* Fixes#6276 - Support non-standard domains in SNI and X509. (#6296)
Improved support for IP addresses in X509 (after #5379).
Introduced SslContextFactory.Client.SniProvider to allow applications to specify the SNI names to send to the server.
Improved logging of SNI processing.
Skip X509 matching over IP addresses when the host does
not look like an IP address, to avoid reverse DNS lookup.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
(cherry picked from commit 04df6d4ec2)
Updated the logic in SslContextFactory.Server.sniSelect(...) to check if there is
any certificate that matches, and if so return a null alias in the hope to be called
again and pick the right alias for the SNI.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
(cherry picked from commit 68296911b7)
Added null guard for `ExtendedSSLSession.getRequestedServerNames()`
which should never return null, but it does when using Conscrypt.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
FileBufferedResponseHandler adds an HttpOutput.Interceptor to buffer all responses into a file until the output is closed. This allows the commit to be delayed until the response is complete and thus headers and response status can be changed while writing the body.
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
Use Files.isSameFile to check Resource equality
Avoid using canonical and instead use Files.isSameFile
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Co-authored-by: Ludovic Orban <lorban@bitronix.be>
Fix#5835 Durable filters and servlets with a general ServletHandler cleanup
update indexes after updating mapping
update mappings/indexes before destroyed listeners
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Now matching certificates are sorted, non-wildcard first, so that a more specific alias is returned.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Handle URIs by first resolving relative paths and then decoding.
Added compliance mode to return 400 if there are ambiguous path segments.
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Fixes#5902 - Grab Jetty startup output in documentation.
Implemented an Asciidoctor extension that uses `JettyHomeTester` to run
Jetty and capture its output.
This extension is triggered by the `ServiceLoader` mechanism, so the
documentation jar is now in the plugin classpath.
Introduced `jetty-halt.xml` so that the JVM can be halted.
In this way, Jetty does not produce the "stopping" log lines and
therefore they won't be grabbed and included in the documentation.
Used the new `include::jetty[]` directive in the documentation.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Co-authored-by: Greg Wilkins <gregw@webtide.com>
* Issue #5870 Windows URI case comparison fails
Signed-off-by: Jan Bartel <janb@webtide.com>
* Issue #5870 - Updating Windows tests
+ Eliminating OS.MAC (as it doesn't support drive letters)
+ Adding alt URI syntax version as well
Co-authored-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
* Issue #5830 Remove native classes from PathWatcher.
Removed use of com.sun.nio.file.SensitivityWatchEventModifier, no longer needed.
This has the desirable side-effect of getting rid of com.sun.nio.file package imports.
Signed-off-by: Jan Bartel <janb@webtide.com>
Changed the AbstractConnectionPool.acquire() logic to call tryCreate() even
when create=false.
This is necessary when e.g. a sender thread T2 with create=true steals a
connection whose creation was triggered by another sender thread T1.
In the old code, T2 did not trigger the creation of a connection, possibly
leaving a request queued.
In the new code, T2 would call tryCreate(), possibly triggering
the creation of a connection.
This change re-introduces the fact that when sending e.g. 20 requests
concurrently, 20+ connections may be created.
However, it is better to err on creating more than creating less and leaving
requests queued.
Further refactoring moved field pending from Pool to AbstractConnectionPool.
As a consequence, AbstractConnectionPool.tryCreate() now performs a
demand/supply calculation to decide whether to create a new connection.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Co-authored-by: Greg Wilkins <gregw@webtide.com>
Note that any Preventer that is documented as being fixed prior to jdk11
should be deleted from jetty-10/11 when this change is merged through.
Signed-off-by: Jan Bartel <janb@webtide.com>
* fix some spotbug performance map iterations
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
* cannot use computeIfAbsent because it is a PathMap
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
* enable spotbugs in CI
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
record issues
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
use warning new generation
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
activate errorprone
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
fix Jenkinsfile
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
do not run spotbugs for jetty-runner as we do not want to fix all dependencies bugs :)
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
junit should allow empty results
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
maven console can be use only once...
