From 17c593f9eab9cc1624c9e8bc571cc337fbf0347d Mon Sep 17 00:00:00 2001 From: Joakim Erdfelt Date: Fri, 30 Jun 2023 05:22:36 -0500 Subject: [PATCH 01/20] No progress during Gzip Request Inflation results in bogus error (#9997) * Issue #9990 - GzipHttpInputInterceptor doesn't decompress properly on some sized content. Signed-off-by: Joakim Erdfelt --- .../jetty/server/AsyncContentProducer.java | 19 -- .../server/AsyncContentProducerTest.java | 38 ---- .../server/BlockingContentProducerTest.java | 27 --- .../jetty/servlet/GzipHandlerInputTest.java | 178 ++++++++++++++++++ 4 files changed, 178 insertions(+), 84 deletions(-) create mode 100644 jetty-servlet/src/test/java/org/eclipse/jetty/servlet/GzipHandlerInputTest.java diff --git a/jetty-server/src/main/java/org/eclipse/jetty/server/AsyncContentProducer.java b/jetty-server/src/main/java/org/eclipse/jetty/server/AsyncContentProducer.java index 6cf2581e0fb..b3141c79941 100644 --- a/jetty-server/src/main/java/org/eclipse/jetty/server/AsyncContentProducer.java +++ b/jetty-server/src/main/java/org/eclipse/jetty/server/AsyncContentProducer.java @@ -427,7 +427,6 @@ class AsyncContentProducer implements ContentProducer { try { - int remainingBeforeInterception = _rawContent.remaining(); HttpInput.Content content = _interceptor.readFrom(_rawContent); if (content != null && content.isSpecial() && !_rawContent.isSpecial()) { @@ -444,24 +443,6 @@ class AsyncContentProducer implements ContentProducer if (LOG.isDebugEnabled()) LOG.debug("interceptor generated special content {}", this); } - else if (content != _rawContent && !_rawContent.isSpecial() && !_rawContent.isEmpty() && _rawContent.remaining() == remainingBeforeInterception) - { - IOException failure = new IOException("Interceptor " + _interceptor + " did not consume any of the " + _rawContent.remaining() + " remaining byte(s) of content"); - if (content != null) - content.failed(failure); - failCurrentContent(failure); - // Set the _error flag to mark the content as definitive, i.e.: - // do not try to produce new raw content to get a fresher error - // when the special content was caused by the interceptor not - // consuming the raw content. - _error = true; - Response response = _httpChannel.getResponse(); - if (response.isCommitted()) - _httpChannel.abort(failure); - if (LOG.isDebugEnabled()) - LOG.debug("interceptor did not consume content {}", this); - content = _transformedContent; - } if (LOG.isDebugEnabled()) LOG.debug("intercepted raw content {}", this); diff --git a/jetty-server/src/test/java/org/eclipse/jetty/server/AsyncContentProducerTest.java b/jetty-server/src/test/java/org/eclipse/jetty/server/AsyncContentProducerTest.java index 3b094c5fbb1..0ec726589c2 100644 --- a/jetty-server/src/test/java/org/eclipse/jetty/server/AsyncContentProducerTest.java +++ b/jetty-server/src/test/java/org/eclipse/jetty/server/AsyncContentProducerTest.java @@ -282,44 +282,6 @@ public class AsyncContentProducerTest assertThat(contentFailedCount.get(), is(1)); } - @Test - public void testAsyncContentProducerInterceptorDoesNotConsume() - { - AtomicInteger contentFailedCount = new AtomicInteger(); - AtomicInteger interceptorContentFailedCount = new AtomicInteger(); - ContentProducer contentProducer = new AsyncContentProducer(new ContentListHttpChannel(List.of(new HttpInput.Content(ByteBuffer.allocate(1)) - { - @Override - public void failed(Throwable x) - { - contentFailedCount.incrementAndGet(); - } - }), new HttpInput.EofContent())); - try (AutoLock lock = contentProducer.lock()) - { - contentProducer.setInterceptor(content -> new HttpInput.Content(ByteBuffer.allocate(1)) - { - @Override - public void failed(Throwable x) - { - interceptorContentFailedCount.incrementAndGet(); - } - }); - - assertThat(contentProducer.isReady(), is(true)); - - HttpInput.Content content1 = contentProducer.nextContent(); - assertThat(content1.isSpecial(), is(true)); - assertThat(content1.getError().getMessage(), endsWith("did not consume any of the 1 remaining byte(s) of content")); - - HttpInput.Content content2 = contentProducer.nextContent(); - assertThat(content2.isSpecial(), is(true)); - assertThat(content2.getError().getMessage(), endsWith("did not consume any of the 1 remaining