HttpClient was confused by servers that responded
with two 100 Continue in the same HTTP conversation.
Now, whether the 100 Continue response has been handled
already is stored per-request, not per-conversation.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Issue #2439 - Remove HTTP/2 data copy.
Implemented reference counting for the network buffer, with the
semantic that calling succeeded() on callbacks decrements the
reference count.
Introduced interface Retainable, used by the client when notifying
multiple application content listeners.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Changed the base64 pattern to only accept token68 pattern from rfc7235#appendix-C
Add limit to recusion depth of multiple challange matching to stop any vulnerablilties related to malicious server overflowing client stack
Regex no longer allows trailing whitespace
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
- Multiple challanges in the same header can now be parsed successfully.
- Will now allow a base64 value after the auth-scheme instead of parameters. Which can be used for the Negotiate auth-scheme.
- Added more in depth testing for tricky cases.
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
Removed the regex to separate out the realm parameter and instead parse it with the other parameters into HeaderInfo.
Changed HeaderInfo to store the parsed parameters as a Map instead of the un-parsed parameters in a string.
The parsing of the parameters is now done in AuthenticationProtocolHandler.newHeaderInfo(String) and then passed into the HeaderInfo instead of Parsing it in DigestAuthentication.
Replaced the usage of splitParams(String) with QuotedCSV used to parse the parameters.
Added test to check the ordering of parameters doesn't matter.
Allow not to have a realm parameter, changed DigestAuthentication.matches() to not match if realm is null, so that Digest Authentication requires realm parameter but any Basic Authentication can be done without it. There is currently no tests for this.
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
Regex will now look for comma and spaces before realm. Preventing issues accepting params with realm as a suffix like blahrealm.
Stops adding double commas when extracting realm param.
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
Fixed method, added Javadocs and cleaned up code with a few renamings
to better comply with AtomicLong naming.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Introduced ConnectionPool.Multiplexable for connection pools that support multiplexing.
Reworked RoundRobinConnectionPool to support multiplexing.
Moved tests to test RoundRobinConnectionPool with both HTTP/1.1 and HTTP/2.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Now exiting the parse loop when the response is complete; if there
are bytes remaining in the buffer, then it's cleared out.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Changed the signature of HttpParser.Listener.onBadMessage()
to take a BadMessageException and updated dependent code.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Introduced property connectBlocking in HTTP2Client so that it can
be forwarded by HttpClient and then used for HTTP/2 connects.
Also introduced HTTP2Client.bindAddress, again forwarded from HttpClient.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Issue #2293 Pending Multiplexed Connections
Added a AtomicBiInteger to allow both total connections and pending connections to be encoded in the
same atomic int.
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Modified uri value in Authorized header as per discussion in #2160.
Signed-off-by: Alex Bleasdale <ableasdale@marklogic.com>
Reviewed-by: Simone Bordet <simone.bordet@gmail.com>
There are still problems with this impl (some client tests ignored) and there is still a work around for the JNR bug 50, however this impl is already much better than the unix socket support that is already in the release. So will merge for now and put more effort in once there is a JNR fix.
* WIP add unix domain sockets support in HttpClient
* move unix socket client part to unix socket module #2014
* some cleanup #2014
* add missing headers #2014
* add TODO
* UnixSocket client refactor
* cleanup test and pom
* minor changes, use LOG.isDebugEnabled() before using debug method
* add UNIX SOCKET http client test with all other tests, push this to see what happen on Jenkins
* fix some unit tests
* fix more tests
* fix load test
* UnixSocket client
* Demonstrate JNR bug
* Worked around JNR bug 50
* close channel on client side as well
* more details in log
* log file path as well
* #2014 disable test per default as doesn't work on some environement
* Revert "#2014 disable test per default as doesn't work on some environement"
* test only on unix
* Allow test of specific transport(s)
* Move unix socket to /tmp
* move test socket to /tmp
* move test socket to /tmp
* ignore failing tests for now
* fix bean name and possible to use sys prop org.eclipse.jetty.http.client.AbstractTest.Transports with mvn cli
* test isBlank as surefire props is not null
* correctly create tmp file with @Before
* do not delete file
* use /tmp as build directory doesn't seem to work within docker...
* do not delete sock file on client as it is own by the server
* file must not exist when binding unix socket
* #2014 fix license header
* network specific tests assumed
* Fixed to handle null selector keys
* add assume for tests that assume a network connector
Signed-off-by: olivier lamy <olamy@webtide.com>
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Fixed destroy of HttpChannel for HTTP/1.1: not at release()
because the connection and therefore the channel will be reused,
but at close(), when we're sure the connection will not be reused.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Scalable scheduler changes for #1918
* Added HttpChannel.destroy to destroy CyclicTimer
* fixed rebase with HttpConnectionOverFCGI
* renamed to acquire
* Destroying the HttpChannel consistently in all transports.
* updated headers
* cleanup after final review
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Clean up of actions (now updates) prior to #2046 fix
* prevent exceptions from termincating lifecycle doStop or destroy
* Refactored ManagedSelector stop to always close endpoints
* Fixed NPE if SelectorManager is already stopped
* refactored after review
* further simplifications after review
* Wait only for oshut endpoints
* Cleanup from review
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Removed the distinction between pushed and non-pushed channels; only
non-pushed channels are released and recycled if they're not failed.
Properly resetting HttpReceiverOverHTTP2.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Issue #2081 No idle timeout exception when dispatch is delayed
* Delegate the readtimeout handling to HttpChannel so that a delayed dispatch can be ended.
