Fix#6870 URIUtil.encodePath encodes control characters
* Better test for wider range of characters
* Encode all control characters
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Fix#6860 IPv6 format by adding an extensible HttpChannel method
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Co-authored-by: Lachlan Roberts <lachlan@webtide.com>
* Fixes#6603 - HTTP/2 max local stream count exceeded (#6639)
Made MAX_CONCURRENT_STREAMS setting work on a per-connection basis.
Updated Pool javadocs.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Co-authored-by: Greg Wilkins <gregw@webtide.com>
(cherry picked from commit 525fcb3119)
Issue #5684 - Window's test overhaul
+ Migrate from @DisabledOnOs(WINDOWS) to assumptions on capabilities instead.
+ Fix other outstanding windows testing issues.
+ Cleanup FileBufferedResponseHandlerTest expectations on Windows.
+ PathWatcher scan interval is variable on windows
+ If unable to start testcase based on assumption,
the stop shouldn't fail testcase
+ Increase various wait timeouts
+ Make tests less strict due to system speed issues
+ Disable Sni tests due to TLS behaviors differences in Windows
+ Windows TLSv1.3 seems to introduce this difference
+ If we restrict to TLSv1.2 this passes.
+ On Linux TLSv.13 on client side will always return a
+ javax.net.ssl.SSLHandshakeException in those test cases that expect it.
+ However, on Windows, Only the TLSv1.2 implementation will return a javax.net.ssl.SSLHandshakeException,
+ All other TLS versions on Windows will result in a
+ javax.net.ssl.SSLException: Software caused connection abort: recv failed
+ Disable ConcurrentStreamCreationTest
+ Not possible to create all of these streams.
+ Fixing DeploymentTempDirTest
+ Using unique workdir per testcase.
+ Don't expect to delete files / directories between tests
(not supported on windows due to file locking anyway)
+ Fixing line ending difference on windows
+ InvalidPathException is a 404 Not Found
+ Cannot reuse test directory between runs due to memory mapped files that are still in use from previous run.
+ java.nio.file.FileSystemException: C:\code\jetty.project\jetty-webapp\target\tests\welcome#\index.html: The requested operation cannot be performed on a file with a user-mapped section open.
at java.base/sun.nio.fs.WindowsException.translateToIOException(WindowsException.java:92)
at java.base/sun.nio.fs.WindowsException.rethrowAsIOException(WindowsException.java:103)
at java.base/sun.nio.fs.WindowsException.rethrowAsIOException(WindowsException.java:108)
at java.base/sun.nio.fs.WindowsFileSystemProvider.newByteChannel(WindowsFileSystemProvider.java:235)
at java.base/java.nio.file.spi.FileSystemProvider.newOutputStream(FileSystemProvider.java:478)
at java.base/java.nio.file.Files.newOutputStream(Files.java:220)
at org.eclipse.jetty.webapp/org.eclipse.jetty.webapp.WebAppDefaultServletTest.prepareServer(WebAppDefaultServletTest.java:84)
+ As is typical on windows, we are often unable to delete a file due to file locking issues.
+ Use a unique resource base between tests.
This is to avoid file locking behaviors that prevent the
resource base from being reused too quickly on windows.
+ Prevent test run if symlinks not supported
+ Allowing for Windows slosh char as well in asserts
+ SelectorUtils is File.separator dependent
+ Regex is now FS.separator independent
+ Using SelectorUtils from plexus correctly for include/exclude
+ Turning off mapped files for testing reasons.
+ Fix and re-enable RFC2616NIOHttpsTest
+ Issue #6552 - Fix test failures due to slf4j dep
+ Issue #6552 - upgrade testcontainers
+ Issue #6552 - move to assumption based docker existence
+ Issue #6552 - Fix enforcer rule violation on jna.
Addresses the following side effect of upgrading testcontainers.
[WARNING] Rule 3: org.apache.maven.plugins.enforcer.RequireUpperBoundDeps failed with message:
Failed while enforcing RequireUpperBoundDeps. The error(s) are [
Require upper bound dependencies error for net.java.dev.jna:jna:5.6.0 paths to dependency are:
+-org.eclipse.jetty:infinispan-remote-query:10.0.7-SNAPSHOT
+-org.testcontainers:testcontainers:1.16.0
+-com.github.docker-java:docker-java-transport-zerodep:3.2.11
+-net.java.dev.jna:jna:5.6.0 (managed) <-- net.java.dev.jna:jna:5.8.0
+ use annotation to disable test when docker not available and needed
+ Disabling FileSessionDistributionTests.stopRestartWebappTestSessionContentSaved on Windows
+ Using TLS basic
+ Programmatic removal of memory mapped behavior during testing
+ Fixing slf4j warning
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Co-authored-by: Olivier Lamy <oliver.lamy@gmail.com>
Fixed occurrences of Callbacks that did not override getInvocationType() to properly declare whether they block or not.
Added test case for blocking writes for both client and server.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
(cherry picked from commit 9897c1b06e)
Java 17 only allows letter|digit|hyphen characters for SNI names.