byte(s) of content")); - } - assertThat(contentFailedCount.get(), is(1)); - assertThat(interceptorContentFailedCount.get(), is(1)); - } - @Test public void testAsyncContentProducerInterceptorDoesNotConsumeEmptyContent() { diff --git a/jetty-server/src/test/java/org/eclipse/jetty/server/BlockingContentProducerTest.java b/jetty-server/src/test/java/org/eclipse/jetty/server/BlockingContentProducerTest.java index 1623ffbf7ef..fc54dbcb282 100644 --- a/jetty-server/src/test/java/org/eclipse/jetty/server/BlockingContentProducerTest.java +++ b/jetty-server/src/test/java/org/eclipse/jetty/server/BlockingContentProducerTest.java @@ -279,33 +279,6 @@ public class BlockingContentProducerTest assertThat(contentFailedCount.get(), is(1)); } - @Test - public void testBlockingContentProducerInterceptorDoesNotConsume() - { - AtomicInteger contentFailedCount = new AtomicInteger(); - ContentProducer contentProducer = new BlockingContentProducer(new AsyncContentProducer(new StaticContentHttpChannel(new HttpInput.Content(ByteBuffer.allocate(1)) - { - @Override - public void failed(Throwable x) - { - contentFailedCount.incrementAndGet(); - } - }))); - try (AutoLock lock = contentProducer.lock()) - { - contentProducer.setInterceptor(content -> null); - - HttpInput.Content content1 = contentProducer.nextContent(); - assertThat(content1.isSpecial(), is(true)); - assertThat(content1.getError().getMessage(), endsWith("did not consume any of the 1 remaining byte(s) of content")); - - HttpInput.Content content2 = contentProducer.nextContent(); - assertThat(content2.isSpecial(), is(true)); - assertThat(content2.getError().getMessage(), endsWith("did not consume any of the 1 remaining byte(s) of content")); - } - assertThat(contentFailedCount.get(), is(1)); - } - @Test public void testBlockingContentProducerInterceptorDoesNotConsumeEmptyContent() { diff --git a/jetty-servlet/src/test/java/org/eclipse/jetty/servlet/GzipHandlerInputTest.java b/jetty-servlet/src/test/java/org/eclipse/jetty/servlet/GzipHandlerInputTest.java new file mode 100644 index 00000000000..662d6ffc89f --- /dev/null +++ b/jetty-servlet/src/test/java/org/eclipse/jetty/servlet/GzipHandlerInputTest.java @@ -0,0 +1,178 @@ +// +// ======================================================================== +// Copyright (c) 1995 Mort Bay Consulting Pty Ltd and others. +// +// This program and the accompanying materials are made available under the +// terms of the Eclipse Public License v. 2.0 which is available at +// https://www.eclipse.org/legal/epl-2.0, or the Apache License, Version 2.0 +// which is available at https://www.apache.org/licenses/LICENSE-2.0. +// +// SPDX-License-Identifier: EPL-2.0 OR Apache-2.0 +// ======================================================================== +// + +package org.eclipse.jetty.servlet; + +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.PrintWriter; +import java.net.URI; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collections; +import java.util.List; +import java.util.stream.Stream; +import java.util.zip.GZIPOutputStream; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.eclipse.jetty.client.HttpClient; +import org.eclipse.jetty.client.api.ContentResponse; +import org.eclipse.jetty.client.api.Request; +import org.eclipse.jetty.client.util.BytesRequestContent; +import org.eclipse.jetty.http.HttpHeader; +import org.eclipse.jetty.http.HttpMethod; +import org.eclipse.jetty.server.Server; +import org.eclipse.jetty.server.ServerConnector; +import org.eclipse.jetty.server.handler.gzip.GzipHandler; +import org.eclipse.jetty.util.component.LifeCycle; +import org.junit.jupiter.api.AfterEach; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.params.ParameterizedTest; +import org.junit.jupiter.params.provider.Arguments; +import org.junit.jupiter.params.provider.MethodSource; + +import static org.hamcrest.MatcherAssert.assertThat; +import static org.hamcrest.Matchers.containsString; +import static org.hamcrest.Matchers.is; + +/** + * Tests of GzipHandler behavior with gzip compressed Request content. + */ +public class GzipHandlerInputTest +{ + private Server server; + private HttpClient client; + + @BeforeEach + public void init() throws Exception + { + server = new