From d66058732fbbd8e3de382d29642e4659dc56d192 Mon Sep 17 00:00:00 2001 From: Joakim Erdfelt Date: Wed, 8 Mar 2023 15:12:28 -0600 Subject: [PATCH 01/30] Initial Dependency Update Reports --- .gitignore | 3 ++ build/scripts/dependency-update-reports.sh | 34 ++++++++++++++++++++++ jetty-core/pom.xml | 32 ++++++++++++++++++++ jetty-ee8/pom.xml | 32 ++++++++++++++++++++ pom.xml | 30 +++++++++++++++++++ 5 files changed, 131 insertions(+) create mode 100755 build/scripts/dependency-update-reports.sh diff --git a/.gitignore b/.gitignore index 2ae9eb757e6..918c60f7fc3 100644 --- a/.gitignore +++ b/.gitignore @@ -49,3 +49,6 @@ bin/ # test generated content */src/test/*/WEB-INF/lib/test*.jar .flattened-pom.xml + +# reports +reports/ diff --git a/build/scripts/dependency-update-reports.sh b/build/scripts/dependency-update-reports.sh new file mode 100755 index 00000000000..bac950bb846 --- /dev/null +++ b/build/scripts/dependency-update-reports.sh @@ -0,0 +1,34 @@ +#!/usr/bin/env bash + +echo "# This script is meant to be run from the root of the project" +echo "[jetty.project-12.0.0x]$ build/scripts/dependency-updates-report.sh" + +PWD=$(pwd) +REPORT_OUTPUT_DIR=$PWD/reports/dependency-update-reports/ + +if [ -d $REPORT_OUTPUT_DIR ] ; then + rm -rf $REPORT_OUTPUT_DIR/* +fi + +mkdir -p $REPORT_OUTPUT_DIR + +echo "HTML Reports can be found in $REPORT_OUTPUT_DIR" + +mvn -N -Pdependency-updates-reports validate + +cp -Rv target/site/* $REPORT_OUTPUT_DIR +mv $REPORT_OUTPUT_DIR/dependency-updates-aggregate-report.html $REPORT_OUTPUT_DIR/dependency-updates-report-root.html + +pushd jetty-ee10 +mvn -Pdependency-updates-reports validate +cp target/site/dependency-updates-aggregate-report.html $REPORT_OUTPUT_DIR/dependency-updates-report-ee10.html + +pushd jetty-ee9 +mvn -Pdependency-updates-reports validate +cp target/site/dependency-updates-aggregate-report.html $REPORT_OUTPUT_DIR/dependency-updates-report-ee9.html + +pushd jetty-ee8 +mvn -Pdependency-updates-reports validate +cp target/site/dependency-updates-aggregate-report.html $REPORT_OUTPUT_DIR/dependency-updates-report-ee8.html + +echo "HTML Reports can be found in $REPORT_OUTPUT_DIR" diff --git a/jetty-core/pom.xml b/jetty-core/pom.xml index 5627d386b63..b68356004ad 100644 --- a/jetty-core/pom.xml +++ b/jetty-core/pom.xml @@ -55,4 +55,36 @@ + + + + dependency-updates-reports + + + + org.codehaus.mojo + versions-maven-plugin + + + core-report + validate + + dependency-updates-aggregate-report + + + + html + + + + + + + + + + diff --git a/jetty-ee8/pom.xml b/jetty-ee8/pom.xml index cb99ad6fbcb..1425732f564 100644 --- a/jetty-ee8/pom.xml +++ b/jetty-ee8/pom.xml @@ -383,4 +383,36 @@ + + + + + dependency-updates-reports + + + + org.codehaus.mojo + versions-maven-plugin + + + ee8-report + validate + + dependency-updates-aggregate-report + + + + html + + + + + + + + + diff --git a/pom.xml b/pom.xml index 86a81e71a5e..44a56b13f2a 100644 --- a/pom.xml +++ b/pom.xml @@ -2088,6 +2088,36 @@ + + + dependency-updates-reports + + + + org.codehaus.mojo + versions-maven-plugin + + + root-report + validate + + dependency-updates-aggregate-report + + + + html + + + + + + + + + From 1b76cbe211060b321275a7802bd71d090e995735 Mon Sep 17 00:00:00 2001 From: Joakim Erdfelt Date: Wed, 8 Mar 2023 15:33:53 -0600 Subject: [PATCH 09/30] Update osgi-core to 8.0.0 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 102a9ae4caa..a28dc828840 100644 --- a/pom.xml +++ b/pom.xml @@ -105,7 +105,7 @@ 3.12.11 0.9.1 8.1.0 - 6.0.0 + 8.0.0 1.2.0 1.3.0 From 2e6c5b0bfe430b00f48054005cab94339f640a25 Mon Sep 17 00:00:00 2001 From: Joakim Erdfelt Date: Wed, 8 Mar 2023 15:38:34 -0600 Subject: [PATCH 10/30] Update mariadb to 3.1.2 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index a28dc828840..2d271f6d2ee 100644 --- a/pom.xml +++ b/pom.xml @@ -96,7 +96,7 @@ 2.0.3 2.20.0 1.4.5 - 3.0.10 + 3.1.2 10.3.6 3.8.7 0.13.1 From 19dd5e87d484be75622925ebbda41c971d4697f7 Mon Sep 17 00:00:00 2001 From: Joakim Erdfelt Date: Wed, 8 Mar 2023 15:39:04 -0600 Subject: [PATCH 11/30] Update hazelcast to 5.2.2 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 2d271f6d2ee..57cf04076e0 100644 --- a/pom.xml +++ b/pom.xml @@ -50,7 +50,7 @@ 31.1-jre 5.1.0 2.2 - 5.2.1 + 5.2.2 4.6.1.Final 11.0.17.Final 2.14.2 From 0feff8d35ae99ce4c5986baccef4cd0d251501d1 Mon Sep 17 00:00:00 2001 From: Joakim Erdfelt Date: Wed, 8 Mar 2023 16:08:09 -0600 Subject: [PATCH 12/30] Ignoring jetty releases and maven alpha/beta versions --- jetty-core/pom.xml | 35 +++++++++++++++++++++++++++++++++++ jetty-ee10/pom.xml | 34 ++++++++++++++++++++++++++++++++++ jetty-ee8/pom.xml | 34 ++++++++++++++++++++++++++++++++++ jetty-ee9/pom.xml | 34 ++++++++++++++++++++++++++++++++++ pom.xml | 28 ++++++++++++++++++++++++++-- 5 files changed, 163 insertions(+), 2 deletions(-) diff --git a/jetty-core/pom.xml b/jetty-core/pom.xml index b68356004ad..8ca99a671c3 100644 --- a/jetty-core/pom.xml +++ b/jetty-core/pom.xml @@ -78,6 +78,41 @@ html + + + + + + org.apache.maven + + + regex + .+-(alpha|beta).?[0-9]+ + + + + + + org.eclipse.jetty + + + regex + .+ + + + + + + org.eclipse.jetty.* + + + regex + .+ + + + + + diff --git a/jetty-ee10/pom.xml b/jetty-ee10/pom.xml index ecc9eb3660b..0ad55a0beba 100644 --- a/jetty-ee10/pom.xml +++ b/jetty-ee10/pom.xml @@ -414,6 +414,40 @@ html + + + + + org.apache.maven + + + regex + .+-(alpha|beta).?[0-9]+ + + + + + + org.eclipse.jetty + + + regex + .+ + + + + + + org.eclipse.jetty.* + + + regex + .+ + + + + + diff --git a/jetty-ee8/pom.xml b/jetty-ee8/pom.xml index 1425732f564..13a3429bfc5 100644 --- a/jetty-ee8/pom.xml +++ b/jetty-ee8/pom.xml @@ -407,6 +407,40 @@ html + + + + + org.apache.maven + + + regex + .+-(alpha|beta).?[0-9]+ + + + + + + org.eclipse.jetty + + + regex + .+ + + + + + + org.eclipse.jetty.* + + + regex + .+ + + + + + diff --git a/jetty-ee9/pom.xml b/jetty-ee9/pom.xml index 88d0a918846..5a75ce0c0e8 100644 --- a/jetty-ee9/pom.xml +++ b/jetty-ee9/pom.xml @@ -455,6 +455,40 @@ html + + + + + org.apache.maven + + + regex + .+-(alpha|beta).?[0-9]+ + + + + + + org.eclipse.jetty + + + regex + .+ + + + + + + org.eclipse.jetty.* + + + regex + .+ + + + + + diff --git a/pom.xml b/pom.xml index 57cf04076e0..9ad1158fb56 100644 --- a/pom.xml +++ b/pom.xml @@ -2113,10 +2113,34 @@ - org.eclipse.jetty + + org.apache.maven + + + regex + .+-(alpha|beta).?[0-9]+ + + - org.eclipse.jetty.http2 + + org.eclipse.jetty + + + regex + .+ + + + + + + org.eclipse.jetty.* + + + regex + .