Merge remote-tracking branch 'origin/jetty-10.0.x' into jetty-10.0.x

Signed-off-by: Greg Wilkins <gregw@webtide.com>

jetty-alpn/jetty-alpn-conscrypt-client/src/main/java/org/eclipse/jetty/alpn/conscrypt/client/ConscryptClientALPNProcessor.java

@@ -18,12 +18,10 @@
 
 package org.eclipse.jetty.alpn.conscrypt.client;
 
-import java.lang.reflect.Method;
-import java.nio.charset.StandardCharsets;
 import java.security.Security;
-
 import javax.net.ssl.SSLEngine;
 
+import org.conscrypt.Conscrypt;
 import org.conscrypt.OpenSSLProvider;
 import org.eclipse.jetty.alpn.client.ALPNClientConnection;
 import org.eclipse.jetty.io.Connection;
@@ -59,11 +57,9 @@ public class ConscryptClientALPNProcessor implements ALPNProcessor.Client
     {
         try
         {
-            Method setAlpnProtocols = sslEngine.getClass().getDeclaredMethod("setApplicationProtocols", String[].class);
-            setAlpnProtocols.setAccessible(true);
             ALPNClientConnection alpn = (ALPNClientConnection)connection;
             String[] protocols = alpn.getProtocols().toArray(new String[0]);
-            setAlpnProtocols.invoke(sslEngine, (Object)protocols);
+            Conscrypt.setApplicationProtocols(sslEngine, protocols);
             ((SslConnection.DecryptedEndPoint)connection.getEndPoint()).getSslConnection()
                     .addHandshakeListener(new ALPNListener(alpn));
         }
@@ -92,9 +88,9 @@ public class ConscryptClientALPNProcessor implements ALPNProcessor.Client
             try
             {
                 SSLEngine sslEngine = alpnConnection.getSSLEngine();
-                Method method = sslEngine.getClass().getDeclaredMethod("getApplicationProtocol");
+                String protocol = Conscrypt.getApplicationProtocol(sslEngine);
-                method.setAccessible(true);
+                if (LOG.isDebugEnabled())
-                String protocol = (String)method.invoke(sslEngine);
+                    LOG.debug("Selected {} for {}", protocol, alpnConnection);
                 alpnConnection.selected(protocol);
             }
             catch (Throwable e)

jetty-alpn/jetty-alpn-conscrypt-server/pom.xml

@@ -38,6 +38,31 @@
       <version>${project.version}</version>
       <scope>test</scope>
     </dependency>
+    <dependency>
+      <groupId>org.eclipse.jetty</groupId>
+      <artifactId>jetty-alpn-conscrypt-client</artifactId>
+      <version>${project.version}</version>
+      <scope>test</scope>
+    </dependency>
+    <dependency>
+      <groupId>org.eclipse.jetty</groupId>
+      <artifactId>jetty-client</artifactId>
+      <version>${project.version}</version>
+      <scope>test</scope>
+    </dependency>
+    <dependency>
+      <groupId>org.eclipse.jetty.http2</groupId>
+      <artifactId>http2-client</artifactId>
+      <version>${project.version}</version>
+      <scope>test</scope>
+    </dependency>
+    <dependency>
+      <groupId>org.eclipse.jetty.http2</groupId>
+      <artifactId>http2-http-client-transport</artifactId>
+      <version>${project.version}</version>
+      <scope>test</scope>
+    </dependency>
+
   </dependencies>
   <build>
     <plugins>
@@ -55,6 +80,15 @@
              </instructions>
            </configuration>
       </plugin>
+      <plugin>
+        <artifactId>maven-surefire-plugin</artifactId>
+        <configuration>
+          <argLine>
+            @{argLine} ${jetty.surefire.argLine}
+            --add-reads org.eclipse.jetty.alpn.conscrypt.server=org.eclipse.jetty.server
+          </argLine>
+        </configuration>
+      </plugin>
     </plugins>
   </build>
 </project>

jetty-alpn/jetty-alpn-conscrypt-server/src/main/java/org/eclipse/jetty/alpn/conscrypt/server/ConscryptServerALPNProcessor.java

@@ -18,13 +18,13 @@
 
 package org.eclipse.jetty.alpn.conscrypt.server;
 
-import java.lang.reflect.Method;
 import java.security.Security;
 import java.util.List;
-import java.util.function.BiFunction;
-
 import javax.net.ssl.SSLEngine;
+import javax.net.ssl.SSLSocket;
 
+import org.conscrypt.ApplicationProtocolSelector;
+import org.conscrypt.Conscrypt;
 import org.conscrypt.OpenSSLProvider;
 import org.eclipse.jetty.alpn.server.ALPNServerConnection;
 import org.eclipse.jetty.io.Connection;
@@ -60,9 +60,7 @@ public class ConscryptServerALPNProcessor implements ALPNProcessor.Server
     {
         try
         {
-            Method method = sslEngine.getClass().getMethod("setHandshakeApplicationProtocolSelector", BiFunction.class);
+            Conscrypt.setApplicationProtocolSelector(sslEngine, new ALPNCallback((ALPNServerConnection)connection));
-            method.setAccessible(true);
-            method.invoke(sslEngine,new ALPNCallback((ALPNServerConnection)connection));
         }
         catch (RuntimeException x)
         {
@@ -74,10 +72,11 @@ public class ConscryptServerALPNProcessor implements ALPNProcessor.Server
         }
     }
 
-    private final class ALPNCallback implements BiFunction<SSLEngine,List<String>,String>, SslHandshakeListener
+    private final class ALPNCallback extends ApplicationProtocolSelector implements SslHandshakeListener
     {
         private final ALPNServerConnection alpnConnection;
 
+
         private ALPNCallback(ALPNServerConnection connection)
         {
             alpnConnection = connection;
@@ -85,12 +84,19 @@ public class ConscryptServerALPNProcessor implements ALPNProcessor.Server
         }
 
         @Override
-        public String apply(SSLEngine engine, List<String> protocols)
+        public String selectApplicationProtocol(SSLEngine engine, List<String> protocols)
         {
-            if (LOG.isDebugEnabled())
-                LOG.debug("apply {} {}", alpnConnection, protocols);
             alpnConnection.select(protocols);
-            return alpnConnection.getProtocol();
+            String protocol = alpnConnection.getProtocol();
+            if (LOG.isDebugEnabled())
+                LOG.debug("Selected {} among {} for {}", protocol, protocols, alpnConnection);
+            return protocol;
+        }
+
+        @Override
+        public String selectApplicationProtocol(SSLSocket socket, List<String> protocols)
+        {
+            throw new UnsupportedOperationException();
         }
 
         @Override

jetty-alpn/jetty-alpn-conscrypt-server/src/test/java/org/eclipse/jetty/alpn/conscrypt/server/ConscryptHTTP2Server.java

@@ -1,72 +0,0 @@
-//
-//  ========================================================================
-//  Copyright (c) 1995-2019 Mort Bay Consulting Pty. Ltd.
-//  ------------------------------------------------------------------------
-//  All rights reserved. This program and the accompanying materials
-//  are made available under the terms of the Eclipse Public License v1.0
-//  and Apache License v2.0 which accompanies this distribution.
-//
-//      The Eclipse Public License is available at
-//      http://www.eclipse.org/legal/epl-v10.html
-//
-//      The Apache License v2.0 is available at
-//      http://www.opensource.org/licenses/apache2.0.php
-//
-//  You may elect to redistribute this code under either of these licenses.
-//  ========================================================================
-//
-
-package org.eclipse.jetty.alpn.conscrypt.server;
-
-import java.security.Security;
-
-import org.conscrypt.OpenSSLProvider;
-import org.eclipse.jetty.alpn.server.ALPNServerConnectionFactory;
-import org.eclipse.jetty.http2.HTTP2Cipher;
-import org.eclipse.jetty.http2.server.HTTP2ServerConnectionFactory;
-import org.eclipse.jetty.server.HttpConfiguration;
-import org.eclipse.jetty.server.HttpConnectionFactory;
-import org.eclipse.jetty.server.SecureRequestCustomizer;
-import org.eclipse.jetty.server.Server;
-import org.eclipse.jetty.server.ServerConnector;
-import org.eclipse.jetty.server.SslConnectionFactory;
-import org.eclipse.jetty.util.ssl.SslContextFactory;
-
-/**
- * Test server that verifies that the Conscrypt ALPN mechanism works.
- */
-public class ConscryptHTTP2Server
-{
-    public static void main(String[] args) throws Exception
-    {
-        Security.addProvider(new OpenSSLProvider());
-
-        Server server = new Server();
-
-        HttpConfiguration httpsConfig = new HttpConfiguration();
-        httpsConfig.setSecureScheme("https");
-        httpsConfig.setSecurePort(8443);
-        httpsConfig.setSendXPoweredBy(true);
-        httpsConfig.setSendServerVersion(true);
-        httpsConfig.addCustomizer(new SecureRequestCustomizer());
-
-        SslContextFactory sslContextFactory = new SslContextFactory();
-        sslContextFactory.setProvider("Conscrypt");
-        sslContextFactory.setKeyStorePath("src/test/resources/keystore.jks");
-        sslContextFactory.setKeyStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
-        sslContextFactory.setKeyManagerPassword("OBF:1u2u1wml1z7s1z7a1wnl1u2g");
-        sslContextFactory.setCipherComparator(HTTP2Cipher.COMPARATOR);
-
-        HttpConnectionFactory http = new HttpConnectionFactory(httpsConfig);
-        HTTP2ServerConnectionFactory h2 = new HTTP2ServerConnectionFactory(httpsConfig);
-        ALPNServerConnectionFactory alpn = new ALPNServerConnectionFactory();
-        alpn.setDefaultProtocol(http.getProtocol());
-        SslConnectionFactory ssl = new SslConnectionFactory(sslContextFactory, alpn.getProtocol());
-
-        ServerConnector http2Connector = new ServerConnector(server, ssl, alpn, h2, http);
-        http2Connector.setPort(8443);
-        server.addConnector(http2Connector);
-
-        server.start();
-    }
-}

jetty-alpn/jetty-alpn-conscrypt-server/src/test/java/org/eclipse/jetty/alpn/conscrypt/server/ConscryptHTTP2ServerTest.java

