Commit Graph

29506 Commits

Author SHA1 Message Date
Simone Bordet 561b8da4dd Changed CrossOriginHandler default to allow no origin and no credentials.
This makes the default configuration more secure and explicitly requires configuration from users.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2024-02-29 15:47:20 +01:00
Joakim Erdfelt 4aeec060ac
Fixing merge - removing double/nested hasViolations() check 2024-02-28 08:53:42 -06:00
gregw ee8823bd57 Merge remote-tracking branch 'origin/jetty-11.0.x' into jetty-12.0.x
# Conflicts:
#	jetty-core/jetty-http2/jetty-http2-tests/src/test/java/org/eclipse/jetty/http2/tests/DynamicTableTest.java
2024-02-28 14:41:32 +01:00
Greg Wilkins 686dd88c3a Fix #10805 zero dynamic table (#11445) (#11452)
* Fix #10805 zero dynamic table (#11445)

* Added test for #10805 Zero Dynamic Table

* fixed file header

* Added test for #10805 Zero Dynamic Table

* Fix for #10805 Zero Dynamic Table

Set the correct default size for the table.
Always send the max table size on the first encode

* updated file header

Signed-off-by: gregw <gregw@webtide.com>

---------

Signed-off-by: gregw <gregw@webtide.com>
2024-02-28 14:39:06 +01:00
Joakim Erdfelt 1bba3cd41e
Merge pull request #11455 from jetty/fix/12.0.x/webinfconfig.unpack.protection
Improve DEBUG during WebInfConfiguration.unpack
2024-02-28 04:17:38 -08:00
Joakim Erdfelt 97cb50ead9
Improve Error messages for Ambiguous URIs (#11457)
* Some testing of HttpURI for Issue #11448
* Issue #11448 - improved stacktrace message for ambiguous URI
2024-02-28 06:15:56 -06:00
Joakim Erdfelt 98ceb73cc6
Issue #11387: Reintroduce MultiPartCompliance.LEGACY in ee9/ee8 (#11388)
* Issue #11387: Reintroduce MultiPartCompliance.LEGACY in ee9/ee8
* Correcting javadoc
* Updating MultiPartCaptureTest to ...
  * Test with MultiPartFormData.Parser and MultiPart.Parser
 * Enable all test cases
    * base64 behaviors modified to not auto-decode base64 content
    * forms submitted without `_charset_` part (some using a different
       charset than UTF-8, like `Shift_JIS`)
* Fixing checkstyle warning
* Re-enable Part-ContainsContents expectations
* Rename MultiPartCompliance.NO_CRLF_AFTER_PREAMBLE to WHITESPACE_BEFORE_BOUNDARY to fit spec better
* Make ee9/ee8 legacy parser use legacy tokenization
* Testing ee9/ee8 legacy parser base64 auto-decoding behaviors
* Cleanup jetty-test-multipart class naming
* Adding ee10 tests against raw multipart examples
* Adding shorter whitespace multipart test
* Adding jetty-core version of failing ee10 tests
* Fixed missed notification for CR content in case of 1 chunk ending with CR and the next chunk ending with LF.
* Removed internal unused class MultiPartParser.
* Adding MultiPartCompliance.Violation events
  + in MultiPart.Parser
  + in MultiPartFormData.Parser
* lenient mode behavior
* new name fits violation better
+ adding violation to MultiPart.Parser.parseHeaderStart
* some simple cleanup of new ee9 code

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Co-authored-by: Simone Bordet <simone.bordet@gmail.com>
2024-02-27 15:09:26 -06:00
Joakim Erdfelt 54aaa3a398
Improve DEBUG during WebInfConfiguration.unpack 2024-02-27 10:15:24 -06:00
Joakim Erdfelt 2803f5a872
Fixes #11270 - Improve XmlConfiguration reporting of Resource location during error (#11345)
Now catching and rethrowing XmlConfigurationException with details about the XML file location.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Co-authored-by: Simone Bordet <simone.bordet@gmail.com>
2024-02-27 16:39:28 +01:00
Ludovic Orban 1e6240e2f4
Fix NPE in HttpReceiverOverHTTP2.read() when the channel's stream is null (#11443)
* Added null guard.
* Avoid executing the event actions in case the response is either complete or (new change) terminated.

