The transport receives messages from clients and invokes interceptors in the request and response flow. The interceptors that are engaged with the transport are global and are invoked for each message flowing through the router.
Syntax
<transport coreThreadPoolSize="integer"
socketTimeout="integer"
tcpNoDelay="[true,false]"
httpClientRetries="integer"
autoContinue100Expected="[true,false]"
printStackTrace="[true,false]">
<interceptors>
[interceptors]*
</interceptors>
</transport><transport coreThreadPoolSize="integer" socketTimeout="integer" tcpNoDelay="[true,false]" httpClientRetries="integer" autoContinue100Expected="[true,false]" printStackTrace="[true,false]"> <interceptors> [interceptors]* </interceptors> </transport>
Sample
<beans>
<transport coreThreadPoolSize="20">
<ruleMatching />
<dispatching />
<userFeature />
<transform xslt="strip.xslt" />
<wsdlRewriter />
<httpClient />
</transport>
</beans><beans> <transport coreThreadPoolSize="20"> <ruleMatching /> <dispatching /> <userFeature /> <transform xslt="strip.xslt" /> <wsdlRewriter /> <httpClient /> </transport> </beans>
Attributes
| Name | Required | Default | Description | Examples |
|---|---|---|---|---|
| backlog | false | 50 | The backlog value passed to {@link java.net.ServerSocket#ServerSocket(int, int, InetAddress)}. The maximum length of the queue of incoming connections. | - |
| concurrentConnectionLimitPerIp | false | -1 No Limit | Limits the number of concurrent connections from one ip | - |
| coreThreadPoolSize | false | 20 | Membrane uses a thread pool to allocate threads to incomming clients connections. The core thread pool size is the minimum number of threads that are created in advance to serve client requests. | 5 |
| forceSocketCloseOnHotDeployAfter | false | 30000 | When proxies.xml is changed and <router hotDeploy="true">, the Spring Context is automatically refreshed, which restarts the {@link Router} object (=Membrane API Gateway). Before the context refresh, all open socket connections have to be closed. Exchange objects which are still running might delay this process. Setting forceSocketCloseOnHotDeployAfter to a non-zero number of milliseconds forces connections to be closed after this time. | - |
| maxThreadPoolSize | false | no limit | Maximum number of threads to handle incoming connections. (Membrane uses 1 thread per incoming connection.) | 300 |
| reverseDNS | false | true | Whether the remote address should automatically reverse-looked up for incoming connections. | - |
| socketTimeout | false | 30000 | Socket timout in ms. | - |
| tcpNoDelay | false | true | Whether to use the "TCP no delay" option. (=A TCP/IP packet should be constructed as soon as any data has been written to the network buffer. With "TCP no delay" set to false, the network hardware waits a short period of time wether the software will write more data. When the packet constructed from the data in the buffer would exceed the MTU in size, the packet is always constructed and sent immediately.) | - |
Child Elements
| Element | Description | Cardinality |
|---|---|---|
| abort | Plugins are usually applied to requests and responses. In case of errors, the flow returns and handleAbort() is called on plugins going back the chain. By nesting plugins into an you can limit their application to abort flows only. On plugins nested in handleResponse() is called not handleAbort() in order to allow normal processing. | 0..* |
| accessControl | Blocks requests whose origin TCP/IP address (hostname or IP address) is not allowed to access the requested resource. | 0..* |
| accessLog | Writes exchange metrics into a Log4j appender | 0..* |
| accountRegistration | Allows account registration (!Experimental!) | 0..* |
| acmeHttpChallenge | See the documentation of the <acme /> element for usage details. | 0..* |
| adminConsole | Displays up-to-date statistics, recent exchanges and, by default, allows live modification of Membrane's configuration. | 0..* |
| apiKey | Validates API keys extracted from incoming requests and looks up permissions (scopes) via configured key stores. Extractors can read the keys from HTTP headers, query parameters and may other message part. When validation succeeds, the interceptor adds an ApiKeySecurityScheme with the resolved scopes to the Exchange. Scopes can be checked in later plugins using the SpEL function hasScope("..."). | 0..* |
| balancer | Performs load-balancing between several nodes. Nodes sharing session state may be bundled into a cluster. | 0..* |
| basicAuthentication | Blocks requests which do not have the correct RFC 1945 basic authentication credentials (HTTP header "Authentication: Basic ...."). | 0..* |
| beautifier | Beautifies request and response bodies. Supported are the Formats: JSON, JSON5, XML, TEXT | 0..* |
| cache | Don't use, this does NOT implement valid HTTP caching. | 0..* |
| call | Calls an external endpoint | 0..* |
