From 3fe173232fff78e6037d775fd816208318f2f3b9 Mon Sep 17 00:00:00 2001 From: WalkerWatch Date: Wed, 23 Nov 2016 15:43:11 -0500 Subject: [PATCH 1/8] Misc doc updates/fixes. Signed-off-by: WalkerWatch --- .../session-configuration-memory.adoc | 27 +++++++++---------- .../sessions/session-hierarchy.adoc | 1 + .../configuring/jsp/configuring-jsp.adoc | 2 +- .../upgrading/upgrading-9.3-to-9.4.adoc | 7 +++-- 4 files changed, 19 insertions(+), 18 deletions(-) diff --git a/jetty-documentation/src/main/asciidoc/administration/sessions/session-configuration-memory.adoc b/jetty-documentation/src/main/asciidoc/administration/sessions/session-configuration-memory.adoc index 9e4f09edc2a..214fb01d11c 100644 --- a/jetty-documentation/src/main/asciidoc/administration/sessions/session-configuration-memory.adoc +++ b/jetty-documentation/src/main/asciidoc/administration/sessions/session-configuration-memory.adoc @@ -18,22 +18,19 @@ === Non-Clustered Session Management: Memory -Non-clustered, in-memory-only is the default style of session management. -In previous versions of jetty this was referred to as "hash" sessions, as they were stored in a HashMap in memory. +Non-clustered, in-memory-only is the default style of Session Management. +In previous versions of Jetty this was referred to as "hash" sessions, as they were stored in a `HashMap` in memory. When using the Jetty distribution, if you do not configure any session module, this will be enabled by default. -Specifically, jetty will hook up: +Specifically, Jetty will hook up: -[horizontal] -*a DefaultSessionIdManager*:: -- produces unique session ids and supports cross-context dispatch re-use of session ids -*a HouseKeeper*:: -- scavenges expired sessions every 10 mins -*a DefaultSessionCache per context*:: -- keeps session objects in memory -*a NullSessionDataStore per context*:: -- no persistence of sessions - - -If you wish to change any of the default configuration, enable the *session-cache-hash* module. +A `DefaultSessionIdManager`:: +* Produces unique session ids and supports cross-context dispatch re-use of session ids +A `HouseKeeper`:: +* Scavenges for expired sessions every 10 mins +A `DefaultSessionCache` per context:: +* Keeps session objects in memory +A `NullSessionDataStore` per context:: +* No persistence of sessions +If you wish to change any of the default configuration, enable the `session-cache-hash` module. diff --git a/jetty-documentation/src/main/asciidoc/administration/sessions/session-hierarchy.adoc b/jetty-documentation/src/main/asciidoc/administration/sessions/session-hierarchy.adoc index 4723c707170..33d8b272ae8 100644 --- a/jetty-documentation/src/main/asciidoc/administration/sessions/session-hierarchy.adoc +++ b/jetty-documentation/src/main/asciidoc/administration/sessions/session-hierarchy.adoc @@ -17,6 +17,7 @@ [[jetty-sessions-architecture]] === Session Architecture +// TODO: Remove in Jetty 9.5/10 - This paragraph is dated and only really useful for upgrading into 9.4 from prior versions. ==== Changes in Session Architecture The architecture of Session Management Jetty changed significantly in Jetty 9.4. These changes have resulted in Sessions not only being easier to configure but making them much more pluggable for various technologies. diff --git a/jetty-documentation/src/main/asciidoc/configuring/jsp/configuring-jsp.adoc b/jetty-documentation/src/main/asciidoc/configuring/jsp/configuring-jsp.adoc index dd124d4bdcf..f943de97fbc 100644 --- a/jetty-documentation/src/main/asciidoc/configuring/jsp/configuring-jsp.adoc +++ b/jetty-documentation/src/main/asciidoc/configuring/jsp/configuring-jsp.adoc @@ -28,7 +28,7 @@ By default the Jetty distribution enables the JSP link:#startup-modules[module], [source, plain, subs="{sub-order}"] ---- -include::{SRCDIR}/jetty-distribution/src/main/resources/modules/jsp.mod[] +include::{SRCDIR}/jetty-home/src/main/resources/modules/jsp.mod[] ---- Note that the availability of some JSP features may depend on which JSP container implementation you are using. diff --git a/jetty-documentation/src/main/asciidoc/reference/upgrading/upgrading-9.3-to-9.4.adoc b/jetty-documentation/src/main/asciidoc/reference/upgrading/upgrading-9.3-to-9.4.adoc index 4e0bbfe7c30..85af1b81807 100644 --- a/jetty-documentation/src/main/asciidoc/reference/upgrading/upgrading-9.3-to-9.4.adoc +++ b/jetty-documentation/src/main/asciidoc/reference/upgrading/upgrading-9.3-to-9.4.adoc @@ -14,9 +14,12 @@ // You may elect to redistribute this code under either of these licenses. // ======================================================================== -=== Upgrading from Jetty 9.3 to Jetty 9.4 +=== Upgrading from Jetty 9.3.x to Jetty 9.4.0 -==== jetty.sh +The purpose of this guide is to assist users migrating from Jetty 9.3.x to 9.4.0. +It is not comprehensive, but covers many of