* Fixes#6184 - JEP-411 will deprecate/remove the SecurityManager from the JVM.
Removed usages of `SecurityManager` and `AccessControlller.doPrivileged()`.
In places where they are still necessary, now using reflection via newly introduced `SecurityUtils` class.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Introduced `QueuedThreadPool.maxEvictCount` to be the number of idle threads that are evicted in one idle timeout.
When set to 1 (the default), the old behavior is reproduced: expiring 1 thread every idle timeout.
When set to larger values, allows to keep around the threads for the idle timeout (in case of further load spikes), but allows to quickly recover OS memory when they are truly idle.
For example, with 2000 threads, 30 seconds idle timeout and idleTimeoutMaxShrinkCount=1, it will take 995 minutes (about 16.5 hrs) to shrink the pool back to 10 threads.
By setting idleTimeoutMaxShrinkCount=100, the thread pool can be shrunk to 10 threads in about 10 minutes.
Note also that the new algorithm is more aggressive at shrinking the thread pool.
Previously, a small load might have been sufficient to never evict any thread, because all threads could take turns at executing jobs so that threads were mostly idle but would never really idle time out.
The new algorithm is more aggressive even in presence of a small load, so that if `minThreads` are sufficient to cope with the small load, then the other threads are evicted.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Signed-off-by: gregw <gregw@webtide.com>
Signed-off-by: Ludovic Orban <lorban@bitronix.be>
Co-authored-by: gregw <gregw@webtide.com>
Co-authored-by: Ludovic Orban <lorban@bitronix.be>
Cookie cleanup
+ New Cookie parser with clearer focus on RFC6265.
+ Better compliance modes for RFC2965
+ Introduced CookieParser interface so that old and new parsers can coexist and be selected by compliance mode.
---------
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Co-authored-by: Greg Wilkins <gregw@webtide.com>
Co-authored-by: Simone Bordet <simone.bordet@gmail.com>
* Introduce HttpCompliance.MISMATCHED_AUTHORITY
* Update HttpCompliance.RFC2616
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
* Update NcsaRequestLogTest.testAbsolute
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
* Use RFC2616 mode in RFC2616 tests
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
* Alternative fix for mismatched host headers
This PR fixes the miss-matched host header issue in the Request.setMetaData method. This requires no change to the HttpParser.
A more comprehensive fix can be considered for jetty-12.
Signed-off-by: gregw <gregw@webtide.com>
* Alternative fix for mismatched host headers
Updates from review
Signed-off-by: gregw <gregw@webtide.com>
---------
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Signed-off-by: gregw <gregw@webtide.com>
Co-authored-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
* Wrong value of RequestDispatcher.FORWARD_CONTEXT_PATH on root context
* Fixes#9119 - uses proper context path that
satisfies the root context rules of the servlet
spec
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
* Issue #8973 - Rework KeyStoreScanner handling for symlink related changes
+ Removed changes from #8786 and #8787
+ More test cases
+ revert jetty.sslContext.reload.followLinks boolean
+ Scanner should follow its own linkOptions setting
+ remove bad documentation in module-ssl-reload.adoc
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
Co-authored-by: Lachlan Roberts <lachlan@webtide.com>
Now properly coverting to `int`.
Added test.
Also fixed MultiPartInputStreamParser.Base64InputStream for the same issue.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Fixes#8863 - Provide a possibility to name virtual threads
Reworked the VirtualThreads APIs to be based on `Executor` rather than just `boolean`.
Introduced Jetty module `threadpool-virtual-preview`.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Ignore date based headers if etag ones are present.
* Also avoid parsing dates unless necessary.
* Check a resource has a lastModified date
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Fixes#7117 - Timeout with Expect 100 continue when using ProxyServlet.
Now getReader() tests whether it has to send a 100 continue in case getInputStream()
is not called because the reader is reused.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Issue #8716 - Handle bad host/authority headers better
* Remove extra `Host` header in testcase that doesn't deal with bad Host headers
* Create URIUtil.isRegName
* Correcting HostPortTest.testValidAuthority
* Correcting RequestTest.testInvalidHostHeader
* Remove clonable, set to final
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
* Updating to version 10.0.12
* Updating to version 10.0.13-SNAPSHOT
* VERSION.TXT =+ content of jetty-9.4.49.v20220914 release
* remove strange line and reorder
* Fixes#8532 - Review System.nanoTime() usages.
Introduced o.e.j.util.NanoTime class to deal with nanoTimes.