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
one liner
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
recordissues only once
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
force id
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
aggregate results
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
configure a name for aggregated reports
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
mo more -T3 no need anymore of remote session test profile
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
I want to see what failing tests look like with new report.
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
skip spotbugs for jetty-jmh
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
get rid of findbugs as we now have spotbugs
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
Revert "I want to see what failing tests look like with new report."
This reverts commit df0d13e4c53d7461872e1f925ec06bd36e4a66c9.
activate errorProne parser
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
make pmd quiet for CI
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
remove -fae flag and do not display transfer progress
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
try junitParser() to see what it does
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
junit parser is a bad idea...
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
increase timeout
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
no -T2 for javadoc
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
fix skip spotbugs and pmd verbose
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
* remove -T options
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
More cleanups in code adding more privateness, getting rid of unnecessary exceptions, making fields final, etc.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
GCThreadLeakPreventer has been removed, since the issue
it was trying to fix was solved in Java 9+.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Use File.list and File.walk within a try with resource
The API contract of File.list and File.walk requires them to be closed after use.
* Fix from review
Left out filter
* Fix from review
Factored out deleteFile with better debug
* Fix from review
Can delete files whilst walking
* Fix from review
Restored sweepFile
fixed minor code suggestions
* Fix#5562 Improve HTTP Field cache allocation
Fix#5562 by initially putting cacheable fields into a inexpensive arraylist.
Only create the Trie (with space and complexity costs) if a second request is received.
* Fixed NPE
* Feedback from review
Create `HttpHeader.isPseudo()`` method
improved clarity with `createFieldCacheIfNeeded()``
* Feedback from review
Only defer Trie creation to first cacheable field, not until next request.
* Updates from review
* Update from review
+ more javadoc
+ empty set return
+ Added all IANA methods
+ Used Trie for most lookups
+ Fixed ArrayTernayTrie lookup
+ optimised GET, POST and HEAD
Co-authored-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Reimplemented close/idle_timeout/stop/onGoAway/input_shutdown following more closely the specification.
In particular, the semantic of sending a GOAWAY is now to:
* stop creation of new both local and remote streams
* record the last processed stream
* continue processing streams that are pending
This means that a GOAWAY is "graceful" in the sense that it allows for streams to be completed by applications.
The semantic of stop() and idle timeout is harsher: for pending streams a RST_STREAM is sent to the other peer and they are failed locally.
Added support for GOAWAY with 2^31-1 lastStreamId.
Added support for a peer to send and receive multiple GOAWAY frames.
Reviewed the stream creation/destruction mechanism so that when the last stream completes after a GOAWAY, proper actions can be run to tear down the connection.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Fixes#5521 ResourceCollection NPE
Fix constructor and addPath so that all resources in a RC must exist when created.
* Fixes#5521 ResourceCollection NPE
Cleanup the vestiges of non existent directories detected by resource ending in /
* Fixes#5521 ResourceCollection NPE
Revert adding paths ending in / as jar:file resource needs them
* feedback from review
improved javadoc.
* Fixes#55498 ServletHolder cleanup
Various cleanups for #5498 including:
+ renaming multiple `_servlet` fields in inner classes to avoid confusion
+ better comments in prepare method to describe why it is needed
+ call prepare from Invoker servlet
+ The `_servlet` field is not set until after the servlet is initialized
+ Consistent wrapping of `SingleThreadedWrapper` now in `initServlet`
+ The `getServlet` method now looks the volatile `_servlet` to avoid locking if possible
+ The `handle` method now calls `getServletInstance` as servlet will have been initialized in `prepare`
+ Found and fixed race with making unavaiable servlet available again
+ fixed nanotime overflow
+ fixed several compiler warnings/suggestions
+ removed while true from unavailable servlet
+ Do not destroy servlets unless init has been called.
+ Added TODOs about calling predestroy on instances not created by the holder.
+ Do not destroy servlets unless init has been called.
+ Added TODOs about calling predestroy on instances not created by the holder.
+ improved dump and toString
Moved jetty-dir.css from jetty-util to jetty-server,
so that it can be found by ResourceHandler when using JPMS.
Updated DefaultServlet to call a ResourceHandler method
to retrieve the stylesheet.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Fixes#5379 - Better handling for wrong SNI.
