* Made ServletChannel error handling more robust.
A failure in error handling is now remembered so that the Handler callback can be failed later.
* Avoid failing the Handler callback from ServletChannel.abort(), as it is too early: should be failed when processing the TERMINATED state, similarly to when it is succeeded.
* Removed dead code from HttpConnection.SendCallback.reset(), since response is always non-null.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Call ServletChannelState.asyncFailure from error listener. Fix#10933
* Separate invokers for read side and write side
* document async error issues
* updates from review
* updates from review
Removed duplicate handling from servlet. Now only handled in core in HttpChannelState and protected it from concurrent writes.
Added additional tests.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Co-authored-by: Simone Bordet <simone.bordet@gmail.com>
Reworked the ServletChannel.handle() SEND_ERROR case.
Now using the proper state changes to call ErrorHandler.handle(), which is asynchronous, so that IllegalStateExceptions are avoided.
Restored idle timeout tests in ee9/ee10 AsyncMiddleManServletTest.
Fixed notification of request destroyed in ErrorHandler: must be before completing the callback, since listener may call Servlet APIs that should see the ServletChannel state before the ErrorHandler callback changes it.
Updated ServletChannelState.isAsync() and isAsyncStarted().
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* #10386 Align core, ee9 and ee10 AbstractTest:
- use the same temporary folder technique
- configure the SSL contexts the same way
Signed-off-by: Ludovic Orban <lorban@bitronix.be>
Fixes#10234
* Introduced transient failures in reads where a failure chunk has last=false.
* Transient failure now do not fail the handler callback.
* Improve eeN ContentProducer to more carefully assert transient and terminal errors + enable HttpInputIntegrationTest
* Do not add connection: close to the response when the error is transient
* Rework ChunksContentSource to support null chunks
* Added tests to verify the new transient failure cases
* Review all code that handles failure, and handling correctly transient failure, either by making them fatal, and/or by failing Content.Source.
Signed-off-by: Ludovic Orban <lorban@bitronix.be>
Signed-off-by: Olivier Lamy <olamy@apache.org>
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Co-authored-by: Ludovic Orban <lorban@bitronix.be>
Co-authored-by: Olivier Lamy <olamy@apache.org>
Co-authored-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Co-authored-by: Chad Wilson <chadw@thoughtworks.com>
Co-authored-by: Simone Bordet <simone.bordet@gmail.com>
* Various cleanups of Handler.insertHandler
* Added missing call to relinkHandlers() in setHandler() after calling super.
* Moved call to relinkHandlers() in insertHandler(), as the various setSession|Security|ServletHandler() already call relinkHandlers().
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
---------
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Co-authored-by: Simone Bordet <simone.bordet@gmail.com>
The local/remote SocketAddress is cached within the ConnectionMetaData or Connection instance, so that any changes are not visible during the request lifetime.
Ensure that all server Connection types respect HttpConfiguration#getLocalAddress and that it is not implemented only in servlet layer
Avoid DNS resolution.
---------
Co-authored-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Improve handling of SSL metadata in ConnectionMetaData, proxied connections and forwarded requests
+ Added an Attributes.Synthetic mechanism to better (and mor commonly) handle additional attributes, whilst meeting the new TCK requirement that they can be deleted or replaced.
+ Made SslSessionData a reusable type provided by EndPoint
+ Added the EndPoint.Securable subtype that can provide a SslSessionData instance for secure EndPoints
+ Updated ForwardedRequestCustomizer, SecureRequestCustomizer to understand Securable and SslSessionData
+ Javadocs improvements.
+ Removed unnecessary attribute constants in SecureRequestCustomizer.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
---------
Signed-off-by: Olivier Lamy <olamy@apache.org>
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Co-authored-by: Olivier Lamy <olamy@apache.org>
Co-authored-by: Simone Bordet <simone.bordet@gmail.com>
Recycle ServletChannel in ServletContextHandler rather than in ServletHandler, so that completion events on servlet API request/response can be handled.
