refactored the complete method to consider unrecoverable API states no matter what the httpout state
actually is. This avoid duplication of OPEN, CLOSING, CLOSED etc. handling.
Ensure that HttpInput is always closed to EOF, EarlyEOF or Error, so that non container threads doing blocking reads
will not block forever, even if late. Delay recycling of HttpInput until next request is received.
Introduced new properties jetty.sslContext.keyStoreAbsolutePath
and jetty.sslContext.trustStoreAbsolutePath to default to
${jetty.base}/etc/keystore.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Fix#5794 Close socket on bind failure
Fix#5794 Close socket on bind failure
* Fix#5794 Close socket on bind failure
Fix#5794 Close socket on bind failure
* Fix#5794 Close socket on bind failure
Update fix with IO.close()
* enable spotbugs in CI
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
record issues
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
use warning new generation
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
activate errorprone
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
fix Jenkinsfile
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
do not run spotbugs for jetty-runner as we do not want to fix all dependencies bugs :)
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
junit should allow empty results
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
maven console can be use only once...
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
one liner
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
recordissues only once
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
force id
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
aggregate results
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
configure a name for aggregated reports
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
mo more -T3 no need anymore of remote session test profile
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
I want to see what failing tests look like with new report.
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
skip spotbugs for jetty-jmh
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
get rid of findbugs as we now have spotbugs
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
Revert "I want to see what failing tests look like with new report."
This reverts commit df0d13e4c53d7461872e1f925ec06bd36e4a66c9.
activate errorProne parser
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
make pmd quiet for CI
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
remove -fae flag and do not display transfer progress
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
try junitParser() to see what it does
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
junit parser is a bad idea...
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
increase timeout
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
no -T2 for javadoc
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
fix skip spotbugs and pmd verbose
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
* remove -T options
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
Removed the jetty-server and jetty-servlet test-jar artifacts.
The only one left is the jetty-maven-plugin test-jar.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
With this minimal change one can provide different cookie configs for the same SessionHandler
without coping the whole method into the inherited class.
Signed-off-by: Dejan Pecar <dejan.pecar@abacus.ch>
* Use File.list and File.walk within a try with resource
The API contract of File.list and File.walk requires them to be closed after use.
* Fix from review
Left out filter
* Fix from review
Factored out deleteFile with better debug
* Fix from review
Can delete files whilst walking
* Fix from review
Restored sweepFile
fixed minor code suggestions
HttpInput.run() now uses contentProvider.isReady() to ensure that
if there is no content, the fill interest is set.
AsyncContentProvider.isReady() is now looping if there is content
but it cannot be transformed (e.g. too few gzipped bytes).
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Writing content in separate writes may result in the server
only reading partial content, producing a response with
`Connection: close` that would cause the client socket to
stop receiving data for the next response, failing the test.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Issue #5605 unconsumed input on sendError
Add Connection:close if content can't be consumed during a sendError. Processed after the request has returned to the container.
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Update from review
+ Add close on all uncommitted requests when content cannot be consumed.
* Update from review
+ fixed comment
+ space comma
* Only consume input in COMPLETE if response is >=200 (ie not an upgrade or similar)
* Updated to be less adventurous
I do not think it was valid to always consumeAll in COMPLETE as this could break upgrades with both 101s and 200s
Instead I have reverted to having this consumeAll logic only:
+ in sendError once control has passed back to the container and we are about to generate an error page.
+ in front of all the sendRedirection that we do without calling the application first.
Extra tests also added
* Updated to be less adventurous
reverted test
* Testcase for odd sendError(400) issue.
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
* Fix for odd sendError(400) issue.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Testcase for odd sendError(400) issue.
