Integrate an IM chat server to existing Spring server

I'm trying to integrate an openFire XMPP server to my current company Spring server but have two major questions I cannot find the answer to -

I'll start with my current architecture first -
1. The xmpp server have a DB-server of it's own seperated from the Spring server DB, This is a dedicated machine to keep the users char history etc
2. The spring server have a DB of it's own where it keeps the user credentials (md5 encrypted) and also client applications data
3. The spring server is dedicated to serve HTTP requests (a dedicated REST server)

All in all I have 2 DB servers once chat server and one Rest server

Now for the questions -
1. Can I forbid registration to the xmpp server (ie whitelist the rest server ip and let it be the only one who can create users after a user registers on it)?
2.For security reasons the Rest server switch the session for a logged in user every 2 days the iOS and Android clients deal with session managment locally - How can I use those session with the XMPP server?
To clarify - I want the users to be able use the xmpp server only for chat purposes but only after they logged in to the application itself since the user session may expire the chat client will also have to re-authenticate against the REST server, how can I achieve this?
3. Won't it create an overload on the REST server? (ie the Rest server will now have to handle client requests and also XMPP server requests)
4. What is the best architecture to achieve this kind of a system (chat server, db server for chat server, rest server, db server for rest server) so that the system can scale horizontally?

I searched google for an article or something related to describe the general architecture but couldn't find nothing relevant, since I'm not "inveneting the wheel" here I would love to hear a good advice or be directed to an article that explains the How-To's

Thanks in advance.


The standard way in XMPP world for user authentication is SASL.

SASL have a very simple model: server sends to client some "challenge" string to client, and client sends "response" string to server, and they repeat this until server decides client send all required data. What data to send is defined in SASL "mechanism". There are number of well-known SASL mechanisms, eg SCRAM, and they are provided by most XMPP servers and clients "out of the box".

Your problem is - you already have authentication system and user database and want to reuse it for chat purposes. There are two ways:

  • Add your custom REST authentication as SASL module to your server. Google say it is already possible to write and add Openfire SASL plugin. Your SASL REST mechanism will do the same things as for browser, but required urls, tokens, etc. will be wrapped as "challenges" and "responses", eg server will send REST auth url as "challenge" for client, and client will open url, post credentials, get a token and send them as "response" back to server. Of course you need to add this SASL REST mechanism in client too.
  • Adopt your XMPP server to use your authentication database directly. In this case you only need to modify Openfire code to link it with your users/passwords tables (maybe there is already an admin tool for this). In this case clients will continue to use standard SASL mechanisms without modification. When this way may be easier than first one, remember your XMPP server should have access to plain-text passwords, which may be insecure.
  • You questions in order:

  • Yes, you can disable registration from XMPP client and point users to registration website.

  • You will see chat sessions in Openfire administration console and able to stop them, also you can write a module for do this by your schedule

  • If you will write SASL REST mechanism, there will no any difference between requests from chat clients and web clients for your REST backend, they will look the same.

  • As I described first, you no need separate DB for chat server and you able to setup multiple chat servers connected to your REST backend.

  • 链接地址: http://www.djcxy.com/p/61300.html

    上一篇: 使用getline在for循环中从流中安全读取数据

    下一篇: 将IM聊天服务器集成到现有的Spring服务器