Commit Graph

17167 Commits

Author SHA1 Message Date
Jan Bartel 4251a3e092
Issue #4022 Prevent Servlet adding another Servlet (#4024)
* Issue #4022  Prevent Servlet adding Servlet and added unit tests.

Signed-off-by: Jan Bartel <janb@webtide.com>
2019-08-28 12:29:14 +10:00
Jan Bartel f4d95e0f2f Remove blank lines for NullSessionCacheTest
Signed-off-by: Jan Bartel <janb@webtide.com>
2019-08-28 11:22:14 +10:00
Jan Bartel 37712d75a2
Issue #4027 Ensure AbstractSessionDataStore started or throws exception. (#4028)
* Issue #4027 Ensure AbstractSessionDataStore started or throws exception.

Signed-off-by: Jan Bartel <janb@webtide.com>
2019-08-28 11:08:42 +10:00
Jan Bartel a2fc9b113b Fix and enhance session invalidation tests.
Signed-off-by: Jan Bartel <janb@webtide.com>
2019-08-28 11:04:31 +10:00
Joakim Erdfelt eef2481b59 Adding cookie parsing test for excessive semicolon (reported as CVE in other projects) 2019-08-27 14:09:06 -05:00
Joakim Erdfelt 4d8e8050bd Fixes #4007 - using `user.home` system property instead of $HOME
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-08-27 08:48:02 -05:00
Greg Wilkins 2564a08150 fix checkstyle
Signed-off-by: Greg Wilkins <gregw@webtide.com>
2019-08-27 18:43:33 +10:00
Greg Wilkins 83463c2a23
Issue #3964 - Listener behavior cleanup (Jetty 9.4.x) (#3965)
Issue #3964
* Avoid creating listener list for rarely used requestAttributeListener
* AbstractConnector keeps a specific list of HttpChannel.Listeners
to avoid Connection.Listeners and MBean listeners being added to
the HttpChannel listener list.
* Simplified listener handling by avoiding null connector, previously
only needed for testing.
* Fixed test that assumed HttpChannel listeners were not cleared by a recycle
* Separated out durable vs cyclic HttpChannel.Listeners, so as to
simplify handling.
* Deprecated cyclic HttpChannel.Listeners, as I'm not sure the channel is
the right place for them.
* Added improved method to combine multiple HttpChannel Listeners
into a single Listener.
* Fixed MockConnector
* Added benchmark
* Improved benchmark
* Updates from review
* Removed benchmark and alternate implementations.
* Updated javadoc
* Updates from review

Signed-off-by: Greg Wilkins <gregw@webtide.com>
2019-08-27 17:38:20 +10:00
Greg Wilkins 1f189d4618 fixed test visibility for JPMS
Signed-off-by: Greg Wilkins <gregw@webtide.com>
2019-08-27 14:30:03 +10:00
Olivier Lamy b51d770807
session#getLastAccessedTime should throw IllegalStateException if session has been invalidated (#4023)
* per servlet api javadoc getLastAccessedTime should throw IllegalStateException if session has been invalidated

Signed-off-by: olivier lamy <oliver.lamy@gmail.com>

* isInvalid test should be done within lock

Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
2019-08-27 13:03:28 +10:00
Greg Wilkins d216792d23 Made test not fail in symlinked directory
Signed-off-by: Greg Wilkins <gregw@webtide.com>
2019-08-27 13:01:34 +10:00
Jan Bartel 19980ceeb5
Issue #4009 ServletContextHandler setSecurityHandler broke handler chain (#4012)
* Issue #4009 ServletContextHandler setSecurityHandler broke handler chain

Signed-off-by: Jan Bartel <janb@webtide.com>
2019-08-27 11:00:09 +10:00
Jan Bartel 387e33acaf
Issue #4006 Fix ClusteredSessionMigrationTest (#4010)
Signed-off-by: Jan Bartel <janb@webtide.com>
2019-08-27 10:53:54 +10:00
Greg Wilkins bde86467f4
Issue #3806 - Make Async sendError fully Async (#3912)
* Issue #3806 async sendError

Avoid using isHandled as a test withing sendError as this can be
called asynchronously and is in a race with the normal dispatch of the
request, which could also be setting handled status.