| chain | A Chain groups multiple interceptors into reusable components, reducing redundancy in API configurations. | 0..* |
| clamav | Delegates virus checks to an external Virus Scanner. | 0..* |
| clusterNotification | Receives control messages to dynamically modify the configuration of a {@link LoadBalancingInterceptor}. | 0..* |
| cors | Cross-Origin Resource Sharing (CORS) plugin that enables secure cross-origin HTTP requests. | 0..* |
| destination | Sets the destination URL for the exchange. This overrides any previous destination. | 0..* |
| dispatching | This interceptor adds the destination specified in the target element to the list of destinations of the exchange object. It must be placed into the transport to make Service Proxies Work properly. It has to be placed after the ruleMatching interceptor. The ruleMatching interceptor looks up a service proxy for an incoming request and places it into the exchange object. The dispatching interceptor needs the service proxy to get information about the target. | 0..* |
| echo | Returns the flow of plugins and copies the content of the request into a new response. The response has a status code of 200. Useful for testing. | 0..* |
| exchangeStore | Adds the current state of HTTP requests and responses to an "exchange store". | 0..* |
| for | Iterates over a collection extracted from the Exchange and applies its nested interceptors for each element. The current element is exposed in the exchange under the property key "it". Example configuration: | 0..* |
| formValidation | Using the formValidation interceptor you can validate the input of HTML forms. | 0..* |
| global | The global chain applies plugins to all endpoints, enabling centralized features such as global user authentication, logging, and other cross-cutting concerns. | 0..* |
| graphQLProtection | Check GraphQL-over-HTTP requests, enforcing several limits and/or restrictions. This effectively helps to reduce the attack surface. | 0..* |
| groovy | Executes a Groovy script. The script can access and manipulate data from the request and response. Use this or the Javascript plugin to extend the functions of Membrane by scripting. See: example/groovy for working samples | 0..* |
| groovyTemplate | Uses the groovy template markup engine to produce HTML-based responses. <groovyTemplate><![CDATA[ html { head { title('Resource') } body { p('Hello from Membrane!') } } ]]></groovyTemplate> | 0..* |
| headerFilter | Removes message headers matching a list of patterns. The first matching child element will be acted upon by the filter. | 0..* |
| httpClient | The httpClient sends the request of an exchange to a Web Server using the HTTP protocol. Usually it will be globally used inside the transport. However, it is also possible to use it inside a proxy to give the proxy an individual configuration for its outgoing HTTP connection that is different from the global configuration in the transport. | 0..* |
| idempotency | Prevents duplicate request processing based on a dynamic idempotency key. | 0..* |
| if | if allows conditional execution of nested interceptors. | 0..* |
| index | The index feature lists available proxys at a simple Web page. To use this feature just add a serviceProxy containing the index element. Of course you can protect the service proxy by using SSL or Username and Password. | 0..* |
| javascript | Executes a Javascript. The script can access and manipulate data from the request and response. Use this or the Groovy plugin to extend the functions of Membrane by scripting. See the samples in examples/javascript. | 0..* |
| json2Xml | Converts JSON message bodies into XML. The converter wraps the JSON document into a root element. The name of the root element is configurable. If unset, JSON objects default to "root" and JSON arrays default to "array". This interceptor reads the JSON body, converts it into XML and updates the message body and Content-Type header. The resulting XML is always UTF-8 encoded and starts with an XML prolog. | 0..* |
| kubernetesValidation | Kubernetes Integration is still experimental. | 0..* |
| limit | Limits the maximum length of a HTTP message body. | 0..* |
| log | Logs request and response messages. The messages will appear either on the console or in a log file depending on the log configuration. | 0..* |
| login | The login interceptor can be used to restrict and secure end user access to an arbitrary web application. | 0..* |
| oauth2Resource2 | Allows only authorized HTTP requests to pass through. Unauthorized requests get a redirect to the authorization server as response. This interceptor does Session Management and can thereby translate Session IDs to OAuth2/OIDC Access Tokens. Beyond regular OIDC-compliant authorization servers, this interceptor can also be used with Azure B2C. | 0..* |
| openapiPublisher | The openapiPublisher serves OpenAPI documents | 0..* |
| openapiValidator | Validator for OpenAPI documents | 0..* |
