+ If optional Security Provider is configured, then use it consistently
for all security objects that take a Provider argument.
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
* exclude ipv6 test as currently failing on kubernetes, using junit tag and ci profile activated via Jenkinsfile
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
* upgrade surefire to 3.0.0-M3
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
Introduced SslContextFactory subclasses Client and Server.
Replaced all usages of SslContextFactory with either Client or Server
as required.
Refactored configuration checking so that warnings are not emitted
when non necessary.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
+ Any schedulers created are named (for ease of debug) and daemon
so they do not stop the JVM exiting.
+ If the server.doStart() fails, it calls server.doStop to ensure
connectors are stopped, ports are free etc.
+ cleanup of addBean handling of scheduler in proxy
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Added a bytebufferpool module to be able to configure
the ByteBufferPool used by ServerConnectors.
Added JMX methods to the ByteBufferPool implementations.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
The thread pool is now created as a nested object, rather than a top
level object, so that it is not started before the Server instance.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Introduced PlainOrSslConnectionFactory, to "sniff" the first bytes
on a connection and upgrade to SSL (if the bytes are TLS bytes), or
upgrade to a specific, configured, protocol.
Added also the ability to fail the upgrade in case of a `http`
request to a `https` port and write a minimal response to the client.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Made default endpointIdentificationAlgorithm=HTTPS to avoid warnings
when SslContextFactory is used on a server.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
This interface is currently package-private while it's in the
signature of several public methods (e.g. addLowResourceCheck, getLowResourceChecks)
Signed-off-by: Bjørn Christian Seime <bjorncs@yahoo-inc.com>
%t now takes in locale and timezone in the format string argument
instead of getting it from the setters on the CustomRequestLog class
fixed issue with multiline format strings
requestLog writers are now managed objects
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
removed tests for %B and %b which have been removed in favor of %O
adjusted the NcsaRequestLogTest to only test ExtendedNCSA format
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
replaced terminology for addresses and ports to use
client and server referring to the logical connection and
local and remote referring to the physical connection to the first hop
finished implementing tests in CustomRequestLogTest otherwise
disabled tests which will be verified manually instead
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
added missing copyright header in some new files
added CustomRequestLogTest in jetty-servlet to test things like
logFilename and logRequestHandler
the log strings produced do no longer contain a trailing newline
implemented more tests in CustomRequestLogTest
and finished implementing some of the logging in CustomRequestLog
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
Issue #3038 - SSL connection leak.
Fixed SSL spin caused when fill had NEED_WRAP, but a flush/wrap
produced 0 bytes and stayed in NEED_WRAP
Removed check of isInputShutdown prior to filling that allowed EOF to
overtake data already read.
Fix for leak by shutting down output in HttpConnection if
filled -1 and the HttpChannelState was no longer processing
current request.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Introduced the RequestLog.Writer where a RequestLog takes a writer
which manages what to do with the log strings produced by the RequestLog
deprecated the NCSA and SLF4J RequestLogs in favor of CustomRequestLog
Implemented more format codes in CustomRequestLog
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
fixed parsing issues for the format string by parsing left to right
and reversing the list of parsed tokens
reduced to parsing to single regex expression
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
* Issue #3049 Warn on common SslContext vulnerable configurations
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Adding documentation notes for weak cipher warnings
Signed-off-by: WalkerWatch <ctwalker@gmail.com>
* Issue #3049 - SslContextFactory warnings on known bad config
+ Changes warnings from being a boolean on SslContextFactory
to being a logger named
"org.eclipse.jetty.util.ssl.SslContextFactory.config"
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
* Issue #3049 - SslContextFactory warnings on known bad config
+ Cleanup based on review
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
* Issue #3049 - SslContextFactory warnings on known bad config
+ Cleanup based on review
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Issue #3018 improve logging and handling of slow data rates.
