From c1dac27886c606110856bdf9f685c8f7dd6b6724 Mon Sep 17 00:00:00 2001
From: Jesse McConnell <jesse.mcconnell@gmail.com>
Date: Mon, 12 Dec 2011 16:17:30 -0600
Subject: [PATCH 1/2] Bug 366362 - JAX-WS over https returns the wrong request
 address. Applied patch by Kenny Stridh . Thanks!

---
 .../jetty/http/spi/HttpSpiContextHandler.java |  65 ++-
 .../eclipse/jetty/http/spi/JettyExchange.java |  28 +
 .../jetty/http/spi/JettyHttpExchange.java     | 479 +++++++++---------
 .../http/spi/JettyHttpExchangeDelegate.java   | 228 +++++++++
 .../jetty/http/spi/JettyHttpsExchange.java    | 179 +++++++
 5 files changed, 728 insertions(+), 251 deletions(-)
 create mode 100644 jetty-http-spi/src/main/java/org/eclipse/jetty/http/spi/JettyExchange.java
 create mode 100644 jetty-http-spi/src/main/java/org/eclipse/jetty/http/spi/JettyHttpExchangeDelegate.java
 create mode 100644 jetty-http-spi/src/main/java/org/eclipse/jetty/http/spi/JettyHttpsExchange.java

diff --git a/jetty-http-spi/src/main/java/org/eclipse/jetty/http/spi/HttpSpiContextHandler.java b/jetty-http-spi/src/main/java/org/eclipse/jetty/http/spi/HttpSpiContextHandler.java
index 9f6198e8598..62c30cac169 100644
--- a/jetty-http-spi/src/main/java/org/eclipse/jetty/http/spi/HttpSpiContextHandler.java
+++ b/jetty-http-spi/src/main/java/org/eclipse/jetty/http/spi/HttpSpiContextHandler.java
@@ -1,4 +1,5 @@
 package org.eclipse.jetty.http.spi;
+
 //========================================================================
 //Copyright (c) 2004-2009 Mort Bay Consulting Pty. Ltd.
 //------------------------------------------------------------------------
@@ -12,19 +13,22 @@ package org.eclipse.jetty.http.spi;
 //You may elect to redistribute this code under either of these licenses. 
 //========================================================================
 
-import com.sun.net.httpserver.Authenticator;
-import com.sun.net.httpserver.Authenticator.Result;
-import com.sun.net.httpserver.HttpContext;
-import com.sun.net.httpserver.HttpHandler;
-import com.sun.net.httpserver.HttpPrincipal;
-import org.eclipse.jetty.server.Request;
-import org.eclipse.jetty.server.handler.ContextHandler;
+import java.io.IOException;
+import java.io.PrintWriter;
 
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-import java.io.PrintWriter;
+
+import org.eclipse.jetty.server.Request;
+import org.eclipse.jetty.server.handler.ContextHandler;
+
+import com.sun.net.httpserver.Authenticator;
+import com.sun.net.httpserver.Authenticator.Result;
+import com.sun.net.httpserver.HttpContext;
+import com.sun.net.httpserver.HttpExchange;
+import com.sun.net.httpserver.HttpHandler;
+import com.sun.net.httpserver.HttpPrincipal;
 
 /**
  * Jetty handler that bridges requests to {@link HttpHandler}.
@@ -36,7 +40,6 @@ public class HttpSpiContextHandler extends ContextHandler
 
     private HttpHandler _httpHandler;
 
-
     public HttpSpiContextHandler(HttpContext httpContext, HttpHandler httpHandler)
     {
         this._httpContext = httpContext;
@@ -46,9 +49,20 @@ public class HttpSpiContextHandler extends ContextHandler
     @Override
     public void doScope(String target, Request baseRequest, HttpServletRequest req, HttpServletResponse resp) throws IOException, ServletException
     {
-        if (!target.startsWith(getContextPath())) return;
+        if (!target.startsWith(getContextPath()))
+        {
+            return;
+        }
 
-        JettyHttpExchange jettyHttpExchange = new JettyHttpExchange(_httpContext, req, resp);
+        HttpExchange jettyHttpExchange;
+        if (baseRequest.isSecure())
+        {
+            jettyHttpExchange = new JettyHttpsExchange(_httpContext,req,resp);
+        }
+        else
+        {
+            jettyHttpExchange = new JettyHttpExchange(_httpContext,req,resp);
+        }
 