Reworked the SNI logic.
Added support for IP addresses in the SAN extension of certificates in the X509 class.
Fixed keystores to have CN=localhost and SAN with ip=127.0.0.1 and ip=[::1].
Fixed tests that were not using the correct Host header.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Issue #5357 - Updating to https://eclipse.org/
- Removing redundant <url> refs in pom.xml
- Correcting bad indenting from merge
- Correcting mailing list references
- Correcting bugs.eclipse.org references
- Correcting text file references
- Correcting html references
- Correcting further references
- Correcting download.eclipse.org reference
- Adding test for demo-base /proxy/current/
- Ensuring jetty-client is included in javadoc-proxy.war/WEB-INF/lib
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
* Speculative idea to make a pluggable Pool strategy
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Speculative idea to make a pluggable Pool strategy
+ javadoc
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Speculative idea to make a pluggable Pool strategy
+ Added a ThreadLocalStrategy for a single cached item
+ Tell strategies about newly reserved entries
+ Fixed multiplexing test that was dependent on the impl of the cache
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Speculative idea to make a pluggable Pool strategy
+ added tests
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Feedback from review
+ Don't have a fallback iteration, instead make a SearchStrategy and DualStrategy
* Feedback from review
+ split strategies into Cache and Strategies
* Feedback from review
+ Added reserve and release
* Improved Pool Strategies:
+ reverted to post notifications for removed, reserved and released.
+ Added a few more strategies that need to be benchmarked, that use the list iterator.
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Testing all the different strategies
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* More simplifications and made LRU work (ish)
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* javadoc
* More javadoc
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* JMH Test
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* one strategy
Signed-off-by: gregw <gregw@webtide.com>
* test
Signed-off-by: gregw <gregw@webtide.com>
* Split implementations:
+ pluggable strategies
+ hard coded
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* More benchmarks
* Built in strategy
* removed strategies version and simplified to single configurable solution.
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* updates from review
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* better javadoc
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Updated ConnectionPool classes to use Pool strategies
* Small javadocs fixes.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Updates from review
* javadoc
Co-authored-by: Simone Bordet <simone.bordet@gmail.com>
* Issue #5162 CDI embedded integration improvements
Clean up CDI integration and documentation to better support embedded usage.
+ made listener public
+ added utility class for SCIs
* Issue #5162 CDI embedded integration improvements
Clean up CDI integration and documentation to better support embedded usage.
+ moved EmbeddedWeldTest to jetty-embedded
* fix javadoc
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #5162 CDI embedded integration improvements
ventilated text
* fix test pom
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Fixed javadoc
* Fixed javadoc
* Issue #5162 CDI embedded integration improvements
Moved tests to jetty-cdi to avoid consequences to other tests in embedded
* trailing new line
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* updates from review
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Feedback from review
Introduced SslContextFactory.Server.aliasMapper, a function
that transforms the alias.
This function is invoked by the SNI logic to unmangle the
alias leaked by the TLS implementation due to bug
https://bugs.openjdk.java.net/browse/JDK-8246262.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Issue #5095 XmlConfiguration Parser Pool
Use a pool of parsers rather than a shared static
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Some updates to the new Pool class:
+ fixed a race with pending reservations
+ use a pending counter
+ Reservation API to simplify Entry API
+ removed public methods on Entry API
* Some updates to the new Pool class:
+ fixed a race with pending reservations
+ use a pending counter
+ Reservation API to simplify Entry API
+ removed public methods on Entry API
* Updates from review
* Updates from review
Tests for cache size and acquire with creator
* Method no longer required with Reservation
* update from the feedback on the feedback of the feedback from the review.
Moved enable to Entry, removed Reservation class and clarified usage in javadoc
* Issue #5095 XmlConfiguration locking Use pool instead of static shared instance
* removed fake test
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #5095 XmlConfiguration locking Use pool instead of static shared instance
updates from review
Simone Bordet
Ludovic Orban
Lachlan
Olivier Lamy
Jesse McConnell
Greg Wilkins
Jan Bartel
Joakim Erdfelt
Nicolas
Ravi Kumar
Chris Walker