Commit Graph

2787 Commits

Author SHA1 Message Date
Lachlan Roberts 668cd86283 Issue #995 - UrlEncoded.encodeString should not encode unreserved chars
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2019-11-22 17:50:28 +11:00
Joakim Erdfelt 87eefa344a
Fixes #3083 - Aligning default in ini to XML default
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-11-20 09:54:24 -06:00
Joakim Erdfelt 453d41940b Updating to version 9.4.24-SNAPSHOT 2019-11-18 13:52:51 -06:00
Joakim Erdfelt abbccc65d6 Updating to version 9.4.23.v20191118 2019-11-18 13:09:44 -06:00
Joakim Erdfelt f4d387e0d6
Issue #4325 - X509ExtendedKeyManager exceptions on non-Server SSL
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-11-18 12:13:05 -06:00
Joakim Erdfelt 55ad1074bd
Issue #4325 - X509ExtendedKeyManager exceptions on non-Server SSL
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-11-18 10:58:12 -06:00
Joakim Erdfelt 3def3415ed
Merge pull request #4289 from eclipse/jetty-9.4.x-4287-move-getUriLastPathSegment
Issue #4287 - Move getUriLastPathSegment() to URIUtil
2019-11-12 14:51:23 -06:00
Greg Wilkins ee0f9fc1d0
Issue #4033 Percent Encoded Bad Requests (#4272)
* Modernizing testcase

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>

* Issue #4033 Percent Encoded Bad Requests

Added test to demonstrate bad percent encoded request

Signed-off-by: Greg Wilkins <gregw@webtide.com>

* Issue #4033 - adding sanity test for percent paths and checkAlias()

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>

* Eliminating 9.3.0.RC0 dependency

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>

* Issue #4033 - More tests for Resource checkAlias() behavior

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>

* Issue #4033 - Splitting badDecodePath

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>

* Issue #4033 - More badDecodePath tests

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>

* Issue #4033 Percent Encoded Bad Requests

reverted decodePathBehaviour

Signed-off-by: Greg Wilkins <gregw@webtide.com>

* testing pull request building

* Issue #4033

updates after review

Signed-off-by: Greg Wilkins <gregw@webtide.com>
2019-11-11 12:01:26 +11:00
Joakim Erdfelt 4ab910bdc0
Issue #4287 - Move getUriLastPathSegment() to URIUtil
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-11-07 15:52:00 -06:00
Joakim Erdfelt cc289980cf
Merge pull request #4268 from eclipse/jetty-9.4.x-4173-NPE-WebInfConfiguration
Issue #4173 Avoid NPE generating name of tmp dir in WebInfConfiguration
2019-11-07 14:49:20 -06:00
Joakim Erdfelt 64a916e6ec
Issue #4173 - use JarFileResource's Jar java.io.File object if present
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-11-07 05:11:48 -06:00
Joakim Erdfelt 13a574557b
JarFileResource.getFile() now returns the Jar's java.io.File object
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-11-06 16:09:54 -06:00
Jan Bartel aefbdfca58
Issue #2266 Rework Scanner and use it for Jetty Maven Plugin (#4239)
* Issue #2266 Rework Scanner and use it for Jetty Maven Plugin

Signed-off-by: Jan Bartel <janb@webtide.com>
2019-11-06 15:55:20 +11:00
Simone Bordet e09444eeb5 Issue #3863 - Enforce use of SNI (#4085)
* Issue #3863 -  Enforce use of SNI.

Introduced SslContextFactory.rejectUnmatchedSNIHost (default false)
so that if no SNI is sent, or SNI does not match a certificate,
then the TLS handshake is aborted.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>

* Issue #3863 - Enforce use of SNI.

Updates after review.
Introduced SslContextFactory.SNISelector to allow application to write
their custom logic to select a certificate based on SNI information.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>

* Issue #3863 Enforce SNI

Added two sniRequired fields - one at SslContextLevel and the other at the SecureRequestCustomizer.  This allows rejection either at TLS handshake or by 400 response.

Signed-off-by: Greg Wilkins <gregw@webtide.com>

* Issue #3863 Enforce SNI

cleanups from review

Signed-off-by: Greg Wilkins <gregw@webtide.com>

* Issue #3863 Enforce SNI

improved comments

Signed-off-by: Greg Wilkins <gregw@webtide.com>

* Issue #3863 Enforce SNI

syntax sugar

Signed-off-by: Greg Wilkins <gregw@webtide.com>

* Issue #3863 SNI

Updates from review.  Extra test for sniSelector function

Signed-off-by: Greg Wilkins <gregw@webtide.com>
2019-11-05 09:07:34 +11:00
Joakim Erdfelt 1ed13b6b30 Updating to version 9.4.23-SNAPSHOT 2019-10-22 09:19:41 -05:00
Joakim Erdfelt b1e6b55512 Updating to version 9.4.22.v20191022 2019-10-22 08:20:50 -05:00
Simone Bordet dc59addb6f Code cleanup.
Made method reportDifferences(...) private since it was exposing
package private class TimeNSize and no code outside of jetty-util
could have used it.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2019-10-20 16:50:31 +02:00
Simone Bordet 95b205aa34 Class InetPattern is package private, so made nnewInetRange(String)
private because no code outside jetty-util could call that method.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2019-10-20 16:18:58 +02:00
Simone Bordet 92bfcb6c73 Class Managed is package private, so made addBean(Object, Managed)
private because no code outside of jetty-util could call that method.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2019-10-20 16:10:01 +02:00
Greg Wilkins 3d19f61122
Issue #4193 - Fix InetAccess port control (#4206)
* issue exclude/include con name InetAccesHandler - add better unit test

this logic:

        String name =
baseRequest.getHttpChannel().getConnector().getName();
        return _names.test(name) && _addrs.test(addr);

Is not correct. it's treating the connector name exactly like the
filter. But that's not what it's intended to do. It's supposed to tell
what connectors are applicable to this filter. And what connectors are
not affected.

For example in the unit test there exists 2 connectors:

http
tls

We want to restrict the http connector, but we want to leave tls
connector alone.

So we would specify:

include = 192.168.1.1-192.168.1.254
includeConnector = http

The way the logic is above, it is treating the connector name as if it's
the filter itself. Which is not what I intended.

What i need in psuedo-code is this:


   if (there are no "include connectors" OR if this connector is
included) AND (if this connector is not in the excluded list)
     ---> Then apply the IP filter.

Signed-off-by: Nicholas DiPiazza <nicholas.dipiazza@lucidworks.com>

* exclude should take precedence over include

Signed-off-by: Nicholas DiPiazza <nicholas.dipiazza@lucidworks.com>

* Issue #4193 InetAccessHandler

reverted changes to IncludeExcludeSet

Signed-off-by: Greg Wilkins <gregw@webtide.com>

* Issue #4193 InetAccessHandler

updates from review

Signed-off-by: Greg Wilkins <gregw@webtide.com>
2019-10-18 09:03:28 +11:00
Greg Wilkins 73924d2774
Issue #4188 Spin in close of GzipHandler (#4198)
* Issue #4188 Spin in close of GzipHandler

Cleanup and simplify code

Signed-off-by: Greg Wilkins <gregw@webtide.com>

* Issue #4188 Spin in close of GzipHandler

Fix slice code. Added unit test for it.

Signed-off-by: Greg Wilkins <gregw@webtide.com>

* Issue #4188 Spin in close of GzipHandler

Fixed last slice.

Signed-off-by: Greg Wilkins <gregw@webtide.com>

* cleanup from review

Signed-off-by: Greg Wilkins <gregw@webtide.com>
2019-10-16 14:12:52 +11:00
contextshuffling 320e848c57 Fixes #4195: making test assertion more stable (#4196)
Signed-off-by: contextshuffling <contextshuffling@gmail.com>
2019-10-15 07:54:09 +11:00
Simone Bordet 0fc5ec9d18
Merge pull request #4171 from eclipse/jetty-9.4.x-4170-client_side_alias_selection
Fixes #4170 - Client-side alias selection based on SSLEngine.
2019-10-09 09:30:37 +02:00
Greg Wilkins 0bd71a4359
Pathwatcher Concurrent modification #4174 (#4175)
There is a race between the doStop clearing the key map and the watching thread
checking isRunning before iterating over the key map.

While more sophisticated approaches could be used, I think that is best to defer
until this class is reworked entirely.  For now just using a ConcurrentHashMap will
avoid the exception and the closing of the pathwatcher will prevent watching forever.

Signed-off-by: Greg Wilkins <gregw@webtide.com>
2019-10-09 13:58:16 +11:00
Simone Bordet 742f564332 Fixes #4170 - Client-side alias selection based on SSLEngine.
Fixed setting of host/port in AbstractConnectorHttpClientTransport
and HttpProxy so that the creation of SSLEngine can use the proper
host/port pair, and can be subsequently used in TLS components.

Introduced SslContextFactory X509ExtendedKeyManagerWrapper and
X509ExtendedTrustManagerWrapper as utility classes used internally
and in tests.

The test case for this issue required 3 keystores, so other test
classes have been refactored to use the new keystores.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2019-10-08 18:32:23 +02:00
Simone Bordet 3be178c966 Merged 'jetty-9.4.x' into 'jetty-9.4.x-2429-httpclient_backpressure'. 2019-10-03 13:17:39 +02:00
Joakim Erdfelt b121ba786b
Issue #4121 - Tests for ThreadFactory support in QTP
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-10-02 13:37:22 -05:00
Joakim Erdfelt b82b337e8e
Merge branch 'jetty-9.4.x' into jetty-9.4.x-4121-qtp-threadfactory 2019-10-02 12:55:25 -05:00
Simone Bordet 2f06976e41 Fixed flaky test and code cleanup.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2019-10-02 17:06:45 +02:00
Joakim Erdfelt dd18c698f5
Issue #4121 - ThreadFactory support in QTP
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-10-02 07:46:12 -05:00
Greg Wilkins 813fcb79ab
Jetty 9.4.x 4105 4121 4122 queued thread pool (#4146)
Several QTP fixes:

* #4105 Threads without jobs now check if they should idle die before waiting rather than before, this allows idling under steady load. 3ad6780
* #4121 ThreadFactory behaviour supported by doing thread config within newThread call. 7b306d7
* #4122 Always clear the interrupted status. c37a4ff
   task = queue.poll(timeout);

Signed-off-by: Greg Wilkins <gregw@webtide.com>
2019-10-02 22:07:00 +10:00
Joakim Erdfelt 6fc42d8ba2 Merge branch 'release-9.4.21' into jetty-9.4.x 2019-10-01 13:35:43 -05:00
Simone Bordet 5b829a10e4 Cosmetics.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2019-10-01 17:23:29 +02:00
Lachlan 4fff51361d
Merge pull request #4101 from eclipse/jetty-9.4.x-4096-ReservedThreadExecutor_stop
Issue #4096 - allow thread to exit ReservedThreadExecutor on stop
2019-10-01 15:44:37 +10:00
Joakim Erdfelt 7807eafad9 Updating to version 9.4.22-SNAPSHOT 2019-09-26 10:46:28 -05:00
Joakim Erdfelt 72970db61a Updating to version 9.4.21.v20190926 2019-09-26 09:59:15 -05:00
Lachlan ba728eee5d
Issue #4105 - atomically increment idle count when starting new thread in QTP (#4118)
* Issue #4105 - starting a thread in QTP now increments idle count

Signed-off-by: Lachlan Roberts <lachlan@webtide.com>

* Issue #4105 - improve comments in test

Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2019-09-26 08:15:07 +10:00
Greg Wilkins 11b60db4c3
Issue #4047 Graceful Write (#4100)
Added test to reproduce issue
Fixed bug from #2772 where output was shutdown on DONE without checking for END.
Fixed aggregation logic to aggregate last write if aggregation already started
Improved comments and clarify conditions

Signed-off-by: Greg Wilkins <gregw@webtide.com>
2019-09-25 12:13:56 +10:00
Lachlan Roberts ac93ff6272 Issue #4096 resolve race between doStop and adding new threads to stack
Now using the _size AtomicInteger to resolve the race between stopping
and adding to the stack.

A _size of -1 now means no more threads can be added to the stack, and
the loop in doStop() will now only exit if it can set the size to -1.

Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2019-09-23 11:56:25 +10:00
Simone Bordet d39f19cc23 Issue #2429 - Review HttpClient backpressure semantic.
Introduced a Response.DemandedContentListener to explicitly separate
the will to request more content from the notification that the content
has been consumed.

Updated all transports to follow the new semantic: rather than waiting
for the callback to complete before delivering more content, now they
wait for the demand to be positive to deliver more content.

Since now the content may be unconsumed but there can be more demand,
all transport implementation had to be changed to use RetainableByteBuffer
to retain content buffers that were not consumed.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2019-09-19 17:19:25 +02:00
Lachlan Roberts 168a95d334 Issue #4096 - allow thread to exit ReservedThreadExecutor on stop
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2019-09-19 08:56:01 +10:00
Greg Wilkins c37c62323c updates from review
Signed-off-by: Greg Wilkins <gregw@webtide.com>
2019-09-17 12:41:06 +10:00
Greg Wilkins bcf6b4c581 Merge remote-tracking branch 'origin/jetty-9.4.x' into jetty-9.4.x-1036-SchedulerThreads 2019-09-17 12:36:23 +10:00
Joakim Erdfelt e013c24326
Merge pull request #4038 from eclipse/jetty-9.4.x-OpenId
OpenID Connect Authentication
2019-09-13 16:42:17 -05:00
Greg Wilkins 92e4d73dcb Issue #1036 Configure Scheduler
Allows scheduler configuration

Signed-off-by: Greg Wilkins <gregw@webtide.com>
2019-09-13 09:52:28 +10:00
Lachlan Roberts dc26739502 changes from review
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2019-09-09 16:58:36 +10:00
Simone Bordet 4e67e8594e Merged branch 'jetty-9.4.x' into 'jetty-9.4.x-3978-http2_vulnerabilities'. 2019-09-05 23:12:35 +02:00
Simone Bordet 508ad4aff9 Issue #3978 - HTTP/2 vulnerabilities.
Code cleanups and reformatting.

Fixed logic for SETTINGS frame replies: they are not subject to rate control.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2019-09-05 23:11:53 +02:00
康智冬 49ba6d1acb fix typo and grammar (#4045)
Signed-off-by: KangZhiDong <worldkzd@gmail.com>
2019-09-02 14:29:50 -04:00
Joakim Erdfelt bb7eb4bc86 Adding some comments to URIUtilTest
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-08-30 09:23:34 -05:00