Java 17 only allows letter|digit|hyphen characters for SNI names.
While we could bypass this restriction on the client, when the SNI bytes arrive to the server they will be verified and if not allowed the TLS handshake will fail.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
(cherry picked from commit 693663a4ce)
A call to offer must never block, nor even yield, since to do so give an opportunity for the allocated CPU core to change, defeating the whole purpose of the class.
There is also some reasonable level of diagnostic warnings if a reserved thread misses too many offers consecutively, based on tracking the state of the reserved thread.
Remove the stack data structure entirely. ReservedThreads all poll the same SynchronousQueue and tryExecute does a non blocking offer.
Added test for busy shrinking
Remember last time we hit zero reserved threads
Co-authored-by: Simone Bordet <simone.bordet@gmail.com>
Issue #6473 - canonicalPath refactor & fix alias check in PathResource
* Reverted %-escape handling for URI query parts.
* Performing canonicalization in ServletContext.getResource(),
and improving alias checking in ContextHandler.getResource().
* Performing canonicalization checks in Resource.addPath() to avoid
navigation above of the root.
* Test added and fixed.
* Various cleanups.
* Improved javadoc and comments
* Compliance mode HttpURI uses UriCompliance.Violation
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Co-authored-by: Greg Wilkins <gregw@webtide.com>
* Fixes#6410 - Use SocketAddress instead of InetSocketAddress.
Removed usages of InetSocketAddress in method signatures where possible.
Deprecated old methods, and added new methods with SocketAddress.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Rename EWYK to AdaptiveExecutionStrategy, which better represents the nature of the strategy.
Updated the documentation
Refactored substrategy selection for code clarity.
Added notes about chaining strategies and thread starvation
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Co-authored-by: Simone Bordet <simone.bordet@gmail.com>
* Fix#6114 Deploy symlink webapps
Use Path.toRealPath rather than getCanonicalPath in the Scanner
Make following symlinks configurable
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Fixes#6276 - Support non-standard domains in SNI and X509. (#6296)
Improved support for IP addresses in X509 (after #5379).
Introduced SslContextFactory.Client.SniProvider to allow applications to specify the SNI names to send to the server.
Improved logging of SNI processing.
Skip X509 matching over IP addresses when the host does
not look like an IP address, to avoid reverse DNS lookup.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
(cherry picked from commit 04df6d4ec2)
Updated the logic in SslContextFactory.Server.sniSelect(...) to check if there is
any certificate that matches, and if so return a null alias in the hope to be called
again and pick the right alias for the SNI.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
(cherry picked from commit 68296911b7)
Added null guard for `ExtendedSSLSession.getRequestedServerNames()`
which should never return null, but it does when using Conscrypt.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
FileBufferedResponseHandler adds an HttpOutput.Interceptor to buffer all responses into a file until the output is closed. This allows the commit to be delayed until the response is complete and thus headers and response status can be changed while writing the body.
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
Use Files.isSameFile to check Resource equality
Avoid using canonical and instead use Files.isSameFile
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Co-authored-by: Ludovic Orban <lorban@bitronix.be>
Fix#5835 Durable filters and servlets with a general ServletHandler cleanup
update indexes after updating mapping
update mappings/indexes before destroyed listeners
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Now matching certificates are sorted, non-wildcard first, so that a more specific alias is returned.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Handle URIs by first resolving relative paths and then decoding.
Added compliance mode to return 400 if there are ambiguous path segments.
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Fixes#5902 - Grab Jetty startup output in documentation.
Implemented an Asciidoctor extension that uses `JettyHomeTester` to run
Jetty and capture its output.
This extension is triggered by the `ServiceLoader` mechanism, so the
documentation jar is now in the plugin classpath.
Introduced `jetty-halt.xml` so that the JVM can be halted.
In this way, Jetty does not produce the "stopping" log lines and
therefore they won't be grabbed and included in the documentation.
Used the new `include::jetty[]` directive in the documentation.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Co-authored-by: Greg Wilkins <gregw@webtide.com>
* Issue #5870 Windows URI case comparison fails
Signed-off-by: Jan Bartel <janb@webtide.com>
* Issue #5870 - Updating Windows tests
+ Eliminating OS.MAC (as it doesn't support drive letters)
+ Adding alt URI syntax version as well
Co-authored-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
* Issue #5830 Remove native classes from PathWatcher.
Removed use of com.sun.nio.file.SensitivityWatchEventModifier, no longer needed.
This has the desirable side-effect of getting rid of com.sun.nio.file package imports.