@@ -0,0 +1,140 @@
+//
+//  ========================================================================
+//  Copyright (c) 1995-2019 Mort Bay Consulting Pty. Ltd.
+//  ------------------------------------------------------------------------
+//  All rights reserved. This program and the accompanying materials
+//  are made available under the terms of the Eclipse Public License v1.0
+//  and Apache License v2.0 which accompanies this distribution.
+//
+//      The Eclipse Public License is available at
+//      http://www.eclipse.org/legal/epl-v10.html
+//
+//      The Apache License v2.0 is available at
+//      http://www.opensource.org/licenses/apache2.0.php
+//
+//  You may elect to redistribute this code under either of these licenses.
+//  ========================================================================
+//
+
+package org.eclipse.jetty.alpn.conscrypt.server;
+
+import java.io.File;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+import java.security.Security;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.conscrypt.OpenSSLProvider;
+import org.eclipse.jetty.alpn.server.ALPNServerConnectionFactory;
+import org.eclipse.jetty.client.HttpClient;
+import org.eclipse.jetty.client.api.ContentResponse;
+import org.eclipse.jetty.http2.client.HTTP2Client;
+import org.eclipse.jetty.http2.client.http.HttpClientTransportOverHTTP2;
+import org.eclipse.jetty.http2.server.HTTP2ServerConnectionFactory;
+import org.eclipse.jetty.server.HttpConfiguration;
+import org.eclipse.jetty.server.HttpConnectionFactory;
+import org.eclipse.jetty.server.Request;
+import org.eclipse.jetty.server.SecureRequestCustomizer;
+import org.eclipse.jetty.server.Server;
+import org.eclipse.jetty.server.ServerConnector;
+import org.eclipse.jetty.server.SslConnectionFactory;
+import org.eclipse.jetty.server.handler.AbstractHandler;
+import org.eclipse.jetty.util.JavaVersion;
+import org.eclipse.jetty.util.ssl.SslContextFactory;
+import org.junit.jupiter.api.AfterEach;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+
+/**
+ * Test server that verifies that the Conscrypt ALPN mechanism works for both server and client side
+ */
+public class ConscryptHTTP2ServerTest
+{
+    static
+    {
+        Security.addProvider(new OpenSSLProvider());
+    }
+
+    private Server server = new Server();
+
+    private SslContextFactory newSslContextFactory()
+    {
+        Path path = Paths.get("src", "test", "resources");
+        File keys = path.resolve("keystore").toFile();
+
+        SslContextFactory sslContextFactory = new SslContextFactory();
+        sslContextFactory.setKeyManagerPassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
+        sslContextFactory.setTrustStorePath(keys.getAbsolutePath());
+        sslContextFactory.setKeyStorePath(keys.getAbsolutePath());
+        sslContextFactory.setTrustStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
+        sslContextFactory.setProvider("Conscrypt");
+        sslContextFactory.setEndpointIdentificationAlgorithm(null);
+        if (JavaVersion.VERSION.getPlatform() < 9)
+        {
+            // Conscrypt enables TLSv1.3 by default but it's not supported in Java 8.
+            sslContextFactory.addExcludeProtocols("TLSv1.3");
+        }
+        return sslContextFactory;
+    }
+
+    @BeforeEach
+    public void startServer() throws Exception
+    {
+        HttpConfiguration httpsConfig = new HttpConfiguration();
+        httpsConfig.setSecureScheme("https");
+
+        httpsConfig.setSendXPoweredBy(true);
+        httpsConfig.setSendServerVersion(true);
+        httpsConfig.addCustomizer(new SecureRequestCustomizer());
+
+        HttpConnectionFactory http = new HttpConnectionFactory(httpsConfig);
+        HTTP2ServerConnectionFactory h2 = new HTTP2ServerConnectionFactory(httpsConfig);
+        ALPNServerConnectionFactory alpn = new ALPNServerConnectionFactory();
+        alpn.setDefaultProtocol(http.getProtocol());
+        SslConnectionFactory ssl = new SslConnectionFactory(newSslContextFactory(), alpn.getProtocol());
+
+        ServerConnector http2Connector = new ServerConnector(server, ssl, alpn, h2, http);
+        http2Connector.setPort(0);
+        server.addConnector(http2Connector);
+
+        server.setHandler(new AbstractHandler()
+        {
+            @Override
+            public void handle(String target, Request baseRequest, HttpServletRequest request, HttpServletResponse response)
+            {
+                response.setStatus(200);
+                baseRequest.setHandled(true);
+            }
+        });
+
+        server.start();
+    }
+
+    @AfterEach
+    public void stopServer() throws Exception
+    {
+        if (server != null)
+            server.stop();
+    }
+
+    @Test
+    public void testSimpleRequest() throws Exception
+    {
+        HTTP2Client h2Client = new HTTP2Client();
+        HttpClient client = new HttpClient(new HttpClientTransportOverHTTP2(h2Client), newSslContextFactory());
+        client.start();
+        try
+        {
+            int port = ((ServerConnector)server.getConnectors()[0]).getLocalPort();
+            ContentResponse contentResponse = client.GET("https://localhost:" + port);
+            assertEquals(200, contentResponse.getStatus());
+        }
+        finally
+        {
+            client.stop();
+        }
+    }
+}

jetty-deploy/src/main/java/org/eclipse/jetty/deploy/providers/jmx/WebAppProviderMBean.java

@@ -22,12 +22,12 @@ import java.util.List;
 import java.util.stream.Collectors;
 
 import org.eclipse.jetty.deploy.providers.WebAppProvider;
-import org.eclipse.jetty.server.handler.jmx.AbstractHandlerMBean;
+import org.eclipse.jetty.jmx.ObjectMBean;
 import org.eclipse.jetty.util.annotation.ManagedAttribute;
 import org.eclipse.jetty.util.annotation.ManagedObject;
 
 @ManagedObject("WebAppProvider mbean wrapper")
-public class WebAppProviderMBean extends AbstractHandlerMBean
+public class WebAppProviderMBean extends ObjectMBean
 {
     public WebAppProviderMBean(Object managedObject)
     {

jetty-documentation/src/main/asciidoc/administration/startup/startup-windows-service.adoc

@@ -147,7 +147,7 @@ We'll start by specifying which modules we want to use (this will create a start
 
 [source, screen, subs="{sub-order}"]
 ....
-C:\opt\myappbase>java -jar ..\jetty\start.jar --add-to-start=deploy,http,logging
+C:\opt\myappbase>java -jar ..\jetty\start.jar --add-to-start=deploy,http,console-capture
 
 WARNING: deploy          initialised in ${jetty.base}\start.ini (appended)
 WARNING: deploy          enabled in     ${jetty.base}\start.ini
@@ -260,7 +260,7 @@ set PR_STOPPARAMS=--stop;STOP.KEY="%STOPKEY%";STOP.PORT=%STOPPORT%;STOP.WAIT=10
   --JvmMs="%PR_JVMMS%" ^
   --JvmMx="%PR_JVMMX%" ^
   --JvmSs="%PR_JVMSS%" ^
-  --JvmOptions="%PR_JVMOPTIONS%" ^
+  --JvmOptions=%PR_JVMOPTIONS% ^
   --Classpath="%PR_CLASSPATH%" ^
   --StartMode="%PR_STARTMODE%" ^
   --StartClass="%JETTY_START_CLASS%" ^

jetty-documentation/src/main/asciidoc/configuring/connectors/configuring-ssl.adoc

@@ -739,6 +739,9 @@ sslContextFactory.setProvider("Conscrypt");
 
 If you are using the Jetty Distribution, please see the section on enabling the link:#jetty-conscrypt-distribution[Conscrypt SSL module.]
 
