+ Fix various warnings
+ Disable ODD_JAR / extraClassPath (temporarily)
+ Reenable disabled test Test
+ Reenable disabled test testListingContextBreakout
Fixed all module-info.java files that did not have a "provides" declaration but had META-INF/services files.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Now using a non-allocated privileged port from IANA, that nobody should listen to, so the test should not fail.
It is not a 100% guarantee, but perhaps better than before, especially because now a port < 1024 is used.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Some require transitive was missing, and has been added.
In other cases, making a field private (e.g. for log instances) made the warning go away.
In another case, removed explicit dependency on websocket core exception, as it was not necessary.
Clean up the POMs for jetty-eeN-annotations, that had unnecessary dependencies.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Implemented servlet 6.1 redirect with content
Added option for server to generate a short html redirect body content, as per RFC9110 (default false)
Allowed an aggregated servlet response content to be used if clear is false.
* Redirect is a noop in include
* Fixed init order
This style of extensibility (calling virtuals from constructors) is very fragile.
* Update javadoc from review
Also update EE10 to also noop included response methods
* Update javadoc from review
Also update EE10 to also noop included response methods
* Update javadoc from review
Also update EE10 to also noop included response methods
* Update jetty-ee11/jetty-ee11-servlet/src/main/java/org/eclipse/jetty/ee11/servlet/ServletApiResponse.java
Co-authored-by: Jan Bartel <janb@webtide.com>
* Updating ee11 jsp-impl to 11.0.0-M19
* Updates from review
* updates from review
* Update jetty-core/jetty-server/src/main/java/org/eclipse/jetty/server/Response.java
Co-authored-by: Simone Bordet <simone.bordet@gmail.com>
---------
Co-authored-by: Jan Bartel <janb@webtide.com>
Co-authored-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Co-authored-by: Simone Bordet <simone.bordet@gmail.com>
* Addendum to #11566.
Restored methods that were removed in WebAppClassLoader.Context.
Fixed method signatures for deprecated method -- they must take the deprecated ClassMatcher, not the newly introduced one.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Issue #11514 - Cleanup `jetty.webapp.addServerClasses` property behavior for ee10/ee9/ee8
* Merging patterns (default -> env -> config)
* Moved ClassMatcher to util
* System Server Classes
* Renaming to Hidden/Protected
* Updated for loss of dump.war
* Update jetty-core/jetty-ee/src/main/java/org/eclipse/jetty/ee/WebappClassLoading.java
* fixed OSGi tests
* Ensure default hidden server and system classes.
* Fixed ee9 OSGi to load jetty-ee
* Adding more deprecations
* Changing XML demos/tests to use new getter names
* rollback xml changes in ee9/ee8
* Fix ee8 maven plugin
* Make jetty-maven dependency optional in ee9 to match ee10
---------
Co-authored-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Co-authored-by: gregw <gregw@webtide.com>
Fix buffer leak in HTTP and FCGI when the server is being shut down while there are in-flight requests
Signed-off-by: Ludovic Orban <lorban@bitronix.be>
* Issue #11514 - Cleanup `jetty.webapp.addServerClasses` property behavior for ee10/ee9/ee8
* Fix test
* Merging patterns (default -> env -> config)
* Moved ClassMatcher to util
* Adding more deprecations
* Changing XML demos/tests to use new getter names
* rollback xml changes in ee9/ee8
---------
Co-authored-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Co-authored-by: Jan Bartel <janb@webtide.com>
* Issue #11567 - fix relative path for resourceBase set in DefaultServlet
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
* Remove the ResourceFactory adaption from between baseResource and a HttpContent.Factory
* Remove toURI usage
* ensure ee9 DefaultServlet encodes the pathInContext
* Moved toURI functionality to ResourceFactory
* use context baseResource if baseResource not set
* removed usages of URIUtil.split
* fixed javadoc
* updates from review
* updates from review
* updates from review
* updates from review
* fixed resource leak in test
* fixed resource leak in test
* updates from review
* Fixes to URIUtil for Windows (#11585)
* Fixes for Windows
* Remove test that is not needed
* inlined resolveOrNew
---------
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
Co-authored-by: Lachlan Roberts <lachlan@webtide.com>
Co-authored-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Refactorings to rationalize and simplify how we do IO with resources internally by introducing the IOResources helper.
