>
> >>
> >> *Nicolas Henneaux*
> >
>
More information about the net-dev
mailing list