Introduced PlainOrSslConnectionFactory, to "sniff" the first bytes
on a connection and upgrade to SSL (if the bytes are TLS bytes), or
upgrade to a specific, configured, protocol.
Added also the ability to fail the upgrade in case of a `http`
request to a `https` port and write a minimal response to the client.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Made default endpointIdentificationAlgorithm=HTTPS to avoid warnings
when SslContextFactory is used on a server.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
This interface is currently package-private while it's in the
signature of several public methods (e.g. addLowResourceCheck, getLowResourceChecks)
Signed-off-by: Bjørn Christian Seime <bjorncs@yahoo-inc.com>
%t now takes in locale and timezone in the format string argument
instead of getting it from the setters on the CustomRequestLog class
fixed issue with multiline format strings
requestLog writers are now managed objects
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
removed tests for %B and %b which have been removed in favor of %O
adjusted the NcsaRequestLogTest to only test ExtendedNCSA format
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
replaced terminology for addresses and ports to use
client and server referring to the logical connection and
local and remote referring to the physical connection to the first hop
finished implementing tests in CustomRequestLogTest otherwise
disabled tests which will be verified manually instead
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
added missing copyright header in some new files
added CustomRequestLogTest in jetty-servlet to test things like
logFilename and logRequestHandler
the log strings produced do no longer contain a trailing newline
implemented more tests in CustomRequestLogTest
and finished implementing some of the logging in CustomRequestLog
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
Issue #3038 - SSL connection leak.
Fixed SSL spin caused when fill had NEED_WRAP, but a flush/wrap
produced 0 bytes and stayed in NEED_WRAP
Removed check of isInputShutdown prior to filling that allowed EOF to
overtake data already read.
Fix for leak by shutting down output in HttpConnection if
filled -1 and the HttpChannelState was no longer processing
current request.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Introduced the RequestLog.Writer where a RequestLog takes a writer
which manages what to do with the log strings produced by the RequestLog
deprecated the NCSA and SLF4J RequestLogs in favor of CustomRequestLog
Implemented more format codes in CustomRequestLog
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
fixed parsing issues for the format string by parsing left to right
and reversing the list of parsed tokens
reduced to parsing to single regex expression
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
* Issue #3049 Warn on common SslContext vulnerable configurations
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Adding documentation notes for weak cipher warnings
Signed-off-by: WalkerWatch <ctwalker@gmail.com>
* Issue #3049 - SslContextFactory warnings on known bad config
+ Changes warnings from being a boolean on SslContextFactory
to being a logger named
"org.eclipse.jetty.util.ssl.SslContextFactory.config"
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
* Issue #3049 - SslContextFactory warnings on known bad config
+ Cleanup based on review
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
* Issue #3049 - SslContextFactory warnings on known bad config
+ Cleanup based on review
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Issue #3018 improve logging and handling of slow data rates.
* Slow data rates now result in aborted channels, but exception is still thrown. Test for 408 in requestLog
* Updated many RequestLog usages to use Server.setRequestLog rather than a RequestLogHandler
* Fixed javadoc
* removed BadRequestLogHandlerTest (tested in RequestLogTest)
* added JMH to show the future of request logging for #113
* copyright header.