* Fix overlays with CombinedResource
* Improvements to CombinedResource for AnnotationParser
* Added `contains` and `getPathTo` methods to the Resource API, so they can be used by the AnnotationParser
* Fixed numerous bugs in CombinedResource list and getAllResources
* handles cross file system copy as well.
* Reduced fallback to URI string manipulation.
---------
Co-authored-by: gregw <gregw@webtide.com>
Co-authored-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
* Send attributes as Map<String,String>
* JMX-annotated ErrorHandler, fixed usage of showMessageInTitle and removed showServlet.
* JMX-annotated Request.Handler.
* Added JMX test module to test improvements to JMX.
Co-authored-by: Simone Bordet <simone.bordet@gmail.com>
* Avoid a copy in MutableHttpFields.asImmutable if the mutable is never mutated again.
* reduce instance creations needed for iterations
---------
Co-authored-by: Ludovic Orban <lorban@bitronix.be>
* Issue #7408 fix scope of maven dependencies for ee10
* Issue #7408 fix scope of maven dependencies for ee10 jspc and restore it test which were disabled
* Issue #7408 fix scope of maven dependencies for ee9 maven plugin
* Issue #7408 fix scope of maven dependencies for ee9 jspc and restore it test which were disabled
* Issue #7408 fix scope of maven dependencies for ee8 maven plugin
* Issue #7408 fix scope of maven dependencies for ee8 jspc and restore it test which were disabled
---------
Signed-off-by: Olivier Lamy <olamy@apache.org>
Web functions are currently supported with servlets. These changes add/move utility classes to core to better support direct usage of core APIs
* increase usage of Charset in request
* Added flush mechanism to BufferedContentSink
* Issue #10466 review session documentation.
Also fix session config context init param names and add missing code to
configure SessionHandler via context init params, and added test for
config.
Introduce `Utf8CharacterCodingException` and `Utf8IllegalArgumentException` as a substitutes for the removed `Utf8Appendable.NotUtf8Exception`.
* Updates from review
* Issue #10328 - Review ResourceFactory.newSystemResource
+ Create a new ResourceFactory.newClassLoaderResource(String, boolean)
+ Make .newSystemResource(String) use it
+ Make .newClassPathResource(String) use it
+ Deprecate .newSystemResource(String)
+ Deprecate .newClassPathResource(String)
+ Adjust own codebase to not use deprecated methods
* Using request.getLength() instead of looking up the Content-Length header.
* Jetty Handler vs Servlet pros.
* Using CompletableFuture (not Promise) in examples.
* Removed unused cruft from tests.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Improved parsing of JSESSIONID cookies and jsessionid parameters.
Better handling of invalid and duplicate session IDs
Co-authored-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Co-authored-by: Jan Bartel <janb@webtide.com>
* Added SetCookieParser interface and RFC6265SetCookieParser implementation to properly parse Set-Cookie values.
* Removed hacky implementation in HttpClient.
* Removed unused methods in HttpCookieUtils.
* Using SetCookieParser for the implementation of newPushBuilder in ee9,ee10.
* Reworked HttpCookieStore.Default implementation.
* Implemented properly cookie path resolution.
* Using URI.getRawPath() to resolve cookie paths.
* Removed secure vs. non-secure scheme distinction when storing cookies.
* Refactored common code in HttpCookieStore.Default to avoid duplications.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Introduced QoSHandler.
* Updated documentation, and removed old documentation.
* Now using dynamic max priority.
The current implementation retains priorities and queue as they are created, but hopefully the priority range is constrained.
* Better algorithm for resuming: rather than releasing a permit and try to acquire it again, keep the permit and resume a request.
This also removes the issue that a request could have been suspended again, therefore remaining suspended much more than maxSuspend.
* Deprecated QoSFilters in ee10 and ee9.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Introduced CompletableResponseListener, a replacement for FutureResponseListener that uses better APIs based on CompletableFuture.
Deprecated FutureResponseListener and replaced its usages.
Updated documentation.
Added tests for zipped request content.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Use the core response HttpFields directly as the ee9 response headers to avoid copy and retain persistent field behaviour.