+ + + From 7f52d4f3f07278f4fd39dd4169c6a66f8a771c13 Mon Sep 17 00:00:00 2001 From: Joakim Erdfelt Date: Wed, 8 Mar 2023 16:13:27 -0600 Subject: [PATCH 13/30] Set config to true --- jetty-core/pom.xml | 2 +- jetty-ee10/pom.xml | 1 + jetty-ee8/pom.xml | 1 + jetty-ee9/pom.xml | 1 + pom.xml | 1 + 5 files changed, 5 insertions(+), 1 deletion(-) diff --git a/jetty-core/pom.xml b/jetty-core/pom.xml index 8ca99a671c3..0fba6145d4a 100644 --- a/jetty-core/pom.xml +++ b/jetty-core/pom.xml @@ -78,7 +78,7 @@ html - + true diff --git a/jetty-ee10/pom.xml b/jetty-ee10/pom.xml index 0ad55a0beba..63ef0516ec1 100644 --- a/jetty-ee10/pom.xml +++ b/jetty-ee10/pom.xml @@ -414,6 +414,7 @@ html + true diff --git a/jetty-ee8/pom.xml b/jetty-ee8/pom.xml index 13a3429bfc5..43372bce1a7 100644 --- a/jetty-ee8/pom.xml +++ b/jetty-ee8/pom.xml @@ -407,6 +407,7 @@ html + true diff --git a/jetty-ee9/pom.xml b/jetty-ee9/pom.xml index 5a75ce0c0e8..b56f1798ad6 100644 --- a/jetty-ee9/pom.xml +++ b/jetty-ee9/pom.xml @@ -455,6 +455,7 @@ html + true diff --git a/pom.xml b/pom.xml index 9ad1158fb56..4209cd4215f 100644 --- a/pom.xml +++ b/pom.xml @@ -2110,6 +2110,7 @@ html + true From b8a6ba10f6b8723ac932524923249573d02c591a Mon Sep 17 00:00:00 2001 From: Joakim Erdfelt Date: Wed, 8 Mar 2023 16:15:41 -0600 Subject: [PATCH 14/30] Update ee10 servlet-jsp-api to 3.1.1 --- jetty-ee10/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jetty-ee10/pom.xml b/jetty-ee10/pom.xml index 63ef0516ec1..256165f35ec 100644 --- a/jetty-ee10/pom.xml +++ b/jetty-ee10/pom.xml @@ -24,7 +24,7 @@ 2.1.1 2.0.1 6.0.0 - 3.1.0 + 3.1.1 3.0.0 3.0.1 3.1.0 From 661e71567f51223cee4297961c96649798fc4baa Mon Sep 17 00:00:00 2001 From: Joakim Erdfelt Date: Wed, 8 Mar 2023 16:28:51 -0600 Subject: [PATCH 15/30] Adding jna to top level depMan --- pom.xml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pom.xml b/pom.xml index 4209cd4215f..67a4711f8e8 100644 --- a/pom.xml +++ b/pom.xml @@ -1001,6 +1001,11 @@ jna-jpms ${jna.version} + + net.java.dev.jna + jna + ${jna.version} + net.minidev json-smart From 16e98f72de7a69bf174977cdf2911a9973d759cc Mon Sep 17 00:00:00 2001 From: Joakim Erdfelt Date: Wed, 8 Mar 2023 17:03:01 -0600 Subject: [PATCH 16/30] Adding jna test scope dep to ee9 test-loginservice --- .../jetty-ee9-tests/jetty-ee9-test-loginservice/pom.xml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/jetty-ee9/jetty-ee9-tests/jetty-ee9-test-loginservice/pom.xml b/jetty-ee9/jetty-ee9-tests/jetty-ee9-test-loginservice/pom.xml index b7f3e8542a5..ae739660c02 100644 --- a/jetty-ee9/jetty-ee9-tests/jetty-ee9-test-loginservice/pom.xml +++ b/jetty-ee9/jetty-ee9-tests/jetty-ee9-test-loginservice/pom.xml @@ -46,6 +46,11 @@ mariadb test + + net.java.dev.jna + jna + test + org.testcontainers junit-jupiter From 20404f760c21ac6a1585bc30b00a965f6677c510 Mon Sep 17 00:00:00 2001 From: Joakim Erdfelt Date: Thu, 9 Mar 2023 06:36:35 -0600 Subject: [PATCH 17/30] set to true --- jetty-core/pom.xml | 1 + jetty-ee10/pom.xml | 1 + jetty-ee8/pom.xml | 1 + jetty-ee9/pom.xml | 1 + pom.xml | 3 ++- 5 files changed, 6 insertions(+), 1 deletion(-) diff --git a/jetty-core/pom.xml b/jetty-core/pom.xml index 0fba6145d4a..22edf453ee6 100644 --- a/jetty-core/pom.xml +++ b/jetty-core/pom.xml @@ -79,6 +79,7 @@ html true + true diff --git a/jetty-ee10/pom.xml b/jetty-ee10/pom.xml index 256165f35ec..a0cabbd038e 100644 --- a/jetty-ee10/pom.xml +++ b/jetty-ee10/pom.xml @@ -415,6 +415,7 @@ html true + true diff --git a/jetty-ee8/pom.xml b/jetty-ee8/pom.xml index 43372bce1a7..4665be77864 100644 --- a/jetty-ee8/pom.xml +++ b/jetty-ee8/pom.xml @@ -408,6 +408,7 @@ html true + true diff --git a/jetty-ee9/pom.xml b/jetty-ee9/pom.xml index b56f1798ad6..fde91bd70d3 100644 --- a/jetty-ee9/pom.xml +++ b/jetty-ee9/pom.xml @@ -456,6 +456,7 @@ html true + true diff --git a/pom.xml b/pom.xml index 67a4711f8e8..b4e4c078508 100644 --- a/pom.xml +++ b/pom.xml @@ -2115,7 +2115,8 @@ html - true + false + true From 1a3f8becd0eaaae1eb4ea64c36a99ff05fc2c6d7 Mon Sep 17 00:00:00 2001 From: Joakim Erdfelt Date: Thu, 9 Mar 2023 09:56:42 -0600 Subject: [PATCH 18/30] Update for ee9 --- jetty-ee9/pom.xml | 166 +++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 164 insertions(+), 2 deletions(-) diff --git a/jetty-ee9/pom.xml b/jetty-ee9/pom.xml index fde91bd70d3..54e7516939d 100644 --- a/jetty-ee9/pom.xml +++ b/jetty-ee9/pom.xml @@ -470,7 +470,7 @@ - + org.eclipse.jetty @@ -480,7 +480,7 @@ - + org.eclipse.jetty.* @@ -489,6 +489,168 @@ + + + jakarta.activation + + + regex + ^(?!2.0.).+ + + + + + + jakarta.annotation + + + regex + ^(?!2.0.).+ + + + + + + jakarta.authentication + + + regex + ^(?!2.).+ + + + + + + jakarta.el + + + regex + ^(?!4.).+ + + + + + + jakarta.enterprise + jakarta.enterprise.cdi-api + + + regex + ^(?!3.).+ + + + + + + jakarta.interceptor + jakarta.interceptor-api + + + regex + ^(?!2.0.).+ + + + + + + jakarta.mail + jakarta.mail-api + + + regex + ^(?!2.0.).+ + + + + + + jakarta.servlet + jakarta.servlet-api + + + regex + ^(?!5.).+ + + + + + + jakarta.servlet + jakarta.servlet.jsp-api + + + regex + ^(?!3.0.).+ + + + + + + jakarta.servlet.jsp.jstl + jakarta.servlet.jsp.jstl-api + + + regex + ^(?!2.).+ + + + + + + org.glassfish.web + jakarta.servlet.jsp.jstl + + + regex + ^(?!2.).+ + + + + + + org.mortbay.jasper + apache-jsp + + + regex + ^(?!10.0.).+ + + + + + + org.mortbay.jasper + apache-el + + + regex + ^(?!10.0.).+ + + + + + + org.apache.mina + + + regex + .+-M[0-9]+$ + + + From 3de4323b205f0fe7073e6debe236063a298d10e8 Mon Sep 17 00:00:00 2001 From: Joakim Erdfelt Date: Thu, 9 Mar 2023 09:57:14 -0600 Subject: [PATCH 19/30] Fix typo in comment --- jetty-ee9/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jetty-ee9/pom.xml b/jetty-ee9/pom.xml index 54e7516939d..5f2c17b3f33 100644 --- a/jetty-ee9/pom.xml +++ b/jetty-ee9/pom.xml @@ -558,7 +558,7 @@ - jakarta.mail jakarta.mail-api From 962604813817fc98abdb1e53558490aa5f05701d Mon Sep 17 00:00:00 2001 From: Joakim Erdfelt Date: Thu, 9 Mar 2023 10:13:27 -0600 Subject: [PATCH 20/30] Update for ee8 --- jetty-ee8/pom.xml | 73 +++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 71 insertions(+), 2 deletions(-) diff --git a/jetty-ee8/pom.xml b/jetty-ee8/pom.xml index 4665be77864..6177391babb 100644 --- a/jetty-ee8/pom.xml +++ b/jetty-ee8/pom.xml @@ -422,7 +422,7 @@ - + org.eclipse.jetty @@ -432,7 +432,7 @@ - + org.eclipse.jetty.* @@ -441,6 +441,75 @@ + + + jakarta.annotation + + + regex + ^(?!1.).+ + + + + + + jakarta.servlet.jsp + jakarta.servlet.jsp-api + + + regex + ^(?!2.).+ + + + + + + jakarta.servlet.jsp.jstl + jakarta.servlet.jsp.jstl-api + + + regex + ^(?!1.).+ + + + + + + jakarta.transaction + jakarta.transaction-api + + + regex + ^(?!1.).+ + + + + + + org.apache.directory.api + + + regex + ^(?!2.1.).+ + + + + + + org.mortbay.jasper + apache-jsp + + + regex + ^(?!9.0.).+ + + + From ff5fd6420eaae10e24e6e3957c183fdb52b72f98 Mon Sep 17 00:00:00 2001 From: Joakim Erdfelt Date: Thu, 9 Mar 2023 10:19:47 -0600 Subject: [PATCH 21/30] Update apacheds to 2.1.2 --- jetty-ee8/jetty-ee8-jaas/pom.xml | 15 ++++++++++++++- jetty-ee8/pom.xml | 12 +++++++++++- 2 files changed, 25 insertions(+), 2 deletions(-) diff --git a/jetty-ee8/jetty-ee8-jaas/pom.xml b/jetty-ee8/jetty-ee8-jaas/pom.xml index 9bcf0374586..98ae9467679 100644 --- a/jetty-ee8/jetty-ee8-jaas/pom.xml +++ b/jetty-ee8/jetty-ee8-jaas/pom.xml @@ -14,7 +14,8 @@ jetty-ee9-jaas ${project.groupId}.jaas 2.0.0.AM26 - 2.1.0 + 2.1.2 + 2.2.1 org.eclipse.jetty.jaas.