the major changes included in the release that may prove as problem areas for users. + +==== The jetty.sh Script The file `jetty.sh`, typically used to start Jetty as a service in Linux/Unix machines underwent only small changes, such as the addition of https://wiki.debian.org/LSBInitScripts[LSB tags]. From 3e43ffe64188bcacd9050954cc1428c1ea58945c Mon Sep 17 00:00:00 2001 From: WalkerWatch Date: Wed, 30 Nov 2016 13:38:17 -0500 Subject: [PATCH 2/8] Issue #1138 - Doc updates and cleanup. Signed-off-by: WalkerWatch --- ...onfiguring-specific-webapp-deployment.adoc | 10 +++++---- .../reference/contributing/patches.adoc | 4 ++-- .../reference/jetty-xml/jetty-env-xml.adoc | 22 +++++++++---------- .../jetty-xml/jetty-web-xml-config.adoc | 4 ++-- .../reference/jetty-xml/jetty-xml-config.adoc | 4 ++-- .../reference/jetty-xml/jetty-xml-syntax.adoc | 11 ++++++++++ .../reference/jetty-xml/jetty-xml-usage.adoc | 2 +- .../reference/jetty-xml/override-web-xml.adoc | 2 +- .../reference/jetty-xml/webdefault-xml.adoc | 14 +++++++----- 9 files changed, 44 insertions(+), 29 deletions(-) diff --git a/jetty-documentation/src/main/asciidoc/configuring/deploying/configuring-specific-webapp-deployment.adoc b/jetty-documentation/src/main/asciidoc/configuring/deploying/configuring-specific-webapp-deployment.adoc index d10f586cbf5..a2cd3f1560d 100644 --- a/jetty-documentation/src/main/asciidoc/configuring/deploying/configuring-specific-webapp-deployment.adoc +++ b/jetty-documentation/src/main/asciidoc/configuring/deploying/configuring-specific-webapp-deployment.adoc @@ -52,11 +52,8 @@ For example, here is a descriptor file that deploys the file `/opt/myapp/myapp.w ---- -____ -[NOTE] Both `SystemProperty` and `Property` elements can be used in the descriptor file. For example, if the system property is set to `myapp.home=/opt/myapp`, the previous example can be rewritten as: -____ [source, xml, subs="{sub-order}"] ---- @@ -72,6 +69,11 @@ ____ If the home path for an application needs altered, only the system property needs changed. This is useful if the version of an app is frequently changed. +____ +[NOTE] +To ensure your `web.xml` files are validated, you will need to set the `validateXml` attribute to true as described link:#jetty-xml-dtd[here.] +____ + [[configuring-advanced-descriptor-files]] ==== Configuring Advanced Descriptor Files @@ -130,7 +132,7 @@ This feature is useful when adding parameters or additional Servlet mappings wit ---- -The next example configures not only the web application context, but also a database connection pool (see xref:jndi-datasource-examples[]) that the application can then use. +The next example configures not only the web application context, but also a database connection pool (see xref:jndi-datasource-examples[]) that the application can then use. If the `web.xml` does not include a reference to this data source, an override descriptor mechanism (as shown in the previous example) can be used to include it. [source, xml, subs="{sub-order}"] diff --git a/jetty-documentation/src/main/asciidoc/reference/contributing/patches.adoc b/jetty-documentation/src/main/asciidoc/reference/contributing/patches.adoc index e0f586e7e43..6aa30846471 100644 --- a/jetty-documentation/src/main/asciidoc/reference/contributing/patches.adoc +++ b/jetty-documentation/src/main/asciidoc/reference/contributing/patches.adoc @@ -30,8 +30,8 @@ The following is the general process by which we operate. * This may not be the final form a commit will take, there may be some back and forth and you may be asked to re-issue a pull request. - -Not everything is specifically relevant since we are at GitHub but the crux of things are detailed there. The CLA is critically important to the process. +Not everything is specifically relevant since we are at GitHub but the crux of things are detailed there. +The CLA is *critically* important to the process. [[contributing-cla]] ==== Sign a CLA diff --git a/jetty-documentation/src/main/asciidoc/reference/jetty-xml/jetty-env-xml.adoc b/jetty-documentation/src/main/asciidoc/reference/jetty-xml/jetty-env-xml.adoc index 4e9b3269ffd..2ab4117cd96 100644 --- a/jetty-documentation/src/main/asciidoc/reference/jetty-xml/jetty-env-xml.adoc +++ b/jetty-documentation/src/main/asciidoc/reference/jetty-xml/jetty-env-xml.adoc @@ -15,7 +15,7 @@ // ======================================================================== [[jetty-env-xml]] -=== `jetty-env.xml` +=== jetty-env.xml `jetty-env.xml` is an optional Jetty file that configures JNDI resources for an individual webapp. The format of `jetty-env.xml` is the same as xref:jetty-xml-config[] –it is an XML mapping of the Jetty API. @@ -24,13 +24,13 @@ When Jetty deploys a web application, it automatically looks for a file called ` You define global naming resources on the server via `jetty.xml`. [[jetty-env-root-element]] -==== `jetty-env.xml` Root Element +==== jetty-env.xml Root Element Jetty applies `jetty-env.xml` on a per-webapp basis, and configures an instance of `org.eclipse.jetty.webapp.WebAppContext.