Skip to content

Commit

Permalink
Merge remote-tracking branch 'origin/jetty-10.0.x' into jetty-10.0.x-…
Browse files Browse the repository at this point in the history 
…4226-JavaxWebSocketJPMS
  • Loading branch information
@lachlan-roberts
lachlan-roberts committed Jan 29, 2020
2 parents a4b85d1 + 19354d0 commit 82c61c4
Show file tree
Hide file tree
Showing 144 changed files with 2,190 additions and 1,011 deletions.
0 ...edded-guide/server/upgrading/chapter.adoc → ...c/quickstart-guide/upgrading/chapter.adoc
View file
File renamed without changes.
0 ...bedded-guide/server/upgrading/sample.adoc → ...oc/quickstart-guide/upgrading/sample.adoc
View file
File renamed without changes.
0 ...erver/upgrading/upgrading-9.3-to-9.4.adoc → ...guide/upgrading/upgrading-9.3-to-9.4.adoc
View file
File renamed without changes.
33 changes: 27 additions & 6 deletions ...ver/upgrading/upgrading-from-jetty-9.adoc → ...uide/upgrading/upgrading-9.4-to.10.0.adoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,22 +16,43 @@
// ========================================================================
//

=== Upgrading from Jetty 9.x to Jetty 10.0.x
=== Upgrading from Jetty 9.4.x to Jetty 10.0.x

The purpose of this guide is to assist users migrating from Jetty 9 to 10.
The purpose of this guide is to assist users migrating from Jetty 9.4 to 10.
It is not comprehensive, but covers many of the major changes included in the release that may prove as problem areas for users.

//TODO - Make note of any specific required Java versions.
==== Required Java Version

Jetty 10 requires, at a minimum, Java 9 to function.
Items such as the Java Platform Module System (JPMS), which Jetty 10 supports, are not available in earlier versions of Java.

==== Removed Classes

//TODO - Insert major removed/refactored classes from Jetty-9.x.x to Jetty-10.0.x

==== Changes to Websocket

//TODO - List of changes to Websocket -- Joakim/Lachlan

==== `javax.mail` and `javax.transaction`

Both `javax.mail` and `javax.transaction` have been removed from the Jetty Distribution in Jetty 10.
If you require these jars, you will need to enable the `ext` link:#startup-modules[module] and copy the files to your `$JETTY_BASE/lib/ext` directory.

==== Removed Classes
==== Module Changes in Jetty 10.0

//TODO - Insert major removed/refactored classes from Jetty-9.x.x to Jetty-10.0.x
===== New Modules in Jetty 10.0

==== Module Changes in Jetty 10.0
//TODO - Insert new modules introduced in Jetty 10

===== Changes to Existing Modules in Jetty 10.0

//TODO - Insert module changes introduced in Jetty 10

==== Changes to Sessions

//TODO - List of changes to Sessions -- Jan

==== Removal of System Properties(?)

//TODO - List of removed System bits --- Greg
49 changes: 48 additions & 1 deletion jetty-http/src/main/java/org/eclipse/jetty/http/HttpCookie.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,14 +19,20 @@
package org.eclipse.jetty.http;

import java.util.List;
import java.util.Locale;
import java.util.concurrent.TimeUnit;

import org.eclipse.jetty.util.Attributes;
import org.eclipse.jetty.util.QuotedStringTokenizer;
import org.eclipse.jetty.util.StringUtil;
import org.eclipse.jetty.util.log.Log;
import org.eclipse.jetty.util.log.Logger;

// TODO consider replacing this with java.net.HttpCookie (once it supports RFC6265)
public class HttpCookie
{
private static final Logger LOG = Log.getLogger(HttpCookie.class);

private static final String __COOKIE_DELIM = "\",;\\ \t";
private static final String __01Jan1970_COOKIE = DateGenerator.formatCookieDate(0).trim();

Expand All @@ -41,6 +47,11 @@ public class HttpCookie
public static final String SAME_SITE_NONE_COMMENT = SAME_SITE_COMMENT + "NONE__";
public static final String SAME_SITE_LAX_COMMENT = SAME_SITE_COMMENT + "LAX__";
public static final String SAME_SITE_STRICT_COMMENT = SAME_SITE_COMMENT + "STRICT__";

