Commit Graph

3629 Commits

Author SHA1 Message Date
Joakim Erdfelt 016de2faeb
Jetty 10 - Configurable Unsafe Host Header (#9283)
* Adding HttpCompliance.DUPLICATE_HOST_HEADERS
  + Optional compliance that allowance duplicate host headers.
* Adding HttpCompliance.UNSAFE_HOST_HEADER
  + Optional compliance that allows unsafe host headers.
* Adding warning logging for bad Host / authority situations

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2023-02-03 08:30:07 -06:00
dependabot[bot] ca19b143a9
Bump maven.surefire.plugin.version from 3.0.0-M5 to 3.0.0-M8 (#9255) 2023-02-02 04:15:39 +00:00
Joakim Erdfelt b01bcdc4bd
Improve `IncludeExcludeSet` testing (#9071)
* Improve IncludeExcludeSet testing

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2022-12-20 11:43:07 -06:00
Greg Wilkins d24a521930
Serialize onCompleteFailure for #9059 (#9062)
Serialize onCompleteFailure for #9059

* Fixed case where process() throws an exception.
   Before, exiting the processing loop would always skip to invoke onCompleteFailure(), causing the callback to not be completed.
   Now we fall through and possibly invoke onCompleteFailure() if it was not already invoked.

* Updated javadocs.

* Code cleanups.

Co-authored-by: Simone Bordet <simone.bordet@gmail.com>
2022-12-17 09:43:07 +11:00
Joakim Erdfelt 54c4c03244
Updating to version 10.0.14-SNAPSHOT 2022-12-07 14:33:17 -06:00
Joakim Erdfelt 1c2636ea05
Updating to version 10.0.13 2022-12-07 14:12:50 -06:00
Joakim Erdfelt 7e1de8b1e2
Issue #8973 - Rework KeyStoreScanner handling for symlink related changes (#9014)
* Issue #8973 - Rework KeyStoreScanner handling for symlink related changes

+ Removed changes from #8786 and #8787
+ More test cases
+ revert jetty.sslContext.reload.followLinks boolean
+ Scanner should follow its own linkOptions setting
+ remove bad documentation in module-ssl-reload.adoc

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
Co-authored-by: Lachlan Roberts <lachlan@webtide.com>
2022-12-07 09:24:19 -06:00
Simone Bordet 83154b4ffe
Fixes #8863 - Provide a possibility to name virtual threads (#8903)
* Fixes #8863 - Provide a possibility to name virtual threads

Reworked the VirtualThreads APIs to be based on `Executor` rather than just `boolean`.
Introduced Jetty module `threadpool-virtual-preview`.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2022-11-21 15:39:54 +01:00
Simone Bordet 051588d45b
Fixed javadoc typo.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2022-11-10 16:21:24 +01:00
Lachlan 690220fc40
Merge pull request #8787 from eclipse/jetty-10.0.x-8786-KeyStoreScanner-Symlink
Issue #8786 - add configuration for KeyStoreScanner to not resolve aliases
2022-11-10 17:17:59 +11:00
Joakim Erdfelt 793bee9e14
Issue #8716 - Handle bad host/authority headers better (#8717)
* Issue #8716 - Handle bad host/authority headers better
* Remove extra `Host` header in testcase that doesn't deal with bad Host headers
* Create URIUtil.isRegName
* Correcting HostPortTest.testValidAuthority
* Correcting RequestTest.testInvalidHostHeader
* Remove clonable, set to final

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2022-11-08 18:08:20 -06:00
Lachlan Roberts 0a14cca307 changes from review - rename resolveAlias to followLinks
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2022-11-03 20:37:55 +11:00
Lachlan Roberts 8607e3ef15 changes to ssl-reload module & documentation from review
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2022-11-03 18:54:53 +11:00
Lachlan Roberts 4d15593d63 Issue #8786 - add configuration for KeyStoreScanner to not resolve aliases
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2022-10-31 14:39:32 +11:00
Olivier Lamy dbd07146ec
merge back release branch to bump version to 10.0.13-SNAPSHOT (#8593)
* Updating to version 10.0.12

