Merge remote-tracking branch 'origin/jetty-10.0.x' into jetty-11.0.x
This commit is contained in:
commit
7426fbea7c
|
@ -2,6 +2,7 @@ version: 2
|
||||||
updates:
|
updates:
|
||||||
- package-ecosystem: "maven"
|
- package-ecosystem: "maven"
|
||||||
directory: "/"
|
directory: "/"
|
||||||
|
open-pull-requests-limit: 20
|
||||||
target-branch: "jetty-9.4.x"
|
target-branch: "jetty-9.4.x"
|
||||||
schedule:
|
schedule:
|
||||||
interval: "daily"
|
interval: "daily"
|
||||||
|
@ -21,9 +22,12 @@ updates:
|
||||||
versions: [ ">=2.0.0" ]
|
versions: [ ">=2.0.0" ]
|
||||||
- dependency-name: "javax.websocket:*"
|
- dependency-name: "javax.websocket:*"
|
||||||
versions: [ ">=1.1.0" ]
|
versions: [ ">=1.1.0" ]
|
||||||
|
- dependency-name: "org.infinispan:*"
|
||||||
|
versions: [ ">= 12" ]
|
||||||
|
|
||||||
- package-ecosystem: "maven"
|
- package-ecosystem: "maven"
|
||||||
directory: "/"
|
directory: "/"
|
||||||
|
open-pull-requests-limit: 20
|
||||||
target-branch: "jetty-10.0.x"
|
target-branch: "jetty-10.0.x"
|
||||||
schedule:
|
schedule:
|
||||||
interval: "daily"
|
interval: "daily"
|
||||||
|
@ -41,16 +45,22 @@ updates:
|
||||||
versions: [ ">=4.0.0" ]
|
versions: [ ">=4.0.0" ]
|
||||||
- dependency-name: "jakarta.inject:*"
|
- dependency-name: "jakarta.inject:*"
|
||||||
versions: [ ">=2.0.0" ]
|
versions: [ ">=2.0.0" ]
|
||||||
|
- dependency-name: "jakarta.interceptor:*"
|
||||||
|
versions: [ ">=2.0.0" ]
|
||||||
- dependency-name: "jakarta.websocket:*"
|
- dependency-name: "jakarta.websocket:*"
|
||||||
versions: [ ">=2.0.0" ]
|
versions: [ ">=2.0.0" ]
|
||||||
- dependency-name: "jakarta.servlet.jsp.jstl:*"
|
- dependency-name: "jakarta.servlet.jsp.jstl:*"
|
||||||
versions: [ ">=2.0.0" ]
|
versions: [ ">=2.0.0" ]
|
||||||
- dependency-name: "org.jboss.weld.servlet:*"
|
- dependency-name: "org.jboss.weld.servlet:*"
|
||||||
versions: [ ">=4.0.0" ]
|
versions: [ ">=4.0.0" ]
|
||||||
|
- dependency-name: "jakarta.enterprise:jakarta.enterprise.cdi-api:*"
|
||||||
|
versions: [ ">=3.0.0" ]
|
||||||
- dependency-name: "com.sun.xml.ws:jaxws*"
|
- dependency-name: "com.sun.xml.ws:jaxws*"
|
||||||
versions: [ ">=3.0.0" ]
|
versions: [ ">=3.0.0" ]
|
||||||
- dependency-name: "jakarta.transaction:*"
|
- dependency-name: "jakarta.transaction:*"
|
||||||
versions: [ ">=2.0.0" ]
|
versions: [ ">=2.0.0" ]
|
||||||
|
- dependency-name: "org.infinispan:*"
|
||||||
|
versions: [ ">= 12" ]
|
||||||
|
|
||||||
# - package-ecosystem: "maven"
|
# - package-ecosystem: "maven"
|
||||||
# directory: "/"
|
# directory: "/"
|
||||||
|
|
|
@ -33,6 +33,32 @@ import org.eclipse.jetty.util.URIUtil;
|
||||||
*/
|
*/
|
||||||
public class SecuredRedirectHandler extends HandlerWrapper
|
public class SecuredRedirectHandler extends HandlerWrapper
|
||||||
{
|
{
|
||||||
|
/**
|
||||||
|
* The redirect code to send in response.
|
||||||
|
*/
|
||||||
|
private final int _redirectCode;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Uses moved temporarily code (302) as the redirect code.