Fix#10416 EE9 Response headers
Added EE9 test to show that Persistent fields can be modified
Updated fix for #10339 so that persistent fields revert to original values after a clear operation
* Added javadocs where missing and updated existing in both HttpFields and HttpField.
* Removed HttpFields.takeAsImmutable() because it had a confusing semantic.
* Deprecated HttpFields.[Mutable|Immutable]HttpFields and moved their implementation to top level package private classes.
* Deprecated HttpField.valueParameters(), as there is an identical getValueParameters()
* Fixed inconsistencies of HttpField.value, where in most cases could not be null, but in one case was allowed; now it can never be null.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Improve Jetty 12 DefaultServlet
+ don't wrap the httpServletRequest unless necessary due to wrapping
+ don't wrap the httpServletResponse unless necessary due to wrapping
+ send content asynchronously if large and unfiltered
+ Remove unused boolean return from ServletChannel.handle
+ added TODOs where range request handling could calculate content length
+ Call multipartlength, even though it is always -1
+ Use static for bytes written
remove lambdas for clarity
TODO Non-blocking error dispatch
TODO isHandled does not exist
TODO checkAndPrepareUpgrade and implement servlet upgrade?
remove unused variables
review javadoc (including any warnings)
review any compiler or findbug warnings (if any)
---------
Signed-off-by: gregw <gregw@webtide.com>
* Allow better configuration of WebAppContext classloader
Moved the creation of a WebAppContext classloader into an extensible method.
* Allow better configuration of WebAppContext classloader
EE8/9 also
* Allow better configuration of WebAppContext classloader
Only close loader if context created it.
* Fix#10229 Idle Timeout
Added test to reproduce
Fixed NPE if no failure listener
Possible
Added test that idle works between requests
EE9 idle timeout
idle if read operation
Handle idleTimeout for IO operations differently
improve comments
fixed test to not expect timeout listener to be called if there is demand
Idle timeouts for IO operations are not last.
Disable transient idle timeouts since AsyncContentProducer cannot handle them.
revert test to persistent idle failures
* Updating various old/moved URL references found across project (`jetty-10.0.x`) (#10098)
+ Now that the migration of `https://eclipse.org/jetty/` to `https://eclipse.dev/jetty/` has occurred, it is time to review the URI use in our project
+ Updated URLs in poms
+ Added more URIs to XmlConfiguration
+ Updated URLs in module files
+ Updated URLs in documentation
+ Updated URLs in HTML
+ Correcting bad double-scheme URLs (eg: `http://https://www.eclipse...`)
+ Updating text in *.mod files
+ Removing `/current/` from path `/jetty/documentation/current/`
+ Fixing mailing list URL
+ Fixing github URL references in jsps
---------
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
* Various cleanups of StringUtil and TypeUtil
Removed deprecated and unused methods
Moved charset handling to MimeTypes
resolve IDE warnings
* updates from review
* Issue #10084 - Directory entries on return of getResourcePaths(String) should include trailing slash
* Issue #10084 - Fixing test case order of entries in collection expectation
* Issue #10084 - Implementing fix for ee9
* Issue #10084 - Fixing bug in ServletContext.getRealPath() impl
* Issue #10084 - Fixing tests in ee9 to make them compatible with ee8 conversion
* Bring Resource.getFileName in alignment with other JVM methods of the same name. (eg: Path.getFileName)
* Remove usage of instanceof Content.Chunk.Error
* Updated AsyncContent to accept a transient failures
* Updated AsyncContent to accept a transient failure with inputstream
This PR refactors the ee10 handing of servlet API request and response objects:
+ The ServletContextHandler matches the request to a servlet and creates a one time only ServletContextRequest and a ServletContextResponse
+ A reusable ServletChannel object with all the heavy weight HttpInput and HttpOutput object is associated with the ServletContextRequest and ServletContextResponse.
+ Once the handling reaches the ServletHandler, the possibly wrapped request, response and callback are associated with the ServletChannel before handling.
