Introduced PlainOrSslConnectionFactory, to "sniff" the first bytes
on a connection and upgrade to SSL (if the bytes are TLS bytes), or
upgrade to a specific, configured, protocol.
Added also the ability to fail the upgrade in case of a `http`
request to a `https` port and write a minimal response to the client.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Made default endpointIdentificationAlgorithm=HTTPS to avoid warnings
when SslContextFactory is used on a server.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
This interface is currently package-private while it's in the
signature of several public methods (e.g. addLowResourceCheck, getLowResourceChecks)
Signed-off-by: Bjørn Christian Seime <bjorncs@yahoo-inc.com>
%t now takes in locale and timezone in the format string argument
instead of getting it from the setters on the CustomRequestLog class
fixed issue with multiline format strings
requestLog writers are now managed objects
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
removed tests for %B and %b which have been removed in favor of %O
adjusted the NcsaRequestLogTest to only test ExtendedNCSA format
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
replaced terminology for addresses and ports to use
client and server referring to the logical connection and
local and remote referring to the physical connection to the first hop
finished implementing tests in CustomRequestLogTest otherwise
disabled tests which will be verified manually instead
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
added missing copyright header in some new files
added CustomRequestLogTest in jetty-servlet to test things like
logFilename and logRequestHandler
the log strings produced do no longer contain a trailing newline
implemented more tests in CustomRequestLogTest
and finished implementing some of the logging in CustomRequestLog
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
Issue #3038 - SSL connection leak.
Fixed SSL spin caused when fill had NEED_WRAP, but a flush/wrap
produced 0 bytes and stayed in NEED_WRAP
Removed check of isInputShutdown prior to filling that allowed EOF to
overtake data already read.
Fix for leak by shutting down output in HttpConnection if
filled -1 and the HttpChannelState was no longer processing
current request.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Introduced the RequestLog.Writer where a RequestLog takes a writer
which manages what to do with the log strings produced by the RequestLog
deprecated the NCSA and SLF4J RequestLogs in favor of CustomRequestLog
Implemented more format codes in CustomRequestLog
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
fixed parsing issues for the format string by parsing left to right
and reversing the list of parsed tokens
reduced to parsing to single regex expression
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
* Issue #3049 Warn on common SslContext vulnerable configurations
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Adding documentation notes for weak cipher warnings
Signed-off-by: WalkerWatch <ctwalker@gmail.com>
* Issue #3049 - SslContextFactory warnings on known bad config
+ Changes warnings from being a boolean on SslContextFactory
to being a logger named
"org.eclipse.jetty.util.ssl.SslContextFactory.config"
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
* Issue #3049 - SslContextFactory warnings on known bad config
+ Cleanup based on review
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
* Issue #3049 - SslContextFactory warnings on known bad config
+ Cleanup based on review
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Issue #3018 improve logging and handling of slow data rates.
* Slow data rates now result in aborted channels, but exception is still thrown. Test for 408 in requestLog
* Updated many RequestLog usages to use Server.setRequestLog rather than a RequestLogHandler
* Fixed javadoc
* removed BadRequestLogHandlerTest (tested in RequestLogTest)
* added JMH to show the future of request logging for #113
* copyright header.