+If you are using Conscrypt with Java 8, you must exclude `TLSv1.3` protocol as it is now enabled per default with Conscrypt 2.0.0 but not supported by Java 8.
+
+
 ==== Configuring SNI
 
 From Java 8, the JVM contains support for the http://en.wikipedia.org/wiki/Server_Name_Indication[Server Name Indicator (SNI)] extension, which allows a SSL connection handshake to indicate one or more DNS names that it applies to.

jetty-home/src/main/resources/modules/conscrypt.mod

@@ -29,6 +29,6 @@ Conscrypt is distributed under the Apache Licence 2.0
 https://github.com/google/conscrypt/blob/master/LICENSE
 
 [ini]
-conscrypt.version?=1.1.4
+conscrypt.version?=2.0.0
 jetty.sslContext.provider?=Conscrypt
 

jetty-osgi/test-jetty-osgi/src/test/config/etc/jetty-http2.xml

@@ -21,6 +21,13 @@
       <Get class="org.eclipse.jetty.http2.HTTP2Cipher" name="COMPARATOR"/>
     </Set>
     <Set name="useCipherSuitesOrder">true</Set>
+    <Call name="addExcludeProtocols">
+      <Arg>
+        <Array type="java.lang.String">
+          <Item>TLSv1.3</Item>
+        </Array>
+      </Arg>
+    </Call>
   </Ref>
 
 </Configure>

jetty-osgi/test-jetty-osgi/src/test/java/org/eclipse/jetty/osgi/test/TestJettyOSGiBootHTTP2Conscrypt.java

@@ -24,13 +24,13 @@ import java.nio.file.Paths;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.concurrent.Executor;
-
 import javax.inject.Inject;
 
 import org.eclipse.jetty.client.HttpClient;
 import org.eclipse.jetty.client.api.ContentResponse;
 import org.eclipse.jetty.http2.client.HTTP2Client;
 import org.eclipse.jetty.http2.client.http.HttpClientTransportOverHTTP2;
+import org.eclipse.jetty.util.JavaVersion;
 import org.eclipse.jetty.util.ssl.SslContextFactory;
 import org.eclipse.jetty.util.thread.QueuedThreadPool;
 import org.junit.Test;
@@ -145,6 +145,11 @@ public class TestJettyOSGiBootHTTP2Conscrypt
             sslContextFactory.setTrustStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
             sslContextFactory.setProvider("Conscrypt");
             sslContextFactory.setEndpointIdentificationAlgorithm(null);
+            if (JavaVersion.VERSION.getPlatform() < 9)
+            {
+                // Conscrypt enables TLSv1.3 by default but it's not supported in Java 8.
+                sslContextFactory.addExcludeProtocols("TLSv1.3");
+            }
             HttpClient httpClient = new HttpClient(new HttpClientTransportOverHTTP2(http2Client), sslContextFactory);
             Executor executor = new QueuedThreadPool();
             httpClient.setExecutor(executor);
@@ -154,7 +159,6 @@ public class TestJettyOSGiBootHTTP2Conscrypt
             ContentResponse response = httpClient.GET("https://localhost:" + port + "/jsp/jstl.jsp");
             assertEquals(200, response.getStatus());
             assertTrue(response.getContentAsString().contains("JSTL Example"));
-
         }
         finally
         {

jetty-proxy/src/main/java/org/eclipse/jetty/proxy/ConnectHandler.java

@@ -30,7 +30,6 @@ import java.util.Set;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.concurrent.ConcurrentMap;
 import java.util.concurrent.Executor;
-
 import javax.servlet.AsyncContext;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;

jetty-server/src/main/java/org/eclipse/jetty/server/Server.java

@@ -371,10 +371,7 @@ public class Server extends HandlerWrapper implements Attributes
 
             LOG.info("jetty-{}; built: {}; git: {}; jvm {}", getVersion(), timestamp, gitHash, System.getProperty("java.runtime.version",System.getProperty("java.version")));
             if (!Jetty.STABLE)
-            {
                 LOG.warn("THIS IS NOT A STABLE RELEASE! DO NOT USE IN PRODUCTION!");
-                LOG.warn("Download a stable release from http://download.eclipse.org/jetty/");
-            }
 
             HttpGenerator.setJettyVersion(HttpConfiguration.SERVER_VERSION);
 
@@ -421,7 +418,18 @@ public class Server extends HandlerWrapper implements Attributes
         catch(Throwable th)
         {
             // Close any connectors that were opened
-            _connectors.stream().filter(NetworkConnector.class::isInstance).map(NetworkConnector.class::cast).forEach(NetworkConnector::close);
+            _connectors.stream().filter(NetworkConnector.class::isInstance).map(NetworkConnector.class::cast).forEach(nc->
+            {
+                try
+                {
+                    nc.close();
+                }
+                catch(Throwable t2)
+                {
+                    if (th!=t2)
+                        th.addSuppressed(t2);
+                }
+            });
             throw th;
         }
         finally

jetty-server/src/test/java/org/eclipse/jetty/server/GracefulStopTest.java

@@ -32,7 +32,6 @@ import java.util.concurrent.TimeUnit;
 import java.util.concurrent.TimeoutException;
 import java.util.concurrent.atomic.AtomicBoolean;
 import java.util.concurrent.atomic.AtomicReference;
-
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;

jetty-websocket/jetty-websocket-api/src/main/java/org/eclipse/jetty/websocket/api/extensions/ExtensionConfig.java

@@ -18,236 +18,50 @@
 
 package org.eclipse.jetty.websocket.api.extensions;
 
-import org.eclipse.jetty.websocket.api.util.QuoteUtil;
-
-import java.util.ArrayList;
-import java.util.Enumeration;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.List;
 import java.util.Map;
+import java.util.ServiceLoader;
 import java.util.Set;
 
 /**
  * Represents an Extension Configuration, as seen during the connection Handshake process.
  */
-public class ExtensionConfig
+public interface ExtensionConfig
 {
-    /**
+    interface Parser
-     * Parse a single parameterized name.
-     *
-     * @param parameterizedName the parameterized name
-     * @return the ExtensionConfig
-     */
-    public static ExtensionConfig parse(String parameterizedName)
     {
-        return new ExtensionConfig(parameterizedName);
+        ExtensionConfig parse(String parameterizedName);
     }
 
-    /**
+    private static ExtensionConfig.Parser getParser()
-     * Parse enumeration of {@code Sec-WebSocket-Extensions} header values into a {@code ExtensionConfig} list
-     *
-     * @param valuesEnum the raw header values enum
-     * @return the list of extension configs
-     */
-    public static List<ExtensionConfig> parseEnum(Enumeration<String> valuesEnum)
     {
-        List<ExtensionConfig> configs = new ArrayList<>();
+        return ServiceLoader.load(ExtensionConfig.Parser.class).findFirst().get();
-
-        if (valuesEnum != null)
-        {
-            while (valuesEnum.hasMoreElements())
-            {
-                Iterator<String> extTokenIter = QuoteUtil.splitAt(valuesEnum.nextElement(), ",");
-                while (extTokenIter.hasNext())
-                {
-                    String extToken = extTokenIter.next();
-                    configs.add(ExtensionConfig.parse(extToken));
-                }
-            }
     }
 
-        return configs;
+    static ExtensionConfig parse(String parameterizedName)
+    {
+        return getParser().parse(parameterizedName);
     }
 
-    /**
+    String getName();
-     * Parse 1 or more raw {@code Sec-WebSocket-Extensions} header values into a {@code ExtensionConfig} list
-     *
-     * @param rawSecWebSocketExtensions the raw header values
-     * @return the list of extension configs
-     */
-    public static List<ExtensionConfig> parseList(String... rawSecWebSocketExtensions)
-    {
-        List<ExtensionConfig> configs = new ArrayList<>();
 
-        for (String rawValue : rawSecWebSocketExtensions)
+    int getParameter(String key, int defValue);
-        {
-            Iterator<String> extTokenIter = QuoteUtil.splitAt(rawValue, ",");
-            while (extTokenIter.hasNext())
-            {
-                String extToken = extTokenIter.next();
-                configs.add(ExtensionConfig.parse(extToken));
-            }
-        }
 
-        return configs;
+    String getParameter(String key, String defValue);
-    }
 
-    /**
+    String getParameterizedName();
-     * Convert a list of {@code ExtensionConfig} to a header value
-     *
-     * @param configs the list of extension configs
-     * @return the header value (null if no configs present)
-     */
-    public static String toHeaderValue(List<ExtensionConfig> configs)
-    {
-        if ((configs == null) || (configs.isEmpty()))
-        {
-            return null;
-        }
-        StringBuilder parameters = new StringBuilder();
-        boolean needsDelim = false;
-        for (ExtensionConfig ext : configs)
-        {
-            if (needsDelim)
-            {
-                parameters.append(", ");
-            }
-            parameters.append(ext.getParameterizedName());
-            needsDelim = true;
-        }
-        return parameters.toString();
-    }
 
