Some require transitive was missing, and has been added.
In other cases, making a field private (e.g. for log instances) made the warning go away.
In another case, removed explicit dependency on websocket core exception, as it was not necessary.
Clean up the POMs for jetty-eeN-annotations, that had unnecessary dependencies.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Fix#11811 insensitive header name set
Fix#11811 insensitive header name set by:
+ Using a EnumSet and TreeSet to ensure no duplicates in the set
+ Using an ArrayList to preserve the ordering (not necessary, but useful).
* updates from review
* Implemented servlet 6.1 redirect with content
Added option for server to generate a short html redirect body content, as per RFC9110 (default false)
Allowed an aggregated servlet response content to be used if clear is false.
* Redirect is a noop in include
* Fixed init order
This style of extensibility (calling virtuals from constructors) is very fragile.
* Update javadoc from review
Also update EE10 to also noop included response methods
* Update javadoc from review
Also update EE10 to also noop included response methods
* Update javadoc from review
Also update EE10 to also noop included response methods
* Update jetty-ee11/jetty-ee11-servlet/src/main/java/org/eclipse/jetty/ee11/servlet/ServletApiResponse.java
Co-authored-by: Jan Bartel <janb@webtide.com>
* Updating ee11 jsp-impl to 11.0.0-M19
* Updates from review
* updates from review
* Update jetty-core/jetty-server/src/main/java/org/eclipse/jetty/server/Response.java
Co-authored-by: Simone Bordet <simone.bordet@gmail.com>
---------
Co-authored-by: Jan Bartel <janb@webtide.com>
Co-authored-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Co-authored-by: Simone Bordet <simone.bordet@gmail.com>
* #11687 make HttpFields.Mutable.Wrapper.computeField() call onRemoveField() and remove the field when null is returned by computeFn
* #11687 replace IAE with NPE
* #11687 replace collect(Collectors.toList()) with toList()
---------
Signed-off-by: Ludovic Orban <lorban@bitronix.be>
* implemented changes to CACHE and parseFields to handle OWS properly for all UNMATCHED_VALUE headers.
* added 3 new OWS test cases (that fail in 12.0.x HEAD btw) to handle this OWS case.
* Issue #11567 - fix relative path for resourceBase set in DefaultServlet
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
* Remove the ResourceFactory adaption from between baseResource and a HttpContent.Factory
* Remove toURI usage
* ensure ee9 DefaultServlet encodes the pathInContext
* Moved toURI functionality to ResourceFactory
* use context baseResource if baseResource not set
* removed usages of URIUtil.split
* fixed javadoc
* updates from review
* updates from review
* updates from review
* updates from review
* fixed resource leak in test
* fixed resource leak in test
* updates from review
* Fixes to URIUtil for Windows (#11585)
* Fixes for Windows
* Remove test that is not needed
* inlined resolveOrNew
---------
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
Co-authored-by: Lachlan Roberts <lachlan@webtide.com>
Co-authored-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Refactorings to rationalize and simplify how we do IO with resources internally by introducing the IOResources helper.
Signed-off-by: Ludovic Orban <lorban@bitronix.be>
* Issue #11495 - Add UriCompliance rules that follow the HTTP / URI / Servlet specs for illegal & suspicious characters
* more illegalPathCharacterData test cases
* Correcting SUSPICIOUS_PATH_CHARACTERS semantic (encoded and decoded)
* Check for illegal and suspicious characters as we are parsing the path.
* Only look for ambiguous paths if we know there are dots or encodings.
---------
Co-authored-by: gregw <gregw@webtide.com>
* Introduced ThreadIdPool and replaced ThreadLocal with it
* Modified ReservedThreadExecutor to be backed by a ThreadIdPool of semaphores
Signed-off-by: Ludovic Orban <lorban@bitronix.be>
Co-authored-by: Simone Bordet <simone.bordet@gmail.com>
Co-authored-by: gregw <gregw@webtide.com>
Co-authored-by: Ludovic Orban <lorban@bitronix.be>
Use ByteBuffer.getLong to look for entire request (GET / HTTP/1.1) or response (HTTP/1.1 200 OK) line with 2 long lookups. Failing that, a single long lookup is sufficient to determine the common methods and/or HttpVersion.
* Cleanup generator also
* Added a fallback int lookup
* HttpURI toURI passes all info
Fix#11465 and #7750
HttpURI.toURI user and fragment are retained.
Use to URI(String) constructor, as all URI constructors will parse the URI anyway.
* HttpURI toURI passes all info
Fix#11465 and #7750
HttpURI.toURI user and fragment are retained.