` [source, xml, subs="{sub-order}"] ---- - + @@ -38,7 +38,7 @@ Jetty applies `jetty-env.xml` on a per-webapp basis, and configures an instance .. - + ---- ____ @@ -53,26 +53,26 @@ Place the `jetty-env.xml` file in your web application's WEB-INF folder. [source, xml, subs="{sub-order}"] ---- - + - + - + gargle 100 true - + wiggle 55.0 true - + jdbc/mydatasource99 @@ -87,11 +87,11 @@ Place the `jetty-env.xml` file in your web application's WEB-INF folder. - + ---- [[additional-jetty-env-xml-resources]] -==== Additional `jetty-env.xml` Resources +==== Additional jetty-env.xml Resources * xref:jetty-xml-syntax[] –In-depth reference for Jetty-specific configuration XML syntax. * xref:jetty-xml-config[] –Configuration file for configuring the entire server. diff --git a/jetty-documentation/src/main/asciidoc/reference/jetty-xml/jetty-web-xml-config.adoc b/jetty-documentation/src/main/asciidoc/reference/jetty-xml/jetty-web-xml-config.adoc index 4d42bfb6b49..42ca5130675 100644 --- a/jetty-documentation/src/main/asciidoc/reference/jetty-xml/jetty-web-xml-config.adoc +++ b/jetty-documentation/src/main/asciidoc/reference/jetty-xml/jetty-web-xml-config.adoc @@ -15,7 +15,7 @@ // ======================================================================== [[jetty-web-xml-config]] -=== `jetty-web.xml` +=== jetty-web.xml `jetty-web.xml` is a Jetty configuration file that you can bundle with a specific web application. The format of `jetty-web.xml` is the same as xref:jetty-xml-config[] – it is an XML mapping of the Jetty API. @@ -44,7 +44,7 @@ Make sure you are applying the configuration to an instance of the proper class. ____ [[using-jetty-web-xml]] -==== Using `jetty-web.xml` +==== Using jetty-web.xml Place the `jetty-web.xml` into your web application's `WEB-INF` folder. When Jetty deploys a web application, it looks for a file called `WEB-INF/jetty-web.xml` or `WEB-INF/web-jetty.xml` within the web application (or WAR) and applies the configuration found there. diff --git a/jetty-documentation/src/main/asciidoc/reference/jetty-xml/jetty-xml-config.adoc b/jetty-documentation/src/main/asciidoc/reference/jetty-xml/jetty-xml-config.adoc index 1849e82f623..89755ea5ebb 100644 --- a/jetty-documentation/src/main/asciidoc/reference/jetty-xml/jetty-xml-config.adoc +++ b/jetty-documentation/src/main/asciidoc/reference/jetty-xml/jetty-xml-config.adoc @@ -15,7 +15,7 @@ // ======================================================================== [[jetty-xml-config]] -=== `jetty.xml` +=== jetty.xml `jetty.xml` is the default configuration file for Jetty, typically located at ` $JETTY_HOME/etc/jetty.xml`. Usually the `jetty.xml` configures: @@ -47,7 +47,7 @@ The selection of which configuration files to use is controlled by xref:advanced ... - + ---- [[jetty-xml-examples]] diff --git a/jetty-documentation/src/main/asciidoc/reference/jetty-xml/jetty-xml-syntax.adoc b/jetty-documentation/src/main/asciidoc/reference/jetty-xml/jetty-xml-syntax.adoc index cae32fe2abb..fec75e8eef9 100644 --- a/jetty-documentation/src/main/asciidoc/reference/jetty-xml/jetty-xml-syntax.adoc +++ b/jetty-documentation/src/main/asciidoc/reference/jetty-xml/jetty-xml-syntax.adoc @@ -77,6 +77,7 @@ bar.getParent().setName("demo2"); ==== Overview +[[jetty-xml-dtd]] ===== Understanding DTD and Parsing The document type descriptor @@ -96,6 +97,16 @@ The URL may point to configure.dtd if you want the latest current version, or to Files that conform to the configure.dtd format are processed in Jetty by the `XmlConfiguration` class which may also validate the XML (using a version of the DTD from the classes jar file), but is by default run in a forgiving mode that tries to work around validation failures. +To ensure your `web.xml`, `web-fragment.xml` and `webdefault.xml` files are validated, you will also need to set the `validateXml` attribute to true: + +[source, xml, subs="{sub-order}"] +---- + + org.eclipse.jetty.webapp.validateXml + true + +---- + ===== Jetty XML Configuration Scope The configuration of object instances with Jetty IoC XML is done on a scoped basis, so that for any given XML element there is a corresponding Object in scope and the nested XML elements apply to that. diff --git a/jetty-documentation/src/main/asciidoc/reference/jetty-xml/jetty-xml-usage.adoc b/jetty-documentation/src/main/asciidoc/reference/jetty-xml/jetty-xml-usage.adoc index c86edafe06e..1966bb9bd9c 100644 --- a/jetty-documentation/src/main/asciidoc/reference/jetty-xml/jetty-xml-usage.adoc +++ b/jetty-documentation/src/main/asciidoc/reference/jetty-xml/jetty-xml-usage.adoc @@ -22,7 +22,7 @@ It is grounded in Java's