-    private final String name;
+    Set<String> getParameterKeys();
-    private final Map<String, String> parameters;
-
-    /**
-     * Copy constructor
-     *
-     * @param copy the extension config to copy
-     */
-    public ExtensionConfig(ExtensionConfig copy)
-    {
-        this.name = copy.name;
-        this.parameters = new HashMap<>();
-        this.parameters.putAll(copy.parameters);
-    }
-
-    public ExtensionConfig(String parameterizedName)
-    {
-        Iterator<String> extListIter = QuoteUtil.splitAt(parameterizedName, ";");
-        this.name = extListIter.next();
-        this.parameters = new HashMap<>();
-
-        // now for parameters
-        while (extListIter.hasNext())
-        {
-            String extParam = extListIter.next();
-            Iterator<String> extParamIter = QuoteUtil.splitAt(extParam, "=");
-            String key = extParamIter.next().trim();
-            String value = null;
-            if (extParamIter.hasNext())
-            {
-                value = extParamIter.next();
-            }
-            parameters.put(key, value);
-        }
-    }
-
-    public ExtensionConfig(String name, Map<String, String> parameters)
-    {
-        this.name = name;
-        this.parameters = parameters;
-    }
-
-    public String getName()
-    {
-        return name;
-    }
-
-    public final int getParameter(String key, int defValue)
-    {
-        String val = parameters.get(key);
-        if (val == null)
-        {
-            return defValue;
-        }
-        return Integer.parseInt(val);
-    }
-
-    public final String getParameter(String key, String defValue)
-    {
-        String val = parameters.get(key);
-        if (val == null)
-        {
-            return defValue;
-        }
-        return val;
-    }
-
-    public final String getParameterizedName()
-    {
-        StringBuilder str = new StringBuilder();
-        str.append(name);
-        for (String param : parameters.keySet())
-        {
-            str.append(';');
-            str.append(param);
-            String value = parameters.get(param);
-            if (value != null)
-            {
-                str.append('=');
-                QuoteUtil.quoteIfNeeded(str, value, ";=");
-            }
-        }
-        return str.toString();
-    }
-
-    public final Set<String> getParameterKeys()
-    {
-        return parameters.keySet();
-    }
 
     /**
      * Return parameters found in request URI.
      *
      * @return the parameter map
      */
-    public final Map<String, String> getParameters()
+    Map<String, String> getParameters();
-    {
-        return parameters;
-    }
 
-    /**
+    void setParameter(String key);
-     * Initialize the parameters on this config from the other configuration.
-     *
-     * @param other the other configuration.
-     */
-    public final void init(ExtensionConfig other)
-    {
-        this.parameters.clear();
-        this.parameters.putAll(other.parameters);
-    }
 
-    public final void setParameter(String key)
+    void setParameter(String key, int value);
-    {
-        parameters.put(key, null);
-    }
 
-    public final void setParameter(String key, int value)
+    void setParameter(String key, String value);
-    {
-        parameters.put(key, Integer.toString(value));
-    }
-
-    public final void setParameter(String key, String value)
-    {
-        parameters.put(key, value);
-    }
-
-    @Override
-    public String toString()
-    {
-        return getParameterizedName();
-    }
 }

jetty-websocket/jetty-websocket-client/src/main/java/org/eclipse/jetty/websocket/client/JettyUpgradeListener.java

@@ -0,0 +1,42 @@
+//
+//  ========================================================================
+//  Copyright (c) 1995-2019 Mort Bay Consulting Pty. Ltd.
+//  ------------------------------------------------------------------------
+//  All rights reserved. This program and the accompanying materials
+//  are made available under the terms of the Eclipse Public License v1.0
+//  and Apache License v2.0 which accompanies this distribution.
+//
+//      The Eclipse Public License is available at
+//      http://www.eclipse.org/legal/epl-v10.html
+//
+//      The Apache License v2.0 is available at
+//      http://www.opensource.org/licenses/apache2.0.php
+//
+//  You may elect to redistribute this code under either of these licenses.
+//  ========================================================================
+//
+
+package org.eclipse.jetty.websocket.client;
+
+import org.eclipse.jetty.client.HttpRequest;
+import org.eclipse.jetty.client.HttpResponse;
+
+public interface JettyUpgradeListener
+{
+    /**
+     * Event that triggers before the Handshake request is sent.
+     *
+     * @param request the request
+     */
+    default void onHandshakeRequest(HttpRequest request)
+    {}
+
+    /**
+     * Event that triggers after the Handshake response has been received.
+     *
+     * @param request  the request that was used
+     * @param response the response that was received
+     */
+    default void onHandshakeResponse(HttpRequest request, HttpResponse response)
+    {}
+}

jetty-websocket/jetty-websocket-client/src/main/java/org/eclipse/jetty/websocket/client/WebSocketClient.java

@@ -32,6 +32,8 @@ import java.util.concurrent.ThreadLocalRandom;
 import java.util.function.Consumer;
 
 import org.eclipse.jetty.client.HttpClient;
+import org.eclipse.jetty.client.HttpRequest;
+import org.eclipse.jetty.client.HttpResponse;
 import org.eclipse.jetty.io.ByteBufferPool;
 import org.eclipse.jetty.io.Connection;
 import org.eclipse.jetty.util.DecoratedObjectFactory;
@@ -124,15 +126,29 @@ public class WebSocketClient extends ContainerLifeCycle implements WebSocketPoli
      * @return the future for the session, available on success of connect
      * @throws IOException if unable to connect
      */
-    public CompletableFuture<Session> connect(Object websocket, URI toUri, UpgradeRequest request, UpgradeListener upgradeListener) throws IOException
+    public CompletableFuture<Session> connect(Object websocket, URI toUri, UpgradeRequest request, JettyUpgradeListener upgradeListener) throws IOException
     {
         for (Connection.Listener listener : getBeans(Connection.Listener.class))
             coreClient.addBean(listener);
             
         JettyClientUpgradeRequest upgradeRequest = new JettyClientUpgradeRequest(this, coreClient, request, toUri, websocket);
         if (upgradeListener != null)
-            upgradeRequest.addListener(upgradeListener);
+        {
+            upgradeRequest.addListener(new UpgradeListener()
+            {
+                @Override
+                public void onHandshakeRequest(HttpRequest request)
+                {
+                    upgradeListener.onHandshakeRequest(request);
+                }
 
+                @Override
+                public void onHandshakeResponse(HttpRequest request, HttpResponse response)
+                {
+                    upgradeListener.onHandshakeResponse(request, response);
+                }
+            });
+        }
         coreClient.connect(upgradeRequest);
         return upgradeRequest.getFutureSession();
     }
@@ -283,11 +299,6 @@ public class WebSocketClient extends ContainerLifeCycle implements WebSocketPoli
         return getHttpClient().getExecutor();
     }
 
-    public WebSocketExtensionRegistry getExtensionRegistry()
-    {
-        return extensionRegistry;
-    }
-
     public HttpClient getHttpClient()
     {
         return coreClient.getHttpClient();

jetty-websocket/jetty-websocket-client/src/main/java/org/eclipse/jetty/websocket/client/impl/JettyClientUpgradeRequest.java

@@ -22,6 +22,7 @@ import java.net.HttpCookie;
 import java.net.URI;
 import java.util.List;
 import java.util.concurrent.CompletableFuture;
+import java.util.stream.Collectors;
 
 import org.eclipse.jetty.client.HttpResponse;
 import org.eclipse.jetty.http.HttpFields;
@@ -33,6 +34,7 @@ import org.eclipse.jetty.websocket.api.UpgradeRequest;
 import org.eclipse.jetty.websocket.api.UpgradeResponse;
 import org.eclipse.jetty.websocket.client.WebSocketClient;
 import org.eclipse.jetty.websocket.common.JettyWebSocketFrameHandler;
+import org.eclipse.jetty.websocket.core.ExtensionConfig;
 import org.eclipse.jetty.websocket.core.FrameHandler;
 import org.eclipse.jetty.websocket.core.client.ClientUpgradeRequest;
 import org.eclipse.jetty.websocket.core.client.WebSocketCoreClient;
@@ -74,9 +76,9 @@ public class JettyClientUpgradeRequest extends ClientUpgradeRequest
             setSubProtocols(request.getSubProtocols());
 
             // Copy extensions
-            /* TODO or not?
+            setExtensions(request.getExtensions().stream()
-            setExtensions(request.getExtensions());
+                    .map(c -> new ExtensionConfig(c.getName(), c.getParameters()))
-            */
+                    .collect(Collectors.toList()));
 
             // Copy method from upgradeRequest object
             if (request.getMethod() != null)

jetty-websocket/jetty-websocket-common/src/main/java/module-info.java

@@ -16,6 +16,9 @@
 //  ========================================================================
 //
 