|
||||||
|
*/
|
||||||
|
public SecuredRedirectHandler()
|
||||||
|
{
|
||||||
|
this(HttpServletResponse.SC_MOVED_TEMPORARILY);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Use supplied code as the redirect code.
|
||||||
|
*
|
||||||
|
* @param code the redirect code to use in the response
|
||||||
|
* @throws IllegalArgumentException if parameter is an invalid redirect code
|
||||||
|
*/
|
||||||
|
public SecuredRedirectHandler(final int code)
|
||||||
|
{
|
||||||
|
if (!HttpStatus.isRedirection(code))
|
||||||
|
throw new IllegalArgumentException("Not a 3xx redirect code");
|
||||||
|
_redirectCode = code;
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void handle(String target, Request baseRequest, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException
|
public void handle(String target, Request baseRequest, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException
|
||||||
{
|
{
|
||||||
|
@ -59,7 +85,7 @@ public class SecuredRedirectHandler extends HandlerWrapper
|
||||||
String secureScheme = httpConfig.getSecureScheme();
|
String secureScheme = httpConfig.getSecureScheme();
|
||||||
String url = URIUtil.newURI(secureScheme, baseRequest.getServerName(), securePort, baseRequest.getRequestURI(), baseRequest.getQueryString());
|
String url = URIUtil.newURI(secureScheme, baseRequest.getServerName(), securePort, baseRequest.getRequestURI(), baseRequest.getQueryString());
|
||||||
response.setContentLength(0);
|
response.setContentLength(0);
|
||||||
baseRequest.getResponse().sendRedirect(HttpServletResponse.SC_MOVED_TEMPORARILY, url, true);
|
baseRequest.getResponse().sendRedirect(_redirectCode, url, true);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
|
|
|
@ -0,0 +1,177 @@
|
||||||
|
//
|
||||||
|
// ========================================================================
|
||||||
|
// Copyright (c) 1995-2022 Mort Bay Consulting Pty Ltd and others.
|
||||||
|
//
|
||||||
|
// This program and the accompanying materials are made available under the
|
||||||
|
// terms of the Eclipse Public License v. 2.0 which is available at
|
||||||
|
// https://www.eclipse.org/legal/epl-2.0, or the Apache License, Version 2.0
|
||||||
|
// which is available at https://www.apache.org/licenses/LICENSE-2.0.
|
||||||
|
//
|
||||||
|
// SPDX-License-Identifier: EPL-2.0 OR Apache-2.0
|
||||||
|
// ========================================================================
|
||||||
|
//
|
||||||
|
|
||||||
|
package org.eclipse.jetty.server.handler;
|
||||||
|
|
||||||
|
import java.io.File;
|
||||||
|
import java.net.HttpURLConnection;
|
||||||
|
import java.net.URI;
|
||||||
|
import java.net.URL;
|
||||||
|
import javax.net.ssl.HostnameVerifier;
|
||||||
|
import javax.net.ssl.HttpsURLConnection;
|
||||||
|
import javax.net.ssl.SSLSocketFactory;
|
||||||
|
import javax.servlet.http.HttpServletResponse;
|
||||||
|
|
||||||
|
import org.eclipse.jetty.server.Connector;
|
||||||
|
import org.eclipse.jetty.server.Handler;
|
||||||
|
import org.eclipse.jetty.server.HttpConfiguration;
|
||||||
|
import org.eclipse.jetty.server.HttpConnectionFactory;
|
||||||
|
import org.eclipse.jetty.server.SecureRequestCustomizer;
|
||||||
|
import org.eclipse.jetty.server.Server;
|
||||||
|
import org.eclipse.jetty.server.ServerConnector;
|
||||||
|
import org.eclipse.jetty.server.SslConnectionFactory;
|
||||||
|
import org.eclipse.jetty.toolchain.test.MavenTestingUtils;
|
||||||
|
import org.eclipse.jetty.util.ssl.SslContextFactory;
|
||||||
|
import org.junit.jupiter.api.Test;
|
||||||
|
|
||||||
|
import static org.hamcrest.MatcherAssert.assertThat;
|
||||||
|
import static org.hamcrest.Matchers.is;
|
||||||
|
