Commit Graph

17427 Commits

Author SHA1 Message Date
Simone Bordet cfe1baa048 Issue #3978 - HTTP/2 vulnerabilities.
Implemented rate control for HTTP/2 frames using a single RateControl
object to avoid that each individual vulnerability is within limits,
but combined they still overload the server.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2019-08-17 22:51:39 +02:00
Bogdan Arabadzhi f14abdd600 Add WebAssembly MIME type support
Signed-off-by: Bogdan Arabadzhi <bogdan.today@gmail.com>
2019-08-17 12:02:03 +02:00
Joakim Erdfelt 1254f6eb67 Issue #3985 - Fixing RequestTest
+ Moving overly bad cookie to CookieCutter_LenientTest
+ Changing expectation in RequestTest.testCookie()

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-08-16 15:57:26 -05:00
Joakim Erdfelt 472ede48cd Issue #3983 - JarFileResource directory listing is invalid
+ Correcting encoded path searching
+ Adding more unit tests to ensure no regression

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-08-16 15:48:42 -05:00
Joakim Erdfelt f65e59cadf Issue #3983 - Modernizing JarResourceTest
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-08-16 15:13:53 -05:00
Joakim Erdfelt fba010d33d Issue #3985 - Updates to CookieCutter to reject no-equal cookies
* If a cookie has no value it is rejected and not stored.
  - `name` is rejected
  - `name=` is accepted, with empty value

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-08-16 13:11:40 -05:00
Joakim Erdfelt eaf2263053 Issue #3985 - Testcase for CookieCutter parsing issue of bad cookie
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-08-15 17:58:53 -05:00
Chris Walker d6bd6e6e32
Updated security reports for HTTP/2 fix in #2722 2019-08-15 10:55:12 -04:00
Joakim Erdfelt 50b524bb6b Merge branch `release-9.4.20` into `jetty-9.4.x` 2019-08-15 07:27:25 -05:00
Jan Bartel af6c675023
Issue #3913 Fix races in session request reference counting (#3947)
* Issue #3913 Fix races in session request reference counting

Signed-off-by: Jan Bartel <janb@webtide.com>
2019-08-15 12:27:18 +10:00
Lachlan Roberts 7d7d932288 Issue #3968 - remove public from methods in ReadState
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2019-08-15 09:16:05 +10:00
Lachlan Roberts 11d1ad6504 disable flaky test WebSocketConnectionStatsTest
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2019-08-15 08:04:57 +10:00
Chris Walker 47759b3f9b
Updated security documentation with latest CVEs. Resolves #3980 2019-08-14 10:23:22 -04:00
Lachlan 2a109dccbc
Issue #3968 - prevent ReadPending and ISE from AbstractWebSocketConnection (#3979)
* Issue #3968 - websocket suspend fix and cleanups

Signed-off-by: Lachlan Roberts <lachlan@webtide.com>

* Issue #3968 - fixed race conditions when using websocket ReadState

combine the previous ReadMode into ReadState by using ReadState.Action
which is returned from ReadState.getAction(ByteBuffer) where an atomic
decision is made of what action to do

Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2019-08-14 21:28:35 +10:00
Olivier Lamy 8761b345b5
Jetty 9.4.x timeout to build only do not include time to get node (#3975)
* fix timeout to apply on build time not on getting node time

Signed-off-by: olivier lamy <oliver.lamy@gmail.com>

* fix typo

Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
2019-08-14 20:30:54 +10:00
Joakim Erdfelt f1efc99918 Updating to version 9.4.21-SNAPSHOT 2019-08-13 17:34:20 -05:00
Joakim Erdfelt 84700530e6 Updating to version 9.4.20.v20190813 2019-08-13 16:13:21 -05:00
Joakim Erdfelt cbe34d9bc2 Revert "Jetty 9.4.x release faster (no need of triggering plugins already triggered) (#3944)"
+ Breaks the release build.
  javadoc and source artifacts lack gpg signatures

