Commit Graph

1384 Commits

Author SHA1 Message Date
Greg Wilkins 4916377686
PathMappings optimizations (#9055)
* Avoid iterations if only ServletPathSpec instances
* Avoid tests for empty mappings.
* Better reset implementation
* More test coverage
2022-12-20 11:08:40 +11:00
Joakim Erdfelt 793bee9e14
Issue #8716 - Handle bad host/authority headers better (#8717)
* Issue #8716 - Handle bad host/authority headers better
* Remove extra `Host` header in testcase that doesn't deal with bad Host headers
* Create URIUtil.isRegName
* Correcting HostPortTest.testValidAuthority
* Correcting RequestTest.testInvalidHostHeader
* Remove clonable, set to final

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2022-11-08 18:08:20 -06:00
Joakim Erdfelt 3faa2fcd16
Issue #8628 - pseudo restore PathMappings.getMatch(String)
+ This returns a MappedResource, but not
  the stored instance, but a new instance
  of MappedResource every time.

+ Flagged deprecated APIs for removal
  as well

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2022-09-28 11:25:16 -05:00
Simone Bordet 77ad0189ba
Fixes #8532 - Review System.nanoTime() usages. (#8535)
* Fixes #8532 - Review System.nanoTime() usages.

Introduced o.e.j.util.NanoTime class to deal with nanoTimes.

Now NanoTime.now() should be used instead of System.nanoTime(),
and various <unit>[elapsed|since|until]() methods to calculate nanoTimes.

Furthermore, comparing 2 nanoTimes should be done via isBefore(),
rather than using the < operator, which is wrong as specified in
the System.nanoTime() javadocs.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2022-09-06 09:30:02 +02:00
Joakim Erdfelt 5fddbf9bb1
Issue #8184 - Correcting match logic for multiple servlet suffix url-pattern (#8185)
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2022-06-21 15:24:39 -05:00
Joakim Erdfelt 1b4f941942
RegexPathSpec documentation and MatchedPath improvements (#8163)
* More documentation

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2022-06-16 13:53:04 -05:00
Joakim Erdfelt d63569d025
Migrate code from jetty-util Logger to slf4j Logger (#8162)
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2022-06-15 20:01:48 +02:00
Joakim Erdfelt 8de55150fe
Cherry-pick of Improvements to PathSpec for Jetty 10.0.x (#8136)
* Cherry-pick of Improvements to PathSpec.
* From commit: 5b4d1dd1c6
* Fixing ConstraintSecurityHandler usage of PathMappings
* Fixing bad INCLUDE logic from cherry-pick in ServletHandler.doScope()
* Cleanup of non ServletPathSpec behaviors in ServletPathMapping class
* Skip optional group name/info lookup if regex fails.
* Prevent NPE on static servletPathMappings
* Update WebSocketMappings to use new PathMappings.getMatched(String)

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2022-06-08 12:36:30 -05:00
Greg Wilkins 7a1c165677
Implement #8057 103 Early Hint (#8058)
Co-authored-by: Ludovic Orban <lorban@bitronix.be>
Co-authored-by: Simone Bordet <simone.bordet@gmail.com>
2022-06-01 11:56:54 +10:00
Simone Bordet d1e64f4693
Fixes #8014 - Review HttpRequest URI construction. (#8015)
Fixes #8014 - Review HttpRequest URI construction.

Now always adding a "/" before the path, if not already present.
Disabled flakey HTTP/3 test.
Parse CONNECT URIs as Authority

Co-authored-by: Greg Wilkins <gregw@webtide.com>
2022-05-26 18:13:17 +10:00
Greg Wilkins e12d5d58b6
Jetty 10 7918 root pathspec (#7920)
Fix #7918 Root path spec
Handle root pathspec in PathMappings.asPathSpec
Introduce protected asPathSpec to allow for extensibility

Signed-off-by: Greg Wilkins <gregw@webtide.com>
2022-04-26 19:04:17 +02:00
Greg Wilkins 5fc63bf8e8
Issue #7748 - Merge PathSpec improvements made in 9.4.x (#7845)
* Fixes to backport of #7748

+ Backport of #7748
+ Fix RegexPathSpec pathInfo
+ Fix UriTemplatePathSpec pathInfo
+ Test regression option to 93 behaviour

* small optimization

Signed-off-by: Greg Wilkins <gregw@webtide.com>
2022-04-06 11:14:52 +02:00
Jaroslaw Rzeszotko a35719367b
Issue #7683 - Use direct buffers for gzip input/output, if configured.
Use direct buffers for gzip input/output, if configured.
Code cleanups.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2022-03-24 17:59:49 +01:00
Joakim Erdfelt cb127793e5
Happy New Year 2022 (#7459)
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2022-01-27 10:42:30 -06:00
mszabo-wikia fd2407c72f
Clarify that requestHeaderSize is a cumulative limit (#7417)
* Clarify that requestHeaderSize is a cumulative limit

HttpConfiguration documents the requestHeaderSize configuration option
as being a limit on the size of a single request header, but it is in
fact a limit on the cumulative size of all request headers as well as
the request URI. This patch updates the documentation accordingly, and
adds test cases for the HTTP/1.x and HTTP/2 parsers to verify the
behavior.

