+ Updating tests to ensure that output is xml verified
+ Updating output to use `<hr>` element properly.
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Issue #6473 - canonicalPath refactor & fix alias check in PathResource
* Reverted %-escape handling for URI query parts.
* Performing canonicalization in ServletContext.getResource(),
and improving alias checking in ContextHandler.getResource().
* Performing canonicalization checks in Resource.addPath() to avoid
navigation above of the root.
* Test added and fixed.
* Various cleanups.
* Improved javadoc and comments
* Compliance mode HttpURI uses UriCompliance.Violation
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Co-authored-by: Greg Wilkins <gregw@webtide.com>
* Fixes#6410 - Use SocketAddress instead of InetSocketAddress.
Removed usages of InetSocketAddress in method signatures where possible.
Deprecated old methods, and added new methods with SocketAddress.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Reworked the total timeout handling.
* Now a CyclicTimeouts handles the exchanges in each HttpDestination,
and a CyclicTimeouts handles the exchanges in each HttpConnection
(rather than in HttpChannel).
* Now adjusting the total timeout for copied requests generated by
redirects and authentication.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
(cherry picked from commit 2e7d17400f)
* Remove WebSocketComponents & HouseKeeper on Server restart.
* Add testing for cleanup of websocket when stopping server.
* Add removeFilterHolder and removeFilterMapping methods on ServletHandler.
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
* Fixes#5306 - Default jetty.*.acceptors should be 1.
Changed the acceptor default to 1, with -1 calculating a value based on the number of cores.
Updated documentation.
Fixed a glitch in ManagedSelector.getMaxSelectedKeys() to return long, not double.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Updated the logic in SslContextFactory.Server.sniSelect(...) to check if there is
any certificate that matches, and if so return a null alias in the hope to be called
again and pick the right alias for the SNI.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
(cherry picked from commit 68296911b7)
Fix#6227 Async timeout dispatch race
Only allow the thread calling onTimeout to call dispatch and complete once timeout has expired.
Signed-off-by: Greg Wilkins <gregw@webtide.com>
FileBufferedResponseHandler adds an HttpOutput.Interceptor to buffer all responses into a file until the output is closed. This allows the commit to be delayed until the response is complete and thus headers and response status can be changed while writing the body.
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
Moved recording of bytes to fillRequestBuffer(),
so they are accounted also for async reads.
Added test case.
Fixed test that was too strictly comparing HttpConnection.bytesIn,
that now report a correct, but larger value.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
(cherry picked from commit aed20abcbe)
* Fixes for #5684
Simplified CyclicTimeoutTest#testBusy
InclusiveByteRange clears range list on errors
InclusiveByteRange is forgiving of tab separators and leading 0s
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Added `before` section to a module to control ordering
rename `options` section to `after`
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Co-authored-by: Simone Bordet <simone.bordet@gmail.com>
* add an easy way to configure useInputDirectByteBuffers/useOutputDirectByteBuffers for HttpConfiguration
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
Fix#5835 Durable filters and servlets with a general ServletHandler cleanup
update indexes after updating mapping
update mappings/indexes before destroyed listeners
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Now matching certificates are sorted, non-wildcard first, so that a more specific alias is returned.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Fix#4275 separate compliance modes for ambiguous URI segments and separators
default modes allows both ambiguous separators and segments, but still forbids ambiguous parameters
Co-authored-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
* More optional etag gzip fixes for #5979
IF no separator defined, do not add a suffix to an etag.
Some cleanup of the implementation.
* More optional etag gzip fixes for #5979
updates from review
* Fix#5979 by allowing a configurable etag separator.
Fix#5979 by allowing a configurable etag separator
* updates from review
* Updates from review
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Handle URIs by first resolving relative paths and then decoding.
Added compliance mode to return 400 if there are ambiguous path segments.
Signed-off-by: Greg Wilkins <gregw@webtide.com>
refactored the complete method to consider unrecoverable API states no matter what the httpout state
actually is. This avoid duplication of OPEN, CLOSING, CLOSED etc. handling.
Ensure that HttpInput is always closed to EOF, EarlyEOF or Error, so that non container threads doing blocking reads
will not block forever, even if late. Delay recycling of HttpInput until next request is received.
Introduced new properties jetty.sslContext.keyStoreAbsolutePath
and jetty.sslContext.trustStoreAbsolutePath to default to
${jetty.base}/etc/keystore.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Fix#5794 Close socket on bind failure
Fix#5794 Close socket on bind failure
* Fix#5794 Close socket on bind failure
Fix#5794 Close socket on bind failure
* Fix#5794 Close socket on bind failure
Update fix with IO.close()
* enable spotbugs in CI
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
record issues
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
use warning new generation
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
activate errorprone
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
fix Jenkinsfile
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
do not run spotbugs for jetty-runner as we do not want to fix all dependencies bugs :)
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
junit should allow empty results
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
maven console can be use only once...