         // TODO: add filters processing
 
@@ -56,38 +70,41 @@ public class HttpSpiContextHandler extends ContextHandler
         {
             Authenticator auth = _httpContext.getAuthenticator();
             if (auth != null)
-                handleAuthentication(resp, jettyHttpExchange, auth);
+            {
+                handleAuthentication(resp,jettyHttpExchange,auth);
+            }
             else
+            {
                 _httpHandler.handle(jettyHttpExchange);
+            }
         }
-        catch(Exception ex)
+        catch (Exception ex)
         {
             PrintWriter writer = new PrintWriter(jettyHttpExchange.getResponseBody());
-            
+
             resp.setStatus(500);
             writer.println("<h2>HTTP ERROR: 500</h2>");
             writer.println("<pre>INTERNAL_SERVER_ERROR</pre>");
             writer.println("<p>RequestURI=" + req.getRequestURI() + "</p>");
-            
+
             writer.println("<pre>");
             ex.printStackTrace(writer);
             writer.println("</pre>");
-            
+
             writer.println("<p><i><small><a href=\"http://jetty.mortbay.org\">Powered by jetty://</a></small></i></p>");
-            
+
             writer.close();
         }
         finally
         {
             baseRequest.setHandled(true);
         }
-        
+
     }
 
-
-    private void handleAuthentication(HttpServletResponse resp, JettyHttpExchange jettyHttpExchange, Authenticator auth) throws IOException
+    private void handleAuthentication(HttpServletResponse resp, HttpExchange httpExchange, Authenticator auth) throws IOException
     {
-        Result result = auth.authenticate(jettyHttpExchange);
+        Result result = auth.authenticate(httpExchange);
         if (result instanceof Authenticator.Failure)
         {
             int rc = ((Authenticator.Failure)result).getResponseCode();
@@ -101,8 +118,8 @@ public class HttpSpiContextHandler extends ContextHandler
         else if (result instanceof Authenticator.Success)
         {
             HttpPrincipal principal = ((Authenticator.Success)result).getPrincipal();
-            jettyHttpExchange.setPrincipal(principal);
-            _httpHandler.handle(jettyHttpExchange);
+            ((JettyExchange)httpExchange).setPrincipal(principal);
+            _httpHandler.handle(httpExchange);
         }
     }
 
