HTTP/HTTPS Inbound Endpoint

Introduction

The HTTP inbound protocol is used to separate endpoint listeners for each HTTP inbound endpoint so that messages are handled separately. The HTTP inbound endpoint can bypass the inbound side axis2 layer and directly inject messages to a given sequence or API. For proxy services, messages will be routed through the axis2 transport layer in a manner similar to normal transports. You can start dynamic HTTP inbound endpoints without restarting the server.

Syntax

<inboundEndpoint name="HttpListenerEP" protocol="http" suspend="false" sequence="TestIn" onError="fault" >
    <p:parameters xmlns:p="http://ws.apache.org/ns/synapse">
        <p:parameter  name="inbound.http.port">8081</p:parameter>
    </p:parameters>
<inboundEndpoint>
<inboundEndpoint name="HttpListenerEP" protocol="https" suspend="false" sequence="TestIn" onError="fault" >
        <p:parameters xmlns:p="http://ws.apache.org/ns/synapse">
            <p:parameter  name="inbound.http.port">8081</p:parameter>
            <p:parameter name="keystore">
                <KeyStore>
                    <Location>repository/resources/security/wso2carbon.jks</Location>
                    <Type>JKS</Type>
                    <Password>wso2carbon</Password>
                    <KeyPassword>wso2carbon</KeyPassword>
                </KeyStore>
            </p:parameter>
            <p:parameter name="truststore">
                <TrustStore>
                    <Location>repository/resources/security/client-truststore.jks</Location>
                    <Type>JKS</Type>
                    <Password>wso2carbon</Password>
                </TrustStore>
            </p:parameter>
            <p:parameter name="SSLVerifyClient">require</p:parameter>
            <p:parameter name="HttpsProtocols">TLSv1.2,TLSv1.3</p:parameter>
            <p:parameter name="SSLProtocol">SSLV3</p:parameter>
            <p:parameter name="CertificateRevocationVerifier">
                <CertificateRevocationVerifier enable="true">
                   <CacheSize>10</CacheSize>
                   <CacheDelay>2</CacheDelay>
                </CertificateRevocationVerifier>
             </p:parameter>
         </p:parameters>
</inboundEndpoint>

Properties

Listed below are the properties used for creating an HTTP/HTTPS inbound endpoint.

Required Properties

Listed below are the required properties when creating an HTTP/HTTPS inbound endpoint.

Property Description
Property Description
inbound.http.port The port on which the endpoint listener should be started.
sequential The behavior when executing the given sequence.
When set as true , mediation will happen within the same thread. When set as false , the mediation engine will use the inbound thread pool. The default thread pool values can be found in the MI_HOME/conf/deployment.toml file, under the `[mediation]` section. The default setting is true.
Suspend If the inbound listener should pause when accepting incoming requests, set this to true. If the inbound listener should not pause when accepting incoming requests, set this to false.

Optional Properties

Listed below are the optional properties you can configure when creating an HTTP/HTTPS inbound endpoint.

Property Name

Description

keystore The KeyStore location where keys are stored.
truststore The TrustStore location where keys are stored.
SSLVerifyClient

Used when enabling mutual verification.

HttpsProtocols The supporting protocols.
SSLProtocol The supporting SSL protocol.
CertificateRevocationVerifier When the enable attribute is set to true, this validates and verifies the revocation status of the host certificates using OCSP/CRL when making HTTPS connections.
If the enable attribute of this parameter is set to true, you also need to specify the following:
  • CacheSize: The maximum size of the cache.
  • CacheDelay: The time duration between two consecutive scheduled cache managing tasks that perform housekeeping work for the cache.

Worker Pool Configuration Properties

By default inbound endpoints share the PassThrough transport worker pool to handle incoming requests. If you need a separate worker pool for the inbound endpoint, you need to configure the following properties when creating an HTTP/HTTPS inbound endpoint.

Property Name Description
inbound.worker.pool.size.core The initial number of threads in the worker thread pool. This value can be changed accordingly based on the number of messages to be processed. The maximum value that can be specified here is the value of the inbound.worker.pool.size.max parameter.

The default value is 400.
inbound.worker.pool.size.max The maximum number of threads in the worker thread pool. Specify a maximum limit in order to avoid performance degradation that can occur due to context switching.

The default value is 500.
inbound.worker.thread.keep.alive.sec The keep-alive time for extra threads in the worker pool. This value should be less than the socket timeout. When this time is elapsed for an extra thread, it will be destroyed. The purpose of this parameter is to optimize the usage of resources by avoiding wastage that results from having extra threads that are not utilized.

The default value is 60.
inbound.worker.pool.queue.length The length of the queue that is used to hold runnable tasks that are to be executed by the worker pool. The thread pool starts queuing jobs when all existing threads are busy and the pool has reached the maximum number of threads. The value for this parameter should be -1 to use an unbounded queue. If a bound queue is used and the queue gets filled to its capacity, any further attempt to submit jobs will fail causing synapse to drop some messages.

The default value is -1.
inbound.thread.group.id Unique Identifier of the thread group. The default value is the PassThrough inbound worker thread group.
inbound.thread.id Unique Identifier of the thread group. The default value is the PassThrough inbound worker thread.
dispatch.filter.pattern The regular expression that defines the proxy services and API's to expose via the inbound endpoint. Provide the .* expression to expose all proxy services and API's or provide an expression similar to ^(/foo|/bar|/services/MyProxy)$ to define a set of services to expose via the inbound endpoint. If you do not provide an expression only the defined sequence of the inbound endpoint will be accessible.
Top