+import org.eclipse.jetty.websocket.api.extensions.ExtensionConfig;
+import org.eclipse.jetty.websocket.common.ExtensionConfigParser;
+
 module org.eclipse.jetty.websocket.jetty.common
 {
     exports org.eclipse.jetty.websocket.common;
@@ -27,4 +30,6 @@ module org.eclipse.jetty.websocket.jetty.common
     requires org.eclipse.jetty.util;
     requires org.eclipse.jetty.websocket.core;
     requires org.eclipse.jetty.websocket.jetty.api;
+
+    provides ExtensionConfig.Parser with ExtensionConfigParser;
 }

jetty-websocket/jetty-websocket-common/src/main/java/org/eclipse/jetty/websocket/common/ExtensionConfigParser.java

@@ -0,0 +1,36 @@
+//
+//  ========================================================================
+//  Copyright (c) 1995-2019 Mort Bay Consulting Pty. Ltd.
+//  ------------------------------------------------------------------------
+//  All rights reserved. This program and the accompanying materials
+//  are made available under the terms of the Eclipse Public License v1.0
+//  and Apache License v2.0 which accompanies this distribution.
+//
+//      The Eclipse Public License is available at
+//      http://www.eclipse.org/legal/epl-v10.html
+//
+//      The Apache License v2.0 is available at
+//      http://www.opensource.org/licenses/apache2.0.php
+//
+//  You may elect to redistribute this code under either of these licenses.
+//  ========================================================================
+//
+
+package org.eclipse.jetty.websocket.common;
+
+import org.eclipse.jetty.websocket.core.ExtensionConfig;
+
+public class ExtensionConfigParser implements org.eclipse.jetty.websocket.api.extensions.ExtensionConfig.Parser
+{
+    /**
+     * Parse a single parameterized name.
+     *
+     * @param parameterizedName the parameterized name
+     * @return the ExtensionConfig
+     */
+    @Override
+    public JettyExtensionConfig parse(String parameterizedName)
+    {
+        return new JettyExtensionConfig(ExtensionConfig.parse(parameterizedName));
+    }
+}

jetty-websocket/jetty-websocket-common/src/main/java/org/eclipse/jetty/websocket/common/JettyExtensionConfig.java

@@ -0,0 +1,128 @@
+//
+//  ========================================================================
+//  Copyright (c) 1995-2019 Mort Bay Consulting Pty. Ltd.
+//  ------------------------------------------------------------------------
+//  All rights reserved. This program and the accompanying materials
+//  are made available under the terms of the Eclipse Public License v1.0
+//  and Apache License v2.0 which accompanies this distribution.
+//
+//      The Eclipse Public License is available at
+//      http://www.eclipse.org/legal/epl-v10.html
+//
+//      The Apache License v2.0 is available at
+//      http://www.opensource.org/licenses/apache2.0.php
+//
+//  You may elect to redistribute this code under either of these licenses.
+//  ========================================================================
+//
+
+package org.eclipse.jetty.websocket.common;
+
+import java.util.Map;
+import java.util.Set;
+
+import org.eclipse.jetty.websocket.core.ExtensionConfig;
+
+/**
+ * Represents an Extension Configuration, as seen during the connection Handshake process.
+ */
+public class JettyExtensionConfig implements org.eclipse.jetty.websocket.api.extensions.ExtensionConfig
+{
+
+    private final ExtensionConfig config;
+
+    /**
+     * Copy constructor
+     *
+     * @param copy the extension config to copy
+     */
+    public JettyExtensionConfig(JettyExtensionConfig copy)
+    {
+        this(copy.config);
+    }
+
+    public JettyExtensionConfig(ExtensionConfig config)
+    {
+        this.config = config;
+    }
+
+    public JettyExtensionConfig(String parameterizedName)
+    {
+        this.config = new ExtensionConfig(parameterizedName);
+    }
+
+    public JettyExtensionConfig(String name, Map<String, String> parameters)
+    {
+        this.config = new ExtensionConfig(name, parameters);
+    }
+
+    public ExtensionConfig getCoreConfig()
+    {
+        return config;
+    }
+
+    @Override
+    public String getName()
+    {
+        return config.getName();
+    }
+
+    @Override
+    public final int getParameter(String key, int defValue)
+    {
+        return config.getParameter(key, defValue);
+    }
+
+    @Override
+    public final String getParameter(String key, String defValue)
+    {
+        return config.getParameter(key, defValue);
+    }
+
+    @Override
+    public final String getParameterizedName()
+    {
+        return config.getParameterizedName();
+    }
+
+    @Override
+    public final Set<String> getParameterKeys()
+    {
+        return config.getParameterKeys();
+    }
+
+    /**
+     * Return parameters found in request URI.
+     *
+     * @return the parameter map
+     */
+    @Override
+    public final Map<String, String> getParameters()
+    {
+        return config.getParameters();
+    }
+
+    @Override
+    public final void setParameter(String key)
+    {
+        config.setParameter(key);
+    }
+
+    @Override
+    public final void setParameter(String key, int value)
+    {
+        config.setParameter(key, value);
+    }
+
+    @Override
+    public final void setParameter(String key, String value)
+    {
+        config.setParameter(key, value);
+    }
+
+    @Override
+    public String toString()
+    {
+        return config.toString();
+    }
+}

jetty-websocket/jetty-websocket-common/src/main/resources/META-INF/services/org.eclipse.jetty.websocket.api.extensions.ExtensionConfig$Parser

@@ -0,0 +1 @@
+org.eclipse.jetty.websocket.common.ExtensionConfigParser

jetty-websocket/jetty-websocket-server/src/main/java/org/eclipse/jetty/websocket/server/JettyServerUpgradeRequest.java