The ErrorHandler was dispatching directly to a context from within
sendError.  This meant that an async thread can call sendError and be
dispatched to within the servlet container at the same time that the
original thread was still dispatched to the container.

This commit fixes that problem by using an async dispatch for error
pages within the ErrorHandler.  However, this introduces a new problem
that a well behaved async app will call complete after calling
sendError.  Thus we have ignore complete ISEs for the remainder of
the current async cycle.

Fixed the closing of the output after calling sendError. Do not
close if the request was async (and thus might be dispatched to an
async error) or if it is now async because the error page itself is
async.

* updates from review
* better tests
* revert ignore complete
* added some TODOs
* more TODOs
* fixed rename
* cleanup ISE and more TODOs
* refactored to call sendError for uncaught exceptions rather than onError
* more of the refactor
* extra tests for sendError from completing state

Reworked HttpChannelState and sendError so that sendError is now
just a change of state. All the work is done in the ErrorDispatch
action, including calling the ErrorHandler.  Async not yet working.

Additional tests

Converted ERRORED state to a separate boolean so it can be used for
both Sync and Async dispatches.

Removed ASYNC_IO state as it was just the same as DISPATCHED

The async onError listener handling is now most likely broken.


WIP making sendError simpler and more tests pass
WIP handling async and thrown exceptions
WIP passing tests

Improved thread handling

removed bad test

Implemented error dispatch on complete properly
more fixed tests

sendError state looks committed

- Added resetContent method to leave more non-content headers during sendError
- Fixed security tests
- simplified the non dispatch error page writing.  Moved towards being able to write async

* fixed gzipHandlerTest

* Updated handling of timeout errors.  According to servlet spec,
exceptions thrown from onTimeout should not be passed to onError, but
just logged and ignored:

   If an exception is thrown while invoking methods in an AsyncListener,
   it is logged and will not affect the invocation of any other AsyncListeners.

* This changes several tests.

* Dispatcher/ContextHandler changes for new ERROR dispatch handling. Feels a bit fragile!

* Fixed tests in jetty-servlets
* Fixed tests in jetty-proxy

* more test fixes

* Fixed head handling
reverted unnecessary changes
Improved reason handling

WIP on fully async error handling.
Simplified HttpChannelState state machines to allow for async actions
during completing

more WIP on fully async error handling.

sendError and completion are not both non-blocking, without using
a startAsync operation. However we are lacking unit tests that actually
exercise those code paths.

* Simplified name of states
Added test for async completion
* Cleanups and javadoc
* Cleanups and javadoc
* remove snake case
* feedback from review
* Write error page into fixed pooled buffer

Use the response to get/release a pooled buffer into which the error
page can be written.  Make it a fixed sized buffer and if it overflows
then no error page is generated (first overflow turns off showstacks
to save space).

The ErrorHandler badly needs to be refactored, but we cannot change
API in jetty-9

* More test fixes for different error page format
* minor cleanups
* Cleanup from Review
* Fixed javadoc
* cleanups and simplifications
* Cleanup from Review
* renaming and some TODOs
* Cleanup from Review
* Checkstyle fixes
* Cleanup from Review
* Code cleanups and simplifications
* fixed debug
* Cleanup from Review
* Ensure response sent before server shutdown
* removed unnecessary optimisation
* fixed duplicate from merge
* Updates from review

Signed-off-by: Greg Wilkins <gregw@webtide.com>
2019-08-26 17:55:58 +10:00
Jan Bartel 0f8230c05b
Issue #3936 Provide write-through modes for the NullSessionCache (#3984)
* Issue #3936 Provide write-through modes for the NullSessionCache