* Updates from review
* Revert to throwing BadMessageException
* BME ensures a 408 is logged rather than a 500
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Cleanup the dump implementation
* improved the clarity of utility methods for dump and updated most dump methods
* fixed upgrade filter dump
* Improved dump after review
* Moved dumpObjects to Dumpable
* implemented dumpBeans with dumpObjects
* less verbose dump
* Dump streams
* fixed dump test
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Replaced usage of sun.reflect.Reflection with a
SecurityManager subclass, so that it works in all JDKs.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
+ Changes needed for new Junit 5
+ Migrating from Vintage junit API to Jupiter junit API
+ Relies on SNAPSHOT jetty-test-helper
- this will be a formal release once this issue has been
resolved satisfactory
+ Have jenkins always pull latest SNAPSHOT for each build
+ Adding jetty.snapshots repository
+ Using surefire 2.22.0 per advice from junit
+ Ensuring <reuseForks>true</reuseForks> to work around issue junit-team/junit5#801
+ Disabling <forkMode>always</forkMode> in maven-surefire-plugin
due to bug https://github.com/junit-team/junit5/issues/801
+ OSGi tests must remain at vintage due to PaxExam
+ Moving from vintage TestingDir to jupiter WorkDir
+ Fixing imports to use jupiter, not vintage
+ Migrating vintage ExpectedException to jupiter assertThrows
+ Migrating vintage TestName to jupiter TestInfo
+ Migrating @RunWith(Parameterized.class)
to @ParameterizedTest with Argument Sources
+ Migrating assertTrue(val.contains(needle))
to assertThat(val, containsString(needle))
+ Aligning junit versions per recommendations from @sormuras
+ Adjusting parameter order change for assertEquals()
+ Test LifeCycle Annotation Migration
junit 4 | junit 5 / jupiter
------------ | -----------
@Before | @BeforeEach
@After | @AfterEach
@BeforeClass | @BeforeAll
@AfterClass | @AfterAll
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
HttpInput.consume() now checks if the state is already failed,
and if so it does not change it when consuming the input.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Issue #2711 - TLS 1.3 compliance.
Disabled few tests that are TLS 1.2 specific.
Renegotiation in SslConnection is now skipped for TLS 1.3.
Replaced SNI keystore DSA certificate with RSA certificate.
First full build achieved with JDK 11+28.
Small changes after review.
Modified the test case to pass in JDK 8, where the implementation
throws SSLException, while in later JDKs throws SSLHandshakeException.
Minor cleanup
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Cleanup of Graceful shutdown, plus ensure Connection:close if connector is shutdown for #2749
* WIP close connection when shutting down
* WIP use HttpChannel.Listener
* cleanups
* support graceful stop of a context
* only close connections if the connector is shutdown
* minor cleanups
* fixed toString and test
* fixed imports
* Move close logic to HttpConnection
* fixed generator to not override persistent
* Issue #2749 - Close connections on graceful shutdown.
* Small fix after review.
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Issue #300 - Implement Deflater Pool
Removed the ThreadLocal pooling of deflaters in GzipHandler in favour of a new DeflaterPool class
GzipHttpOutputInterceptor.GzipBufferCB now recycles the Deflater in onCompleteFailure()
added benchmark for the DeflaterPool
allow negative capacity to mean no limit on the pool size
added mod file and xml changes
replace setDeflaterPool with newDeflaterPool
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
* Issue #2787 Unwrap ServletException
* Do not unwrap UnavailableException
* unwrap to specific targets
* fixes from review
* fixes after merge
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Replaced the response.isCommitted() check with a boolean returned from _resourceService.doGet().
This means the response does not need to be committed for the check to work correctly.
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
Major refactor of SslConnection to address #2233 and to simplify in preparation for java-11 support.
Made the `needFillInterest` and `onIncompleteFlush` methods the primary stateful methods with state for fill and flush side that does not reproduce state already held by the SslEngine itself.
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Flush response buffer in places where the response needs to be committed.
Removed if statement preventing HEAD requests processing conditional headers.
Added two new test cases which failed before the changes and should now pass.
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
Now using _requestStats instead of _dispatchedStats to check for
requests completed when shutting down StatisticsHandler.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Issue #2468 - Remove SoLinger.
For non-blocking sockets, StandardSocketOptions#SO_LINGER javadocs
report that the behavior is undefined. In JDK 11 setting SoLinger
for non-blocking sockets will be ignored.
As such, there is no point in allowing SoLinger to be configured
in Jetty that only uses non-blocking sockets.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
removed HttpOutput.close(Closeable) method as IO.close(Closeable) should be used instead
added isFailed() method to WriteFlusher and used it to fix WriteFlusherTest.testFailWhileBlocking()
surrounded usage of onError() in HttpOutput.run() with try-finally so that IO.close(this) is executed if onError throws
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
Simone Bordet
alexey.barsov
Jan Bartel
Lachlan Roberts
Joakim Erdfelt
Olivier Lamy
Greg Wilkins
Bjørn Christian Seime
Magnus Reftel
Jesse McConnell
Kazuhiro Sera
Venkata Jaswanth
Matthias Perktold