Eclipse
/
jetty.project
mirror of https://github.com/jetty/jetty.project.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/jetty-9.4.x'

This commit is contained in:
Joakim Erdfelt 2017-10-10 13:44:22 -07:00
parent 632365f2e2 a8d08df84f
commit c3c3881c9f
13 changed files with 580 additions and 471 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
jetty-documentation/src/main/asciidoc/configuring/security/authentication.adoc
View File

@ -15,7 +15,7 @@
// ========================================================================
[[configuring-security-authentication]]
=== Authentication
=== Authentication and Authorization
There are two aspects to securing a web application(or context) within the Jetty server:
@ -459,3 +459,58 @@ You can then define roles that should be able to perform these protected methods
----
In the above example, only users with an `admin` role will be able to perform `DELETE` or `POST` methods.
===== Configuring Authorization with Context XML Files
While the examples above show configuration of Authorization in a `web.xml` file, they can also be configured as part of the link#link:#deployable-descriptor-file[context xml file] for a web application.
This is especially helpful if authorization needs change over time and need updated without re-packaging the whole web app.
To do this, we add a section for security constraints into the context xml file for our web app as part of the `securityHandler`.
In the example below, a `HashLoginService` is defined with authorization being granted too `foo/*` paths to users with the `admin` and `manager` roles.
[source, xml, subs="{sub-order}"]
----
<Configure id="testWebapp" class="org.eclipse.jetty.webapp.WebAppContext">
<Get name="securityHandler">
<Set name="realmName">Test Realm</Set>
<Set name="authMethod">BASIC</Set>
<Call name="addConstraintMapping">
<Arg>
<New class="org.eclipse.jetty.security.ConstraintMapping">
<Set name="pathSpec">/foo/*</Set>
<Set name="constraint">
<New class="org.eclipse.jetty.util.security.Constraint">
<Set name="name">Foo Auth</Set>
<Set name="authenticate">true</Set>
<Set name="roles">
<Array type="java.lang.String">
<Item>admin</Item>
<Item>manager</Item>
</Array>
</Set>
</New>
</Set>
</New>
</Arg>
</Call>
<Set name="loginService">
<New class="org.eclipse.jetty.security.HashLoginService">
<Set name="name">Test Realm</Set>
<Set name="config">/src/tmp/small-security-test/realm.properties</Set>
</New>
</Set>
</Get>
</Configure>
----
If roles changed in the future, administrators could easily change this context xml file without having to edit the contents of the web app at all.
==== Authentication and Authorization with Embedded Jetty
In addition to the distribution, security can be defined as part of an embedded implementation as well.
Below is an example which, like the one above, sets up a server with a `HashLoginService` and adds security constraints to restrict access based on roles.
[source, java, subs="{sub-order}"]
----
include::{SRCDIR}/examples/embedded/src/main/java/org/eclipse/jetty/embedded/SecuredHelloHandler.java[]
----

2
jetty-util/src/main/java/org/eclipse/jetty/util/security/CertificateUtils.java
View File

@ -23,6 +23,7 @@ import java.security.KeyStore;
import java.security.cert.CRL;
import java.security.cert.CertificateFactory;
import java.util.Collection;
import java.util.Objects;
import org.eclipse.jetty.util.resource.Resource;
@ -35,6 +36,7 @@ public class CertificateUtils
if (store != null)
{
Objects.requireNonNull(storeType, "storeType cannot be null");
if (storeProvider != null)
{
keystore = KeyStore.getInstance(storeType, storeProvider);

20
jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java
View File

@ -665,7 +665,7 @@ public class SslContextFactory extends AbstractLifeCycle implements Dumpable
}
/**
* @return The type of the trust store (default "JKS")
* @return The type of the trust store
*/
@ManagedAttribute("The trustStore type")
public String getTrustStoreType()
@ -674,7 +674,7 @@ public class SslContextFactory extends AbstractLifeCycle implements Dumpable
}
/**
* @param trustStoreType The type of the trust store (default "JKS")
* @param trustStoreType The type of the trust store
*/
public void setTrustStoreType(String trustStoreType)
{
@ -1046,19 +1046,11 @@ public class SslContextFactory extends AbstractLifeCycle implements Dumpable
*/
protected KeyStore loadTrustStore(Resource resource) throws Exception
{
String type = getTrustStoreType();
String provider = getTrustStoreProvider();
String passwd = Objects.toString(_trustStorePassword, null);
if (resource == null || resource.equals(_keyStoreResource))
{
String type = Objects.toString(getTrustStoreType(), getKeyStoreType());
String provider = Objects.toString(getTrustStoreProvider(), getKeyStoreProvider());
String passwd = Objects.toString(_trustStorePassword, Objects.toString(_keyStorePassword, null));
if (resource == null)
resource = _keyStoreResource;
if (type == null)
type = _keyStoreType;
if (provider == null)
provider = _keyStoreProvider;
if (passwd == null)
passwd = Objects.toString(_keyStorePassword, null);
}
return CertificateUtils.getKeyStore(resource, type, provider, passwd);
}

51
jetty-util/src/test/java/org/eclipse/jetty/util/ssl/SslContextFactoryTest.java
View File