Signed-off-by: Ludovic Orban <lorban@bitronix.be>
Initialized PEM directories for both client and server.
Added [lib] section that was missing due to #11263.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Issue #11495 - Add UriCompliance rules that follow the HTTP / URI / Servlet specs for illegal & suspicious characters
* more illegalPathCharacterData test cases
* Correcting SUSPICIOUS_PATH_CHARACTERS semantic (encoded and decoded)
* Check for illegal and suspicious characters as we are parsing the path.
* Only look for ambiguous paths if we know there are dots or encodings.
---------
Co-authored-by: gregw <gregw@webtide.com>
* Issue #11539 restore old behavior of Resource.copyTo()
* Do not delete destination resource
if it exists before copy to restore
the behavior to what we had in
Jetty 9/10/11.
* Formalizing IO.resolvePath()
* Introduced ThreadIdPool and replaced ThreadLocal with it
* Modified ReservedThreadExecutor to be backed by a ThreadIdPool of semaphores
Signed-off-by: Ludovic Orban <lorban@bitronix.be>
Co-authored-by: Simone Bordet <simone.bordet@gmail.com>
Co-authored-by: gregw <gregw@webtide.com>
Co-authored-by: Ludovic Orban <lorban@bitronix.be>
Fix#11411 by allowing non-existent resources to be returned from resolve
Co-authored-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Co-authored-by: Ludovic Orban <lorban@bitronix.be>
* Issue #11387: Reintroduce MultiPartCompliance.LEGACY in ee9/ee8
* Correcting javadoc
* Updating MultiPartCaptureTest to ...
* Test with MultiPartFormData.Parser and MultiPart.Parser
* Enable all test cases
* base64 behaviors modified to not auto-decode base64 content
* forms submitted without `_charset_` part (some using a different
charset than UTF-8, like `Shift_JIS`)
* Fixing checkstyle warning
* Re-enable Part-ContainsContents expectations
* Rename MultiPartCompliance.NO_CRLF_AFTER_PREAMBLE to WHITESPACE_BEFORE_BOUNDARY to fit spec better
* Make ee9/ee8 legacy parser use legacy tokenization
* Testing ee9/ee8 legacy parser base64 auto-decoding behaviors
* Cleanup jetty-test-multipart class naming
* Adding ee10 tests against raw multipart examples
* Adding shorter whitespace multipart test
* Adding jetty-core version of failing ee10 tests
* Fixed missed notification for CR content in case of 1 chunk ending with CR and the next chunk ending with LF.
* Removed internal unused class MultiPartParser.
* Adding MultiPartCompliance.Violation events
+ in MultiPart.Parser
+ in MultiPartFormData.Parser
* lenient mode behavior
* new name fits violation better
+ adding violation to MultiPart.Parser.parseHeaderStart
* some simple cleanup of new ee9 code
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Co-authored-by: Simone Bordet <simone.bordet@gmail.com>
* Introduced oej.io.Transport as the abstraction for the low-level transport of high-level protocols.
Now protocols such as HTTP/1.1 or HTTP/2 can be transported over TCP, QUIC, Unix-Domain, memory, and possibly over other low-level custom protocols too.
* Introduced oej.client.Request.transport(Transport) to specify Transport for each request.
* Introduced Transport to [HTTP2Client|HTTP3Client].connect(...) methods.
* Introduced [Client|Server]QuicConfiguration so that it can be used in other Connectors such as MemoryConnector.
* Introduced oej.server.MemoryConnector and EndPoint.Pipe for memory communication between peers, along with a MemoryTransport.