This reverts commit 50aa1cf786.
2019-08-13 16:05:35 -05:00
Joakim Erdfelt 982717cc77
Merge pull request #3972 from eclipse/jetty-9.4.x-3969-forwarded-headers-testing
Fixes #3969 - Fixing X-Forwarded-Port header setter
2019-08-13 16:01:32 -05:00
Joakim Erdfelt fec01a4628 Fixes #3969 - Changing TYPE to class from PR review
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-08-13 16:00:18 -05:00
Joakim Erdfelt 3940baea9c Fixes #3969 - Adding comments from PR review
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-08-13 15:56:11 -05:00
Joakim Erdfelt 72c05bc8ba Fixes #3969 - Fixing X-Forwarded-Port header setter
+ Fixing ForwardedRequestCustomizer.getForwardedPortHeader()
+ Fixing ForwardedRequestCustomizer.setForwardedPortHeader(String)
+ Refactoring unit tests:
  + Tests default ForwardedRequestCustomizer behavior
    on one Connector
  + Tests header configured ForwardedRequestCustomizer behavior
    on different Connector

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-08-13 12:39:30 -05:00
Joakim Erdfelt d10fea9b7e
Merge pull request #3970 from eclipse/jetty-9.4.x-3969-xforwarded-host
Issue #3969 - adding testcase to verify Host & X-Forwarded behavior
2019-08-13 09:16:08 -05:00
Joakim Erdfelt e4b4a30c4c
Merge pull request #3961 from eclipse/jetty-9.4.x-3804-Decoration-Fixes
Fixed decoration changes for #3804
2019-08-13 09:15:31 -05:00
Joakim Erdfelt 4b17d28cb0 Issue #3969 - adding testcase to verify behavior
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-08-13 07:30:14 -05:00
olivier lamy cfd01d6bbc remove non needed file
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
2019-08-13 16:36:24 +10:00
Lachlan d3bc0b931a
Issue #3957 - fix bad usage of MethodHandles.lookup() (#3962)
* Issue #3957 - fix bad usage of MethodHandles.lookup()

Signed-off-by: Lachlan Roberts <lachlan@webtide.com>

* Issue #3957 CustomRequestLog remove unnecessary local string variables

Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2019-08-13 14:47:39 +10:00
Greg Wilkins 8c4dd7ab05 Fixed decoration changes for #3804
Fixed bad names in OWB webapp.
Don't have the owb jetty-web.xml on by default.

Signed-off-by: Greg Wilkins <gregw@webtide.com>
2019-08-13 11:14:44 +10:00
Olivier Lamy 02c247be5f
include test sources in checkstyle report (#3948)
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
2019-08-13 10:20:55 +10:00
Simone Bordet 46e1896322 Fixes #3960 - Fix HttpConfiguration copy constructor.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2019-08-12 17:42:54 +02:00
Simone Bordet 76612ea7ca Updated dependency to h2spec to 0.6.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2019-08-12 17:38:34 +02:00
Greg Wilkins 699f832632 Fixed test for symlinked directory
Signed-off-by: Greg Wilkins <gregw@webtide.com>
2019-08-12 17:21:49 +10:00
Joakim Erdfelt e7a1978556
Merge pull request #3946 from eclipse/jetty-9.4.x-3804-Decoration-rename
Issue #3804 CDI integration rename
2019-08-09 08:43:07 -05:00
Simone Bordet 27c0ae605f Issue #3804 - CDI integration rename.
Fixed javadocs.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2019-08-09 11:25:00 +02:00
Olivier Lamy 50aa1cf786
Jetty 9.4.x release faster (no need of triggering plugins already triggered) (#3944)
* source:jar javadoc:jar are already triggered by eclipse-release profile so no need to call directly as it add more jars to deploy :)

Signed-off-by: olivier lamy <oliver.lamy@gmail.com>

* no need of sources jar in release profile as it is already part of normal build, and use jar-no-fork in normal to avoid forking another lifecycle

