* Fixes#5379 - Better handling for wrong SNI.
Reworked the SNI logic.
Added support for IP addresses in the SAN extension of certificates in the X509 class.
Fixed keystores to have CN=localhost and SAN with ip=127.0.0.1 and ip=[::1].
Fixed tests that were not using the correct Host header.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Issue #5357 - Updating to https://eclipse.org/
- Removing redundant <url> refs in pom.xml
- Correcting bad indenting from merge
- Correcting mailing list references
- Correcting bugs.eclipse.org references
- Correcting text file references
- Correcting html references
- Correcting further references
- Correcting download.eclipse.org reference
- Adding test for demo-base /proxy/current/
- Ensuring jetty-client is included in javadoc-proxy.war/WEB-INF/lib
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
* Speculative idea to make a pluggable Pool strategy
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Speculative idea to make a pluggable Pool strategy
+ javadoc
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Speculative idea to make a pluggable Pool strategy
+ Added a ThreadLocalStrategy for a single cached item
+ Tell strategies about newly reserved entries
+ Fixed multiplexing test that was dependent on the impl of the cache
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Speculative idea to make a pluggable Pool strategy
+ added tests
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Feedback from review
+ Don't have a fallback iteration, instead make a SearchStrategy and DualStrategy
* Feedback from review
+ split strategies into Cache and Strategies
* Feedback from review
+ Added reserve and release
* Improved Pool Strategies:
+ reverted to post notifications for removed, reserved and released.
+ Added a few more strategies that need to be benchmarked, that use the list iterator.
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Testing all the different strategies
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* More simplifications and made LRU work (ish)
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* javadoc
* More javadoc
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* JMH Test
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* one strategy
Signed-off-by: gregw <gregw@webtide.com>
* test
Signed-off-by: gregw <gregw@webtide.com>
* Split implementations:
+ pluggable strategies
+ hard coded
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* More benchmarks
* Built in strategy
* removed strategies version and simplified to single configurable solution.
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* updates from review
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* better javadoc
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Updated ConnectionPool classes to use Pool strategies
* Small javadocs fixes.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Updates from review
* javadoc
Co-authored-by: Simone Bordet <simone.bordet@gmail.com>
* Issue #5162 CDI embedded integration improvements
Clean up CDI integration and documentation to better support embedded usage.
+ made listener public
+ added utility class for SCIs
* Issue #5162 CDI embedded integration improvements
Clean up CDI integration and documentation to better support embedded usage.
+ moved EmbeddedWeldTest to jetty-embedded
* fix javadoc
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #5162 CDI embedded integration improvements
ventilated text
* fix test pom
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Fixed javadoc
* Fixed javadoc
* Issue #5162 CDI embedded integration improvements
Moved tests to jetty-cdi to avoid consequences to other tests in embedded
* trailing new line
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* updates from review
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Feedback from review
Introduced SslContextFactory.Server.aliasMapper, a function
that transforms the alias.
This function is invoked by the SNI logic to unmangle the
alias leaked by the TLS implementation due to bug
https://bugs.openjdk.java.net/browse/JDK-8246262.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Issue #5095 XmlConfiguration Parser Pool
Use a pool of parsers rather than a shared static
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Some updates to the new Pool class:
+ fixed a race with pending reservations
+ use a pending counter
+ Reservation API to simplify Entry API
+ removed public methods on Entry API
* Some updates to the new Pool class:
+ fixed a race with pending reservations
+ use a pending counter
+ Reservation API to simplify Entry API
+ removed public methods on Entry API
* Updates from review
* Updates from review
Tests for cache size and acquire with creator
* Method no longer required with Reservation
* update from the feedback on the feedback of the feedback from the review.
Moved enable to Entry, removed Reservation class and clarified usage in javadoc
* Issue #5095 XmlConfiguration locking Use pool instead of static shared instance
* removed fake test
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #5095 XmlConfiguration locking Use pool instead of static shared instance
updates from review
Improved Pool.reserve(int) logic to take into account the
fact that an entry can accommodate maxMultiplex acquires.
This reduces connection openings for HTTP/2 in case of
spikes of requests.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
+ Reverting name ResourceFactory.newResource(String)
to .getResource(String)
+ Reintroducing Resource.getResource(String)
+ ResourceHandler.getResource(String) cleaned up
in light of Exception handling requirement
+ Resource.addPath(String) implementations can
never return null now
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
+ Now parsed by WebAppContext into List<Resource>
+ Reintroduced Resource.fromList
+ Refactored ResourceFactory to never return null
and always throw an exception if unable to
get/create/resolve the Resource
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Implemented as part of #4975.
Added a test case that proves that the connection is closed
when the max usage count is reached.