/**
* Name of context attribute with default SameSite cookie value
*/
public static final String SAME_SITE_DEFAULT_ATTRIBUTE = "org.eclipse.jetty.cookie.sameSiteDefault";

public enum SameSite
{
Expand Down Expand Up @@ -70,7 +81,7 @@ public String getAttributeValue()
private final boolean _httpOnly;
private final long _expiration;
private final SameSite _sameSite;

public HttpCookie(String name, String value)
{
this(name, value, -1);
Expand Down Expand Up @@ -445,6 +456,42 @@ public static SameSite getSameSiteFromComment(String comment)
return null;
}

/**
* Get the default value for SameSite cookie attribute, if one
* has been set for the given context.
*
* @param contextAttributes the context to check for default SameSite value
* @return the default SameSite value or null if one does not exist
* @throws IllegalStateException if the default value is not a permitted value
*/
public static SameSite getSameSiteDefault(Attributes contextAttributes)
{
if (contextAttributes == null)
return null;
Object o = contextAttributes.getAttribute(SAME_SITE_DEFAULT_ATTRIBUTE);
if (o == null)
{
if (LOG.isDebugEnabled())
LOG.debug("No default value for SameSite");
return null;
}

if (o instanceof SameSite)
return (SameSite)o;

try
{
SameSite samesite = Enum.valueOf(SameSite.class, o.toString().trim().toUpperCase(Locale.ENGLISH));
contextAttributes.setAttribute(SAME_SITE_DEFAULT_ATTRIBUTE, samesite);
return samesite;
}
catch (Exception e)
{
LOG.warn("Bad default value {} for SameSite", o);
throw new IllegalStateException(e);
}
}

public static String getCommentWithoutAttributes(String comment)
{
if (comment == null)
Expand Down
37 changes: 37 additions & 0 deletions jetty-http/src/test/java/org/eclipse/jetty/http/HttpCookieTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,8 +18,19 @@

package org.eclipse.jetty.http;

import java.io.InputStream;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.Collections;
import java.util.Enumeration;
import java.util.EventListener;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import java.util.stream.Stream;

import org.eclipse.jetty.http.HttpCookie.SameSite;
import org.eclipse.jetty.util.AttributesMap;
import org.hamcrest.Matchers;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.params.ParameterizedTest;
Expand All @@ -41,6 +52,32 @@
public class HttpCookieTest
{

@Test
public void testDefaultSameSite()
{
AttributesMap context = new AttributesMap();

//test null value for default
assertNull(HttpCookie.getSameSiteDefault(context));

//test good value for default as SameSite enum
context.setAttribute(HttpCookie.SAME_SITE_DEFAULT_ATTRIBUTE, SameSite.LAX);
assertEquals(SameSite.LAX, HttpCookie.getSameSiteDefault(context));

//test good value for default as String
context.setAttribute(HttpCookie.SAME_SITE_DEFAULT_ATTRIBUTE, "NONE");
assertEquals(SameSite.NONE, HttpCookie.getSameSiteDefault(context));

//test case for default as String
context.setAttribute(HttpCookie.SAME_SITE_DEFAULT_ATTRIBUTE, "sTrIcT");
assertEquals(SameSite.STRICT, HttpCookie.getSameSiteDefault(context));

//test bad value for default as String
context.setAttribute(HttpCookie.SAME_SITE_DEFAULT_ATTRIBUTE, "fooBAR");
assertThrows(IllegalStateException.class,
() -> HttpCookie.getSameSiteDefault(context));
}

@Test
public void testConstructFromSetCookie()
{
Expand Down
15 changes: 13 additions & 2 deletions jetty-server/src/main/java/org/eclipse/jetty/server/ForwardedRequestCustomizer.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -397,11 +397,21 @@ public void customize(Connector connector, HttpConfiguration config, Request req
request.setSecure(true);
}

if (forwarded._host != null)
if (forwarded._server != null && forwarded._host instanceof PortSetHostPort)
{
httpFields.put(new HostPortHttpField(forwarded._server, forwarded._host.getPort()));
request.setAuthority(forwarded._server, forwarded._host.getPort());
}
else if (forwarded._host != null)
{
httpFields.put(new HostPortHttpField(forwarded._host));
request.setAuthority(forwarded._host.getHost(), forwarded._host.getPort());
}
else if (forwarded._server != null)
{
httpFields.put(new HostPortHttpField(forwarded._server));
request.setAuthority(forwarded._server, 0);
}

if (forwarded._for != null)
{
Expand Down Expand Up @@ -544,6 +554,7 @@ private class Forwarded extends QuotedCSVParser
String _proto;
HostPort _for;
HostPort _host;
String _server;

public Forwarded(Request request, HttpConfiguration config)
{
Expand Down Expand Up @@ -596,7 +607,7 @@ public void handleServer(HttpField field)
{
if (getProxyAsAuthority())
return;
handleHost(field);
_server = getLeftMost(field.getValue());
}

