New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Issue #5810 - Support bespoke PathSpec for servlets in embedded-jetty #5854
Issue #5810 - Support bespoke PathSpec for servlets in embedded-jetty #5854
Conversation
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
jetty-servlet/src/main/java/org/eclipse/jetty/servlet/ServletHandler.java
Outdated
Show resolved
Hide resolved
jetty-servlet/src/main/java/org/eclipse/jetty/servlet/ServletHandler.java
Outdated
Show resolved
Hide resolved
On consideration, this is a lot more complex than at first look. This is doable, but it will not be ready in time for 9.4.36. I believe we need to make a special branch to test this out for a period before merging with the main branch. |
+ Created a common `Mapping` base for `FilterMapping` and `ServletMapping` + `Mapping` contains an array of PathSpec. The `String` based methods assume `ServletPathSpec`. + Convert most handling of string pathSpecs to `PathSpec` instances + Modified `ConstraintMapping` to also use a PathSpec + Modified JSP and annotation handling to cope with any existing non standard path specs + Made ServletHandler update mappings respect the order of the mappings TODO: + Should `ConstraintMapping` extend `Mapping` ? + Convert `ConstraintSecurityHandler` to use `PathMappings` so it can handle non standard PathSpecs + Review remaining calls to `Mapping.getPathSpecs` and `ConstrainMapping.getPathSpec` + Currently Quick Start operates on just the string versions of PathSpec, as it must be able to write a web.xml which can only contain standard path specs. Should it fail when it sees a non standard pathspec, or assume that it will again be programmatically added during quick start? + Review how frequently we are creating new arrays of path spec and/or converting path specs to/from strings. Best resolution for such things are ultility methods on Mapping (eg `#containsPathSpec`) + More tests
@janbartel Can you please review this closely. It is a lot more invasive than I hoped, but I still think that we can achieve zero behaviour change if only standard pathspecs are used. A lot of the changes are good cleanup. I'm not proposing an early merge for this branch, as I think it will need extensive testing first, specially on the security constraint implications of non standard mappings. |
+ Converted `ConstraintSecurityHandler` to use `PathMappings` so it can handle non standard PathSpecs
…port-alt Signed-off-by: gregw <gregw@webtide.com>
+ Fixed test by reverting ServletMapping normalize
+ More tests
jetty-http/src/main/java/org/eclipse/jetty/http/pathmap/PathSpec.java
Outdated
Show resolved
Hide resolved
jetty-http/src/main/java/org/eclipse/jetty/http/pathmap/PathSpec.java
Outdated
Show resolved
Hide resolved
jetty-http/src/main/java/org/eclipse/jetty/http/pathmap/RegexPathSpec.java
Outdated
Show resolved
Hide resolved
jetty-http/src/main/java/org/eclipse/jetty/http/pathmap/RegexPathSpec.java
Outdated
Show resolved
Hide resolved
jetty-http/src/main/java/org/eclipse/jetty/http/pathmap/AbstractPathSpec.java
Show resolved
Hide resolved
jetty-http/src/main/java/org/eclipse/jetty/http/pathmap/RegexPathSpec.java
Show resolved
Hide resolved
jetty-http/src/main/java/org/eclipse/jetty/http/pathmap/RegexPathSpec.java
Show resolved
Hide resolved
jetty-http/src/main/java/org/eclipse/jetty/http/pathmap/ServletPathSpec.java
Show resolved
Hide resolved
jetty-security/src/main/java/org/eclipse/jetty/security/ConstraintMapping.java
Outdated
Show resolved
Hide resolved
jetty-security/src/main/java/org/eclipse/jetty/security/ConstraintMapping.java
Outdated
Show resolved
Hide resolved
jetty-security/src/main/java/org/eclipse/jetty/security/ConstraintMapping.java
Outdated
Show resolved
Hide resolved
jetty-security/src/main/java/org/eclipse/jetty/security/ConstraintSecurityHandler.java
Outdated
Show resolved
Hide resolved
jetty-servlet/src/main/java/org/eclipse/jetty/servlet/ServletHandler.java
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Some initial comments, I now need to do a deep dive on combining security constraints so I'll do another review when finished.
…10-bespoke-pathspec-support-alt
…port-alt Signed-off-by: gregw <gregw@webtide.com>
Signed-off-by: gregw <gregw@webtide.com>
I've now become an author so I should not review
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I still need to review some files - there's a lot of them. I don't see anywhere in this code where any specs are prefaced with "servlet|" or "regex|"? Where do they come from? Should this be when generating quickstart-web.xml?
/** | ||
* Test if the list of path specs contains a particular one. | ||
* | ||
* @param pathSpec the path spec |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this an arbitrary type of path spec, or assumed to be a ServletPathSpec? It would be helpful to keep the language the same, as all the different path specs get a bit confusing.
private final PathSpecGroup _group; | ||
private final int _pathDepth; | ||
private final int _specLength; | ||
private final Pattern _pattern; | ||
|
||
private static String normalize(String regex) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looking below at ServletPathSpec, should this method be called "santiize" rather than normalize? It's not prefixing "/" for example ....
@@ -26,17 +26,16 @@ | |||
{ | |||
private static final Logger LOG = Log.getLogger(ServletPathSpec.class); | |||
|
|||
private final String _declaration; | |||
private final PathSpecGroup _group; | |||
private final int _pathDepth; | |||
private final int _specLength; | |||
private final String _prefix; | |||
private final String _suffix; | |||
|
|||
/** |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This class should have javadoc that describes what a ServletPathSpec is: eg prefixed with "servlet|" etc etc
@@ -18,25 +18,29 @@ | |||
|
|||
package org.eclipse.jetty.http.pathmap; | |||
|
|||
import java.util.Objects; | |||
import java.util.regex.Matcher; | |||
import java.util.regex.Pattern; | |||
|
|||
public class RegexPathSpec extends AbstractPathSpec |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This class should have javadoc that describes what a RegexPathSpec is: eg prefixed by "regex|" etc etc
{ | ||
return getDeclaration().equals(normalize(sanitize(pathSpec))); | ||
} | ||
|
||
private static void assertValidServletPathSpec(String servletPathSpec) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is the servletPathSpec arg expected to be prefixed with "servlet|" or without?
@@ -293,7 +293,6 @@ public void testPrecidenceVsOrdering() throws Exception | |||
|
|||
@ParameterizedTest | |||
@ValueSource(strings = { | |||
"*", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why was * removed from the list?
I think we should test this PR on jetty-10 first and only once stable consider back-porting to 9 (or even just a sponsored branch of 9) |
This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
@joakime is there still a demand for this change? |
I'll check with the sponsor |
Closed in favor of Issue #7748 and associated PRs (that have already been merged) |
Issue #5810
Allows users of embedded-jetty to use ServletContextHandler (and WebAppContext)
to add bespoke
org.eclipse.jetty.http.pathmap.PathSpec
mappings for Servlets.Works with
WEB-INF/jetty-web.xml
too.Signed-off-by: Joakim Erdfelt joakim.erdfelt@gmail.com