The Bidirectional-streams Over Synchronous HTTP (BOSH) and XMPP Over BOSH are two extensions enhancing the XMPP protocol with features allowing it to communicate with HTTP clients (most of the time web browsers).
These extensions are implemented in the Vysper XMPP server and it is now possible to have real-time XMPP communication with the Vysper server from an HTTP client.
BOSH implementation architecture
The BOSH extension is in the form of a pluggable endpoint (similar to the TCP endpoint already existent in Vysper). So you can configure Vysper with the TCP endpoint listening on 5222 and the BOSH endpoint listening on 80 (or 443 for HTTPS), this way a native XMPP client (e.g. Psi) can communicate through Vysper with a web browser based XMPP client implementing the BOSH client side protocol.
The BOSH protocol cannot use STARTTLS protocol for encrypted communication because the HTTP client often doesn't have direct control over the TCP socket, so instead the BOSH protocol can use SSL/TLS (HTTPS) for encryption.
The real-time HTTP communication is problematic as the HTTP protocol does not allow for a server to send messages to a client if not previously requested by the client. The BOSH solution to overcome this HTTP limitation is the usage of Long Polling Comet technology that uses previous long held requests of the client to send responses when needed (this way sending messages by only responding to client requests - which is allowed by HTTP).
There are also other limitations imposed by web browsers or the HTTP protocol described in more detail in BOSH client security restrictions.
BOSH endpoint configuration
The configuration is straightforward:
1. (Optional) Configure whether SSL is used (if SSL is used then also change the listening port to 443, and also configure the SSL information - where is located the keystore with the certificate and private key and the password of the keystore)
2. (Optional) Configure the allowed HTTP origins (DNS domains serving web pages that are allowed to connect to the server). Or you can use "*" to allow anyone to connect to the server.
3. Configure the listening port (80 for standard HTTP or 443 for HTTPS)
As an example you can look at ServerMain.java that starts the Vysper server configured with the TCP and BOSH endpoints configured.
BOSH client
The HTTP client usually is a web browser, so a BOSH client will be usually a web application that will use JavaScript to implement the BOSH client side of the protocol. There are open source JavaScript BOSH implementation ready to use, for example Strophe.js that is MIT licensed.
We provide an example BOSH web client based on Strophe.js, you can use it to learn more about the implementation or as a starting point to develop a more advanced XMPP web application. The example is provided in the src/examples folder of the BOSH extension implementation.
Optional BOSH features implemented
- session pause
- server acknowledgements (request acknowledgements)
- client acknowledgements (response acknowledgements)