* Addendum to #11566.
Restored methods that were removed in WebAppClassLoader.Context.
Fixed method signatures for deprecated method -- they must take the deprecated ClassMatcher, not the newly introduced one.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Issue #11514 - Cleanup `jetty.webapp.addServerClasses` property behavior for ee10/ee9/ee8
* Merging patterns (default -> env -> config)
* Moved ClassMatcher to util
* System Server Classes
* Renaming to Hidden/Protected
* Updated for loss of dump.war
* Update jetty-core/jetty-ee/src/main/java/org/eclipse/jetty/ee/WebappClassLoading.java
* fixed OSGi tests
* Ensure default hidden server and system classes.
* Fixed ee9 OSGi to load jetty-ee
* Adding more deprecations
* Changing XML demos/tests to use new getter names
* rollback xml changes in ee9/ee8
* Fix ee8 maven plugin
* Make jetty-maven dependency optional in ee9 to match ee10
---------
Co-authored-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Co-authored-by: gregw <gregw@webtide.com>
* #11687 make HttpFields.Mutable.Wrapper.computeField() call onRemoveField() and remove the field when null is returned by computeFn
* #11687 replace IAE with NPE
* #11687 replace collect(Collectors.toList()) with toList()
---------
Signed-off-by: Ludovic Orban <lorban@bitronix.be>
* #11631 abort instead of rethrow when the exception handler in handle() throws an exception
* fix ee10 state machine error when client aborts
* H3: wire client-sent reset packet on abort
* H3: only fail finished streams when fill interested is false
---------
Signed-off-by: Ludovic Orban <lorban@bitronix.be>
Fix buffer leak in HTTP and FCGI when the server is being shut down while there are in-flight requests
Signed-off-by: Ludovic Orban <lorban@bitronix.be>
* Issue #11514 - Cleanup `jetty.webapp.addServerClasses` property behavior for ee10/ee9/ee8
* Fix test
* Merging patterns (default -> env -> config)
* Moved ClassMatcher to util
* Adding more deprecations
* Changing XML demos/tests to use new getter names
* rollback xml changes in ee9/ee8
---------
Co-authored-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Co-authored-by: Jan Bartel <janb@webtide.com>
Allows to suppress "caused by" in error message, not only the stacks traces.
ErrorHandler.showCause = false by default.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Co-authored-by: Dennis Hoersch <dennis.hoersch@springernature.com>
Co-authored-by: Dennis Hoersch <dhs3000+ghtu@posteo.de>
* Issue #11567 - fix relative path for resourceBase set in DefaultServlet
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
* Remove the ResourceFactory adaption from between baseResource and a HttpContent.Factory
* Remove toURI usage
* ensure ee9 DefaultServlet encodes the pathInContext
* Moved toURI functionality to ResourceFactory
* use context baseResource if baseResource not set
* removed usages of URIUtil.split
* fixed javadoc
* updates from review
* updates from review
* updates from review
* updates from review
* fixed resource leak in test
* fixed resource leak in test
* updates from review
* Fixes to URIUtil for Windows (#11585)
* Fixes for Windows
* Remove test that is not needed
* inlined resolveOrNew
---------
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
Co-authored-by: Lachlan Roberts <lachlan@webtide.com>
Co-authored-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Refactorings to rationalize and simplify how we do IO with resources internally by introducing the IOResources helper.
Signed-off-by: Ludovic Orban <lorban@bitronix.be>
Initialized PEM directories for both client and server.
Added [lib] section that was missing due to #11263.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Issue #11495 - Add UriCompliance rules that follow the HTTP / URI / Servlet specs for illegal & suspicious characters
* more illegalPathCharacterData test cases
* Correcting SUSPICIOUS_PATH_CHARACTERS semantic (encoded and decoded)
* Check for illegal and suspicious characters as we are parsing the path.
* Only look for ambiguous paths if we know there are dots or encodings.