@ -18,6 +18,15 @@
package org.eclipse.jetty.util.ssl;
import static org.hamcrest.Matchers.containsInAnyOrder;
import static org.hamcrest.Matchers.containsString;
import static org.hamcrest.Matchers.equalTo;
import static org.hamcrest.Matchers.greaterThan;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertThat;
import static org.junit.Assert.assertTrue;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
@ -27,21 +36,16 @@ import javax.net.ssl.SSLEngine;
import org.eclipse.jetty.util.component.AbstractLifeCycle;
import org.eclipse.jetty.util.log.StacklessLogging;
import org.eclipse.jetty.util.resource.Resource;
import org.hamcrest.Matchers;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import static org.hamcrest.Matchers.containsInAnyOrder;
import static org.hamcrest.Matchers.equalTo;
import static org.hamcrest.Matchers.greaterThan;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertThat;
import static org.junit.Assert.assertTrue;
import org.junit.rules.ExpectedException;
public class SslContextFactoryTest
{
@Rule
public ExpectedException expectedException = ExpectedException.none();
private SslContextFactory cf;
@Before
@ -155,14 +159,11 @@ public class SslContextFactoryTest
cf.setKeyManagerPassword("wrong_keypwd");
cf.setTrustStorePassword("storepwd");
try (StacklessLogging stackless = new StacklessLogging(AbstractLifeCycle.class))
expectedException.expect(java.security.UnrecoverableKeyException.class);
expectedException.expectMessage(containsString("Cannot recover key"));
try (StacklessLogging ignore = new StacklessLogging(AbstractLifeCycle.class))
{
cf.start();
Assert.fail();
}
catch (java.security.UnrecoverableKeyException e)
{
Assert.assertThat(e.toString(), Matchers.containsString("UnrecoverableKeyException"));
}
}
@ -178,29 +179,23 @@ public class SslContextFactoryTest
cf.setKeyManagerPassword("keypwd");
cf.setTrustStorePassword("wrong_storepwd");
try (StacklessLogging stackless = new StacklessLogging(AbstractLifeCycle.class))
expectedException.expect(IOException.class);
expectedException.expectMessage(containsString("Keystore was tampered with, or password was incorrect"));
try (StacklessLogging ignore = new StacklessLogging(AbstractLifeCycle.class))
{
cf.start();
Assert.fail();
}
catch (IOException e)
{
Assert.assertThat(e.toString(), Matchers.containsString("java.io.IOException: Keystore was tampered with, or password was incorrect"));
}
}
@Test
public void testNoKeyConfig() throws Exception
{
try (StacklessLogging stackless = new StacklessLogging(AbstractLifeCycle.class))
expectedException.expect(IllegalStateException.class);
expectedException.expectMessage(containsString("no valid keystore"));
try (StacklessLogging ignore = new StacklessLogging(AbstractLifeCycle.class))
{
cf.setTrustStorePath("/foo");
cf.start();
Assert.fail();
}
catch (IllegalStateException e)
{
Assert.assertThat(e.toString(), Matchers.containsString("IllegalStateException: no valid keystore"));
}
}

20
jetty-websocket/websocket-common/src/main/java/org/eclipse/jetty/websocket/common/DummyConnection.java
View File

@ -27,7 +27,6 @@ import org.eclipse.jetty.websocket.api.FrameCallback;
import org.eclipse.jetty.websocket.api.SuspendToken;
import org.eclipse.jetty.websocket.api.WebSocketPolicy;
import org.eclipse.jetty.websocket.api.extensions.Frame;
import org.eclipse.jetty.websocket.common.LogicalConnection;
public class DummyConnection implements LogicalConnection
{
@ -44,16 +43,27 @@ public class DummyConnection implements LogicalConnection
this.policy = policy;
}
@Override
public void setSession(WebSocketSession session)
{
}
@Override
public void onLocalClose(CloseInfo close)
{
}
@Override
public void disconnect()
{
}
@Override
public void fillInterested()
{
}
@Override
public ByteBufferPool getBufferPool()
{
@ -89,13 +99,13 @@ public class DummyConnection implements LogicalConnection
{
return 0;
}
@Override
public WebSocketPolicy getPolicy()
{
return policy;
}
@Override
public InetSocketAddress getRemoteAddress()
{

15
jetty-websocket/websocket-common/src/main/java/org/eclipse/jetty/websocket/common/LogicalConnection.java
View File

@ -38,7 +38,13 @@ public interface LogicalConnection extends OutgoingFrames, SuspendToken
*/
void onError(Throwable cause);
}
/**
* Called to indicate a close frame was successfully sent to the remote.
* @param close the close details
*/
void onLocalClose(CloseInfo close);
/**
* Terminate the connection (no close frame sent)
*/
@ -117,6 +123,13 @@ public interface LogicalConnection extends OutgoingFrames, SuspendToken
*/
void setMaxIdleTimeout(long ms);
/**
* Associate the Active Session with the connection.
*
* @param session the session for this connection
*/
void setSession(WebSocketSession session);
/**
* Suspend a the incoming read events on the connection.
* @return the suspend token

145
jetty-websocket/websocket-common/src/main/java/org/eclipse/jetty/websocket/common/WebSocketSession.java
View File

