* Issue #11567 - fix relative path for resourceBase set in DefaultServlet
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
* Remove the ResourceFactory adaption from between baseResource and a HttpContent.Factory
* Remove toURI usage
* ensure ee9 DefaultServlet encodes the pathInContext
* Moved toURI functionality to ResourceFactory
* use context baseResource if baseResource not set
* removed usages of URIUtil.split
* fixed javadoc
* updates from review
* updates from review
* updates from review
* updates from review
* fixed resource leak in test
* fixed resource leak in test
* updates from review
* Fixes to URIUtil for Windows (#11585)
* Fixes for Windows
* Remove test that is not needed
* inlined resolveOrNew
---------
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
Co-authored-by: Lachlan Roberts <lachlan@webtide.com>
Co-authored-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Refactorings to rationalize and simplify how we do IO with resources internally by introducing the IOResources helper.
Signed-off-by: Ludovic Orban <lorban@bitronix.be>
* Introduced ThreadIdPool and replaced ThreadLocal with it
* Modified ReservedThreadExecutor to be backed by a ThreadIdPool of semaphores
Signed-off-by: Ludovic Orban <lorban@bitronix.be>
Co-authored-by: Simone Bordet <simone.bordet@gmail.com>
Co-authored-by: gregw <gregw@webtide.com>
Co-authored-by: Ludovic Orban <lorban@bitronix.be>
* Issue #11387: Reintroduce MultiPartCompliance.LEGACY in ee9/ee8
* Correcting javadoc
* Updating MultiPartCaptureTest to ...
* Test with MultiPartFormData.Parser and MultiPart.Parser
* Enable all test cases
* base64 behaviors modified to not auto-decode base64 content
* forms submitted without `_charset_` part (some using a different
charset than UTF-8, like `Shift_JIS`)
* Fixing checkstyle warning
* Re-enable Part-ContainsContents expectations
* Rename MultiPartCompliance.NO_CRLF_AFTER_PREAMBLE to WHITESPACE_BEFORE_BOUNDARY to fit spec better
* Make ee9/ee8 legacy parser use legacy tokenization
* Testing ee9/ee8 legacy parser base64 auto-decoding behaviors
* Cleanup jetty-test-multipart class naming
* Adding ee10 tests against raw multipart examples
* Adding shorter whitespace multipart test
* Adding jetty-core version of failing ee10 tests
* Fixed missed notification for CR content in case of 1 chunk ending with CR and the next chunk ending with LF.
* Removed internal unused class MultiPartParser.
* Adding MultiPartCompliance.Violation events
+ in MultiPart.Parser
+ in MultiPartFormData.Parser
* lenient mode behavior
* new name fits violation better
+ adding violation to MultiPart.Parser.parseHeaderStart
* some simple cleanup of new ee9 code
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Co-authored-by: Simone Bordet <simone.bordet@gmail.com>
* Issue #11414 - use HttpURI instead of URIUtil to have a single point of spec behavior
* Issue #11414 - enforce lowercase scheme in HttpConfiguration.secureScheme
* Issue #11414 - Scheme produced on `Location` header is lowercase
* Issue #11414 - Scheme to lowercase
* Issue #11414 - Scheme to lowercase
* Revert change to HttpClient
* Added schema port knowledge to URIUtil
* Fixed tests for normalized URIs
* updates from review
* updates from review
* Fix tests
* Restored methods as deprecated
* More testing
---------
Co-authored-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
+ Introduce new events on `ComplianceViolation.Listener`
+ Introduce new `ComplianceViolation.Listener.initialize()` to allow for a new Listener at the appropriate time (to support per-request listeners)
+ Introduce new `ComplianceViolation.CapturingListener`
+ Introduce new `HttpConfiguration.(add/remove/get)ComplianceViolationListener()` methods.
+ Deprecate/Remove handling of `recordComplianceViolations` in `HttpConnection` and `HttpConnectionFactory` classes.
+ Produce warnings if use of `ComplianceViolation.Listener` as beans is still present.
+ Add `ComplianceViolation.Listener` support to `UriCompliance` locations.
+ Add `ComplianceViolation.Listener` support to `MultiPartCompliance` locations.
+ Add `ComplianceViolation.Listener` support to `CookieCompliance` locations.
+ Add `ComplianceViolation.Listener` support to `HttpCompliance` locations in HTTP/2 and HTTP/3
---------
Co-authored-by: gregw <gregw@webtide.com>
* Call ServletChannelState.asyncFailure from error listener. Fix#10933
* Separate invokers for read side and write side
* document async error issues
* updates from review
* updates from review
Removed duplicate handling from servlet. Now only handled in core in HttpChannelState and protected it from concurrent writes.
