Commit Graph

17209 Commits

Author SHA1 Message Date
Joakim Erdfelt eb5d4ece39 Issue #3974 - disabling flaky AsyncMiddleManServletTest
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-09-09 09:56:16 -05:00
Greg Wilkins 17f4dd1a40
Merge pull request #4066 from dreis2211/tolerate-multiple-accept-encondings-gziphandler
Tolerate multiple Accept-Encoding headers in GzipHandler
2019-09-09 15:14:15 +10:00
dreis2211 82e8fc0b0e Simplify check for Accept-Encoding header
Signed-off-by: dreis2211 <christoph.dreis@freenet.de>
2019-09-09 07:06:40 +02:00
tomoya yokota c904a14d6a fix Session#finishInvalidate throwsConcurrentModificationException (#4036)
* fix Session#finishInvalidate throws java.util.ConcurrentModificationException
* Change constructor _attribute field must assigned to ConcurrentHashMap

Signed-off-by: tomoya-yokota <tomoya-yokota@cybozu.co.jp>
2019-09-09 14:52:48 +10:00
dreis2211 597458df7c Tolerate multiple Accept-Encoding headers in GzipHandler
Signed-off-by: dreis2211 <christoph.dreis@freenet.de>
2019-09-08 01:44:05 +02:00
Joakim Erdfelt 5f83f0a599
Merge pull request #4062 from eclipse/jetty-9.4.x-versions
Updating versions table
2019-09-06 10:39:08 -05:00
Joakim Erdfelt cf2074114d Jetty version change to Min JVM with footnotes
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-09-06 08:58:04 -05:00
Simone Bordet 22f0cdde29
Merge pull request #3996 from eclipse/jetty-9.4.x-3978-http2_vulnerabilities
Fixes #3978 - HTTP/2 vulnerabilities.
2019-09-06 09:51:37 +02:00
Greg Wilkins 894f31e612
Issue #4048 Multiple proxy ports (#4063)
Support multiple proxy port values.

Signed-off-by: Greg Wilkins <gregw@webtide.com>
2019-09-06 14:45:00 +10:00
Lachlan 74e560fb7a
Issue #4031 - stop unopened WebSocketSessions gracefully (#4046)
* Issue #4031 - stop unopened WebSocketSessions gracefully

Signed-off-by: Lachlan Roberts <lachlan@webtide.com>

* Issue #4031 - notify onError if shutdown before open

Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2019-09-06 13:50:33 +10:00
Olivier Lamy 39a3cd6b3c
force mergeUserSettings to true (#4051)
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
2019-09-06 13:28:32 +10:00
Simone Bordet 4e67e8594e Merged branch 'jetty-9.4.x' into 'jetty-9.4.x-3978-http2_vulnerabilities'. 2019-09-05 23:12:35 +02:00
Simone Bordet 508ad4aff9 Issue #3978 - HTTP/2 vulnerabilities.
Code cleanups and reformatting.

Fixed logic for SETTINGS frame replies: they are not subject to rate control.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2019-09-05 23:11:53 +02:00
Joakim Erdfelt 1d57d5f089 Updating versions table
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-09-05 13:58:48 -05:00
Joakim Erdfelt 4717a8e049
Merge pull request #4059 from eclipse/jetty-9.4.x-4057-response.containsHeader-npe
Issue #4057 - NPE in HttpFields.containsKey
2019-09-05 13:08:01 -05:00
康智冬 3a6b26d292 fix typo (#4055)
Signed-off-by: KangZhiDong <worldkzd@gmail.com>
2019-09-05 13:17:30 -04:00
Simone Bordet 638327d7e3 Updated JaCoCo to 0.8.4 to support (at least) Java 12.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2019-09-05 19:10:20 +02:00
Joakim Erdfelt 2b1fe8c38d Issue #4057 - Clean up identified by PR review
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-09-05 12:04:23 -05:00
Joakim Erdfelt 91d3ddced6 Issue #4057 - NPE in HttpFields.containsKey
+ Preventing HttpField from having a null name.

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-09-05 10:04:25 -05:00
康智冬 49ba6d1acb fix typo and grammar (#4045)
Signed-off-by: KangZhiDong <worldkzd@gmail.com>
2019-09-02 14:29:50 -04:00
Joakim Erdfelt bb7eb4bc86 Adding some comments to URIUtilTest
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-08-30 09:23:34 -05:00
Joakim Erdfelt 25071c3e99
Merge pull request #4034 from eclipse/jetty-9.4.x-4033-uriutil-equalsignoreencodings
Issue #4033 - Add Lenient percent decode in URIUtil
2019-08-29 07:21:34 -05:00
Joakim Erdfelt 2fcb311c56 Issue #4033 - Addressing Lenient URIUtil decode behavior change in test
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-08-28 16:32:19 -05:00
Joakim Erdfelt 2b72f08f1b
Merge pull request #4019 from eclipse/jetty-9.4.x-155-jsr-websocket-client-ssl-init
Issue #155 - Adding public ClientContainer(HttpClient) constructor
2019-08-28 14:31:51 -05:00
Joakim Erdfelt bf3638daa4
Merge pull request #4026 from eclipse/jetty-9.4.x-4020-websocket-incompatibleclasschange
Fixes #4020 - Revert ExtensionFactory change to interface.
2019-08-28 12:37:44 -05:00
Joakim Erdfelt 37e7884382 Issue #4020 - Applying change requested from PR review
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-08-28 12:36:07 -05:00
Joakim Erdfelt e56d91196d Issue #4020 - Adding JMX to BrowserDebugTool to test dump
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-08-28 12:31:33 -05:00
Joakim Erdfelt f47115c585 Issue #4033 - More tests for Lenient URIUtil behavior
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-08-28 12:20:52 -05:00
Joakim Erdfelt 7da57151ed Issue #4033 - lenient percent decode in URIUtil
+ Allows for preserving decoded Strings like "X%YZ"