* Updates from review
* Revert to throwing BadMessageException
* BME ensures a 408 is logged rather than a 500
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Cleanup the dump implementation
* improved the clarity of utility methods for dump and updated most dump methods
* fixed upgrade filter dump
* Improved dump after review
* Moved dumpObjects to Dumpable
* implemented dumpBeans with dumpObjects
* less verbose dump
* Dump streams
* fixed dump test
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Replaced usage of sun.reflect.Reflection with a
SecurityManager subclass, so that it works in all JDKs.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
+ Changes needed for new Junit 5
+ Migrating from Vintage junit API to Jupiter junit API
+ Relies on SNAPSHOT jetty-test-helper
- this will be a formal release once this issue has been
resolved satisfactory
+ Have jenkins always pull latest SNAPSHOT for each build
+ Adding jetty.snapshots repository
+ Using surefire 2.22.0 per advice from junit
+ Ensuring <reuseForks>true</reuseForks> to work around issue junit-team/junit5#801
+ Disabling <forkMode>always</forkMode> in maven-surefire-plugin
due to bug https://github.com/junit-team/junit5/issues/801
+ OSGi tests must remain at vintage due to PaxExam
+ Moving from vintage TestingDir to jupiter WorkDir
+ Fixing imports to use jupiter, not vintage
+ Migrating vintage ExpectedException to jupiter assertThrows
+ Migrating vintage TestName to jupiter TestInfo
+ Migrating @RunWith(Parameterized.class)
to @ParameterizedTest with Argument Sources
+ Migrating assertTrue(val.contains(needle))
to assertThat(val, containsString(needle))
+ Aligning junit versions per recommendations from @sormuras
+ Adjusting parameter order change for assertEquals()
+ Test LifeCycle Annotation Migration
junit 4 | junit 5 / jupiter
------------ | -----------
@Before | @BeforeEach
@After | @AfterEach
@BeforeClass | @BeforeAll
@AfterClass | @AfterAll
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
HttpInput.consume() now checks if the state is already failed,
and if so it does not change it when consuming the input.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Issue #2711 - TLS 1.3 compliance.
Disabled few tests that are TLS 1.2 specific.
Renegotiation in SslConnection is now skipped for TLS 1.3.
Replaced SNI keystore DSA certificate with RSA certificate.
First full build achieved with JDK 11+28.
Small changes after review.
Modified the test case to pass in JDK 8, where the implementation
throws SSLException, while in later JDKs throws SSLHandshakeException.
Minor cleanup
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Cleanup of Graceful shutdown, plus ensure Connection:close if connector is shutdown for #2749
* WIP close connection when shutting down
* WIP use HttpChannel.Listener
* cleanups
* support graceful stop of a context
* only close connections if the connector is shutdown
* minor cleanups
* fixed toString and test
* fixed imports
* Move close logic to HttpConnection
* fixed generator to not override persistent
* Issue #2749 - Close connections on graceful shutdown.
* Small fix after review.
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Issue #300 - Implement Deflater Pool
Removed the ThreadLocal pooling of deflaters in GzipHandler in favour of a new DeflaterPool class
GzipHttpOutputInterceptor.GzipBufferCB now recycles the Deflater in onCompleteFailure()
added benchmark for the DeflaterPool
allow negative capacity to mean no limit on the pool size
added mod file and xml changes
replace setDeflaterPool with newDeflaterPool
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
* Issue #2787 Unwrap ServletException
* Do not unwrap UnavailableException
* unwrap to specific targets
* fixes from review
* fixes after merge
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Replaced the response.isCommitted() check with a boolean returned from _resourceService.doGet().
This means the response does not need to be committed for the check to work correctly.
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
Major refactor of SslConnection to address #2233 and to simplify in preparation for java-11 support.
Made the `needFillInterest` and `onIncompleteFlush` methods the primary stateful methods with state for fill and flush side that does not reproduce state already held by the SslEngine itself.
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Flush response buffer in places where the response needs to be committed.
Removed if statement preventing HEAD requests processing conditional headers.
Added two new test cases which failed before the changes and should now pass.
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
Now using _requestStats instead of _dispatchedStats to check for
requests completed when shutting down StatisticsHandler.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Issue #2468 - Remove SoLinger.
For non-blocking sockets, StandardSocketOptions#SO_LINGER javadocs
report that the behavior is undefined. In JDK 11 setting SoLinger
for non-blocking sockets will be ignored.
As such, there is no point in allowing SoLinger to be configured
in Jetty that only uses non-blocking sockets.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
removed HttpOutput.close(Closeable) method as IO.close(Closeable) should be used instead
added isFailed() method to WriteFlusher and used it to fix WriteFlusherTest.testFailWhileBlocking()
surrounded usage of onError() in HttpOutput.run() with try-finally so that IO.close(this) is executed if onError throws
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
changed write flusher to go from pending state to failed state
reverted previous HttpOutput changes
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
Removed duplicate test.