@ -82,6 +82,7 @@ public class WebSocketSession extends ContainerLifeCycle implements Session, Rem
private final WebSocketContainerScope containerScope;
private final WebSocketPolicy policy;
private final AtomicBoolean closed = new AtomicBoolean();
private final URI requestURI;
private final LogicalConnection connection;
private final Executor executor;
@ -95,20 +96,7 @@ public class WebSocketSession extends ContainerLifeCycle implements Session, Rem
private Object endpoint;
// Callbacks
private FrameCallback onDisconnectCallback = new CompletionCallback()
{
@Override
public void complete()
{
if (connectionState.onClosed())
{
if (LOG.isDebugEnabled())
LOG.debug("ConnectionState: Transition to CLOSED");
connection.disconnect();
}
}
};
// Endpoint Functions and MessageSinks
protected EndpointFunctions endpointFunctions;
private MessageSink activeMessageSink;
@ -141,8 +129,11 @@ public class WebSocketSession extends ContainerLifeCycle implements Session, Rem
this.executor = connection.getExecutor();
this.outgoingHandler = connection;
this.policy = connection.getPolicy();
this.connection.setSession(this);
addBean(this.connection);
addBean(endpoint);
}
public EndpointFunctions newEndpointFunctions(Object endpoint)
@ -154,50 +145,56 @@ public class WebSocketSession extends ContainerLifeCycle implements Session, Rem
{
connectionState.onConnecting();
}
/**
* Aborts the active session abruptly.
*/
public void abort(int statusCode, String reason)
{
close(new CloseInfo(statusCode, reason), new DisconnectCallback());
}
@Override
public void close()
{
/* This is assumed to always be a NORMAL closure, no reason phrase */
close(StatusCode.NORMAL, null);
close(new CloseInfo(StatusCode.NORMAL), null);
}
@Override
public void close(CloseStatus closeStatus)
{
close(closeStatus.getCode(), closeStatus.getPhrase());
close(new CloseInfo(closeStatus.getCode(),closeStatus.getPhrase()), null);
}
@Override
public void close(int statusCode, String reason)
{
close(statusCode, reason, EMPTY);
close(new CloseInfo(statusCode, reason), null);
}
private void close(int statusCode, String reason, FrameCallback callback)
{
close(new CloseInfo(statusCode, reason), callback);
}
/**
* CLOSE Primary Entry Point.
*
* <ul>
* <li>atomically enqueue CLOSE frame + flip flag to reject more frames</li>
* <li>setup CLOSE frame callback: must close flusher</li>
* </ul>
*
* @param closeInfo the close details
*/
private void close(CloseInfo closeInfo, FrameCallback callback)
{
connectionState.onClosing(); // always move to (at least) the CLOSING state (might already be past it, which is ok)
if (closeSent.compareAndSet(false, true))
if (LOG.isDebugEnabled())
LOG.debug("close({})", closeInfo);
if (closed.compareAndSet(false, true))
{
if (LOG.isDebugEnabled())
LOG.debug("Sending Close Frame");
CloseFrame closeFrame = closeInfo.asFrame();
outgoingHandler.outgoingFrame(closeFrame, callback, BatchMode.OFF);
}
else
{
if (LOG.isDebugEnabled())
LOG.debug("Close Frame Previously Sent: ignoring: {} [{}]", closeInfo, callback);
callback.fail(new WebSocketException("Already closed"));
CloseFrame frame = closeInfo.asFrame();
connection.outgoingFrame(frame, new OnCloseLocalCallback(callback, connection, closeInfo), BatchMode.OFF);
}
}
/**
* Harsh disconnect
*/
@ -510,7 +507,7 @@ public class WebSocketSession extends ContainerLifeCycle implements Session, Rem
CloseFrame closeframe = (CloseFrame) frame;
CloseInfo closeInfo = new CloseInfo(closeframe, true);
notifyClose(closeInfo);
close(closeInfo, onDisconnectCallback);
close(closeInfo, new DisconnectCallback());
}
else if (connectionState.onClosed())
{
@ -616,7 +613,7 @@ public class WebSocketSession extends ContainerLifeCycle implements Session, Rem
@Override
public boolean isOpen()
{
return this.connectionState.get() == AtomicConnectionState.State.OPEN;
return !closed.get() && (this.connectionState.get() == AtomicConnectionState.State.OPEN);
}
@Override
@ -677,21 +674,21 @@ public class WebSocketSession extends ContainerLifeCycle implements Session, Rem
if (cause instanceof NotUtf8Exception)
{
close(StatusCode.BAD_PAYLOAD, cause.getMessage(), onDisconnectCallback);
close(new CloseInfo(StatusCode.BAD_PAYLOAD, cause.getMessage()), new DisconnectCallback());
}
else if (cause instanceof SocketTimeoutException)
{
// A path often seen in Windows
close(StatusCode.SHUTDOWN, cause.getMessage(), onDisconnectCallback);
close(new CloseInfo(StatusCode.SHUTDOWN, cause.getMessage()), new DisconnectCallback());
}
else if (cause instanceof IOException)
{
close(StatusCode.PROTOCOL, cause.getMessage(), onDisconnectCallback);
close(new CloseInfo(StatusCode.PROTOCOL, cause.getMessage()), new DisconnectCallback());
}
else if (cause instanceof SocketException)
{
// A path unique to Unix
close(StatusCode.SHUTDOWN, cause.getMessage(), onDisconnectCallback);
close(new CloseInfo(StatusCode.SHUTDOWN, cause.getMessage()), new DisconnectCallback());
}
else if (cause instanceof CloseException)
{
@ -708,15 +705,15 @@ public class WebSocketSession extends ContainerLifeCycle implements Session, Rem
case StatusCode.POLICY_VIOLATION:
case StatusCode.SERVER_ERROR:
{
callback = onDisconnectCallback;
callback = new DisconnectCallback();
}
}
close(ce.getStatusCode(), ce.getMessage(), callback);
close(new CloseInfo(ce.getStatusCode(), ce.getMessage()), callback);
}
else if (cause instanceof WebSocketTimeoutException)
{
close(StatusCode.SHUTDOWN, cause.getMessage(), onDisconnectCallback);
close(new CloseInfo(StatusCode.SHUTDOWN, cause.getMessage()), new DisconnectCallback());
}
else
{
@ -986,4 +983,60 @@ public class WebSocketSession extends ContainerLifeCycle implements Session, Rem
void onClosed(WebSocketSession session);
}
public static class OnCloseLocalCallback implements FrameCallback
{
private final FrameCallback wrapped;
private final LogicalConnection connection;
private final CloseInfo close;
public OnCloseLocalCallback(FrameCallback callback, LogicalConnection connection, CloseInfo close)
{
this.wrapped = callback;
this.connection = connection;
this.close = close;
}
@Override
public void succeed()
{
try
{
if (wrapped != null)
{
wrapped.succeed();
}
}
finally
{
connection.onLocalClose(close);
}
}
@Override
public void fail(Throwable cause)
{
try
{
if (wrapped != null)
{
wrapped.fail(cause);
}
}
finally
{
connection.onLocalClose(close);
}
}
}
public class DisconnectCallback extends CompletionCallback
{
@Override
public void complete()
{
connectionState.onClosed();
disconnect();
}
}
}