Improved logging.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Some updates to the new Pool class:
+ fixed a race with pending reservations
+ use a pending counter
+ Reservation API to simplify Entry API
+ removed public methods on Entry API
* Some updates to the new Pool class:
+ fixed a race with pending reservations
+ use a pending counter
+ Reservation API to simplify Entry API
+ removed public methods on Entry API
* Updates from review
* Updates from review
Tests for cache size and acquire with creator
* Method no longer required with Reservation
* update from the feedback on the feedback of the feedback from the review.
Moved enable to Entry, removed Reservation class and clarified usage in javadoc
* Issue #5095 XmlConfiguration locking Use pool instead of static shared instance
fixed javadoc
* Issue #5095 XmlConfiguration locking Use pool instead of static shared instance
fixed javadoc
* Issue #5095 XmlConfiguration locking Use pool instead of static shared instance
fixed javadoc
* Issue #5095 XmlConfiguration locking Use pool instead of static shared instance
updates from review
+ Introduce new Resource.fromReferences to help with
parsing delimited resource reference lists.
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
+ More tests for both relative and absolute path references
+ More testing that will trigger quirks on Windows builds
so that we can catch regressions faster
+ Reworked WebInfConfiguration to be glob aware in a way
similar to how WebAppClassLoader behaves.
+ Reworked Resource.newResource(String) to delegate
canonical path resolution to PathResource
+ Guarded PathResource's usage of Path.toAbsolutePath()
to ignore valid conditions where the Path cannot be
resolved to an absolute path (yet)
+ Normalize resolved paths in PathResource
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
On the client:
* Origin.Address.host is passed through HostPort.normalizeHost(),
so that if it is IPv6 is bracketed.
Now the ipv6 address passed to an `HttClient` request is bracketed.
* HttpRequest was de-bracketing the host, but now it does not anymore.
On the server:
* Request.getLocalAddr(), getLocalName(), getRemoteAddr(),
getRemoteHost(), getServerName(), when dealing with an IPv6 address,
return it bracketed.
The reason to return bracketed IPv6 also from *Addr() methods is that
if it is used with InetAddress/InetSocketAddress it still works, but
often it is interpreted as a URI host so brackets are necessary.
* DoSFilter was blindly bracketing - now it does not.
Added a number of test cases, and fixed those that expected
non-bracketed IPv6.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Issue #5088 Review ContextHandler locking
The locking was primarily as a memory guard for the availability status, which was already volatile.
Have instead using an AtomicReference with a simple state machine layered on top of start/stop lifecycle.
There was also protection for AttributesMap, which is no longer needed as AttributesMap is now concurrent.
* Issue #5088
updates from review
* Issue #5088
updates from review (better this time)
* Issue #5093 Static UrlEncoded
Updated UrlEncoded to static only class with no synchronization
* Fixed additional tests
* fixed formatting
Signed-off-by: gregw <gregw@webtide.com>
* Replaced relevant usages of synchronized with AutoLock.
* Made AutoLock serializable since classes that use it may be stored in the HttpSession.
* Added convenience methods to AutoLock to execute lambdas with the lock held.
* Introduced AutoLock.WithCondition to use a Lock and a Condition together.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Issue #4741 HttpServletMapping
This completes the refactoring started in #4851, using
the HttpServletMapping field to avoid having the servletPath field
in the Request and instead have a pathInContext field.
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #4741 HttpServletMapping
reverted ResourceService changes
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #4741 HttpServletMapping
fixed gzip handler
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #4741 HttpServletMapping
Fixed several TODOs left in the code
removed _contextPath field and used an attributes lookup for include
replaced setContextPaths with setContext
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #4741 HttpServletMapping
Used the same pattern from the contextPath changes for servletPath and pathInfo. Now the servletPathMapping is always set on the request and only if the dispatch is an include do the effected methods look deeper for the source values.
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #4741 HttpServletMapping
Improved javadoc
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* remove slow mongo maven plugin which was forking an external process and now run mongodb in a container so we can even now test with different version using -Dmongo.docker.version
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
* Spun out from #4814 Improve Attributes Handling
Improve attribute handling to reduce garbage and improve lookup.
Introduced a Wrapper so that request can remove any layers on reset.
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #4814 - Exposing AttributeMap.getAttributeNameSet() on Attributes.
The underlying AttributesMap already has a .getAttributeNameSet()
method, expose it on the Attributes interface.
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
* Allow a set to override a secure attribute.
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #4814 - Attributes.getAttributeNames() is now defaulted
The Attributes.getAttributeNames() will use the
.getAttributeNameSet() by default now.
Updated all Attributes.Wrapper impls to use this new behavior
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Co-authored-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
If SNI is required, wrap the KeyManagers with SniX509ExtendedKeyManager.
Updated the main keystore file to only have one certificate (instead of two),
since there never was the need for two certificates in the tests.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>