* @@ -57,6 +58,12 @@ jetty-test-helper test + + org.apache.mina + mina-core + ${apache.mina.version} + test + org.apache.directory.server apacheds-test-framework @@ -125,6 +132,12 @@ org.apache.directory.api api-ldap-model ${apache.directory.api.version} + + + org.apache.mina + mina-core + + org.apache.directory.api diff --git a/jetty-ee8/pom.xml b/jetty-ee8/pom.xml index 6177391babb..c877a25120e 100644 --- a/jetty-ee8/pom.xml +++ b/jetty-ee8/pom.xml @@ -489,7 +489,7 @@ - + org.apache.directory.api @@ -510,6 +510,16 @@ + + + org.apache.mina + + + regex + .+-M[0-9]+$ + + + From a03ec5ffc02e5db5fb275866087a8e6251503fd8 Mon Sep 17 00:00:00 2001 From: Joakim Erdfelt Date: Thu, 9 Mar 2023 10:24:33 -0600 Subject: [PATCH 22/30] Update for ee10 --- jetty-ee10/pom.xml | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/jetty-ee10/pom.xml b/jetty-ee10/pom.xml index a0cabbd038e..8cbd831c4bd 100644 --- a/jetty-ee10/pom.xml +++ b/jetty-ee10/pom.xml @@ -429,7 +429,7 @@ - + org.eclipse.jetty @@ -439,7 +439,7 @@ - + org.eclipse.jetty.* @@ -448,6 +448,16 @@ + + + org.apache.mina + + + regex + .+-M[0-9]+$ + + + From e6de81084d8f69007102bd3a6a12ad67555e3eb6 Mon Sep 17 00:00:00 2001 From: Simone Bordet Date: Tue, 14 Mar 2023 18:49:48 +0100 Subject: [PATCH 23/30] Improved HttpClient TLS documentation about server host name verification. (#9494) Signed-off-by: Simone Bordet --- .../http/client-http-configuration.adoc | 21 ++++++++++++------- .../client/http/HTTPClientDocs.java | 4 ++-- 2 files changed, 15 insertions(+), 10 deletions(-) diff --git a/documentation/jetty-documentation/src/main/asciidoc/programming-guide/client/http/client-http-configuration.adoc b/documentation/jetty-documentation/src/main/asciidoc/programming-guide/client/http/client-http-configuration.adoc index bc9966e0036..62e47d66c1a 100644 --- a/documentation/jetty-documentation/src/main/asciidoc/programming-guide/client/http/client-http-configuration.adoc +++ b/documentation/jetty-documentation/src/main/asciidoc/programming-guide/client/http/client-http-configuration.adoc @@ -30,7 +30,7 @@ The most common parameters are: `HttpClient` supports HTTPS requests out-of-the-box like a browser does. -The support for HTTPS request is provided by a `SslContextFactory.Client`, typically configured in the `ClientConnector`. +The support for HTTPS request is provided by a `SslContextFactory.Client` instance, typically configured in the `ClientConnector`. If not explicitly configured, the `ClientConnector` will allocate a default one when started. [source,java,indent=0] @@ -38,29 +38,34 @@ If not explicitly configured, the `ClientConnector` will allocate a default one include::../../{doc_code}/org/eclipse/jetty/docs/programming/client/http/HTTPClientDocs.java[tags=tlsExplicit] ---- -The default `SslContextFactory.Client` verifies the certificate sent by the server by verifying the certificate chain. -This means that requests to public websites that have a valid certificate (such as ``https://google.com``) will work out-of-the-box. +The default `SslContextFactory.Client` verifies the certificate sent by the server by verifying the validity of the certificate with respect to the certificate chain, the expiration date, the server host name, etc. +This means that requests to public websites that have a valid certificate (such as `+https://google.com+`) will work out-of-the-box, without the need to specify a KeyStore or a TrustStore. -However, requests made to sites (typically ``localhost``) that have an invalid (for example, expired or with a wrong host) or self-signed certificate will fail (like they will in a browser). +However, requests made to sites that return an invalid or a self-signed certificate will fail (like they will in a browser). +An invalid certificate may be expired or have the wrong server host name; a self-signed certificate has a certificate chain that cannot be verified. -Certificate validation is performed at two levels: at the TLS implementation level (in the JDK) and, optionally, at the application level. +The validation of the server host name present in the certificate is important, to guarantee that the client is connected indeed with the intended server. -By default, certificate validation at the TLS level is enabled, while certificate validation at the application level is disabled. +The validation of the server host name is performed at two levels: at the TLS level (in the JDK) and, optionally, at the application level. -You can configure the `SslContextFactory.Client` to skip certificate validation at the TLS level: +By default, the validation of the server host name at the TLS level is enabled, while it is disabled at the application level. + +You can configure the `SslContextFactory.Client` to skip the validation of the server host name at the TLS level: [source,java,indent=0] ---- include::../../{doc_code}/org/eclipse/jetty/docs/programming/client/http/HTTPClientDocs.java[tags=tlsNoValidation] ---- -You can enable certificate validation at the application level: +When you disable the validation of the server host name at the TLS level, you are strongly recommended to enable it at the application level, otherwise you may risk to connect to a server different from the one you intend to connect to: [source,java,indent=0] ---- include::../../{doc_code}/org/eclipse/jetty/docs/programming/client/http/HTTPClientDocs.java[tags=tlsAppValidation] ---- +You may have the validation of the server host name enabled at both the TLS level and application level, typically when you want to further restrict the client to connect only to a smaller set of server hosts than those allowed in the certificate sent by the server. + Please refer to the `SslContextFactory.Client` link:{javadoc-url}/org/eclipse/jetty/util/ssl/SslContextFactory.Client.html[javadocs] for the complete list of configurable parameters. [[pg-client-http-configuration-tls-truststore]] diff --git a/documentation/jetty-documentation/src/main/java/org/eclipse/jetty/docs/programming/client/http/HTTPClientDocs.java b/documentation/jetty-documentation/src/main/java/org/eclipse/jetty/docs/programming/client/http/HTTPClientDocs.java index 4ffe58de9a6..65d7717d75e 100644 --- a/documentation/jetty-documentation/src/main/java/org/eclipse/jetty/docs/programming/client/http/HTTPClientDocs.java +++ b/documentation/jetty-documentation/src/main/java/org/eclipse/jetty/docs/programming/client/http/HTTPClientDocs.java @@ -129,7 +129,7 @@ public class HTTPClientDocs { // tag::tlsNoValidation[] SslContextFactory.Client sslContextFactory = new SslContextFactory.Client(); - // Disable certificate validation at the TLS level. + // Disable the validation of the server host name at the TLS level. sslContextFactory.setEndpointIdentificationAlgorithm(null); // end::tlsNoValidation[] } @@ -138,7 +138,7 @@ public class HTTPClientDocs { // tag::tlsAppValidation[] SslContextFactory.Client sslContextFactory = new SslContextFactory.Client(); - // Only allow subdomains of domain.com. + // Only allow to connect to subdomains of domain.com. sslContextFactory.setHostnameVerifier((hostName, session) -> hostName.endsWith(".domain.com")); // end::tlsAppValidation[] } From 89a519b082205c353f33ea421ad6993fc59d2e9d Mon Sep 17 00:00:00 2001 From: Joakim Erdfelt Date: Wed, 15 Mar 2023 11:31:25 -0500 Subject: [PATCH 24/30] Fix flaky test --- .../jetty/test/client/transport/HttpClientStreamTest.