Server(); + ServerConnector connector = new ServerConnector(server); + server.addConnector(connector); + + GzipHandler gzipHandler = new GzipHandler(); + gzipHandler.setInflateBufferSize(8192); // enable request inflation + + ServletContextHandler servletContextHandler = new ServletContextHandler(); + servletContextHandler.setContextPath("/"); + servletContextHandler.addServlet(ReadAllInputServlet.class, "/inflate"); + + gzipHandler.setHandler(servletContextHandler); + server.setHandler(gzipHandler); + server.start(); + + client = new HttpClient(); + client.start(); + } + + @AfterEach + public void stop() + { + LifeCycle.stop(server); + LifeCycle.stop(client); + } + + public static Stream transferScenarios() + { + int[] sizes = { + 0, 1, 8191, 8192, 8193, 8194, 8195, 8226, 8227, 8260, 8261, 8262, 8263, 8264, + 8192, 8193, 8194, 8195, 8226, 8227, 8228, 8259, 8260, 8261, 8262, 8263, 8515, + 8516, 8517, 8518, 8773, 8774, 8775, 9216 + }; + List scenarios = new ArrayList<>(); + // Scenarios 1: use Content-Length on request + for (int size : sizes) + { + scenarios.add(Arguments.of(size, true)); + } + // Scenarios 2: use Transfer-Encoding: chunked on request + for (int size : sizes) + { + scenarios.add(Arguments.of(size, false)); + } + return scenarios.stream(); + } + + @ParameterizedTest + @MethodSource("transferScenarios") + public void testReadGzippedInput(int testLength, boolean sendContentLength) throws Exception + { + byte[] rawBuf = new byte[testLength]; + Arrays.fill(rawBuf, (byte)'x'); + + byte[] gzipBuf; + try (ByteArrayOutputStream baos = new ByteArrayOutputStream(); + GZIPOutputStream gzipOut = new GZIPOutputStream(baos)) + { + gzipOut.write(rawBuf, 0, rawBuf.length); + gzipOut.flush(); + gzipOut.finish(); + gzipBuf = baos.toByteArray(); + } + + URI destURI = server.getURI().resolve("/inflate"); + BytesRequestContent bytesRequestContent = new BytesRequestContent(gzipBuf, new byte[0]) + { + @Override + public long getLength() + { + if (sendContentLength) + return super.getLength(); + return -1; // we want chunked transfer-encoding + } + }; + Request request = client.newRequest(destURI) + .method(HttpMethod.POST) + .headers((headers) -> headers.put(HttpHeader.CONTENT_ENCODING, "gzip")) + .body(bytesRequestContent); + ContentResponse response = request.send(); + + assertThat(response.getStatus(), is(200)); + String responseBody = response.getContentAsString(); + if (sendContentLength) + assertThat(responseBody, containsString(String.format("[X-Content-Length]: %d", gzipBuf.length))); + else + assertThat(responseBody, containsString("[Transfer-Encoding]: chunked")); + + assertThat(responseBody, containsString("[X-Content-Encoding]: gzip")); + assertThat(responseBody, containsString(String.format("Read %d bytes", rawBuf.length))); + } + + public static class ReadAllInputServlet extends HttpServlet + { + @Override + protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException + { + InputStream input = req.getInputStream(); + byte[] buf = input.readAllBytes(); + resp.setCharacterEncoding("utf-8"); + resp.setContentType("text/plain"); + + PrintWriter out = resp.getWriter(); + // dump header names & values + List headerNames = Collections.list(req.getHeaderNames()); + Collections.sort(headerNames); + for (String headerName : headerNames) + { + List headerValues = Collections.list(req.getHeaders(headerName)); + out.printf("header [%s]: %s%n", headerName, String.join(", ", headerValues)); + } + // dump number of bytes read + out.printf("Read %d bytes%n", buf.length); + } + } +} From 38244044f7c3e54b42db4b31c542bdceed6a1c02 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 1 Jul 2023 00:08:04 +0000 Subject: [PATCH 02/20] Bump maven.resolver.version from 1.9.10 to 1.9.13 Bumps `maven.resolver.version` from 1.9.10 to 1.9.13. Updates `maven-resolver-api` from 1.9.10 to 1.9.13 - [Release notes](https://github.com/apache/maven-resolver/releases) - [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.10...maven-resolver-1.9.13) Updates `maven-resolver-util` from 1.9.10 to 1.9.13 - [Release notes](https://github.com/apache/maven-resolver/releases) - [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.10...maven-resolver-1.9.13) Updates `maven-resolver-spi` from 1.9.10 to 1.9.13 - [Release notes](https://github.com/apache/maven-resolver/releases) - [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.10...maven-resolver-1.9.13) Updates `maven-resolver-impl` from 1.9.10 to 1.9.13 - [Release notes](https://github.com/apache/maven-resolver/releases) - [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.10...maven-resolver-1.9.13) Updates `maven-resolver-connector-basic` from 1.9.10 to 1.9.13 - [Release notes](https://github.com/apache/maven-resolver/releases) - [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.10...maven-resolver-1.9.13) Updates `maven-resolver-transport-file` from 1.9.10 to 1.9.13 - [Release notes](https://github.com/apache/maven-resolver/releases) - [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.10...maven-resolver-1.9.13) Updates `maven-resolver-transport-http` from 1.9.10 to 1.9.13 - [Release notes](https://github.com/apache/maven-resolver/releases) - [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.10...maven-resolver-1.9.13) --- updated-dependencies: - dependency-name: org.apache.maven.resolver:maven-resolver-api dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.apache.maven.resolver:maven-resolver-util dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.apache.maven.resolver:maven-resolver-spi dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.apache.maven.resolver:maven-resolver-impl dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.apache.maven.resolver:maven-resolver-connector-basic dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.apache.maven.resolver:maven-resolver-transport-file dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.apache.maven.resolver:maven-resolver-transport-http dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 4e25d8254b9..84522f222f4 100644 --- a/pom.xml +++ b/pom.xml @@ -105,7 +105,7 @@ 1.3.7 3.0.8 10.3.6 - 1.9.10 + 1.9.13 3.9.0 3.12.11 0.9.1 From f513fca922645f256a3f5a7272459f331b85a3f3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 5 Jul 2023 21:36:27 +0000 Subject: [PATCH 03/20] Bump maven-release-plugin from 3.0.0 to 3.0.1 Bumps [maven-release-plugin](https://github.com/apache/maven-release) from 3.0.0 to 3.0.1. - [Release notes](https://github.com/apache/maven-release/releases) - [Commits](https://github.com/apache/maven-release/compare/maven-release-3.0.0...maven-release-3.0.1) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-release-plugin dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 84522f222f4..b2887c9ca49 100644 --- a/pom.xml +++ b/pom.xml @@ -154,7 +154,7 @@ 3.5.0 3.9.0 3.9.0 - 3.0.0 + 3.0.1 3.1.0 3.3.1 3.4.1 From fd461125e069666cf365fe08aebfb3fbaa6fdbdc Mon Sep 17 00:00:00 2001 From: Jan Bartel Date: Wed, 5 Jul 2023 23:48:48 +0200 Subject: [PATCH 04/20] Issue #8556 Allow getSessionTimeout to be called when not starting (#10062) --- .../jetty/servlet/ServletContextHandler.java | 2 -- .../servlet/ServletContextHandlerTest.java | 26 +++++++++++++++++++ 2 files changed, 26 insertions(+), 2 deletions(-) diff --git a/jetty-servlet/src/main/java/org/eclipse/jetty/servlet/ServletContextHandler.java b/jetty-servlet/src/main/java/org/eclipse/jetty/servlet/ServletContextHandler.java index 5cde6f1c35a..5b046894c07 100644 --- a/jetty-servlet/src/main/java/org/eclipse/jetty/servlet/ServletContextHandler.java +++ b/jetty-servlet/src/main/java/org/eclipse/jetty/servlet/ServletContextHandler.java @@ -1423,8 +1423,6 @@ public class ServletContextHandler extends ContextHandler @Override public int getSessionTimeout() { - if (!isStarting()) - throw new IllegalStateException(); if (!