Commit Graph

404 Commits

Author SHA1 Message Date
Joakim Erdfelt 5dd987779c
Adding `WhitespaceAfter` checkstyle rule.
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2021-02-15 12:48:24 -06:00
Jan Bartel 75183e8413
Issue #5909 - Better handling of merged RoleInfo during omitted method constraints (#5917)
* Fix #5909 Better handle merged RoleInfo

Signed-off-by: Jan Bartel <janb@webtide.com>

Co-authored-by: gregw <gregw@webtide.com>
2021-02-09 09:44:53 +01:00
Joakim Erdfelt 176e29e408
Happy New Year 2021
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2021-01-21 12:31:00 -06:00
Simone Bordet 6e1cd862e4
Fixes #5845 - Use UTF-8 encoding for client basic auth if requested. (#5847)
* Fixes #5845 - Use UTF-8 encoding for client basic auth if requested.

* Introduced get/setCharset in BasicAuthenticator on server-side.
* Looking for the "charset" parameter on the client-side, and if there, use it.
* Added test case.
* Code cleanups.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2021-01-12 11:26:33 +01:00
Jan Bartel 26ef233e94
Issue #5824 Durable ConstraintMappings. (#5842)
* Issue #5824 Durable ConstraintMappings.

Signed-off-by: Jan Bartel <janb@webtide.com>
2021-01-11 10:30:23 +01:00
Olivier Lamy 9343844f15
Jetty 9.4.x spotbug issue map iteration using entrySet(), diamond list creation (#5804)
* fix some spotbug performance map iterations

Signed-off-by: olivier lamy <oliver.lamy@gmail.com>

* cannot use computeIfAbsent because it is a PathMap

Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
2020-12-14 08:46:35 +10:00
Greg Wilkins 14f94f738d
Issue #5605 unconsumed input on sendError (#5637)
* Issue #5605 unconsumed input on sendError

Add Connection:close if content can't be consumed during a sendError. Processed after the request has returned to the container.

Signed-off-by: Greg Wilkins <gregw@webtide.com>

* Update from review

 + Add close on all uncommitted requests when content cannot be consumed.

* Update from review

 + fixed comment
 + space comma

* Only consume input in COMPLETE if response is >=200 (ie not an upgrade or similar)

* Updated to be less adventurous

I do not think it was valid to always consumeAll in COMPLETE as this could break upgrades with both 101s and 200s
Instead I have reverted to having this consumeAll logic only:
 + in sendError once control has passed back to the container and we are about to generate an error page.
 + in front of all the sendRedirection that we do without calling the application first.

Extra tests also added

* Updated to be less adventurous

reverted test

* Testcase for odd sendError(400) issue.

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>

* Fix for odd sendError(400) issue.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>

* Testcase for odd sendError(400) issue.

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>

* Always try to consumeAll on all requests

* Refinements after testing in 10

* Refinements after testing in 10

Fixed test

* Fixed comment from review

* Updates from review

+ added redirect methods that consumeAll
+ ensureContentConsumedOrConnectionClose renamed to ensureConsumeAllOrNotPersistent
+ ensureConsumeAllOrNotPersistent now handles HTTP/1.0 and HTTP/1.1 differently