While we could bypass this restriction on the client, when the SNI bytes arrive to the server they will be verified and if not allowed the TLS handshake will fail.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
(cherry picked from commit 693663a4ce)
A call to offer must never block, nor even yield, since to do so give an opportunity for the allocated CPU core to change, defeating the whole purpose of the class.
There is also some reasonable level of diagnostic warnings if a reserved thread misses too many offers consecutively, based on tracking the state of the reserved thread.
Remove the stack data structure entirely. ReservedThreads all poll the same SynchronousQueue and tryExecute does a non blocking offer.
Added test for busy shrinking
Remember last time we hit zero reserved threads
Co-authored-by: Simone Bordet <simone.bordet@gmail.com>
Issue #6473 - canonicalPath refactor & fix alias check in PathResource
* Reverted %-escape handling for URI query parts.
* Performing canonicalization in ServletContext.getResource(),
and improving alias checking in ContextHandler.getResource().
* Performing canonicalization checks in Resource.addPath() to avoid
navigation above of the root.
* Test added and fixed.
* Various cleanups.
* Improved javadoc and comments
* Compliance mode HttpURI uses UriCompliance.Violation
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Co-authored-by: Greg Wilkins <gregw@webtide.com>
* Fixes#6410 - Use SocketAddress instead of InetSocketAddress.
Removed usages of InetSocketAddress in method signatures where possible.
Deprecated old methods, and added new methods with SocketAddress.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Rename EWYK to AdaptiveExecutionStrategy, which better represents the nature of the strategy.
Updated the documentation
Refactored substrategy selection for code clarity.
Added notes about chaining strategies and thread starvation
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Co-authored-by: Simone Bordet <simone.bordet@gmail.com>
* Fix#6114 Deploy symlink webapps
Use Path.toRealPath rather than getCanonicalPath in the Scanner
Make following symlinks configurable
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Fixes#6276 - Support non-standard domains in SNI and X509. (#6296)
Improved support for IP addresses in X509 (after #5379).
Introduced SslContextFactory.Client.SniProvider to allow applications to specify the SNI names to send to the server.
Improved logging of SNI processing.
Skip X509 matching over IP addresses when the host does
not look like an IP address, to avoid reverse DNS lookup.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
(cherry picked from commit 04df6d4ec2)
Updated the logic in SslContextFactory.Server.sniSelect(...) to check if there is
any certificate that matches, and if so return a null alias in the hope to be called
again and pick the right alias for the SNI.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
(cherry picked from commit 68296911b7)
Added null guard for `ExtendedSSLSession.getRequestedServerNames()`
which should never return null, but it does when using Conscrypt.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
FileBufferedResponseHandler adds an HttpOutput.Interceptor to buffer all responses into a file until the output is closed. This allows the commit to be delayed until the response is complete and thus headers and response status can be changed while writing the body.
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
Use Files.isSameFile to check Resource equality
Avoid using canonical and instead use Files.isSameFile
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Co-authored-by: Ludovic Orban <lorban@bitronix.be>
Fix#5835 Durable filters and servlets with a general ServletHandler cleanup
update indexes after updating mapping
update mappings/indexes before destroyed listeners
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Now matching certificates are sorted, non-wildcard first, so that a more specific alias is returned.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Handle URIs by first resolving relative paths and then decoding.
Added compliance mode to return 400 if there are ambiguous path segments.
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Fixes#5902 - Grab Jetty startup output in documentation.
Implemented an Asciidoctor extension that uses `JettyHomeTester` to run
Jetty and capture its output.
This extension is triggered by the `ServiceLoader` mechanism, so the
documentation jar is now in the plugin classpath.
Introduced `jetty-halt.xml` so that the JVM can be halted.
In this way, Jetty does not produce the "stopping" log lines and
therefore they won't be grabbed and included in the documentation.
Used the new `include::jetty[]` directive in the documentation.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Co-authored-by: Greg Wilkins <gregw@webtide.com>
* Issue #5870 Windows URI case comparison fails
Signed-off-by: Jan Bartel <janb@webtide.com>
* Issue #5870 - Updating Windows tests
+ Eliminating OS.MAC (as it doesn't support drive letters)
+ Adding alt URI syntax version as well
Co-authored-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
* Issue #5830 Remove native classes from PathWatcher.
Removed use of com.sun.nio.file.SensitivityWatchEventModifier, no longer needed.
This has the desirable side-effect of getting rid of com.sun.nio.file package imports.
Signed-off-by: Jan Bartel <janb@webtide.com>
Changed the AbstractConnectionPool.acquire() logic to call tryCreate() even
when create=false.
This is necessary when e.g. a sender thread T2 with create=true steals a
connection whose creation was triggered by another sender thread T1.
In the old code, T2 did not trigger the creation of a connection, possibly
leaving a request queued.
In the new code, T2 would call tryCreate(), possibly triggering
the creation of a connection.
This change re-introduces the fact that when sending e.g. 20 requests
concurrently, 20+ connections may be created.
However, it is better to err on creating more than creating less and leaving
requests queued.
Further refactoring moved field pending from Pool to AbstractConnectionPool.
As a consequence, AbstractConnectionPool.tryCreate() now performs a
demand/supply calculation to decide whether to create a new connection.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Co-authored-by: Greg Wilkins <gregw@webtide.com>