Removed lines that were testing unreliable TCP behavior.
Fixed retrieval of EndPoint in case of SSL.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Replacing setBlockingTimeout with setIdleTimeout to fix the ReadPendingException on ServerConnectorTimeoutTest.testHttpWriteIdleTimeout().
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
replaces some usages of printStackTrace with logging in ConnectorTimeoutTest to avoid printing out the stack trace on passing tests
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
Rewrote the test to not write to the server,
thus avoiding connection resets.
The rewrite also clarified what the test was testing.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Due to shift operations taking less precedence over addition the expression was parsed in an unintended way.
With this change the intention is made more clear and the intended order of calculations (shift the single byte values into some variable) is actually implemented.
Signed-off-by: Benny Baumann <BenBE@geshi.org>
Now explicitly using a _mappedBuffer field in
CachedContentFactory.CachedHttpContent.
Deprecated BufferUtil.isMappedBuffer().
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Changed Request.MultiPartInputStream to an interface called MultiParts where there is an implementation for both the HTTP and UTIL parsers.
Resolved some issues with default charsets in regards to request.setCharacterEncoding and the _charset_ part for issue #2398.
Changed HTTP parser to operate the same as UTIL parser in situtions with parts not of type form-data or without name field. HTTP parser was ignoring these parts, UTIL parser was throwing exceptions.
Replaced the context attribute with a field in MultiParts.
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
Now using HttpVersion.HTTP_1_1::is, which is case insensitive,
to find the default protocol among the negotiated protocols.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Issue #2231 WIP
* Issue #2231 Add tests for FileSessionDataStore and MongoSessionDataStore.
* Issue #2231 create unit tests for every SessionDataStore
Signed-off-by: Jan Bartel <janb@webtide.com>
* Issue #2231 Refactor session tests
Signed-off-by: Jan Bartel <janb@webtide.com>
* Issue #2231 Refactor and cleanup session tests.
Signed-off-by: Jan Bartel <janb@webtide.com>
* hazelcast tests faster
Signed-off-by: olivier lamy <olamy@webtide.com>
* make hazelcasts tests even faster
Signed-off-by: olivier lamy <olamy@webtide.com>
* cleanup comments
Signed-off-by: olivier lamy <olamy@webtide.com>
* run mongodb test in embdedded mode
Signed-off-by: olivier lamy <olamy@webtide.com>
* mongodb embedded test enabled per default
Signed-off-by: olivier lamy <olamy@webtide.com>
* Issue #2231 more session tests
Signed-off-by: Jan Bartel <janb@webtide.com>
* fix mongodb embedded tests
Signed-off-by: olivier lamy <olamy@webtide.com>
* cleanup code
Signed-off-by: olivier lamy <olamy@webtide.com>
* use Logger rather than System.err.println
Signed-off-by: olivier lamy <olamy@webtide.com>
* Issue #2231 Add test for DefaultSessionCache
Signed-off-by: Jan Bartel <janb@webtide.com>
* Issue #2231 Redisable mongo tests by default.
Signed-off-by: Jan Bartel <janb@webtide.com>
* fix issue with empty local repo build
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
* jenkins should run mongodb tests
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
* build this plugin last so we should not hit the maven invoker plugin
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
* build test first for this one
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
* use invoker plugin 3.0.2-SNAPSHOT as there is a fix for https://issues.apache.org/jira/browse/MINVOKER-191
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
* temporary use of apache snapshots repository because of maven-invoker-plugin 3.0.2-SNAPSHOT
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
* Only close if parser closed and output is shutdown
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* a better possible fix
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* after review
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Changed the signature of HttpParser.Listener.onBadMessage()
to take a BadMessageException and updated dependent code.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Objects which inherit or implement an `equals()` method should not be compared with == or !=
When the comparison of references is intentional `@SuppressWarnings("ReferenceEquality")` can be used
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>