* Introduced QuicTransport as a wrapper for other Transports, so that QUIC can now also be transported over memory.
* Improved javadocs and documentation.
* Removed usage of ClientConnector.forUnixDomain() from FastCGIProxyServlet (ee10 and ee9).
* Replaced usage of HTTP3ServerConnector with QuicServerConnector in jetty-http3.xml.
* Fixed handling of Instruction notifications in case of re-entrance.
Now first clear the list, then notify to avoid that when re-entering the same instruction is notified multiple times.
* Introduced ContentSourceRequestContent, and updated ProxyHandler to use it.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Issue #11414 - use HttpURI instead of URIUtil to have a single point of spec behavior
* Issue #11414 - enforce lowercase scheme in HttpConfiguration.secureScheme
* Issue #11414 - Scheme produced on `Location` header is lowercase
* Issue #11414 - Scheme to lowercase
* Issue #11414 - Scheme to lowercase
* Revert change to HttpClient
* Added schema port knowledge to URIUtil
* Fixed tests for normalized URIs
* updates from review
* updates from review
* Fix tests
* Restored methods as deprecated
* More testing
---------
Co-authored-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
* In ServletChannel, in COMPLETE state, there was a check comparing the number of bytes written with that declared by Content-Length.
Unfortunately the check was wrong in case of gzip, because it was comparing the application length with the gzipped length, resulting in a late sendErrorOrAbort() that was an abort() because the response was already fully sent.
Furthermore, if sendErrorOrAbort() was actually an abort(), there was an unnecessary attempt to complete the output.
* In GzipHandlerResponseAndCallback there were 2 last writes: one when the application calls output.close(), and one when the callback is succeeded.
Furthermore, when no content needs to be written, it was still compressed, causing an IOException in ChannelResponse (again when double-checking the bytes written, since Content-Length was 0, but the gzip header and trailer were written).
* Updates semantic of when to add the "Vary" header.
Now it is always only added by GzipHandler, when it would be possible to generate a response that might be compressed (even if it will not).
* Added *.bz2 mime-type.
Updated GzipHandler with the correct mime-type for *.bz2: application/x-bzip2.
* Improved checks for the number of bytes written against declared content-length.
This is necessary because welcome files are written by DefaultServlet (most of the times) bypassing the Servlet classes, using ServletContextResponse directly.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Co-authored-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
+ Introduce new events on `ComplianceViolation.Listener`
+ Introduce new `ComplianceViolation.Listener.initialize()` to allow for a new Listener at the appropriate time (to support per-request listeners)
+ Introduce new `ComplianceViolation.CapturingListener`
+ Introduce new `HttpConfiguration.(add/remove/get)ComplianceViolationListener()` methods.
+ Deprecate/Remove handling of `recordComplianceViolations` in `HttpConnection` and `HttpConnectionFactory` classes.
+ Produce warnings if use of `ComplianceViolation.Listener` as beans is still present.
+ Add `ComplianceViolation.Listener` support to `UriCompliance` locations.
+ Add `ComplianceViolation.Listener` support to `MultiPartCompliance` locations.
+ Add `ComplianceViolation.Listener` support to `CookieCompliance` locations.
+ Add `ComplianceViolation.Listener` support to `HttpCompliance` locations in HTTP/2 and HTTP/3
---------
Co-authored-by: gregw <gregw@webtide.com>
* Using @foo.version@ technique and proper
lib lists to allow arbitrary version
updates from properties
* Fix spotless
* Remove duplicate entries
* Only replace System property "jetty.version" with manifest-ver if blank/null
* Fixing bad module definitions
* Issue #11009 - add test for bad Jakarta endpoint
* Issue #11009 - ensure endpoint deployable before adding ServerEndpointConfig
* add same test and fix for ee9
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
* Made ServletChannel error handling more robust.
A failure in error handling is now remembered so that the Handler callback can be failed later.
* Avoid failing the Handler callback from ServletChannel.abort(), as it is too early: should be failed when processing the TERMINATED state, similarly to when it is succeeded.