---------
Co-authored-by: gregw <gregw@webtide.com>
* Issue #11539 restore old behavior of Resource.copyTo()
* Do not delete destination resource
if it exists before copy to restore
the behavior to what we had in
Jetty 9/10/11.
* Formalizing IO.resolvePath()
* Introduced ThreadIdPool and replaced ThreadLocal with it
* Modified ReservedThreadExecutor to be backed by a ThreadIdPool of semaphores
Signed-off-by: Ludovic Orban <lorban@bitronix.be>
Co-authored-by: Simone Bordet <simone.bordet@gmail.com>
Co-authored-by: gregw <gregw@webtide.com>
Co-authored-by: Ludovic Orban <lorban@bitronix.be>
Fix#11411 by allowing non-existent resources to be returned from resolve
Co-authored-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Co-authored-by: Ludovic Orban <lorban@bitronix.be>
#11482 introduce new onComplete event in EventsHandler and use it to record status in StatisticsHandler
Signed-off-by: Ludovic Orban <lorban@bitronix.be>
* Issue #11387: Reintroduce MultiPartCompliance.LEGACY in ee9/ee8
* Correcting javadoc
* Updating MultiPartCaptureTest to ...
* Test with MultiPartFormData.Parser and MultiPart.Parser
* Enable all test cases
* base64 behaviors modified to not auto-decode base64 content
* forms submitted without `_charset_` part (some using a different
charset than UTF-8, like `Shift_JIS`)
* Fixing checkstyle warning
* Re-enable Part-ContainsContents expectations
* Rename MultiPartCompliance.NO_CRLF_AFTER_PREAMBLE to WHITESPACE_BEFORE_BOUNDARY to fit spec better
* Make ee9/ee8 legacy parser use legacy tokenization
* Testing ee9/ee8 legacy parser base64 auto-decoding behaviors
* Cleanup jetty-test-multipart class naming
* Adding ee10 tests against raw multipart examples
* Adding shorter whitespace multipart test
* Adding jetty-core version of failing ee10 tests
* Fixed missed notification for CR content in case of 1 chunk ending with CR and the next chunk ending with LF.
* Removed internal unused class MultiPartParser.
* Adding MultiPartCompliance.Violation events
+ in MultiPart.Parser
+ in MultiPartFormData.Parser
* lenient mode behavior
* new name fits violation better
+ adding violation to MultiPart.Parser.parseHeaderStart
* some simple cleanup of new ee9 code
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Co-authored-by: Simone Bordet <simone.bordet@gmail.com>
* Improve jetty-util on Windows
* Enable ATOMIC_MOVE on Resource.copyTo()
* Add reference to Resource impl in exception.
* Attempting to address sneaky Windows path strings that look like URIs
* Deprecate URIUtil.correctFileURI in favor of new URIUtil.correctURI method
Removed the call to `ServletChannel.abort()` from the write callback.
As the write was issued from `ServletChannel.handle()` case COMPLETE, it was eventually calling `ServletChannelState.completed(Throwable)`, which is expecting the requestState to be COMPLETING.
However, calling `abort()` would set the requestState to COMPLETED, causing the IllegalStateException.
There should be no need to call `abort()` from the callback of failed writes, since failing the various callbacks should be enough, eventually failing the `HttpStream`, which would take care of tearing down the connection (HTTP/1) or the stream (HTTP/2+).
Now aborting the response from ServletChannelState.completed(Throwable).
Fixed SizeLimitHandler exception message.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Introduced oej.io.Transport as the abstraction for the low-level transport of high-level protocols.
Now protocols such as HTTP/1.1 or HTTP/2 can be transported over TCP, QUIC, Unix-Domain, memory, and possibly over other low-level custom protocols too.
* Introduced oej.client.Request.transport(Transport) to specify Transport for each request.
* Introduced Transport to [HTTP2Client|HTTP3Client].connect(...) methods.
* Introduced [Client|Server]QuicConfiguration so that it can be used in other Connectors such as MemoryConnector.