* better consumeAll implementation

* update from review

 + better javadoc
 + filter out keep-alive
 + added more tests

* update from review

 + better javadoc

* update from review

 + fixed form redirection test for http 1.0 and 1.1

* update from review

 + HttpGenerator removes keep-alive if close present
 + Use isRedirection

Co-authored-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Co-authored-by: Simone Bordet <simone.bordet@gmail.com>
2020-11-18 10:40:05 +01:00
Lachlan Roberts de1b6745c5 the DO NOT EDIT comment in .mod files should start with '#'
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2020-07-15 16:47:22 +10:00
Lachlan Roberts 929e38373c Issue #4621 only warn on ServiceLoader failure of Authenticator.Factory
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2020-03-25 19:06:11 +11:00
Joakim Erdfelt 8c65309963
Addressing Checkstyle violations in src/test/java
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2020-01-14 12:33:34 -06:00
Simone Bordet 923ec38adf Merged branch 'jetty-9.3.x' into 'jetty-9.4.x'. 2020-01-07 16:51:25 +01:00
Simone Bordet e3c8546667 Merged branch 'jetty-9.2.x' into 'jetty-9.3.x'. 2020-01-07 16:35:05 +01:00
Simone Bordet de890bb1b7 Happy New Year 2020.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2020-01-07 16:25:32 +01:00
olivier lamy e1371a1c13 happy new year
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
2020-01-02 21:54:05 +01:00
Lachlan 18e7ee5940
Issue #4237 - allow openid module to be configured without context xml (#4244)
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2019-11-07 10:53:25 +11:00
Joakim Erdfelt e9ac2c8c97
Fixing #4144 - handle wrapped requests better
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-10-01 17:49:30 -05:00
Jan Bartel 10de54fa07
Issue #4072 Add test for SessionAuthentication serialization (#4074)
Signed-off-by: Jan Bartel <janb@webtide.com>
2019-09-10 14:48:20 +10:00
康智冬 49ba6d1acb fix typo and grammar (#4045)
Signed-off-by: KangZhiDong <worldkzd@gmail.com>
2019-09-02 14:29:50 -04:00
Greg Wilkins 83463c2a23
Issue #3964 - Listener behavior cleanup (Jetty 9.4.x) (#3965)
Issue #3964
* Avoid creating listener list for rarely used requestAttributeListener
* AbstractConnector keeps a specific list of HttpChannel.Listeners
to avoid Connection.Listeners and MBean listeners being added to
the HttpChannel listener list.
* Simplified listener handling by avoiding null connector, previously
only needed for testing.
* Fixed test that assumed HttpChannel listeners were not cleared by a recycle
* Separated out durable vs cyclic HttpChannel.Listeners, so as to
simplify handling.
* Deprecated cyclic HttpChannel.Listeners, as I'm not sure the channel is
the right place for them.
* Added improved method to combine multiple HttpChannel Listeners
into a single Listener.
* Fixed MockConnector
* Added benchmark
* Improved benchmark
* Updates from review
* Removed benchmark and alternate implementations.
* Updated javadoc
* Updates from review

Signed-off-by: Greg Wilkins <gregw@webtide.com>
2019-08-27 17:38:20 +10:00
Greg Wilkins bde86467f4
Issue #3806 - Make Async sendError fully Async (#3912)
* Issue #3806 async sendError

Avoid using isHandled as a test withing sendError as this can be
called asynchronously and is in a race with the normal dispatch of the
request, which could also be setting handled status.

The ErrorHandler was dispatching directly to a context from within
sendError.  This meant that an async thread can call sendError and be
dispatched to within the servlet container at the same time that the
original thread was still dispatched to the container.

This commit fixes that problem by using an async dispatch for error
pages within the ErrorHandler.  However, this introduces a new problem
that a well behaved async app will call complete after calling
sendError.  Thus we have ignore complete ISEs for the remainder of
the current async cycle.

Fixed the closing of the output after calling sendError. Do not
close if the request was async (and thus might be dispatched to an
async error) or if it is now async because the error page itself is
async.

* updates from review
* better tests
* revert ignore complete
* added some TODOs
* more TODOs
* fixed rename
* cleanup ISE and more TODOs
* refactored to call sendError for uncaught exceptions rather than onError
* more of the refactor
* extra tests for sendError from completing state

Reworked HttpChannelState and sendError so that sendError is now
just a change of state. All the work is done in the ErrorDispatch
action, including calling the ErrorHandler.  Async not yet working.

Additional tests

Converted ERRORED state to a separate boolean so it can be used for
both Sync and Async dispatches.

Removed ASYNC_IO state as it was just the same as DISPATCHED

The async onError listener handling is now most likely broken.


WIP making sendError simpler and more tests pass
WIP handling async and thrown exceptions
WIP passing tests

Improved thread handling

removed bad test

Implemented error dispatch on complete properly
more fixed tests

sendError state looks committed

- Added resetContent method to leave more non-content headers during sendError
- Fixed security tests
- simplified the non dispatch error page writing.  Moved towards being able to write async

* fixed gzipHandlerTest

* Updated handling of timeout errors.  According to servlet spec,
exceptions thrown from onTimeout should not be passed to onError, but
just logged and ignored:

   If an exception is thrown while invoking methods in an AsyncListener,
   it is logged and will not affect the invocation of any other AsyncListeners.

* This changes several tests.

* Dispatcher/ContextHandler changes for new ERROR dispatch handling. Feels a bit fragile!

* Fixed tests in jetty-servlets
* Fixed tests in jetty-proxy

* more test fixes

* Fixed head handling
reverted unnecessary changes
Improved reason handling

WIP on fully async error handling.
Simplified HttpChannelState state machines to allow for async actions
during completing

more WIP on fully async error handling.

sendError and completion are not both non-blocking, without using
a startAsync operation. However we are lacking unit tests that actually
exercise those code paths.