@@ -0,0 +1,328 @@
+//
+//  ========================================================================
+//  Copyright (c) 1995-2019 Mort Bay Consulting Pty. Ltd.
+//  ------------------------------------------------------------------------
+//  All rights reserved. This program and the accompanying materials
+//  are made available under the terms of the Eclipse Public License v1.0
+//  and Apache License v2.0 which accompanies this distribution.
+//
+//      The Eclipse Public License is available at
+//      http://www.eclipse.org/legal/epl-v10.html
+//
+//      The Apache License v2.0 is available at
+//      http://www.opensource.org/licenses/apache2.0.php
+//
+//  You may elect to redistribute this code under either of these licenses.
+//  ========================================================================
+//
+
+package org.eclipse.jetty.websocket.server;
+
+import java.net.HttpCookie;
+import java.net.InetSocketAddress;
+import java.net.SocketAddress;
+import java.net.URI;
+import java.security.Principal;
+import java.security.cert.X509Certificate;
+import java.util.Enumeration;
+import java.util.List;
+import java.util.Locale;
+import java.util.Map;
+import java.util.stream.Collectors;
+
+import javax.servlet.ServletRequest;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
+
+import org.eclipse.jetty.websocket.api.extensions.ExtensionConfig;
+import org.eclipse.jetty.websocket.common.JettyExtensionConfig;
+import org.eclipse.jetty.websocket.core.server.Negotiation;
+import org.eclipse.jetty.websocket.servlet.ServletUpgradeRequest;
+
+public class JettyServerUpgradeRequest
+{
+    private ServletUpgradeRequest upgradeRequest;
+
+    public JettyServerUpgradeRequest(ServletUpgradeRequest request)
+    {
+        upgradeRequest = request;
+    }
+
+    /**
+     * @return The {@link X509Certificate} instance at request attribute "javax.servlet.request.X509Certificate" or null.
+     */
+    public X509Certificate[] getCertificates()
+    {
+        return upgradeRequest.getCertificates();
+    }
+
+    /**
+     * @see HttpServletRequest#getCookies()
+     * @return Request cookies
+     */
+    public List<HttpCookie> getCookies()
+    {
+        return upgradeRequest.getCookies();
+    }
+
+    /**
+     * @return The extensions offered
+     * @see Negotiation#getOfferedExtensions()
+     */
+    public List<ExtensionConfig> getExtensions()
+    {
+        return upgradeRequest.getExtensions().stream().map(JettyExtensionConfig::new).collect(Collectors.toList());
+    }
+
+    /**
+     * @param name Header name
+     * @return Header value or null
+     * @see HttpServletRequest#getHeader(String)
+     */
+    public String getHeader(String name)
+    {
+        return upgradeRequest.getHeader(name);
+    }
+
+    /**
+     * @param name Header name
+     * @return Header value as integer or -1
+     * @see HttpServletRequest#getHeader(String)
+     */
+    public int getHeaderInt(String name)
+    {
+        return upgradeRequest.getHeaderInt(name);
+    }
+
+    /**
+     * @return Map of headers
+     */
+    public Map<String, List<String>> getHeadersMap()
+    {
+        return upgradeRequest.getHeadersMap();
+    }
+
+    /**
+     * @param name Header name
+     * @return List of header values or null
+     */
+    public List<String> getHeaders(String name)
+    {
+        return upgradeRequest.getHeaders(name);
+    }
+
+    /**
+     * @return The requested host
+     * @see HttpServletRequest#getRequestURL()
+     */
+    public String getHost()
+    {
+        return upgradeRequest.getHost();
+    }
+
+    /**
+     * @return Immutable version of {@link HttpServletRequest}
+     */
+    public HttpServletRequest getHttpServletRequest()
+    {
+        return upgradeRequest.getHttpServletRequest();
+    }
+
+    /**
+     * @return The HTTP protocol version
+     * @see HttpServletRequest#getProtocol()
+     */
+    public String getHttpVersion()
+    {
+        return upgradeRequest.getHttpVersion();
+    }
+
+    /**
+     * @return The requested Locale
+     * @see HttpServletRequest#getLocale()
+     */
+    public Locale getLocale()
+    {
+        return upgradeRequest.getLocale();
+    }
+
+    /**
+     * @return The requested Locales
+     * @see HttpServletRequest#getLocales()
+     */
+    public Enumeration<Locale> getLocales()
+    {
+        return upgradeRequest.getLocales();
+    }
+
+    /**
+     * @return The local requested address, which is typically an {@link InetSocketAddress}, but may be another derivation of {@link SocketAddress}
+     * @see ServletRequest#getLocalAddr()
+     * @see ServletRequest#getLocalPort()
+     */
+    public SocketAddress getLocalSocketAddress()
+    {
+        return upgradeRequest.getLocalSocketAddress();
+    }
+
+    /**
+     * @return The requested method
+     * @see HttpServletRequest#getMethod()
+     */
+    public String getMethod()
+    {
+        return upgradeRequest.getMethod();
+    }
+
+    /**
+     * @return The origin header value
+     */
+    public String getOrigin()
+    {
+        return upgradeRequest.getOrigin();
+    }
+
+    /**
+     * @return The request parameter map
+     * @see ServletRequest#getParameterMap()
+     */
+    public Map<String, List<String>> getParameterMap()
+    {
+        return upgradeRequest.getParameterMap();
+    }
+
+    /**
+     * @return WebSocket protocol version from "Sec-WebSocket-Version" header
+     */
+    public String getProtocolVersion()
+    {
+        return upgradeRequest.getProtocolVersion();
+    }
+
+    /**
+     * @return The request query string
+     * @see HttpServletRequest#getQueryString()
+     */
+    public String getQueryString()
+    {
+        return upgradeRequest.getQueryString();
+    }
+
+    /**
+     * @return The remote request address, which is typically an {@link InetSocketAddress}, but may be another derivation of {@link SocketAddress}
+     * @see ServletRequest#getRemoteAddr()
+     * @see ServletRequest#getRemotePort()
+     */
+    public SocketAddress getRemoteSocketAddress()
+    {
+        return upgradeRequest.getRemoteSocketAddress();
+    }
+
+    /**
+     * @return The request URI path within the context
+     */
+    public String getRequestPath()
+    {
+        return upgradeRequest.getRequestPath();
+    }
+
+    /**
+     * @return The request URI
+     * @see HttpServletRequest#getRequestURL()
+     */
+    public URI getRequestURI()
+    {
+        return upgradeRequest.getRequestURI();
+    }
+
+    /**
+     * @param name Attribute name
+     * @return Attribute value or null
+     * @see ServletRequest#getAttribute(String)
+     */
+    public Object getServletAttribute(String name)
+    {
+        return upgradeRequest.getServletAttribute(name);
+    }
+
+    /**
+     * @return Request attribute map
+     */
+    public Map<String, Object> getServletAttributes()
+    {
+        return upgradeRequest.getServletAttributes();
+    }
+
+    /**
+     * @return Request parameters
+     * @see ServletRequest#getParameterMap()
+     */
+    public Map<String, List<String>> getServletParameters()
+    {
+        return upgradeRequest.getServletParameters();
+    }
+
+    /**
+     * @return The HttpSession, which may be null or invalidated
+     * @see HttpServletRequest#getSession(boolean)
+     */
+    public HttpSession getSession()
+    {
+        return upgradeRequest.getSession();
+    }
+
+    /**
+     * @return Get WebSocket negotiation offered sub protocols
+     */
+    public List<String> getSubProtocols()
+    {
+        return upgradeRequest.getSubProtocols();
+    }
+
+    /**
+     * @return The User's {@link Principal} or null
+     * @see HttpServletRequest#getUserPrincipal()
+     */
+    public Principal getUserPrincipal()
+    {
+        return upgradeRequest.getUserPrincipal();
+    }
+
+    /**
+     * @param subprotocol A sub protocol name
+     * @return True if the sub protocol was offered
+     */
+    public boolean hasSubProtocol(String subprotocol)
+    {
+        return upgradeRequest.hasSubProtocol(subprotocol);
+    }
+
+    /**
+     * @return True if the request is secure
+     * @see ServletRequest#isSecure()
+     */
+    public boolean isSecure()
+    {
+        return upgradeRequest.isSecure();
+    }
+
+    /**
+     * @param role The user role
+     * @return True if the requests user has the role
+     * @see HttpServletRequest#isUserInRole(String)
+     */
+    public boolean isUserInRole(String role)
+    {
+        return upgradeRequest.isUserInRole(role);
+    }
+
+    /**
+     * @param name Attribute name
+     * @param value Attribute value to set
+     * @see ServletRequest#setAttribute(String, Object)
+     */
+    public void setServletAttribute(String name, Object value)
+    {
+        upgradeRequest.setServletAttribute(name, value);
+    }
+}

jetty-websocket/jetty-websocket-server/src/main/java/org/eclipse/jetty/websocket/server/JettyServerUpgradeResponse.java

@@ -0,0 +1,121 @@
+//
+//  ========================================================================
+//  Copyright (c) 1995-2019 Mort Bay Consulting Pty. Ltd.
+//  ------------------------------------------------------------------------
+//  All rights reserved. This program and the accompanying materials
+//  are made available under the terms of the Eclipse Public License v1.0
+//  and Apache License v2.0 which accompanies this distribution.
+//
+//      The Eclipse Public License is available at
+//      http://www.eclipse.org/legal/epl-v10.html
+//
+//      The Apache License v2.0 is available at
+//      http://www.opensource.org/licenses/apache2.0.php
+//
+//  You may elect to redistribute this code under either of these licenses.
+//  ========================================================================
+//
+
+package org.eclipse.jetty.websocket.server;
+
+import java.io.IOException;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import java.util.stream.Collectors;
+
+import org.eclipse.jetty.websocket.api.extensions.ExtensionConfig;
+import org.eclipse.jetty.websocket.common.JettyExtensionConfig;
+import org.eclipse.jetty.websocket.servlet.ServletUpgradeResponse;
+
+public class JettyServerUpgradeResponse
+{
+    private ServletUpgradeResponse upgradeResponse;
+
+    public JettyServerUpgradeResponse(ServletUpgradeResponse response)
+    {
+        upgradeResponse = response;
+    }
+
+    public void addHeader(String name, String value)
+    {
+        upgradeResponse.addHeader(name, value);
+    }
+
+    public void setHeader(String name, String value)
+    {
+        upgradeResponse.setHeader(name, value);
+    }
+
+    public void setHeader(String name, List<String> values)
+    {
+        upgradeResponse.setHeader(name, values);
+    }
+
+    public String getAcceptedSubProtocol()
+    {
+        return upgradeResponse.getAcceptedSubProtocol();
+    }
+
+    public List<ExtensionConfig> getExtensions()
+    {
+        return upgradeResponse.getExtensions().stream().map(JettyExtensionConfig::new).collect(Collectors.toList());
+    }
+
+    public String getHeader(String name)
+    {
+        return upgradeResponse.getHeader(name);
+    }
+
+    public Set<String> getHeaderNames()
+    {
+        return upgradeResponse.getHeaderNames();
+    }
+
+    public Map<String, List<String>> getHeadersMap()
+    {
+        return upgradeResponse.getHeadersMap();
+    }
+
+    public List<String> getHeaders(String name)
+    {
+        return upgradeResponse.getHeaders(name);
+    }
+
+    public int getStatusCode()
+    {
+        return upgradeResponse.getStatusCode();
+    }
+
+    public boolean isCommitted()
+    {
+        return upgradeResponse.isCommitted();
+    }
+
+    public void sendError(int statusCode, String message) throws IOException
+    {
+        upgradeResponse.sendError(statusCode, message);
+    }
+
+    public void sendForbidden(String message) throws IOException
+    {
+        upgradeResponse.sendForbidden(message);
+    }
+
+    public void setAcceptedSubProtocol(String protocol)
+    {
+        upgradeResponse.setAcceptedSubProtocol(protocol);
+    }
+
+    public void setExtensions(List<ExtensionConfig> configs)
+    {
+        upgradeResponse.setExtensions(configs.stream()
+                .map(c->new org.eclipse.jetty.websocket.core.ExtensionConfig(c.getName(), c.getParameters()))
+                .collect(Collectors.toList()));
+    }
+
+    public void setStatusCode(int statusCode)
+    {
+        upgradeResponse.setStatusCode(statusCode);
+    }
+}

jetty-websocket/jetty-websocket-server/src/main/java/org/eclipse/jetty/websocket/server/JettyWebSocketCreator.java

