* Now `HttpClient` removed the `Expect` header if there is no request content.
* Changed AbstractProxyServlet and ProxyHandler check for request content: now the Content-Type header is not taken into consideration.
* Now the server avoids sending the 100 Continue response if there is no request content.
* Now the request body is not defaulted if missing, but just kept null.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Changed ContentSender demand from iterate()+IDLE to succeeded()+SCHEDULED.
This ensures that there is no re-iteration in case a 100 Continue response arrives.
This, in turn, avoids that the demand is performed multiple times, causing ISE to be thrown.
* Changed the 100 Continue action of the proxy Servlet/Handler, that provides the request content, to be executed by the HttpSender, rather than by the HttpReceiver.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Some require transitive was missing, and has been added.
In other cases, making a field private (e.g. for log instances) made the warning go away.
In another case, removed explicit dependency on websocket core exception, as it was not necessary.
Clean up the POMs for jetty-eeN-annotations, that had unnecessary dependencies.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Issue #11495 - Add UriCompliance rules that follow the HTTP / URI / Servlet specs for illegal & suspicious characters
* more illegalPathCharacterData test cases
* Correcting SUSPICIOUS_PATH_CHARACTERS semantic (encoded and decoded)
* Check for illegal and suspicious characters as we are parsing the path.
* Only look for ambiguous paths if we know there are dots or encodings.
---------
Co-authored-by: gregw <gregw@webtide.com>
Reworked the ServletChannel.handle() SEND_ERROR case.
Now using the proper state changes to call ErrorHandler.handle(), which is asynchronous, so that IllegalStateExceptions are avoided.
Restored idle timeout tests in ee9/ee10 AsyncMiddleManServletTest.
Fixed notification of request destroyed in ErrorHandler: must be before completing the callback, since listener may call Servlet APIs that should see the ServletChannel state before the ErrorHandler callback changes it.
Updated ServletChannelState.isAsync() and isAsyncStarted().
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Fixes#10234
* Introduced transient failures in reads where a failure chunk has last=false.
* Transient failure now do not fail the handler callback.
* Improve eeN ContentProducer to more carefully assert transient and terminal errors + enable HttpInputIntegrationTest
* Do not add connection: close to the response when the error is transient
* Rework ChunksContentSource to support null chunks
* Added tests to verify the new transient failure cases
* Review all code that handles failure, and handling correctly transient failure, either by making them fatal, and/or by failing Content.Source.
Signed-off-by: Ludovic Orban <lorban@bitronix.be>
Signed-off-by: Olivier Lamy <olamy@apache.org>
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Co-authored-by: Ludovic Orban <lorban@bitronix.be>
Co-authored-by: Olivier Lamy <olamy@apache.org>
Co-authored-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Co-authored-by: Chad Wilson <chadw@thoughtworks.com>
Co-authored-by: Simone Bordet <simone.bordet@gmail.com>
Improve handling of SSL metadata in ConnectionMetaData, proxied connections and forwarded requests
+ Added an Attributes.Synthetic mechanism to better (and mor commonly) handle additional attributes, whilst meeting the new TCK requirement that they can be deleted or replaced.
+ Made SslSessionData a reusable type provided by EndPoint
+ Added the EndPoint.Securable subtype that can provide a SslSessionData instance for secure EndPoints
+ Updated ForwardedRequestCustomizer, SecureRequestCustomizer to understand Securable and SslSessionData
+ Javadocs improvements.
+ Removed unnecessary attribute constants in SecureRequestCustomizer.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
---------
Signed-off-by: Olivier Lamy <olamy@apache.org>
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Co-authored-by: Olivier Lamy <olamy@apache.org>
Co-authored-by: Simone Bordet <simone.bordet@gmail.com>
Introduced CompletableResponseListener, a replacement for FutureResponseListener that uses better APIs based on CompletableFuture.
Deprecated FutureResponseListener and replaced its usages.
Updated documentation.
Added tests for zipped request content.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Updating various old/moved URL references found across project (`jetty-10.0.x`) (#10098)
+ Now that the migration of `https://eclipse.org/jetty/` to `https://eclipse.dev/jetty/` has occurred, it is time to review the URI use in our project
+ Updated URLs in poms
+ Added more URIs to XmlConfiguration
+ Updated URLs in module files
+ Updated URLs in documentation
+ Updated URLs in HTML
+ Correcting bad double-scheme URLs (eg: `http://https://www.eclipse...`)
+ Updating text in *.mod files
+ Removing `/current/` from path `/jetty/documentation/current/`
+ Fixing mailing list URL
+ Fixing github URL references in jsps
---------
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
* Remove usage of instanceof Content.Chunk.Error
* Updated AsyncContent to accept a transient failures
* Updated AsyncContent to accept a transient failure with inputstream
* Deleted the Ut8fStringBuffer and Utf8Appendable classes in favour of just having Utf8StringBuilder
* Simplified the Utf8StringBuilder and CharsetStringBuilder APIs and improved their exception throwing.
* Allow for replacement characters without throwing
---------
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
Signed-off-by: gregw <gregw@webtide.com>
Co-authored-by: Lachlan Roberts <lachlan@webtide.com>
Co-authored-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
* Removed requestlog attributes that were never used.
* Code cleanups to remove usage of deprecated methods.
* Using MavenPaths.findTestResource* in ee9/ee10 tests to allow ee8 translation to function
* Fixed ClientCertAuthenticatorTest in both ee9 and ee10.
* Removed deprecated ClientCertAuthenticator in both ee9 and ee10.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Co-authored-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Added URIUtil.decodeSafePath for EE10, to allow for %2F and %25 to remain encoded in the servlet API.
Fixed async dispatch to also safeDecode
Updated tests to expect decoded space
Apply suggestions from code review
Co-authored-by: Simone Bordet <simone.bordet@gmail.com>
* Introduced ResponseListeners to reduce per-request allocation.
* Removed ResponseNotifier in favor of ResponseListeners.
* Introduced RequestListeners to reduce the per-request allocation.
* Removed RequestNotifier in favor of RequestListeners.
* Removed unnecessary sharing of HttpRequest.requestListeners.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Olivier Lamy
Simone Bordet
Joakim Erdfelt
Ludovic Orban
Greg Wilkins
Olivier Lamy