100
jetty-websocket/websocket-common/src/main/java/org/eclipse/jetty/websocket/common/io/AbstractWebSocketConnection.java
View File

@ -18,6 +18,7 @@
package org.eclipse.jetty.websocket.common.io;
import java.io.EOFException;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.net.SocketTimeoutException;
@ -28,6 +29,7 @@ import java.util.Objects;
import java.util.concurrent.CopyOnWriteArrayList;
import java.util.concurrent.Executor;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.concurrent.atomic.AtomicLong;
import org.eclipse.jetty.io.AbstractConnection;
import org.eclipse.jetty.io.ByteBufferPool;
@ -40,14 +42,16 @@ import org.eclipse.jetty.util.log.Log;
import org.eclipse.jetty.util.log.Logger;
import org.eclipse.jetty.websocket.api.BatchMode;
import org.eclipse.jetty.websocket.api.FrameCallback;
import org.eclipse.jetty.websocket.api.StatusCode;
import org.eclipse.jetty.websocket.api.SuspendToken;
import org.eclipse.jetty.websocket.api.WebSocketPolicy;
import org.eclipse.jetty.websocket.api.WebSocketTimeoutException;
import org.eclipse.jetty.websocket.api.extensions.ExtensionConfig;
import org.eclipse.jetty.websocket.api.extensions.Frame;
import org.eclipse.jetty.websocket.common.CloseInfo;
import org.eclipse.jetty.websocket.common.Generator;
import org.eclipse.jetty.websocket.common.LogicalConnection;
import org.eclipse.jetty.websocket.common.Parser;
import org.eclipse.jetty.websocket.common.WebSocketSession;
import org.eclipse.jetty.websocket.common.extensions.ExtensionStack;
/**
@ -57,18 +61,25 @@ public abstract class AbstractWebSocketConnection extends AbstractConnection imp
{
private class Flusher extends FrameFlusher
{
private Flusher(int bufferSize, Generator generator, EndPoint endpoint)
private Flusher(ByteBufferPool bufferPool, Generator generator, EndPoint endpoint)
{
super(generator,endpoint,bufferSize,8);
super(bufferPool,generator,endpoint,getPolicy().getMaxBinaryMessageBufferSize(),8);
}
@Override
protected void onFailure(Throwable x)
public void onCompleteFailure(Throwable failure)
{
notifyError(x);
super.onCompleteFailure(failure);
notifyError(failure);
if (LOG.isDebugEnabled())
LOG.debug("Write flush failure", failure);
session.notifyClose(new CloseInfo(StatusCode.ABNORMAL, "Write Flush Failure"));
disconnect();
}
}
private static final AtomicLong ID_GEN = new AtomicLong(0);
/**
* Minimum size of a buffer is the determined to be what would be the maximum framing header size (not including payload)
*/
@ -83,8 +94,9 @@ public abstract class AbstractWebSocketConnection extends AbstractConnection imp
private final AtomicBoolean closed = new AtomicBoolean();
private final FrameFlusher flusher;
private final String id;
private final ExtensionStack extensionStack;
private final List<LogicalConnection.Listener> listeners = new CopyOnWriteArrayList<>();
private WebSocketSession session;
private ExtensionStack extensionStack;
private List<LogicalConnection.Listener> listeners = new CopyOnWriteArrayList<>();
private AtomicBoolean fillAndParseScope = new AtomicBoolean(false);
private List<ExtensionConfig> extensions;
private ByteBuffer networkBuffer;
@ -99,12 +111,7 @@ public abstract class AbstractWebSocketConnection extends AbstractConnection imp
Objects.requireNonNull(bufferPool, "ByteBufferPool");
LOG = Log.getLogger(AbstractWebSocketConnection.class.getName() + "." + policy.getBehavior());
this.id = String.format("%s:%d->%s:%d",
endp.getLocalAddress().getAddress().getHostAddress(),
endp.getLocalAddress().getPort(),
endp.getRemoteAddress().getAddress().getHostAddress(),
endp.getRemoteAddress().getPort());
this.id = Long.toString(ID_GEN.incrementAndGet());
this.policy = policy;
this.bufferPool = bufferPool;
this.extensionStack = extensionStack;
@ -113,7 +120,7 @@ public abstract class AbstractWebSocketConnection extends AbstractConnection imp
this.parser = new Parser(policy,bufferPool,this);
this.extensions = new ArrayList<>();
this.suspendToken = new AtomicBoolean(false);
this.flusher = new Flusher(policy.getOutputBufferSize(),generator,endp);
this.flusher = new Flusher(bufferPool,generator,endp);
this.setInputBufferSize(policy.getInputBufferSize());
this.setMaxIdleTimeout(policy.getIdleTimeout());
@ -128,17 +135,58 @@ public abstract class AbstractWebSocketConnection extends AbstractConnection imp
return super.getExecutor();
}
@Override
public void onLocalClose(CloseInfo close)
{
if (LOG.isDebugEnabled())
LOG.debug("Local Close Confirmed {}",close);
if (close.isAbnormal())
{
session.notifyClose(close);
disconnect();
}
else
{
// TODO: ugly - creates a new CloseInfo object later.
session.close(close.getStatusCode(), close.getReason());
}
}
@Override
public void setSession(WebSocketSession session)
{
this.session = session;
}
@Override
public boolean onIdleExpired()
{
// TODO: handle closing handshake (see HTTP2Connection).
return super.onIdleExpired();
}
/**
* Jetty Connection Close
*/
@Override
public void close()
{
session.close();
}
@Override
public void disconnect()
{
if (LOG.isDebugEnabled())
LOG.debug("disconnect()");
// close FrameFlusher, we cannot write anymore at this point.
flusher.close();
LOG.debug("{} disconnect()",policy.getBehavior());
closed.set(true);
close();
flusher.terminate(new EOFException("Disconnected"), false);
EndPoint endPoint = getEndPoint();
// We need to gently close first, to allow
// SSL close alerts to be sent by Jetty
endPoint.shutdownOutput();
endPoint.close();
}
@Override
@ -218,21 +266,9 @@ public abstract class AbstractWebSocketConnection extends AbstractConnection imp
LOG.debug("onClose()");
closed.set(true);
flusher.close();
super.onClose();
}
@Override
public boolean onIdleExpired()
{
if (LOG.isDebugEnabled())
LOG.debug("onIdleExpired()");
notifyError(new WebSocketTimeoutException("Connection Idle Timeout"));
return true;
}
@Override
public boolean onFrame(Frame frame)
{