Signed-off-by: olivier lamy <oliver.lamy@gmail.com>

* no need of triggering gpg plugin again as it is part of the release-jetty.sh script

Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
2019-08-09 11:24:31 +10:00
Greg Wilkins 093b39be09 Issue #3804
more review changes

Signed-off-by: Greg Wilkins <gregw@webtide.com>
2019-08-09 09:23:17 +10:00
Greg Wilkins bf1ece938f Issue #3804
more review changes

Signed-off-by: Greg Wilkins <gregw@webtide.com>
2019-08-09 08:20:27 +10:00
Joakim Erdfelt bcb4c59ab2 Issue #3804 - cleanup of CDITest arguments
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-08-08 10:21:12 -05:00
Olivier Lamy 503a52273e
Jetty 9.4.x fix some part of the code assuming cast to HttpServletRequest is possible (#3945)
* code assume request is HttpServletRequest whereas it can be ServletRequestWrapper, this fix some failing tck tests

Signed-off-by: olivier lamy <oliver.lamy@gmail.com>

* return directly if the instance is already HttpServlet*Wrapper

Signed-off-by: olivier lamy <oliver.lamy@gmail.com>

* checkstyle

Signed-off-by: olivier lamy <oliver.lamy@gmail.com>

* changes after review

Signed-off-by: olivier lamy <oliver.lamy@gmail.com>

* checkstyle

Signed-off-by: olivier lamy <oliver.lamy@gmail.com>

* checkstyle and cleanup import

Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
2019-08-08 20:46:19 +10:00
Greg Wilkins eb4be618ee Issue #3804
more review changes

Signed-off-by: Greg Wilkins <gregw@webtide.com>
2019-08-08 19:03:59 +10:00
Lachlan 3f34301660
do not echo part content in MultiPartTest (#3942)
* sanitize xml from multipart upload in MultiPartTest

Signed-off-by: Lachlan Roberts <lachlan@webtide.com>

* changes from review

Signed-off-by: Lachlan Roberts <lachlan@webtide.com>

* no longer echoing back part content

Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2019-08-08 17:55:31 +10:00
Greg Wilkins 516fdd45cb Issue #3804
improved javadoc

Signed-off-by: Greg Wilkins <gregw@webtide.com>
2019-08-08 16:11:02 +10:00
Greg Wilkins 9d497084d4 Issue #3804
Rename attributes and classes to have a more regular pattern.
The DecoratingListener is now extened by the
CdiDecoratingListener which is used by the cdi-decorate module

Signed-off-by: Greg Wilkins <gregw@webtide.com>
2019-08-08 15:21:06 +10:00
Greg Wilkins 70fcd3d145 Issue #3804 CDI integration
Rename attributes and classes to have a more regular pattern.
The DecoratingListener is now extened by the
CdiDecoratingListener which is used by the cdi-decorate module

Signed-off-by: Greg Wilkins <gregw@webtide.com>
2019-08-08 12:24:41 +10:00
Greg Wilkins dc939d753a
Issue #3804 - Update Decorator integration for various CDI implementations (#3838)
* Jetty Issue #3804 WELD-2587

Support CDI integration:
 + cdi2 module exposes jetty APIs
 + cdi module uses DecorationListener

Signed-off-by: Greg Wilkins <gregw@webtide.com>

* Jetty Issue #3804 WELD-2587

Remove DecoratingListener tests from test-jetty-webapp

Signed-off-by: Greg Wilkins <gregw@webtide.com>

* improve CDI test

Signed-off-by: Greg Wilkins <gregw@webtide.com>

* Jetty Issue #3804 WELD-2587

Reverted test to use released CDI and cdi2 module for now.
To test new mechanism, you need to build the weld snapshot locally,
rebuild and switch to cdi module