* Slow data rates now result in aborted channels, but exception is still thrown. Test for 408 in requestLog
* Updated many RequestLog usages to use Server.setRequestLog rather than a RequestLogHandler
* Fixed javadoc
* removed BadRequestLogHandlerTest (tested in RequestLogTest)
* added JMH to show the future of request logging for #113
* copyright header.
* Updates from review
* Revert to throwing BadMessageException
* BME ensures a 408 is logged rather than a 500
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Cleanup the dump implementation
* improved the clarity of utility methods for dump and updated most dump methods
* fixed upgrade filter dump
* Improved dump after review
* Moved dumpObjects to Dumpable
* implemented dumpBeans with dumpObjects
* less verbose dump
* Dump streams
* fixed dump test
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Replaced usage of sun.reflect.Reflection with a
SecurityManager subclass, so that it works in all JDKs.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
+ Changes needed for new Junit 5
+ Migrating from Vintage junit API to Jupiter junit API
+ Relies on SNAPSHOT jetty-test-helper
- this will be a formal release once this issue has been
resolved satisfactory
+ Have jenkins always pull latest SNAPSHOT for each build
+ Adding jetty.snapshots repository
+ Using surefire 2.22.0 per advice from junit
+ Ensuring <reuseForks>true</reuseForks> to work around issue junit-team/junit5#801
+ Disabling <forkMode>always</forkMode> in maven-surefire-plugin
due to bug https://github.com/junit-team/junit5/issues/801
+ OSGi tests must remain at vintage due to PaxExam
+ Moving from vintage TestingDir to jupiter WorkDir
+ Fixing imports to use jupiter, not vintage
+ Migrating vintage ExpectedException to jupiter assertThrows
+ Migrating vintage TestName to jupiter TestInfo
+ Migrating @RunWith(Parameterized.class)
to @ParameterizedTest with Argument Sources
+ Migrating assertTrue(val.contains(needle))
to assertThat(val, containsString(needle))
+ Aligning junit versions per recommendations from @sormuras
+ Adjusting parameter order change for assertEquals()
+ Test LifeCycle Annotation Migration
junit 4 | junit 5 / jupiter
------------ | -----------
@Before | @BeforeEach
@After | @AfterEach
@BeforeClass | @BeforeAll
@AfterClass | @AfterAll
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
HttpInput.consume() now checks if the state is already failed,
and if so it does not change it when consuming the input.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Issue #2711 - TLS 1.3 compliance.
Disabled few tests that are TLS 1.2 specific.
Renegotiation in SslConnection is now skipped for TLS 1.3.
Replaced SNI keystore DSA certificate with RSA certificate.
First full build achieved with JDK 11+28.
Small changes after review.
Modified the test case to pass in JDK 8, where the implementation
throws SSLException, while in later JDKs throws SSLHandshakeException.
Minor cleanup
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Cleanup of Graceful shutdown, plus ensure Connection:close if connector is shutdown for #2749
* WIP close connection when shutting down
* WIP use HttpChannel.Listener
* cleanups
* support graceful stop of a context
* only close connections if the connector is shutdown
* minor cleanups
* fixed toString and test
* fixed imports
* Move close logic to HttpConnection
* fixed generator to not override persistent
* Issue #2749 - Close connections on graceful shutdown.
* Small fix after review.
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Issue #300 - Implement Deflater Pool
Removed the ThreadLocal pooling of deflaters in GzipHandler in favour of a new DeflaterPool class
GzipHttpOutputInterceptor.GzipBufferCB now recycles the Deflater in onCompleteFailure()
added benchmark for the DeflaterPool
allow negative capacity to mean no limit on the pool size
added mod file and xml changes
replace setDeflaterPool with newDeflaterPool
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
* Issue #2787 Unwrap ServletException
* Do not unwrap UnavailableException
* unwrap to specific targets
* fixes from review
* fixes after merge
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Replaced the response.isCommitted() check with a boolean returned from _resourceService.doGet().
This means the response does not need to be committed for the check to work correctly.
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
Major refactor of SslConnection to address #2233 and to simplify in preparation for java-11 support.
