Commit Graph

2743 Commits

Author SHA1 Message Date
Joakim Erdfelt e013c24326
Merge pull request #4038 from eclipse/jetty-9.4.x-OpenId
OpenID Connect Authentication
2019-09-13 16:42:17 -05:00
Lachlan Roberts dc26739502 changes from review
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2019-09-09 16:58:36 +10:00
Simone Bordet 4e67e8594e Merged branch 'jetty-9.4.x' into 'jetty-9.4.x-3978-http2_vulnerabilities'. 2019-09-05 23:12:35 +02:00
Simone Bordet 508ad4aff9 Issue #3978 - HTTP/2 vulnerabilities.
Code cleanups and reformatting.

Fixed logic for SETTINGS frame replies: they are not subject to rate control.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2019-09-05 23:11:53 +02:00
康智冬 49ba6d1acb fix typo and grammar (#4045)
Signed-off-by: KangZhiDong <worldkzd@gmail.com>
2019-09-02 14:29:50 -04:00
Joakim Erdfelt bb7eb4bc86 Adding some comments to URIUtilTest
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-08-30 09:23:34 -05:00
Lachlan Roberts d33b96f411 add OpenId module to support OpenId Connect authentication
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2019-08-29 08:03:11 +10:00
Joakim Erdfelt 2fcb311c56 Issue #4033 - Addressing Lenient URIUtil decode behavior change in test
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-08-28 16:32:19 -05:00
Joakim Erdfelt f47115c585 Issue #4033 - More tests for Lenient URIUtil behavior
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-08-28 12:20:52 -05:00
Joakim Erdfelt 7da57151ed Issue #4033 - lenient percent decode in URIUtil
+ Allows for preserving decoded Strings like "X%YZ"

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-08-28 12:08:18 -05:00
Joakim Erdfelt b2ea6a0861 Fixing Test Parameterization
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-08-28 10:43:15 -05:00
Greg Wilkins 83463c2a23
Issue #3964 - Listener behavior cleanup (Jetty 9.4.x) (#3965)
Issue #3964
* Avoid creating listener list for rarely used requestAttributeListener
* AbstractConnector keeps a specific list of HttpChannel.Listeners
to avoid Connection.Listeners and MBean listeners being added to
the HttpChannel listener list.
* Simplified listener handling by avoiding null connector, previously
only needed for testing.
* Fixed test that assumed HttpChannel listeners were not cleared by a recycle
* Separated out durable vs cyclic HttpChannel.Listeners, so as to
simplify handling.
* Deprecated cyclic HttpChannel.Listeners, as I'm not sure the channel is
the right place for them.
* Added improved method to combine multiple HttpChannel Listeners
into a single Listener.
* Fixed MockConnector
* Added benchmark
* Improved benchmark
* Updates from review
* Removed benchmark and alternate implementations.
* Updated javadoc
* Updates from review

Signed-off-by: Greg Wilkins <gregw@webtide.com>
2019-08-27 17:38:20 +10:00
Greg Wilkins d216792d23 Made test not fail in symlinked directory
Signed-off-by: Greg Wilkins <gregw@webtide.com>
2019-08-27 13:01:34 +10:00
Greg Wilkins bde86467f4
Issue #3806 - Make Async sendError fully Async (#3912)
* Issue #3806 async sendError

Avoid using isHandled as a test withing sendError as this can be
called asynchronously and is in a race with the normal dispatch of the
request, which could also be setting handled status.

The ErrorHandler was dispatching directly to a context from within
sendError.  This meant that an async thread can call sendError and be
dispatched to within the servlet container at the same time that the
original thread was still dispatched to the container.

This commit fixes that problem by using an async dispatch for error
pages within the ErrorHandler.  However, this introduces a new problem
that a well behaved async app will call complete after calling
sendError.  Thus we have ignore complete ISEs for the remainder of
the current async cycle.