Reflection API. Classes in the `java.lang.reflect` repr Behind the scenes, Jetty's XML config parser translates the XML elements and attributes into Reflection calls. [[using-jettyxml]] -==== Using `jetty.xml` +==== Using jetty.xml To use `jetty.xml`, specify it as a configuration file when running Jetty. diff --git a/jetty-documentation/src/main/asciidoc/reference/jetty-xml/override-web-xml.adoc b/jetty-documentation/src/main/asciidoc/reference/jetty-xml/override-web-xml.adoc index 60f26ea37df..8c65c613973 100644 --- a/jetty-documentation/src/main/asciidoc/reference/jetty-xml/override-web-xml.adoc +++ b/jetty-documentation/src/main/asciidoc/reference/jetty-xml/override-web-xml.adoc @@ -15,7 +15,7 @@ // ======================================================================== [[override-web-xml]] -=== Jetty `override-web.xml` +=== Jetty override-web.xml To deploy a web application or WAR into different environments, most likely you will need to customize the webapp for compatibility with each environment. The challenge is to do so without changing the webapp itself. You can use a `jetty.xml` file for some of this work since it is not part of the webapp. diff --git a/jetty-documentation/src/main/asciidoc/reference/jetty-xml/webdefault-xml.adoc b/jetty-documentation/src/main/asciidoc/reference/jetty-xml/webdefault-xml.adoc index 588f5b56a8b..88b6b11c97f 100644 --- a/jetty-documentation/src/main/asciidoc/reference/jetty-xml/webdefault-xml.adoc +++ b/jetty-documentation/src/main/asciidoc/reference/jetty-xml/webdefault-xml.adoc @@ -15,7 +15,7 @@ // ======================================================================== [[webdefault-xml]] -=== `webdefault.xml` +=== webdefault.xml The `webdefault.xml` file saves web applications from having to define a lot of house-keeping and container-specific elements in their own `web.xml` files. For example, you can use it to set up mime-type mappings and JSP servlet-mappings. @@ -27,12 +27,17 @@ However, it is certainly possible to provide differentiated ` webdefault.xml` fi The `webdefault.xml` file is located in `$(jetty.home)/etc/webdefault.xml`. [[using-webdefault-xml]] -==== Using `webdefault.xml` +==== Using webdefault.xml You can specify a custom configuration file to use for specific webapps, or for all webapps. If you do not specify an alternate defaults descriptor, the $JETTY-HOME/etc/jetty-deploy.xml file will configure jetty to automatically use $JETTY_HOME/etc/`webdefault.xml`. +____ +[NOTE] +To ensure your `webdefault.xml` files are validated, you will need to set the `validateXml` attribute to true as described link:#jetty-xml-dtd[here.] +____ + [[creating-custom-webdefault-xml-one-webapp]] -===== Creating a Custom `webdefault.xml` for One WebApp +===== Creating a Custom webdefault.xml for One WebApp You can specify a custom `webdefault.xml` for an individual web application in that webapp's xref:jetty-xml-config[] as follows: @@ -63,8 +68,6 @@ import org.eclipse.jetty.webapp.WebAppContext; //Set up the absolute path to the custom webdefault.xml. wac.setDefaultsDescriptor("/my/path/to/webdefault.xml"); ... - - ---- Alternatively, you can use a xref:jetty-classloading[] to find the resource representing your custom `webdefault.xml`. @@ -86,7 +89,6 @@ Similarly, when using the link:#jetty-maven-plugin[Jetty Maven Plugin] you provi [source, xml, subs="{sub-order}"] ---- - ... From daffbfc5286ec30003c504a988afa3bf8cebde3a Mon Sep 17 00:00:00 2001 From: Greg Wilkins Date: Fri, 2 Dec 2016 13:35:53 +1100 Subject: [PATCH 3/8] Issue #1134 HPACK Improved exceptions when receiving unknown index or a field that cannot be indexed. --- .../jetty/http2/hpack/HpackDecoder.java | 5 ++- .../jetty/http2/hpack/HpackDecoderTest.java | 42 +++++++++++++++++++ 2 files changed, 45 insertions(+), 2 deletions(-) diff --git a/jetty-http2/http2-hpack/src/main/java/org/eclipse/jetty/http2/hpack/HpackDecoder.java b/jetty-http2/http2-hpack/src/main/java/org/eclipse/jetty/http2/hpack/HpackDecoder.java index ffb0ee606d6..87d7ff03986 100644 --- a/jetty-http2/http2-hpack/src/main/java/org/eclipse/jetty/http2/hpack/HpackDecoder.java +++ b/jetty-http2/http2-hpack/src/main/java/org/eclipse/jetty/http2/hpack/HpackDecoder.java @@ -93,7 +93,7 @@ public class HpackDecoder Entry entry=_context.get(index); if (entry==null) { - throw new BadMessageException("Unknown index "+index); + throw new BadMessageException(HttpStatus.BAD_REQUEST_400, "Unknown index "+index); } else if (entry.isStatic()) { @@ -246,7 +246,8 @@ public class HpackDecoder if (indexed) { // add to dynamic table - _context.add(field); + if (_context.add(field)==null) + throw new BadMessageException(HttpStatus.REQUEST_HEADER_FIELDS_TOO_LARGE_431,"Indexed field value too large"); } } diff --git a/jetty-http2/http2-hpack/src/test/java/org/eclipse/jetty/http2/hpack/HpackDecoderTest.java