_enabled) throw new UnsupportedOperationException(); diff --git a/jetty-servlet/src/test/java/org/eclipse/jetty/servlet/ServletContextHandlerTest.java b/jetty-servlet/src/test/java/org/eclipse/jetty/servlet/ServletContextHandlerTest.java index c51c6bc6801..c2893e2236e 100644 --- a/jetty-servlet/src/test/java/org/eclipse/jetty/servlet/ServletContextHandlerTest.java +++ b/jetty-servlet/src/test/java/org/eclipse/jetty/servlet/ServletContextHandlerTest.java @@ -767,6 +767,7 @@ public class ServletContextHandlerTest Integer timeout = Integer.valueOf(100); ServletContextHandler root = new ServletContextHandler(contexts, "/", ServletContextHandler.SESSIONS); root.getSessionHandler().setMaxInactiveInterval((int)TimeUnit.MINUTES.toSeconds(startMin)); + root.addServlet(new ServletHolder(TestSessionTimeoutServlet.class), "/"); root.addBean(new MySCIStarter(root.getServletContext(), new MySCI(true, timeout.intValue())), true); _server.start(); @@ -781,6 +782,17 @@ public class ServletContextHandlerTest assertTrue((Boolean)root.getServletContext().getAttribute("MyContextListener.getSessionTimeout")); //test can't set session timeout from ContextListener that is not from annotation or web.xml assertTrue((Boolean)root.getServletContext().getAttribute("MyContextListener.setSessionTimeout")); + + //test accessing timeout from a servlet + StringBuilder rawRequest = new StringBuilder(); + rawRequest.append("GET / HTTP/1.1\r\n"); + rawRequest.append("Host: local\r\n"); + rawRequest.append("Connection: close\r\n"); + rawRequest.append("\r\n"); + String rawResponse = _connector.getResponse(rawRequest.toString()); + HttpTester.Response response = HttpTester.parseResponse(rawResponse); + assertEquals(200, response.getStatus(), "response status"); + assertEquals("SessionTimeout = " + timeout, response.getContent(), "response content"); } @Test @@ -2066,6 +2078,20 @@ public class ServletContextHandlerTest } } + public static class TestSessionTimeoutServlet extends HttpServlet + { + private static final long serialVersionUID = 1L; + + protected void doGet(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException + { + int t = req.getServletContext().getSessionTimeout(); + resp.setStatus(HttpServletResponse.SC_OK); + PrintWriter writer = resp.getWriter(); + writer.write("SessionTimeout = " + t); + } + } + public static class TestServlet extends HttpServlet { private static final long serialVersionUID = 1L; From 417f1f557aa74f6e0dcf014eac4c67ce58482005 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 5 Jul 2023 22:06:32 +0000 Subject: [PATCH 05/20] Bump maven.surefire.plugin.version from 3.1.0 to 3.1.2 Bumps `maven.surefire.plugin.version` from 3.1.0 to 3.1.2. Updates `maven-failsafe-plugin` from 3.1.0 to 3.1.2 - [Release notes](https://github.com/apache/maven-surefire/releases) - [Commits](https://github.com/apache/maven-surefire/compare/surefire-3.1.0...surefire-3.1.2) Updates `maven-surefire-plugin` from 3.1.0 to 3.1.2 - [Release notes](https://github.com/apache/maven-surefire/releases) - [Commits](https://github.com/apache/maven-surefire/compare/surefire-3.1.0...surefire-3.1.2) Updates `surefire-junit47` from 3.1.0 to 3.1.2 --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-failsafe-plugin dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.apache.maven.plugins:maven-surefire-plugin dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.apache.maven.surefire:surefire-junit47 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- build-resources/pom.xml | 2 +- pom.xml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/build-resources/pom.xml b/build-resources/pom.xml index 48e0ccdffc6..5c96418eee7 100644 --- a/build-resources/pom.xml +++ b/build-resources/pom.xml @@ -17,7 +17,7 @@ 3.0.0-M2 3.4.0 3.1.0 - 3.1.0 + 3.1.2 true true diff --git a/pom.xml b/pom.xml index 84522f222f4..0692d2a0a9b 100644 --- a/pom.xml +++ b/pom.xml @@ -158,7 +158,7 @@ 3.1.0 3.3.1 3.4.1 - 3.1.0 + 3.1.2 3.3.0 3.3.2 4.7.2.0 From de29c9cd5ad457d8150bb1e23244b065d8148014 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 6 Jul 2023 07:51:12 +0000 Subject: [PATCH 06/20] Bump maven-invoker-plugin from 3.5.1 to 3.6.0 Bumps [maven-invoker-plugin](https://github.com/apache/maven-invoker-plugin) from 3.5.1 to 3.6.0. - [Release notes](https://github.com/apache/maven-invoker-plugin/releases) - [Commits](https://github.com/apache/maven-invoker-plugin/compare/maven-invoker-plugin-3.5.1...maven-invoker-plugin-3.6.0) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-invoker-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 0692d2a0a9b..45ea3b43b4f 100644 --- a/pom.xml +++ b/pom.xml @@ -148,7 +148,7 @@ 3.1.0 3.1.0 3.1.1 - 3.5.1 + 3.6.0 4.0.6 3.3.0 3.5.0 From 0ea20df93cf855356bbad8d927f95d5f7b1b8f55 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 6 Jul 2023 07:51:20 +0000 