Fixed the closing of the output after calling sendError. Do not
close if the request was async (and thus might be dispatched to an
async error) or if it is now async because the error page itself is
async.

* updates from review
* better tests
* revert ignore complete
* added some TODOs
* more TODOs
* fixed rename
* cleanup ISE and more TODOs
* refactored to call sendError for uncaught exceptions rather than onError
* more of the refactor
* extra tests for sendError from completing state

Reworked HttpChannelState and sendError so that sendError is now
just a change of state. All the work is done in the ErrorDispatch
action, including calling the ErrorHandler.  Async not yet working.

Additional tests

Converted ERRORED state to a separate boolean so it can be used for
both Sync and Async dispatches.

Removed ASYNC_IO state as it was just the same as DISPATCHED

The async onError listener handling is now most likely broken.


WIP making sendError simpler and more tests pass
WIP handling async and thrown exceptions
WIP passing tests

Improved thread handling

removed bad test

Implemented error dispatch on complete properly
more fixed tests

sendError state looks committed

- Added resetContent method to leave more non-content headers during sendError
- Fixed security tests
- simplified the non dispatch error page writing.  Moved towards being able to write async

* fixed gzipHandlerTest

* Updated handling of timeout errors.  According to servlet spec,
exceptions thrown from onTimeout should not be passed to onError, but
just logged and ignored:

   If an exception is thrown while invoking methods in an AsyncListener,
   it is logged and will not affect the invocation of any other AsyncListeners.

* This changes several tests.

* Dispatcher/ContextHandler changes for new ERROR dispatch handling. Feels a bit fragile!

* Fixed tests in jetty-servlets
* Fixed tests in jetty-proxy

* more test fixes

* Fixed head handling
reverted unnecessary changes
Improved reason handling

WIP on fully async error handling.
Simplified HttpChannelState state machines to allow for async actions
during completing

more WIP on fully async error handling.

sendError and completion are not both non-blocking, without using
a startAsync operation. However we are lacking unit tests that actually
exercise those code paths.

* Simplified name of states
Added test for async completion
* Cleanups and javadoc
* Cleanups and javadoc
* remove snake case
* feedback from review
* Write error page into fixed pooled buffer

Use the response to get/release a pooled buffer into which the error
page can be written.  Make it a fixed sized buffer and if it overflows
then no error page is generated (first overflow turns off showstacks
to save space).

The ErrorHandler badly needs to be refactored, but we cannot change
API in jetty-9

* More test fixes for different error page format
* minor cleanups
* Cleanup from Review
* Fixed javadoc
* cleanups and simplifications
* Cleanup from Review
* renaming and some TODOs
* Cleanup from Review
* Checkstyle fixes
* Cleanup from Review
* Code cleanups and simplifications
* fixed debug
* Cleanup from Review
* Ensure response sent before server shutdown
* removed unnecessary optimisation
* fixed duplicate from merge
* Updates from review

Signed-off-by: Greg Wilkins <gregw@webtide.com>
2019-08-26 17:55:58 +10:00
Joakim Erdfelt 1867d24ef7
Merge pull request #4001 from eclipse/jetty-9.4.x-4000-swedish-unicode-file-serving
Issue #4000 - new SameFileAliasChecker to help with NFC/NFD UTF-8 differences
2019-08-23 07:27:32 -05:00
Joakim Erdfelt d0ec6e7d07
Merge pull request #3995 from eclipse/jetty-9.4.x-3983-jarfileresource-list
Fixes #3983 - JarFileResource directory listing is invalid
2019-08-22 15:09:16 -05:00
Olivier Lamy fe3d3f7158
fix checkstyle in test sources (#4013)
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
2019-08-22 19:56:41 +10:00
Joakim Erdfelt 88e37b177c Issue #4000 - Name change to isSameName
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-08-21 17:11:44 -05:00
Joakim Erdfelt 4ab0be9b1b Issue #3983 - Applying PR review to JarFileResource
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-08-21 12:43:25 -05:00
Joakim Erdfelt 30bd3914cf Issue #4000 - SameFileAliasChecker to help with NFD/NFC
+ Adding SameFileAliasChecker to help with environments
  where the Alias and the Path point to the same file,
  by relying on the FileSystem and Path implementation
  to make the determination if the two Path references
  truly point to the same file.
+ Minor cleanup of FileSystemResourceTest
+ Additional DefaultServletTest for this UTF-8 differences

