Merged 'jetty-10.0.x' into 'jetty-10.0.x-3951-http2_demand'.

VERSION.txt

@@ -1,5 +1,52 @@
 jetty-10.0.0-SNAPSHOT
 
+jetty-9.4.21.v20190926 - 26 September 2019
+ + 97 Permanent UnavailableException thrown during servlet request handling
+   should cause servlet destroy
+ + 137 Support OAuth
+ + 155 No way to set keystore for JSR 356 websocket clients, needed for SSL
+   client authentication
+ + 1036 Allow easy configuration of Scheduler-Threads and name them more
+   appropriate
+ + 2815 HPack fields are opaque octets
+ + 3040 Allow RFC6265 Cookies to include optional SameSite attribute.
+ + 3106 WebSocket connection stats and request stats
+ + 3734 WebSocket suspend when input closed
+ + 3747 Make Jetty Demo work with JPMS
+ + 3806 Error Page handling Async race with ProxyServlet
+ + 3913 Clustered HttpSession IllegalStateException: Invalid for read
+ + 3936 Race condition when modifying session + sendRedirect()
+ + 3956 Remove and warn on use of illegal HTTP/2 response headers
+ + 3964 Improve efficiency of listeners
+ + 3968 WebSocket sporadic ReadPendingException using suspend/resume
+ + 3978 HTTP/2 fixes for robustly handling abnormal traffic and resource
+   exhaustion
+ + 3983 JarFileResource incorrectly lists the contents of directories with
+   spaces
+ + 3985 Improve lenient Cookie parsing
+ + 3989 Inform custom ManagedSelector of dead selector via optional
+   onFailedSelect()
+ + 4000 Add SameFileAliasChecker to help with FileSystem static file access
+   normalization on Mac and Windows
+ + 4007 NullPointerException while trying to run jetty start.run on Windows
+ + 4009 ServletContextHandler setSecurityHandler broke handler chain
+ + 4020 Revert WebSocket ExtensionFactory change to interface
+ + 4022 Servlet which is added by ServletRegistration can't be started
+ + 4025 Provide more write-through behaviours for DefaultSessionCache
+ + 4027 Ensure AbstractSessionDataStore cannot be used unless it is started
+ + 4033 Ignore bad percent encodings in paths during
+   URIUtil.equalsIgnoreEncodings()
+ + 4047 Gracefully stopped Jetty not flushing all response data
+ + 4048 Multiple values in X-Forwarded-Port throw NumberFormatException
+ + 4057 NullPointerException in o.e.j.h.HttpFields
+ + 4064 NullPointerException initializing embedded servlet
+ + 4075 Do not fail on servlet-mapping with url-pattern /On*
+ + 4082 NullPointerExceptoin while Debug logging in client
+ + 4084 Use of HttpConfiguration.setBlockingTimeout(long) in jetty.xml produces
+   warning on jetty-home startup
+ + 4105 Cleanup of Idle thread count in QueuedThreadPool
+ + 4113 HttpClient fails with JDK 13 and TLS 1.3
+
 jetty-10.0.0-alpha0 - 11 July 2019
  + 113 Add support for NCSA Extended Log File Format
  + 114 Bring back overlay deployer
@@ -290,7 +337,7 @@ jetty-9.4.18.v20190429 - 29 April 2019
  + 3609 Fix infinispan start module dependencies
 
 jetty-9.4.17.v20190418 - 18 April 2019
- + 2140 Infinispan and hazelcast changes to scavenge zombie expired sessions.
+ + 2140 Infinispan and hazelcast changes to scavenge zombie expired sessions
  + 3464 Split SslContextFactory into Client and Server
  + 3549 Directory Listing on Windows reveals Resource Base path
  + 3555 DefaultHandler Reveals Base Resource Path of each Context

jetty-rewrite/src/main/java/org/eclipse/jetty/rewrite/handler/ForwardedSchemeHeaderRule.java

@@ -46,7 +46,8 @@ public class ForwardedSchemeHeaderRule extends HeaderRule
     @Override
     protected String apply(String target, String value, HttpServletRequest request, HttpServletResponse response)
     {
-        ((Request)request).setScheme(_scheme);
+        Request baseRequest = Request.getBaseRequest(request);
+        baseRequest.setScheme(_scheme);
         return target;
     }
 }

jetty-security/src/main/java/org/eclipse/jetty/security/authentication/DigestAuthenticator.java

@@ -121,6 +121,8 @@ public class DigestAuthenticator extends LoginAuthenticator
 
         try
         {
+            Request baseRequest = Request.getBaseRequest(request);
+
             boolean stale = false;
             if (credentials != null)
             {
@@ -173,7 +175,7 @@ public class DigestAuthenticator extends LoginAuthenticator
                     }
                 }
 
-                int n = checkNonce(digest, (Request)request);
+                int n = checkNonce(digest, baseRequest);
 
                 if (n > 0)
                 {
@@ -195,7 +197,7 @@ public class DigestAuthenticator extends LoginAuthenticator
                     domain = "/";
                 response.setHeader(HttpHeader.WWW_AUTHENTICATE.asString(), "Digest realm=\"" + _loginService.getName() +
                     "\", domain=\"" + domain +
-                    "\", nonce=\"" + newNonce((Request)request) +
+                    "\", nonce=\"" + newNonce(baseRequest) +
                     "\", algorithm=MD5" +
                     ", qop=\"auth\"" +
                     ", stale=" + stale);

jetty-server/src/main/java/org/eclipse/jetty/server/HttpConnection.java

@@ -272,12 +272,19 @@ public class HttpConnection extends AbstractConnection implements Runnable, Http
                 // Parse the request buffer.
                 boolean handle = parseRequestBuffer();
 
+                // There could be a connection upgrade before handling
+                // the HTTP/1.1 request, for example PRI * HTTP/2.
+                // If there was a connection upgrade, the other
+                // connection took over, nothing more to do here.
+                if (getEndPoint().getConnection() != this)
+                    break;
+
                 // Handle channel event
                 if (handle)
                 {
                     boolean suspended = !_channel.handle();
 
-                    // We should break iteration if we have suspended or changed connection or this is not the handling thread.
+                    // We should break iteration if we have suspended or upgraded the connection.
                     if (suspended || getEndPoint().getConnection() != this)
                         break;
                 }