Signed-off-by: Jan Bartel <janb@webtide.com>
2019-08-26 15:22:20 +10:00
Joakim Erdfelt 1867d24ef7
Merge pull request #4001 from eclipse/jetty-9.4.x-4000-swedish-unicode-file-serving
Issue #4000 - new SameFileAliasChecker to help with NFC/NFD UTF-8 differences
2019-08-23 07:27:32 -05:00
Joakim Erdfelt f15ca7765e
Merge pull request #3994 from eclipse/jetty-9.4.x-3985-cookie-parsing
Fixes #3985 - Updates to CookieCutter to reject no-equal cookies
2019-08-23 07:27:23 -05:00
Joakim Erdfelt 12e1473fd0 Adding reference to javax.websocket issue
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-08-22 17:04:01 -05:00
Joakim Erdfelt 5bcbe0f9d9 Adding javax.websocket secure client example
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-08-22 16:45:04 -05:00
Joakim Erdfelt d0ec6e7d07
Merge pull request #3995 from eclipse/jetty-9.4.x-3983-jarfileresource-list
Fixes #3983 - JarFileResource directory listing is invalid
2019-08-22 15:09:16 -05:00
Joakim Erdfelt 318045cd87 Issue #3985 - Applying PR Review to CookieCutter
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-08-22 12:46:23 -05:00
Joakim Erdfelt e7765ab576
Merge pull request #4015 from akurtakov/jetty-9.4.x
Update Tycho and Eclipse CBI plugins.
2019-08-22 08:52:19 -05:00
Alexander Kurtakov 7f5aa89042 Update Tycho and Eclipse CBI plugins.
* Tycho to 1.4.0
* CBI to 1.1.7

These updates are important for both speed and m2e compatibility so
warnings are not shown in the eclipse ide.

Signed-off-by: Alexander Kurtakov <akurtako@redhat.com>
2019-08-22 16:06:06 +03:00
olivier lamy 595e058fa3 touch to test github/jenkins
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
2019-08-22 20:53:46 +10:00
olivier lamy 2cbdb27e5b touch to test github/jenkins
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
2019-08-22 20:51:34 +10:00
Olivier Lamy fe3d3f7158
fix checkstyle in test sources (#4013)
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
2019-08-22 19:56:41 +10:00
Joakim Erdfelt 88e37b177c Issue #4000 - Name change to isSameName
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-08-21 17:11:44 -05:00
Simone Bordet 1a0f08b84d Improve test performance.
Running with the LEGACY compliance will take ~10 minutes for this test.
Running with the RFC7578 compliance will take ~1 min 45 secs.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2019-08-21 21:13:13 +02:00
Joakim Erdfelt c1c241349e Issue #3985 - Applying PR Review to CookieCutter
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-08-21 12:54:26 -05:00
Joakim Erdfelt 4ab0be9b1b Issue #3983 - Applying PR review to JarFileResource
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-08-21 12:43:25 -05:00
Joakim Erdfelt 30bd3914cf Issue #4000 - SameFileAliasChecker to help with NFD/NFC
+ Adding SameFileAliasChecker to help with environments
  where the Alias and the Path point to the same file,
  by relying on the FileSystem and Path implementation
  to make the determination if the two Path references
  truly point to the same file.
+ Minor cleanup of FileSystemResourceTest
+ Additional DefaultServletTest for this UTF-8 differences

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-08-21 12:21:04 -05:00
Bruce a1bb3b4491 fix formatting and change comment flags to attributes
Signed-off-by: Bruce MacDonald <brucewmacdonald@gmail.com>
2019-08-20 15:12:03 +10:00
Bruce 6ad148c8f9 parse samesite from cookie comment flag utility functions
Signed-off-by: Bruce MacDonald <brucewmacdonald@gmail.com>
2019-08-20 15:12:03 +10:00
Bruce 2e5f6fca4b parse SameSite specifier from cookie comment and move HttpOnly comment parsing to org.eclipse.jetty.http.HttpCookie
Signed-off-by: Bruce MacDonald <brucewmacdonald@gmail.com>
2019-08-20 15:12:03 +10:00
Bruce 7c691acbbe use null instead of EXCLUDED to indicate no SameSite attribute should be sent
Signed-off-by: Bruce MacDonald <brucewmacdonald@gmail.com>
2019-08-20 15:12:03 +10:00
Bruce 216f71469b Issue #3040 - Allow RFC6265 Cookies to include optional SameSite attribute
Signed-off-by: Bruce MacDonald <brucewmacdonald@gmail.com>
2019-08-20 15:12:03 +10:00
Lachlan 44986be6c0
fix flaky test ClientCloseTest.testStopLifecycle() in jetty 9.4.x (#3990)
* fix flaky test ClientCloseTest.testStopLifecycle() in 9.4.x

