I've just implemented a lightweight java client for receiving push messages
from AeroGear WebPush Server . It is easy to use and fully async!
A few words about decision to use Jetty as a HTTP/2 client:
Currently there are only 3 Java libraries, which implement client side of
HTTP/2 protocol : Netty, Jetty and OkHttp. I tried all of them:
- First of all I tried to use OkHttp. This is a lightweight http client
for Android and other Java apps. But currently this library supports HTTP/2
protocol only via old HTTP/1.1 API. It works well for simple
request-response, but its client API does not allow to use HTTP/2 features,
like Server Push Frames. I looked at GRPC , because Googlers use OkHttp
for HTTP/2 transport. But they don't use public API, they use only inner
classes to handle frames and built their own logic atop this classes. It
would be too complicated for our purposes.
- Secondary, I tried to refactor our WebPush console to a client
library. But this way is complicated too. netty-codec-http2 does not
provide a client API, it is only codec, low level protocol implementation.
- Now I use jetty-http2-client. It is easy to configure and use, fast
and async. Jetty provides a user friendly API to handle HTTP/2 streams and
get PUSH_PROMISE frames.
For more information, look at my commit history.
In the future, if there will be more lightweight alternatives than Jetty
(for example, new version of OkHttp or Java 9 API), I will rewrite the
transport layer of my library.
Here is an example, how to use my library .
Twitter: @idelpivnitskiy <https://twitter.com/idelpivnitskiy>
GitHub: @idelpivnitskiy <https://github.com/idelpivnitskiy>
So I've got a few ideas for how to implement this, but I hope some people
more experienced with the platform can give some feedback before.
In UPS right now we have a concept of categories. A single UPS message can
be broadcast to a bunch of devices which are subscribed to this category.
Google now supports this for GCM on Chrome, iOS, and Android so UPS can
send a single message to GCM and GCM will broadcast that to up to a million
End Quick Background
So first, how do we switch between sending a message to each device in a
category to sending a topic message to GCM?
In TokenLoader.java#L113 we are using the clientInstallationService to
build a string of deviceTokens based on the variant and message criteria.
Is there any reason we can't create a "topicToken" which will be recognized
later by GCMPushNotificationSender? Another benefit to making this change
here is that if we have over a million subscribers to the category we can
just default to the default messaging.
There is also an open issue of whether or not we will update the clients to
filter based on what category a message was sent to. To do this we will
have to include the category information in the message when we send it to
devices going forward. In GCM a topic message includes this information.
This means that if we have over a million subscriptions in the topic we
will need to fall back to using the category information anyway.
Continuing on from the thread of falling back, it is possible for a topic
message to fail to send because there are too many subscribers. How would
UPS handle regenerating the messages as deviceToken instead of topicToken
Of course if someone has a better idea than "topicTokens" I'm all ears.
so as outlined in previous thread , I have prototyped a JMS batching
approach for push message delivery.
We've discussed the approach with Matthias, Mirek Novak and Ondrej
Chaloupka (EAP QE & JMS/JTA experts, thank you guys!) and these documents
describes a concept that we have came with:
Implementation-wise, I've so far prototyped the messaging part (split
SenderService functionality to two subsequent queues with MDBs as shown on
but that's just a start, since we must configure it appropriately for
efficiency (queue configuration and batch sizes) and verify that
configuration works as expected,
the prototype lives on a branch (unpolished, to be squashed later):
Off course, you can play with it already. :-)
Apart from the new requirement of using Java EE full profile (JMS), the
prototype leverages implementation-specific configurations and APIs:
- org.hibernate.Query for token streaming / batch fetching
- HornetQ configurations of queue size, blocking behavior and message
That pretty much binds us to WildFly/EAP - we can tweak it to run on any
compliant app server, but without specific configurations it won't work
Once configured and functionally tested (that can even wait for Beta2 I
we can cooperate with Mobile QE on testing (Stefan, Adam), their test suite
contains mocks of APNS/GCM against which we can load test.