diff --git a/jetty-http-spi/src/main/java/org/eclipse/jetty/http/spi/JettyExchange.java b/jetty-http-spi/src/main/java/org/eclipse/jetty/http/spi/JettyExchange.java
new file mode 100644
index 00000000000..f448c118185
--- /dev/null
+++ b/jetty-http-spi/src/main/java/org/eclipse/jetty/http/spi/JettyExchange.java
@@ -0,0 +1,28 @@
+// ========================================================================
+// Copyright (c) 2009-2009 Mort Bay Consulting Pty. Ltd.
+// ------------------------------------------------------------------------
+// All rights reserved. This program and the accompanying materials
+// are made available under the terms of the Eclipse Public License v1.0
+// and Apache License v2.0 which accompanies this distribution.
+// The Eclipse Public License is available at 
+// http://www.eclipse.org/legal/epl-v10.html
+// The Apache License v2.0 is available at
+// http://www.opensource.org/licenses/apache2.0.php
+// You may elect to redistribute this code under either of these licenses. 
+// ========================================================================
+
+package org.eclipse.jetty.http.spi;
+
+import com.sun.net.httpserver.HttpPrincipal;
+
+/* ------------------------------------------------------------ */
+/**
+ */
+public interface JettyExchange
+{
+
+    HttpPrincipal getPrincipal();
+
+    void setPrincipal(HttpPrincipal principal);
+
+}
\ No newline at end of file
diff --git a/jetty-http-spi/src/main/java/org/eclipse/jetty/http/spi/JettyHttpExchange.java b/jetty-http-spi/src/main/java/org/eclipse/jetty/http/spi/JettyHttpExchange.java
index 9ce8e959d83..41809d036e3 100644
--- a/jetty-http-spi/src/main/java/org/eclipse/jetty/http/spi/JettyHttpExchange.java
+++ b/jetty-http-spi/src/main/java/org/eclipse/jetty/http/spi/JettyHttpExchange.java
@@ -1,227 +1,252 @@
-package org.eclipse.jetty.http.spi;
-
-//========================================================================
-//Copyright (c) 2004-2009 Mort Bay Consulting Pty. Ltd.
-//------------------------------------------------------------------------
-//All rights reserved. This program and the accompanying materials
-//are made available under the terms of the Eclipse Public License v1.0
-//and Apache License v2.0 which accompanies this distribution.
-//The Eclipse Public License is available at 
-//http://www.eclipse.org/legal/epl-v10.html
-//The Apache License v2.0 is available at
-//http://www.opensource.org/licenses/apache2.0.php
-//You may elect to redistribute this code under either of these licenses. 
-//========================================================================
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-import java.net.InetSocketAddress;
-import java.net.URI;
-import java.net.URISyntaxException;
-import java.util.Enumeration;
-import java.util.List;
-import java.util.Map;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import com.sun.net.httpserver.Headers;
-import com.sun.net.httpserver.HttpContext;
-import com.sun.net.httpserver.HttpExchange;
-import com.sun.net.httpserver.HttpPrincipal;
-
-/**
- * Jetty implementation of {@link com.sun.net.httpserver.HttpExchange}
- */
-public class JettyHttpExchange extends HttpExchange
-{
-
-    private HttpContext _httpContext;
-
-    private HttpServletRequest _req;
-
-    private HttpServletResponse _resp;
-
-    private Headers _responseHeaders = new Headers();
-
-    private int _responseCode = 0;
-
-    private InputStream _is;
-
-    private OutputStream _os;
-
-	private HttpPrincipal _httpPrincipal;
-
-
-    public JettyHttpExchange(HttpContext jaxWsContext , HttpServletRequest req,
-            HttpServletResponse resp)
-    {
-        this._httpContext = jaxWsContext;
-        this._req = req;
-        this._resp = resp;
-        try
-        {
-            this._is = req.getInputStream();
-            this._os = resp.getOutputStream();
-        }
-        catch (IOException ex)
-        {
-            throw new RuntimeException(ex);
-        }
-    }
-
-    @Override
-    public Headers getRequestHeaders()
-    {
-        Headers headers = new Headers();
-        Enumeration<?> en = _req.getHeaderNames();
-        while (en.hasMoreElements())
-        {
-            String name = (String) en.nextElement();
-            Enumeration<?> en2 = _req.getHeaders(name);
-            while (en2.hasMoreElements())
-            {
-                String value = (String) en2.nextElement();
-                headers.add(name, value);
-            }
-        }
-        return headers;
-    }
-
-    @Override
-    public Headers getResponseHeaders()
-    {
-        return _responseHeaders;
-    }
-
-    @Override
-    public URI getRequestURI()
-    {
-        try
-        {
-        	String uriAsString = _req.getRequestURI();
-        	if (_req.getQueryString() != null)
-        		uriAsString += "?" + _req.getQueryString();
-        	
-            return new URI(uriAsString);
-        }
-        catch (URISyntaxException ex)
-        {
-            throw new RuntimeException(ex);
-        }
-    }
-
-    @Override
-    public String getRequestMethod()
-    {
-        return _req.getMethod();
-    }
-
-    @Override
-    public HttpContext getHttpContext()
-    {
-        return _httpContext;
-    }
-
-    @Override
-    public void close()
-    {
-        try
-        {
-            _resp.getOutputStream().close();
-        }
-        catch (IOException ex)
-        {
-            throw new RuntimeException(ex);
-        }
-    }
-
-    @Override
-    public InputStream getRequestBody()
-    {
-        return _is;
-    }
-
-    @Override
-    public OutputStream getResponseBody()
-    {
-        return _os;
-    }
-
-    @Override
-    public void sendResponseHeaders(int rCode, long responseLength)
-            throws IOException
-    {
-        this._responseCode = rCode;
-
-        for (Map.Entry<String, List<String>> stringListEntry : _responseHeaders.entrySet())
-        {
-            String name = stringListEntry.getKey();
-            List<String> values = stringListEntry.getValue();
-
-            for (String value : values)
-            {
-                _resp.setHeader(name, value);
-            }
-        }
-        if (responseLength > 0)
-            _resp.setHeader("content-length", "" + responseLength);
-        _resp.setStatus(rCode);
-    }
-
-    @Override
-    public InetSocketAddress getRemoteAddress()
-    {