Signed-off-by: Greg Wilkins <gregw@webtide.com>

* remove cdi2 webapp references

Signed-off-by: Greg Wilkins <gregw@webtide.com>

* document attribute

Signed-off-by: Greg Wilkins <gregw@webtide.com>

* improved documentation

Signed-off-by: Greg Wilkins <gregw@webtide.com>

* logging

Signed-off-by: Greg Wilkins <gregw@webtide.com>

* improved javadoc

Signed-off-by: Greg Wilkins <gregw@webtide.com>

* Fixed version

Signed-off-by: Greg Wilkins <gregw@webtide.com>

* Reverted to also provide the DecoratingListener in the decorate module.
Renamed cdi-demo to weld-cdi-demo

Signed-off-by: Greg Wilkins <gregw@webtide.com>

* revert from Weld SNAPSHOT

Signed-off-by: Greg Wilkins <gregw@webtide.com>

* test all 3 weld integrations

Signed-off-by: Greg Wilkins <gregw@webtide.com>

* updated destory implementation to release creationalcontext

Signed-off-by: Greg Wilkins <gregw@webtide.com>

* reverted to released Weld version

Signed-off-by: Greg Wilkins <gregw@webtide.com>

* Issue #3804 CDI integration

dispose and release context in destroy

Signed-off-by: Greg Wilkins <gregw@webtide.com>

* Improved CDI module documentation

Signed-off-by: Greg Wilkins <gregw@webtide.com>

* WIP on OWB

Signed-off-by: Greg Wilkins <gregw@webtide.com>

* Updates from review
Parameterised CDITests

Signed-off-by: Greg Wilkins <gregw@webtide.com>

* share webapp resources for cdi webapp test

Signed-off-by: olivier lamy <oliver.lamy@gmail.com>

* Initialize OWB with a SCI so that listeners can be decorated

Signed-off-by: Greg Wilkins <gregw@webtide.com>

* Added OwbDecorator so that cdi2 module can be tested with OWB

Signed-off-by: Greg Wilkins <gregw@webtide.com>

* Lookup attribute name

Signed-off-by: Greg Wilkins <gregw@webtide.com>

* Cleanups

Signed-off-by: Greg Wilkins <gregw@webtide.com>

* Cleanup from Review

Don't do lazy bindings

Signed-off-by: Greg Wilkins <gregw@webtide.com>

* Cleanup from Review

Treat partial CDI same as no CDI

Signed-off-by: Greg Wilkins <gregw@webtide.com>

* fix maven it test no more need of weld-servlet

Signed-off-by: olivier lamy <oliver.lamy@gmail.com>

* cleanup it parent pom removing non needed weld servlet

Signed-off-by: olivier lamy <oliver.lamy@gmail.com>

* upgraded to Weld 3.1.2.Final

Signed-off-by: Greg Wilkins <gregw@webtide.com>

* Cleanup from Review

Signed-off-by: Greg Wilkins <gregw@webtide.com>

* Cleanup from Review

Signed-off-by: Greg Wilkins <gregw@webtide.com>
2019-08-08 04:04:07 +02:00
Joakim Erdfelt 259ef7cf7a
Merge pull request #3943 from eclipse/jetty-9.4.x-checkstyle-remove-abbrev-name
Removing `AbbreviationAsWordInName` module
2019-08-07 18:11:40 -05:00
Joakim Erdfelt 3b5543b575 Removing `AbbreviationAsWordInName` module
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-08-07 18:08:07 -05:00
Simone Bordet 2e2cde69e9
Merge pull request #3899 from eclipse/jetty-9.4.x-3856-maxForm_contentLength_behavior
Fixes #3856 - Different behaviour with maxFormContentSize=0 if Content-Length header is present/missing.
2019-08-07 19:46:49 +03:00
Simone Bordet 632c916608 Fixes #3856 - Different behaviour with maxFormContentSize=0 if Content-Length header is present/missing.
Removed duplicated, unused, code.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2019-08-07 17:35:10 +02:00
Joakim Erdfelt cb87d7049e
Merge pull request #3923 from eclipse/jetty-9.4.x-3906-seekablebytechannel-fallback
Issue #3906 - Handling SeekableByteChannel.position(long) Exception
2019-08-07 07:43:16 -05:00