Signed-off-by: Ludovic Orban <lorban@bitronix.be>
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Co-authored-by: Simone Bordet <simone.bordet@gmail.com>
2024-02-27 15:59:17 +01:00
Jan Bartel 06d4b6ff13
Re-enable GZIP module tests (#11450) 2024-02-27 13:40:32 +01:00
Joakim Erdfelt bb646ed085
Improve jetty-util on Windows (#11440)
* Improve jetty-util on Windows
* Enable ATOMIC_MOVE on Resource.copyTo()
* Add reference to Resource impl in exception.
* Attempting to address sneaky Windows path strings that look like URIs
* Deprecate URIUtil.correctFileURI in favor of new URIUtil.correctURI method
2024-02-27 06:32:44 -06:00
Joakim Erdfelt 866f44584c
Issue #11361 - UriCompliance.checkUriCompliance improvements (#11444)
* Issue #11361 - UriCompliance.checkUriCompliance improvements
2024-02-27 06:32:07 -06:00
Lachlan d3f19bb947
Merge pull request #11402 from jetty/jetty-12.0.x-11398-WebSocket-CloseChannelException
Issue #11398 - allow frames to be demanded in WebSocket onOpen
2024-02-27 17:11:53 +11:00
Lachlan 4f1401438a
Merge pull request #11433 from jetty/fix/jetty-12.0.x/11278-symlink-dir-listing
Issue #11278 - fix 500 response when trying to display symlinked directory
2024-02-27 17:10:55 +11:00
Simone Bordet 6facb0f7f5
Fixes #11370 - IllegalStateException when last write fails. (#11439)
Removed the call to `ServletChannel.abort()` from the write callback.

As the write was issued from `ServletChannel.handle()` case COMPLETE, it was eventually calling `ServletChannelState.completed(Throwable)`, which is expecting the requestState to be COMPLETING.
However, calling `abort()` would set the requestState to COMPLETED, causing the IllegalStateException.

There should be no need to call `abort()` from the callback of failed writes, since failing the various callbacks should be enough, eventually failing the `HttpStream`, which would take care of tearing down the connection (HTTP/1) or the stream (HTTP/2+).

Now aborting the response from ServletChannelState.completed(Throwable).
Fixed SizeLimitHandler exception message.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2024-02-26 17:27:20 +01:00
Simone Bordet 24c1140917
Fixes #8979 - Jetty 12 - HttpClientTransport network "modes". (#11368)
* Introduced oej.io.Transport as the abstraction for the low-level transport of high-level protocols.
Now protocols such as HTTP/1.1 or HTTP/2 can be transported over TCP, QUIC, Unix-Domain, memory, and possibly over other low-level custom protocols too.
* Introduced oej.client.Request.transport(Transport) to specify Transport for each request.
* Introduced Transport to [HTTP2Client|HTTP3Client].connect(...) methods.
* Introduced [Client|Server]QuicConfiguration so that it can be used in other Connectors such as MemoryConnector.
* Introduced oej.server.MemoryConnector and EndPoint.Pipe for memory communication between peers, along with a MemoryTransport.
* Introduced QuicTransport as a wrapper for other Transports, so that QUIC can now also be transported over memory.
* Improved javadocs and documentation.
* Removed usage of ClientConnector.forUnixDomain() from FastCGIProxyServlet (ee10 and ee9).
* Replaced usage of HTTP3ServerConnector with QuicServerConnector in jetty-http3.xml.
* Fixed handling of Instruction notifications in case of re-entrance.
Now first clear the list, then notify to avoid that when re-entering the same instruction is notified multiple times.
* Introduced ContentSourceRequestContent, and updated ProxyHandler to use it.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2024-02-26 17:24:24 +01:00
Joakim Erdfelt 457fc416c6
Merge remote-tracking branch 'origin/jetty-11.0.x' into jetty-12.0.x 2024-02-26 09:35:35 -06:00
Joakim Erdfelt 76aa2155d4
Updating VERSION.txt for CVE 2024-02-26 09:35:27 -06:00
Joakim Erdfelt a8fc2f1383
Merge remote-tracking branch 'origin/jetty-10.0.x' into jetty-11.0.x 2024-02-26 09:35:13 -06:00
Joakim Erdfelt 00195c0b6b
Updating VERSION.txt for CVE 2024-02-26 09:34:59 -06:00
Joakim Erdfelt 62cb2c3448
Updating VERSION.txt for CVE 2024-02-26 09:34:35 -06:00
Jan Bartel a1cb4750d7
Jetty 12.0.x 11377 fix jettyhome osgi path (#11418)
* Issue #11377 fix jettyhome osgi path and  WebInfConfiguration.unpack for windows
2024-02-26 12:07:10 +01:00
Olivier Lamy 1ca1c968da
Fix parameter name which have been removed in recent version (#11446)
Signed-off-by: Olivier Lamy <olamy@apache.org>
2024-02-26 09:42:28 +01:00
Simone Bordet 535e772c7e Updated code to use new UnixDomain APIs explicitly, rather than via reflection.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2024-02-23 18:47:24 +01:00
Simone Bordet 9b64130ddc
Fixes #11432 - Review number of acceptor threads. (#11436)
Defaulted to 1.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2024-02-23 15:33:27 +01:00
Ludovic Orban efc2785014
Fix buffer leaks in FCGI and H3 `HttpClientIdleTimeoutTest` (#10432)
#10226
- fix HttpClientIdleTimeoutTest to wait for server's idle timeout before checking for leaks
- improve HttpClientIdleTimeoutTest by making it upload some content
- fix FCGI server leak caused by idle timeout
- fix H3 server leak caused by idle timeout

