Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
io.grpc:grpc-netty-shaded
Advanced tools
Homepage: | grpc.io |
Mailing List: | grpc-io@googlegroups.com |
gRPC-Java supports Java 8 and later. Android minSdkVersion 21 (Lollipop) and later are supported with Java 8 language desugaring.
TLS usage on Android typically requires Play Services Dynamic Security Provider. Please see the Security Readme.
Older Java versions are not directly supported, but a branch remains available for fixes and releases. See gRFC P5 JDK Version Support Policy.
Java version | gRPC Branch |
---|---|
7 | 1.41.x |
For a guided tour, take a look at the quick start guide or the more explanatory gRPC basics.
The examples and the Android example are standalone projects that showcase the usage of gRPC.
Download the JARs. Or for Maven with non-Android, add to your pom.xml
:
<dependency>
<groupId>io.grpc</groupId>
<artifactId>grpc-netty-shaded</artifactId>
<version>1.67.0</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>io.grpc</groupId>
<artifactId>grpc-protobuf</artifactId>
<version>1.67.0</version>
</dependency>
<dependency>
<groupId>io.grpc</groupId>
<artifactId>grpc-stub</artifactId>
<version>1.67.0</version>
</dependency>
<dependency> <!-- necessary for Java 9+ -->
<groupId>org.apache.tomcat</groupId>
<artifactId>annotations-api</artifactId>
<version>6.0.53</version>
<scope>provided</scope>
</dependency>
Or for Gradle with non-Android, add to your dependencies:
runtimeOnly 'io.grpc:grpc-netty-shaded:1.67.0'
implementation 'io.grpc:grpc-protobuf:1.67.0'
implementation 'io.grpc:grpc-stub:1.67.0'
compileOnly 'org.apache.tomcat:annotations-api:6.0.53' // necessary for Java 9+
For Android client, use grpc-okhttp
instead of grpc-netty-shaded
and
grpc-protobuf-lite
instead of grpc-protobuf
:
implementation 'io.grpc:grpc-okhttp:1.67.0'
implementation 'io.grpc:grpc-protobuf-lite:1.67.0'
implementation 'io.grpc:grpc-stub:1.67.0'
compileOnly 'org.apache.tomcat:annotations-api:6.0.53' // necessary for Java 9+
For Bazel, you can either
use Maven
(with the GAVs from above), or use @io_grpc_grpc_java//api
et al (see below).
Development snapshots are available in Sonatypes's snapshot repository.
For protobuf-based codegen, you can put your proto files in the src/main/proto
and src/test/proto
directories along with an appropriate plugin.
For protobuf-based codegen integrated with the Maven build system, you can use
protobuf-maven-plugin (Eclipse and NetBeans users should also look at
os-maven-plugin
's
IDE documentation):
<build>
<extensions>
<extension>
<groupId>kr.motd.maven</groupId>
<artifactId>os-maven-plugin</artifactId>
<version>1.7.1</version>
</extension>
</extensions>
<plugins>
<plugin>
<groupId>org.xolstice.maven.plugins</groupId>
<artifactId>protobuf-maven-plugin</artifactId>
<version>0.6.1</version>
<configuration>
<protocArtifact>com.google.protobuf:protoc:3.25.3:exe:${os.detected.classifier}</protocArtifact>
<pluginId>grpc-java</pluginId>
<pluginArtifact>io.grpc:protoc-gen-grpc-java:1.67.0:exe:${os.detected.classifier}</pluginArtifact>
</configuration>
<executions>
<execution>
<goals>
<goal>compile</goal>
<goal>compile-custom</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
For non-Android protobuf-based codegen integrated with the Gradle build system, you can use protobuf-gradle-plugin:
plugins {
id 'com.google.protobuf' version '0.9.4'
}
protobuf {
protoc {
artifact = "com.google.protobuf:protoc:3.25.3"
}
plugins {
grpc {
artifact = 'io.grpc:protoc-gen-grpc-java:1.67.0'
}
}
generateProtoTasks {
all()*.plugins {
grpc {}
}
}
}
The prebuilt protoc-gen-grpc-java binary uses glibc on Linux. If you are compiling on Alpine Linux, you may want to use the Alpine grpc-java package which uses musl instead.
For Android protobuf-based codegen integrated with the Gradle build system, also use protobuf-gradle-plugin but specify the 'lite' options:
plugins {
id 'com.google.protobuf' version '0.9.4'
}
protobuf {
protoc {
artifact = "com.google.protobuf:protoc:3.25.3"
}
plugins {
grpc {
artifact = 'io.grpc:protoc-gen-grpc-java:1.67.0'
}
}
generateProtoTasks {
all().each { task ->
task.builtins {
java { option 'lite' }
}
task.plugins {
grpc { option 'lite' }
}
}
}
}
For Bazel, use the proto_library
and the java_proto_library
(no load()
required)
and load("@io_grpc_grpc_java//:java_grpc_library.bzl", "java_grpc_library")
(from this project), as in
this example BUILD.bazel
.
APIs annotated with @Internal
are for internal use by the gRPC library and
should not be used by gRPC users. APIs annotated with @ExperimentalApi
are
subject to change in future releases, and library code that other projects
may depend on should not use these APIs.
We recommend using the
grpc-java-api-checker
(an Error Prone plugin)
to check for usages of @ExperimentalApi
and @Internal
in any library code
that depends on gRPC. It may also be used to check for @Internal
usage or
unintended @ExperimentalApi
consumption in non-library code.
If you are making changes to gRPC-Java, see the compiling instructions.
At a high level there are three distinct layers to the library: Stub, Channel, and Transport.
The Stub layer is what is exposed to most developers and provides type-safe
bindings to whatever datamodel/IDL/interface you are adapting. gRPC comes with
a plugin to the
protocol-buffers compiler that generates Stub interfaces out of .proto
files,
but bindings to other datamodel/IDL are easy and encouraged.
The Channel layer is an abstraction over Transport handling that is suitable for interception/decoration and exposes more behavior to the application than the Stub layer. It is intended to be easy for application frameworks to use this layer to address cross-cutting concerns such as logging, monitoring, auth, etc.
The Transport layer does the heavy lifting of putting and taking bytes off the
wire. The interfaces to it are abstract just enough to allow plugging in of
different implementations. Note the transport layer API is considered internal
to gRPC and has weaker API guarantees than the core API under package io.grpc
.
gRPC comes with multiple Transport implementations:
FAQs
gRPC: Netty Shaded
We found that io.grpc:grpc-netty-shaded demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.