Now TunnelRequest.getURI() does not return null, so normalizeRequest() can properly apply the authentication headers.
Moved copy of a request to HttpRequest, so also the sub-type can be copied.
Fixed restore of destination in HttpProxy.HttpProxyClientConnectionFactory.newProxyConnection(): now doing it in the promise rather than in finally block.
Using the proxy destination (not the server's) to send subsequent CONNECT requests in case the first is not replied with 200.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Fixes#8405 - onAllDataRead() is called twice under h2 if the stream times out
Per Servlet semantic, HTTP/2 stream timeout should be ignored.
The code was trying to fail the read via `_contentDemander.onTimeout()`, but
then it was still calling `onContentProducible()`, which was returning `true`
because the state of the read was IDLE (all the request content was read) and
the request was suspended.
Now the code checks if the read was really failed; if it is not, then
`onContentProducible()` is not called and so the idle timeout is ignored.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Method HTTP2StreamEndPoint.flush() has a "no pending operation" semantic, but the previous implementation was calling stream.data(), which may become a pending operation if the stream is congested.
Changed the implementation of flush() to return false in the IDLE and PENDING cases.
Now every flush() is converted to a write(), which has the same semantic as stream.data().
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* jetty-slf4j-impl is non-optional on some modules
* Using appropriate slf4j impl depending on module.
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
* #9655 introduce new Stream.Client.Listener.onNewStream() method to allow setting the channel's stream before sending any data to the network
Signed-off-by: Ludovic Orban <lorban@bitronix.be>
* improvements to logout from the OpenIdLoginService validate
* respect idToken expiry for lifetime of login
* fix checkstyle error
* Add respectIdTokenExpiry configuration
* changes from review
* rename respectIdTokenExpiry to logoutWhenIdTokenIsExpired
* changes from review
---------
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
Introduced `QueuedThreadPool.maxEvictCount` to be the number of idle threads that are evicted in one idle timeout.
When set to 1 (the default), the old behavior is reproduced: expiring 1 thread every idle timeout.
When set to larger values, allows to keep around the threads for the idle timeout (in case of further load spikes), but allows to quickly recover OS memory when they are truly idle.
For example, with 2000 threads, 30 seconds idle timeout and idleTimeoutMaxShrinkCount=1, it will take 995 minutes (about 16.5 hrs) to shrink the pool back to 10 threads.
By setting idleTimeoutMaxShrinkCount=100, the thread pool can be shrunk to 10 threads in about 10 minutes.
Note also that the new algorithm is more aggressive at shrinking the thread pool.
Previously, a small load might have been sufficient to never evict any thread, because all threads could take turns at executing jobs so that threads were mostly idle but would never really idle time out.
The new algorithm is more aggressive even in presence of a small load, so that if `minThreads` are sufficient to cope with the small load, then the other threads are evicted.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Signed-off-by: gregw <gregw@webtide.com>
Signed-off-by: Ludovic Orban <lorban@bitronix.be>
Co-authored-by: gregw <gregw@webtide.com>
Co-authored-by: Ludovic Orban <lorban@bitronix.be>
* Introduce HttpCompliance.MISMATCHED_AUTHORITY
* Update HttpCompliance.RFC2616
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
* Update NcsaRequestLogTest.testAbsolute
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
* Use RFC2616 mode in RFC2616 tests
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
* Alternative fix for mismatched host headers
This PR fixes the miss-matched host header issue in the Request.setMetaData method. This requires no change to the HttpParser.
A more comprehensive fix can be considered for jetty-12.
Signed-off-by: gregw <gregw@webtide.com>
* Alternative fix for mismatched host headers
Updates from review
Signed-off-by: gregw <gregw@webtide.com>
---------
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Signed-off-by: gregw <gregw@webtide.com>
Co-authored-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
* Issue #8973 - Rework KeyStoreScanner handling for symlink related changes
+ Removed changes from #8786 and #8787
+ More test cases
+ revert jetty.sslContext.reload.followLinks boolean
+ Scanner should follow its own linkOptions setting
+ remove bad documentation in module-ssl-reload.adoc
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
Co-authored-by: Lachlan Roberts <lachlan@webtide.com>
* Fixes#8863 - Provide a possibility to name virtual threads
Reworked the VirtualThreads APIs to be based on `Executor` rather than just `boolean`.
Introduced Jetty module `threadpool-virtual-preview`.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
+ Fix for circular dependency loop
test-distribution ->
jetty-home ->
jetty-documentation ->
jetty-asciidoctor-extensions ->
test-distribution
+ Remove any deps on anything in org.eclipse.jetty from new module
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
* Fixes#8770 - Review whether to send request body in redirects.
Now the original request body is re-sent only if the redirect status code is 307 or 308.
In the other cases, it is a redirect to a GET method, so the Location is followed without resending the body, and the content headers are removed.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Don't care about stop failures in this test
* More consistent ConnectTimeoutTest
+ using IANA example.com (as it will route to a
real machine, and will never have this
specific port open)
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
* @Tag("flaky") use instead of @Disabled
* Tweaking timeouts on some tests
* Tweaking timeouts on some tests
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Co-authored-by: Simone Bordet <simone.bordet@gmail.com>