Added additional tests.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Co-authored-by: Simone Bordet <simone.bordet@gmail.com>
* Various cleanups of Handler.insertHandler
* Added missing call to relinkHandlers() in setHandler() after calling super.
* Moved call to relinkHandlers() in insertHandler(), as the various setSession|Security|ServletHandler() already call relinkHandlers().
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
---------
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Co-authored-by: Simone Bordet <simone.bordet@gmail.com>
The local/remote SocketAddress is cached within the ConnectionMetaData or Connection instance, so that any changes are not visible during the request lifetime.
Ensure that all server Connection types respect HttpConfiguration#getLocalAddress and that it is not implemented only in servlet layer
Avoid DNS resolution.
---------
Co-authored-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Improve handling of SSL metadata in ConnectionMetaData, proxied connections and forwarded requests
+ Added an Attributes.Synthetic mechanism to better (and mor commonly) handle additional attributes, whilst meeting the new TCK requirement that they can be deleted or replaced.
+ Made SslSessionData a reusable type provided by EndPoint
+ Added the EndPoint.Securable subtype that can provide a SslSessionData instance for secure EndPoints
+ Updated ForwardedRequestCustomizer, SecureRequestCustomizer to understand Securable and SslSessionData
+ Javadocs improvements.
+ Removed unnecessary attribute constants in SecureRequestCustomizer.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
---------
Signed-off-by: Olivier Lamy <olamy@apache.org>
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Co-authored-by: Olivier Lamy <olamy@apache.org>
Co-authored-by: Simone Bordet <simone.bordet@gmail.com>
Recycle ServletChannel in ServletContextHandler rather than in ServletHandler, so that completion events on servlet API request/response can be handled.
* Send attributes as Map<String,String>
* JMX-annotated ErrorHandler, fixed usage of showMessageInTitle and removed showServlet.
* JMX-annotated Request.Handler.
* Added JMX test module to test improvements to JMX.
Co-authored-by: Simone Bordet <simone.bordet@gmail.com>
Web functions are currently supported with servlets. These changes add/move utility classes to core to better support direct usage of core APIs
* increase usage of Charset in request
* Added flush mechanism to BufferedContentSink
* Issue #10466 review session documentation.
Also fix session config context init param names and add missing code to
configure SessionHandler via context init params, and added test for
config.
Introduce `Utf8CharacterCodingException` and `Utf8IllegalArgumentException` as a substitutes for the removed `Utf8Appendable.NotUtf8Exception`.
* Updates from review
Improved parsing of JSESSIONID cookies and jsessionid parameters.
Better handling of invalid and duplicate session IDs
Co-authored-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Co-authored-by: Jan Bartel <janb@webtide.com>
* Added SetCookieParser interface and RFC6265SetCookieParser implementation to properly parse Set-Cookie values.
* Removed hacky implementation in HttpClient.
* Removed unused methods in HttpCookieUtils.
* Using SetCookieParser for the implementation of newPushBuilder in ee9,ee10.
* Reworked HttpCookieStore.Default implementation.
* Implemented properly cookie path resolution.
* Using URI.getRawPath() to resolve cookie paths.
* Removed secure vs. non-secure scheme distinction when storing cookies.
* Refactored common code in HttpCookieStore.Default to avoid duplications.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Use the core response HttpFields directly as the ee9 response headers to avoid copy and retain persistent field behaviour.
Fix#10416 EE9 Response headers
Added EE9 test to show that Persistent fields can be modified
Updated fix for #10339 so that persistent fields revert to original values after a clear operation
* Added javadocs where missing and updated existing in both HttpFields and HttpField.
* Removed HttpFields.takeAsImmutable() because it had a confusing semantic.
* Deprecated HttpFields.[Mutable|Immutable]HttpFields and moved their implementation to top level package private classes.
* Deprecated HttpField.valueParameters(), as there is an identical getValueParameters()
* Fixed inconsistencies of HttpField.value, where in most cases could not be null, but in one case was allowed; now it can never be null.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Improve Jetty 12 DefaultServlet
+ don't wrap the httpServletRequest unless necessary due to wrapping
+ don't wrap the httpServletResponse unless necessary due to wrapping
+ send content asynchronously if large and unfiltered
+ Remove unused boolean return from ServletChannel.handle
+ added TODOs where range request handling could calculate content length
+ Call multipartlength, even though it is always -1
+ Use static for bytes written
remove lambdas for clarity
TODO Non-blocking error dispatch
TODO isHandled does not exist
TODO checkAndPrepareUpgrade and implement servlet upgrade?
remove unused variables
review javadoc (including any warnings)
review any compiler or findbug warnings (if any)
---------
Signed-off-by: gregw <gregw@webtide.com>
* Fix#10229 Idle Timeout
Added test to reproduce
Fixed NPE if no failure listener
Possible
Added test that idle works between requests
EE9 idle timeout
idle if read operation
Handle idleTimeout for IO operations differently
improve comments
fixed test to not expect timeout listener to be called if there is demand
Idle timeouts for IO operations are not last.