Signed-off-by: Ludovic Orban <lorban@bitronix.be>
2024-02-23 13:36:58 +01:00
Lachlan Roberts 5826e56666 PR #11433 - fix for symlink loops in Resource.getAllResources
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2024-02-23 15:44:01 +11:00
Lachlan Roberts 4ca044486e PR #11402 - move methods to original position in WebSocketConnection
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2024-02-23 11:18:17 +11:00
Joakim Erdfelt 1e5aa10f04
Issue #11441 - fix html on demos 2024-02-22 17:02:27 -06:00
Joakim Erdfelt bfac61cd89
Issue #11424 - Document default of `jetty.deploy.scanInterval` at `0` (#11437)
+ Update documentation and defaults in mod files
2024-02-22 14:25:01 -06:00
Lachlan Roberts 9234331d62 Issue #11278 - fix 500 response when trying to display symlinked directory
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2024-02-22 17:32:50 +11:00
Lachlan Roberts 436f4f8507 PR #11402 - changes for review
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2024-02-22 15:56:52 +11:00
Lachlan 33e00dc452
Merge pull request #11279 from jetty/jetty-12.0.x-11271-AliasCheckCombinedResource
Issue #11271 - fix use of AliasCheckers with CombinedResource
2024-02-22 08:48:54 +11:00
Greg Wilkins 750584bc85
Experiment with ArrayByteBufferPool performance (#11426)
* Experiment with ArrayByteBufferPool

No overall size accounting
reserved buffer release always checks max memory
released buffers check max memory 1% of the time.
only a single thread can check memory at once.
single pass through buckets so no looping forever.

* Experiment with ArrayByteBufferPool

updates from review

* JMH updates

* updates from review

* Fixed comments.
Fixed call to recordEvict().
Removed unused methods.
Method getAvailable*Memory() no longer JMX-enabled, as they are the same as get*Memory().

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>

---------

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Co-authored-by: Simone Bordet <simone.bordet@gmail.com>
2024-02-21 22:03:00 +01:00
Ludovic Orban 509ede1d85
Add jersey test module (#11423)
Add jersey test module

Signed-off-by: Ludovic Orban <lorban@bitronix.be>
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Co-authored-by: Simone Bordet <simone.bordet@gmail.com>
2024-02-21 22:00:07 +01:00
Simone Bordet f3b37bc277 Fixes #8887 - Jetty-12 client calls onDataAvailable with producing thread.
Now the calls to the upper layer produce tasks that are fed to the ExecutionFactory in HTTP2Connection.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2024-02-21 21:47:45 +01:00
Joakim Erdfelt 2d51170be2
Fixes #11310 - multipart parser dropping some relevant CR bytes in parts (#11409)
Fixed case in MultiPart.Parser where a small chunk contains part of the boundary.