-        return new InetSocketAddress(_req.getRemoteAddr(), _req.getRemotePort());
-    }
-
-    @Override
-    public int getResponseCode()
-    {
-        return _responseCode;
-    }
-
-    @Override
-    public InetSocketAddress getLocalAddress()
-    {
-        return new InetSocketAddress(_req.getLocalAddr(), _req.getLocalPort());
-    }
-
-    @Override
-    public String getProtocol()
-    {
-        return _req.getProtocol();
-    }
-
-    @Override
-    public Object getAttribute(String name)
-    {
-        return _req.getAttribute(name);
-    }
-
-    @Override
-    public void setAttribute(String name, Object value)
-    {
-        _req.setAttribute(name, value);
-    }
-
-    @Override
-    public void setStreams(InputStream i, OutputStream o)
-    {
-        _is = i;
-        _os = o;
-    }
-
-    @Override
-    public HttpPrincipal getPrincipal()
-    {
-    	return _httpPrincipal;
-    }
-    
-    public void setPrincipal(HttpPrincipal principal)
-    {
-    	this._httpPrincipal = principal;
-    }
-
-}
+// ========================================================================
+// Copyright (c) 2009-2009 Mort Bay Consulting Pty. Ltd.
+// ------------------------------------------------------------------------
+// All rights reserved. This program and the accompanying materials
+// are made available under the terms of the Eclipse Public License v1.0
+// and Apache License v2.0 which accompanies this distribution.
+// The Eclipse Public License is available at 
+// http://www.eclipse.org/legal/epl-v10.html
+// The Apache License v2.0 is available at
+// http://www.opensource.org/licenses/apache2.0.php
+// You may elect to redistribute this code under either of these licenses. 
+// ========================================================================
+
+package org.eclipse.jetty.http.spi;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.net.InetSocketAddress;
+import java.net.URI;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import com.sun.net.httpserver.Headers;
+import com.sun.net.httpserver.HttpContext;
+import com.sun.net.httpserver.HttpExchange;
+import com.sun.net.httpserver.HttpPrincipal;
+
+/* ------------------------------------------------------------ */
+/**
+ */
+public class JettyHttpExchange extends HttpExchange implements JettyExchange
+{
+    private JettyHttpExchangeDelegate _delegate;
+
+    public JettyHttpExchange(HttpContext jaxWsContext, HttpServletRequest req, HttpServletResponse resp)
+    {
+        super();
+        _delegate = new JettyHttpExchangeDelegate(jaxWsContext,req,resp);
+    }
+
+    /* ------------------------------------------------------------ */
+    /**
+     * @see org.eclipse.jetty.http.spi.JettyExchange#hashCode()
+     */
+    @Override
+    public int hashCode()
+    {
+        return _delegate.hashCode();
+    }
+
+    /* ------------------------------------------------------------ */
+    /**
+     * @see org.eclipse.jetty.http.spi.JettyExchange#getRequestHeaders()
+     */
+    @Override
+    public Headers getRequestHeaders()
+    {
+        return _delegate.getRequestHeaders();
+    }
+
+    /* ------------------------------------------------------------ */
+    /**
+     * @see org.eclipse.jetty.http.spi.JettyExchange#getResponseHeaders()
+     */
+    @Override
+    public Headers getResponseHeaders()
+    {
+        return _delegate.getResponseHeaders();
+    }
+
+    /* ------------------------------------------------------------ */
+    /**
+     * @see org.eclipse.jetty.http.spi.JettyExchange#getRequestURI()
+     */
+    @Override
+    public URI getRequestURI()
+    {
+        return _delegate.getRequestURI();
+    }
+
+    /* ------------------------------------------------------------ */
+    /**
+     * @see org.eclipse.jetty.http.spi.JettyExchange#getRequestMethod()
+     */
+    @Override
+    public String getRequestMethod()
+    {
+        return _delegate.getRequestMethod();
+    }
+
+    /* ------------------------------------------------------------ */
+    /**
+     * @see org.eclipse.jetty.http.spi.JettyExchange#getHttpContext()
+     */
+    @Override
+    public HttpContext getHttpContext()
+    {
+        return _delegate.getHttpContext();
+    }
+
+    /* ------------------------------------------------------------ */
+    /**
+     * @see org.eclipse.jetty.http.spi.JettyExchange#close()
+     */
+    @Override
+    public void close()
+    {
+        _delegate.close();
+    }
+
+    /* ------------------------------------------------------------ */
+    /**
+     * @see org.eclipse.jetty.http.spi.JettyExchange#equals(java.lang.Object)
+     */
+    @Override
+    public boolean equals(Object obj)
+    {
+        return _delegate.equals(obj);
+    }
+
+    /* ------------------------------------------------------------ */
+    /**
+     * @see org.eclipse.jetty.http.spi.JettyExchange#getRequestBody()
+     */
+    @Override
+    public InputStream getRequestBody()
+    {
+        return _delegate.getRequestBody();
+    }
+
+    /* ------------------------------------------------------------ */
+    /**
+     * @see org.eclipse.jetty.http.spi.JettyExchange#getResponseBody()
+     */
+    @Override
+    public OutputStream getResponseBody()
+    {
+        return _delegate.getResponseBody();
+    }
+
+    /* ------------------------------------------------------------ */
+    /**
+     * @see org.eclipse.jetty.http.spi.JettyExchange#sendResponseHeaders(int, long)
+     */
+    @Override
+    public void sendResponseHeaders(int rCode, long responseLength) throws IOException
+    {
+        _delegate.sendResponseHeaders(rCode,responseLength);
+    }
+
+    /* ------------------------------------------------------------ */
+    /**
+     * @see org.eclipse.jetty.http.spi.JettyExchange#getRemoteAddress()
+     */
+    @Override
+    public InetSocketAddress getRemoteAddress()
+    {
+        return _delegate.getRemoteAddress();
+    }
+
+    /* ------------------------------------------------------------ */
+    /**
+     * @see org.eclipse.jetty.http.spi.JettyExchange#getResponseCode()
+     */
+    @Override
+    public int getResponseCode()
+    {
+        return _delegate.getResponseCode();
+    }
+
+    /* ------------------------------------------------------------ */
+    /**
+     * @see org.eclipse.jetty.http.spi.JettyExchange#getLocalAddress()
+     */
+    @Override
