The committers listed above are authorized under a signed CLA.

• ✅ login: vlcekmilan / name: Milan Vlcek (d49ab2f)

Hello @ejona86, could you pls review this?

exposes the InternalServer

That's internal. We're definitely not going to expose it directly. We'd have to do something indirectly.

When a session isestablished

How is a session established?

so the client is forced to reconnect and re-authenticate.

Is authentication an RPC, or part of TLS handshake? Or are you doing something with ServerTransportFilter?

If the external session is later invalidated or expires

FWIW, predictable expiration could potentially be handled by maxConnectionAge(). But if sessions can be suddenly invalidated, that's quite a different thing.

FWIW, predictable expiration could potentially be handled by maxConnectionAge(). But if sessions can be suddenly invalidated, that's quite a different thing.

The session can be terminated by the other system at any time, so its expiration cannot be predicted.
The code example is in the grpcServerInterceptorr where we need to close the transportConnection..

Is authentication an RPC, or part of TLS handshake? Or are you doing something with ServerTransportFilter?

Is not part of the TLS handshake, auth happens inside grpc interceptCall(), which is invoked per RPC call, after the transportConnection is already established.
We just need to close the transportConnection when session is invalidated as shown on picture above.

Instead of a hard socket close, you might want to send an HTTP/2 GOAWAY. gRPC clients handle GOAWAY by transparently creating a new connection for the next request. To do that you can create a wrapper around GrpcHttp2ConnectionHandler that calls graceful close, and define an attribute key for this wrapper object:

import io.grpc.netty.GrpcHttp2ConnectionHandler;

public final class TransportControl {
    public static final Attributes.Key<TransportControl> KEY = Attributes.Key.create("transport-control");
    private final GrpcHttp2ConnectionHandler handler;

    public TransportControl(GrpcHttp2ConnectionHandler handler) {
        this.handler = handler;
    }

    public void sendGoAway() {
        // This triggers an HTTP/2 GOAWAY frame.
        // The client will see this and stop sending new requests on this connection.
        handler.getGracefulServerCloseCommand().run();
    }
}

Write a custom ProtocolNegotiator to grab the handler before it gets buried in the Netty pipeline:

public final class GoAwayNegotiator implements ProtocolNegotiator {
    private final ProtocolNegotiator delegate;

    public GoAwayNegotiator(ProtocolNegotiator delegate) {
        this.delegate = delegate;
    }

    @Override
    public Handler newHandler(GrpcHttp2ConnectionHandler grpcHandler) {
        // Inject the handler into the attributes
        Attributes capturedAttrs = Attributes.newBuilder()
                .set(TransportControl.KEY, new TransportControl(grpcHandler))
                .build();
        
        grpcHandler.addTransportArg(capturedAttrs);
        return delegate.newHandler(grpcHandler);
    }
    // ... delegate other methods (scheme, close)
}

Include the custom ProtocolNegotiator when configuring the NettyServerBuilder:

Server server = NettyServerBuilder.forPort(8080)
    .protocolNegotiator(new GoAwayNegotiator(ProtocolNegotiators.plaintext()))
    // 1. How long to wait for active RPCs to finish after GOAWAY
    .gracefulShutdownTimeout(5, TimeUnit.SECONDS) 
    // 2. Maximum time the entire server-side shutdown process can take
    .shutdownTimeout(10, TimeUnit.SECONDS)
    .addService(new MyServiceImpl())
    .build();

Add a listener for handling the external session close in your server interceptor:

public class SessionInterceptor implements ServerInterceptor {
    @Override
    public <ReqT, RespT> ServerCall.Listener<ReqT> interceptCall(
            ServerCall<ReqT, RespT> call, Metadata headers, ServerCallHandler<ReqT, RespT> next) {
        
        // Extract the controller we injected at the Netty level
        TransportControl control = call.getAttributes().get(TransportControl.KEY);

        if (control != null) {
            // Register this connection/control with your external session manager
            String sessionId = headers.get(SESSION_ID_KEY);
            sessionManager.register(sessionId, () -> {
                // When session expires, stop accepting new streams on the connection.
                control.sendGoAway(); 
            });
        }

        return next.startCall(call, headers);
    }
}

Make sure to have a clean-up strategy for dead channels that may occur because the channel has been closed from the client side, and occupy unnecessary memory until the external session expires.

public class CleanupFilter extends ServerTransportFilter {
    @Override
    public void transportTerminated(Attributes attrs) {
        // This is called when the TCP connection actually dies
        TransportControl control = attrs.get(TransportControl.KEY);
        String sessionId = attrs.get(SESSION_ID_KEY); 
        
        // Remove from your map so the GC can claim the Channel
        sessionManager.unregister(sessionId); 
        logger.info("Connection closed; cleaned up session mapping.");
    }
}

If you must close the transport instead of sending GO_AWAY, you can obtain the channel with GrpcHttp2ConnectionHandler.getChannel() and call its close in the TransportControl class above. However note that a hard channel.close() logs Connection reset by peer errors on both client and server. GOAWAY is a standard part of HTTP/2 flow control and is handled silently.

Is not part of the TLS handshake, auth happens inside grpc interceptCall(), which is invoked per RPC call, after the transportConnection is already established.
We just need to close the transportConnection when session is invalidated as shown on picture above.

How does the client react to that? gRPC clients won't handle the connection close in any special way. If auth is a regular RPC, then you can handle the revocation in normal RPCs (e.g., responding UNAUTHENTICATED).

Instead of a hard socket close, you might want to send an HTTP/2 GOAWAY.

transport.shutdown() triggers graceful, double-GOAWAY shutdown (which they are showing code using). shutdownNow() is abrupt.

Write a custom ProtocolNegotiator to grab the handler before it gets buried in the Netty pipeline:

@kannanjgithub, those APIs are internal to gRPC. They should not be used by others.