* Updating to version 10.0.13-SNAPSHOT

* VERSION.TXT =+ content of jetty-9.4.49.v20220914 release

* remove strange line and reorder
2022-09-16 19:50:12 +10:00
Simone Bordet 77ad0189ba
Fixes #8532 - Review System.nanoTime() usages. (#8535)
* Fixes #8532 - Review System.nanoTime() usages.

Introduced o.e.j.util.NanoTime class to deal with nanoTimes.

Now NanoTime.now() should be used instead of System.nanoTime(),
and various <unit>[elapsed|since|until]() methods to calculate nanoTimes.

Furthermore, comparing 2 nanoTimes should be done via isBefore(),
rather than using the < operator, which is wrong as specified in
the System.nanoTime() javadocs.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2022-09-06 09:30:02 +02:00
Ludovic Orban de13ceff36 Fixes #8493: RemoveIdleDestinations's race condition and improve logging.
Signed-off-by: Ludovic Orban <lorban@bitronix.be>
2022-09-01 14:45:41 +02:00
Simone Bordet 6f0623f48d
Fixes #8007 - Support Loom. (#8465)
Now using Executors.newVirtualThreadPerTaskExecutor() to execute
tasks, so the executor is tracked by the runtime for thread dumps, etc.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2022-08-15 17:17:35 +02:00
Simone Bordet be3d16bdbb
Fixes #8007 - Support Loom. (#8360)
Implemented support for virtual threads for HTTP/1.1, HTTP/2 and HTTP/3.

The virtual thread support is in AdaptiveExecutionStrategy.
When virtual threads are supported and enabled, reserved threads are disabled and
blocking tasks are run in a virtual thread instead that being executed by the Executor.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2022-08-10 14:31:04 +02:00
Ludovic Orban 110896b4d1 #8414: fix drainTo when head == tail but the queue isn't empty
Signed-off-by: Ludovic Orban <lorban@bitronix.be>
2022-08-08 10:28:31 +02:00
Lachlan 998bc8c7e8
Merge pull request #8315 from eclipse/jetty-10.0.x-8296-AliasChecking
Issue #8296 and #8259 -  AllowedResourceAliasChecker improvements
2022-08-08 13:23:02 +10:00
Lachlan Roberts 7d7dd41dee add javadoc for Resource.resolveAlias
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2022-07-28 18:00:56 +10:00
Lachlan Roberts 99cb930d78 changes from review PR #8315
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2022-07-27 10:21:35 +10:00
Joakim Erdfelt cbed42491a
Excluding Stress/Slow tests from normal CI builds. (#8314)
Nightly CI builds still run them.

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2022-07-21 02:40:26 -05:00
Greg Wilkins 2b817f06c6
Combined ByteBufferPool (#8171)
All `ByteBufferPool` can now be accessed as `RetainableByteBufferPools`.

Users now need to configure only a single buffer pool and there is just the additional retained parameter that needs consideration.
Default buffer pool has been changed to logarithmic, but we may wish to review that before next release.
Default factor size has been increased to 4096.
2022-07-04 10:38:30 +10:00
Greg Wilkins cb918212f2
Fixed #8206 interrupted QTP.stop (#8220)
Made QTP stop resilient to spurious and self interrupts

Signed-off-by: Greg Wilkins <gregw@webtide.com>
2022-06-30 16:34:21 +10:00
Joakim Erdfelt 64d12e2a5a
Merge Release 10.0.11 back into `jetty-10.0.x` branch (#8194)
* Updating to version 10.0.11