+    public InetSocketAddress getLocalAddress()
+    {
+        return _delegate.getLocalAddress();
+    }
+
+    /* ------------------------------------------------------------ */
+    /**
+     * @see org.eclipse.jetty.http.spi.JettyExchange#getProtocol()
+     */
+    @Override
+    public String getProtocol()
+    {
+        return _delegate.getProtocol();
+    }
+
+    /* ------------------------------------------------------------ */
+    /**
+     * @see org.eclipse.jetty.http.spi.JettyExchange#getAttribute(java.lang.String)
+     */
+    @Override
+    public Object getAttribute(String name)
+    {
+        return _delegate.getAttribute(name);
+    }
+
+    /* ------------------------------------------------------------ */
+    /**
+     * @see org.eclipse.jetty.http.spi.JettyExchange#setAttribute(java.lang.String, java.lang.Object)
+     */
+    @Override
+    public void setAttribute(String name, Object value)
+    {
+        _delegate.setAttribute(name,value);
+    }
+
+    /* ------------------------------------------------------------ */
+    /**
+     * @see org.eclipse.jetty.http.spi.JettyExchange#setStreams(java.io.InputStream, java.io.OutputStream)
+     */
+    @Override
+    public void setStreams(InputStream i, OutputStream o)
+    {
+        _delegate.setStreams(i,o);
+    }
+
+    /* ------------------------------------------------------------ */
+    /**
+     * @see org.eclipse.jetty.http.spi.JettyExchange#getPrincipal()
+     */
+    @Override
+    public HttpPrincipal getPrincipal()
+    {
+        return _delegate.getPrincipal();
+    }
+
+    /* ------------------------------------------------------------ */
+    /**
+     * @see org.eclipse.jetty.http.spi.JettyExchange#setPrincipal(com.sun.net.httpserver.HttpPrincipal)
+     */
+    public void setPrincipal(HttpPrincipal principal)
+    {
+        _delegate.setPrincipal(principal);
+    }
+
+    /* ------------------------------------------------------------ */
+    /**
+     * @see org.eclipse.jetty.http.spi.JettyExchange#toString()
+     */
+    @Override
+    public String toString()
+    {
+        return _delegate.toString();
+    }
+
+}
diff --git a/jetty-http-spi/src/main/java/org/eclipse/jetty/http/spi/JettyHttpExchangeDelegate.java b/jetty-http-spi/src/main/java/org/eclipse/jetty/http/spi/JettyHttpExchangeDelegate.java
new file mode 100644
index 00000000000..b772afbe598
--- /dev/null
+++ b/jetty-http-spi/src/main/java/org/eclipse/jetty/http/spi/JettyHttpExchangeDelegate.java
@@ -0,0 +1,228 @@
+package org.eclipse.jetty.http.spi;
+
+//========================================================================
+//Copyright (c) 2004-2009 Mort Bay Consulting Pty. Ltd.
+//------------------------------------------------------------------------
+//All rights reserved. This program and the accompanying materials
+//are made available under the terms of the Eclipse Public License v1.0
+//and Apache License v2.0 which accompanies this distribution.
+//The Eclipse Public License is available at 
+//http://www.eclipse.org/legal/epl-v10.html
+//The Apache License v2.0 is available at
+//http://www.opensource.org/licenses/apache2.0.php
+//You may elect to redistribute this code under either of these licenses. 
+//========================================================================
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.net.InetSocketAddress;
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.util.Enumeration;
+import java.util.List;
+import java.util.Map;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import com.sun.net.httpserver.Headers;
+import com.sun.net.httpserver.HttpContext;
+import com.sun.net.httpserver.HttpExchange;
+import com.sun.net.httpserver.HttpPrincipal;
+
+/**
+ * Jetty implementation of {@link com.sun.net.httpserver.HttpExchange}
+ */
+public class JettyHttpExchangeDelegate extends HttpExchange
+{
+
+    private HttpContext _httpContext;
+
+    private HttpServletRequest _req;
+
+    private HttpServletResponse _resp;
+
+    private Headers _responseHeaders = new Headers();
+
+    private int _responseCode = 0;
+
+    private InputStream _is;
+
+    private OutputStream _os;
+
+    private HttpPrincipal _httpPrincipal;
+
+    JettyHttpExchangeDelegate(HttpContext jaxWsContext, HttpServletRequest req, HttpServletResponse resp)
+    {
+        this._httpContext = jaxWsContext;
+        this._req = req;
+        this._resp = resp;
+        try
+        {
+            this._is = req.getInputStream();
+            this._os = resp.getOutputStream();
+        }
+        catch (IOException ex)
+        {
+            throw new RuntimeException(ex);
+        }
+    }
+
+    @Override
+    public Headers getRequestHeaders()
+    {
+        Headers headers = new Headers();
+        Enumeration<?> en = _req.getHeaderNames();
+        while (en.hasMoreElements())
+        {
+            String name = (String)en.nextElement();
+            Enumeration<?> en2 = _req.getHeaders(name);
+            while (en2.hasMoreElements())
+            {
+                String value = (String)en2.nextElement();
+                headers.add(name,value);
+            }
+        }
+        return headers;
+    }
+
+    @Override
+    public Headers getResponseHeaders()
+    {
+        return _responseHeaders;
+    }
+
+    @Override
+    public URI getRequestURI()
+    {
+        try
+        {
+            String uriAsString = _req.getRequestURI();
+            if (_req.getQueryString() != null)
+            {
+                uriAsString += "?" + _req.getQueryString();
+            }
+
+            return new URI(uriAsString);
+        }
+        catch (URISyntaxException ex)
+        {
+            throw new RuntimeException(ex);
+        }
+    }
+
+    @Override
+    public String getRequestMethod()
+    {
+        return _req.getMethod();
+    }
+
+    @Override
+    public HttpContext getHttpContext()
+    {
+        return _httpContext;
+    }
+
+    @Override
+    public void close()
+    {
+        try
+        {
+            _resp.getOutputStream().close();
+        }
+        catch (IOException ex)
+        {
+            throw new RuntimeException(ex);
+        }
+    }
+
+    @Override
+    public InputStream getRequestBody()
+    {
+        return _is;
+    }
+
+    @Override
+    public OutputStream getResponseBody()
+    {
+        return _os;
+    }
+
+    @Override