Subject: [PATCH 07/20] Bump commons-codec from 1.15 to 1.16.0 Bumps [commons-codec](https://github.com/apache/commons-codec) from 1.15 to 1.16.0. - [Changelog](https://github.com/apache/commons-codec/blob/master/RELEASE-NOTES.txt) - [Commits](https://github.com/apache/commons-codec/compare/rel/commons-codec-1.15...rel/commons-codec-1.16.0) --- updated-dependencies: - dependency-name: commons-codec:commons-codec dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 0692d2a0a9b..1fbfb17c1ca 100644 --- a/pom.xml +++ b/pom.xml @@ -36,7 +36,7 @@ 6.3.1 1.5 10.3.4 - 1.15 + 1.16.0 1.23.0 2.12.0 3.12.0 From 40dba5392fece078c774207d144d8d89d8e9a8f4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 6 Jul 2023 07:51:20 +0000 Subject: [PATCH 08/20] Bump wildfly-elytron from 2.2.0.Final to 2.2.1.Final Bumps [wildfly-elytron](https://github.com/wildfly-security/wildfly-elytron) from 2.2.0.Final to 2.2.1.Final. - [Commits](https://github.com/wildfly-security/wildfly-elytron/compare/2.2.0.Final...2.2.1.Final) --- updated-dependencies: - dependency-name: org.wildfly.security:wildfly-elytron dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 0692d2a0a9b..f75651a561b 100644 --- a/pom.xml +++ b/pom.xml @@ -123,7 +123,7 @@ 1.18.3 3.1.9.Final 1.6.0.Final - 2.2.0.Final + 2.2.1.Final 2.4.7 From f4a1dedbc2a2a67a043e9f63020517efb73777b8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 6 Jul 2023 07:51:24 +0000 Subject: [PATCH 09/20] Bump maven-clean-plugin from 3.2.0 to 3.3.1 Bumps [maven-clean-plugin](https://github.com/apache/maven-clean-plugin) from 3.2.0 to 3.3.1. - [Release notes](https://github.com/apache/maven-clean-plugin/releases) - [Commits](https://github.com/apache/maven-clean-plugin/compare/maven-clean-plugin-3.2.0...maven-clean-plugin-3.3.1) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-clean-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 0692d2a0a9b..60e74029400 100644 --- a/pom.xml +++ b/pom.xml @@ -139,7 +139,7 @@ 3.1.0 3.6.0 5.1.9 - 3.2.0 + 3.3.1 3.3.0 3.11.0 3.6.0 From 826eac4c19bca0881919a270df854ef2761d468c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 6 Jul 2023 07:51:25 +0000 Subject: [PATCH 10/20] Bump mina-core from 2.2.1 to 2.2.2 Bumps [mina-core](https://github.com/apache/mina) from 2.2.1 to 2.2.2. - [Commits](https://github.com/apache/mina/compare/2.2.1...2.2.2) --- updated-dependencies: - dependency-name: org.apache.mina:mina-core dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 0692d2a0a9b..fb638924716 100644 --- a/pom.xml +++ b/pom.xml @@ -30,7 +30,7 @@ 4.4.16 2.2.8 2.5.6 - 2.2.1 + 2.2.2 9.5 4.2.0 6.3.1 From ccc1019e4fadd50455b782dcb59144bd64604c70 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 6 Jul 2023 07:51:27 +0000 Subject: [PATCH 11/20] Bump logback-core from 1.3.7 to 1.3.8 Bumps [logback-core](https://github.com/qos-ch/logback) from 1.3.7 to 1.3.8. - [Commits](https://github.com/qos-ch/logback/compare/v_1.3.7...v_1.3.8) --- updated-dependencies: - dependency-name: ch.qos.logback:logback-core dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 0692d2a0a9b..3d52140adc5 100644 --- a/pom.xml +++ b/pom.xml @@ -102,7 +102,7 @@ 5.9.1 2.0.3 2.20.0 - 1.3.7 + 1.3.8 3.0.8 10.3.6 1.9.13 From b607e4029ff0b458d4ae230ccc1295037e206f7d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 6 Jul 2023 07:51:27 +0000 Subject: [PATCH 12/20] Bump maven-shade-plugin from 3.4.1 to 3.5.0 Bumps [maven-shade-plugin](https://github.com/apache/maven-shade-plugin) from 3.4.1 to 3.5.0. - [Release notes](https://github.com/apache/maven-shade-plugin/releases) - [Commits](https://github.com/apache/maven-shade-plugin/compare/maven-shade-plugin-3.4.1...maven-shade-plugin-3.5.0) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-shade-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 0692d2a0a9b..b880f1882a2 100644 --- a/pom.xml +++ b/pom.xml @@ -157,7 +157,7 @@ 3.0.0 3.1.0 3.3.1 - 3.4.1 + 3.5.0 3.1.2 3.3.0 3.3.2 From dcc294df69f2b0c93be7dc5c81f883f5069c2961 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 6 Jul 2023 07:51:29 +0000 Subject: [PATCH 13/20] Bump asciidoctorj-diagram from 2.2.8 to 2.2.9 Bumps [asciidoctorj-diagram](https://github.com/asciidoctor/asciidoctorj-diagram) from 2.2.8 to 2.2.9. - [Release