* Introduced oej.server.MemoryConnector and EndPoint.Pipe for memory communication between peers, along with a MemoryTransport.
* Introduced QuicTransport as a wrapper for other Transports, so that QUIC can now also be transported over memory.
* Improved javadocs and documentation.
* Removed usage of ClientConnector.forUnixDomain() from FastCGIProxyServlet (ee10 and ee9).
* Replaced usage of HTTP3ServerConnector with QuicServerConnector in jetty-http3.xml.
* Fixed handling of Instruction notifications in case of re-entrance.
Now first clear the list, then notify to avoid that when re-entering the same instruction is notified multiple times.
* Introduced ContentSourceRequestContent, and updated ProxyHandler to use it.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Issue #11414 - use HttpURI instead of URIUtil to have a single point of spec behavior
* Issue #11414 - enforce lowercase scheme in HttpConfiguration.secureScheme
* Issue #11414 - Scheme produced on `Location` header is lowercase
* Issue #11414 - Scheme to lowercase
* Issue #11414 - Scheme to lowercase
* Revert change to HttpClient
* Added schema port knowledge to URIUtil
* Fixed tests for normalized URIs
* updates from review
* updates from review
* Fix tests
* Restored methods as deprecated
* More testing
---------
Co-authored-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
* In ServletChannel, in COMPLETE state, there was a check comparing the number of bytes written with that declared by Content-Length.
Unfortunately the check was wrong in case of gzip, because it was comparing the application length with the gzipped length, resulting in a late sendErrorOrAbort() that was an abort() because the response was already fully sent.
Furthermore, if sendErrorOrAbort() was actually an abort(), there was an unnecessary attempt to complete the output.
* In GzipHandlerResponseAndCallback there were 2 last writes: one when the application calls output.close(), and one when the callback is succeeded.
Furthermore, when no content needs to be written, it was still compressed, causing an IOException in ChannelResponse (again when double-checking the bytes written, since Content-Length was 0, but the gzip header and trailer were written).
* Updates semantic of when to add the "Vary" header.
Now it is always only added by GzipHandler, when it would be possible to generate a response that might be compressed (even if it will not).
* Added *.bz2 mime-type.
Updated GzipHandler with the correct mime-type for *.bz2: application/x-bzip2.
* Improved checks for the number of bytes written against declared content-length.
This is necessary because welcome files are written by DefaultServlet (most of the times) bypassing the Servlet classes, using ServletContextResponse directly.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Co-authored-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
+ Introduce new events on `ComplianceViolation.Listener`
+ Introduce new `ComplianceViolation.Listener.initialize()` to allow for a new Listener at the appropriate time (to support per-request listeners)
+ Introduce new `ComplianceViolation.CapturingListener`
+ Introduce new `HttpConfiguration.(add/remove/get)ComplianceViolationListener()` methods.
+ Deprecate/Remove handling of `recordComplianceViolations` in `HttpConnection` and `HttpConnectionFactory` classes.
+ Produce warnings if use of `ComplianceViolation.Listener` as beans is still present.
+ Add `ComplianceViolation.Listener` support to `UriCompliance` locations.
+ Add `ComplianceViolation.Listener` support to `MultiPartCompliance` locations.
+ Add `ComplianceViolation.Listener` support to `CookieCompliance` locations.
+ Add `ComplianceViolation.Listener` support to `HttpCompliance` locations in HTTP/2 and HTTP/3
---------
Co-authored-by: gregw <gregw@webtide.com>
* Using @foo.version@ technique and proper
lib lists to allow arbitrary version
updates from properties
* Fix spotless
* Remove duplicate entries
* Only replace System property "jetty.version" with manifest-ver if blank/null
* Fixing bad module definitions
* Issue #11009 - add test for bad Jakarta endpoint
* Issue #11009 - ensure endpoint deployable before adding ServerEndpointConfig
* add same test and fix for ee9
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
* Do not use HttpStream.Wrapper in SizeLimitHandler
* Updated the SizeLimitHandlerServletTest
* Udpated documentation and javadocs.