* Simplified name of states
Added test for async completion
* Cleanups and javadoc
* Cleanups and javadoc
* remove snake case
* feedback from review
* Write error page into fixed pooled buffer

Use the response to get/release a pooled buffer into which the error
page can be written.  Make it a fixed sized buffer and if it overflows
then no error page is generated (first overflow turns off showstacks
to save space).

The ErrorHandler badly needs to be refactored, but we cannot change
API in jetty-9

* More test fixes for different error page format
* minor cleanups
* Cleanup from Review
* Fixed javadoc
* cleanups and simplifications
* Cleanup from Review
* renaming and some TODOs
* Cleanup from Review
* Checkstyle fixes
* Cleanup from Review
* Code cleanups and simplifications
* fixed debug
* Cleanup from Review
* Ensure response sent before server shutdown
* removed unnecessary optimisation
* fixed duplicate from merge
* Updates from review

Signed-off-by: Greg Wilkins <gregw@webtide.com>
2019-08-26 17:55:58 +10:00
Olivier Lamy fe3d3f7158
fix checkstyle in test sources (#4013)
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
2019-08-22 19:56:41 +10:00
Jan Bartel bb7fb48f08
Fix checkstyle warnings for tests. (#3846)
Signed-off-by: Jan Bartel <janb@webtide.com>
2019-07-03 16:42:20 +02:00
Greg Wilkins 9706d70484
Jetty 9.4.x reformat (#3811)
* Removing Legacy Method Separators
* Restyling branch `jetty-9.4.x`
* Applying changes highlighted by checkstyle
* Applying XML restyling
* Fixing XML codestyle for IntelliJ
* Fixing XML style mistakes
* Revert "Applying XML restyling"
* Updating checkstyle for XML codestyle
* Reformatting pom.xml files
* Fixed empty string from line wraps
* Update intellij style to not do expression relative formatting. Reformatted code based on that.
* Increasing line split on Eclipse IDE Formatter to 512
* Restoring setting on internal default value.
+ IntelliJ will not export settings on things that set to their
  internal default values.
  We want to keep those values as a hedge against future default
  value changes in future releases of IntelliJ.
* Fixing intellij codestyle
* do not allow single line simple methods
* misc checkstyle fixes
* re-exported with correct name and all values

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Signed-off-by: Greg Wilkins <gregw@webtide.com>
2019-06-24 17:40:30 +02:00
Joakim Erdfelt 877815e195 Issue #3708 - Adding new methods and converting codebase to use them
+ StringUtil.replace(String, char, char)
+ StringUtil.strip(String, String)
+ URIUtil.encodeSpecific(String, String)
+ URIUtil.decodeSpecific(String, String)
+ TypeUtil.toClassReference(Class)
+ TypeUtil.toClassReference(String)

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-06-12 09:56:41 -05:00
Joakim Erdfelt 33fe55c339 Issue #3708 - use StringUtil alternatives for known slow JVM impls.
+ StringUtil.replace()
+ StringUtil.replaceFirst()
+ StringUtil.sanitizeFileSystemPath()

Change existing usages of String.replace() to either
use new StringUtil.replace() or other methods elsewhere
that better suit that specific need.

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-06-11 11:25:50 -05:00
Joakim Erdfelt 5d267963a3 Issue #3655 - Cookie generation now complies with RFC6265 spaces
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-05-22 23:10:12 +02:00
Joakim Erdfelt b44ecc932a Issue #2909 - Replace B64Code with java.util.Base64
+ Deprecated B64Code
+ All code that isn't B64CodeTest is now using java.util.Base64
+ B64CodeTest is updated to confirm change to java.util.Base64
  is possible without change in behavior. Just have to make
  sure you use the appropriate Encoder / Decoder for the task
  at hand (default vs mime vs url)

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-05-15 10:08:11 +02:00
Jan Bartel 5dd35ee706
Issue #3627 Only renew session id when spnego authentication is fully complete (#3629)
* Issue #3627 Only renew session id when spnego authentication is fully complete.