+    public void sendResponseHeaders(int rCode, long responseLength) throws IOException
+    {
+        this._responseCode = rCode;
+
+        for (Map.Entry<String, List<String>> stringListEntry : _responseHeaders.entrySet())
+        {
+            String name = stringListEntry.getKey();
+            List<String> values = stringListEntry.getValue();
+
+            for (String value : values)
+            {
+                _resp.setHeader(name,value);
+            }
+        }
+        if (responseLength > 0)
+        {
+            _resp.setHeader("content-length","" + responseLength);
+        }
+        _resp.setStatus(rCode);
+    }
+
+    @Override
+    public InetSocketAddress getRemoteAddress()
+    {
+        return new InetSocketAddress(_req.getRemoteAddr(),_req.getRemotePort());
+    }
+
+    @Override
+    public int getResponseCode()
+    {
+        return _responseCode;
+    }
+
+    @Override
+    public InetSocketAddress getLocalAddress()
+    {
+        return new InetSocketAddress(_req.getLocalAddr(),_req.getLocalPort());
+    }
+
+    @Override
+    public String getProtocol()
+    {
+        return _req.getProtocol();
+    }
+
+    @Override
+    public Object getAttribute(String name)
+    {
+        return _req.getAttribute(name);
+    }
+
+    @Override
+    public void setAttribute(String name, Object value)
+    {
+        _req.setAttribute(name,value);
+    }
+
+    @Override
+    public void setStreams(InputStream i, OutputStream o)
+    {
+        _is = i;
+        _os = o;
+    }
+
+    @Override
+    public HttpPrincipal getPrincipal()
+    {
+        return _httpPrincipal;
+    }
+
+    public void setPrincipal(HttpPrincipal principal)
+    {
+        this._httpPrincipal = principal;
+    }
+
+}
diff --git a/jetty-http-spi/src/main/java/org/eclipse/jetty/http/spi/JettyHttpsExchange.java b/jetty-http-spi/src/main/java/org/eclipse/jetty/http/spi/JettyHttpsExchange.java
new file mode 100644
index 00000000000..f4af2b99ce9
--- /dev/null
+++ b/jetty-http-spi/src/main/java/org/eclipse/jetty/http/spi/JettyHttpsExchange.java
@@ -0,0 +1,179 @@
+// ========================================================================
+// Copyright (c) 2009-2009 Mort Bay Consulting Pty. Ltd.
+// ------------------------------------------------------------------------
+// All rights reserved. This program and the accompanying materials
+// are made available under the terms of the Eclipse Public License v1.0
+// and Apache License v2.0 which accompanies this distribution.
+// The Eclipse Public License is available at 
+// http://www.eclipse.org/legal/epl-v10.html
+// The Apache License v2.0 is available at
+// http://www.opensource.org/licenses/apache2.0.php
+// You may elect to redistribute this code under either of these licenses. 
+// ========================================================================
+
+package org.eclipse.jetty.http.spi;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.net.InetSocketAddress;
+import java.net.URI;
+
+import javax.net.ssl.SSLSession;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import com.sun.net.httpserver.Headers;
+import com.sun.net.httpserver.HttpContext;
+import com.sun.net.httpserver.HttpPrincipal;
+import com.sun.net.httpserver.HttpsExchange;
+
+/* ------------------------------------------------------------ */
+/**
+ */
+public class JettyHttpsExchange extends HttpsExchange implements JettyExchange
+{
+    private JettyHttpExchangeDelegate _delegate;
+
+    public JettyHttpsExchange(HttpContext jaxWsContext, HttpServletRequest req, HttpServletResponse resp)
+    {
+        super();
+        _delegate = new JettyHttpExchangeDelegate(jaxWsContext,req,resp);
+    }
+
+    @Override
+    public int hashCode()
+    {
+        return _delegate.hashCode();
+    }
+
+    @Override
+    public Headers getRequestHeaders()
+    {
+        return _delegate.getRequestHeaders();
+    }
+
+    @Override
+    public Headers getResponseHeaders()
+    {
+        return _delegate.getResponseHeaders();
+    }
+
+    @Override
+    public URI getRequestURI()
+    {
+        return _delegate.getRequestURI();
+    }
+
+    @Override
+    public String getRequestMethod()
+    {
+        return _delegate.getRequestMethod();
+    }
+
+    @Override
+    public HttpContext getHttpContext()
+    {
+        return _delegate.getHttpContext();
+    }
+
+    @Override
+    public void close()
+    {
+        _delegate.close();
+    }
+
+    @Override
+    public boolean equals(Object obj)
+    {
+        return _delegate.equals(obj);
+    }
+
+    @Override
+    public InputStream getRequestBody()
+    {
+        return _delegate.getRequestBody();
+    }
+
+    @Override
+    public OutputStream getResponseBody()
+    {
+        return _delegate.getResponseBody();
+    }
+
+    @Override
+    public void sendResponseHeaders(int rCode, long responseLength) throws IOException
+    {
+        _delegate.sendResponseHeaders(rCode,responseLength);
+    }
+
+    @Override
+    public InetSocketAddress getRemoteAddress()
+    {
+        return _delegate.getRemoteAddress();
+    }
+
+    @Override
+    public int getResponseCode()
+    {
+        return _delegate.getResponseCode();
+    }
+
+    @Override
+    public InetSocketAddress getLocalAddress()
+    {
+        return _delegate.getLocalAddress();
+    }
+
+    @Override
+    public String getProtocol()
+    {
+        return _delegate.getProtocol();
+    }
+
+    @Override
+    public Object getAttribute(String name)
+    {
+        return _delegate.getAttribute(name);
+    }
+
+    @Override
+    public void setAttribute(String name, Object value)
+    {
+        _delegate.setAttribute(name,value);
+    }
+
+    @Override
+    public void setStreams(InputStream i, OutputStream o)
+    {
+        _delegate.setStreams(i,o);
+    }
+
+    @Override
+    public HttpPrincipal getPrincipal()
+    {
+        return _delegate.getPrincipal();
+    }
+
+    public void setPrincipal(HttpPrincipal principal)
+    {
+        _delegate.setPrincipal(principal);
+    }
+
+    @Override
+    public String toString()
+    {
+        return _delegate.toString();
+    }
+
+    /* ------------------------------------------------------------ */
+    /**
+     * @see com.sun.net.httpserver.HttpsExchange#getSSLSession()
+     */
+    @Override
+    public SSLSession getSSLSession()
+    {
+        return null;
+    }
+
+}