* Added unit test for delayed dispatch idle
* Now using HttpInput.onIdleTimeout() to fail the HttpInput, and then dispatching the request in case it has not been dispatched yet. This ensure consistent behavior independently of the value of HttpConfiguration.delayDispatchUntilContent.
* Fixed for both HTTP/1.1 and HTTP/2.
* Added tests for non-blocking reads.
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Introduced ContentProvider.isReproducible() to detect whether the
request content can be provided more than once, and modified
ContentProvider implementation accordingly.
Modified AuthenticationProtocolHandler to not send an authenticated
request if the content is not reproducible.
Modified AuthenticationProtocolHandler to tolerate request failures.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Implemented as integer guard + timestamp.
The timestamp is not enough to guard against long times spent sending
(and/or in application callbacks during sends).
Added missing @ManagedObject annotation to AbstractConnectorHttpClientTransport.
Also exported to JMX the "multiplexed" attribute for the FCGI transport
and the "useALPN" attribute for the HTTP/2 transport.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Added HttpClientMBean, and overridden getObjectContextBasis() so that
the HttpClient name is inherited by children components such as the
HttpClientTransport, the ThreadPool, etc.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Ensure -1 fill is not appended to bytesIn counts
Don't include discarded bytes from head responses in counts
refactored gather writes in HttpConnection to be clearer and removed
redundant buffer checks
A temporary fix that uses a hueristic to limit the pool size.
Perhaps such a hueristic should be the default for the queue size of all ByteBufferPools, as infinite queue size is rarely going to be a good thing?
Also, I think all the pools need to have better javadoc, plus an upper/lower bound of the size of buffer that they will pool, as gzip will tend to ask for lots of random sized buffers to put the expanded data into, some could be very
large and unlikely to be reused.
Introduced ConnectionPool.Factory and HttpClientTransport.connectionPoolFactory.
This allows applications to create a ConnectionPool given the HttpDestination.
Since requests cannot be connection delimited, don't call
sslEngine.closeInbound() on the server.
On the client, added a configuration parameter to allow missing
TLS Close Message, since many servers do that.
Introduced SslConnection.allowMissingCloseMessage so that it
throws in case of truncation attacks.
+ Changing from @Test(expect=<exception>) to
@Rule ExpectedException for ...
* no exception occuring when one is expected is a test failure
* wrong exception is a test failure
* wrong cause is a test failure
When a fill() triggered by a flush() throws, now the write flusher is
failed rather than completed.
This ensures that both the read and the write side see the same
exception, rather than the write side seeing a ClosedChannelException.
Added early check for null host when creating requests in HttpClient.
Added test for incorrect IDN redirect.
Signed-off-by: Konstantin Gribov <grossws@gmail.com>
Reviewed-by: Simone Bordet <simone.bordet@gmail.com>
Improved to the toString and dump output of connections, endpoints and channel to assist with debugging
made the SSL callbacks and runnables Invocable to avoid thread starvation.
Reduce the transformations needed on header fields, so they can be more often
set directly and no need to split and recombine.
The Content-Length field is added IF it is needed for framing or if it was explicitly set
The Transfer-Encoding: chunk field is used only as a hint that there is content.
Connection fields are used as is, but are checked for close and keep-alive
* Issue #382 Request compression
Added identity HttpInput.Interceptor
Moved GZIPContentDecoder to jetty-http
Reworking interceptor and GZIPContentDecoder to avoid data copies
Completed and tested GZIPContentDecoder
Implemented GzipHttpInputInterceptor
updated GzipHandler.java
updated gzip module
use common GZIP decoder
Gzip Bomb
handle read() after empty interception
Introduced overridable ContinueProtocolHandler.onContinue(), and
making sure that proxy servlets use a ContinueProtocolHandler
subclass to intercept 100 Continue responses from the server, so that
they can relay it properly to the client.
Make HttpClient#copyRequest to copy custom headers with the same values.
When original request contains some custom header, say `X-Custom`, than
HttpHeader object within a HttpField will be `null`. In such case
`newRequest.getHeaders().contains(field.getName(), value)` check returns
true when there are 2 and more custom headers with the same value. As a result
not all the custom headers are being copied to the new request.
Signed-off-by: Andriy Rosa <andriyrosa@gmail.com>
Using https scheme in CONNECT request if the proxy is secure.
A Proxy must not match its own address.
Resolved correctly request URI in case of CONNECT requests.
The fix for https://bugs.eclipse.org/bugs/show_bug.cgi?id=484446
reimplemented InputStreamResponseListener using callbacks rather than
blocking waits.
However, HTTP/2 behaves a little differently than HTTP/1.
Where in HTTP/1 until the callback was completed no further calls to
onContent() were made, with HTTP/2 additional calls are made until
the flow control window is exhausted.
For this reason InputStreamResponseListener must queue content chunks
rather than dealing only with one chunk at a time.
Introduced ClientConnectionFactory.customize() to look for
Connection.Listener beans.
ClientConnectionFactory implementation calls customize() when they
create a Connection instance, so the Connection.Listener beans are
registered onto the Connection.
Introduced class SslHandshakeListener that can be registered as a
bean in both the ServerConnector and in clients such as HttpClient
and HTTP2Client.
When creating SslConnection instances, the factory will query the
connector (client or server) for SslHandshakeListener beans and, if
present, will be added to the SslConnection.