@@ -0,0 +1,39 @@
+//
+//  ========================================================================
+//  Copyright (c) 1995-2019 Mort Bay Consulting Pty. Ltd.
+//  ------------------------------------------------------------------------
+//  All rights reserved. This program and the accompanying materials
+//  are made available under the terms of the Eclipse Public License v1.0
+//  and Apache License v2.0 which accompanies this distribution.
+//
+//      The Eclipse Public License is available at
+//      http://www.eclipse.org/legal/epl-v10.html
+//
+//      The Apache License v2.0 is available at
+//      http://www.opensource.org/licenses/apache2.0.php
+//
+//  You may elect to redistribute this code under either of these licenses.
+//  ========================================================================
+//
+
+package org.eclipse.jetty.websocket.server;
+
+
+/**
+ * Abstract WebSocket creator interface.
+ * <p>
+ * Should you desire filtering of the WebSocket object creation due to criteria such as origin or sub-protocol, then you will be required to implement a custom
+ * WebSocketCreator implementation.
+ * </p>
+ */
+public interface JettyWebSocketCreator
+{
+    /**
+     * Create a websocket from the incoming request.
+     *
+     * @param req  the request details
+     * @param resp the response details
+     * @return a websocket object to use, or null if no websocket should be created from this request.
+     */
+    Object createWebSocket(JettyServerUpgradeRequest req, JettyServerUpgradeResponse resp);
+}

jetty-websocket/jetty-websocket-server/src/main/java/org/eclipse/jetty/websocket/server/JettyWebSocketServerContainer.java

@@ -28,7 +28,6 @@ import java.util.function.Consumer;
 import javax.servlet.ServletContext;
 
 import org.eclipse.jetty.http.pathmap.PathSpec;
-import org.eclipse.jetty.server.handler.ContextHandler;
 import org.eclipse.jetty.servlet.ServletContextHandler;
 import org.eclipse.jetty.util.component.ContainerLifeCycle;
 import org.eclipse.jetty.util.component.LifeCycle;
@@ -44,7 +43,6 @@ import org.eclipse.jetty.websocket.core.FrameHandler;
 import org.eclipse.jetty.websocket.core.WebSocketComponents;
 import org.eclipse.jetty.websocket.core.WebSocketException;
 import org.eclipse.jetty.websocket.servlet.FrameHandlerFactory;
-import org.eclipse.jetty.websocket.servlet.WebSocketCreator;
 import org.eclipse.jetty.websocket.servlet.WebSocketMapping;
 
 public class JettyWebSocketServerContainer extends ContainerLifeCycle implements WebSocketContainer, WebSocketPolicy, LifeCycle.Listener
@@ -114,13 +112,15 @@ public class JettyWebSocketServerContainer extends ContainerLifeCycle implements
         addSessionListener(sessionTracker);
     }
 
-    public void addMapping(String pathSpec, WebSocketCreator creator)
+    public void addMapping(String pathSpec, JettyWebSocketCreator creator)
     {
         PathSpec ps = WebSocketMapping.parsePathSpec(pathSpec);
         if (webSocketMapping.getMapping(ps) != null)
             throw new WebSocketException("Duplicate WebSocket Mapping for PathSpec");
 
-        webSocketMapping.addMapping(ps, creator, frameHandlerFactory, customizer);
+        webSocketMapping.addMapping(ps,
+                (req, resp)-> creator.createWebSocket(new JettyServerUpgradeRequest(req), new JettyServerUpgradeResponse(resp)),
+                frameHandlerFactory, customizer);
     }
 
     @Override

jetty-websocket/jetty-websocket-server/src/main/java/org/eclipse/jetty/websocket/server/internal/DelegatedJettyServletUpgradeRequest.java

@@ -27,6 +27,7 @@ import java.util.stream.Collectors;
 
 import org.eclipse.jetty.websocket.api.UpgradeRequest;
 import org.eclipse.jetty.websocket.api.extensions.ExtensionConfig;
+import org.eclipse.jetty.websocket.common.JettyExtensionConfig;
 import org.eclipse.jetty.websocket.servlet.ServletUpgradeRequest;
 
 public class DelegatedJettyServletUpgradeRequest implements UpgradeRequest
@@ -60,7 +61,7 @@ public class DelegatedJettyServletUpgradeRequest implements UpgradeRequest
     public List<ExtensionConfig> getExtensions()
     {
         return this.servletRequest.getExtensions().stream()
-            .map((ext) -> new org.eclipse.jetty.websocket.api.extensions.ExtensionConfig(ext.getName(), ext.getParameters()))
+            .map((ext) -> new JettyExtensionConfig(ext.getName(), ext.getParameters()))
             .collect(Collectors.toList());
     }
 

jetty-websocket/jetty-websocket-server/src/main/java/org/eclipse/jetty/websocket/server/internal/UpgradeResponseAdapter.java

@@ -18,16 +18,17 @@
 
 package org.eclipse.jetty.websocket.server.internal;
 
-import org.eclipse.jetty.websocket.api.UpgradeResponse;
-import org.eclipse.jetty.websocket.api.extensions.ExtensionConfig;
-import org.eclipse.jetty.websocket.servlet.ServletUpgradeResponse;
-
 import java.io.IOException;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
 import java.util.stream.Collectors;
 
+import org.eclipse.jetty.websocket.api.UpgradeResponse;
+import org.eclipse.jetty.websocket.api.extensions.ExtensionConfig;
+import org.eclipse.jetty.websocket.common.JettyExtensionConfig;
+import org.eclipse.jetty.websocket.servlet.ServletUpgradeResponse;
+
 public class UpgradeResponseAdapter implements UpgradeResponse
 {
     private final ServletUpgradeResponse servletResponse;
@@ -53,7 +54,7 @@ public class UpgradeResponseAdapter implements UpgradeResponse
     public List<ExtensionConfig> getExtensions()
     {
         return this.servletResponse.getExtensions().stream()
-            .map((ext) -> new org.eclipse.jetty.websocket.api.extensions.ExtensionConfig(ext.getName(), ext.getParameters()))
+            .map((ext) -> new JettyExtensionConfig(ext.getName(), ext.getParameters()))
             .collect(Collectors.toList());
     }
 

jetty-websocket/jetty-websocket-tests/src/test/java/org/eclipse/jetty/websocket/tests/JettyWebSocketExtensionConfigTest.java