NB.: the HTTP/3 parser and configuration seem to correctly document this
option as being a global limit on header size.

* Improve requestHeaderSize tests and documentation per review

Signed-off-by: Máté Szabó <mszabo@wikia-inc.com>
2022-01-19 11:56:27 -06:00
Simone Bordet 3042f2b2bf
Fixes #7348 - Slow CONNECT request causes NPE (#7349) (#7352)
* Fixes #7348 - Slow CONNECT request causes NPE (#7349)

Added NPE guard in `HttpReceiverOverHTTP.onUpgradeFrom()`.
Expanded logic in `HttpReceiverOverHTTP.parse()` to return true in case of CONNECT + 200.

Fixed `ProxyConnection.toConnectionString()` to avoid NPEs.

Fixed `HttpClientTest.testCONNECTWithHTTP10()` logic
after changes to fix this issue.

Now a tunneled connection is not put back into the connection pool,
and if applications explicitly want to use it, they must re-enable
fill interest, similarly to what should be done after upgrade+101.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
(cherry picked from commit 5eb7b70df7)
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2022-01-06 11:08:12 +01:00
Simone Bordet 578ae30311 Issue #6728 - QUIC and HTTP/3
Added http3 Jetty module and distribution test.
Implemented simple logic to send the Alt-Svc header in HTTP/2 responses.
Updated JNA dependency to use jna-jpms.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2021-12-20 09:33:38 +01:00
Lachlan Roberts a95fe3bfb8 Improvements & bug fixes from testing
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2021-12-20 09:33:38 +01:00
Lachlan Roberts 3a6a3e094d Use MetaData instead of HttpFields for QPACK
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2021-12-20 09:33:38 +01:00
Lachlan Roberts da50072cc8 The QpackEncoder should be able to use PreEncodedHttpFields.
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2021-12-20 09:33:38 +01:00
Lachlan Roberts bdf44b8e22 Work through examples B.1. and B.2. from spec and fix bugs.
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2021-12-20 09:33:38 +01:00
Lachlan Roberts 7abb1e62f2 Issue #7160- Add AMBIGUOUS_PATH_ENCODING to default UriCompliance mode.
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2021-11-30 16:51:58 +11:00
Lachlan Roberts 866f4517db Improve #4275 ambiguous URIs (#6939)
* Improve #4275 ambiguous URIs

A URI like `/foo/%2e%2e;/bar` should be ambiguous both because of the encoded dots and because of the parameters.  This means that the default setting of jetty-9 is a bit more secure as this path is considered ambiguous if either Violation.SEGMENT or Violation.PARAM is set.

Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2021-10-12 18:22:12 +11:00
Simone Bordet 0412bdc3d9 Fixes #6938 - module-info.java file do not use the canonical order for the elements
Changed order of entries in module-info.java to be canonical

(cherry picked from commit 02691171d5)
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2021-10-01 09:25:55 +02:00
Lachlan 0a78b9845d
Merge pull request #6657 from eclipse/jetty-10.0.x-6642-WebSocketConnectionHeaders
Issue #6642 - WebSocket handling of Connection: upgrade,close.
2021-08-31 14:25:47 +10:00
Lachlan Roberts 949aa6c342 Issue #6642 - move shutdown logic into HttpChannelOverHTTP and HttpConnection
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2021-08-27 11:53:54 +10:00
Lachlan Roberts fa316fc20d Issue #6642 - never shutdown output after generating a request.
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2021-08-26 13:09:36 +10:00
Lachlan Roberts cb9a8d4060 Issue #6642 - change HttpGenerator state to END before returning
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2021-08-25 11:27:56 +10:00
Lachlan Roberts f7d9d8fcf8 Issue #6642 - prevent connection close after websocket upgrade
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2021-08-24 19:39:34 +10:00
Joakim Erdfelt 5dcc14b114
Merge pull request #6551 from eclipse/jetty-10.0.x-6545-refresh-mimetypes
Issue #6545 - Add more mime-types
2021-07-28 05:47:36 -05:00
Ludovic Orban bd11d6f682 #6491 add defensive check and introduce HttpParser.isTerminated()
Signed-off-by: Ludovic Orban <lorban@bitronix.be>
2021-07-28 10:14:19 +02:00
Joakim Erdfelt 8971ea991f
Issue #6545 - Add more mime-types
+ Adding webp + avif + apng based on current
  `Accept` header offerings from current browsers.

