Description
Jetty version(s)
11.0.10
Java version/vendor (use: java -version)
openjdk version "11.0.15" 2022-04-19
OpenJDK Runtime Environment (build 11.0.15+10-Ubuntu-0ubuntu0.20.04.1)
OpenJDK 64-Bit Server VM (build 11.0.15+10-Ubuntu-0ubuntu0.20.04.1, mixed mode, sharing)
OS type/version
Linux 5.4.0-120-generic
Description
In Jetty 11.0.9, the path spec *.foo
matches all paths that end .foo
, such as bar.foo
and bar.baz.foo
. In Jetty 11.0.10, if more than one suffix glob path spec is defined, that path spec won't match bar.baz.foo
because org.eclipse.jetty.http.pathmap.PathMappings
attempts to match suffix globs from the first instance of .
in the path, and then terminates early.
How to reproduce?
Given the following class:
package com.example;
import jakarta.servlet.http.HttpServlet;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.servlet.ServletContextHandler;
import org.eclipse.jetty.servlet.ServletHolder;
import java.io.IOException;
import java.io.Writer;
public class SuffixServer {
public static void main(String[] args) throws Exception {
final Server server = new Server(8080);
final ServletContextHandler servletContextHandler = new ServletContextHandler();
servletContextHandler.addServlet(new ServletHolder(new FooServlet()), "*.bar");
servletContextHandler.addServlet(new ServletHolder(new FooServlet()), "*.foo");
server.setHandler(servletContextHandler);
server.start();
}
private static final class FooServlet extends HttpServlet {
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
try (Writer responseWriter = resp.getWriter()) {
responseWriter.write("Foo");
}
}
}
}
Using Jetty 11.0.9, http://localhost:8080/bar.baz.foo returns a 200, but using Jetty 11.0.10, it returns a 404 (both handle http://localhost:8080/bar.foo successfully, as expected).
Note that the line servletContextHandler.addServlet(new ServletHolder(new FooServlet()), "*.bar");
is critical to reproducing the failure because the (alphabetically?) first suffix glob ends up being rechecked on PathMappings#243
Also note that it's possible that 11.0.10 is more correct than 11.0.9. I couldn't find in the Servlet Spec whether *.foo
is expected to match bar.baz.foo
or not, but intuitively I'd expect it would.
Activity
joakime commentedon Jun 21, 2022
This is an ugly bug.
It seems to be related to the optimized group skip.
Issue #8184 - Correcting match logic for multiple servlet suffix url-…
Issue #8184 - Correcting match logic for multiple servlet suffix url-…
joakime commentedon Jun 21, 2022
Opened 2 PRs (for
jetty-9.4.x
andjetty-10.0.x
)joakime commentedon Jun 21, 2022
We'll be spinning a new release once these are green.
Issue #8184 - Correcting match logic for multiple servlet suffix url-…
Issue #8184 - Correcting match logic for multiple servlet suffix url-…
[-]All suffix globs except first fail to match if path has . character in prefix in Jetty 11.0.10[/-][+]All suffix globs except first fail to match if path has `.` character in prefix section[/+]joakime commentedon Jul 5, 2022
@markslater Jetty 9.4.48.v20220622 has this fix (btw)
markslater commentedon Jul 5, 2022
Using it successfully in 11.0.11 :) Thanks for the fast turnaround!
3 remaining items