+ Were possible the ServletApiRequest and ServletApiResponse use the possibly wrapped request/response
Added tests to check that GzipHandler can now be nested inside of an EE10 context.
---------
Signed-off-by: Ludovic Orban <lorban@bitronix.be>
Signed-off-by: gregw <gregw@webtide.com>
Co-authored-by: Ludovic Orban <lorban@bitronix.be>
* Make a test case to resemble a failing tck test
* Add more test cases more like the tck test
* Fixed processing of EOF frames for pushed requests.
Before, the EOF frame was not added to the HTTP2Stream queue.
When the pushed request was completing it tried to consume the available content, but it was not finding EOF and so was emitting a reset frame, causing the TCK failure.
Now the EOF frame is always added to the HTTP2Stream queue, so it is properly consumed when completing the pushed request.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Fix H2 trailers frames
Signed-off-by: Ludovic Orban <lorban@bitronix.be>
---------
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Signed-off-by: Ludovic Orban <lorban@bitronix.be>
Co-authored-by: Simone Bordet <simone.bordet@gmail.com>
Co-authored-by: Ludovic Orban <lorban@bitronix.be>
* IdleTimeout review
+ pass TimeoutException through all APIs
+ HttpConnection now passes on TimeoutException to HttpChannel.onFailure
* More ServerTests for idletimeout
* Recreated a ServerTimeoutsTest for multiple transports
* more robust tests
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* merged work from @sbordet and @gregw
* Various improvements to CyclicTimeouts.
* Improved reset of the earliest timeout before iteration.
* Removed check for getExpireNanoTime() == -1, since it's a valid value.
* When onExpired(Expirable) returns false, the Expirable should arrange to move its timeout in the future.
* fix keystore to please BoringSSL + use correct temp path
Signed-off-by: Ludovic Orban <lorban@bitronix.be>
* Fixed ErrorResponseAndCallback succeeded() and failed() to call super.failed() in all cases to complete the wrapped callback.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Revert "Fixed ErrorResponseAndCallback succeeded() and failed() to call super.failed() in all cases to complete the wrapped callback."
This reverts commit 5ac57c13e0.
* WIP idleTimeout
* WIP idleTimeout
* Added context wrapper for idle timeout listener
* updates from review
---------
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Signed-off-by: Ludovic Orban <lorban@bitronix.be>
Co-authored-by: Simone Bordet <simone.bordet@gmail.com>
Co-authored-by: Ludovic Orban <lorban@bitronix.be>
* Resolve#8819 CustomRequestLog improvement
Resolves#8819 CustomRequestLog improvements:
+ only add extra detail if the log is a CustomRequestLog
+ add extra detail as a record
+ get authentication state directly from request attribute
* protect against null core request
* protect against null core request
* Use nanotime for logged latency
* Issue #9072 refactor jetty-ee module to remove it
* Remove old ee imports in module-info.javas
* Remove jetty-ee from deps
* Fix references to jetty-ee for osgi
* Update jetty-core/jetty-server/src/main/java/org/eclipse/jetty/server/Deployable.java
Co-authored-by: Greg Wilkins <gregw@webtide.com>
---------
Co-authored-by: Greg Wilkins <gregw@webtide.com>
* Add test to show failure
* Fix#9760 EE9 Cookies
Fix#9760 Only set path and domain if they are not blank
* Fix#9760 EE9 Cookies
Fix#9760 Only set path and domain if they are not blank
Switch on violation rather than type
* Handle legacy cookie version and comment
* Handle cookie version and comment
---------
Co-authored-by: gregw <gregw@webtide.com>
Simplified QuotedStringTokenizer #9729
* Now implements a simple subset of `quoted-string` from RFC9110
* introduced builder
* Extracted QuotedStringTokenizer interface and re-introduced the legacy implementation
* Re-introduced the ability to have unescaped \ in filenames
* Whitespace is Character.isWhiteSpace
* Disable test pending RFC8187
* No OWS around =
* Restored dispatch=true for pushed requests.
