How can I programmatically enable WSS for a Tyrus WebSocket @ServerEndpoint

Question

I have a microservice that has a REST endpoint and a WebSocket endpoint.

It Spring-wires Grizzly and Tyrus, and adds in authentication via SSO using a JAX-RS filter and

Answer 1

I managed to get this working using a variation of the above. However, I strongly advise against it as the performance is terrible. This is nothing to do with Tyrus or Grizzly, but with Java. The SSL library in Java is notoriously slow, and since Grizzly uses Java, any WSS is going to be affected.

Apparently Jetty and Tomcat provide a way to use OpenSSL instead of the standard Java SSL. Alternatively, use a SSL terminator (e.g. Apache web server or HAProxy) that deals with the SSL and passes a standard WS connection to your server

Answer 2

Solved using the suggestion at https://stackoverflow.com/a/27239122/17641

listener = new NetworkListener("grizzly", "0.0.0.0", port); listener.setSecure(true); listener.setSSLEngineConfig(new SSLEngineConfigurator(getSslContextConfigurator()).setClientMode(false).setNeedClientAuth(false));

Where getSslContextConfigurator constructs a org.glassfish.grizzly.ssl.SSLContextConfigurator with a keystore byte[] and password.