@@ -0,0 +1,136 @@
+//
+//  ========================================================================
+//  Copyright (c) 1995-2019 Mort Bay Consulting Pty. Ltd.
+//  ------------------------------------------------------------------------
+//  All rights reserved. This program and the accompanying materials
+//  are made available under the terms of the Eclipse Public License v1.0
+//  and Apache License v2.0 which accompanies this distribution.
+//
+//      The Eclipse Public License is available at
+//      http://www.eclipse.org/legal/epl-v10.html
+//
+//      The Apache License v2.0 is available at
+//      http://www.opensource.org/licenses/apache2.0.php
+//
+//  You may elect to redistribute this code under either of these licenses.
+//  ========================================================================
+//
+
+package org.eclipse.jetty.websocket.tests;
+
+import java.net.URI;
+import java.util.List;
+import java.util.concurrent.CompletableFuture;
+import java.util.concurrent.CountDownLatch;
+import java.util.concurrent.TimeUnit;
+
+import org.eclipse.jetty.client.HttpRequest;
+import org.eclipse.jetty.client.HttpResponse;
+import org.eclipse.jetty.http.HttpHeader;
+import org.eclipse.jetty.server.Server;
+import org.eclipse.jetty.server.ServerConnector;
+import org.eclipse.jetty.servlet.ServletContextHandler;
+import org.eclipse.jetty.websocket.api.Session;
+import org.eclipse.jetty.websocket.api.UpgradeRequest;
+import org.eclipse.jetty.websocket.api.extensions.ExtensionConfig;
+import org.eclipse.jetty.websocket.client.ClientUpgradeRequest;
+import org.eclipse.jetty.websocket.client.JettyUpgradeListener;
+import org.eclipse.jetty.websocket.client.WebSocketClient;
+import org.eclipse.jetty.websocket.server.JettyWebSocketServerContainer;
+import org.eclipse.jetty.websocket.server.JettyWebSocketServletContainerInitializer;
+import org.junit.jupiter.api.AfterEach;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+
+import static org.hamcrest.MatcherAssert.assertThat;
+import static org.hamcrest.Matchers.is;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+public class JettyWebSocketExtensionConfigTest
+{
+    Server server;
+    WebSocketClient client;
+
+    @BeforeEach
+    public void start() throws Exception
+    {
+        server = new Server();
+        ServerConnector connector = new ServerConnector(server);
+        connector.setPort(8080);
+        server.addConnector(connector);
+
+        ServletContextHandler contextHandler = new ServletContextHandler(ServletContextHandler.SESSIONS);
+        contextHandler.setContextPath("/");
+        server.setHandler(contextHandler);
+
+        JettyWebSocketServerContainer container = JettyWebSocketServletContainerInitializer.configureContext(contextHandler);
+        container.addMapping("/", (req, resp)->
+        {
+            assertEquals(req.getExtensions().stream().filter(e -> e.getName().equals("permessage-deflate")).count(), 1);
+            assertEquals(resp.getExtensions().stream().filter(e -> e.getName().equals("permessage-deflate")).count(), 1);
+
+            ExtensionConfig nonRequestedExtension = ExtensionConfig.parse("identity");
+            assertNotNull(nonRequestedExtension);
+
+            assertThrows(IllegalArgumentException.class,
+                    ()->resp.setExtensions(List.of(nonRequestedExtension)),
+                    "should not allow extensions not requested");
+
+            // Check identity extension was not added because it was not requested
+            assertEquals(resp.getExtensions().stream().filter(config -> config.getName().equals("identity")).count(), 0);
+            assertEquals(resp.getExtensions().stream().filter(e -> e.getName().equals("permessage-deflate")).count(), 1);
+
+            return new EchoSocket();
+        });
+        server.start();
+
+        client = new WebSocketClient();
+        client.start();
+    }
+
+    @AfterEach
+    public void stop() throws Exception
+    {
+        client.stop();
+        server.stop();
+    }
+
+    @Test
+    public void testJettyExtensionConfig() throws Exception
+    {
+        URI uri = URI.create("ws://localhost:8080/filterPath");
+        EventSocket socket = new EventSocket();
+
+        UpgradeRequest request = new ClientUpgradeRequest();
+        request.addExtensions(ExtensionConfig.parse("permessage-deflate"));
+
+        CountDownLatch correctResponseExtensions = new CountDownLatch(1);
+        JettyUpgradeListener listener = new JettyUpgradeListener()
+        {
+            @Override
+            public void onHandshakeResponse(HttpRequest request, HttpResponse response)
+            {
+
+                String extensions = response.getHeaders().get(HttpHeader.SEC_WEBSOCKET_EXTENSIONS);
+                if("permessage-deflate".equals(extensions))
+                    correctResponseExtensions.countDown();
+                else
+                    throw new IllegalStateException("Unexpected Negotiated Extensions: " + extensions);
+            }
+        };
+
+        CompletableFuture<Session> connect = client.connect(socket, uri, request, listener);
+        try(Session session = connect.get(5, TimeUnit.SECONDS))
+        {
+            session.getRemote().sendString("hello world");
+        }
+        assertTrue(socket.closed.await(5, TimeUnit.SECONDS));
+        assertTrue(correctResponseExtensions.await(5, TimeUnit.SECONDS));
+
+        String msg = socket.receivedMessages.poll();
+        assertThat(msg, is("hello world"));
+    }
+}

jetty-websocket/jetty-websocket-tests/src/test/java/org/eclipse/jetty/websocket/tests/extensions/ExtensionConfigTest.java

@@ -16,13 +16,14 @@
 //  ========================================================================
 //
 
-package org.eclipse.jetty.websocket.api.extensions;
+package org.eclipse.jetty.websocket.tests.extensions;
-
-import org.junit.jupiter.api.Test;
 
 import java.util.HashMap;
 import java.util.Map;
 
+import org.eclipse.jetty.websocket.api.extensions.ExtensionConfig;
+import org.junit.jupiter.api.Test;
+
 import static org.hamcrest.MatcherAssert.assertThat;
 import static org.hamcrest.Matchers.is;
 import static org.hamcrest.Matchers.notNullValue;

jetty-websocket/jetty-websocket-tests/src/test/java/org/eclipse/jetty/websocket/tests/util/QuoteUtilTest.java

@@ -16,13 +16,14 @@
 //  ========================================================================
 //
 
-package org.eclipse.jetty.websocket.api.util;
+package org.eclipse.jetty.websocket.tests.util;
-
-import org.junit.jupiter.api.Test;
 
 import java.util.Iterator;
 import java.util.NoSuchElementException;
 
+import org.eclipse.jetty.websocket.api.util.QuoteUtil;
+import org.junit.jupiter.api.Test;
+
 import static org.hamcrest.MatcherAssert.assertThat;
 import static org.hamcrest.Matchers.is;
 import static org.junit.jupiter.api.Assertions.assertThrows;

jetty-websocket/jetty-websocket-tests/src/test/java/org/eclipse/jetty/websocket/tests/util/QuoteUtil_QuoteTest.java

@@ -16,16 +16,17 @@
 //  ========================================================================
 //
 
-package org.eclipse.jetty.websocket.api.util;
+package org.eclipse.jetty.websocket.tests.util;
-
-import org.junit.jupiter.params.ParameterizedTest;
-import org.junit.jupiter.params.provider.Arguments;
-import org.junit.jupiter.params.provider.MethodSource;
 
 import java.util.ArrayList;
 import java.util.List;
 import java.util.stream.Stream;
 
+import org.eclipse.jetty.websocket.api.util.QuoteUtil;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.Arguments;
+import org.junit.jupiter.params.provider.MethodSource;
+
 import static org.hamcrest.MatcherAssert.assertThat;
 import static org.hamcrest.Matchers.is;
 

jetty-websocket/jetty-websocket-tests/src/test/java/org/eclipse/jetty/websocket/tests/util/WSURITest.java

@@ -16,13 +16,14 @@
 //  ========================================================================
 //
 
-package org.eclipse.jetty.websocket.api.util;
+package org.eclipse.jetty.websocket.tests.util;
-
-import org.junit.jupiter.api.Test;
 
 import java.net.URI;
 import java.net.URISyntaxException;
 
+import org.eclipse.jetty.websocket.api.util.WSURI;
+import org.junit.jupiter.api.Test;
+
 import static org.hamcrest.MatcherAssert.assertThat;
 import static org.hamcrest.Matchers.is;
 

jetty-websocket/websocket-core/src/main/java/org/eclipse/jetty/websocket/core/client/UpgradeListener.java

@@ -28,7 +28,8 @@ public interface UpgradeListener
      *
      * @param request the request
      */
-    void onHandshakeRequest(HttpRequest request);
+    default void onHandshakeRequest(HttpRequest request)
+    {}
 
     /**
      * Event that triggers after the Handshake response has been received.
@@ -36,5 +37,6 @@ public interface UpgradeListener
      * @param request  the request that was used
      * @param response the response that was received
      */
-    void onHandshakeResponse(HttpRequest request, HttpResponse response);
+    default void onHandshakeResponse(HttpRequest request, HttpResponse response)
+    {}
 }

jetty-websocket/websocket-servlet/src/main/java/org/eclipse/jetty/websocket/servlet/ServletUpgradeResponse.java

@@ -18,11 +18,6 @@
 
 package org.eclipse.jetty.websocket.servlet;
 
-import org.eclipse.jetty.http.HttpHeader;
-import org.eclipse.jetty.websocket.core.ExtensionConfig;
-import org.eclipse.jetty.websocket.core.server.Negotiation;
-
-import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
 import java.util.ArrayList;
 import java.util.Collections;
@@ -33,6 +28,12 @@ import java.util.Objects;
 import java.util.Set;
 import java.util.stream.Collectors;
 
+import javax.servlet.http.HttpServletResponse;
+
+import org.eclipse.jetty.http.HttpHeader;
+import org.eclipse.jetty.websocket.core.ExtensionConfig;
+import org.eclipse.jetty.websocket.core.server.Negotiation;
+
 /**
  * Servlet Specific UpgradeResponse implementation.
  */
@@ -166,6 +167,20 @@ public class ServletUpgradeResponse
 
     public void setExtensions(List<ExtensionConfig> configs)
     {
+        for (ExtensionConfig config : configs)
+        {
+            List<ExtensionConfig> collect = negotiation.getOfferedExtensions().stream()
+                    .filter(e -> e.getName().equals(config.getName()))
+                    .collect(Collectors.toList());
+
+            if (collect.size() == 1)
+                continue;
+            else if (collect.size() == 0)
+                throw new IllegalArgumentException("Extension not a requested extension");
+            else if (collect.size() > 1)
+                throw new IllegalArgumentException("Multiple extensions of the same name");
+        }
+
         negotiation.setNegotiatedExtensions(configs);
     }
 

pom.xml

@@ -30,7 +30,7 @@
     <infinispan.version>9.4.8.Final</infinispan.version>
     <!-- default values are unsupported, but required to be defined for reactor sanity reasons -->
     <alpn.version>undefined</alpn.version>
-    <conscrypt.version>1.4.1</conscrypt.version>
+    <conscrypt.version>2.0.0</conscrypt.version>
     <asm.version>7.0</asm.version>
     <jmh.version>1.21</jmh.version>
     <jmhjar.name>benchmarks</jmhjar.name>