+ Plus fleshing out the testcases more for Base / Client / Server
with and without certificates that will trigger SNI requirement
and ISE.
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
* Avoid creating listener list for rarely used requestAttributeListener
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #3964
Keep a list of EventListeners in the AbstractConnector to make it
more efficient to add and iterate over them.
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #2578 EventListener
Use addEventListener rather than bespoke listener methods.
Support getEventListenerBeans at Container level for fast lookup
improve javadoc
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #2578 EventListener
fixed test
more javadoc
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #2578 EventListener
fixed tests
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #3964
Don't use null for empty lists of listeners
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* fix merge
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #2578 EventListener
Resolve differences between eventListeners added as beans and beans
added as EventListeners. The behaviour should now be the same
regardless of how they listener is added and all listeners are now
beans.
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #2578 EventListener
Add only SelectorManager listeners to manager from connector
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #2578 EventListener
Fixed javadoc
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #2578 EventListener
removed old TODO
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #2578 EventListener
connector cannot be null
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #2578 EventListener
javadoc
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #3964
AbstractConnector keeps a specific list of HttpChannel.Listeners
to avoid Connection.Listeners and MBean listeners being added to
the HttpChannel listener list.
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #2578 EventListener
fixed merge
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* fixed javadoc
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #2578 EventListener
removed the ability to set/clear context listeners
Instead just remove non-durable ones.
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #3964 Listeners
Simplified listener handling by avoiding null connector, previously
only needed for testing.
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* fixed bad merge
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #3964 Listeners
Fixed test that assumed HttpChannel listeners were not cleared by a recycle
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #3964 Listeners
Separated out durable vs cyclic HttpChannel.Listeners, so as to
simplify handling.
Deprecated cyclic HttpChannel.Listeners, as I'm not sure the channel is
the right place for them.
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* removed deprecated cyclic HttpChannel listeners
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* removed deprecated cyclic HttpChannel listeners - import
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #4003 Cleanup quickstart
* Fixed tests that scan for "Started" on console
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* updates from review
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #3863 - Enforce use of SNI.
Introduced SslContextFactory.rejectUnmatchedSNIHost (default false)
so that if no SNI is sent, or SNI does not match a certificate,
then the TLS handshake is aborted.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Issue #3863 - Enforce use of SNI.
Updates after review.
Introduced SslContextFactory.SNISelector to allow application to write
their custom logic to select a certificate based on SNI information.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Issue #3863 Enforce SNI
Added two sniRequired fields - one at SslContextLevel and the other at the SecureRequestCustomizer. This allows rejection either at TLS handshake or by 400 response.
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #3863 Enforce SNI
cleanups from review
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #3863 Enforce SNI
improved comments
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #3863 Enforce SNI
syntax sugar
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #3863 SNI
Updates from review. Extra test for sniSelector function
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Made method reportDifferences(...) private since it was exposing
package private class TimeNSize and no code outside of jetty-util
could have used it.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* issue exclude/include con name InetAccesHandler - add better unit test
this logic:
String name =
baseRequest.getHttpChannel().getConnector().getName();
return _names.test(name) && _addrs.test(addr);
Is not correct. it's treating the connector name exactly like the
filter. But that's not what it's intended to do. It's supposed to tell
what connectors are applicable to this filter. And what connectors are
not affected.
For example in the unit test there exists 2 connectors:
http
tls
We want to restrict the http connector, but we want to leave tls
connector alone.
So we would specify:
include = 192.168.1.1-192.168.1.254
includeConnector = http
The way the logic is above, it is treating the connector name as if it's
the filter itself. Which is not what I intended.
What i need in psuedo-code is this:
if (there are no "include connectors" OR if this connector is
included) AND (if this connector is not in the excluded list)
---> Then apply the IP filter.
Signed-off-by: Nicholas DiPiazza <nicholas.dipiazza@lucidworks.com>
* exclude should take precedence over include
Signed-off-by: Nicholas DiPiazza <nicholas.dipiazza@lucidworks.com>
* Issue #4193 InetAccessHandler
reverted changes to IncludeExcludeSet
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #4193 InetAccessHandler
updates from review
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #4188 Spin in close of GzipHandler
Cleanup and simplify code
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #4188 Spin in close of GzipHandler
Fix slice code. Added unit test for it.
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #4188 Spin in close of GzipHandler
Fixed last slice.
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* cleanup from review
Signed-off-by: Greg Wilkins <gregw@webtide.com>
There is a race between the doStop clearing the key map and the watching thread
checking isRunning before iterating over the key map.
While more sophisticated approaches could be used, I think that is best to defer
until this class is reworked entirely. For now just using a ConcurrentHashMap will
avoid the exception and the closing of the pathwatcher will prevent watching forever.
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Fixed setting of host/port in AbstractConnectorHttpClientTransport
and HttpProxy so that the creation of SSLEngine can use the proper
host/port pair, and can be subsequently used in TLS components.
Introduced SslContextFactory X509ExtendedKeyManagerWrapper and
X509ExtendedTrustManagerWrapper as utility classes used internally
and in tests.
The test case for this issue required 3 keystores, so other test
classes have been refactored to use the new keystores.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>