import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
|
||||||
|
import static org.junit.jupiter.api.Assertions.assertThrows;
|
||||||
|
|
||||||
|
public class SecuredRedirectHandlerCodeTest
|
||||||
|
{
|
||||||
|
private Server server;
|
||||||
|
private HostnameVerifier origVerifier;
|
||||||
|
private SSLSocketFactory origSsf;
|
||||||
|
private URI serverHttpUri;
|
||||||
|
private URI serverHttpsUri;
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testConstructorRedirectRangeValid()
|
||||||
|
{
|
||||||
|
assertDoesNotThrow(() -> new SecuredRedirectHandler(300));
|
||||||
|
assertDoesNotThrow(() -> new SecuredRedirectHandler(399));
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testConstructorRedirectRangeInvalid()
|
||||||
|
{
|
||||||
|
assertThrows(IllegalArgumentException.class, () -> new SecuredRedirectHandler(299));
|
||||||
|
assertThrows(IllegalArgumentException.class, () -> new SecuredRedirectHandler(400));
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testRedirectUnsecuredRootMovedTemporarily() throws Exception
|
||||||
|
{
|
||||||
|
try
|
||||||
|
{
|
||||||
|
startServer(HttpServletResponse.SC_MOVED_TEMPORARILY);
|
||||||
|
URL url = serverHttpUri.resolve("/").toURL();
|
||||||
|
HttpURLConnection connection = (HttpURLConnection)url.openConnection();
|
||||||
|
connection.setInstanceFollowRedirects(false);
|
||||||
|
connection.setAllowUserInteraction(false);
|
||||||
|
assertThat("response code", connection.getResponseCode(), is(302));
|
||||||
|
assertThat("location header", connection.getHeaderField("Location"), is(serverHttpsUri.resolve("/").toASCIIString()));
|
||||||
|
connection.disconnect();
|
||||||
|
}
|
||||||
|
finally
|
||||||
|
{
|
||||||
|
stopServer();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testRedirectUnsecuredRootMovedPermanently() throws Exception
|
||||||
|
{
|
||||||
|
try
|
||||||
|
{
|
||||||
|
startServer(HttpServletResponse.SC_MOVED_PERMANENTLY);
|
||||||
|
URL url = serverHttpUri.resolve("/").toURL();
|
||||||
|
HttpURLConnection connection = (HttpURLConnection)url.openConnection();
|
||||||
|
connection.setInstanceFollowRedirects(false);
|
||||||
|
connection.setAllowUserInteraction(false);
|
||||||
|
assertThat("response code", connection.getResponseCode(), is(301));
|
||||||
|
assertThat("location header", connection.getHeaderField("Location"), is(serverHttpsUri.resolve("/").toASCIIString()));
|
||||||
|
connection.disconnect();
|
||||||
|
}
|
||||||
|
finally
|
||||||
|
{
|
||||||
|
stopServer();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
private void startServer(int redirectCode) throws Exception
|
||||||
|
{
|
||||||
|
// Setup SSL
|
||||||
|
File keystore = MavenTestingUtils.getTestResourceFile("keystore.p12");
|
||||||
|
SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
|
||||||
|
sslContextFactory.setKeyStorePath(keystore.getAbsolutePath());
|
||||||
|
sslContextFactory.setKeyStorePassword("storepwd");
|
||||||
|
|
||||||
|
server = new Server();
|
||||||
|
|
||||||
|
int port = 32080;
|
||||||
|
int securePort = 32443;
|
||||||
|
|
||||||
|
// Setup HTTP Configuration
|
||||||
|
HttpConfiguration httpConf = new HttpConfiguration();
|
||||||
|
httpConf.setSecurePort(securePort);
|
||||||
|
httpConf.setSecureScheme("https");
|
||||||
|
|
||||||
|
ServerConnector httpConnector = new ServerConnector(server, new HttpConnectionFactory(httpConf));
|
||||||
|
httpConnector.setName("unsecured");
|
||||||
|
httpConnector.setPort(port);
|
||||||
|
|
||||||
|
// Setup HTTPS Configuration
|
||||||
|
HttpConfiguration httpsConf = new HttpConfiguration(httpConf);
|
||||||
|
httpsConf.addCustomizer(new SecureRequestCustomizer());
|
||||||
|
|
||||||
|