so now that WebPush is going to take over SimplePush, i'm thinking of
closing the related JIRA's that we have open for simple push in the AG-JS
Not that we've really done any work on it lately, but it would be good to
clean this up a little.
so i decided to take a gander at the push client lib in the aerogear.js
project. Currently if someone would like to use it, they have a couple
1. download the whole lib,
2. download a custom build from the website
3. download a custom build from bower
4. create a custom build from source
In the past i think i was against breaking out pieces of the JS lib into
separate repo's since we could just use the AeroGearComponents repo i
created for custom builds. But i think with the state of the JS lib(not
sure where it's going), it might make sense to, at least with the push
lib(perhaps the simplePush polyfill also) to break those out into separate
repo's similar to the other client projects.
I think the starting vision of the project has changed, so perhaps this
change is good.(this should probably be a whole separate thread)
Now that Chrome and Safari have push in the browser, FF is getting it also
very soon, it's possible this part of the library will be used more
So, I’ve just hit the famous 65 K methods count and DEX error as a sweet
bonus while updating the application to latest Android 6.0-related
Long story short, I’ve analyzed  dependencies  for the Hawkular
Android Client . Important notice—the application is not that big or
Methods count is below.
- Various dependencies: 2445.
- Java & JavaX: 1684.
- Android Support libraries: 12988.
- Android: 3081.
- Google Play Services: 22022.
- Bouncycastle: 10423.
- Spongycastle: 10423.
- AeroGear: 1210.
- Application itself: 1047.
- Total: 65346.
This is kind of disappointing. Of course I can start to blame Android
Support libraries, but you clearly cannot develop apps these days without
using backports and helpers. Google Play Services is a bigger deal. It is a
dependency of the AeroGear Push module and you cannot live without it as
well, but you can use a modular dependency. I’ve addressed this in an issue
 which leads to another one . It was fixed (there is Google Play
Services 7.8.0 already though), but not released. Bouncycastle and
Sprongycastle are related to security and are dependencies of the AeroGear
Store module which is a dependency of the AeroGear Authz module. I’m not
really sure I need this at all.
Let’s count again.
- The current application: 65346 methods.
- The application without Google Play Services and Castles: 22478.
The application can be (65346 ÷ 22478 = 2.9) times smaller.
What do you think about? Is there any chance to ditch these Castle
dependencies and release the new Push version?
So abstractj, corinnekrych, edewit, and I spoke this morning about adding
SAML support to the AeroGear client libraries. This lead to a few
1 ) Mobile doesn't do SAML well (it is an OAuth 2 world)
2 ) SAML is VERY hard to set up and integrate with. (Multiple servers need
to exchange XML Metadata)
3 ) SAML was designed for hosted web applications, not for the RESTful
service web. (You need at least two servers to have an application use
4 ) There aren't many widely used SAML libraries for mobile.
>From these observations we made the follow decisions.
1 ) We will extend the authorization libraries to include some kind of
solution for SAML. This will probably rely on a WebView and some form of
service broker to manage the authorization tokens. Passport-saml and
KeyCloak both seem to have abilities in this area and we will begin our
2) We will create a docker image which will be a turn key SAML server to
test integration with. Right now we are looking at using Shibboleth for
our service provider and identity provider. Keycloak will be used for
communicating with the AG-SAML libraries initially. Our goal, as always,
is to make our libraries as portable as possible.
3 ) We will provide some kind of server technology/integration plan to
serve as a template for adding mobile to existing SAML protected
applications. This will be at the least documentation on aerogear.org and
at the most a docker app based on shibboleth's SAML server.
4 ) We will build some demo applications to showcase integrating with a
SAML provider. Because SAML requires configuration on both the client and
ID servers our demo may have to be specific to services we can access or
host. SAML makes the workflows to enable OAuth support look like child's
What do you guys think?
PS Stay tuned for links to JIRAs