* Restored tests that use the Servlet APIs to push.
* Ensured that pushed streams have request content EOF.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Optimize Content-Length: 0 handling
Create and use a pre-encoded HttpFields.CONTENT_LENGTH_0 constant
Used the constant in more places
renamed the `putLongField` methods of HttpFields.Mutable to just `put`
Fixed wrong docs examples
* Removed unnecessary classes, among which `BatchMode`, `CloseStatus`, etc.
* Coalesced all listener interfaces into `Session.Listener`.
* Moved `RemoteEndpoint` functionality to `Session`.
* Renamed `WebSocketPolicy` to `Configurable`.
* Renamed `WriteCallback` to just `Callback`, as it is now also used for some listener methods.
* Renamed `@OnWebSocketConnect` to `@OnWebSocketOpen`
* Renamed `Session.Listener.onWebSocketConnect()` to `onWebSocketOpen()`.
* Removed `@WebSocket` annotation attributes, because they were just a subset of the configurable ones and they can be configured directly on the Session instance.
* Removed `Session.suspend()` and `SuspendToken`, and introduced `Session.demand()`.
* Introduced `@WebSocket.autoDemand` and `Session.Listener.AutoDemanding` to support automatic demand upon exit of WebSocket handler methods.
* Removed `FrameHandler.isAutoDemanding()` and `CoreSession.isAutoDemanding()`.
* Changed the responsibility of demand from `WebSocketCoreSession` to `FrameHandler`, which in turn may delegate to `MessageSink`.
* Updated MessageInputStream to fail if an exception is thrown by the application.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Simplified the use of reflection.
* Improved `setShutdownContainer()` to take into account multiple web applications,
so it is now a `Map<ClassLoader, ContainerLifeCycle>` so that each web application
has its own container to register `JakartaWebSocketClientContainer` instances.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Removed unnecessary constructors from MetaData, MetaData.Request and MetaData.Response.
* Removed MetaData.Request.getURIString() (available as getHttpURI().toString()).
* Renamed MetaData.getFields() -> getHttpFields(), as they can be headers or trailers.
* Renamed MetaData.Request.getURI() -> getHttpURI().
* Normalized handling of contentLength, now always -1 (rather than Long.MIN_VALUE) if unknown.
* Permutated MetaData.Response constructor parameters to be consistent with MetaData.Request.
* MetaData.Request's method and httpURI must be non-null.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Deleted the Ut8fStringBuffer and Utf8Appendable classes in favour of just having Utf8StringBuilder
* Simplified the Utf8StringBuilder and CharsetStringBuilder APIs and improved their exception throwing.
* Allow for replacement characters without throwing
---------
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
Signed-off-by: gregw <gregw@webtide.com>
Co-authored-by: Lachlan Roberts <lachlan@webtide.com>
Co-authored-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
* Removed requestlog attributes that were never used.
* Code cleanups to remove usage of deprecated methods.
* Using MavenPaths.findTestResource* in ee9/ee10 tests to allow ee8 translation to function
* Fixed ClientCertAuthenticatorTest in both ee9 and ee10.
* Removed deprecated ClientCertAuthenticator in both ee9 and ee10.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Co-authored-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
* Moved -api, -common, -client to jetty-core/jetty-websocket.
* Implemented jetty-core/jetty-websocket/jetty-websocket-jetty-server using only Jetty core APIs, not Servlet.
* Fixed Graceful shutdown order.
* Fixed mistakes in HttpFieldsWrapper, wrongly calling HttpHeader.name() instead of asString().
* Updated tests to pass cleanly.
* Fixed BOMs and POM dependencies.
* Introduced websocket-jetty.mod and websocket-jetty-client.mod, now used by ee10's Jetty WebSocket.
* Fixed OSGi references to old artifactIds.
* Added test to show how to lookup and use ServerWebSocketContainer from a Handler.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Simone Bordet
Greg Wilkins
Joakim Erdfelt
Jan Bartel
Ludovic Orban
Lachlan
Olivier Lamy
Olivier Lamy
Steffen Nießing