Firefox 90.0
`Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8`

Chrome 92.0.4515.107
`Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9`

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2021-07-27 11:48:39 -05:00
Greg Wilkins 8945a58ffc
Reduce header cache memory usage on non persistent requests (#6494)
Delay creating a header cache until a second request on a parser.
Refactored cache code into subclass

Signed-off-by: Greg Wilkins <gregw@webtide.com>
2021-07-07 12:51:06 +10:00
Lachlan 259f9af9c9
Merge pull request #6490 from eclipse/jetty-10.0.x-6489-UriCompliance
Issue #6489 - fix RFC3986_UNAMBIGUOUS and UNSAFE UriCompliance modes.
2021-07-06 15:58:51 +10:00
Lachlan Roberts 76ab749aca Issue #6489 - fix RFC3986_UNAMBIGUOUS and UNSAFE UriCompliance modes.
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2021-07-01 17:52:07 +10:00
Lachlan Roberts b82b46243d Issue #6489 - fix RFC3986_UNAMBIGUOUS and UNSAFE UriCompliance modes.
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2021-07-01 17:27:17 +10:00
Lachlan 3c32afa05c
Issue #6473 - canonicalPath refactor & fix alias check in PathResource (Jetty-10) (#6478)
Issue #6473 - canonicalPath refactor & fix alias check in PathResource

* Reverted %-escape handling for URI query parts.
* Performing canonicalization in ServletContext.getResource(),
  and improving alias checking in ContextHandler.getResource().
* Performing canonicalization checks in Resource.addPath() to avoid
  navigation above of the root.
* Test added and fixed.
* Various cleanups.
* Improved javadoc and comments
* Compliance mode HttpURI uses UriCompliance.Violation

Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Co-authored-by: Greg Wilkins <gregw@webtide.com>
2021-06-29 15:42:39 +02:00
Lachlan bc0fbbb5c1
Revert logic in Request.setMetaData, clear emptySegment on HttpUri.clear() (#6468)
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
Manually merged as ECA checks are broken
2021-06-24 17:18:49 +10:00
Greg Wilkins 4673846635
Compliance modes documentation (#6312)
Added doco on compliance modes

Signed-off-by: Greg Wilkins <gregw@webtide.com>
Co-authored-by: Simone Bordet <simone.bordet@gmail.com>
2021-06-24 15:20:05 +10:00
Lachlan d233f3be02
Issue #6447 - Deprecate support for UTF16 encoding in URIs (#6457)
Deprecate support for UTF16 encoding in URIs.
Add compliance mode to allow UTF16 encodings.
Improve testing.
2021-06-23 22:58:49 +10:00
Lachlan b4d7e5117d
Issue #6302 - Treat empty path segments as ambiguous. (#6304)
Issue #6302 - Treat empty path segments are ambiguous.

* Fix false empty segments being reported.
* Add HttpUriTests for the empty segment as ambiguous

Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
Co-authored-by: Greg Wilkins <gregw@webtide.com>
2021-06-10 15:12:59 +02:00
Lachlan f58dbedcd0
Fixes #6263 - Review URI encoding in ConcatServlet & WelcomeFilter.
Review URI encoding in ConcatServlet & WelcomeFilter and improve testing.

Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Co-authored-by: Simone Bordet <simone.bordet@gmail.com>
2021-05-12 17:14:43 +02:00
Lachlan 4c98990cd9
Create FileBufferedResponseHandler to buffer responses into a file. (#6010)
FileBufferedResponseHandler adds an HttpOutput.Interceptor to buffer all responses into a file until the output is closed. This allows the commit to be delayed until the response is complete and thus headers and response status can be changed while writing the body.

Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2021-04-19 11:02:44 +10:00
Greg Wilkins b56edf511a
UriCompliance mode improvements #6132 (#6137)
Resolve #6132

Improve configuration of ambiguous URI handling.
Added NON_CANONICAL_AMBIGUOUS_PATHS
2021-04-08 12:03:30 +10:00
Guilherme Amaral e3c87fc2af
Changed exception check by JUnit API usage (#6133) 2021-04-06 08:51:50 +10:00
Greg Wilkins 06e1a7e88d
URI compliance modes for #6001 (#6006)
* Fix #4275 separate compliance modes for ambiguous URI segments and separators

default modes allows both ambiguous separators and segments, but still forbids ambiguous parameters

Co-authored-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2021-03-02 11:59:16 +01:00
gregw c4dbf9748e Merge remote-tracking branch 'origin/jetty-9.4.x' into jetty-10.0.x
Signed-off-by: gregw <gregw@webtide.com>
2021-02-24 11:58:55 +01:00
Greg Wilkins 49e73dfb75
Fix #4275 #6001 separate compliance modes for ambiguous URI segments and se… (#6003)
Fix #4275 separate compliance modes for ambiguous URI segments and separators
2021-02-24 10:05:05 +01:00
Joakim Erdfelt fa6c617069
Fixing checkstyle warning
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2021-02-23 16:28:09 -06:00
gregw bc3e1dc94e Merge remote-tracking branch 'origin/jetty-9.4.x' into jetty-10.0.x
Signed-off-by: gregw <gregw@webtide.com>
2021-02-23 20:06:30 +01:00