* Updating to version 10.0.12-SNAPSHOT
2022-06-22 16:24:48 -05:00
Joakim Erdfelt c2bc103cb9
Merge Release 10.0.10 back into `jetty-10.0.x` (#8180)
* Updating to version 10.0.11-SNAPSHOT
2022-06-21 14:41:41 +02:00
Lachlan 0699bc5326
Use static exceptions for closing websocket flushers and in ContentProducer (#8155)
* Use StaticException class in jetty-util for websocket flushers.
* Use StaticException class for ContentProducer recycle and consumeAll

Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
Signed-off-by: Ludovic Orban <lorban@bitronix.be>
Co-authored-by: Ludovic Orban <lorban@bitronix.be>
2022-06-13 14:11:31 +02:00
Lachlan Roberts 5a24f90064 Improve cleanup of deflater/inflater pools for PerMessageDeflateExtension
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2022-06-07 18:52:48 +10:00
dependabot[bot] 17a72a001d
Bump maven-scm-provider-jgit from 1.12.2 to 1.13.0
Bumps maven-scm-provider-jgit from 1.12.2 to 1.13.0.

---
updated-dependencies:
- dependency-name: org.apache.maven.scm:maven-scm-provider-jgit
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-05-30 09:28:04 +00:00
Lachlan Roberts 1c24238352 mark deprecated ReadLineInputStream for removal
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2022-05-25 16:56:34 +10:00
Lachlan Roberts f2e59a01b1 Add compliance mode for LEGACY multipart parser in Jetty 10+
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2022-05-17 10:58:12 +10:00
Joakim Erdfelt 16420f0181
Set version to `10.0.10-SNAPSHOT` (#7823)
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2022-04-03 20:33:44 +10:00
Joakim Erdfelt f079949a35
Merge Release 10.0.9 (#7821)
* Updating to version 10.0.9

* Updating to version 10.0.10
2022-04-02 08:43:44 -05:00
dependabot[bot] 6b25c271b1
Bump jolokia-war from 1.3.3 to 1.7.1 (#6907)
* Bump jolokia-war from 1.3.3 to 1.7.1

Bumps jolokia-war from 1.3.3 to 1.7.1.

---
updated-dependencies:
- dependency-name: org.jolokia:jolokia-war
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

* Adding HashLoginService to jolokia.xml
* Fixing typo in FQCN for Jetty Password utility
* Using logger to print warning, not ServletContext.log() as it causes an NPE.

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2022-03-29 21:04:35 -05:00
Simone Bordet 7b648f6d5c
Fixes #7548 - Interrupt flag is not always cleared in between requests. (#7563)
Now clearing the interrupt flag.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2022-03-23 19:06:39 +01:00
Joakim Erdfelt f2e9680431
Honor parameters order when parsing query and form parameters (#7599) (#7605)
* Honor parameters order when parsing query and form parameters

When parsing the query or form parameters in Request, the values are stored in a MultiMap. This class extends HashMap which does not preserve the order of insertion so a request with parameters "first=1&second=2" might end up in a map where "second" will come first when iterating on the entry set. 

The order is necessary in some case where the request is signed off the body and/or the query parameters. When the order is not preserved, it is impossible to reconstruct the original request sent, unless using the Request::getInputStream which consumes the stream and makes subsequent calls to Request::getParameters to don't return the form parameters which can be misleading. The same behavior applied to query parameters, by using Request::getQueryString, you get the correct order but Request::getParameters will not.

Moreoever, if the application is behind a reverse proxy using Jetty that is proxying using Request::getParameters which consume the request InputStream, it will be completely impossible to reconstruct the original request.

