* Issue #4247 SameSite Session Cookie
Allows sameSite cookie settings to be configured in SessionCookieConfig comments
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #4247 SameSite Session Cookies
Use non versioned cookie
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #4247 SameSite Session Cookies
Added test and fixed getCommentWithAttributes
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #4247 - Updating unit tests for HttpCookie
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
* Issue #4247 SameSite Session Cookie
While it may be best practise to always use Secure cookies when SameSite is None, there is nothing in the RFC that mandates it and thus I don't believe we should prevent such a configuration. If browsers enforce this, then users will find out soon enough... and if browsers change, then we are not required to do a new release to match.
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #4247 SameSite Session Cookie
For cookie comments with multiple SameSite attributes, the most strict
value is used. So `Strict` has precedence over `Lax` which has
precedence over `None`.
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Avoid creating listener list for rarely used requestAttributeListener
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #3964
Keep a list of EventListeners in the AbstractConnector to make it
more efficient to add and iterate over them.
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #2578 EventListener
Use addEventListener rather than bespoke listener methods.
Support getEventListenerBeans at Container level for fast lookup
improve javadoc
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #2578 EventListener
fixed test
more javadoc
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #2578 EventListener
fixed tests
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #3964
Don't use null for empty lists of listeners
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* fix merge
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #2578 EventListener
Resolve differences between eventListeners added as beans and beans
added as EventListeners. The behaviour should now be the same
regardless of how they listener is added and all listeners are now
beans.
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #2578 EventListener
Add only SelectorManager listeners to manager from connector
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #2578 EventListener
Fixed javadoc
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #2578 EventListener
removed old TODO
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #2578 EventListener
connector cannot be null
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #2578 EventListener
javadoc
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #3964
AbstractConnector keeps a specific list of HttpChannel.Listeners
to avoid Connection.Listeners and MBean listeners being added to
the HttpChannel listener list.
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #2578 EventListener
fixed merge
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* fixed javadoc
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #2578 EventListener
removed the ability to set/clear context listeners
Instead just remove non-durable ones.
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #3964 Listeners
Simplified listener handling by avoiding null connector, previously
only needed for testing.
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* fixed bad merge
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #3964 Listeners
Fixed test that assumed HttpChannel listeners were not cleared by a recycle
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #3964 Listeners
Separated out durable vs cyclic HttpChannel.Listeners, so as to
simplify handling.
Deprecated cyclic HttpChannel.Listeners, as I'm not sure the channel is
the right place for them.
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* removed deprecated cyclic HttpChannel listeners
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* removed deprecated cyclic HttpChannel listeners - import
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #4003 Cleanup quickstart
* Fixed tests that scan for "Started" on console
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* updates from review
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #4161 - TestCase that can replicate problem on OSX
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
* Issue #4161 - Naming Server threadpool (to help with debugging)
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
* Issue #4161 - bumping up test file size to 10 MB
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
* Issue #4161 Write LifeCycleViolation
Do not callback on write completion until after state has been changed and notifications made.
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #4161 Write LifeCycleViolation
Added a unit test that replicated the problem.
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #4161 - `EofException: request lifecycle violation` in stderr.
Moved notifications of commit and content listeners back to succeeded().
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Issue #4161 - Improved Logging for test-integration
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
* Issue #4161 - Reducing size of test file
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
* Issue #3863 - Enforce use of SNI.
Introduced SslContextFactory.rejectUnmatchedSNIHost (default false)
so that if no SNI is sent, or SNI does not match a certificate,
then the TLS handshake is aborted.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Issue #3863 - Enforce use of SNI.
Updates after review.
Introduced SslContextFactory.SNISelector to allow application to write
their custom logic to select a certificate based on SNI information.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Issue #3863 Enforce SNI
Added two sniRequired fields - one at SslContextLevel and the other at the SecureRequestCustomizer. This allows rejection either at TLS handshake or by 400 response.
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #3863 Enforce SNI
cleanups from review
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #3863 Enforce SNI
improved comments
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #3863 Enforce SNI
syntax sugar
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #3863 SNI
Updates from review. Extra test for sniSelector function
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #4265 Remove doError
The doError method and the ErrorDispatchHandler class were
hang overs from when we needed to dispatch into a context to get sendError called, which would then generate the error page.
Now sendError doesn't do any generation, rather it changes state that arranges either for a minimal error page to be generated or an ERROR dispatch to a real handler/servlet to generate the error page.
Thus the ErrorDispatchHandler and doError methods can now be removed.
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #4265 Remove doError
Moved the error page dispatching logic back to the ErrorHandler class to assist with backwards compatibility
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #4265 Remove doError
Moved the error page dispatching logic back to the ErrorHandler class to assist with backwards compatibility
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #4265 doError
Updates from review.
Signed-off-by: Greg Wilkins <gregw@webtide.com>