618
jetty-websocket/websocket-common/src/main/java/org/eclipse/jetty/websocket/common/io/FrameFlusher.java
View File

@ -18,21 +18,20 @@
package org.eclipse.jetty.websocket.common.io;
import java.io.EOFException;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.nio.channels.ClosedChannelException;
import java.util.ArrayDeque;
import java.util.ArrayList;
import java.util.Deque;
import java.util.List;
import java.util.Objects;
import org.eclipse.jetty.io.ByteBufferPool;
import org.eclipse.jetty.io.EndPoint;
import org.eclipse.jetty.util.BufferUtil;
import org.eclipse.jetty.util.IteratingCallback;
import org.eclipse.jetty.util.log.Log;
import org.eclipse.jetty.util.log.Logger;
import org.eclipse.jetty.util.thread.Locker;
import org.eclipse.jetty.websocket.api.BatchMode;
import org.eclipse.jetty.websocket.api.FrameCallback;
import org.eclipse.jetty.websocket.api.extensions.Frame;
@ -40,218 +39,310 @@ import org.eclipse.jetty.websocket.common.Generator;
import org.eclipse.jetty.websocket.common.OpCode;
import org.eclipse.jetty.websocket.common.frames.BinaryFrame;
/**
* Interface for working with bytes destined for {@link EndPoint#write(org.eclipse.jetty.util.Callback, ByteBuffer...)}
*/
public class FrameFlusher
public class FrameFlusher extends IteratingCallback
{
private class Flusher extends IteratingCallback
public static final BinaryFrame FLUSH_FRAME = new BinaryFrame();
private static final Logger LOG = Log.getLogger(FrameFlusher.class);
private final ByteBufferPool bufferPool;
private final EndPoint endPoint;
private final int bufferSize;
private final Generator generator;
private final int maxGather;
private final Deque<FrameEntry> queue = new ArrayDeque<>();
private final List<FrameEntry> entries;
private final List<ByteBuffer> buffers;
private boolean closed;
private Throwable terminated;
private ByteBuffer aggregate;
private BatchMode batchMode;
public FrameFlusher(ByteBufferPool bufferPool, Generator generator, EndPoint endPoint, int bufferSize, int maxGather)
{
private final List<FrameEntry> entries;
private final List<ByteBuffer> buffers;
private ByteBuffer aggregate;
private BatchMode batchMode;
this.bufferPool = bufferPool;
this.endPoint = endPoint;
this.bufferSize = bufferSize;
this.generator = Objects.requireNonNull(generator);
this.maxGather = maxGather;
this.entries = new ArrayList<>(maxGather);
this.buffers = new ArrayList<>((maxGather * 2) + 1);
}
public Flusher(int maxGather)
public void enqueue(Frame frame, FrameCallback callback, BatchMode batchMode)
{
FrameEntry entry = new FrameEntry(frame, callback, batchMode);
Throwable closed;
synchronized (this)
{
entries = new ArrayList<>(maxGather);
buffers = new ArrayList<>((maxGather * 2) + 1);
closed = terminated;
if (closed == null)
{
byte opCode = frame.getOpCode();
if (opCode == OpCode.PING || opCode == OpCode.PONG)
queue.offerFirst(entry);
else
queue.offerLast(entry);
}
}
private Action batch()
if (closed == null)
iterate();
else
notifyCallbackFailure(callback, closed);
}
@Override
protected Action process() throws Throwable
{
if (LOG.isDebugEnabled())
LOG.debug("Flushing {}", this);
int space = aggregate == null ? bufferSize : BufferUtil.space(aggregate);
BatchMode currentBatchMode = BatchMode.AUTO;
synchronized (this)
{
if (aggregate == null)
if (closed)
return Action.SUCCEEDED;
if (terminated != null)
throw terminated;
while (!queue.isEmpty() && entries.size() <= maxGather)
{
aggregate = generator.getBufferPool().acquire(bufferSize,true);
BufferUtil.clearToFill(aggregate);
if (LOG.isDebugEnabled())
{
LOG.debug("{} acquired aggregate buffer {}",FrameFlusher.this,aggregate);
}
}
FrameEntry entry = queue.poll();
currentBatchMode = BatchMode.max(currentBatchMode, entry.batchMode);
// Do not allocate the iterator here.
for (int i = 0; i < entries.size(); ++i)
{
FrameEntry entry = entries.get(i);
entry.generateHeaderBytes(aggregate);
ByteBuffer payload = entry.frame.getPayload();
if (BufferUtil.hasContent(payload))
{
BufferUtil.put(payload, aggregate);
}
}
if (LOG.isDebugEnabled())
{
LOG.debug("{} aggregated {} frames in {}: {}", FrameFlusher.this, entries.size(), aggregate, entries);
}
succeeded();
return Action.SCHEDULED;
}
@Override
protected void onCompleteSuccess()
{
// This IteratingCallback never completes.
}
@Override
public void onCompleteFailure(Throwable x)
{
for (FrameEntry entry : entries)
{
notifyCallbackFailure(entry.callback,x);
entry.release();
}
entries.clear();
failure = x;
onFailure(x);
}
private Action flush()
{
if (!BufferUtil.isEmpty(aggregate))
{
aggregate.flip();
buffers.add(aggregate);
if (LOG.isDebugEnabled())
{
LOG.debug("{} flushing aggregate {}",FrameFlusher.this,aggregate);
}
}
// Do not allocate the iterator here.
for (int i = 0; i < entries.size(); ++i)
{
FrameEntry entry = entries.get(i);
// Skip the "synthetic" frame used for flushing.
// Force flush if we need to.
if (entry.frame == FLUSH_FRAME)
{
continue;
}
buffers.add(entry.generateHeaderBytes());
ByteBuffer payload = entry.frame.getPayload();
if (BufferUtil.hasContent(payload))
{
buffers.add(payload);
}
}