@SuppressWarnings("unused")
Expand Down
35 changes: 32 additions & 3 deletions jetty-server/src/main/java/org/eclipse/jetty/server/Response.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -190,13 +190,42 @@ public void addCookie(HttpCookie cookie)
{
if (StringUtil.isBlank(cookie.getName()))
throw new IllegalArgumentException("Cookie.name cannot be blank/null");

// add the set cookie
_fields.add(new SetCookieHttpField(cookie, getHttpChannel().getHttpConfiguration().getResponseCookieCompliance()));
_fields.add(new SetCookieHttpField(checkSameSite(cookie), getHttpChannel().getHttpConfiguration().getResponseCookieCompliance()));

// Expire responses with set-cookie headers so they do not get cached.
_fields.put(__EXPIRES_01JAN1970);
}

/**
* Check that samesite is set on the cookie. If not, use a
* context default value, if one has been set.
*
* @param cookie the cookie to check
* @return either the original cookie, or a new one that has the samesit default set
*/
private HttpCookie checkSameSite(HttpCookie cookie)
{
if (cookie == null || cookie.getSameSite() != null)
return cookie;

//sameSite is not set, use the default configured for the context, if one exists
SameSite contextDefault = HttpCookie.getSameSiteDefault(_channel.getRequest().getContext());
if (contextDefault == null)
return cookie; //no default set

return new HttpCookie(cookie.getName(),
cookie.getValue(),
cookie.getDomain(),
cookie.getPath(),
cookie.getMaxAge(),
cookie.isHttpOnly(),
cookie.isSecure(),
cookie.getComment(),
cookie.getVersion(),
contextDefault);
}

@Override
public void addCookie(Cookie cookie)
Expand Down Expand Up @@ -264,7 +293,7 @@ else if (!cookie.getDomain().equalsIgnoreCase(oldCookie.getDomain()))
else if (!cookie.getPath().equals(oldCookie.getPath()))
continue;

i.set(new SetCookieHttpField(cookie, compliance));
i.set(new SetCookieHttpField(checkSameSite(cookie), compliance));
return;
}
}
Expand Down
28 changes: 28 additions & 0 deletions jetty-server/src/test/java/org/eclipse/jetty/server/ForwardedRequestCustomizerTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -412,6 +412,34 @@ public static Stream<Arguments> cases()
.requestURL("https://www.example.com:4333/")
.remoteAddr("8.5.4.3").remotePort(2222)
),
Arguments.of(new Request("X-Forwarded-* (Server before Host)")
.headers(
"GET / HTTP/1.1",
"Host: myhost",
"X-Forwarded-Proto: https",
"X-Forwarded-Server: fw.example.com",
"X-Forwarded-Host: www.example.com",
"X-Forwarded-Port: 4333",
"X-Forwarded-For: 8.5.4.3:2222"
),
new Expectations()
.scheme("https").serverName("www.example.com").serverPort(4333)
.requestURL("https://www.example.com:4333/")
.remoteAddr("8.5.4.3").remotePort(2222)
),
Arguments.of(new Request("X-Forwarded-* (Server and Port)")
.headers(
"GET / HTTP/1.1",
"Host: myhost",
"X-Forwarded-Server: fw.example.com",
"X-Forwarded-Port: 4333",
"X-Forwarded-For: 8.5.4.3:2222"
),
new Expectations()
.scheme("http").serverName("fw.example.com").serverPort(4333)
.requestURL("http://fw.example.com:4333/")
.remoteAddr("8.5.4.3").remotePort(2222)
),

// =================================================================
// Mixed Behavior
Expand Down
Loading

0 comments on commit 82c61c4

Please sign in to comment.