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-08-28 12:08:18 -05:00
Joakim Erdfelt b2ea6a0861 Fixing Test Parameterization
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-08-28 10:43:15 -05:00
Jan Bartel 4251a3e092
Issue #4022 Prevent Servlet adding another Servlet (#4024)
* Issue #4022  Prevent Servlet adding Servlet and added unit tests.

Signed-off-by: Jan Bartel <janb@webtide.com>
2019-08-28 12:29:14 +10:00
Joakim Erdfelt 2979ed5046 Fixes #4020 - Satisfy Container LifeCycle dumpable behaviors
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-08-27 20:25:10 -05:00
Jan Bartel f4d95e0f2f Remove blank lines for NullSessionCacheTest
Signed-off-by: Jan Bartel <janb@webtide.com>
2019-08-28 11:22:14 +10:00
Jan Bartel 37712d75a2
Issue #4027 Ensure AbstractSessionDataStore started or throws exception. (#4028)
* Issue #4027 Ensure AbstractSessionDataStore started or throws exception.

Signed-off-by: Jan Bartel <janb@webtide.com>
2019-08-28 11:08:42 +10:00
Jan Bartel a2fc9b113b Fix and enhance session invalidation tests.
Signed-off-by: Jan Bartel <janb@webtide.com>
2019-08-28 11:04:31 +10:00
Joakim Erdfelt eef2481b59 Adding cookie parsing test for excessive semicolon (reported as CVE in other projects) 2019-08-27 14:09:06 -05:00
Joakim Erdfelt 6bcfa2dc6e Fixes #4020 - Deprecate ExtensionFactory
+ This class is removed in Jetty 10 anyway.
+ If all you want is to access available extension names
  then use the Factory.getAvailableExtensionNames() method
  (which exists in Jetty 10.0.0 as well)

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-08-27 13:25:08 -05:00
Joakim Erdfelt 4d8e8050bd Fixes #4007 - using `user.home` system property instead of $HOME
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-08-27 08:48:02 -05:00
Greg Wilkins 2564a08150 fix checkstyle
Signed-off-by: Greg Wilkins <gregw@webtide.com>
2019-08-27 18:43:33 +10:00
Greg Wilkins 83463c2a23
Issue #3964 - Listener behavior cleanup (Jetty 9.4.x) (#3965)
Issue #3964
* Avoid creating listener list for rarely used requestAttributeListener
* AbstractConnector keeps a specific list of HttpChannel.Listeners
to avoid Connection.Listeners and MBean listeners being added to
the HttpChannel listener list.
* Simplified listener handling by avoiding null connector, previously
only needed for testing.
* Fixed test that assumed HttpChannel listeners were not cleared by a recycle
* Separated out durable vs cyclic HttpChannel.Listeners, so as to
simplify handling.
* Deprecated cyclic HttpChannel.Listeners, as I'm not sure the channel is
the right place for them.
* Added improved method to combine multiple HttpChannel Listeners
into a single Listener.
* Fixed MockConnector
* Added benchmark
* Improved benchmark
* Updates from review
* Removed benchmark and alternate implementations.
* Updated javadoc
* Updates from review

Signed-off-by: Greg Wilkins <gregw@webtide.com>
2019-08-27 17:38:20 +10:00
Greg Wilkins 1f189d4618 fixed test visibility for JPMS
Signed-off-by: Greg Wilkins <gregw@webtide.com>
2019-08-27 14:30:03 +10:00
Olivier Lamy b51d770807
session#getLastAccessedTime should throw IllegalStateException if session has been invalidated (#4023)
* per servlet api javadoc getLastAccessedTime should throw IllegalStateException if session has been invalidated

Signed-off-by: olivier lamy <oliver.lamy@gmail.com>

* isInvalid test should be done within lock

Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
2019-08-27 13:03:28 +10:00
Greg Wilkins d216792d23 Made test not fail in symlinked directory
Signed-off-by: Greg Wilkins <gregw@webtide.com>
2019-08-27 13:01:34 +10:00
Jan Bartel 19980ceeb5
Issue #4009 ServletContextHandler setSecurityHandler broke handler chain (#4012)
* Issue #4009 ServletContextHandler setSecurityHandler broke handler chain

Signed-off-by: Jan Bartel <janb@webtide.com>
2019-08-27 11:00:09 +10:00
Jan Bartel 387e33acaf
Issue #4006 Fix ClusteredSessionMigrationTest (#4010)
Signed-off-by: Jan Bartel <janb@webtide.com>
2019-08-27 10:53:54 +10:00
Joakim Erdfelt 149d9d4862 Fixes #4020 - Revert ExtensionFactory change to interface.
+ The change in commit 30dc103a12
  was done to allow the InflaterPool and DeflaterPool
  to be managed by the Jetty lifecycle.
+ This restore the original abstract class ExtensionFactory.
+ Had to break the traditional LifeCycle usage for a more
  non-traditional one in order to both, not break this existing
  API, and not introduce jetty-util to the webapp classloader.
+ This will restore API / binary compatibility for other
  projects, like spring-boot.