From dfb96dfeeb7dbbdafae87496da671cb0ee5b71e4 Mon Sep 17 00:00:00 2001
From: Jan Bartel <janb@webtide.com>
Date: Tue, 13 Dec 2011 11:07:26 +1100
Subject: [PATCH 2/2] 366342 Dont persist DosFilter trackers in http session

---
 .../org/eclipse/jetty/servlets/DoSFilter.java | 63 ++++++++++++++-----
 1 file changed, 47 insertions(+), 16 deletions(-)

diff --git a/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/DoSFilter.java b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/DoSFilter.java
index 69bd7d89265..6c12e2e75b3 100644
--- a/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/DoSFilter.java
+++ b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/DoSFilter.java
@@ -14,7 +14,9 @@
 package org.eclipse.jetty.servlets;
 
 import java.io.IOException;
+import java.io.Serializable;
 import java.util.HashSet;
+import java.util.Map;
 import java.util.Queue;
 import java.util.StringTokenizer;
 import java.util.concurrent.ConcurrentHashMap;
@@ -32,8 +34,10 @@ import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
+import javax.servlet.http.HttpSessionActivationListener;
 import javax.servlet.http.HttpSessionBindingEvent;
 import javax.servlet.http.HttpSessionBindingListener;
+import javax.servlet.http.HttpSessionEvent;
 