* Added a test with parameter merging

Co-authored-by: Jacques-Etienne Beaudet <jebeaudet@gmail.com>
2022-02-16 11:34:30 -06:00
Greg Wilkins bdc60ee711
Jetty 10.0.x #7517 #7518 trie fixes (#7533)
* Fix #7518 Trie.getBest with empty Key (#7527)

Fix #7518 Trie.getBest with empty Key

 * Only increment current row if not recursing.
 * Fixed match ending with big char

Signed-off-by: Greg Wilkins <gregw@webtide.com>

* Jetty 9.4.x 7517 trie stack overflow (#7528)

Fix #7518 Trie stack overflows

* Avoid recursion where possible

Signed-off-by: Greg Wilkins <gregw@webtide.com>

* Added extra tests

Signed-off-by: Greg Wilkins <gregw@webtide.com>

* removed empty file

Signed-off-by: Greg Wilkins <gregw@webtide.com>
2022-02-08 06:20:50 +11:00
Simone Bordet a4fda96f49
Updating to version 10.0.9-SNAPSHOT 2022-02-07 12:02:02 +01:00
Simone Bordet 716c7afd8e
Updating to version 10.0.8 2022-02-07 11:34:12 +01:00
Simone Bordet abc4f05992
Issue #7496 - Transient 400: Bad Request responses in jetty-9.4.45.v20220128
Added missing checks from forward port.
Removed unnecessary casts.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2022-02-01 19:04:26 +01:00
Ludovic Orban 73832c4ab8 #7496 Fix tries mistakenly throwing ArrayIndexOutOfBoundsException
Fixes #7496 fix getBest() throwing ArrayIndexOutOfBoundsException on full tries

Fixing jetty-maven-plugin IT test javax-annotation-api failure

Signed-off-by: Ludovic Orban <lorban@bitronix.be>
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Co-authored-by: Greg Wilkins <gregw@webtide.com>
Co-authored-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Signed-off-by: Ludovic Orban <lorban@bitronix.be>
2022-02-01 15:18:22 +01:00
Greg Wilkins 6c66ec509c Test demonstrating exception after overflow for #7496
Signed-off-by: Greg Wilkins <gregw@webtide.com>
2022-01-31 16:41:51 +11:00
Joakim Erdfelt cb127793e5
Happy New Year 2022 (#7459)
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2022-01-27 10:42:30 -06:00
Joakim Erdfelt 1984d2de11
Issue #7277 - Allow `Request.getLocalName()` and `.getLocalPort()` to be overridden (#7357)
* Issue #7277 - Allow `Request.getLocalName()` and `.getLocalPort()` to be overridden (#7316)

* Introduce `HttpConfiguration.setServerAuthority(HostPort)`
  to influence `ServletRequest.getServerName()` and `ServletRequest.getServerPort()`
* Introduce `HttpConfiguration.setLocalAddress(SocketAddress)`
  to influence `ServletRequest.getLocalName()`, `ServletRequest.getLocalPort()`, and `ServletRequest.getLocalAddr()`
* Correcting Request URI logic on abs-uri without authority
* Adding test cases

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2022-01-06 08:01:08 -06:00
dependabot[bot] 6de526e808
Bump maven-scm-provider-jgit from 1.10.0 to 1.12.2 (#7347)
Bumps maven-scm-provider-jgit from 1.10.0 to 1.12.2.

---
updated-dependencies:
- dependency-name: org.apache.maven.scm:maven-scm-provider-jgit
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-03 10:11:34 -06:00
Simone Bordet 3d6578deee Issue #6728 - QUIC and HTTP/3
Updates after merge of #7100.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2021-12-20 09:33:38 +01:00
Simone Bordet 4eaff8e880 Issue #6728 - QUIC and HTTP/3
- Moved ExecutionStrategy from ServerQuicConnection to QuicConnection.
  For the server the produced task is declared as BLOCKING, but for the
  client the produced task is NON_BLOCKING.
- Fixed race condition in QuicSession.process(...).
- Updated quic-quiche pom.xml.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2021-12-20 09:33:38 +01:00
Simone Bordet a803dfa44f Issue #6728 - QUIC and HTTP/3
- Improved configuration of client and server.
- Started implementation of HttpClientTransportOverHTTP3.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2021-12-20 09:33:38 +01:00