Signed-off-by: Jan Bartel <janb@webtide.com>
2019-05-08 10:20:42 +02:00
Jan Bartel 6f35067375
Issue #3568 Make UserStore automatically startable by HashLoginService. (#3594)
Signed-off-by: Jan Bartel <janb@webtide.com>
2019-05-07 14:51:48 +02:00
Joakim Erdfelt df716e1b23 Migrating away from junit5 deprecated isIn() to is(in())
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-04-30 12:33:28 -05:00
Joakim Erdfelt 1f046f44fe Fixing CRLF issues.
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-04-03 15:24:29 -05:00
Joakim Erdfelt edaefdbb3b Fixing CRLF files 2019-04-03 11:56:07 -05:00
Jan Bartel 432fc41a32
Jetty 9.4.x 3456 programmatic authentication (#3472)
* Issue #3456 Allow multiple programmatic login/logout in same request.

Signed-off-by: Jan Bartel <janb@webtide.com>
2019-03-20 18:19:55 +11:00
Greg Wilkins dbf0d2e6be Issue #3421 Duplicate session set-cookie (#3426)
Added Response.replaceCookieuse replaceCookie in sessions
unit tests

Signed-off-by: Greg Wilkins <gregw@webtide.com>
2019-03-06 14:44:48 +11:00
Olivier Lamy 9b7afd8a03
Happy new year!! (#3232)
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
2019-01-01 11:52:16 +10:00
Greg Wilkins bda9307028
Merge pull request #3144 from lachlan-roberts/jetty-9.4.x
Issue #113 - CustomRequestLog
2018-11-29 09:29:43 +01:00
Lachlan Roberts 112d57f474 Issue #113 - CustomRequestLog
added missing copyright header in some new files

added CustomRequestLogTest in jetty-servlet to test things like
logFilename and logRequestHandler

the log strings produced do no longer contain a trailing newline

implemented more tests in CustomRequestLogTest
and finished implementing some of the logging in CustomRequestLog

Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2018-11-22 10:32:22 +01:00
Simone Bordet f814354bb5 Issue #3085 - Restore Dump methods for backwards compatibility reasons.
Restored removed methods to maintain backwards compatibility.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2018-11-09 17:47:46 +01:00
Jan Bartel 871f73cdf6
Jetty 9.4.x 2932 switchable classloader for session attribute values (#2964) 2018-11-06 10:03:48 +01:00
Jan Bartel 8eb21f84a3 Issue #2998 Add key to DebugListener dump; ensure LoginService dumped
only once.
2018-10-23 17:18:12 +11:00
Greg Wilkins 15e1c73f9c
Cleanup the dump implementation (#2998)
* Cleanup the dump implementation
* improved the clarity of utility methods for dump and updated most dump methods
* fixed upgrade filter dump
* Improved dump after review
* Moved dumpObjects to Dumpable
* implemented dumpBeans with dumpObjects
* less verbose dump
* Dump streams
* fixed dump test

Signed-off-by: Greg Wilkins <gregw@webtide.com>
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2018-10-22 11:53:59 +11:00
Simone Bordet 42de1dffe0 Issue #2868 - Adding SPNEGO authentication support for Jetty Client.
Fixed server-side logic after review.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2018-10-02 13:25:33 +02:00
Simone Bordet 20fff533c8 Issue #2868 - Adding SPNEGO authentication support for Jetty Client.
Updated server-side authentication logic after review.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2018-10-02 12:01:59 +02:00
Simone Bordet 6b5a46b63b Issue #2868 - Adding SPNEGO authentication support for Jetty Client.
Avoid hardcoded KDC port in tests.
Updated Krb5LoginModule options with refreshKrb5Config=true,
to make sure the KDC configuration is re-read for every test.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2018-10-02 12:01:25 +02:00
Simone Bordet 2b11d30a45 Issue #2868 - Adding SPNEGO authentication support for Jetty Client.
Renamed server-side classes and added javadocs.
Deprecated old server-side classes in favor of the new ones.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2018-09-28 09:29:52 +02:00
Simone Bordet e1905e6961 Issue #2868 - Adding SPNEGO authentication support for Jetty Client.
Updates after review.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2018-09-19 18:47:39 +02:00
Simone Bordet f1391be559 Issue #2868 - Adding SPNEGO authentication support for Jetty Client.
Added missing copyright header.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2018-09-16 16:33:25 +02:00
Simone Bordet 2e65186c95 Issue #2868 - Adding SPNEGO authentication support for Jetty Client.
Implemented client-side SPNEGO authentication.
Reimplemented server-side SPNEGO authentication.
Added tests to verify behavior.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2018-09-14 19:48:39 +02:00
Simone Bordet b0f34fec3f Code cleanups.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2018-09-14 10:01:58 +02:00
Simone Bordet 82c04f3ae8 Fixed typos SPENGO -> SPNEGO.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2018-09-07 10:12:06 +02:00