From 3b49ed6d0a95cb2db2f57932afdba2dc2e292a5e Mon Sep 17 00:00:00 2001
From: Greg Wilkins <gregw@webtide.com>
Date: Thu, 24 Dec 2015 08:25:56 +1100
Subject: [PATCH 1/2] 484657 - Support HSTS rfc6797

---
 jetty-server/src/main/config/etc/jetty-ssl.xml | 4 +++-
 jetty-server/src/main/config/modules/ssl.mod   | 6 ++++++
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/jetty-server/src/main/config/etc/jetty-ssl.xml b/jetty-server/src/main/config/etc/jetty-ssl.xml
index 6bb613e21b2..a079c1f6ab2 100644
--- a/jetty-server/src/main/config/etc/jetty-ssl.xml
+++ b/jetty-server/src/main/config/etc/jetty-ssl.xml
@@ -47,7 +47,9 @@
     <Call name="addCustomizer">
       <Arg>
         <New class="org.eclipse.jetty.server.SecureRequestCustomizer">
-          <Arg type="boolean"><Property name="jetty.ssl.sniHostCheck" default="true"/></Arg>
+          <Arg name="sniHostCheck" type="boolean"><Property name="jetty.ssl.sniHostCheck" default="true"/></Arg>
+          <Arg name="stsMaxAgeSeconds" type="int"><Property name="jetty.ssl.stsMaxAgeSeconds" default="-1"/></Arg>
+          <Arg name="stsIncludeSubdomains" type="boolean"><Property name="jetty.ssl.stsIncludeSubdomains" default="false"/></Arg>
         </New>
       </Arg>
     </Call>
diff --git a/jetty-server/src/main/config/modules/ssl.mod b/jetty-server/src/main/config/modules/ssl.mod
index 292780a1cb4..97195c1694d 100644
--- a/jetty-server/src/main/config/modules/ssl.mod
+++ b/jetty-server/src/main/config/modules/ssl.mod
@@ -45,6 +45,12 @@ http://git.eclipse.org/c/jetty/org.eclipse.jetty.project.git/plain/jetty-server/
 ## Whether request host names are checked to match any SNI names
 # jetty.ssl.sniHostCheck=true
 
+## max age in seconds for a Strict-Transport-Security response header (default -1)
+# jetty.ssl.stsMaxAgeSeconds=31536000
+
+## include subdomain property in any Strict-Transport-Security header (default false)
+# jetty.ssl.stsIncludeSubdomains=true
+
 ### SslContextFactory Configuration
 ## Note that OBF passwords are not secure, just protected from casual observation
 ## See http://www.eclipse.org/jetty/documentation/current/configuring-security-secure-passwords.html

From 30557429cf959d404b461be18bea2dd16650ee13 Mon Sep 17 00:00:00 2001
From: Greg Wilkins <gregw@webtide.com>
Date: Thu, 24 Dec 2015 15:13:46 +1100
Subject: [PATCH 2/2] 484801 Avoid non-cached memory mapped files

---
 .../jetty/server/handler/ResourceHandler.java | 40 ++++++++++---------
 1 file changed, 22 insertions(+), 18 deletions(-)

diff --git a/jetty-server/src/main/java/org/eclipse/jetty/server/handler/ResourceHandler.java b/jetty-server/src/main/java/org/eclipse/jetty/server/handler/ResourceHandler.java
index 9c2a72ab59c..c8daf2643fc 100644
--- a/jetty-server/src/main/java/org/eclipse/jetty/server/handler/ResourceHandler.java
+++ b/jetty-server/src/main/java/org/eclipse/jetty/server/handler/ResourceHandler.java
@@ -47,6 +47,7 @@ import org.eclipse.jetty.util.log.Log;
 import org.eclipse.jetty.util.log.Logger;
 import org.eclipse.jetty.util.resource.PathResource;
 import org.eclipse.jetty.util.resource.Resource;
+import org.eclipse.jetty.util.resource.ResourceFactory;
 
 
 /* ------------------------------------------------------------ */
@@ -58,7 +59,7 @@ import org.eclipse.jetty.util.resource.Resource;
  *
  *
  */
-public class ResourceHandler extends HandlerWrapper
+public class ResourceHandler extends HandlerWrapper implements ResourceFactory
 {
     private static final Logger LOG = Log.getLogger(ResourceHandler.class);
 
@@ -67,12 +68,13 @@ public class ResourceHandler extends HandlerWrapper
     Resource _defaultStylesheet;
     Resource _stylesheet;
     String[] _welcomeFiles={"index.html"};
-    MimeTypes _mimeTypes = new MimeTypes();
+    MimeTypes _mimeTypes;
     String _cacheControl;
     boolean _directory;
+    boolean _gzip;
     boolean _etags;
-    int _minMemoryMappedContentLength=1024;
-    int _minAsyncContentLength=0;
+    int _minMemoryMappedContentLength=0;
+    int _minAsyncContentLength=16*1024;
 
     /* ------------------------------------------------------------ */
     public ResourceHandler()
@@ -179,7 +181,8 @@ public class ResourceHandler extends HandlerWrapper
     {
         Context scontext = ContextHandler.getCurrentContext();
         _context = (scontext==null?null:scontext.getContextHandler());
-
+        _mimeTypes = _context==null?new MimeTypes():_context.getMimeTypes();
+        
         super.doStart();
     }
 
@@ -297,24 +300,25 @@ public class ResourceHandler extends HandlerWrapper
     /* ------------------------------------------------------------ */
     /*
      */
-    public Resource getResource(String path) throws MalformedURLException
+    @Override
+    public Resource getResource(String path)
     {
-        if (path==null || !path.startsWith("/"))
-            throw new MalformedURLException(path);
-
         if (LOG.isDebugEnabled())
             LOG.debug("{} getResource({})",_context==null?_baseResource:_context,_baseResource,path);
-        
-        Resource base = _baseResource;
-        if (base==null)
-        {
-            if (_context==null)
-                return null;
-            return _context.getResource(path);
-        }
 
+        if (path==null || !path.startsWith("/"))
+            return null;
+        
         try
         {
+            Resource base = _baseResource;
+            if (base==null)
+            {
+                if (_context==null)
+                    return null;
+                return _context.getResource(path);
+            }
+
             path=URIUtil.canonicalPath(path);
             Resource r = base.addPath(path);
             if (r!=null && r.isAlias() && (_context==null || !_context.checkAlias(path, r)))
@@ -327,7 +331,7 @@ public class ResourceHandler extends HandlerWrapper
         }
         catch(Exception e)
         {
-            LOG.ignore(e);
+            LOG.debug(e);
         }
 
         return null;