HTTP/2 Server Agent Configuration(4.0)

To open the HTTP/2 Server agent configuration dialog from a workflow configuration, you can do either one of the following:

  • double-click the agent icon

  • select the agent icon and click the Edit button


The Agent Configuration consists of the following tabs:

Server Tab

The Server tab contains the following settings:

HTTP/2 Server Agent Configuration - Server tab

SettingDescription
Settings

Use SSL

Select this option if you want to use SSL.

Security Profile

Click Browse to select a security profile with certificate and configuration to use, if you prefer to use a secure connection. Refer to Security (3.3) for more information.

Enable 2-way AuthenticationIf you have selected to use SSL, you can select this option to enable 2-way Authentication. If this option is selected, the Security (3.3) used must be configured using Java Truststore.
HostEnter the IP address or hostname that you want the agent to bind to.
Port

Enter the port number you want the agent to bind to.

Request Handling
Default connection concurrent streams

Fundamentally HTTP2 is designed to make it easy for a client to send multiple parallel requests. Each request is entitled to a thread and if blocking APIs are used, then there are many ways a client can cause that thread to block.

To handle the resource problem this can cause, the setting Default connection concurrent streams can be used.

The setting specifies the maximum number of concurrently open streams allowed per single HTTP/2 connection. The default value uses in Jetty HTTP/2 server is 128. Larger values increase parallelism, but cost a memory commitment.

Route Error to APL

Select this option if you want to route HTTP errors to APL for custom handling. For more information on how to handle the error using APL, refer to Route Error to APL.

Timeout

Client Timeout (sec)

The period in seconds after which the HTTP/2 Server should close the connection if a client is inactive. That is, this is the period of inactivity from when the client has opened the connection or received the last expected response until the server should close the connection. For example, if Client Timeout is set to 6, this means that the server will close the connection if the client is inactive for 6 seconds. 

Server Timeout (sec)

The period in seconds before which the HTTP/2 Server has to reply to a request. That is, this is the period within which a server has to process a request and send a response to a client. If the time limit is reached, an error response with a status code of 500 will be sent.

Responses
Default Charset

Select the character set you want to use as default character set. UTF-8 is preselected.

This character set will be used if the character set requested by Accept-Charset is not found in system.

GZIP Compression Level

If gzip is requested, then the response will be be gzipped with the compression level you specify in this field, 1-9.

Route Error to APL

When enabling Route Error to APL, you will send the request over as part of the RequestCycle UDR where you will then be able to use the Analysis agent to customize your own response. The example shown below has an If statement to catch any requests with errors by checking for isError that are set to True. The APL code will then go on to populate the response and route it back to the HTTP/2 Server agent.

import ultra.openapi.Test_5G.TS29510_Nnrf_NFDiscovery;
consume {

    http.RequestCycle cycleUdr = (http.RequestCycle) input;
    
    debug("input from client \n" + cycleUdr);
    
    ProblemDetails problemDetails = udrCreate(ProblemDetails);
    http.Response response = udrCreate(http.Response);
    
    if (cycleUdr.isError) { // cycleUdr.isError will be true if any errors is encountered while processing the request
	 	list<string> headers = listCreate(string);
        listAdd(headers, "application/problem+json");
        mapSet(response.headers, "Content-Type", headers);
 
        problemDetails.title = "Request Error";
        problemDetails.cause = cycleUdr.errorMessages[0]; // cycleUdr.errorMessages is a list containing error messages set from the error encountered
        problemDetails.status = cycleUdr.errorStatusCode; // cycleUdr.errorStatusCode contains the status code of the error encountered

        response.openAPIUDR = problemDetails;
        response.statusCode = cycleUdr.errorStatusCode;
    } 

    cycleUdr.response = response;
    debug("after apl logic \n" + cycleUdr);

    udrRoute("to_server", cycleUdr);
}

Overload Protection Tab

The Overload Protection tab controls overload protection and contains the following settings:

HTTP/2 Server Agent Configuration - Overload Protection tab

SettingDescription

Enable Overload Protection

Select this option if you want enable overload protection.

Number of RequestsIf you have selected enable overload protection, enter the maximum number of requests that are allowed to be sent during the time specified in Average Period (sec). When this number of requests has been reached, further requests will be blocked until the time specified in Wait Duration (sec) has passed, then a retry will be attempted.
Period (sec)Enter the time period in seconds for which the number of requests should be counted.
Wait Before Retry (sec)Enter the number of seconds to wait before attempting to retry a request.