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-08-21 12:21:04 -05:00
Joakim Erdfelt ef3f696a11 Issue #4000 - PathResource alias detection work around alt UTF-8 style
+ OSX File is `swedish-å.txt`
+ OSX has NFD form UTF-8 characters. `swedish-a%CC%8A.txt`
+ HTTP uses normal form UTF-8. `swedish-%C3%A5.txt`
+ A HTTP GET request should work against the resource
  being requested, regardless of UTF-8 style used.

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-08-19 13:52:22 -05:00
Joakim Erdfelt 407b564320 Issue #4000 - adding unit test for raw Resource access for unicode file.
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-08-19 12:52:43 -05:00
Joakim Erdfelt 472ede48cd Issue #3983 - JarFileResource directory listing is invalid
+ Correcting encoded path searching
+ Adding more unit tests to ensure no regression

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-08-16 15:48:42 -05:00
Joakim Erdfelt f65e59cadf Issue #3983 - Modernizing JarResourceTest
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-08-16 15:13:53 -05:00
Joakim Erdfelt f1efc99918 Updating to version 9.4.21-SNAPSHOT 2019-08-13 17:34:20 -05:00
Joakim Erdfelt 84700530e6 Updating to version 9.4.20.v20190813 2019-08-13 16:13:21 -05:00
Greg Wilkins dc939d753a
Issue #3804 - Update Decorator integration for various CDI implementations (#3838)
* Jetty Issue #3804 WELD-2587

Support CDI integration:
 + cdi2 module exposes jetty APIs
 + cdi module uses DecorationListener

Signed-off-by: Greg Wilkins <gregw@webtide.com>

* Jetty Issue #3804 WELD-2587

Remove DecoratingListener tests from test-jetty-webapp

Signed-off-by: Greg Wilkins <gregw@webtide.com>

* improve CDI test

Signed-off-by: Greg Wilkins <gregw@webtide.com>

* Jetty Issue #3804 WELD-2587

Reverted test to use released CDI and cdi2 module for now.
To test new mechanism, you need to build the weld snapshot locally,
rebuild and switch to cdi module

Signed-off-by: Greg Wilkins <gregw@webtide.com>

* remove cdi2 webapp references

Signed-off-by: Greg Wilkins <gregw@webtide.com>

* document attribute

Signed-off-by: Greg Wilkins <gregw@webtide.com>

* improved documentation

Signed-off-by: Greg Wilkins <gregw@webtide.com>

* logging

Signed-off-by: Greg Wilkins <gregw@webtide.com>

* improved javadoc

Signed-off-by: Greg Wilkins <gregw@webtide.com>

* Fixed version

Signed-off-by: Greg Wilkins <gregw@webtide.com>

* Reverted to also provide the DecoratingListener in the decorate module.
Renamed cdi-demo to weld-cdi-demo