Use to URI(String) constructor, as all URI constructors will parse the URI anyway.
* Issue #11387: Reintroduce MultiPartCompliance.LEGACY in ee9/ee8
* Correcting javadoc
* Updating MultiPartCaptureTest to ...
* Test with MultiPartFormData.Parser and MultiPart.Parser
* Enable all test cases
* base64 behaviors modified to not auto-decode base64 content
* forms submitted without `_charset_` part (some using a different
charset than UTF-8, like `Shift_JIS`)
* Fixing checkstyle warning
* Re-enable Part-ContainsContents expectations
* Rename MultiPartCompliance.NO_CRLF_AFTER_PREAMBLE to WHITESPACE_BEFORE_BOUNDARY to fit spec better
* Make ee9/ee8 legacy parser use legacy tokenization
* Testing ee9/ee8 legacy parser base64 auto-decoding behaviors
* Cleanup jetty-test-multipart class naming
* Adding ee10 tests against raw multipart examples
* Adding shorter whitespace multipart test
* Adding jetty-core version of failing ee10 tests
* Fixed missed notification for CR content in case of 1 chunk ending with CR and the next chunk ending with LF.
* Removed internal unused class MultiPartParser.
* Adding MultiPartCompliance.Violation events
+ in MultiPart.Parser
+ in MultiPartFormData.Parser
* lenient mode behavior
* new name fits violation better
+ adding violation to MultiPart.Parser.parseHeaderStart
* some simple cleanup of new ee9 code
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Co-authored-by: Simone Bordet <simone.bordet@gmail.com>
Fixed case in MultiPart.Parser where a small chunk contains part of the boundary.
Added and fixed related tests.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Co-authored-by: Simone Bordet <simone.bordet@gmail.com>
* Issue #11414 - use HttpURI instead of URIUtil to have a single point of spec behavior
* Issue #11414 - enforce lowercase scheme in HttpConfiguration.secureScheme
* Issue #11414 - Scheme produced on `Location` header is lowercase
* Issue #11414 - Scheme to lowercase
* Issue #11414 - Scheme to lowercase
* Revert change to HttpClient
* Added schema port knowledge to URIUtil
* Fixed tests for normalized URIs
* updates from review
* updates from review
* Fix tests
* Restored methods as deprecated
* More testing
---------
Co-authored-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
* In ServletChannel, in COMPLETE state, there was a check comparing the number of bytes written with that declared by Content-Length.
Unfortunately the check was wrong in case of gzip, because it was comparing the application length with the gzipped length, resulting in a late sendErrorOrAbort() that was an abort() because the response was already fully sent.
Furthermore, if sendErrorOrAbort() was actually an abort(), there was an unnecessary attempt to complete the output.
* In GzipHandlerResponseAndCallback there were 2 last writes: one when the application calls output.close(), and one when the callback is succeeded.
Furthermore, when no content needs to be written, it was still compressed, causing an IOException in ChannelResponse (again when double-checking the bytes written, since Content-Length was 0, but the gzip header and trailer were written).
* Updates semantic of when to add the "Vary" header.
Now it is always only added by GzipHandler, when it would be possible to generate a response that might be compressed (even if it will not).
* Added *.bz2 mime-type.
Updated GzipHandler with the correct mime-type for *.bz2: application/x-bzip2.
* Improved checks for the number of bytes written against declared content-length.
This is necessary because welcome files are written by DefaultServlet (most of the times) bypassing the Servlet classes, using ServletContextResponse directly.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Co-authored-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
+ Introduce new events on `ComplianceViolation.Listener`
+ Introduce new `ComplianceViolation.Listener.initialize()` to allow for a new Listener at the appropriate time (to support per-request listeners)
+ Introduce new `ComplianceViolation.CapturingListener`
+ Introduce new `HttpConfiguration.(add/remove/get)ComplianceViolationListener()` methods.
+ Deprecate/Remove handling of `recordComplianceViolations` in `HttpConnection` and `HttpConnectionFactory` classes.
+ Produce warnings if use of `ComplianceViolation.Listener` as beans is still present.
+ Add `ComplianceViolation.Listener` support to `UriCompliance` locations.
+ Add `ComplianceViolation.Listener` support to `MultiPartCompliance` locations.
+ Add `ComplianceViolation.Listener` support to `CookieCompliance` locations.
+ Add `ComplianceViolation.Listener` support to `HttpCompliance` locations in HTTP/2 and HTTP/3
---------
Co-authored-by: gregw <gregw@webtide.com>
Jan Bartel
Simone Bordet
Greg Wilkins
Joakim Erdfelt
Lachlan Roberts
Ludovic Orban