Made the `needFillInterest` and `onIncompleteFlush` methods the primary stateful methods with state for fill and flush side that does not reproduce state already held by the SslEngine itself.
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Flush response buffer in places where the response needs to be committed.
Removed if statement preventing HEAD requests processing conditional headers.
Added two new test cases which failed before the changes and should now pass.
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
Now using _requestStats instead of _dispatchedStats to check for
requests completed when shutting down StatisticsHandler.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Issue #2468 - Remove SoLinger.
For non-blocking sockets, StandardSocketOptions#SO_LINGER javadocs
report that the behavior is undefined. In JDK 11 setting SoLinger
for non-blocking sockets will be ignored.
As such, there is no point in allowing SoLinger to be configured
in Jetty that only uses non-blocking sockets.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
removed HttpOutput.close(Closeable) method as IO.close(Closeable) should be used instead
added isFailed() method to WriteFlusher and used it to fix WriteFlusherTest.testFailWhileBlocking()
surrounded usage of onError() in HttpOutput.run() with try-finally so that IO.close(this) is executed if onError throws
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
changed write flusher to go from pending state to failed state
reverted previous HttpOutput changes
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
Removed duplicate test.
Removed lines that were testing unreliable TCP behavior.
Fixed retrieval of EndPoint in case of SSL.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Replacing setBlockingTimeout with setIdleTimeout to fix the ReadPendingException on ServerConnectorTimeoutTest.testHttpWriteIdleTimeout().
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
replaces some usages of printStackTrace with logging in ConnectorTimeoutTest to avoid printing out the stack trace on passing tests
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
Rewrote the test to not write to the server,
thus avoiding connection resets.
The rewrite also clarified what the test was testing.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Due to shift operations taking less precedence over addition the expression was parsed in an unintended way.
With this change the intention is made more clear and the intended order of calculations (shift the single byte values into some variable) is actually implemented.
Signed-off-by: Benny Baumann <BenBE@geshi.org>
Now explicitly using a _mappedBuffer field in
CachedContentFactory.CachedHttpContent.
Deprecated BufferUtil.isMappedBuffer().
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Changed Request.MultiPartInputStream to an interface called MultiParts where there is an implementation for both the HTTP and UTIL parsers.
Resolved some issues with default charsets in regards to request.setCharacterEncoding and the _charset_ part for issue #2398.
Changed HTTP parser to operate the same as UTIL parser in situtions with parts not of type form-data or without name field. HTTP parser was ignoring these parts, UTIL parser was throwing exceptions.
Replaced the context attribute with a field in MultiParts.
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
Now using HttpVersion.HTTP_1_1::is, which is case insensitive,
to find the default protocol among the negotiated protocols.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Issue #2231 WIP
* Issue #2231 Add tests for FileSessionDataStore and MongoSessionDataStore.
* Issue #2231 create unit tests for every SessionDataStore
Signed-off-by: Jan Bartel <janb@webtide.com>
* Issue #2231 Refactor session tests
Signed-off-by: Jan Bartel <janb@webtide.com>
* Issue #2231 Refactor and cleanup session tests.
Signed-off-by: Jan Bartel <janb@webtide.com>
* hazelcast tests faster
Signed-off-by: olivier lamy <olamy@webtide.com>
* make hazelcasts tests even faster
Signed-off-by: olivier lamy <olamy@webtide.com>
* cleanup comments
Signed-off-by: olivier lamy <olamy@webtide.com>
* run mongodb test in embdedded mode
Signed-off-by: olivier lamy <olamy@webtide.com>
* mongodb embedded test enabled per default
Signed-off-by: olivier lamy <olamy@webtide.com>
* Issue #2231 more session tests
Signed-off-by: Jan Bartel <janb@webtide.com>
* fix mongodb embedded tests
Signed-off-by: olivier lamy <olamy@webtide.com>
* cleanup code
Signed-off-by: olivier lamy <olamy@webtide.com>
* use Logger rather than System.err.println
Signed-off-by: olivier lamy <olamy@webtide.com>
* Issue #2231 Add test for DefaultSessionCache
Signed-off-by: Jan Bartel <janb@webtide.com>
* Issue #2231 Redisable mongo tests by default.