Now NanoTime.now() should be used instead of System.nanoTime(),
and various <unit>[elapsed|since|until]() methods to calculate nanoTimes.
Furthermore, comparing 2 nanoTimes should be done via isBefore(),
rather than using the < operator, which is wrong as specified in
the System.nanoTime() javadocs.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
When all other sql statements are built, this method is used for including the schema name in front of the table name (if specified). So to make it more consistent, it would be better to also create the table in the specified schema.
PS: Please indulge me for not opening an issue, as i think this optimization is pretty trivial and need no big discussion.
Signed-off-by: Michael Weigmann <michael.weigmann@hsh-berlin.com>
Signed-off-by: Michael Weigmann <michael.weigmann@hsh-berlin.com>
Implemented support for virtual threads for HTTP/1.1, HTTP/2 and HTTP/3.
The virtual thread support is in AdaptiveExecutionStrategy.
When virtual threads are supported and enabled, reserved threads are disabled and
blocking tasks are run in a virtual thread instead that being executed by the Executor.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Fix#8294 push added cookie
Reparse cookie added with addCookie
Added extra test to ensure maxAge is being parsed with other cookie attributes
Signed-off-by: Greg Wilkins <gregw@webtide.com>
All `ByteBufferPool` can now be accessed as `RetainableByteBufferPools`.
Users now need to configure only a single buffer pool and there is just the additional retained parameter that needs consideration.
Default buffer pool has been changed to logarithmic, but we may wish to review that before next release.
Default factor size has been increased to 4096.
* Use StaticException class in jetty-util for websocket flushers.
* Use StaticException class for ContentProducer recycle and consumeAll
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
Signed-off-by: Ludovic Orban <lorban@bitronix.be>
Co-authored-by: Ludovic Orban <lorban@bitronix.be>
* Issue #8088 Add STOP.EXIT System property to configure ShutdownMonitor.exitVm (#8089)
* Issue #8088 Add STOP.EXIT System property to configure ShutdownMonitor.exitVM
* Ensure missing STOP.EXIT doesn't override default exitVm=true
* Disable another test
* Disable test that might not work, depending on test execution order.
* Cherry-pick of Improvements to PathSpec.
* From commit: 5b4d1dd1c6
* Fixing ConstraintSecurityHandler usage of PathMappings
* Fixing bad INCLUDE logic from cherry-pick in ServletHandler.doScope()
* Cleanup of non ServletPathSpec behaviors in ServletPathMapping class
* Skip optional group name/info lookup if regex fails.
* Prevent NPE on static servletPathMappings
* Update WebSocketMappings to use new PathMappings.getMatched(String)
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Fixes#8014 - Review HttpRequest URI construction.
Now always adding a "/" before the path, if not already present.
Disabled flakey HTTP/3 test.
Parse CONNECT URIs as Authority
Co-authored-by: Greg Wilkins <gregw@webtide.com>
* Better conditional logic in GzipHandler
* Correct test expectations
* Use super.handle() where appropriate
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
* Add TRANSFER_ENCODING violation for MultiPart RFC7578 parser.
* Ignore TRANSFER_ENCODING violation for 8bit and binary.
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
* Honor parameters order when parsing query and form parameters
When parsing the query or form parameters in Request, the values are stored in a MultiMap. This class extends HashMap which does not preserve the order of insertion so a request with parameters "first=1&second=2" might end up in a map where "second" will come first when iterating on the entry set.
The order is necessary in some case where the request is signed off the body and/or the query parameters. When the order is not preserved, it is impossible to reconstruct the original request sent, unless using the Request::getInputStream which consumes the stream and makes subsequent calls to Request::getParameters to don't return the form parameters which can be misleading. The same behavior applied to query parameters, by using Request::getQueryString, you get the correct order but Request::getParameters will not.
Moreoever, if the application is behind a reverse proxy using Jetty that is proxying using Request::getParameters which consume the request InputStream, it will be completely impossible to reconstruct the original request.
* Added a test with parameter merging
Co-authored-by: Jacques-Etienne Beaudet <jebeaudet@gmail.com>
Ludovic Orban
Greg Wilkins
Joakim Erdfelt
Simone Bordet
Olivier Lamy
Jan Bartel
Lachlan
jluehe
dependabot[bot]
Olivier Lamy
Michael Weigmann
Padraic Renaghan
markslater
jiang-cao
Jaroslaw Rzeszotko