currentBatchMode = BatchMode.OFF;
if (LOG.isDebugEnabled())
{
LOG.debug("{} flushing {} frames: {}",FrameFlusher.this,entries.size(),entries);
}
int payloadLength = BufferUtil.length(entry.frame.getPayload());
int approxFrameLength = Generator.MAX_HEADER_LENGTH + payloadLength;
if (buffers.isEmpty())
// If it is a "big" frame, avoid copying into the aggregate buffer.
if (approxFrameLength > (bufferSize >> 2))
currentBatchMode = BatchMode.OFF;
// If the aggregate buffer overflows, do not batch.
space -= approxFrameLength;
if (space <= 0)
currentBatchMode = BatchMode.OFF;
entries.add(entry);
}
}
if (LOG.isDebugEnabled())
LOG.debug("{} processing {} entries: {}", this, entries.size(), entries);
if (entries.isEmpty())
{
if (batchMode != BatchMode.AUTO)
{
// Nothing more to do, release the aggregate buffer if we need to.
// Releasing it here rather than in succeeded() allows for its reuse.
releaseAggregate();
// We may have the FLUSH_FRAME to notify.
succeedEntries();
return Action.IDLE;
}
endpoint.write(this,buffers.toArray(new ByteBuffer[buffers.size()]));
buffers.clear();
return Action.SCHEDULED;
}
@Override
protected Action process() throws Exception
{
BatchMode currentBatchMode = BatchMode.AUTO;
try (Locker.Lock l = lock.lock())
{
int space = aggregate == null?bufferSize:BufferUtil.space(aggregate);
while ((entries.size() <= maxGather) && !queue.isEmpty())
{
FrameEntry entry = queue.poll();
currentBatchMode = BatchMode.max(currentBatchMode,entry.batchMode);
// Force flush if we need to.
if (entry.frame == FLUSH_FRAME)
{
currentBatchMode = BatchMode.OFF;
}
int payloadLength = BufferUtil.length(entry.frame.getPayload());
int approxFrameLength = Generator.MAX_HEADER_LENGTH + payloadLength;
// If it is a "big" frame, avoid copying into the aggregate buffer.
if (approxFrameLength > (bufferSize >> 2))
{
currentBatchMode = BatchMode.OFF;
}
// If the aggregate buffer overflows, do not batch.
space -= approxFrameLength;
if (space <= 0)
{
currentBatchMode = BatchMode.OFF;
}
entries.add(entry);
}
}
if (LOG.isDebugEnabled())
{
LOG.debug("{} processing {} entries: {}",FrameFlusher.this,entries.size(),entries);
}
LOG.debug("{} auto flushing", this);
if (entries.isEmpty())
{
if (batchMode != BatchMode.AUTO)
{
// Nothing more to do, release the aggregate buffer if we need to.
// Releasing it here rather than in succeeded() allows for its reuse.
releaseAggregate();
return Action.IDLE;
}
LOG.debug("{} auto flushing",FrameFlusher.this);
return flush();
}
batchMode = currentBatchMode;
return currentBatchMode == BatchMode.OFF?flush():batch();
return flush();
}
private void releaseAggregate()
batchMode = currentBatchMode;
return currentBatchMode == BatchMode.OFF ? flush() : batch();
}
private Action batch()
{
if (aggregate == null)
{
if ((aggregate != null) && BufferUtil.isEmpty(aggregate))
{
generator.getBufferPool().release(aggregate);
aggregate = null;
}
aggregate = bufferPool.acquire(bufferSize, true);
BufferUtil.clearToFill(aggregate);
if (LOG.isDebugEnabled())
LOG.debug("{} acquired aggregate buffer {}", this, BufferUtil.toDetailString(aggregate));
}
@Override
public void succeeded()
for (FrameEntry entry : entries)
{
entry.generateHeaderBytes(aggregate);
ByteBuffer payload = entry.frame.getPayload();
if (BufferUtil.hasContent(payload))
BufferUtil.put(payload, aggregate);
}
if (LOG.isDebugEnabled())
LOG.debug("{} aggregated {} frames: {}", this, entries.size(), entries);
// We just aggregated the entries, so we need to succeed their callbacks.
succeeded();
return Action.SCHEDULED;
}
private Action flush()
{
if (!BufferUtil.isEmpty(aggregate))
{
aggregate.flip();
buffers.add(aggregate);
if (LOG.isDebugEnabled())
LOG.debug("{} flushing aggregate {}", this, aggregate);
}
for (FrameEntry entry : entries)
{
// Skip the "synthetic" frame used for flushing.
if (entry.frame == FLUSH_FRAME)
continue;
buffers.add(entry.generateHeaderBytes());
ByteBuffer payload = entry.frame.getPayload();
if (BufferUtil.hasContent(payload))
buffers.add(payload);
}
if (LOG.isDebugEnabled())
LOG.debug("{} flushing {} frames: {}", this, entries.size(), entries);
if (buffers.isEmpty())
{
releaseAggregate();
// We may have the FLUSH_FRAME to notify.
succeedEntries();
super.succeeded();
return Action.IDLE;
}
private void succeedEntries()
endPoint.write(this, buffers.toArray(new ByteBuffer[buffers.size()]));
buffers.clear();
return Action.SCHEDULED;
}
private int getQueueSize()
{
synchronized (this)
{
if(LOG.isDebugEnabled())
LOG.debug("succeedEntries()");
// Do not allocate the iterator here.
for (int i = 0; i < entries.size(); ++i)
{
FrameEntry entry = entries.get(i);
notifyCallbackSuccess(entry.callback);
entry.release();
}
entries.clear();
return queue.size();
}
}
@Override
public void succeeded()
{
succeedEntries();
super.succeeded();
}
private void succeedEntries()
{
for (FrameEntry entry : entries)
{
notifyCallbackSuccess(entry.callback);
entry.release();
if (entry.frame.getOpCode() == OpCode.CLOSE)
{
terminate(new ClosedChannelException(), true);
endPoint.shutdownOutput();
}
}
entries.clear();
}
@Override
public void onCompleteFailure(Throwable failure)