* Removed dead code from HttpConnection.SendCallback.reset(), since response is always non-null.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Call ServletChannelState.asyncFailure from error listener. Fix#10933
* Separate invokers for read side and write side
* document async error issues
* updates from review
* updates from review
Removed duplicate handling from servlet. Now only handled in core in HttpChannelState and protected it from concurrent writes.
Added additional tests.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Co-authored-by: Simone Bordet <simone.bordet@gmail.com>
Reworked the ServletChannel.handle() SEND_ERROR case.
Now using the proper state changes to call ErrorHandler.handle(), which is asynchronous, so that IllegalStateExceptions are avoided.
Restored idle timeout tests in ee9/ee10 AsyncMiddleManServletTest.
Fixed notification of request destroyed in ErrorHandler: must be before completing the callback, since listener may call Servlet APIs that should see the ServletChannel state before the ErrorHandler callback changes it.
Updated ServletChannelState.isAsync() and isAsyncStarted().
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* #10386 Align core, ee9 and ee10 AbstractTest:
- use the same temporary folder technique
- configure the SSL contexts the same way
Signed-off-by: Ludovic Orban <lorban@bitronix.be>
Fixes#10234
* Introduced transient failures in reads where a failure chunk has last=false.
* Transient failure now do not fail the handler callback.
* Improve eeN ContentProducer to more carefully assert transient and terminal errors + enable HttpInputIntegrationTest
* Do not add connection: close to the response when the error is transient
* Rework ChunksContentSource to support null chunks
* Added tests to verify the new transient failure cases
* Review all code that handles failure, and handling correctly transient failure, either by making them fatal, and/or by failing Content.Source.
Signed-off-by: Ludovic Orban <lorban@bitronix.be>
Signed-off-by: Olivier Lamy <olamy@apache.org>
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Co-authored-by: Ludovic Orban <lorban@bitronix.be>
Co-authored-by: Olivier Lamy <olamy@apache.org>
Co-authored-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Co-authored-by: Chad Wilson <chadw@thoughtworks.com>
Co-authored-by: Simone Bordet <simone.bordet@gmail.com>
* Various cleanups of Handler.insertHandler
* Added missing call to relinkHandlers() in setHandler() after calling super.
* Moved call to relinkHandlers() in insertHandler(), as the various setSession|Security|ServletHandler() already call relinkHandlers().
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
---------
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Co-authored-by: Simone Bordet <simone.bordet@gmail.com>
The local/remote SocketAddress is cached within the ConnectionMetaData or Connection instance, so that any changes are not visible during the request lifetime.
Ensure that all server Connection types respect HttpConfiguration#getLocalAddress and that it is not implemented only in servlet layer
Avoid DNS resolution.
---------
Co-authored-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Improve handling of SSL metadata in ConnectionMetaData, proxied connections and forwarded requests
+ Added an Attributes.Synthetic mechanism to better (and mor commonly) handle additional attributes, whilst meeting the new TCK requirement that they can be deleted or replaced.
+ Made SslSessionData a reusable type provided by EndPoint
+ Added the EndPoint.Securable subtype that can provide a SslSessionData instance for secure EndPoints
+ Updated ForwardedRequestCustomizer, SecureRequestCustomizer to understand Securable and SslSessionData
+ Javadocs improvements.
+ Removed unnecessary attribute constants in SecureRequestCustomizer.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
---------
Signed-off-by: Olivier Lamy <olamy@apache.org>
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Co-authored-by: Olivier Lamy <olamy@apache.org>
Co-authored-by: Simone Bordet <simone.bordet@gmail.com>
Recycle ServletChannel in ServletContextHandler rather than in ServletHandler, so that completion events on servlet API request/response can be handled.
Joakim Erdfelt
Ludovic Orban
Lachlan Roberts
Olivier Lamy
Jan Bartel
Greg Wilkins
Simone Bordet
Danish Nawab