Monday, February 01, 2016

Next for WebSockets on XPages / Domino

The below list covers the latest set of features / patches / updates I hope to release soon:

  • New Project Name (xpages.io, xockets, dockets, other... suggestions welcome)
  • Use of Netty as the websocket/networking engine
  • Increased scale (tested locally with 15k websocket connections / users)
  • Granular control of threading, send / receive buffers to tweak performance of the server
  • Configuration can be stored in a profile document, or notes.ini (both use name/value pairs)
  • You will no longer be restricted to using the server's Id.  Any Id can be configured to integrate with the Domino server
  • Server.id password no longer has to be empty (websocket server initializes with trusted session, then reverts to configured userId)
  • Rhino embedded JavaScript clients can be registered and run under their own Ids as well (e.g. chatapp user)
  • Added Origin based security patch to prohibit Cross-Site Websocket Hijacking (CSWSH) (you must configure allowed Origins e.g. mysite.com, yoursite.com, oursite.com)
  • Added security patch to make sure the logged in user has at least reader access to the nsf if the websocket url contains the nsf as part of its path. 
  • Added LRU SystemCache reference available to your Rhino JavaScript libraries (scoped to class, so be careful with your keys)
  • Maybe some others... I'll update this post as I go

Thanks for stopping by...


-Mark

3 comments:

Michael Ruhnau said...

That enhancement/fix list is quite impressive ...

Richard Moy said...

Nice work Mark

Csaba Kiss said...

Looking forward to these enhancements. I am ready to test them, too.