* SessionCookieConfig name may be null
Protect against NPE by make a null name in SessionCookieConfig deactive session cookies.
* SessionCookieConfig name may be null
Protect against NPE by make a null name in SessionCookieConfig deactive session cookies.
* SessionCookieConfig name may be null
Protect against NPE by make a null name in SessionCookieConfig deactive session cookies.
* feedback from review
added static method to convert null name to default.
Moved jetty-dir.css from jetty-util to jetty-server,
so that it can be found by ResourceHandler when using JPMS.
Updated DefaultServlet to call a ResourceHandler method
to retrieve the stylesheet.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Issue #5022 Filter Cache cleanup
Issue #5022 Filter Cache cleanup:
+ Fixed many compiler warnings
+ removed old LazyList leftovers
+ Don't create holder string for source unless required
+ Only have a single type of chain, so it can be wrapped regardless of cache
+ Reverse mappings lists to make filter chain creation easier
+ build chain directly rather than build a list then a chain
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* added comment to explain ordering
Signed-off-by: gregw <gregw@webtide.com>
* More cleanups
* fixed toString format
turn off debug in OSGI test
If SessionHandler.newHttpSession(Request) fails to create a session
it returns null. Request.getSession(true) cannot throw a checked
exception, nor can it return null, so we should throw ISE.
Signed-off-by: Jan Bartel <janb@webtide.com>
* Issue #5357 - Updating to https://eclipse.org/
- Removing redundant <url> refs in pom.xml
- Correcting bad indenting from merge
- Correcting mailing list references
- Correcting bugs.eclipse.org references
- Correcting text file references
- Correcting html references
- Correcting further references
- Correcting download.eclipse.org reference
- Adding test for demo-base /proxy/current/
- Ensuring jetty-client is included in javadoc-proxy.war/WEB-INF/lib
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
+ Merge ProxyPass tests from CheckReverseProxyHeadersTest into
ForwardedRequestCustomizerTest
+ Deleted CheckReverseProxyHeadersTest.java
+ Add more tests for ForcedHost configuration
+ Updated ForwardedRequestCustomizer to conform to expectations
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
+ In the case of HEAD, the servlet-api response is a wrapper
of javax.servlet.http.HttpServlet$NoBodyResponse
We know the content_length, use it.
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
If the request is async dispatched, the check state.isSuspended() is not
correct to determine if the request was async or not. The check
state.isAsyncStarted() should be used instead.
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
On the client:
* Origin.Address.host is passed through HostPort.normalizeHost(),
so that if it is IPv6 is bracketed.
Now the ipv6 address passed to an `HttClient` request is bracketed.
* HttpRequest was de-bracketing the host, but now it does not anymore.
On the server:
* Request.getLocalAddr(), getLocalName(), getRemoteAddr(),
getRemoteHost(), getServerName(), when dealing with an IPv6 address,
return it bracketed.
The reason to return bracketed IPv6 also from *Addr() methods is that
if it is used with InetAddress/InetSocketAddress it still works, but
often it is interpreted as a URI host so brackets are necessary.
* DoSFilter was blindly bracketing - now it does not.
Added a number of test cases, and fixed those that expected
non-bracketed IPv6.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Issue #5088 Review ContextHandler locking
The locking was primarily as a memory guard for the availability status, which was already volatile.
Have instead using an AtomicReference with a simple state machine layered on top of start/stop lifecycle.
There was also protection for AttributesMap, which is no longer needed as AttributesMap is now concurrent.
* Issue #5088
updates from review
* Issue #5088
updates from review (better this time)
* Fixes#5057 Included root context path
Root context path in include should be empty string.
* Issue #5057
merged context path methods as result of review.
ServletContent.getContextPath now returns the encoded contextPath (if anybody is silly enough to have one).
Fixes#4971 - Simplify Connection.upgradeFrom()/upgradeTo().
Now the upgrade-from connection produces a "floating" buffer
(not belonging to a pool), so that it can release the original buffer.
The upgrade-to connection is free to copy or store this "floating" buffer.
Strengthened ByteBufferPool behavior when releasing non-pooled
ByteBuffers: the buffer is now discarded.
Updated javadocs and all implementations.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Fixes#4967 - Possible buffer corruption in HTTP/2 session failures
Partially reverted the changes introduced in #4855, because they
were working only when sends were synchronous.
Introduced ByteBufferPool.remove(ByteBuffer) to fix the issue.
Now when a concurrent failure happens while frames are being
generated or sent, the buffer is discarded instead of being
recycled, therefore resolving the buffer corruption.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Fixes#4855 - Occasional h2spec failures on CI
In case of bad usage of the HTTP/2 API, we don't want to close()
the stream but just fail the callback, because the stream
may be performing actions triggered by a legit API usage.
In case of a call to `AsyncListener.onError()`, applications may decide to call
AsyncContext.complete() and that would be a correct usage of the Servlet API.
This case was not well handled and was wrongly producing a WARN log with an
`IllegalStateException`.
Completely rewritten `HttpTransportOverHTTP2.TransportCallback`.
The rewrite handles correctly asynchronous failures that now are executed
sequentially (and not concurrently) with writes.
If a write is in progress, the failure will just change the state and at the
end of the write a check on the state will determine what actions to take.
A session failure is now handled in HTTP2Session by first failing all the
streams - which notifies the Stream.Listeners - and then failing the session
- which notifies the Session.Listener.
The stream failures are executed concurrently by dispatching each one to a
different thread; this means that the stream failure callbacks are executed
concurrently (likely sending RST_STREAM frames).
The session failure callback is completed only when all the stream failure
callbacks have completed, to ensure that a GOAWAY frame is processed after
all the RST_STREAM frames.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Lachlan Roberts
Joakim Erdfelt
Greg Wilkins
Simone Bordet
Jan Bartel
Thomas Draebing