 import org.eclipse.jetty.continuation.Continuation;
 import org.eclipse.jetty.continuation.ContinuationListener;
@@ -908,13 +912,14 @@ public class DoSFilter implements Filter
      * A RateTracker is associated with a connection, and stores request rate
      * data.
      */
-    class RateTracker extends Timeout.Task implements HttpSessionBindingListener
+    class RateTracker extends Timeout.Task implements HttpSessionBindingListener, HttpSessionActivationListener
     {
-        protected final String _id;
-        protected final int _type;
-        protected final long[] _timestamps;
-        protected int _next;
-
+        transient protected final String _id;
+        transient protected final int _type;
+        transient protected final long[] _timestamps;
+        transient protected int _next;
+       
+        
         public RateTracker(String id, int type,int maxRequestsPerSecond)
         {
             _id = id;
@@ -953,25 +958,49 @@ public class DoSFilter implements Filter
 
 
         public void valueBound(HttpSessionBindingEvent event)
-        {
+        { 
+            if (LOG.isDebugEnabled())
+                LOG.debug("Value bound:"+_id);
         }
 
         public void valueUnbound(HttpSessionBindingEvent event)
         {
-            _rateTrackers.remove(_id);
+            //take the tracker out of the list of trackers
+            if (_rateTrackers != null)
+                _rateTrackers.remove(_id); 
+           if (LOG.isDebugEnabled()) LOG.debug("Tracker removed: "+_id);
         }
 
+        public void sessionWillPassivate(HttpSessionEvent se)
+        {
+            //take the tracker of the list of trackers (if its still there)
+            //and ensure that we take ourselves out of the session so we are not saved
+            if (_rateTrackers != null)
+                _rateTrackers.remove(_id);
+            se.getSession().removeAttribute(__TRACKER);
+            if (LOG.isDebugEnabled()) LOG.debug("Value removed: "+_id);
+        }
+
+        public void sessionDidActivate(HttpSessionEvent se)
+        {
+            LOG.warn("Unexpected session activation");
+        }
+        
+        
         public void expired()
         {
-            long now = _trackerTimeoutQ.getNow();
-            int latestIndex = _next == 0 ? 3 : (_next - 1 ) % _timestamps.length;
-            long last=_timestamps[latestIndex];
-            boolean hasRecentRequest = last != 0 && (now-last)<1000L;
+            if (_rateTrackers != null && _trackerTimeoutQ != null)
+            {
+                long now = _trackerTimeoutQ.getNow();
+                int latestIndex = _next == 0 ? 3 : (_next - 1 ) % _timestamps.length;
+                long last=_timestamps[latestIndex];
+                boolean hasRecentRequest = last != 0 && (now-last)<1000L;
 
-            if (hasRecentRequest)
-                reschedule();
-            else
-                _rateTrackers.remove(_id);
+                if (hasRecentRequest)
+                    reschedule();
+                else
+                    _rateTrackers.remove(_id);
+            }
         }
 
         @Override
@@ -979,6 +1008,8 @@ public class DoSFilter implements Filter
         {
             return "RateTracker/"+_id+"/"+_type;
         }
+
+    
     }
 
     class FixedRateTracker extends RateTracker