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Co-authored-by: Simone Bordet <simone.bordet@gmail.com>
* Made ServletChannel error handling more robust.
A failure in error handling is now remembered so that the Handler callback can be failed later.
* Avoid failing the Handler callback from ServletChannel.abort(), as it is too early: should be failed when processing the TERMINATED state, similarly to when it is succeeded.
* Removed dead code from HttpConnection.SendCallback.reset(), since response is always non-null.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Call ServletChannelState.asyncFailure from error listener. Fix#10933
* Separate invokers for read side and write side
* document async error issues
* updates from review
* updates from review
Removed duplicate handling from servlet. Now only handled in core in HttpChannelState and protected it from concurrent writes.
Added additional tests.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Co-authored-by: Simone Bordet <simone.bordet@gmail.com>
* #10926 - skip existence check if only one Normalizer
* fix for AttributeNormalizer
---------
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
Co-authored-by: gregw <gregw@webtide.com>
Reworked the ServletChannel.handle() SEND_ERROR case.
Now using the proper state changes to call ErrorHandler.handle(), which is asynchronous, so that IllegalStateExceptions are avoided.
Restored idle timeout tests in ee9/ee10 AsyncMiddleManServletTest.
Fixed notification of request destroyed in ErrorHandler: must be before completing the callback, since listener may call Servlet APIs that should see the ServletChannel state before the ErrorHandler callback changes it.
Updated ServletChannelState.isAsync() and isAsyncStarted().
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Fixes#10234
* Introduced transient failures in reads where a failure chunk has last=false.
* Transient failure now do not fail the handler callback.
* Improve eeN ContentProducer to more carefully assert transient and terminal errors + enable HttpInputIntegrationTest
* Do not add connection: close to the response when the error is transient
* Rework ChunksContentSource to support null chunks
* Added tests to verify the new transient failure cases
* Review all code that handles failure, and handling correctly transient failure, either by making them fatal, and/or by failing Content.Source.
Signed-off-by: Ludovic Orban <lorban@bitronix.be>
Signed-off-by: Olivier Lamy <olamy@apache.org>
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Co-authored-by: Ludovic Orban <lorban@bitronix.be>
Co-authored-by: Olivier Lamy <olamy@apache.org>
Co-authored-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Co-authored-by: Chad Wilson <chadw@thoughtworks.com>
Co-authored-by: Simone Bordet <simone.bordet@gmail.com>
* Various cleanups of Handler.insertHandler
* Added missing call to relinkHandlers() in setHandler() after calling super.
* Moved call to relinkHandlers() in insertHandler(), as the various setSession|Security|ServletHandler() already call relinkHandlers().
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
---------
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Co-authored-by: Simone Bordet <simone.bordet@gmail.com>
The local/remote SocketAddress is cached within the ConnectionMetaData or Connection instance, so that any changes are not visible during the request lifetime.
Ensure that all server Connection types respect HttpConfiguration#getLocalAddress and that it is not implemented only in servlet layer
Avoid DNS resolution.
---------
Co-authored-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Improve handling of SSL metadata in ConnectionMetaData, proxied connections and forwarded requests
+ Added an Attributes.Synthetic mechanism to better (and mor commonly) handle additional attributes, whilst meeting the new TCK requirement that they can be deleted or replaced.
+ Made SslSessionData a reusable type provided by EndPoint
+ Added the EndPoint.Securable subtype that can provide a SslSessionData instance for secure EndPoints
+ Updated ForwardedRequestCustomizer, SecureRequestCustomizer to understand Securable and SslSessionData
+ Javadocs improvements.