Signed-off-by: Greg Wilkins <gregw@webtide.com>

* revert from Weld SNAPSHOT

Signed-off-by: Greg Wilkins <gregw@webtide.com>

* test all 3 weld integrations

Signed-off-by: Greg Wilkins <gregw@webtide.com>

* updated destory implementation to release creationalcontext

Signed-off-by: Greg Wilkins <gregw@webtide.com>

* reverted to released Weld version

Signed-off-by: Greg Wilkins <gregw@webtide.com>

* Issue #3804 CDI integration

dispose and release context in destroy

Signed-off-by: Greg Wilkins <gregw@webtide.com>

* Improved CDI module documentation

Signed-off-by: Greg Wilkins <gregw@webtide.com>

* WIP on OWB

Signed-off-by: Greg Wilkins <gregw@webtide.com>

* Updates from review
Parameterised CDITests

Signed-off-by: Greg Wilkins <gregw@webtide.com>

* share webapp resources for cdi webapp test

Signed-off-by: olivier lamy <oliver.lamy@gmail.com>

* Initialize OWB with a SCI so that listeners can be decorated

Signed-off-by: Greg Wilkins <gregw@webtide.com>

* Added OwbDecorator so that cdi2 module can be tested with OWB

Signed-off-by: Greg Wilkins <gregw@webtide.com>

* Lookup attribute name

Signed-off-by: Greg Wilkins <gregw@webtide.com>

* Cleanups

Signed-off-by: Greg Wilkins <gregw@webtide.com>

* Cleanup from Review

Don't do lazy bindings

Signed-off-by: Greg Wilkins <gregw@webtide.com>

* Cleanup from Review

Treat partial CDI same as no CDI

Signed-off-by: Greg Wilkins <gregw@webtide.com>

* fix maven it test no more need of weld-servlet

Signed-off-by: olivier lamy <oliver.lamy@gmail.com>

* cleanup it parent pom removing non needed weld servlet

Signed-off-by: olivier lamy <oliver.lamy@gmail.com>

* upgraded to Weld 3.1.2.Final

Signed-off-by: Greg Wilkins <gregw@webtide.com>

* Cleanup from Review

Signed-off-by: Greg Wilkins <gregw@webtide.com>

* Cleanup from Review

Signed-off-by: Greg Wilkins <gregw@webtide.com>
2019-08-08 04:04:07 +02:00
Simone Bordet 2e2cde69e9
Merge pull request #3899 from eclipse/jetty-9.4.x-3856-maxForm_contentLength_behavior
Fixes #3856 - Different behaviour with maxFormContentSize=0 if Content-Length header is present/missing.
2019-08-07 19:46:49 +03:00
Joakim Erdfelt cb87d7049e
Merge pull request #3923 from eclipse/jetty-9.4.x-3906-seekablebytechannel-fallback
Issue #3906 - Handling SeekableByteChannel.position(long) Exception
2019-08-07 07:43:16 -05:00
Simone Bordet fa0e7850be
Merge pull request #3938 from eclipse/jetty-9.4.x-3929-http2_deadlock_stopping_server
Fixes #3929 - Deadlock between new HTTP2Connection() and Server.stop().
2019-08-07 12:34:15 +03:00
Simone Bordet b9b79a6ad7 Fixes #3929 - Deadlock between new HTTP2Connection() and Server.stop().
Code cleanup.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2019-08-07 10:51:27 +02:00
Simone Bordet 4b7ba20aae Fixes #3929 - Deadlock between new HTTP2Connection() and Server.stop().
Updated code after review.
Now a managed failed bean is restarted if its container is restarted.
Added more test cases.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2019-08-07 10:44:04 +02:00
Simone Bordet 1fd24b3fca Fixes #3940 - Double initialization of Log.
Removed LOG field, it was used improperly (log and rethrow)
and it's now unnecessary.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2019-08-07 10:04:52 +02:00
Simone Bordet 632e9c57a8 Fixes #3940 - Double initialization of Log.
Restructured the class and cleaned up the code.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2019-08-07 10:04:07 +02:00
Simone Bordet 689e6d71a2 Fixes #3940 - Double initialization of Log.
Removed usage of StringUtil.
Moved fields together at top of the class to avoid
class initialization ordering issues.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2019-08-07 09:59:23 +02:00
Simone Bordet f484b83c2e Fixes #3929 - Deadlock between new HTTP2Connection() and Server.stop().
Added test case.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2019-08-06 11:50:29 +02:00
Simone Bordet 6c1b5982a5 Fixes #3929 - Deadlock between new HTTP2Connection() and Server.stop().
Previously beans were started if they were not running, which
included them being in a STOPPING state.
Now beans are only started if they are in STOPPED state.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2019-08-05 21:08:55 +02:00
Simone Bordet 2488c9611f Merged branch 'jetty-9.4.x' into 'jetty-9.4.x-3856-maxForm_contentLength_behavior'. 2019-08-02 19:13:35 +02:00
Simone Bordet 42815a781b Fixes #3856 - Different behaviour with maxFormContentSize=0 if Content-Length header is present/missing.
Updated code to reflect reviews.
Now lookup of system properties and server attributes is done in
ContextHandler.doStart(), so that the getter always return the
actual value (and this is good for JMX too).