OpenAPI Tab

The OpenAPI tab contains the following settings:

HTTP/2 Server Agent Configuration - OpenAPI tab

SettingDescription
OpenAPI

Use OpenAPI Profile

Select this option if you want the agent to use the OpenAPI profile(s).

OpenAPI Profile

Browse and select the profiles to be used. This field is enabled when the Use OpenAPI Profile option is selected.

Click Add to browse for the available OpenAPI profiles.

Warning!

There are no limits to the number of profiles users can select. However, selecting a large number of OpenAPI profiles will have significant impact on the overall performance of the workflow.

Enable Validation

Select this option if you want to validate the OpenAPI profile.

Warning!

Turning this option ON will have a very significant performance impact on the overall performance of the flow. When validation is enabled, each payload will be validated against the Open API schema, an operation that can be very resource-intensive. We recommend to only enable this setting during development and testing and to disable it in a stable production environment.

Note!

Strict validation is applied against the OpenAPI specification due to the upgrade of third party libraries. For Example, if the response contains the body but the schema doesn't expect the response to contain body then it will causing validation failure. Refer to this link for further information https://bitbucket.org/atlassian/swagger-request-validator/issues/246/validator-does-not-check-a-response-body

Override Error Response
Override Error Response on Server ShutdownSelect this option to enable the customization of the HTTP response for when a request to the server is received upon the server being terminated.
Override Error Response on Server Overload

Select this option to enable the customization of the HTTP response for when a request to the server is received upon the server being overloaded.

Note!

Overload protection should be enabled to utilize this feature

Status CodeThe HTTP error code for the error response. The default error code set is 503 for server shutdown and 429 for server overload.
Content Type

Enter the media type to be used as part of the HTTP header for the response. The default media type is "application/problem+json".

UDR TypeBrowse for the UDR that will be populated as part of the  HTTP response message.
UDR FieldThe fields in the selected UDR Type will be shown in this column.
Type

The data type for the each of the UDR fields will be shown here. The supported data types are as follows:

  • String
  • BigInt
  • Boolean
  • Int
ValueEnter a value that conforms to the data type of the UDR field. The value will then be parsed into the HTTP response when the error is triggered.

5G Tab

The OpenAPI tab contains the following settings:

HTTP/2 Server Agent Configuration - 5G tab

SettingDescription
5G
Use 5G ProfileSelect this option if you want the agent to use a 5G profile.
5G Profile

Browse and select the profile to be used. This field is enabled when the Use 5G Profile option is selected.

NRF Address (Primary)Enter the primary NRF (NF Repository Function) address in this field.
Additional NRF Address Settings (Secondary)

Reconnect to primary address when it is available

Select this option to have the agent reconnect to the primary NRF address from the secondary address. The agent will constantly send a registration request to the primary NRF address at every heartbeat interval. The heartbeat interval will be based off of the value that you have configured in the 5G profile.

NRF Address (Secondary)Enter one or more secondary NRF (NF Repository Function) address in this list, this is to allow for alternative connections when the heartbeat with the primary NRF Address is not established.

Proxy Support

If a proxy server is needed to reach NRF servers please look at HTTP Proxy Setup (4.0) in order to configure the proxy.

Authentication Tab

The Authentication tab contains the following settings:

HTTP/2 Server Agent Configuration - Authentication tab

SettingDescription

Use Token Authentication

Select this option if you want to use token authentication.

Access Token Required

If you have selected Token Authentication, you can select this option if you want the access token to be required.

Public Key

Paste the public key into this field.

Info!

If the Authorization Server is used, the public key should be extracted from the Java Keystore which the Authorization Server is bootstrapped with.

The following are steps to extract the public key:

# Convert JKS to PKCS12 format
keytool -importkeystore \
-srckeystore <KEYSTORE_NAME>.jks \
-destkeystore <KEYSTORE_NAME>.p12 \
-srcalias <ALIAS> \
-srcstoretype jks \
-deststoretype pkcs12

# Export certificate from PKCS12 key
openssl pkcs12 -in <KEYSTORE_NAME>.p12 -nokeys -out cert.pem

# Export public key from certificate
openssl x509 -pubkey -noout -in cert.pem -out public_key.pem