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
* Always try to consumeAll on all requests
* Refinements after testing in 10
* Refinements after testing in 10
Fixed test
* Fixed comment from review
* Updates from review
+ added redirect methods that consumeAll
+ ensureContentConsumedOrConnectionClose renamed to ensureConsumeAllOrNotPersistent
+ ensureConsumeAllOrNotPersistent now handles HTTP/1.0 and HTTP/1.1 differently
* better consumeAll implementation
* update from review
+ better javadoc
+ filter out keep-alive
+ added more tests
* update from review
+ better javadoc
* update from review
+ fixed form redirection test for http 1.0 and 1.1
* update from review
+ HttpGenerator removes keep-alive if close present
+ Use isRedirection
Co-authored-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Co-authored-by: Simone Bordet <simone.bordet@gmail.com>
* For #5650 protect from bad SslSession
Better protection from a bad SslSession like seen in #5650
* review indicated that there is too much depth to defend. So just a little cleanup in this PR.
* Cleanup request/response recycle #4711
Reordered recycle in request and response to field order so that we can check that all fields are recycled.
* Fixed ordering of reader consumption
* update from review
* Fix#5562 Improve HTTP Field cache allocation
Fix#5562 by initially putting cacheable fields into a inexpensive arraylist.
Only create the Trie (with space and complexity costs) if a second request is received.
* Fixed NPE
* Feedback from review
Create `HttpHeader.isPseudo()`` method
improved clarity with `createFieldCacheIfNeeded()``
* Feedback from review
Only defer Trie creation to first cacheable field, not until next request.
* Updates from review
* Update from review
+ more javadoc
+ empty set return
Make EOF and errors be special content.
Transition to a much simplified FSM by using the needContent() / produceContent() model.
Implement blocking on top of async, this way there is only one FSM.
(Milestone 6)
Signed-off-by: Ludovic Orban <lorban@bitronix.be>
* SessionCookieConfig name may be null
Protect against NPE by make a null name in SessionCookieConfig deactive session cookies.
* SessionCookieConfig name may be null
Protect against NPE by make a null name in SessionCookieConfig deactive session cookies.
* SessionCookieConfig name may be null
Protect against NPE by make a null name in SessionCookieConfig deactive session cookies.
* feedback from review
added static method to convert null name to default.
Moved jetty-dir.css from jetty-util to jetty-server,
so that it can be found by ResourceHandler when using JPMS.
Updated DefaultServlet to call a ResourceHandler method
to retrieve the stylesheet.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Fixes#5379 - Better handling for wrong SNI.
Reworked the SNI logic.
Added support for IP addresses in the SAN extension of certificates in the X509 class.
Fixed keystores to have CN=localhost and SAN with ip=127.0.0.1 and ip=[::1].
Fixed tests that were not using the correct Host header.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Issue #5022 Filter Cache cleanup
Issue #5022 Filter Cache cleanup:
+ Fixed many compiler warnings
+ removed old LazyList leftovers
+ Don't create holder string for source unless required
+ Only have a single type of chain, so it can be wrapped regardless of cache
+ Reverse mappings lists to make filter chain creation easier
+ build chain directly rather than build a list then a chain
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* added comment to explain ordering
Signed-off-by: gregw <gregw@webtide.com>
* More cleanups
* fixed toString format
turn off debug in OSGI test
If SessionHandler.newHttpSession(Request) fails to create a session
it returns null. Request.getSession(true) cannot throw a checked
exception, nor can it return null, so we should throw ISE.
Signed-off-by: Jan Bartel <janb@webtide.com>
* Issue #5357 - Updating to https://eclipse.org/
- Removing redundant <url> refs in pom.xml
- Correcting bad indenting from merge
- Correcting mailing list references
- Correcting bugs.eclipse.org references
- Correcting text file references
- Correcting html references
- Correcting further references
- Correcting download.eclipse.org reference
- Adding test for demo-base /proxy/current/
- Ensuring jetty-client is included in javadoc-proxy.war/WEB-INF/lib
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
* Issue #5304 HTTP2 HostHeader
Updated HostHeaderCustomizer to actually add the Host header, either from values passed in the custructor or from the getServerName and getServerPort methods.
The HttpURI is no longer updated.