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/jetty-core/jetty-tests/jetty-test-client-transports/src/test/java/org/eclipse/jetty/test/client/transport/HttpClientStreamTest.java b/jetty-core/jetty-tests/jetty-test-client-transports/src/test/java/org/eclipse/jetty/test/client/transport/HttpClientStreamTest.java index c22faf9fa7d..f9f250233ea 100644 --- a/jetty-core/jetty-tests/jetty-test-client-transports/src/test/java/org/eclipse/jetty/test/client/transport/HttpClientStreamTest.java +++ b/jetty-core/jetty-tests/jetty-test-client-transports/src/test/java/org/eclipse/jetty/test/client/transport/HttpClientStreamTest.java @@ -528,7 +528,8 @@ public class HttpClientStreamTest extends AbstractTest latch.countDown(); - assertThrows(AsynchronousCloseException.class, input::read); + IOException ioException = assertThrows(IOException.class, input::read); + assertTrue(ioException instanceof AsynchronousCloseException || ioException.getCause() instanceof AsynchronousCloseException); } @ParameterizedTest From c357a1216dc3815e8a01660abf50d831d932c99d Mon Sep 17 00:00:00 2001 From: Jan Bartel Date: Wed, 15 Mar 2023 19:32:01 +0100 Subject: [PATCH 25/30] Issue #9497 allow jetty:effective-web-xml for jar projects --- .../eclipse/jetty/maven/plugin/JettyEffectiveWebXml.java | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/jetty-maven-plugin/src/main/java/org/eclipse/jetty/maven/plugin/JettyEffectiveWebXml.java b/jetty-maven-plugin/src/main/java/org/eclipse/jetty/maven/plugin/JettyEffectiveWebXml.java index c4779ac6480..7bf738042ba 100644 --- a/jetty-maven-plugin/src/main/java/org/eclipse/jetty/maven/plugin/JettyEffectiveWebXml.java +++ b/jetty-maven-plugin/src/main/java/org/eclipse/jetty/maven/plugin/JettyEffectiveWebXml.java @@ -63,12 +63,11 @@ public class JettyEffectiveWebXml extends AbstractUnassembledWebAppMojo } } - Path start = path.getName(0); - int count = path.getNameCount(); - Path end = path.getName(count > 0 ? count - 1 : count); - //if the war is not assembled, we must configure it - if (start.startsWith("src") || !end.toString().endsWith(".war")) + + if ((path == null) || (path.startsWith("src") || !path.endsWith(".war"))) + { super.configureUnassembledWebApp(); + } } /** From b2c112165783b997b1879eba9ed2fa6a10db41f8 Mon Sep 17 00:00:00 2001 From: Olivier Lamy Date: Thu, 16 Mar 2023 13:06:05 +1000 Subject: [PATCH 26/30] Jetty 12.0.x publish dependency report (#9504) * add Jenkins file for dependency report Signed-off-by: Olivier Lamy --- Jenkinsfile-autobahn | 8 ++-- Jenkinsfile-dependency-report | 46 ++++++++++++++++++++++ build/scripts/dependency-update-reports.sh | 10 ++--- 3 files changed, 54 insertions(+), 10 deletions(-) create mode 100644 Jenkinsfile-dependency-report diff --git a/Jenkinsfile-autobahn b/Jenkinsfile-autobahn index 0e92efd217d..374830be9e8 100644 --- a/Jenkinsfile-autobahn +++ b/Jenkinsfile-autobahn @@ -17,11 +17,9 @@ pipeline { node { label 'linux' } } steps { - container( 'jetty-build' ) { - timeout( time: 120, unit: 'MINUTES' ) { - mavenBuild( "jdk11", "-T3 clean install -Djacoco.skip=true -Pautobahn", "maven3", true ) // - junit testResults: '**/target/surefire-reports/*.xml,**/target/invoker-reports/TEST*.xml,**/target/autobahntestsuite-reports/*.xml' - } + timeout( time: 120, unit: 'MINUTES' ) { + mavenBuild( "jdk11", "-T3 clean install -Djacoco.skip=true -Pautobahn", "maven3", true ) // + junit testResults: '**/target/surefire-reports/*.xml,**/target/invoker-reports/TEST*.xml,**/target/autobahntestsuite-reports/*.xml' } } } diff --git a/Jenkinsfile-dependency-report b/Jenkinsfile-dependency-report new file mode 100644 index 00000000000..e25e11830ab --- /dev/null +++ b/Jenkinsfile-dependency-report @@ -0,0 +1,46 @@ +#!groovy + +pipeline { + agent any + triggers { + pollSCM('@weekly') + } + options { + skipDefaultCheckout() + buildDiscarder logRotator( numToKeepStr: '50' ) + // save some io during the build + durabilityHint( 'PERFORMANCE_OPTIMIZED' ) + } + parameters { + string( defaultValue: 'jetty-12.0.x', description: 'Jetty branch to build', + name: 'JETTY_BRANCH' ) + } + stages { + stage( "Build / Dependency Report" ) { + agent { + node { label 'linux' } + } + steps { + timeout( time: 120, unit: 'MINUTES' ) { + withEnv(["JAVA_HOME=${ tool "jdk17" }", + "PATH+MAVEN=${ tool "jdk17" }/bin:${tool "maven3"}/bin", + "MAVEN_OPTS=-Xms2g -Xmx4g -Djava.awt.headless=true"]) { + checkout([$class: 'GitSCM', + branches: [[name: "$JETTY_BRANCH"]], + extensions: [[$class: 'CloneOption', depth: 1, noTags: true, shallow: true, reference: "/home/jenkins/jetty.project.git"]], + userRemoteConfigs: [[url: 'https://github.com/eclipse/jetty.project.git']]]) + sh "mvn install -ntp -DskipTests -T5" + sh "bash ./build/scripts/dependency-update-reports.sh" + publishHTML([allowMissing: false, alwaysLinkToLastBuild: true, keepAll: true, reportDir: "reports/dependency-update-reports/", reportFiles: 'dependency-updates-report-*.html', reportName: 'Dependencies Report', reportTitles: '']) + } + } + } + } + } +} + + + + + +// vim: et:ts=2:sw=2:ft=groovy diff --git a/build/scripts/dependency-update-reports.sh b/build/scripts/dependency-update-reports.sh index 1031b846aa4..c8fcde4d72f 100755 --- a/build/scripts/dependency-update-reports.sh +++ b/build/scripts/dependency-update-reports.sh @@ -14,28 +14,28 @@ mkdir -p $REPORT_OUTPUT_DIR echo "HTML Reports can be found in $REPORT_OUTPUT_DIR" -mvn -N -Pdependency-updates-reports validate +mvn -N -B -Pdependency-updates-reports validate cp -Rv target/site/* $REPORT_OUTPUT_DIR mv $REPORT_OUTPUT_DIR/dependency-updates-aggregate-report.html $REPORT_OUTPUT_DIR/dependency-updates-report-root.html pushd jetty-core -mvn -Pdependency-updates-reports validate +mvn -B -Pdependency-updates-reports validate cp target/site/dependency-updates-aggregate-report.html $REPORT_OUTPUT_DIR/dependency-updates-report-core.html popd pushd jetty-ee10 -mvn -Pdependency-updates-reports validate +mvn -B -Pdependency-updates-reports validate cp target/site/dependency-updates-aggregate-report.html $REPORT_OUTPUT_DIR/dependency-updates-report-ee10.html popd pushd jetty-ee9 -mvn -Pdependency-updates-reports validate +mvn -B -Pdependency-updates-reports validate cp target/site/dependency-updates-aggregate-report.html $REPORT_OUTPUT_DIR/dependency-updates-report-ee9.html popd pushd jetty-ee8 -mvn -Pdependency-updates-reports validate +mvn -B -Pdependency-updates-reports validate cp target/site/dependency-updates-aggregate-report.html $REPORT_OUTPUT_DIR/dependency-updates-report-ee8.html popd From 38d3d7b8fcbf8526ef641253113f78a9249b0849 Mon Sep 17 00:00:00 