Signed-off-by: Jan Bartel <janb@webtide.com>
* fix issue with empty local repo build
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
* jenkins should run mongodb tests
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
* build this plugin last so we should not hit the maven invoker plugin
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
* build test first for this one
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
* use invoker plugin 3.0.2-SNAPSHOT as there is a fix for https://issues.apache.org/jira/browse/MINVOKER-191
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
* temporary use of apache snapshots repository because of maven-invoker-plugin 3.0.2-SNAPSHOT
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
* Only close if parser closed and output is shutdown
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* a better possible fix
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* after review
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Changed the signature of HttpParser.Listener.onBadMessage()
to take a BadMessageException and updated dependent code.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Objects which inherit or implement an `equals()` method should not be compared with == or !=
When the comparison of references is intentional `@SuppressWarnings("ReferenceEquality")` can be used
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
Issue #1803 - Review usage of scheduling strategies
Use a single ReservedThreadExecutor built into the QueuedThreadPool
via new interface TryExecutor.
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Clean up of actions (now updates) prior to #2046 fix
* prevent exceptions from termincating lifecycle doStop or destroy
* Refactored ManagedSelector stop to always close endpoints
* Fixed NPE if SelectorManager is already stopped
* refactored after review
* further simplifications after review
* Wait only for oshut endpoints
* Cleanup from review
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Issue #2081 No idle timeout exception when dispatch is delayed
* Delegate the readtimeout handling to HttpChannel so that a delayed dispatch can be ended.
* Added unit test for delayed dispatch idle
* Now using HttpInput.onIdleTimeout() to fail the HttpInput, and then dispatching the request in case it has not been dispatched yet. This ensure consistent behavior independently of the value of HttpConfiguration.delayDispatchUntilContent.
* Fixed for both HTTP/1.1 and HTTP/2.
* Added tests for non-blocking reads.
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Code cleanups.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Improved test case handler.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Improved exception message.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Issue #1973 - Implement minimum response data rate.
Implemented response content data rate control in HttpOutput.
Introduced a WriteFlusher.Listener interface that produces events
for every flush(). These events are forwarded to the Connection
and from there to the HttpOutput so that the data rate control can
be enforced.
Both HTTP/1.1 and HTTP/2 are implemented.
Data rate control for HTTP/1.1 is approximate because it will count
also headers bytes and the chunk bytes, while for HTTP/2 is precise.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Issue #1973 - Implement minimum response data rate.
Addressed review comments.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Tag for release: jetty-9.4.8-SNAPSHOT
+ 212 HttpClient should support pluggable AuthenticationStore
+ 215 Add Conscrypt for native ALPN/TLS/SSL
+ 272 WebSocket hangs in blockingWrite
+ 487 JDK 9 build compatibility
+ 901 Overriding SSL context KeyStoreType requires explicit override of
TrustStoreType
+ 922 Implements methods Connection.getBytes[In|Out]()
+ 1209 IllegalStateException when HTTP/2 push is disabled
+ 1213 Upgrade to ASM Version 6.0 for JDK9
+ 1509 Improve GZIPContentDecoder buffer pooling sizing
+ 1550 Resolve inconsistent Shutdown configuration with Jetty Runner
