* SessionCookieConfig name may be null
Protect against NPE by make a null name in SessionCookieConfig deactive session cookies.
* SessionCookieConfig name may be null
Protect against NPE by make a null name in SessionCookieConfig deactive session cookies.
* SessionCookieConfig name may be null
Protect against NPE by make a null name in SessionCookieConfig deactive session cookies.
* feedback from review
added static method to convert null name to default.
Moved jetty-dir.css from jetty-util to jetty-server,
so that it can be found by ResourceHandler when using JPMS.
Updated DefaultServlet to call a ResourceHandler method
to retrieve the stylesheet.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Issue #5022 Filter Cache cleanup
Issue #5022 Filter Cache cleanup:
+ Fixed many compiler warnings
+ removed old LazyList leftovers
+ Don't create holder string for source unless required
+ Only have a single type of chain, so it can be wrapped regardless of cache
+ Reverse mappings lists to make filter chain creation easier
+ build chain directly rather than build a list then a chain
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* added comment to explain ordering
Signed-off-by: gregw <gregw@webtide.com>
* More cleanups
* fixed toString format
turn off debug in OSGI test
If SessionHandler.newHttpSession(Request) fails to create a session
it returns null. Request.getSession(true) cannot throw a checked
exception, nor can it return null, so we should throw ISE.
Signed-off-by: Jan Bartel <janb@webtide.com>
* Issue #5357 - Updating to https://eclipse.org/
- Removing redundant <url> refs in pom.xml
- Correcting bad indenting from merge
- Correcting mailing list references
- Correcting bugs.eclipse.org references
- Correcting text file references
- Correcting html references
- Correcting further references
- Correcting download.eclipse.org reference
- Adding test for demo-base /proxy/current/
- Ensuring jetty-client is included in javadoc-proxy.war/WEB-INF/lib
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
+ Merge ProxyPass tests from CheckReverseProxyHeadersTest into
ForwardedRequestCustomizerTest
+ Deleted CheckReverseProxyHeadersTest.java
+ Add more tests for ForcedHost configuration
+ Updated ForwardedRequestCustomizer to conform to expectations
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
+ In the case of HEAD, the servlet-api response is a wrapper
of javax.servlet.http.HttpServlet$NoBodyResponse
We know the content_length, use it.
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
If the request is async dispatched, the check state.isSuspended() is not
correct to determine if the request was async or not. The check
state.isAsyncStarted() should be used instead.
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
On the client:
* Origin.Address.host is passed through HostPort.normalizeHost(),
so that if it is IPv6 is bracketed.
Now the ipv6 address passed to an `HttClient` request is bracketed.
* HttpRequest was de-bracketing the host, but now it does not anymore.
On the server:
* Request.getLocalAddr(), getLocalName(), getRemoteAddr(),
getRemoteHost(), getServerName(), when dealing with an IPv6 address,
return it bracketed.
The reason to return bracketed IPv6 also from *Addr() methods is that
if it is used with InetAddress/InetSocketAddress it still works, but
often it is interpreted as a URI host so brackets are necessary.
* DoSFilter was blindly bracketing - now it does not.
Added a number of test cases, and fixed those that expected
non-bracketed IPv6.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Issue #5088 Review ContextHandler locking
The locking was primarily as a memory guard for the availability status, which was already volatile.
Have instead using an AtomicReference with a simple state machine layered on top of start/stop lifecycle.
There was also protection for AttributesMap, which is no longer needed as AttributesMap is now concurrent.
* Issue #5088
updates from review
* Issue #5088
updates from review (better this time)
* Fixes#5057 Included root context path
Root context path in include should be empty string.
* Issue #5057
merged context path methods as result of review.
ServletContent.getContextPath now returns the encoded contextPath (if anybody is silly enough to have one).
Fixes#4971 - Simplify Connection.upgradeFrom()/upgradeTo().
Now the upgrade-from connection produces a "floating" buffer
(not belonging to a pool), so that it can release the original buffer.
The upgrade-to connection is free to copy or store this "floating" buffer.
Strengthened ByteBufferPool behavior when releasing non-pooled
ByteBuffers: the buffer is now discarded.
Updated javadocs and all implementations.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Fixes#4967 - Possible buffer corruption in HTTP/2 session failures
Partially reverted the changes introduced in #4855, because they
were working only when sends were synchronous.
Introduced ByteBufferPool.remove(ByteBuffer) to fix the issue.
Now when a concurrent failure happens while frames are being
generated or sent, the buffer is discarded instead of being
recycled, therefore resolving the buffer corruption.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Fixes#4855 - Occasional h2spec failures on CI
In case of bad usage of the HTTP/2 API, we don't want to close()
the stream but just fail the callback, because the stream
may be performing actions triggered by a legit API usage.
In case of a call to `AsyncListener.onError()`, applications may decide to call
AsyncContext.complete() and that would be a correct usage of the Servlet API.
This case was not well handled and was wrongly producing a WARN log with an
`IllegalStateException`.
Completely rewritten `HttpTransportOverHTTP2.TransportCallback`.
The rewrite handles correctly asynchronous failures that now are executed
sequentially (and not concurrently) with writes.
If a write is in progress, the failure will just change the state and at the
end of the write a check on the state will determine what actions to take.
A session failure is now handled in HTTP2Session by first failing all the
streams - which notifies the Stream.Listeners - and then failing the session
- which notifies the Session.Listener.
The stream failures are executed concurrently by dispatching each one to a
different thread; this means that the stream failure callbacks are executed
concurrently (likely sending RST_STREAM frames).
The session failure callback is completed only when all the stream failure
callbacks have completed, to ensure that a GOAWAY frame is processed after
all the RST_STREAM frames.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Issue #4936 - Adding LargeHeaderTest to replicate issue
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
* Issue #4936 - Updating LargeHeaderTest to use ServerConnector
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
* Issue #4936 - Fail LargeHeaderTest if client detects issues.
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
* Issue #4936 large response header buffer corruption
If the response buffer is too large, the header buffer was released
but not nulled, then an exception thrown, which again released the
not nulled buffer. The buffer thus ends up in the buffer pool twice!
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #4936 large response header buffer corruption
removed old comment
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Co-authored-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Joakim Erdfelt
Greg Wilkins
Simone Bordet
Jan Bartel
Lachlan
Thomas Draebing