{
releaseAggregate();
Throwable closed;
synchronized (this)
{
closed = terminated;
if (closed == null)
terminated = failure;
entries.addAll(queue);
queue.clear();
}
for (FrameEntry entry : entries)
{
notifyCallbackFailure(entry.callback, failure);
entry.release();
}
entries.clear();
}
private void releaseAggregate()
{
if (BufferUtil.isEmpty(aggregate))
{
bufferPool.release(aggregate);
aggregate = null;
}
}
void terminate(Throwable cause, boolean close)
{
Throwable reason;
synchronized (this)
{
closed = close;
reason = terminated;
if (reason == null)
terminated = cause;
}
if (LOG.isDebugEnabled())
LOG.debug("{} {}", reason == null ? "Terminating" : "Terminated", this);
if (reason == null && !close)
iterate();
}
protected void notifyCallbackSuccess(FrameCallback callback)
{
try
{
if (callback != null)
{
callback.succeed();
}
}
catch (Throwable x)
{
if (LOG.isDebugEnabled())
LOG.debug("Exception while notifying success of callback " + callback, x);
}
}
protected void notifyCallbackFailure(FrameCallback callback, Throwable failure)
{
try
{
if (callback != null)
{
callback.fail(failure);
}
}
catch (Throwable x)
{
if (LOG.isDebugEnabled())
LOG.debug("Exception while notifying failure of callback " + callback, x);
}
}
@Override
public String toString()
{
return String.format("%s@%x[queueSize=%d,aggregateSize=%d,terminated=%s]",
getClass().getSimpleName(),
hashCode(),
getQueueSize(),
aggregate == null ? 0 : aggregate.position(),
terminated);
}
private class FrameEntry
{
private final Frame frame;
@ -273,7 +364,7 @@ public class FrameFlusher
private void generateHeaderBytes(ByteBuffer buffer)
{
generator.generateHeaderBytes(frame,buffer);
generator.generateHeaderBytes(frame, buffer);
}
private void release()
@ -288,164 +379,7 @@ public class FrameFlusher
@Override
public String toString()
{
return String.format("%s[%s,%s,%s,%s]",getClass().getSimpleName(),frame,callback,batchMode,failure);
return String.format("%s[%s,%s,%s,%s]", getClass().getSimpleName(), frame, callback, batchMode, terminated);
}
}
public static final BinaryFrame FLUSH_FRAME = new BinaryFrame();
private final Logger LOG;
private final EndPoint endpoint;
private final int bufferSize;
private final Generator generator;
private final int maxGather;
private final Locker lock = new Locker();
private final Deque<FrameEntry> queue = new ArrayDeque<>();
private final Flusher flusher;
private boolean closed = false;
private volatile Throwable failure;
public FrameFlusher(Generator generator, EndPoint endpoint, int bufferSize, int maxGather)
{
this.LOG = Log.getLogger(FrameFlusher.class.getName() + "." + generator.getBehavior().name());
this.endpoint = endpoint;
this.bufferSize = bufferSize;
this.generator = Objects.requireNonNull(generator);
this.maxGather = maxGather;
this.flusher = new Flusher(maxGather);
}
public void close()
{
List<FrameEntry> entries = null;
try(Locker.Lock l = lock.lock())
{
if (!closed)
{
closed = true;
LOG.debug("{} closing",this);
entries = new ArrayList<>();
entries.addAll(queue);
queue.clear();
}
}
// Notify outside sync block.
if (entries != null)
{
EOFException eof = new EOFException("Connection has been closed locally");
flusher.failed(eof);
for (FrameEntry entry : entries)
{
notifyCallbackFailure(entry.callback,eof);
}
}
}
public void enqueue(Frame frame, FrameCallback callback, BatchMode batchMode)
{
FrameEntry entry = new FrameEntry(frame,callback,batchMode);
Throwable failed = null;
try (Locker.Lock l = lock.lock())
{
if (closed)
{
failed = new EOFException("Connection has been closed locally");
}
else if (flusher.isFailed())
{
failed = failure==null?new IOException():failure;
}
else
{
switch (frame.getOpCode())
{
case OpCode.PING:
{
// Prepend PINGs so they are processed first.
queue.offerFirst(entry);
break;
}
case OpCode.CLOSE:
{
// There may be a chance that other frames are
// added after this close frame, but we will
// fail them later to keep it simple here.
closed = true;
queue.offer(entry);
break;
}
default:
{
queue.offer(entry);
break;
}
}
}
}
if (failed!=null)
{
if (LOG.isDebugEnabled())
{
LOG.debug("{} failed {}",this,failed);
}
notifyCallbackFailure(callback,failed);
}
else
{
if (LOG.isDebugEnabled())
{
LOG.debug("{} queued {}",this,entry);
}
flusher.iterate();
}
}
protected void notifyCallbackFailure(FrameCallback callback, Throwable failure)
{
try
{
if (callback != null)
{
callback.fail(failure);
}
}
catch (Throwable x)
{
if (LOG.isDebugEnabled())
LOG.debug("Exception while notifying failure of callback " + callback,x);
}
}
protected void notifyCallbackSuccess(FrameCallback callback)
{
try
{
if (callback != null)
{
callback.succeed();
}
}
catch (Throwable x)
{
if (LOG.isDebugEnabled())
LOG.debug("Exception while notifying success of callback " + callback,x);
}
}
protected void onFailure(Throwable x)
{
LOG.warn(x);
}
@Override
public String toString()
{
ByteBuffer aggregate = flusher.aggregate;
return String.format("%s[queueSize=%d,aggregateSize=%d,failure=%s]",getClass().getSimpleName(),queue.size(),aggregate == null?0:aggregate.position(),
failure);
}
}