Signed-off-by: Lachlan Roberts <lachlan@webtide.com>

* test code cleanups in ClientCloseTest

Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2019-08-20 12:49:52 +10:00
Joakim Erdfelt ef3f696a11 Issue #4000 - PathResource alias detection work around alt UTF-8 style
+ OSX File is `swedish-å.txt`
+ OSX has NFD form UTF-8 characters. `swedish-a%CC%8A.txt`
+ HTTP uses normal form UTF-8. `swedish-%C3%A5.txt`
+ A HTTP GET request should work against the resource
  being requested, regardless of UTF-8 style used.

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-08-19 13:52:22 -05:00
Joakim Erdfelt 407b564320 Issue #4000 - adding unit test for raw Resource access for unicode file.
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-08-19 12:52:43 -05:00
Olivier Lamy 95f7fddc59
ServletContext#setSessionTrackingModes must throw IAE if SSL and another mode (#3976)
* according to Javadoc and failing tck tests
ServletContext#setSessionTrackingModes
IllegalArgumentException - if sessionTrackingModes specifies a combination of SessionTrackingMode.SSL with a session tracking mode other than SessionTrackingMode.SSL

Signed-off-by: olivier lamy <oliver.lamy@gmail.com>

* test adding only SSL

Signed-off-by: olivier lamy <oliver.lamy@gmail.com>

* fixes from Jan review

Signed-off-by: olivier lamy <oliver.lamy@gmail.com>

* fix package order

Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
2019-08-19 12:54:05 +10:00
Olivier Lamy 7c0266af4c
this is not supposed to return null (#3998)
see https://javaee.github.io/javaee-spec/javadocs/javax/servlet/http/Part.html#getHeaders-java.lang.String-
this fix related tck test

Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
2019-08-19 10:08:21 +10:00
Greg Wilkins 9fce1e8512
Merge pull request #3993 from barabadzhi/patch-1
Add WebAssembly MIME type support
2019-08-19 08:09:48 +10:00
Bogdan Arabadzhi f14abdd600 Add WebAssembly MIME type support
Signed-off-by: Bogdan Arabadzhi <bogdan.today@gmail.com>
2019-08-17 12:02:03 +02:00
Joakim Erdfelt 1254f6eb67 Issue #3985 - Fixing RequestTest
+ Moving overly bad cookie to CookieCutter_LenientTest
+ Changing expectation in RequestTest.testCookie()

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-08-16 15:57:26 -05:00
Joakim Erdfelt 472ede48cd Issue #3983 - JarFileResource directory listing is invalid
+ Correcting encoded path searching
+ Adding more unit tests to ensure no regression

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-08-16 15:48:42 -05:00
Joakim Erdfelt f65e59cadf Issue #3983 - Modernizing JarResourceTest
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-08-16 15:13:53 -05:00
Joakim Erdfelt fba010d33d Issue #3985 - Updates to CookieCutter to reject no-equal cookies
* If a cookie has no value it is rejected and not stored.
  - `name` is rejected
  - `name=` is accepted, with empty value

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-08-16 13:11:40 -05:00
Joakim Erdfelt eaf2263053 Issue #3985 - Testcase for CookieCutter parsing issue of bad cookie
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-08-15 17:58:53 -05:00
Chris Walker d6bd6e6e32
Updated security reports for HTTP/2 fix in #2722 2019-08-15 10:55:12 -04:00
Joakim Erdfelt 50b524bb6b Merge branch `release-9.4.20` into `jetty-9.4.x` 2019-08-15 07:27:25 -05:00