| openTelemetry | Creates an OpenTelemetry span for each HTTP request passing through. Sends the tracing data to the speficied OpenTelemetry collector. See also examples/monitoring-tracing/opentelemetry for a demo, including screenshots. | 0..* |
| prometheus | Exposes some of Membrane's internal metrics in the Prometheus format. See also examples/monitoring-tracing/prometheus for a demo, including a screenshot. | 0..* |
| rateLimiter | The rateLimiter plugin limits the number of requests of a client in a period of time. As a default the client requests are grouped by client-Ip address and then counted. There are lots of possibilities to group the requests using the keyExpression. The requests can even be counted from different clients together. | 0..* |
| regExReplacer | Runs a regular-expression-replacement on either the message body (default) or all header values. | 0..* |
| request | Interceptors are usually applied to requests and responses. By nesting interceptors into a Element you can limit their application to requests only. | 0..* |
| response | Interceptors are usually applied to requests and responses. By nesting interceptors into a plugin you can limit their application to responses only. | 0..* |
| rest2Soap | Converts REST requests into SOAP messages. | 0..* |
| return | Terminates the exchange flow. The returned response is determined in the following order: | 0..* |
| reverseProxying | Rewrites the scheme, hostname and port in the "Location" header in HTTP responses, as well as in the "Destination" header in HTTP requests. The rewriting reflects the different schemes, hostnames and ports used to access Membrane vs. the target HTTP server. | 0..* |
| rewriter | Rewrites or redirects the path of incoming requests based on a mapping. | 0..* |
| setCookies | Adds one or more Set-Cookie headers to the HTTP response for session handling, user preferences, or tracking purposes. Supports computing expiry, setting standard attributes like Domain and Path, and building a compliant cookie string. Useful for enriching responses with configurable cookies directly at gateway level without backend involvement. | 0..* |
| shutdown | Shutdown interceptor. | 0..* |
| soap2Rest | Converts SOAP messages into REST requests. | 0..* |
| soapBody | Renders a SOAP body for legacy integration | 0..* |
| soapStackTraceFilter | The soapStackTraceFilter removes SOAP stack traces from message bodies. | 0..* |
| statisticsCSV | Writes statistics (time, status code, hostname, URI, etc.) about exchanges passing through into a CSV file (one line per exchange). | 0..* |
| statisticsJDBC | Writes statistics (time, status code, hostname, URI, etc.) about exchanges passing through into a database (one row per exchange). | 0..* |
| tcp | Allow HTTP protocol upgrades to the TCP protocol. After the upgrade, the connection's data packets are simply forwarded and not inspected. | 0..* |
| template | Renders the body content of a message from a template. The template can produce plain text, Json or XML. Variables in the template are substituted with values from the body, header, query parameters, etc. If the extension of a referenced template file is .xml it will use XMLTemplateEngine otherwise StreamingTemplateEngine. Have a look at the samples in examples/template. | 0..* |
| throttle | The throttle feature can slow down traffic to thwart denial of service attacks. | 0..* |
| time | Measures the end-to-end processing time of the child interceptor flow and logs an aligned summary. If an OpenTelemetry parent Span is present on the {@link Exchange}, a child sub-span is created around the measured section so timing data is exported to OTel as well. | 0..* |
| transform | The transform feature applies an XSLT transformation to the content in the body of a message. After the transformation the body content is replaced with the result of the transformation. | 0..* |
| urlNormalizer | Replaces "/./" in the request URI's path by "/". | 0..* |
| webServer | Serves static files based on the request's path. | 0..* |
| webSocket | Allow HTTP protocol upgrades to the WebSocket protocol. After the upgrade, the connection's data packets are simply forwarded and not inspected. | 0..* |
| wsdlPublisher | The wsdlPublisher serves WSDL files (and attached XML Schema Documents), if your backend service does not already do so. | 0..* |
| wsdlRewriter | The wsdlRewriter rewrites endpoint addresses of services and XML Schema locations in WSDL documents. | 0..* |
| xml2Json | If enabled converts body content from xml to json. | 0..* |
| xmlContentFilter | The xmlContentFilter removes certain XML elements from message bodies. The elements are described using an XPath expression. | 0..* |
| xmlProtection | Prohibits XML documents to be passed through that look like XML attacks on older parsers. Too many attributes, too long element names are such indications. DTD definitions will simply be removed. | 0..* |