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #5304 HTTP2 HostHeader
+ Found and fixed bug in HttpFields
+ Added port normalization support to HttpScheme
+ added test
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* blank line
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #5304 HTTP2 HostHeader
+ refixed bug in HttpFields
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #5304 HTTP2 HostHeader
+ still fixing HttpFields bug
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #5304 HTTP2 Host Header
updates from review
Reworked the start documentation.
Started skeleton of the operations guide.
Removed old_docs/deploying/hot-deployment.adoc and
old_docs/gettingstarted/getting-started/jetty-deployment.adoc,
since its content has been moved to the refactored documentation.
Restructured the skeleton of the operations guide.
Removed old_docs/deploying/anatomy-of-a-webapp.adoc,
since its content has been moved to the refactored documentation.
Removed old_docs/deploying/automatic-webapp-deployment.adoc,
since its content has been moved to the refactored documentation.
Removed old_docs/deploying/configuring-virtual-hosts.adoc,
since its content has been moved to the refactored documentation.
Removed old_docs/contexts/serving-webapps-from-particular-port.adoc
and example-jetty-embedded/src/main/resource/jetty-otherserver.xml,
since its content has been moved to the refactored documentation.
Simplified POMs.
Simplified index.adoc files, refactoring common things into config.adoc.
Expanded the deploy configuration documentation.
Expanded the protocols configuration documentation.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
+ Merge ProxyPass tests from CheckReverseProxyHeadersTest into
ForwardedRequestCustomizerTest
+ Deleted CheckReverseProxyHeadersTest.java
+ Add more tests for ForcedHost configuration
+ Updated ForwardedRequestCustomizer to conform to expectations
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
The CRC32 checksum may need to convert the ByteBuffer to an array anyway so
we are better off not setting the deflater input with ByteBuffer directly.
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
+ In the case of HEAD, the servlet-api response is a wrapper
of javax.servlet.http.HttpServlet$NoBodyResponse
We know the content_length, use it.
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
If the request is async dispatched, the check state.isSuspended() is not
correct to determine if the request was async or not. The check
state.isAsyncStarted() should be used instead.
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
+ Reverting name ResourceFactory.newResource(String)
to .getResource(String)
+ Reintroducing Resource.getResource(String)
+ ResourceHandler.getResource(String) cleaned up
in light of Exception handling requirement
+ Resource.addPath(String) implementations can
never return null now
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
+ Now parsed by WebAppContext into List<Resource>
+ Reintroduced Resource.fromList
+ Refactored ResourceFactory to never return null
and always throw an exception if unable to
get/create/resolve the Resource
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
On the client:
* Origin.Address.host is passed through HostPort.normalizeHost(),
so that if it is IPv6 is bracketed.
Now the ipv6 address passed to an `HttClient` request is bracketed.
* HttpRequest was de-bracketing the host, but now it does not anymore.
On the server:
* Request.getLocalAddr(), getLocalName(), getRemoteAddr(),
getRemoteHost(), getServerName(), when dealing with an IPv6 address,
return it bracketed.
The reason to return bracketed IPv6 also from *Addr() methods is that
if it is used with InetAddress/InetSocketAddress it still works, but
often it is interpreted as a URI host so brackets are necessary.
* DoSFilter was blindly bracketing - now it does not.
Added a number of test cases, and fixed those that expected
non-bracketed IPv6.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Issue #5088 Review ContextHandler locking
The locking was primarily as a memory guard for the availability status, which was already volatile.
Have instead using an AtomicReference with a simple state machine layered on top of start/stop lifecycle.
There was also protection for AttributesMap, which is no longer needed as AttributesMap is now concurrent.
* Issue #5088
updates from review
* Issue #5088
updates from review (better this time)
* Replaced relevant usages of synchronized with AutoLock.
* Made AutoLock serializable since classes that use it may be stored in the HttpSession.
* Added convenience methods to AutoLock to execute lambdas with the lock held.
* Introduced AutoLock.WithCondition to use a Lock and a Condition together.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Fixes#5057 Included root context path
Root context path in include should be empty string.
* Issue #5057
merged context path methods as result of review.
ServletContent.getContextPath now returns the encoded contextPath (if anybody is silly enough to have one).