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
one liner
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
recordissues only once
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
force id
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
aggregate results
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
configure a name for aggregated reports
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
mo more -T3 no need anymore of remote session test profile
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
I want to see what failing tests look like with new report.
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
skip spotbugs for jetty-jmh
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
get rid of findbugs as we now have spotbugs
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
Revert "I want to see what failing tests look like with new report."
This reverts commit df0d13e4c53d7461872e1f925ec06bd36e4a66c9.
activate errorProne parser
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
make pmd quiet for CI
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
remove -fae flag and do not display transfer progress
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
try junitParser() to see what it does
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
junit parser is a bad idea...
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
increase timeout
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
no -T2 for javadoc
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
fix skip spotbugs and pmd verbose
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
* remove -T options
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
Removed the jetty-server and jetty-servlet test-jar artifacts.
The only one left is the jetty-maven-plugin test-jar.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
With this minimal change one can provide different cookie configs for the same SessionHandler
without coping the whole method into the inherited class.
Signed-off-by: Dejan Pecar <dejan.pecar@abacus.ch>
* Use File.list and File.walk within a try with resource
The API contract of File.list and File.walk requires them to be closed after use.
* Fix from review
Left out filter
* Fix from review
Factored out deleteFile with better debug
* Fix from review
Can delete files whilst walking
* Fix from review
Restored sweepFile
fixed minor code suggestions
HttpInput.run() now uses contentProvider.isReady() to ensure that
if there is no content, the fill interest is set.
AsyncContentProvider.isReady() is now looping if there is content
but it cannot be transformed (e.g. too few gzipped bytes).
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Writing content in separate writes may result in the server
only reading partial content, producing a response with
`Connection: close` that would cause the client socket to
stop receiving data for the next response, failing the test.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Issue #5605 unconsumed input on sendError
Add Connection:close if content can't be consumed during a sendError. Processed after the request has returned to the container.
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Update from review
+ Add close on all uncommitted requests when content cannot be consumed.
* Update from review
+ fixed comment
+ space comma
* Only consume input in COMPLETE if response is >=200 (ie not an upgrade or similar)
* Updated to be less adventurous
I do not think it was valid to always consumeAll in COMPLETE as this could break upgrades with both 101s and 200s
Instead I have reverted to having this consumeAll logic only:
+ in sendError once control has passed back to the container and we are about to generate an error page.
+ in front of all the sendRedirection that we do without calling the application first.
Extra tests also added
* Updated to be less adventurous
reverted test
* Testcase for odd sendError(400) issue.
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
* Fix for odd sendError(400) issue.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Testcase for odd sendError(400) issue.
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
* Always try to consumeAll on all requests
* Refinements after testing in 10
* Refinements after testing in 10
Fixed test
* Fixed comment from review
* Updates from review
+ added redirect methods that consumeAll
+ ensureContentConsumedOrConnectionClose renamed to ensureConsumeAllOrNotPersistent
+ ensureConsumeAllOrNotPersistent now handles HTTP/1.0 and HTTP/1.1 differently
* better consumeAll implementation
* update from review
+ better javadoc
+ filter out keep-alive
+ added more tests
* update from review
+ better javadoc
* update from review
+ fixed form redirection test for http 1.0 and 1.1
* update from review
+ HttpGenerator removes keep-alive if close present
+ Use isRedirection
Co-authored-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Co-authored-by: Simone Bordet <simone.bordet@gmail.com>
* For #5650 protect from bad SslSession
Better protection from a bad SslSession like seen in #5650
* review indicated that there is too much depth to defend. So just a little cleanup in this PR.
* Cleanup request/response recycle #4711
Reordered recycle in request and response to field order so that we can check that all fields are recycled.
* Fixed ordering of reader consumption
* update from review
* Fix#5562 Improve HTTP Field cache allocation
Fix#5562 by initially putting cacheable fields into a inexpensive arraylist.
Only create the Trie (with space and complexity costs) if a second request is received.
* Fixed NPE
* Feedback from review
Create `HttpHeader.isPseudo()`` method
improved clarity with `createFieldCacheIfNeeded()``
* Feedback from review
Only defer Trie creation to first cacheable field, not until next request.
* Updates from review
* Update from review
+ more javadoc
+ empty set return
Make EOF and errors be special content.
Transition to a much simplified FSM by using the needContent() / produceContent() model.
Implement blocking on top of async, this way there is only one FSM.
(Milestone 6)
Signed-off-by: Ludovic Orban <lorban@bitronix.be>
* SessionCookieConfig name may be null
Protect against NPE by make a null name in SessionCookieConfig deactive session cookies.
* SessionCookieConfig name may be null
Protect against NPE by make a null name in SessionCookieConfig deactive session cookies.
* SessionCookieConfig name may be null
Protect against NPE by make a null name in SessionCookieConfig deactive session cookies.
* feedback from review
added static method to convert null name to default.
Moved jetty-dir.css from jetty-util to jetty-server,
so that it can be found by ResourceHandler when using JPMS.
Updated DefaultServlet to call a ResourceHandler method
to retrieve the stylesheet.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>