* Issue #11495 - Add UriCompliance rules that follow the HTTP / URI / Servlet specs for illegal & suspicious characters
* more illegalPathCharacterData test cases
* Correcting SUSPICIOUS_PATH_CHARACTERS semantic (encoded and decoded)
* Check for illegal and suspicious characters as we are parsing the path.
* Only look for ambiguous paths if we know there are dots or encodings.
---------
Co-authored-by: gregw <gregw@webtide.com>
* Issue #11414 - use HttpURI instead of URIUtil to have a single point of spec behavior
* Issue #11414 - enforce lowercase scheme in HttpConfiguration.secureScheme
* Issue #11414 - Scheme produced on `Location` header is lowercase
* Issue #11414 - Scheme to lowercase
* Issue #11414 - Scheme to lowercase
* Revert change to HttpClient
* Added schema port knowledge to URIUtil
* Fixed tests for normalized URIs
* updates from review
* updates from review
* Fix tests
* Restored methods as deprecated
* More testing
---------
Co-authored-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Reviewed the implementation of RewriteHandler, that was broken for those rules that were overriding `Rule.Handler.handle()`.
The problem was that the handling was not forwarded along the chain of rules, so only the last one was applied.
Now the wrapping at the constructor produces RH3(RH2(RH1(Request))), but the handling is performed from the innermost towards the outermost.
In this way, the order of rules is respected, both in the wrapping at rule application, and in the `Rule.Handler` handling.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Updating various old/moved URL references found across project (`jetty-10.0.x`) (#10098)
+ Now that the migration of `https://eclipse.org/jetty/` to `https://eclipse.dev/jetty/` has occurred, it is time to review the URI use in our project
+ Updated URLs in poms
+ Added more URIs to XmlConfiguration
+ Updated URLs in module files
+ Updated URLs in documentation
+ Updated URLs in HTML
+ Correcting bad double-scheme URLs (eg: `http://https://www.eclipse...`)
+ Updating text in *.mod files
+ Removing `/current/` from path `/jetty/documentation/current/`
+ Fixing mailing list URL
+ Fixing github URL references in jsps
---------
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
* Deleted the Ut8fStringBuffer and Utf8Appendable classes in favour of just having Utf8StringBuilder
* Simplified the Utf8StringBuilder and CharsetStringBuilder APIs and improved their exception throwing.
* Allow for replacement characters without throwing
---------
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
Signed-off-by: gregw <gregw@webtide.com>
Co-authored-by: Lachlan Roberts <lachlan@webtide.com>
Co-authored-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
There is now a Handler interface hierarchy:
+ Container is a Handler that has 1 or more contained Handlers.
+ Wrapper is a Container with only 1 handler and a setHandler method.
+ Collection is a Container with n handlers and a addHandler method
class are now:
+ Abstract implements Handler
+ AbstractContainer extends Abstract implements Container
+ BaseWrapper extends AbstractContainer implements Wrapper
+ Sequence extends AbstractContainer implements Collection
Lots of other associated cleanups
* Remove usage of HandlerList and reduce usage of Handler.Collection
"The best part is no part" - Elon Musk!
The overwhelming usage of `HandlerList` and `Handler.Collection` was for adding the `DefaultHandler` after the main handler. This PR adds a getter/setter for a `DefaultHandler` on the server, so we no longer need to always create a `Handler.Collection` structure. This has allowed the deprecated `HandlerList` and `HandlerWrapper` classes to be removed.
In implementing this PR, several problems were found in the calculation of `InvocationType`, not least that it was assumed that an empty `Handler.Collection` was `BLOCKING`. When this issue was fixed, any dynamic addition of contexts (deployer or SPI server) failed as the `InvocationType` changed. So this PR also introduces the `isDynamic()` attribute of all `Handler.Container`s. A dynamic container will always return `BLOCKING` from `getInvocationType()`, as there is always a race with a new handler being added. A non-dynamic container will return a real `InvocationType`, calculated from its children, but it's mutator methods will ISE if contained handlers are changed.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Co-authored-by: Jan Bartel <janb@webtide.com>
Co-authored-by: Simone Bordet <simone.bordet@gmail.com>
Simone Bordet
Olivier Lamy
Paul B. Henson
Joakim Erdfelt
Greg Wilkins
Ludovic Orban