notes](https://github.com/asciidoctor/asciidoctorj-diagram/releases) - [Commits](https://github.com/asciidoctor/asciidoctorj-diagram/compare/v2.2.8...v2.2.9) --- updated-dependencies: - dependency-name: org.asciidoctor:asciidoctorj-diagram dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 0692d2a0a9b..adaa1e4a368 100644 --- a/pom.xml +++ b/pom.xml @@ -28,7 +28,7 @@ 1.11.1 4.5.14 4.4.16 - 2.2.8 + 2.2.9 2.5.6 2.2.1 9.5 From c4c3e340b7cd63bf0cbca7eb0033b66e77bf5253 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 6 Jul 2023 07:51:32 +0000 Subject: [PATCH 14/20] Bump org.eclipse.osgi from 3.18.300 to 3.18.400 Bumps [org.eclipse.osgi](https://github.com/eclipse-equinox/equinox) from 3.18.300 to 3.18.400. - [Commits](https://github.com/eclipse-equinox/equinox/commits) --- updated-dependencies: - dependency-name: org.eclipse.platform:org.eclipse.osgi dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- jetty-osgi/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jetty-osgi/pom.xml b/jetty-osgi/pom.xml index 6c0f61f7f98..3bb2c732cf1 100644 --- a/jetty-osgi/pom.xml +++ b/jetty-osgi/pom.xml @@ -12,7 +12,7 @@ pom - 3.18.300 + 3.18.400 3.11.100 1.6.1 1.5.0 From 9d9ab46b684a8a9371a9cdd4da6b1b82718d8ab3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 6 Jul 2023 07:51:33 +0000 Subject: [PATCH 15/20] Bump maven-war-plugin from 3.3.2 to 3.4.0 Bumps [maven-war-plugin](https://github.com/apache/maven-war-plugin) from 3.3.2 to 3.4.0. - [Commits](https://github.com/apache/maven-war-plugin/compare/maven-war-plugin-3.3.2...maven-war-plugin-3.4.0) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-war-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 0692d2a0a9b..fdc72c36f71 100644 --- a/pom.xml +++ b/pom.xml @@ -160,7 +160,7 @@ 3.4.1 3.1.2 3.3.0 - 3.3.2 + 3.4.0 4.7.2.0 2.12.0 From 2d2a0c9fb331946a86eedf3656977b9d4b7ff41f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 6 Jul 2023 07:51:35 +0000 Subject: [PATCH 16/20] Bump commons-io from 2.12.0 to 2.13.0 Bumps commons-io from 2.12.0 to 2.13.0. --- updated-dependencies: - dependency-name: commons-io:commons-io dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 0692d2a0a9b..fb46caceea7 100644 --- a/pom.xml +++ b/pom.xml @@ -38,7 +38,7 @@ 10.3.4 1.15 1.23.0 - 2.12.0 + 2.13.0 3.12.0 2.5.2 3.4.2 From 22ce6275ca84e67e16067f3c14ee9e2f874f7fbb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 6 Jul 2023 07:51:41 +0000 Subject: [PATCH 17/20] Bump jboss-logging from 3.5.0.Final to 3.5.3.Final Bumps [jboss-logging](https://github.com/jboss-logging/jboss-logging) from 3.5.0.Final to 3.5.3.Final. - [Release notes](https://github.com/jboss-logging/jboss-logging/releases) - [Commits](https://github.com/jboss-logging/jboss-logging/compare/3.5.0.Final...3.5.3.Final) --- updated-dependencies: - dependency-name: org.jboss.logging:jboss-logging dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 0692d2a0a9b..95579c7d6cb 100644 --- a/pom.xml +++ b/pom.xml @@ -79,7 +79,7 @@ 1.2.5 2.2.1.Final 2.2.1.Final - 3.5.0.Final + 3.5.3.Final 2.1.19.Final 3.5.0.Final 1.1 From c8599255444bd1fa057177a09e0cdd623c5c02a8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 6 Jul 2023 07:51:47 +0000 Subject: [PATCH 18/20] Bump plexus-xml from 4.0.0 to 4.0.2 Bumps [plexus-xml](https://github.com/codehaus-plexus/plexus-xml) from 4.0.0 to 4.0.2. - [Release notes](https://github.com/codehaus-plexus/plexus-xml/releases) - [Commits](https://github.com/codehaus-plexus/plexus-xml/compare/plexus-xml-4.0.0...plexus-xml-4.0.2) --- updated-dependencies: - dependency-name: org.codehaus.plexus:plexus-xml dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 0692d2a0a9b..678052a74e2 100644 --- a/pom.xml +++ b/pom.xml @@ -115,7 +115,7 @@ 1.2.0 2.1.1 4.0.0 - 4.0.0 + 4.0.2 2.0.5 2.1.1.RELEASE 1.2.5 From eaace6d18ea0fbca787d3736506b9f9950cba5e9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 6 Jul 2023 07:51:59 +0000 Subject: [PATCH 19/20] Bump tycho-p2-repository-plugin from 3.0.4 to 4.0.0 Bumps [tycho-p2-repository-plugin](https://github.com/eclipse-tycho/tycho) from 3.0.4 to 4.0.0. - [Release notes](https://github.com/eclipse-tycho/tycho/releases) - [Changelog](https://github.com/eclipse-tycho/tycho/blob/master/RELEASE_NOTES.md) - [Commits](https://github.com/eclipse-tycho/tycho/compare/tycho-3.0.4...tycho-4.0.0) --- updated-dependencies: - dependency-name: org.eclipse.tycho:tycho-p2-repository-plugin dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- jetty-p2/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jetty-p2/pom.xml b/jetty-p2/pom.xml index 509b2bdf7aa..ee8f7a22fbb 100644 --- a/jetty-p2/pom.xml +++ b/jetty-p2/pom.xml @@ -12,7 +12,7 @@ Generates a (maven based) P2 Updatesite pom - 3.0.4 + 4.0.0 From 9a05c75ad28ebad4abbe624fa432664c59763747 Mon Sep 17 00:00:00 2001 From: Joakim Erdfelt Date: Thu, 6 Jul 2023 16:32:49 -0500 Subject: [PATCH 20/20] Issue #10066 - Allow customization of `SAXParserFactory` and `SAXParser` in `XmlParser` (#10067) * Allow customization of SAXParserFactory / SAXParser in XmlParser * Introduce method `.getSAXParser()` --------- Signed-off-by: Joakim Erdfelt Co-authored-by: Greg Wilkins --- .../java/org/eclipse/jetty/xml/XmlParser.java | 14 ++++++-- .../org/eclipse/jetty/xml/XmlParserTest.java | 35 +++++++++++++++++++ 2 files changed, 47 insertions(+), 2 deletions(-) diff --git a/jetty-xml/src/main/java/org/eclipse/jetty/xml/XmlParser.java b/jetty-xml/src/main/java/org/eclipse/jetty/xml/XmlParser.java index 33c142481ec..ea8a3a4485a 100644 --- a/jetty-xml/src/main/java/org/eclipse/jetty/xml/XmlParser.java +++ b/jetty-xml/src/main/java/org/eclipse/jetty/xml/XmlParser.java @@ -66,7 +66,7 @@ public class XmlParser */ public XmlParser() { - SAXParserFactory factory = SAXParserFactory.newInstance(); + SAXParserFactory factory = newSAXParserFactory(); boolean validatingDefault = factory.getClass().toString().contains("org.apache.xerces."); String validatingProp = System.getProperty("org.eclipse.jetty.xml.XmlParser.Validating", validatingDefault ? "true" : "false"); boolean validating = Boolean.valueOf(validatingProp).booleanValue(); @@ -83,11 +83,16 @@ public class XmlParser return _lock.lock(); } + protected SAXParserFactory newSAXParserFactory() + { + return SAXParserFactory.newInstance(); + } + public void setValidating(boolean validating) { try { - SAXParserFactory factory = SAXParserFactory.newInstance(); + SAXParserFactory factory = newSAXParserFactory(); factory.setValidating(validating); _parser = factory.newSAXParser(); @@ -129,6 +134,11 @@ public class XmlParser return _parser.isValidating(); } + public SAXParser getSAXParser() + { + return _parser; + } + public void redirectEntity(String name, URL entity) { if (entity != null) diff --git a/jetty-xml/src/test/java/org/eclipse/jetty/xml/XmlParserTest.java b/jetty-xml/src/test/java/org/eclipse/jetty/xml/XmlParserTest.java index 764bd522441..00ae93a1e31 100644 --- a/jetty-xml/src/test/java/org/eclipse/jetty/xml/XmlParserTest.java +++ b/jetty-xml/src/test/java/org/eclipse/jetty/xml/XmlParserTest.java @@ -14,10 +14,17 @@ package org.eclipse.jetty.xml; import java.net.URL; +import javax.xml.parsers.SAXParser; +import javax.xml.parsers.SAXParserFactory; import org.junit.jupiter.api.Test; +import org.xml.sax.SAXException; +import org.xml.sax.XMLReader; +import static org.junit.jupiter.api.Assertions.assertFalse; +import static org.junit.jupiter.api.Assertions.assertNotNull; import static org.junit.jupiter.api.Assertions.assertTrue; +import static org.junit.jupiter.api.Assumptions.assumeTrue; public class XmlParserTest { @@ -38,4 +45,32 @@ public class XmlParserTest assertTrue(testDocStr.startsWith("")); } + + /** + * Customize SAXParserFactory behavior. + */ + @Test + public void testNewSAXParserFactory() throws SAXException + { + XmlParser xmlParser = new XmlParser() + { + @Override + protected SAXParserFactory newSAXParserFactory() + { + SAXParserFactory saxParserFactory = super.newSAXParserFactory(); + // Configure at factory level + saxParserFactory.setXIncludeAware(false); + return saxParserFactory; + } + }; + + SAXParser saxParser = xmlParser.getSAXParser(); + assertNotNull(saxParser); + + XMLReader xmlReader = saxParser.getXMLReader(); + // Only run testcase if Xerces is being used. + assumeTrue(xmlReader.getClass().getName().contains("org.apache.xerces.")); + // look to see it was set at XMLReader level + assertFalse(xmlReader.getFeature("http://apache.org/xml/features/xinclude")); + } }