Disable transient idle timeouts since AsyncContentProducer cannot handle them.
revert test to persistent idle failures
* Various cleanups of StringUtil and TypeUtil
Removed deprecated and unused methods
Moved charset handling to MimeTypes
resolve IDE warnings
* updates from review
* Issue #10084 - Directory entries on return of getResourcePaths(String) should include trailing slash
* Issue #10084 - Fixing test case order of entries in collection expectation
* Issue #10084 - Implementing fix for ee9
* Issue #10084 - Fixing bug in ServletContext.getRealPath() impl
* Issue #10084 - Fixing tests in ee9 to make them compatible with ee8 conversion
* Bring Resource.getFileName in alignment with other JVM methods of the same name. (eg: Path.getFileName)
* Remove usage of instanceof Content.Chunk.Error
* Updated AsyncContent to accept a transient failures
* Updated AsyncContent to accept a transient failure with inputstream
This PR refactors the ee10 handing of servlet API request and response objects:
+ The ServletContextHandler matches the request to a servlet and creates a one time only ServletContextRequest and a ServletContextResponse
+ A reusable ServletChannel object with all the heavy weight HttpInput and HttpOutput object is associated with the ServletContextRequest and ServletContextResponse.
+ Once the handling reaches the ServletHandler, the possibly wrapped request, response and callback are associated with the ServletChannel before handling.
+ Were possible the ServletApiRequest and ServletApiResponse use the possibly wrapped request/response
Added tests to check that GzipHandler can now be nested inside of an EE10 context.
---------
Signed-off-by: Ludovic Orban <lorban@bitronix.be>
Signed-off-by: gregw <gregw@webtide.com>
Co-authored-by: Ludovic Orban <lorban@bitronix.be>
* IdleTimeout review
+ pass TimeoutException through all APIs
+ HttpConnection now passes on TimeoutException to HttpChannel.onFailure
* More ServerTests for idletimeout
* Recreated a ServerTimeoutsTest for multiple transports
* more robust tests
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* merged work from @sbordet and @gregw
* Various improvements to CyclicTimeouts.
* Improved reset of the earliest timeout before iteration.
* Removed check for getExpireNanoTime() == -1, since it's a valid value.
* When onExpired(Expirable) returns false, the Expirable should arrange to move its timeout in the future.
* fix keystore to please BoringSSL + use correct temp path
Signed-off-by: Ludovic Orban <lorban@bitronix.be>
* Fixed ErrorResponseAndCallback succeeded() and failed() to call super.failed() in all cases to complete the wrapped callback.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Revert "Fixed ErrorResponseAndCallback succeeded() and failed() to call super.failed() in all cases to complete the wrapped callback."
This reverts commit 5ac57c13e0.
* WIP idleTimeout
* WIP idleTimeout
* Added context wrapper for idle timeout listener
* updates from review
---------
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Signed-off-by: Ludovic Orban <lorban@bitronix.be>
Co-authored-by: Simone Bordet <simone.bordet@gmail.com>
Co-authored-by: Ludovic Orban <lorban@bitronix.be>
* Resolve#8819 CustomRequestLog improvement
Resolves#8819 CustomRequestLog improvements:
+ only add extra detail if the log is a CustomRequestLog
+ add extra detail as a record
+ get authentication state directly from request attribute
* protect against null core request
* protect against null core request
* Use nanotime for logged latency
* Issue #9072 refactor jetty-ee module to remove it
* Remove old ee imports in module-info.javas
* Remove jetty-ee from deps
* Fix references to jetty-ee for osgi
* Update jetty-core/jetty-server/src/main/java/org/eclipse/jetty/server/Deployable.java
Co-authored-by: Greg Wilkins <gregw@webtide.com>
---------
Co-authored-by: Greg Wilkins <gregw@webtide.com>
* Add test to show failure
* Fix#9760 EE9 Cookies
Fix#9760 Only set path and domain if they are not blank
* Fix#9760 EE9 Cookies
Fix#9760 Only set path and domain if they are not blank
Switch on violation rather than type
* Handle legacy cookie version and comment
* Handle cookie version and comment
---------
Co-authored-by: gregw <gregw@webtide.com>