b/jetty-http2/http2-hpack/src/test/java/org/eclipse/jetty/http2/hpack/HpackDecoderTest.java index 6cb86619f0e..fa3b00acb23 100644 --- a/jetty-http2/http2-hpack/src/test/java/org/eclipse/jetty/http2/hpack/HpackDecoderTest.java +++ b/jetty-http2/http2-hpack/src/test/java/org/eclipse/jetty/http2/hpack/HpackDecoderTest.java @@ -22,10 +22,12 @@ package org.eclipse.jetty.http2.hpack; import java.nio.ByteBuffer; import java.util.Iterator; +import org.eclipse.jetty.http.BadMessageException; import org.eclipse.jetty.http.HttpField; import org.eclipse.jetty.http.HttpFields; import org.eclipse.jetty.http.HttpHeader; import org.eclipse.jetty.http.HttpScheme; +import org.eclipse.jetty.http.HttpStatus; import org.eclipse.jetty.http.HttpVersion; import org.eclipse.jetty.http.MetaData; import org.eclipse.jetty.util.BufferUtil; @@ -35,6 +37,7 @@ import org.hamcrest.Matchers; import org.junit.Assert; import org.junit.Test; +import static org.hamcrest.Matchers.equalTo; import static org.hamcrest.Matchers.is; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertFalse; @@ -187,4 +190,43 @@ public class HpackDecoderTest assertTrue(response.getFields().contains(new HttpField(HttpHeader.SERVER,"nghttpx nghttp2/1.12.0"))); assertTrue(response.getFields().contains(new HttpField(HttpHeader.VIA,"1.1 nghttpx"))); } + + @Test + public void testTooBigToIndex() + { + String encoded = "44FfEc02Df3990A190A0D4Ee5b3d2940Ec98Aa4a62D127D29e273a0aA20dEcAa190a503b262d8a2671D4A2672a927aA874988a2471D05510750c951139EdA2452a3a548cAa1aA90bE4B228342864A9E0D450A5474a92992a1aA513395448E3A0Aa17B96cFe3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f14E7Cf9f3e7cF9F3E7Cf9f3e7cF9F3E7Cf9f3e7cF9F3E7Cf9f3e7cF9F3E7Cf9f3e7cF9F3E7Cf9f3e7cF9F3E7Cf9f3e7cF9F3E7Cf9f3e7cF9F3E7Cf9f3e7cF9F3E7Cf9f3e7cF9F3E7Cf9f3e7cF9F3E7Cf9f3e7cF9F3E7Cf9f3e7cF9F3E7Cf9f3e7cF9F3E7Cf9f3e7cF9F3E7Cf9f3e7cF9F3E7Cf9f3e7cF9F353F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F54f"; + ByteBuffer buffer = ByteBuffer.wrap(TypeUtil.fromHexString(encoded)); + + HpackDecoder decoder = new HpackDecoder(128,8192); + try + { + decoder.decode(buffer); + Assert.fail(); + } + catch (BadMessageException e) + { + assertThat(e.getCode(),equalTo(HttpStatus.REQUEST_HEADER_FIELDS_TOO_LARGE_431)); + assertThat(e.getReason(),Matchers.startsWith("Indexed field value too large")); + } + } + + @Test + public void testUnknownIndex() + { + String encoded = "BE"; + ByteBuffer buffer = ByteBuffer.wrap(TypeUtil.fromHexString(encoded)); + + HpackDecoder decoder = new HpackDecoder(128,8192); + try + { + decoder.decode(buffer); + Assert.fail(); + } + catch (BadMessageException e) + { + assertThat(e.getCode(),equalTo(HttpStatus.BAD_REQUEST_400)); + assertThat(e.getReason(),Matchers.startsWith("Unknown index")); + } + + } } From ec0b1ea847e9d664cf98ac2fa3da24e011e1ea28 Mon Sep 17 00:00:00 2001 From: Greg Wilkins Date: Fri, 2 Dec 2016 13:35:53 +1100 Subject: [PATCH 4/8] Issue #1134 HPACK Improved exceptions when receiving unknown index or a field that cannot be indexed. --- .../jetty/http2/hpack/HpackDecoder.java | 5 ++- .../jetty/http2/hpack/HpackDecoderTest.java | 42 +++++++++++++++++++ 2 files changed, 45 insertions(+), 2 deletions(-) diff --git a/jetty-http2/http2-hpack/src/main/java/org/eclipse/jetty/http2/hpack/HpackDecoder.java b/jetty-http2/http2-hpack/src/main/java/org/eclipse/jetty/http2/hpack/HpackDecoder.java index ffb0ee606d6..87d7ff03986 100644 --- a/jetty-http2/http2-hpack/src/main/java/org/eclipse/jetty/http2/hpack/HpackDecoder.java +++ b/jetty-http2/http2-hpack/src/main/java/org/eclipse/jetty/http2/hpack/HpackDecoder.java @@ -93,7 +93,7 @@ public class HpackDecoder Entry entry=_context.get(index); if (entry==null) { - throw new BadMessageException("Unknown index "+index); + throw new BadMessageException(HttpStatus.BAD_REQUEST_400, "Unknown index "+index); } else if (entry.isStatic()) { @@ -246,7 +246,8 @@ public class HpackDecoder if (indexed) { // add to dynamic table - _context.add(field); + if (_context.add(field)==null) + throw new BadMessageException(HttpStatus.REQUEST_HEADER_FIELDS_TOO_LARGE_431,"Indexed field value too large"); } } diff --git a/jetty-http2/http2-hpack/src/test/java/org/eclipse/jetty/http2/hpack/HpackDecoderTest.java b/jetty-http2/http2-hpack/src/test/java/org/eclipse/jetty/http2/hpack/HpackDecoderTest.java index 6cb86619f0e..fa3b00acb23 100644 --- a/jetty-http2/http2-hpack/src/test/java/org/eclipse/jetty/http2/hpack/HpackDecoderTest.java +++ b/jetty-http2/http2-hpack/src/test/java/org/eclipse/jetty/http2/hpack/HpackDecoderTest.java @@ -22,10 +22,12 @@ package org.eclipse.jetty.http2.hpack; import java.nio.ByteBuffer; import java.util.Iterator; +import org.eclipse.jetty.http.BadMessageException; import org.eclipse.jetty.http.HttpField; import org.eclipse.jetty.http.HttpFields; import org.eclipse.jetty.http.HttpHeader; import