2001 From: Jan Bartel Date: Thu, 16 Mar 2023 18:54:04 +1100 Subject: [PATCH 27/30] Jetty 12.0.x improve multiversion annotations test (#9492) * Improve testing of annotation parsing of multiversion jars --- .../ee10/annotations/AnnotationParser.java | 12 +++++++- .../annotations/TestAnnotationParser.java | 24 ++++++++++++---- .../ee9/annotations/AnnotationParser.java | 12 +++++++- .../ee9/annotations/TestAnnotationParser.java | 28 +++++++++++++------ 4 files changed, 60 insertions(+), 16 deletions(-) diff --git a/jetty-ee10/jetty-ee10-annotations/src/main/java/org/eclipse/jetty/ee10/annotations/AnnotationParser.java b/jetty-ee10/jetty-ee10-annotations/src/main/java/org/eclipse/jetty/ee10/annotations/AnnotationParser.java index 1a4f03585d3..bbf07f2f0e4 100644 --- a/jetty-ee10/jetty-ee10-annotations/src/main/java/org/eclipse/jetty/ee10/annotations/AnnotationParser.java +++ b/jetty-ee10/jetty-ee10-annotations/src/main/java/org/eclipse/jetty/ee10/annotations/AnnotationParser.java @@ -19,6 +19,7 @@ import java.net.URI; import java.nio.file.Files; import java.nio.file.Path; import java.util.Arrays; +import java.util.Collections; import java.util.Map; import java.util.Optional; import java.util.Set; @@ -655,7 +656,7 @@ public class AnnotationParser ClassReader reader = new ClassReader(in); reader.accept(new MyClassVisitor(handlers, containingResource, _asmVersion), ClassReader.SKIP_CODE | ClassReader.SKIP_DEBUG | ClassReader.SKIP_FRAMES); - String classname = reader.getClassName(); + String classname = normalize(reader.getClassName()); URI existing = _parsedClassNames.putIfAbsent(classname, location); if (existing != null) LOG.warn("{} scanned from multiple locations: {}, {}", classname, existing, location); @@ -665,4 +666,13 @@ public class AnnotationParser throw new IOException("Unable to parse class: " + classFile.toUri(), e); } } + + /** + * Useful mostly for testing to expose the list of parsed classes. + * @return the map of classnames to their URIs + */ + Map getParsedClassNames() + { + return Collections.unmodifiableMap(_parsedClassNames); + } } diff --git a/jetty-ee10/jetty-ee10-annotations/src/test/java/org/eclipse/jetty/ee10/annotations/TestAnnotationParser.java b/jetty-ee10/jetty-ee10-annotations/src/test/java/org/eclipse/jetty/ee10/annotations/TestAnnotationParser.java index d721edf6606..976bec798b0 100644 --- a/jetty-ee10/jetty-ee10-annotations/src/test/java/org/eclipse/jetty/ee10/annotations/TestAnnotationParser.java +++ b/jetty-ee10/jetty-ee10-annotations/src/test/java/org/eclipse/jetty/ee10/annotations/TestAnnotationParser.java @@ -15,6 +15,7 @@ package org.eclipse.jetty.ee10.annotations; import java.io.File; import java.io.IOException; +import java.net.URI; import java.net.URISyntaxException; import java.net.URL; import java.nio.file.Files; @@ -41,6 +42,8 @@ import org.junit.jupiter.api.extension.ExtendWith; import static org.hamcrest.MatcherAssert.assertThat; import static org.hamcrest.Matchers.contains; +import static org.hamcrest.Matchers.containsInAnyOrder; +import static org.hamcrest.Matchers.containsString; import static org.hamcrest.Matchers.in; import static org.hamcrest.Matchers.is; import static org.hamcrest.Matchers.notNullValue; @@ -217,12 +220,17 @@ public class TestAnnotationParser { Path badClassesJar = MavenTestingUtils.getTestResourcePathFile("jdk9/log4j-api-2.9.0.jar"); AnnotationParser parser = new AnnotationParser(); - Set emptySet = Collections.emptySet(); - try (ResourceFactory.Closeable resourceFactory = ResourceFactory.closeable()) { - parser.parse(emptySet, resourceFactory.newResource(badClassesJar)); // Should throw no exceptions and work with the META-INF/versions without incident + parser.parse(Collections.emptySet(), resourceFactory.newResource(badClassesJar)); + + //check for a class that is only in versions 9 + Map parsed = parser.getParsedClassNames(); + URI processIdUtilURI = parsed.get("org.apache.logging.log4j.util.ProcessIdUtil"); + assertNotNull(processIdUtilURI); + if (Runtime.version().feature() > 17) + assertThat(processIdUtilURI.toString(), containsString("META-INF/versions/9")); } } @@ -231,13 +239,17 @@ public class TestAnnotationParser { Path jdk10Jar = MavenTestingUtils.getTestResourcePathFile("jdk10/multirelease-10.jar"); AnnotationParser parser = new AnnotationParser(); - DuplicateClassScanHandler handler = new DuplicateClassScanHandler(); - Set handlers = Collections.singleton(handler); try (ResourceFactory.Closeable resourceFactory = ResourceFactory.closeable()) { - parser.parse(handlers, resourceFactory.newResource(jdk10Jar)); // Should throw no exceptions + parser.parse(Collections.emptySet(), resourceFactory.newResource(jdk10Jar)); + + Map parsed = parser.getParsedClassNames(); + assertEquals(3, parsed.size()); + assertThat(parsed.keySet(), containsInAnyOrder("hello.DetailedVer", "hello.Greetings", "hello.Hello")); + if (Runtime.version().feature() > 17) + assertThat(parsed.get("hello.Greetings").toString(), containsString("META-INF/versions/10")); } } diff --git a/jetty-ee9/jetty-ee9-annotations/src/main/java/org/eclipse/jetty/ee9/annotations/AnnotationParser.java b/jetty-ee9/jetty-ee9-annotations/src/main/java/org/eclipse/jetty/ee9/annotations/AnnotationParser.java index bc03ac78a77..8070bfa8d0a 100644 --- a/jetty-ee9/jetty-ee9-annotations/src/main/java/org/eclipse/jetty/ee9/annotations/AnnotationParser.java +++ b/jetty-ee9/jetty-ee9-annotations/src/main/java/org/eclipse/jetty/ee9/annotations/AnnotationParser.java @@ -19,6 +19,7 @@ import java.net.URI; import java.nio.file.Files; import java.nio.file.Path; import java.util.Arrays; +import java.util.Collections; import java.util.Map; import java.util.Optional; import java.util.Set; @@ -652,7 +653,7 @@ public class AnnotationParser ClassReader reader = new ClassReader(in); reader.accept(new MyClassVisitor(handlers, containingResource, _asmVersion), ClassReader.SKIP_CODE | ClassReader.SKIP_DEBUG | ClassReader.SKIP_FRAMES); - String classname = reader.getClassName(); + String classname = normalize(reader.getClassName()); URI existing = _parsedClassNames.putIfAbsent(classname, location); if (existing != null) LOG.warn("{} scanned from multiple locations: {}, {}", classname, existing, location); @@ -662,4 +663,13 @@ public class AnnotationParser throw new IOException("Unable to parse class: " + classFile.toUri(), e); } } + + /** + * Useful mostly for testing to expose the list of parsed classes. + * @return the map of classnames to their URIs + */ + Map getParsedClassNames() + { + return Collections.unmodifiableMap(_parsedClassNames); + } } diff --git a/jetty-ee9/jetty-ee9-annotations/src/test/java/org/eclipse/jetty/ee9/annotations/TestAnnotationParser.java b/jetty-ee9/jetty-ee9-annotations/src/test/java/org/eclipse/jetty/ee9/annotations/TestAnnotationParser.java index 60bec9e3a07..6ddbde52dbf 100644 --- a/jetty-ee9/jetty-ee9-annotations/src/test/java/org/eclipse/jetty/ee9/annotations/TestAnnotationParser.java +++ b/jetty-ee9/jetty-ee9-annotations/src/test/java/org/eclipse/jetty/ee9/annotations/TestAnnotationParser.java @@ -15,6 +15,7 @@ package org.eclipse.jetty.ee9.annotations; import java.io.File; import java.io.IOException; +import java.net.URI; import java.net.URISyntaxException; import java.net.URL; import java.nio.file.Files; @@ -41,6 +42,8 @@ import org.junit.jupiter.api.extension.ExtendWith; import static org.hamcrest.MatcherAssert.assertThat; import static org.hamcrest.Matchers.contains; +import static org.hamcrest.Matchers.containsInAnyOrder; +import static org.hamcrest.Matchers.containsString; import static org.hamcrest.Matchers.in; import static org.hamcrest.Matchers.is; import static org.hamcrest.Matchers.notNullValue; @@ -214,14 +217,20 @@ public class TestAnnotationParser @Test public void testJep238MultiReleaseInJar() throws Exception { - Path badClassesJar = MavenTestingUtils.getTargetPath("test-classes/jdk9/log4j-api-2.9.0.jar"); - AnnotationParser parser = new AnnotationParser(); - Set emptySet = Collections.emptySet(); + Path badClassesJar = MavenTestingUtils.getTargetPath("test-classes/jdk9/log4j-api-2.9.0.jar"); + AnnotationParser parser = new AnnotationParser(); try (ResourceFactory.Closeable resourceFactory = ResourceFactory.closeable()) { - parser.parse(emptySet, resourceFactory.newResource(badClassesJar)); // Should throw no exceptions and work with the META-INF/versions without incident + parser.parse(Collections.emptySet(), resourceFactory.newResource(badClassesJar)); + + //check for a class that is only in versions 9 + Map parsed = parser.getParsedClassNames(); + URI processIdUtilURI = parsed.get("org.apache.logging.log4j.util.ProcessIdUtil"); + assertNotNull(processIdUtilURI); + if (Runtime.version().feature() > 17) + assertThat(processIdUtilURI.toString(), containsString("META-INF/versions/9")); } } @@ -230,13 +239,16 @@ public class TestAnnotationParser { Path jdk10Jar = MavenTestingUtils.getTargetPath("test-classes/jdk10/multirelease-10.jar"); AnnotationParser parser = new AnnotationParser(); - DuplicateClassScanHandler handler = new DuplicateClassScanHandler(); - Set handlers = Collections.singleton(handler); - try (ResourceFactory.Closeable resourceFactory = ResourceFactory.closeable()) { - parser.parse(handlers, resourceFactory.newResource(jdk10Jar)); // Should throw no exceptions + parser.parse(Collections.emptySet(), resourceFactory.newResource(jdk10Jar)); + + Map parsed = parser.getParsedClassNames(); + assertEquals(3, parsed.size()); + assertThat(parsed.keySet(), containsInAnyOrder("hello.DetailedVer", "hello.Greetings", "hello.Hello")); + if (Runtime.version().feature() > 17) + assertThat(parsed.get("hello.Greetings").toString(), containsString("META-INF/versions/10")); } } From f2b0f217d3c791039781e4183a5990dd4e1ee493 Mon Sep 17 00:00:00 2001 From: Jan Bartel Date: Fri, 17 Mar 2023 04:56:54 +1100 Subject: [PATCH 28/30] Issue #9400 Handle scan of weird jar format (#9433) --- .../org/eclipse/jetty/annotations/AnnotationParser.java | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/jetty-annotations/src/main/java/org/eclipse/jetty/annotations/AnnotationParser.java b/jetty-annotations/src/main/java/org/eclipse/jetty/annotations/AnnotationParser.java index 0ae5e2376f7..cca4bb4d790 100644 --- a/jetty-annotations/src/main/java/org/eclipse/jetty/annotations/AnnotationParser.java +++ b/jetty-annotations/src/main/java/org/eclipse/jetty/annotations/AnnotationParser.java @@ -931,6 +931,11 @@ public class AnnotationParser LOG.debug("Not a class: {}", name); return false; } + + //get just the last name portion + int ldir = lc.lastIndexOf('/', lc.length()); + int c0 = (ldir < 0 ? 0 : ldir + 1); + lc = lc.substring(c0); if (lc.equals("module-info.class")) { @@ -940,9 +945,6 @@ public class AnnotationParser } //skip any classfiles that are not a valid java identifier - int c0 = 0; - int ldir = name.lastIndexOf('/', name.length() - 6); - c0 = (ldir > -1 ? ldir + 1 : c0); if (!Character.isJavaIdentifierStart(name.charAt(c0))) { if (LOG.isDebugEnabled()) From fe505766fd8923017cb7960b92fe8122cecc5486 Mon Sep 17 00:00:00 2001 From: Simone Bordet Date: Mon, 20 Mar 2023 10:09:58 +0100 Subject: [PATCH 29/30] Fixes #9501 - jetty client with proxy Connection: close (#9508) Now Connection: close is ignored for 2xx responses to a CONNECT method. In this way the tunnel is kept open, and bad proxies that were sending Connection: close are now supported as apparently they are still out there. Fixes also #6483. Signed-off-by: Simone Bordet --- .../client/http/HttpChannelOverHTTP.java | 17 +++--- .../proxy/AbstractConnectHandlerTest.java | 2 +- .../jetty/proxy/ConnectHandlerSSLTest.java | 56 ++++++++++++++++++- .../jetty/proxy/ConnectHandlerTest.java | 4 +- 4 files changed, 64 insertions(+), 15 deletions(-) diff --git a/jetty-client/src/main/java/org/eclipse/jetty/client/http/HttpChannelOverHTTP.java b/jetty-client/src/main/java/org/eclipse/jetty/client/http/HttpChannelOverHTTP.java index 7ede2d4299b..c4cffd0bb1a 100644 --- a/jetty-client/src/main/java/org/eclipse/jetty/client/http/HttpChannelOverHTTP.java +++ b/jetty-client/src/main/java/org/eclipse/jetty/client/http/HttpChannelOverHTTP.java @@ -22,7 +22,6 @@ import org.eclipse.jetty.client.api.Result; import org.eclipse.jetty.http.HttpFields; import org.eclipse.jetty.http.HttpHeader; import org.eclipse.jetty.http.HttpHeaderValue; -import org.eclipse.jetty.http.HttpMethod; import org.eclipse.jetty.http.HttpStatus; import org.eclipse.jetty.http.HttpVersion; import org.eclipse.jetty.http.MetaData; @@ -98,14 +97,16 @@ public class HttpChannelOverHTTP extends HttpChannel String method = exchange.getRequest().getMethod(); Response response = result.getResponse(); + int status = response.getStatus(); HttpFields responseHeaders = response.getHeaders(); + boolean isTunnel = isTunnel(method, status); String closeReason = null; if (result.isFailed()) closeReason = "failure"; else if (receiver.isShutdown()) closeReason = "server close"; - else if (sender.isShutdown() && response.getStatus() != HttpStatus.SWITCHING_PROTOCOLS_101) + else if (sender.isShutdown() && status != HttpStatus.SWITCHING_PROTOCOLS_101) closeReason = "client close"; if (closeReason == null) @@ -113,16 +114,15 @@ public class HttpChannelOverHTTP extends HttpChannel if (response.getVersion().compareTo(HttpVersion.HTTP_1_1) < 0) { // HTTP 1.0 must close the connection unless it has - // an explicit keep alive or it's a CONNECT method. + // an explicit keep alive or it is a CONNECT tunnel. boolean keepAlive = responseHeaders.contains(HttpHeader.CONNECTION, HttpHeaderValue.KEEP_ALIVE.asString()); - boolean connect = HttpMethod.CONNECT.is(method); - if (!keepAlive && !connect) + if (!keepAlive && !isTunnel) closeReason = "http/1.0"; } else { - // HTTP 1.1 closes only if it has an explicit close. - if (responseHeaders.contains(HttpHeader.CONNECTION, HttpHeaderValue.CLOSE.asString())) + // HTTP 1.1 closes only if it has an explicit close, unless it is a CONNECT tunnel. + if (responseHeaders.contains(HttpHeader.CONNECTION, HttpHeaderValue.CLOSE.asString()) && !isTunnel) closeReason = "http/1.1"; } } @@ -138,8 +138,7 @@ public class HttpChannelOverHTTP extends HttpChannel } else { - int status = response.getStatus(); - if (status == HttpStatus.SWITCHING_PROTOCOLS_101 || isTunnel(method, status)) + if (status == HttpStatus.SWITCHING_PROTOCOLS_101 || isTunnel) connection.remove(); else release(); diff --git a/jetty-proxy/src/test/java/org/eclipse/jetty/proxy/AbstractConnectHandlerTest.java b/jetty-proxy/src/test/java/org/eclipse/jetty/proxy/AbstractConnectHandlerTest.java index 2f08a656e9a..ff3a1912f37 100644 --- a/jetty-proxy/src/test/java/org/eclipse/jetty/proxy/AbstractConnectHandlerTest.java +++ b/jetty-proxy/src/test/java/org/eclipse/jetty/proxy/AbstractConnectHandlerTest.java @@ -31,7 +31,7 @@ public abstract class AbstractConnectHandlerTest protected void prepareProxy() throws Exception { proxy = new Server(); - proxyConnector = new ServerConnector(proxy); + proxyConnector = new ServerConnector(proxy, 1, 1); proxy.addConnector(proxyConnector); connectHandler = new ConnectHandler(); proxy.setHandler(connectHandler); diff --git a/jetty-proxy/src/test/java/org/eclipse/jetty/proxy/ConnectHandlerSSLTest.java b/jetty-proxy/src/test/java/org/eclipse/jetty/proxy/ConnectHandlerSSLTest.java index 4f323aa4620..fcbb2314f1c 100644 --- a/jetty-proxy/src/test/java/org/eclipse/jetty/proxy/ConnectHandlerSSLTest.java +++ b/jetty-proxy/src/test/java/org/eclipse/jetty/proxy/ConnectHandlerSSLTest.java @@ -19,6 +19,7 @@ import java.io.InputStream; import java.io.OutputStream; import java.net.Socket; import java.nio.charset.StandardCharsets; +import java.nio.file.Path; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLSocket; import javax.net.ssl.SSLSocketFactory; @@ -27,8 +28,18 @@ import javax.servlet.ServletOutputStream; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.eclipse.jetty.client.HttpClient; +import org.eclipse.jetty.client.HttpClientTransport; +import org.eclipse.jetty.client.HttpProxy; +import org.eclipse.jetty.client.api.ContentResponse; +import org.eclipse.jetty.client.http.HttpClientTransportOverHTTP; +import org.eclipse.jetty.client.util.StringRequestContent; +import org.eclipse.jetty.http.HttpHeader; +import org.eclipse.jetty.http.HttpHeaderValue; +import org.eclipse.jetty.http.HttpScheme; import org.eclipse.jetty.http.HttpStatus; import org.eclipse.jetty.http.HttpTester; +import org.eclipse.jetty.io.ClientConnector; import org.eclipse.jetty.server.Request; import org.eclipse.jetty.server.Server; import org.eclipse.jetty.server.ServerConnector; @@ -39,6 +50,7 @@ import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertNotNull; public class ConnectHandlerSSLTest extends AbstractConnectHandlerTest { @@ -48,11 +60,11 @@ public class ConnectHandlerSSLTest extends AbstractConnectHandlerTest public void prepare() throws Exception { sslContextFactory = new SslContextFactory.Server(); - String keyStorePath = MavenTestingUtils.getTestResourceFile("server_keystore.p12").getAbsolutePath(); - sslContextFactory.setKeyStorePath(keyStorePath); + Path keyStorePath = MavenTestingUtils.getTestResourcePath("server_keystore.p12").toAbsolutePath(); + sslContextFactory.setKeyStorePath(keyStorePath.toString()); sslContextFactory.setKeyStorePassword("storepwd"); server = new Server(); - serverConnector = new ServerConnector(server, sslContextFactory); + serverConnector = new ServerConnector(server, 1, 1, sslContextFactory); server.addConnector(serverConnector); server.setHandler(new ServerHandler()); server.start(); @@ -76,6 +88,7 @@ public class ConnectHandlerSSLTest extends AbstractConnectHandlerTest // Expect 200 OK from the CONNECT request HttpTester.Response response = HttpTester.parseResponse(HttpTester.from(socket.getInputStream())); + assertNotNull(response); assertEquals(HttpStatus.OK_200, response.getStatus()); // Upgrade the socket to SSL @@ -91,6 +104,7 @@ public class ConnectHandlerSSLTest extends AbstractConnectHandlerTest output.flush(); response = HttpTester.parseResponse(HttpTester.from(sslSocket.getInputStream())); + assertNotNull(response); assertEquals(HttpStatus.OK_200, response.getStatus()); assertEquals("GET /echo", response.getContent()); } @@ -114,6 +128,7 @@ public class ConnectHandlerSSLTest extends AbstractConnectHandlerTest // Expect 200 OK from the CONNECT request HttpTester.Response response = HttpTester.parseResponse(HttpTester.from(socket.getInputStream())); + assertNotNull(response); assertEquals(HttpStatus.OK_200, response.getStatus()); // Upgrade the socket to SSL @@ -133,6 +148,7 @@ public class ConnectHandlerSSLTest extends AbstractConnectHandlerTest output.flush(); response = HttpTester.parseResponse(HttpTester.from(sslSocket.getInputStream())); + assertNotNull(response); assertEquals(HttpStatus.OK_200, response.getStatus()); assertEquals("POST /echo?param=" + i + "\r\nHELLO", response.getContent()); } @@ -140,6 +156,40 @@ public class ConnectHandlerSSLTest extends AbstractConnectHandlerTest } } + @Test + public void testCONNECTWithConnectionClose() throws Exception + { + disposeProxy(); + connectHandler = new ConnectHandler() + { + @Override + protected void onConnectSuccess(ConnectContext connectContext, UpstreamConnection upstreamConnection) + { + // Add Connection: close to the 200 response. + connectContext.getResponse().setHeader(HttpHeader.CONNECTION.asString(), HttpHeaderValue.CLOSE.asString()); + super.onConnectSuccess(connectContext, upstreamConnection); + } + }; + proxy.setHandler(connectHandler); + proxy.start(); + + ClientConnector connector = new ClientConnector(); + connector.setSslContextFactory(new SslContextFactory.Client(true)); + HttpClientTransport transport = new HttpClientTransportOverHTTP(connector); + HttpClient httpClient = new HttpClient(transport); + httpClient.getProxyConfiguration().addProxy(new HttpProxy("localhost", proxyConnector.getLocalPort())); + httpClient.start(); + + ContentResponse response = httpClient.newRequest("localhost", serverConnector.getLocalPort()) + .scheme(HttpScheme.HTTPS.asString()) + .path("/echo") + .body(new StringRequestContent("hello")) + .send(); + + assertEquals(HttpStatus.OK_200, response.getStatus()); + assertEquals("GET /echo\r\nhello", response.getContentAsString()); + } + private SSLSocket wrapSocket(Socket socket) throws Exception { SSLContext sslContext = sslContextFactory.getSslContext(); diff --git a/jetty-proxy/src/test/java/org/eclipse/jetty/proxy/ConnectHandlerTest.java b/jetty-proxy/src/test/java/org/eclipse/jetty/proxy/ConnectHandlerTest.java index 2390a548612..ac8638232c6 100644 --- a/jetty-proxy/src/test/java/org/eclipse/jetty/proxy/ConnectHandlerTest.java +++ b/jetty-proxy/src/test/java/org/eclipse/jetty/proxy/ConnectHandlerTest.java @@ -58,7 +58,7 @@ public class ConnectHandlerTest extends AbstractConnectHandlerTest public void prepare() throws Exception { server = new Server(); - serverConnector = new