+ Removed unnecessary attribute constants in SecureRequestCustomizer.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
---------
Signed-off-by: Olivier Lamy <olamy@apache.org>
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Co-authored-by: Olivier Lamy <olamy@apache.org>
Co-authored-by: Simone Bordet <simone.bordet@gmail.com>
Recycle ServletChannel in ServletContextHandler rather than in ServletHandler, so that completion events on servlet API request/response can be handled.
* Fix overlays with CombinedResource
* Improvements to CombinedResource for AnnotationParser
* Added `contains` and `getPathTo` methods to the Resource API, so they can be used by the AnnotationParser
* Fixed numerous bugs in CombinedResource list and getAllResources
* handles cross file system copy as well.
* Reduced fallback to URI string manipulation.
---------
Co-authored-by: gregw <gregw@webtide.com>
Co-authored-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
* Avoid a copy in MutableHttpFields.asImmutable if the mutable is never mutated again.
* reduce instance creations needed for iterations
---------
Co-authored-by: Ludovic Orban <lorban@bitronix.be>
* Issue #7408 fix scope of maven dependencies for ee10
* Issue #7408 fix scope of maven dependencies for ee10 jspc and restore it test which were disabled
* Issue #7408 fix scope of maven dependencies for ee9 maven plugin
* Issue #7408 fix scope of maven dependencies for ee9 jspc and restore it test which were disabled
* Issue #7408 fix scope of maven dependencies for ee8 maven plugin
* Issue #7408 fix scope of maven dependencies for ee8 jspc and restore it test which were disabled
---------
Signed-off-by: Olivier Lamy <olamy@apache.org>
Web functions are currently supported with servlets. These changes add/move utility classes to core to better support direct usage of core APIs
* increase usage of Charset in request
* Added flush mechanism to BufferedContentSink
* Issue #10466 review session documentation.
Also fix session config context init param names and add missing code to
configure SessionHandler via context init params, and added test for
config.
* Issue #10328 - Review ResourceFactory.newSystemResource
+ Create a new ResourceFactory.newClassLoaderResource(String, boolean)
+ Make .newSystemResource(String) use it
+ Make .newClassPathResource(String) use it
+ Deprecate .newSystemResource(String)
+ Deprecate .newClassPathResource(String)
+ Adjust own codebase to not use deprecated methods
* Using request.getLength() instead of looking up the Content-Length header.
* Jetty Handler vs Servlet pros.
* Using CompletableFuture (not Promise) in examples.
* Removed unused cruft from tests.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Improved parsing of JSESSIONID cookies and jsessionid parameters.
Better handling of invalid and duplicate session IDs
Co-authored-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Co-authored-by: Jan Bartel <janb@webtide.com>
* Added SetCookieParser interface and RFC6265SetCookieParser implementation to properly parse Set-Cookie values.
* Removed hacky implementation in HttpClient.
* Removed unused methods in HttpCookieUtils.
* Using SetCookieParser for the implementation of newPushBuilder in ee9,ee10.
* Reworked HttpCookieStore.Default implementation.
* Implemented properly cookie path resolution.
* Using URI.getRawPath() to resolve cookie paths.
* Removed secure vs. non-secure scheme distinction when storing cookies.
* Refactored common code in HttpCookieStore.Default to avoid duplications.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Introduced QoSHandler.
* Updated documentation, and removed old documentation.
* Now using dynamic max priority.
The current implementation retains priorities and queue as they are created, but hopefully the priority range is constrained.
* Better algorithm for resuming: rather than releasing a permit and try to acquire it again, keep the permit and resume a request.
This also removes the issue that a request could have been suspended again, therefore remaining suspended much more than maxSuspend.
* Deprecated QoSFilters in ee10 and ee9.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Introduced CompletableResponseListener, a replacement for FutureResponseListener that uses better APIs based on CompletableFuture.
Deprecated FutureResponseListener and replaced its usages.
Updated documentation.
Added tests for zipped request content.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Simone Bordet
gregw
Jan Bartel
Joakim Erdfelt
Ludovic Orban
Olivier Lamy
Lachlan
Danish Nawab
Olivier Lamy