org.eclipse.jetty.http.HttpScheme; +import org.eclipse.jetty.http.HttpStatus; import org.eclipse.jetty.http.HttpVersion; import org.eclipse.jetty.http.MetaData; import org.eclipse.jetty.util.BufferUtil; @@ -35,6 +37,7 @@ import org.hamcrest.Matchers; import org.junit.Assert; import org.junit.Test; +import static org.hamcrest.Matchers.equalTo; import static org.hamcrest.Matchers.is; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertFalse; @@ -187,4 +190,43 @@ public class HpackDecoderTest assertTrue(response.getFields().contains(new HttpField(HttpHeader.SERVER,"nghttpx nghttp2/1.12.0"))); assertTrue(response.getFields().contains(new HttpField(HttpHeader.VIA,"1.1 nghttpx"))); } + + @Test + public void testTooBigToIndex() + { + String encoded = "44FfEc02Df3990A190A0D4Ee5b3d2940Ec98Aa4a62D127D29e273a0aA20dEcAa190a503b262d8a2671D4A2672a927aA874988a2471D05510750c951139EdA2452a3a548cAa1aA90bE4B228342864A9E0D450A5474a92992a1aA513395448E3A0Aa17B96cFe3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f14E7Cf9f3e7cF9F3E7Cf9f3e7cF9F3E7Cf9f3e7cF9F3E7Cf9f3e7cF9F3E7Cf9f3e7cF9F3E7Cf9f3e7cF9F3E7Cf9f3e7cF9F3E7Cf9f3e7cF9F3E7Cf9f3e7cF9F3E7Cf9f3e7cF9F3E7Cf9f3e7cF9F3E7Cf9f3e7cF9F3E7Cf9f3e7cF9F3E7Cf9f3e7cF9F3E7Cf9f3e7cF9F3E7Cf9f3e7cF9F3E7Cf9f3e7cF9F353F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F54f"; + ByteBuffer buffer = ByteBuffer.wrap(TypeUtil.fromHexString(encoded)); + + HpackDecoder decoder = new HpackDecoder(128,8192); + try + { + decoder.decode(buffer); + Assert.fail(); + } + catch (BadMessageException e) + { + assertThat(e.getCode(),equalTo(HttpStatus.REQUEST_HEADER_FIELDS_TOO_LARGE_431)); + assertThat(e.getReason(),Matchers.startsWith("Indexed field value too large")); + } + } + + @Test + public void testUnknownIndex() + { + String encoded = "BE"; + ByteBuffer buffer = ByteBuffer.wrap(TypeUtil.fromHexString(encoded)); + + HpackDecoder decoder = new HpackDecoder(128,8192); + try + { + decoder.decode(buffer); + Assert.fail(); + } + catch (BadMessageException e) + { + assertThat(e.getCode(),equalTo(HttpStatus.BAD_REQUEST_400)); + assertThat(e.getReason(),Matchers.startsWith("Unknown index")); + } + + } } From 8dcdea45a1675dabd045c6f7e5f7d4353039f257 Mon Sep 17 00:00:00 2001 From: Greg Wilkins Date: Fri, 2 Dec 2016 14:05:54 +1100 Subject: [PATCH 5/8] Issue #1139 fixed empty directory commit --- .../resources/usecases/parameterized.addToStart.prepare.txt | 1 + .../test/resources/usecases/parameterized.commands.prepare.txt | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/jetty-start/src/test/resources/usecases/parameterized.addToStart.prepare.txt b/jetty-start/src/test/resources/usecases/parameterized.addToStart.prepare.txt index cbfa9f9a1e2..21c57a43d84 100644 --- a/jetty-start/src/test/resources/usecases/parameterized.addToStart.prepare.txt +++ b/jetty-start/src/test/resources/usecases/parameterized.addToStart.prepare.txt @@ -1,3 +1,4 @@ +--create-startd other=value name=changed name0=changed0 diff --git a/jetty-start/src/test/resources/usecases/parameterized.commands.prepare.txt b/jetty-start/src/test/resources/usecases/parameterized.commands.prepare.txt index d9de4cf59ff..62d85fc6724 100644 --- a/jetty-start/src/test/resources/usecases/parameterized.commands.prepare.txt +++ b/jetty-start/src/test/resources/usecases/parameterized.commands.prepare.txt @@ -1,3 +1,4 @@ +--create-startd other=value name=changed ---commands=etc/commands.txt \ No newline at end of file +--commands=etc/commands.txt From 73ee8f29bd585de2dbeafce15d805ab746f2ff9f Mon Sep 17 00:00:00 2001 From: Greg Wilkins Date: Fri, 2 Dec 2016 14:12:15 +1100 Subject: [PATCH 6/8] Issue #1139 fixed javadoc --- .../org/eclipse/jetty/start/BaseBuilder.java | 4 +- .../org/eclipse/jetty/start/StartArgs.java | 78 +++++++++---------- 2 files changed, 37 insertions(+), 45 deletions(-) diff --git a/jetty-start/src/main/java/org/eclipse/jetty/start/BaseBuilder.java b/jetty-start/src/main/java/org/eclipse/jetty/start/BaseBuilder.java index 754aaa7b52d..e3cfa3cf61a 100644 --- a/jetty-start/src/main/java/org/eclipse/jetty/start/BaseBuilder.java +++ b/jetty-start/src/main/java/org/eclipse/jetty/start/BaseBuilder.java @@ -50,8 +50,8 @@ public class BaseBuilder /** * Add a module to the start environment in ${jetty.base} * - * @param module - * the module to add + * @param module the module to add + * @param props The properties to substitute into a template * @return The ini file if module was added, null if module was not added. * @throws IOException if unable to add the module */ diff --git a/jetty-start/src/main/java/org/eclipse/jetty/start/StartArgs.java b/jetty-start/src/main/java/org/eclipse/jetty/start/StartArgs.java index 5e699aa2fd4..619dc43a705 100644 --- a/jetty-start/src/main/java/org/eclipse/jetty/start/StartArgs.java +++ b/jetty-start/src/main/java/org/eclipse/jetty/start/StartArgs.java @@ -113,7 +113,7 @@ public class StartArgs private static final String SERVER_MAIN = "org.eclipse.jetty.xml.XmlConfiguration"; private final BaseHome baseHome; - + /** List of enabled modules */ private List modules = new ArrayList<>(); @@ -154,14 +154,14 @@ public class StartArgs // jetty.base - build out commands /** --add-to-start[d]=[module,[module]] */ private List startModules = new ArrayList<>(); - + // module inspection commands /** --write-module-graph=[filename] */ private String moduleGraphFilename; /** Collection of all modules */ private Modules allModules; - + /** Should the server be run? */ private boolean run = true; @@ -182,7 +182,6 @@ public class StartArgs private boolean exec = false; private String exec_properties; private boolean approveAllLicenses = false; - public StartArgs(BaseHome baseHome) { @@ -411,8 +410,7 @@ public class StartArgs } /** - * Ensure that the System Properties are set (if defined as a System property, or start.config property, or - * start.ini property) + * Ensure that the System Properties are set (if defined as a System property, or start.config property, or start.ini property) * * @param key * the key to be sure of @@ -440,8 +438,6 @@ public class StartArgs /** * Expand any command line added --lib lib references. * - * @param baseHome - * the base home in use * @throws IOException * if unable to expand the libraries */ @@ -579,7 +575,7 @@ public class StartArgs ensureSystemPropertySet("STOP.WAIT"); // pass properties as args or as a file - if (dryRun && exec_properties==null) + if (dryRun && exec_properties == null) { for (Prop p : properties) cmd.addRawArg(CommandLineBuilder.quote(p.key) + "=" + CommandLineBuilder.quote(p.value)); @@ -587,14 +583,14 @@ public class StartArgs else if (properties.size() > 0) { Path prop_path; - if (exec_properties==null) + if (exec_properties == null) { - prop_path=Files.createTempFile("start_", ".properties"); + prop_path = Files.createTempFile("start_",".properties"); prop_path.toFile().deleteOnExit(); } else - prop_path=new File(exec_properties).toPath(); - + prop_path = new File(exec_properties).toPath(); + try (OutputStream out = Files.newOutputStream(prop_path)) { properties.store(out,"start.jar properties"); @@ -633,7 +629,7 @@ public class StartArgs return localRepo; } - + public Path findMavenLocalRepoDir() { // Try property first @@ -784,12 +780,12 @@ public class StartArgs { return version; } - + public boolean isCreateStartd() { return createStartd; } - + public void parse(ConfigSources sources) { ListIterator iter = sources.reverseListIterator(); @@ -855,15 +851,15 @@ public class StartArgs if (arg.startsWith("--commands=")) { Path commands = baseHome.getPath(Props.getValue(arg)); - + if (!Files.exists(commands) || !Files.isReadable(commands)) throw new UsageException(ERR_BAD_ARG,"--commands file must be readable: %s",commands); try { TextFile file = new TextFile(commands); StartLog.info("reading commands from %s",baseHome.toShortForm(commands)); - String s = source+"|"+baseHome.toShortForm(commands); - for (String line: file) + String s = source + "|" + baseHome.toShortForm(commands); + for (String line : file) { parse(line,s); } @@ -930,11 +926,11 @@ public class StartArgs exec = true; return; } - + // Assign a fixed name to the property file for exec if (arg.startsWith("--exec-properties=")) { - exec_properties=Props.getValue(arg); + exec_properties = Props.getValue(arg); if (!exec_properties.endsWith(".properties")) throw new UsageException(ERR_BAD_ARG,"--exec-properties filename must have .properties suffix: %s",exec_properties); return; @@ -970,7 +966,7 @@ public class StartArgs run = false; return; } - + // Module Management if ("--list-modules".equals(arg)) { @@ -978,18 +974,18 @@ public class StartArgs run = false; return; } - + if (arg.startsWith("--list-modules=")) { listModules = Props.getValues(arg); run = false; return; } - + // jetty.base build-out : add to ${jetty.base}/start.ini if ("--create-startd".equals(arg)) { - createStartd=true; + createStartd = true; run = false; createFiles = true; licenseCheckRequired = true; @@ -999,7 +995,7 @@ public class StartArgs { String value = Props.getValue(arg); StartLog.warn("--add-to-startd is deprecated! Instead use: --create-startd --add-to-start=%s",value); - createStartd=true; + createStartd = true; startModules.addAll(Props.getValues(arg)); run = false; createFiles = true; @@ -1083,29 +1079,29 @@ public class StartArgs if (key.endsWith("+")) { - key = key.substring(0,key.length()-1); + key = key.substring(0,key.length() - 1); String orig = getProperties().getString(key); if (orig == null || orig.isEmpty()) { if (value.startsWith(",")) - value=value.substring(1); + value = value.substring(1); } else { - value=orig+value; - source=propertySource.get(key)+","+source; + value = orig + value; + source = propertySource.get(key) + "," + source; } } if (key.endsWith("?")) { - key = key.substring(0,key.length()-1); + key = key.substring(0,key.length() - 1); if (getProperties().containsKey(key)) return; - + } - else if (propertySource.containsKey(key)) + else if (propertySource.containsKey(key)) { - if(!propertySource.get(key).endsWith("[ini]")) + if (!propertySource.get(key).endsWith("[ini]")) StartLog.warn("Property %s in %s already set in %s",key,source,propertySource.get(key)); propertySource.put(key,source); } @@ -1113,7 +1109,7 @@ public class StartArgs setProperty(key,value,source); return; } - + // Is this an xml file? if (FS.isXml(arg)) { @@ -1139,8 +1135,6 @@ public class StartArgs throw new UsageException(ERR_BAD_ARG,"Unrecognized argument: \"%s\" in %s",arg,source); } - - private void enableModules(String source, List moduleNames) { for (String moduleName : moduleNames) @@ -1155,7 +1149,7 @@ public class StartArgs list.add(source); } } - + public void resolveExtraXmls() throws IOException { // Find and Expand XML files @@ -1208,7 +1202,7 @@ public class StartArgs } properties.setProperty(key,value,source); - if(key.equals("java.version")) + if (key.equals("java.version")) { Version ver = new Version(value); @@ -1219,13 +1213,12 @@ public class StartArgs properties.setProperty("java.version.update",Integer.toString(ver.getUpdate()),source); } } - + public void setRun(boolean run) { this.run = run; } - - + @Override public String toString() { @@ -1242,5 +1235,4 @@ public class StartArgs return builder.toString(); } - } From 4b82f54ad370943d9da57cf3bf383ba9cb53b159 Mon Sep 17 00:00:00 2001 From: Greg Wilkins Date: Fri, 2 Dec 2016 14:34:37 +1100 Subject: [PATCH 7/8] Issue #117 fixed javadoc errors --- .../main/java/org/eclipse/jetty/websocket/api/Session.java | 2 ++ .../org/eclipse/jetty/websocket/api/UpgradeRequest.java | 6 +----- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/jetty-websocket/websocket-api/src/main/java/org/eclipse/jetty/websocket/api/Session.java b/jetty-websocket/websocket-api/src/main/java/org/eclipse/jetty/websocket/api/Session.java index 76d136acc9d..9c16c7b3f66 100644 --- a/jetty-websocket/websocket-api/src/main/java/org/eclipse/jetty/websocket/api/Session.java +++ b/jetty-websocket/websocket-api/src/main/java/org/eclipse/jetty/websocket/api/Session.java @@ -22,6 +22,8 @@ import java.io.Closeable; import java.io.IOException; import java.net.InetSocketAddress; +import org.eclipse.jetty.websocket.api.annotations.OnWebSocketClose; + /** * Session represents an active link of communications with a Remote WebSocket Endpoint. */ diff --git a/jetty-websocket/websocket-api/src/main/java/org/eclipse/jetty/websocket/api/UpgradeRequest.java b/jetty-websocket/websocket-api/src/main/java/org/eclipse/jetty/websocket/api/UpgradeRequest.java index a70981e815d..898734125b8 100644 --- a/jetty-websocket/websocket-api/src/main/java/org/eclipse/jetty/websocket/api/UpgradeRequest.java +++ b/jetty-websocket/websocket-api/src/main/java/org/eclipse/jetty/websocket/api/UpgradeRequest.java @@ -109,8 +109,6 @@ public interface UpgradeRequest /** * The host of the Upgrade Request URI - *

- * Equivalent to {@link #getRequestURI()#getHost()} * * @return host of the request URI */ @@ -140,7 +138,7 @@ public interface UpgradeRequest *

* See RFC6455: Section 10.2 for details. *

- * Equivalent to {@link #getHeader("Origin")} + * Equivalent to {@link #getHeader(String)} passed the "Origin" header. * * @return the Origin header */ @@ -165,8 +163,6 @@ public interface UpgradeRequest /** * Get the Query String of the request URI. - *

- * Equivalent to {@link #getRequestURI()#getQueryString()} * * @return the request uri query string */ From d7aa07936504be728d847609f924f363cd4dca3e Mon Sep 17 00:00:00 2001 From: Greg Wilkins Date: Fri, 2 Dec 2016 15:33:30 +1100 Subject: [PATCH 8/8] Issue #117 fixed javadoc errors --- .../eclipse/jetty/websocket/common/UpgradeResponseAdapter.java | 1 + 1 file changed, 1 insertion(+) diff --git a/jetty-websocket/websocket-common/src/main/java/org/eclipse/jetty/websocket/common/UpgradeResponseAdapter.java b/jetty-websocket/websocket-common/src/main/java/org/eclipse/jetty/websocket/common/UpgradeResponseAdapter.java index 88897e24920..100d9fc3ce0 100644 --- a/jetty-websocket/websocket-common/src/main/java/org/eclipse/jetty/websocket/common/UpgradeResponseAdapter.java +++ b/jetty-websocket/websocket-common/src/main/java/org/eclipse/jetty/websocket/common/UpgradeResponseAdapter.java @@ -25,6 +25,7 @@ import java.util.Map; import java.util.Set; import java.util.TreeMap; +import org.eclipse.jetty.websocket.api.UpgradeRequest; import org.eclipse.jetty.websocket.api.UpgradeResponse; import org.eclipse.jetty.websocket.api.WebSocketConstants; import org.eclipse.jetty.websocket.api.extensions.ExtensionConfig;