ServerConnector httpsConnector = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, "http/1.1"), new HttpConnectionFactory(httpsConf));
|
||||||
|
httpsConnector.setName("secured");
|
||||||
|
httpsConnector.setPort(securePort);
|
||||||
|
|
||||||
|
// Add connectors
|
||||||
|
server.setConnectors(new Connector[]{httpConnector, httpsConnector});
|
||||||
|
|
||||||
|
// Wire up context for unsecure handling to only
|
||||||
|
// the named 'unsecured' connector
|
||||||
|
ContextHandler redirectHandler = new ContextHandler();
|
||||||
|
redirectHandler.setContextPath("/");
|
||||||
|
redirectHandler.setHandler(new SecuredRedirectHandler(redirectCode));
|
||||||
|
redirectHandler.setVirtualHosts(new String[]{"@unsecured"});
|
||||||
|
|
||||||
|
// Establish all handlers that have a context
|
||||||
|
ContextHandlerCollection contextHandlers = new ContextHandlerCollection();
|
||||||
|
contextHandlers.setHandlers(new Handler[]{redirectHandler});
|
||||||
|
|
||||||
|
// Create server level handler tree
|
||||||
|
server.setHandler(new HandlerList(contextHandlers, new DefaultHandler()));
|
||||||
|
|
||||||
|
server.start();
|
||||||
|
|
||||||
|
// calculate serverUri
|
||||||
|
String host = httpConnector.getHost();
|
||||||
|
if (host == null)
|
||||||
|
{
|
||||||
|
host = "localhost";
|
||||||
|
}
|
||||||
|
serverHttpUri = new URI(String.format("http://%s:%d/", host, httpConnector.getLocalPort()));
|
||||||
|
serverHttpsUri = new URI(String.format("https://%s:%d/", host, httpsConnector.getLocalPort()));
|
||||||
|
|
||||||
|
origVerifier = HttpsURLConnection.getDefaultHostnameVerifier();
|
||||||
|
origSsf = HttpsURLConnection.getDefaultSSLSocketFactory();
|
||||||
|
|
||||||
|
HttpsURLConnection.setDefaultHostnameVerifier(new AllowAllVerifier());
|
||||||
|
HttpsURLConnection.setDefaultSSLSocketFactory(sslContextFactory.getSslContext().getSocketFactory());
|
||||||
|
}
|
||||||
|
|
||||||
|
private void stopServer() throws Exception
|
||||||
|
{
|
||||||
|
HttpsURLConnection.setDefaultSSLSocketFactory(origSsf);
|
||||||
|
HttpsURLConnection.setDefaultHostnameVerifier(origVerifier);
|
||||||
|
|
||||||
|
server.stop();
|
||||||
|
server.join();
|
||||||
|
}
|
||||||
|
}
|
4
pom.xml
4
pom.xml
|
@ -45,7 +45,7 @@
|
||||||
<grpc.version>1.43.2</grpc.version>
|
<grpc.version>1.43.2</grpc.version>
|
||||||
<gson.version>2.8.9</gson.version>
|
<gson.version>2.8.9</gson.version>
|
||||||
<guava.version>31.0.1-jre</guava.version>
|
<guava.version>31.0.1-jre</guava.version>
|
||||||
<guice.version>5.0.1</guice.version>
|
<guice.version>5.1.0</guice.version>
|
||||||
<hamcrest.version>2.2</hamcrest.version>
|
<hamcrest.version>2.2</hamcrest.version>
|
||||||
<hawtio.version>2.14.4</hawtio.version>
|
<hawtio.version>2.14.4</hawtio.version>
|
||||||
<hazelcast.version>4.2.4</hazelcast.version>
|
<hazelcast.version>4.2.4</hazelcast.version>
|
||||||
|
@ -167,7 +167,7 @@
|
||||||
<maven.source.plugin.version>3.2.1</maven.source.plugin.version>
|
<maven.source.plugin.version>3.2.1</maven.source.plugin.version>
|
||||||
<maven.war.plugin.version>3.3.2</maven.war.plugin.version>
|
<maven.war.plugin.version>3.3.2</maven.war.plugin.version>
|
||||||
<spotbugs.maven.plugin.version>4.5.3.0</spotbugs.maven.plugin.version>
|
<spotbugs.maven.plugin.version>4.5.3.0</spotbugs.maven.plugin.version>
|
||||||
<versions.maven.plugin.version>2.8.1</versions.maven.plugin.version>
|
<versions.maven.plugin.version>2.9.0</versions.maven.plugin.version>
|
||||||
|
|
||||||
<!-- testing -->
|
<!-- testing -->
|
||||||
<invoker.mergeUserSettings>false</invoker.mergeUserSettings>
|
<invoker.mergeUserSettings>false</invoker.mergeUserSettings>
|
||||||
|
|
Loading…
Reference in New Issue