+ 1640 Introduce :run-distro goal for local jetty distribution deployment
+ 1692 Annotation scanning should ignore `module-info.class` files
+ 1696 Missing stacktraces on debug of WriteFlusher onFail
+ 1705 Rejected executions in QueuedThreadPool can lead to memory leaks
+ 1760 Update to apache jasper 8.5.20
+ 1768 Allow jetty properties to be set for the jetty:run-forked goal
+ 1782 Using assembly.tarLongFileMode=posix for jetty-home and
jetty-distribution assembly
+ 1797 JEP 238 - Multi-Release JAR files break bytecode scanning
+ 1806 Improved ReservedThreads idle timeout
+ 1807 Add new HttpChannel listener and events for metrics libraries
+ 1814 Move JavaVersion to jetty-util for future Java 9 support requirements
+ 1818 Improve Infinispan support on JDK 9
+ 1819 Race condition during annotation parsing
+ 1823 ResourceHandler with ranged requests does not return Content-Type
response header
+ 1829 OSGi webbundle classes scanned twice
+ 1833 Request.startAsync requires context path
+ 1835 Locker is not reentrant on ServerConnector#setConnectionFactories
+ 1836 Migrate Locker implementation to JVM ReentrantLock implementation
+ 1841 Reduce contention on ServletHolder
+ 1845 Allow null User-Agent in HttpClient
+ 1849 Refactoring of SelectorManager.defaultSchedulers()
+ 1851 Improve insufficient thread warnings/errors
+ 1854 Consistent IOException and timeout handling when extracting form
parameters
+ 1856 ResourceHandler without ServletContext throws NPE for welcome files if
used directly
+ 1857 GZIPContentTransformer fails to send entire message if used with
BufferedContentTransformer
+ 1865 Improve Exception on invalid redirect usage
+ 1867 Improve Exception thrown during Expect 100 Continue
+ 1868 Need a way to randomly select ports for tests
+ 1871 JMXify SslContextFactory
+ 1878 Handle 100 Continue response without Expect header
+ 1879 'Bad tld url' seen during :jetty-run when running integration tests
+ 1881 Improve support of WebSocket over Unix Domain Socket
+ 1885 SessionHandler get/set maxInactiveInterval is not symmetric with
negative values
+ 1888 Implement cookie matching on Path attribute per RFC 6265
+ 1891 Make HTTP/2 async error notifications configurable
+ 1892 NPE resulting from bad JEP 238 MultiReleaseJarFile structure
+ 1893 Add ability to set HttpClient Connection TTL
+ 1897 Introduce a round-robin connection pool for HttpClient
+ 1900 Update to CDI 2.0 for cdi module
+ 1901 Reimplement PathWatcher as scanner
+ 1909 Update to Apache Jasper 8.5.23
+ 1910 Remove unused jetty-jsp module
+ 1912 AbstractConnector EndPoint leak for failed SSL connections
+ 1914 HttpClient fails to parse Content-Type response header with RFC 2045
charset="utf-8" syntax
+ 1919 Review LowResourceMonitor
+ 1920 Connect Timeouts with NonBlocking CreateEndPoint
+ 1924 ManagedSelector can livelock under high load
+ 1931 Expose RolloverOutputStream for pluggable behaviour
+ 1933 Use CLASSPATH for scanning java9 system classes
+ 1956 Store and report build information of Jetty
+ 1958 Blocking Timeout has different behavior in HttpInput vs HttpOutput
+ 1970 ManagedSelector can lose selector thread under high concurrent load
+ 1980 PushCacheFilter does not push TLS offloaded HTTP/2 requests
+ 1981 Loading resource content failed
+ 1984 Remove jetty-client dependency in jetty-rewrite
PR #1987 AsyncICB need not execute
The HttpOutput AsyncICB is a blocking callback, thus it is always executed and
never runs in the selector thread. It thus does not need to execute its call
the Channel.handle
* HTTP/2 must execute async callbacks
* AsyncICBr need not execute
* Invert the sense of the fix. AsyncICB now executes, but is flagged as a non-blocking callback.
* removed import
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Joakim Erdfelt
Simone Bordet
olivier lamy
Olivier Lamy
bkmz
Greg Wilkins
Jan Bartel
alexey.barsov
Lachlan Roberts
Bjørn Christian Seime
Magnus Reftel
Jesse McConnell
Kazuhiro Sera
Venkata Jaswanth
Matthias Perktold
Steve Bolton
BenBE
WalkerWatch
olivier lamy
Chris Walker