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2019-08-02 19:12:49 +02:00
Joakim Erdfelt c2f76a6be5 Issue #3906 - Handling SeekableByteChannel.setPosition() Exception
+ UnsupportedOperationException now triggers a fallback seek mode

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-07-31 14:36:16 -05:00
Olivier Lamy 6b07bd23c8
Issue #3918 use Jetty version from pom if not found (#3919)
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
2019-07-31 20:11:20 +10:00
Joakim Erdfelt 95298d89e9
Merge pull request #3910 from eclipse/jetty-9.4.x-3840-pathresource-byterange
Issue #3840 Static resource byte-range support performance
2019-07-30 20:04:06 -05:00
Joakim Erdfelt dc4b7b1791
Merge pull request #3889 from eclipse/jetty-9.4.x-3888-huge-resources
Issue #3888 - Huge file Resources behaviors
2019-07-30 20:03:34 -05:00
Joakim Erdfelt 7a867c0ff0 Issue #3840 - Applying ByteBuffer niggle from PR review
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-07-30 19:59:49 -05:00
Joakim Erdfelt 43f9553a5e Issue #3840 - Adding more robust PathResource.writeTo()
+ Using techniques from SeekableByteChannelRangeWriter
  with variant for -1 count parameter

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-07-30 17:12:07 -05:00
Joakim Erdfelt fd9ec22876 Issue #3840 - Adding Default FileSystem check to PathResource
+ Construction of PathResource now tests if path belongs
  to the Default FileSystem or not.  This important info
  for later actions against the PathResource that would
  need to know the File object for the Path object.
  Non-Default FileSystem == null
  Default FileSystem == Path.toFile()

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-07-30 13:58:09 -05:00
Joakim Erdfelt 8601baa3cc Issue #3804 - PathResource should not use SPARSE hint always
+ SPARSE hint only applies to real os file systems or
  default file systems, not for all file systems.

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-07-26 13:32:03 -05:00
Joakim Erdfelt e5bce5f7cd Issue #3840 - Static resource byte-range support performance
+ Reverting toFile().getInputStream() on PathResource
+ Adding RangeWriter concept for managing open resource
  across multiple range writes
+ RangeWriter implementation delegates to HttpContent behaviors
  Lookup is :
  - Direct Buffer
  - Indirect Buffer
  - ReadableByteChannel (as SeekableByteChannel)
  - InputStream
+ Adding unit tests for all RangeWriter implementation to ensure
  that they behave the same way everywhere.
+ Making ResourceService use new RangeWriter implementation
+ Existing DefaultServletRangeTest still works as-is

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-07-26 12:36:31 -05:00
Simone Bordet 4e0e962747 Fixes #3822 - trustAll will not work on some servers.
Made TRUST_ALL_CERTS implement X509ExtendedTrustManager,
so that it does not get wrapped in sun.security.ssl.AbstractTrustManagerWrapper,
which performs additional trust checks.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2019-07-26 15:57:53 +02:00
Joakim Erdfelt 24b2ca4c32 Issue #3906 - Introducing Testcase to demonstrate issue
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-07-25 11:43:51 -05:00