ServerConnector(server); + serverConnector = new ServerConnector(server, 1, 1); server.addConnector(serverConnector); server.setHandler(new ServerHandler()); server.start(); @@ -140,7 +140,7 @@ public class ConnectHandlerTest extends AbstractConnectHandlerTest } @Test - public void testCONNECTwithIPv6() throws Exception + public void testCONNECTWithIPv6() throws Exception { Assumptions.assumeTrue(Net.isIpv6InterfaceAvailable()); String hostPort = "[::1]:" + serverConnector.getLocalPort(); From 17aa0c5ab9d300b8fe168c522a5c4883f87ae527 Mon Sep 17 00:00:00 2001 From: Joakim Erdfelt Date: Mon, 20 Mar 2023 11:53:40 -0500 Subject: [PATCH 30/30] Fixing #9517 - bad url-pattern prefix match behavior (#9518) * Fixing #9517 - bad url-pattern prefix match behavior Fixed regression where `/foo/*` was incorrectly matching `/foobar`. Signed-off-by: Joakim Erdfelt Signed-off-by: gregw Co-authored-by: gregw --- .../jetty/http/pathmap/PathMappings.java | 38 ++++++++------ .../jetty/http/pathmap/PathMappingsTest.java | 49 +++++++++++++++++++ 2 files changed, 72 insertions(+), 15 deletions(-) diff --git a/jetty-http/src/main/java/org/eclipse/jetty/http/pathmap/PathMappings.java b/jetty-http/src/main/java/org/eclipse/jetty/http/pathmap/PathMappings.java index de4d32d2973..d7f68f414b0 100644 --- a/jetty-http/src/main/java/org/eclipse/jetty/http/pathmap/PathMappings.java +++ b/jetty-http/src/main/java/org/eclipse/jetty/http/pathmap/PathMappings.java @@ -43,6 +43,8 @@ import org.slf4j.LoggerFactory; public class PathMappings implements Iterable>, Dumpable { private static final Logger LOG = LoggerFactory.getLogger(PathMappings.class); + // In prefix matches, this is the length ("/*".length() + 1) - used for the best prefix match loop + private static final int PREFIX_TAIL_LEN = 3; private final Set> _mappings = new TreeSet<>(Comparator.comparing(MappedResource::getPathSpec)); /** @@ -205,11 +207,14 @@ public class PathMappings implements Iterable>, Dumpable // Try a prefix match MappedResource prefix = _prefixMap.getBest(path); - if (prefix != null) + while (prefix != null) { - MatchedPath matchedPath = prefix.getPathSpec().matched(path); + PathSpec pathSpec = prefix.getPathSpec(); + MatchedPath matchedPath = pathSpec.matched(path); if (matchedPath != null) - return new MatchedResource<>(prefix.getResource(), prefix.getPathSpec(), matchedPath); + return new MatchedResource<>(prefix.getResource(), pathSpec, matchedPath); + int specLength = pathSpec.getSpecLength(); + prefix = specLength > PREFIX_TAIL_LEN ? _prefixMap.getBest(path, 0, specLength - PREFIX_TAIL_LEN) : null; } // Try a suffix match @@ -223,13 +228,13 @@ public class PathMappings implements Iterable>, Dumpable // Loop 3: "foo" while ((i = path.indexOf('.', i + 1)) > 0) { - prefix = _suffixMap.get(path, i + 1, path.length() - i - 1); - if (prefix == null) + MappedResource suffix = _suffixMap.get(path, i + 1, path.length() - i - 1); + if (suffix == null) continue; - MatchedPath matchedPath = prefix.getPathSpec().matched(path); + MatchedPath matchedPath = suffix.getPathSpec().matched(path); if (matchedPath != null) - return new MatchedResource<>(prefix.getResource(), prefix.getPathSpec(), matchedPath); + return new MatchedResource<>(suffix.getResource(), suffix.getPathSpec(), matchedPath); } } @@ -286,12 +291,15 @@ public class PathMappings implements Iterable>, Dumpable { if (_optimizedPrefix) { - MappedResource candidate = _prefixMap.getBest(path); - if (candidate != null) + MappedResource prefix = _prefixMap.getBest(path); + while (prefix != null) { - matchedPath = candidate.getPathSpec().matched(path); + PathSpec pathSpec = prefix.getPathSpec(); + matchedPath = pathSpec.matched(path); if (matchedPath != null) - return new MatchedResource<>(candidate.getResource(), candidate.getPathSpec(), matchedPath); + return new MatchedResource<>(prefix.getResource(), pathSpec, matchedPath); + int specLength = pathSpec.getSpecLength(); + prefix = specLength > PREFIX_TAIL_LEN ? _prefixMap.getBest(path, 0, specLength - PREFIX_TAIL_LEN) : null; } // If we reached here, there's NO optimized PREFIX Match possible, skip simple match below @@ -312,13 +320,13 @@ public class PathMappings implements Iterable>, Dumpable // Loop 3: "foo" while ((i = path.indexOf('.', i + 1)) > 0) { - MappedResource candidate = _suffixMap.get(path, i + 1, path.length() - i - 1); - if (candidate == null) + MappedResource suffix = _suffixMap.get(path, i + 1, path.length() - i - 1); + if (suffix == null) continue; - matchedPath = candidate.getPathSpec().matched(path); + matchedPath = suffix.getPathSpec().matched(path); if (matchedPath != null) - return new MatchedResource<>(candidate.getResource(), candidate.getPathSpec(), matchedPath); + return new MatchedResource<>(suffix.getResource(), suffix.getPathSpec(), matchedPath); } // If we reached here, there's NO optimized SUFFIX Match possible, skip simple match below skipRestOfGroup = true; diff --git a/jetty-http/src/test/java/org/eclipse/jetty/http/pathmap/PathMappingsTest.java b/jetty-http/src/test/java/org/eclipse/jetty/http/pathmap/PathMappingsTest.java index 3c312d7d6b3..4eee6faf712 100644 --- a/jetty-http/src/test/java/org/eclipse/jetty/http/pathmap/PathMappingsTest.java +++ b/jetty-http/src/test/java/org/eclipse/jetty/http/pathmap/PathMappingsTest.java @@ -92,6 +92,55 @@ public class PathMappingsTest assertMatch(p, "/", "any"); } + /** + * Test the match order rules imposed by the Servlet API (any vs specific sub-dir) + */ + @Test + public void testServletMatchPrefix() + { + PathMappings p = new PathMappings<>(); + + p.put(new ServletPathSpec("/*"), "any"); + p.put(new ServletPathSpec("/foo/*"), "foo"); + p.put(new ServletPathSpec("/food/*"), "food"); + p.put(new ServletPathSpec("/a/*"), "a"); + p.put(new ServletPathSpec("/a/b/*"), "ab"); + + assertMatch(p, "/abs/path", "any"); + assertMatch(p, "/abs/foo/bar", "any"); + assertMatch(p, "/foo/bar", "foo"); + assertMatch(p, "/", "any"); + assertMatch(p, "/foo", "foo"); + assertMatch(p, "/fo", "any"); + assertMatch(p, "/foobar", "any"); + assertMatch(p, "/foob", "any"); + assertMatch(p, "/food", "food"); + assertMatch(p, "/food/zed", "food"); + assertMatch(p, "/foodie", "any"); + assertMatch(p, "/a/bc", "a"); + assertMatch(p, "/a/b/c", "ab"); + assertMatch(p, "/a/", "a"); + assertMatch(p, "/a", "a"); + + // Try now with order important + p.put(new RegexPathSpec("/other.*/"), "other"); + assertMatch(p, "/abs/path", "any"); + assertMatch(p, "/abs/foo/bar", "any"); + assertMatch(p, "/foo/bar", "foo"); + assertMatch(p, "/", "any"); + assertMatch(p, "/foo", "foo"); + assertMatch(p, "/fo", "any"); + assertMatch(p, "/foobar", "any"); + assertMatch(p, "/foob", "any"); + assertMatch(p, "/food", "food"); + assertMatch(p, "/food/zed", "food"); + assertMatch(p, "/foodie", "any"); + assertMatch(p, "/a/bc", "a"); + assertMatch(p, "/a/b/c", "ab"); + assertMatch(p, "/a/", "a"); + assertMatch(p, "/a", "a"); + } + /** * Test the match order rules with a mixed Servlet and URI Template path specs *