Added and fixed related tests.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Co-authored-by: Simone Bordet <simone.bordet@gmail.com>
2024-02-21 21:43:26 +01:00
Danish Nawab f8601750f3
Fixes #11353 named virtual thread executor (#11430)
Introduced `VirtualThreads.getNamedVirtualThreadsExecutor(String namePrefix)` to allow users/libraries to name virtual threads if they so wish.
2024-02-21 21:38:58 +01:00
Simone Bordet 8fec190b9c Fixes #9341 - jetty-jmh 10.013 fails due to "java.lang.AssertionError: No trie for TernaryTrie"
Fixed by using an enum and expression switch to avoid using string constants that may become obsolete.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2024-02-21 15:18:47 +01:00
Ludovic Orban 3a6ad49271
Jetty 12: `ContextHandler.getTempDirectory()` does not respect the `Context.getTempDirectory()` contract (#11397)
#11396 fix ContextHandler.getTempDirectory() so it never returns null as the contract mandates

Signed-off-by: Ludovic Orban <lorban@bitronix.be>
2024-02-21 09:26:34 +01:00
Joakim Erdfelt aa5eff978c
Issue #11410 - PathMappingsHandler does not set Server on added handlers (#11412)
* PathMappingsHandler does not set Server on added handlers
2024-02-20 14:08:44 -06:00
Greg Wilkins f07d812698
Fix #11414 URI schema and port normalization (#11416)
* Issue #11414 - use HttpURI instead of URIUtil to have a single point of spec behavior

* Issue #11414 - enforce lowercase scheme in HttpConfiguration.secureScheme

* Issue #11414 - Scheme produced on `Location` header is lowercase

* Issue #11414 - Scheme to lowercase

* Issue #11414 - Scheme to lowercase

* Revert change to HttpClient

* Added schema port knowledge to URIUtil

* Fixed tests for normalized URIs

* updates from review

* updates from review

* Fix tests

* Restored methods as deprecated

* More testing

---------

Co-authored-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2024-02-20 20:12:55 +01:00
Simone Bordet d02406c164
Fixes #11371 - Review ArrayByteBufferPool eviction. (#11400)
* Fixes #11371 - Review ArrayByteBufferPool eviction.

* Eviction is now performed on release(), rather than acquire().
* Memory accounting is done on release(), rather than acquire().
This is because we were always exceeding the memory usage on acquire(), by returning a non-pooled buffer.
We only need to account for what is idle in the pool, and that is done more efficiently on release(), and it is leak-resistant (i.e. if the buffer is not returned, the memory is already non accounted for, keeping the pool consistent).
* Released entries now give precedence to Concurrent.Entry, rather than Queued.Entry, so the queued pool is always kept at minimum size.
* Changed eviction algorithm to be simpler: one pass through the buckets excluding the current, trying to remove idle buffers until enough memory is recovered.
If successful, the buffer being released is pooled, otherwise it is also discarded.
* Added detailed statistics to ArrayByteBufferPool.RetainedBuckets.
* Added statisticsEnabled property in Jetty module bytebufferpool.mod.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2024-02-20 11:02:11 +01:00
Simone Bordet 624ee584bd
Issue #6140 - SelectorManager total keys.
Removed toString() override that was not calling super, to restore printing the total number of keys in dumps.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2024-02-20 10:21:35 +01:00
Greg Wilkins 08174a3042
Fix #11401 StringBuilder rather than StringBuffer (#11406) 2024-02-19 14:52:17 +00:00
gregw 747da1bc74 Merge remote-tracking branch 'origin/jetty-11.0.x' into jetty-12.0.x 2024-02-19 15:06:41 +01:00
gregw d43c20eb54 Merge remote-tracking branch 'origin/jetty-10.0.x' into jetty-11.0.x
Signed-off-by: gregw <gregw@webtide.com>
2024-02-19 15:05:40 +01:00
gregw 82967d678e updated 9.4 in VERSION.txt
Signed-off-by: gregw <gregw@webtide.com>
2024-02-19 14:44:23 +01:00
Greg Wilkins b89c7ebefe
Do not throw from HttpChannelState.read() method (#11369)
Fixes #11363 by ensuring that read never throws, but instead returns an Error chunk.
2024-02-19 08:28:16 +00:00