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-08-26 13:40:32 -05:00
Greg Wilkins bde86467f4
Issue #3806 - Make Async sendError fully Async (#3912)
* Issue #3806 async sendError

Avoid using isHandled as a test withing sendError as this can be
called asynchronously and is in a race with the normal dispatch of the
request, which could also be setting handled status.

The ErrorHandler was dispatching directly to a context from within
sendError.  This meant that an async thread can call sendError and be
dispatched to within the servlet container at the same time that the
original thread was still dispatched to the container.

This commit fixes that problem by using an async dispatch for error
pages within the ErrorHandler.  However, this introduces a new problem
that a well behaved async app will call complete after calling
sendError.  Thus we have ignore complete ISEs for the remainder of
the current async cycle.

Fixed the closing of the output after calling sendError. Do not
close if the request was async (and thus might be dispatched to an
async error) or if it is now async because the error page itself is
async.

* updates from review
* better tests
* revert ignore complete
* added some TODOs
* more TODOs
* fixed rename
* cleanup ISE and more TODOs
* refactored to call sendError for uncaught exceptions rather than onError
* more of the refactor
* extra tests for sendError from completing state

Reworked HttpChannelState and sendError so that sendError is now
just a change of state. All the work is done in the ErrorDispatch
action, including calling the ErrorHandler.  Async not yet working.

Additional tests

Converted ERRORED state to a separate boolean so it can be used for
both Sync and Async dispatches.

Removed ASYNC_IO state as it was just the same as DISPATCHED

The async onError listener handling is now most likely broken.


WIP making sendError simpler and more tests pass
WIP handling async and thrown exceptions
WIP passing tests

Improved thread handling

removed bad test

Implemented error dispatch on complete properly
more fixed tests

sendError state looks committed

- Added resetContent method to leave more non-content headers during sendError
- Fixed security tests
- simplified the non dispatch error page writing.  Moved towards being able to write async

* fixed gzipHandlerTest

* Updated handling of timeout errors.  According to servlet spec,
exceptions thrown from onTimeout should not be passed to onError, but
just logged and ignored:

   If an exception is thrown while invoking methods in an AsyncListener,
   it is logged and will not affect the invocation of any other AsyncListeners.

* This changes several tests.

* Dispatcher/ContextHandler changes for new ERROR dispatch handling. Feels a bit fragile!

* Fixed tests in jetty-servlets
* Fixed tests in jetty-proxy

* more test fixes

* Fixed head handling
reverted unnecessary changes
Improved reason handling

WIP on fully async error handling.
Simplified HttpChannelState state machines to allow for async actions
during completing

more WIP on fully async error handling.

sendError and completion are not both non-blocking, without using
a startAsync operation. However we are lacking unit tests that actually
exercise those code paths.

* Simplified name of states
Added test for async completion
* Cleanups and javadoc
* Cleanups and javadoc
* remove snake case
* feedback from review
* Write error page into fixed pooled buffer

Use the response to get/release a pooled buffer into which the error
page can be written.  Make it a fixed sized buffer and if it overflows
then no error page is generated (first overflow turns off showstacks
to save space).

The ErrorHandler badly needs to be refactored, but we cannot change
API in jetty-9

* More test fixes for different error page format
* minor cleanups
* Cleanup from Review
* Fixed javadoc
* cleanups and simplifications
* Cleanup from Review
* renaming and some TODOs
* Cleanup from Review
* Checkstyle fixes
* Cleanup from Review
* Code cleanups and simplifications
* fixed debug
* Cleanup from Review
* Ensure response sent before server shutdown
* removed unnecessary optimisation
* fixed duplicate from merge
* Updates from review

Signed-off-by: Greg Wilkins <gregw@webtide.com>
2019-08-26 17:55:58 +10:00
Jan Bartel 0f8230c05b
Issue #3936 Provide write-through modes for the NullSessionCache (#3984)
* Issue #3936 Provide write-through modes for the NullSessionCache

Signed-off-by: Jan Bartel <janb@webtide.com>
2019-08-26 15:22:20 +10:00
Greg Wilkins 53fc01793c Updates from review
Signed-off-by: Greg Wilkins <gregw@webtide.com>
2019-08-26 13:20:07 +10:00
Greg Wilkins b2aa083778 Updates from review
Signed-off-by: Greg Wilkins <gregw@webtide.com>
2019-08-26 13:18:12 +10:00