This makes the default configuration more secure and explicitly requires configuration from users.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Fix#10805 zero dynamic table (#11445)
* Added test for #10805 Zero Dynamic Table
* fixed file header
* Added test for #10805 Zero Dynamic Table
* Fix for #10805 Zero Dynamic Table
Set the correct default size for the table.
Always send the max table size on the first encode
* updated file header
Signed-off-by: gregw <gregw@webtide.com>
---------
Signed-off-by: gregw <gregw@webtide.com>
* Issue #11387: Reintroduce MultiPartCompliance.LEGACY in ee9/ee8
* Correcting javadoc
* Updating MultiPartCaptureTest to ...
* Test with MultiPartFormData.Parser and MultiPart.Parser
* Enable all test cases
* base64 behaviors modified to not auto-decode base64 content
* forms submitted without `_charset_` part (some using a different
charset than UTF-8, like `Shift_JIS`)
* Fixing checkstyle warning
* Re-enable Part-ContainsContents expectations
* Rename MultiPartCompliance.NO_CRLF_AFTER_PREAMBLE to WHITESPACE_BEFORE_BOUNDARY to fit spec better
* Make ee9/ee8 legacy parser use legacy tokenization
* Testing ee9/ee8 legacy parser base64 auto-decoding behaviors
* Cleanup jetty-test-multipart class naming
* Adding ee10 tests against raw multipart examples
* Adding shorter whitespace multipart test
* Adding jetty-core version of failing ee10 tests
* Fixed missed notification for CR content in case of 1 chunk ending with CR and the next chunk ending with LF.
* Removed internal unused class MultiPartParser.
* Adding MultiPartCompliance.Violation events
+ in MultiPart.Parser
+ in MultiPartFormData.Parser
* lenient mode behavior
* new name fits violation better
+ adding violation to MultiPart.Parser.parseHeaderStart
* some simple cleanup of new ee9 code
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Co-authored-by: Simone Bordet <simone.bordet@gmail.com>
Now catching and rethrowing XmlConfigurationException with details about the XML file location.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Co-authored-by: Simone Bordet <simone.bordet@gmail.com>
* Added null guard.
* Avoid executing the event actions in case the response is either complete or (new change) terminated.
Signed-off-by: Ludovic Orban <lorban@bitronix.be>
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Co-authored-by: Simone Bordet <simone.bordet@gmail.com>
* Improve jetty-util on Windows
* Enable ATOMIC_MOVE on Resource.copyTo()
* Add reference to Resource impl in exception.
* Attempting to address sneaky Windows path strings that look like URIs
* Deprecate URIUtil.correctFileURI in favor of new URIUtil.correctURI method
Removed the call to `ServletChannel.abort()` from the write callback.
As the write was issued from `ServletChannel.handle()` case COMPLETE, it was eventually calling `ServletChannelState.completed(Throwable)`, which is expecting the requestState to be COMPLETING.
However, calling `abort()` would set the requestState to COMPLETED, causing the IllegalStateException.
There should be no need to call `abort()` from the callback of failed writes, since failing the various callbacks should be enough, eventually failing the `HttpStream`, which would take care of tearing down the connection (HTTP/1) or the stream (HTTP/2+).
Now aborting the response from ServletChannelState.completed(Throwable).
Fixed SizeLimitHandler exception message.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Introduced oej.io.Transport as the abstraction for the low-level transport of high-level protocols.
Now protocols such as HTTP/1.1 or HTTP/2 can be transported over TCP, QUIC, Unix-Domain, memory, and possibly over other low-level custom protocols too.
* Introduced oej.client.Request.transport(Transport) to specify Transport for each request.
* Introduced Transport to [HTTP2Client|HTTP3Client].connect(...) methods.
* Introduced [Client|Server]QuicConfiguration so that it can be used in other Connectors such as MemoryConnector.
* Introduced oej.server.MemoryConnector and EndPoint.Pipe for memory communication between peers, along with a MemoryTransport.
* Introduced QuicTransport as a wrapper for other Transports, so that QUIC can now also be transported over memory.
* Improved javadocs and documentation.
* Removed usage of ClientConnector.forUnixDomain() from FastCGIProxyServlet (ee10 and ee9).
* Replaced usage of HTTP3ServerConnector with QuicServerConnector in jetty-http3.xml.
* Fixed handling of Instruction notifications in case of re-entrance.
Now first clear the list, then notify to avoid that when re-entering the same instruction is notified multiple times.
* Introduced ContentSourceRequestContent, and updated ProxyHandler to use it.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
#10226
- fix HttpClientIdleTimeoutTest to wait for server's idle timeout before checking for leaks
- improve HttpClientIdleTimeoutTest by making it upload some content
- fix FCGI server leak caused by idle timeout
- fix H3 server leak caused by idle timeout
Signed-off-by: Ludovic Orban <lorban@bitronix.be>
* Experiment with ArrayByteBufferPool
No overall size accounting
reserved buffer release always checks max memory
released buffers check max memory 1% of the time.
only a single thread can check memory at once.
single pass through buckets so no looping forever.
* Experiment with ArrayByteBufferPool
updates from review
* JMH updates
* updates from review
* Fixed comments.
Fixed call to recordEvict().
Removed unused methods.
Method getAvailable*Memory() no longer JMX-enabled, as they are the same as get*Memory().
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
---------
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Co-authored-by: Simone Bordet <simone.bordet@gmail.com>
Now the calls to the upper layer produce tasks that are fed to the ExecutionFactory in HTTP2Connection.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Fixed case in MultiPart.Parser where a small chunk contains part of the boundary.
Added and fixed related tests.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Co-authored-by: Simone Bordet <simone.bordet@gmail.com>
Fixed by using an enum and expression switch to avoid using string constants that may become obsolete.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Issue #11414 - use HttpURI instead of URIUtil to have a single point of spec behavior
* Issue #11414 - enforce lowercase scheme in HttpConfiguration.secureScheme
* Issue #11414 - Scheme produced on `Location` header is lowercase
* Issue #11414 - Scheme to lowercase
* Issue #11414 - Scheme to lowercase
* Revert change to HttpClient
* Added schema port knowledge to URIUtil
* Fixed tests for normalized URIs
* updates from review
* updates from review
* Fix tests
* Restored methods as deprecated
* More testing
---------
Co-authored-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
* Fixes#11371 - Review ArrayByteBufferPool eviction.
* Eviction is now performed on release(), rather than acquire().
* Memory accounting is done on release(), rather than acquire().
This is because we were always exceeding the memory usage on acquire(), by returning a non-pooled buffer.
We only need to account for what is idle in the pool, and that is done more efficiently on release(), and it is leak-resistant (i.e. if the buffer is not returned, the memory is already non accounted for, keeping the pool consistent).
* Released entries now give precedence to Concurrent.Entry, rather than Queued.Entry, so the queued pool is always kept at minimum size.
* Changed eviction algorithm to be simpler: one pass through the buckets excluding the current, trying to remove idle buffers until enough memory is recovered.
If successful, the buffer being released is pooled, otherwise it is also discarded.
* Added detailed statistics to ArrayByteBufferPool.RetainedBuckets.
* Added statisticsEnabled property in Jetty module bytebufferpool.mod.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Removed toString() override that was not calling super, to restore printing the total number of keys in dumps.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>