Signed-off-by: Jan Bartel <janb@webtide.com>
Changed the AbstractConnectionPool.acquire() logic to call tryCreate() even
when create=false.
This is necessary when e.g. a sender thread T2 with create=true steals a
connection whose creation was triggered by another sender thread T1.
In the old code, T2 did not trigger the creation of a connection, possibly
leaving a request queued.
In the new code, T2 would call tryCreate(), possibly triggering
the creation of a connection.
This change re-introduces the fact that when sending e.g. 20 requests
concurrently, 20+ connections may be created.
However, it is better to err on creating more than creating less and leaving
requests queued.
Further refactoring moved field pending from Pool to AbstractConnectionPool.
As a consequence, AbstractConnectionPool.tryCreate() now performs a
demand/supply calculation to decide whether to create a new connection.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Co-authored-by: Greg Wilkins <gregw@webtide.com>
Note that any Preventer that is documented as being fixed prior to jdk11
should be deleted from jetty-10/11 when this change is merged through.
Signed-off-by: Jan Bartel <janb@webtide.com>
* fix some spotbug performance map iterations
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
* cannot use computeIfAbsent because it is a PathMap
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
* enable spotbugs in CI
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
record issues
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
use warning new generation
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
activate errorprone
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
fix Jenkinsfile
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
do not run spotbugs for jetty-runner as we do not want to fix all dependencies bugs :)
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
junit should allow empty results
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
maven console can be use only once...
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
one liner
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
recordissues only once
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
force id
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
aggregate results
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
configure a name for aggregated reports
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
mo more -T3 no need anymore of remote session test profile
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
I want to see what failing tests look like with new report.
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
skip spotbugs for jetty-jmh
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
get rid of findbugs as we now have spotbugs
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
Revert "I want to see what failing tests look like with new report."
This reverts commit df0d13e4c53d7461872e1f925ec06bd36e4a66c9.
activate errorProne parser
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
make pmd quiet for CI
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
remove -fae flag and do not display transfer progress
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
try junitParser() to see what it does
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
junit parser is a bad idea...
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
increase timeout
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
no -T2 for javadoc
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
fix skip spotbugs and pmd verbose
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
* remove -T options
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
More cleanups in code adding more privateness, getting rid of unnecessary exceptions, making fields final, etc.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
GCThreadLeakPreventer has been removed, since the issue
it was trying to fix was solved in Java 9+.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Use File.list and File.walk within a try with resource
The API contract of File.list and File.walk requires them to be closed after use.
* Fix from review
Left out filter
* Fix from review
Factored out deleteFile with better debug
* Fix from review
Can delete files whilst walking
* Fix from review
Restored sweepFile
fixed minor code suggestions
* Fix#5562 Improve HTTP Field cache allocation
Fix#5562 by initially putting cacheable fields into a inexpensive arraylist.
Only create the Trie (with space and complexity costs) if a second request is received.
* Fixed NPE
* Feedback from review
Create `HttpHeader.isPseudo()`` method
improved clarity with `createFieldCacheIfNeeded()``
* Feedback from review
Only defer Trie creation to first cacheable field, not until next request.
* Updates from review
* Update from review
+ more javadoc
+ empty set return
+ Added all IANA methods
+ Used Trie for most lookups
+ Fixed ArrayTernayTrie lookup
+ optimised GET, POST and HEAD
Co-authored-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Reimplemented close/idle_timeout/stop/onGoAway/input_shutdown following more closely the specification.
In particular, the semantic of sending a GOAWAY is now to:
* stop creation of new both local and remote streams
* record the last processed stream
* continue processing streams that are pending
This means that a GOAWAY is "graceful" in the sense that it allows for streams to be completed by applications.
The semantic of stop() and idle timeout is harsher: for pending streams a RST_STREAM is sent to the other peer and they are failed locally.
Added support for GOAWAY with 2^31-1 lastStreamId.
Added support for a peer to send and receive multiple GOAWAY frames.
Reviewed the stream creation/destruction mechanism so that when the last stream completes after a GOAWAY, proper actions can be run to tear down the connection.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Fixes#5521 ResourceCollection NPE
Fix constructor and addPath so that all resources in a RC must exist when created.
* Fixes#5521 ResourceCollection NPE
Cleanup the vestiges of non existent directories detected by resource ending in /
* Fixes#5521 ResourceCollection NPE
Revert adding paths ending in / as jar:file resource needs them
* feedback from review
improved javadoc.