All suffix globs except first fail to match if path has . character in prefix section

[markslater]

Jetty version(s)
11.0.10

Java version/vendor (use: java -version)
openjdk version "11.0.15" 2022-04-19
OpenJDK Runtime Environment (build 11.0.15+10-Ubuntu-0ubuntu0.20.04.1)
OpenJDK 64-Bit Server VM (build 11.0.15+10-Ubuntu-0ubuntu0.20.04.1, mixed mode, sharing)

OS type/version
Linux 5.4.0-120-generic

Description
In Jetty 11.0.9, the path spec *.foo matches all paths that end .foo, such as bar.foo and bar.baz.foo. In Jetty 11.0.10, if more than one suffix glob path spec is defined, that path spec won't match bar.baz.foo because org.eclipse.jetty.http.pathmap.PathMappings attempts to match suffix globs from the first instance of . in the path, and then terminates early.

How to reproduce?
Given the following class:

package com.example;

import jakarta.servlet.http.HttpServlet;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.servlet.ServletContextHandler;
import org.eclipse.jetty.servlet.ServletHolder;

import java.io.IOException;
import java.io.Writer;

public class SuffixServer {
    public static void main(String[] args) throws Exception {
        final Server server = new Server(8080);
        final ServletContextHandler servletContextHandler = new ServletContextHandler();
        servletContextHandler.addServlet(new ServletHolder(new FooServlet()), "*.bar");
        servletContextHandler.addServlet(new ServletHolder(new FooServlet()), "*.foo");
        server.setHandler(servletContextHandler);
        server.start();
    }

    private static final class FooServlet extends HttpServlet {
        @Override
        protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
            try (Writer responseWriter = resp.getWriter()) {
                responseWriter.write("Foo");
            }
        }
    }
}

Using Jetty 11.0.9, http://localhost:8080/bar.baz.foo returns a 200, but using Jetty 11.0.10, it returns a 404 (both handle http://localhost:8080/bar.foo successfully, as expected).

Note that the line servletContextHandler.addServlet(new ServletHolder(new FooServlet()), "*.bar"); is critical to reproducing the failure because the (alphabetically?) first suffix glob ends up being rechecked on PathMappings#243

Also note that it's possible that 11.0.10 is more correct than 11.0.9. I couldn't find in the Servlet Spec whether *.foo is expected to match bar.baz.foo or not, but intuitively I'd expect it would.

[joakime]

This is an ugly bug.
It seems to be related to the optimized group skip.

[joakime]

Opened 2 PRs (for jetty-9.4.x and jetty-10.0.x)

• Issue #8184 - Correcting match logic for multiple servlet suffix url-pattern #8185
• Issue #8184 - Correcting match logic for multiple servlet suffix url-pattern #8186

[joakime]

We'll be spinning a new release once these are green.

[joakime]

@markslater Jetty 9.4.48.v20220622 has this fix (btw)

[markslater]

Using it successfully in 11.0.11 :) Thanks for the fast turnaround!

[joakime]

@markslater looks like another suffix bug snuck through in Jetty 9.4.48 as well. #8396