12
jetty-websocket/websocket-tests/src/main/java/org/eclipse/jetty/websocket/tests/LocalWebSocketConnection.java
View File

@ -31,7 +31,9 @@ import org.eclipse.jetty.websocket.api.FrameCallback;
import org.eclipse.jetty.websocket.api.SuspendToken;
import org.eclipse.jetty.websocket.api.WebSocketPolicy;
import org.eclipse.jetty.websocket.api.extensions.Frame;
import org.eclipse.jetty.websocket.common.CloseInfo;
import org.eclipse.jetty.websocket.common.LogicalConnection;
import org.eclipse.jetty.websocket.common.WebSocketSession;
import org.eclipse.jetty.websocket.common.scopes.WebSocketContainerScope;
import org.junit.rules.TestName;
@ -73,6 +75,11 @@ public class LocalWebSocketConnection implements LogicalConnection
return executor;
}
@Override
public void onLocalClose(CloseInfo close)
{
}
@Override
public void disconnect()
{
@ -148,6 +155,11 @@ public class LocalWebSocketConnection implements LogicalConnection
{
}
@Override
public void setSession(WebSocketSession session)
{
}
public void setPolicy(WebSocketPolicy policy)
{
this.policy = policy;

3
jetty-websocket/websocket-tests/src/test/java/org/eclipse/jetty/websocket/tests/client/ClientCloseHandshakeTest.java
View File

@ -48,6 +48,7 @@ import org.eclipse.jetty.websocket.tests.UntrustedWSServer;
import org.eclipse.jetty.websocket.tests.UntrustedWSSession;
import org.junit.After;
import org.junit.Before;
import org.junit.Ignore;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.TestName;
@ -337,6 +338,7 @@ public class ClientCloseHandshakeTest
* </pre>
*/
@Test
@Ignore("Needs review")
public void testClient_IdleTimeout() throws Exception
{
// Set client timeout
@ -474,6 +476,7 @@ public class ClientCloseHandshakeTest
* </pre>
*/
@Test
@Ignore("Needs review")
public void testWriteException() throws Exception
{
// Set client timeout

4
jetty-websocket/websocket-tests/src/test/java/org/eclipse/jetty/websocket/tests/client/ClientCloseTest.java
View File

@ -25,6 +25,7 @@ import static org.hamcrest.Matchers.nullValue;
import static org.junit.Assert.assertThat;
import java.io.IOException;
import java.net.SocketTimeoutException;
import java.net.URI;
import java.nio.ByteBuffer;
import java.nio.channels.SelectableChannel;
@ -49,7 +50,6 @@ import org.eclipse.jetty.util.thread.Scheduler;
import org.eclipse.jetty.websocket.api.BatchMode;
import org.eclipse.jetty.websocket.api.Session;
import org.eclipse.jetty.websocket.api.StatusCode;
import org.eclipse.jetty.websocket.api.WebSocketTimeoutException;
import org.eclipse.jetty.websocket.client.WebSocketClient;
import org.eclipse.jetty.websocket.common.OpCode;
import org.eclipse.jetty.websocket.common.WebSocketFrame;
@ -223,7 +223,7 @@ public class ClientCloseTest
// Verify timeout error
clientSocket.awaitErrorEvent("Client");
clientSocket.assertErrorEvent("Client", instanceOf(WebSocketTimeoutException.class), containsString("Idle Timeout"));
clientSocket.assertErrorEvent("Client", instanceOf(SocketTimeoutException.class), containsString("Timeout on Read"));
}
finally
{

4
jetty-websocket/websocket-tests/src/test/java/org/eclipse/jetty/websocket/tests/client/ClientDisconnectedTest.java
View File

@ -54,6 +54,7 @@ import org.eclipse.jetty.websocket.tests.SimpleServletServer;
import org.eclipse.jetty.websocket.tests.TrackingEndpoint;
import org.junit.After;
import org.junit.Before;
import org.junit.Ignore;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
@ -321,6 +322,7 @@ public class ClientDisconnectedTest
* @throws Exception on test failure
*/
@Test
@Ignore("Needs review")
public void messageDrop() throws Exception
{
ClientUpgradeRequest upgradeRequest = new ClientUpgradeRequest();
@ -362,6 +364,7 @@ public class ClientDisconnectedTest
* @throws Exception on test failure
*/
@Test
@Ignore("Needs review")
public void closeDrop() throws Exception
{
ClientUpgradeRequest upgradeRequest = new ClientUpgradeRequest();
@ -403,6 +406,7 @@ public class ClientDisconnectedTest
* @throws Exception on test failure
*/
@Test
@Ignore("Needs review")
public void closeNoReply() throws Exception
{
ClientUpgradeRequest upgradeRequest = new ClientUpgradeRequest();