From bb0b0eb8246bf54ee57ef2a2a8cf62614f985949 Mon Sep 17 00:00:00 2001 From: Florian Zschocke Date: Sun, 13 Nov 2022 19:25:17 +0100 Subject: [PATCH] deps: Update Jetty to version 9.4.49.v20220914 This updates Jetty to the latest 9.x version as of writing. The 9.x is still running on Java 8. The update needs two code changes. `SessionManager` was replaced with `SessionHandler`. This was documented in the Jetty documentation. Adding the `GitblitContext` to the `WebAppContext` will result in two instances getting created, because the code was changed that prevents instantiation the same listener class multiple times. (The second time is when the web.xml is read.) Instead, it must be added to the servlet handler of the `WebAppContext`. This results in properly adhering to the changed internal startup flow. Updating Jetty also resolves #1409. --- .classpath | 18 +++---- build.moxie | 2 +- gitblit.iml | 54 ++++++++++---------- src/main/java/com/gitblit/GitBlitServer.java | 20 ++++---- 4 files changed, 47 insertions(+), 47 deletions(-) diff --git a/.classpath b/.classpath index c39b210a..e9512b69 100644 --- a/.classpath +++ b/.classpath @@ -25,15 +25,15 @@ - - - - - - - - - + + + + + + + + + diff --git a/build.moxie b/build.moxie index dd26d3f6..0631391d 100644 --- a/build.moxie +++ b/build.moxie @@ -105,7 +105,7 @@ repositories: central, eclipse-snapshots, eclipse, gitblit # Convenience properties for dependencies properties: { - jetty.version : 9.3.16.v20170120 + jetty.version : 9.4.49.v20220914 slf4j.version : 1.7.29 wicket.version : 1.4.22 lucene.version : 5.5.2 diff --git a/gitblit.iml b/gitblit.iml index 2f1bfb32..49b2dedd 100644 --- a/gitblit.iml +++ b/gitblit.iml @@ -222,101 +222,101 @@ - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + diff --git a/src/main/java/com/gitblit/GitBlitServer.java b/src/main/java/com/gitblit/GitBlitServer.java index ae01e8e0..d91b3be0 100644 --- a/src/main/java/com/gitblit/GitBlitServer.java +++ b/src/main/java/com/gitblit/GitBlitServer.java @@ -44,7 +44,8 @@ import org.eclipse.jetty.server.HttpConfiguration; import org.eclipse.jetty.server.HttpConnectionFactory; import org.eclipse.jetty.server.Server; import org.eclipse.jetty.server.ServerConnector; -import org.eclipse.jetty.server.session.HashSessionManager; +import org.eclipse.jetty.server.session.SessionHandler; +import org.eclipse.jetty.servlet.ListenerHolder; import org.eclipse.jetty.util.security.Constraint; import org.eclipse.jetty.util.thread.QueuedThreadPool; import org.eclipse.jetty.webapp.WebAppContext; @@ -302,7 +303,6 @@ public class GitBlitServer { } ServerConnector connector = new ServerConnector(server, factory); - connector.setSoLingerTime(-1); connector.setIdleTimeout(settings.getLong(Keys.server.httpIdleTimeout, 30000L)); connector.setPort(params.securePort); String bindInterface = settings.getString(Keys.server.httpsBindInterface, null); @@ -339,7 +339,6 @@ public class GitBlitServer { httpConfig.setSendDateHeader(false); ServerConnector connector = new ServerConnector(server, new HttpConnectionFactory(httpConfig)); - connector.setSoLingerTime(-1); connector.setIdleTimeout(settings.getLong(Keys.server.httpIdleTimeout, 30000L)); connector.setPort(params.port); String bindInterface = settings.getString(Keys.server.httpBindInterface, null); @@ -381,13 +380,13 @@ public class GitBlitServer { rootContext.setWar(location.toExternalForm()); rootContext.setTempDirectory(tempDir); + // Set cookies HttpOnly so they are not accessible to JavaScript engines - HashSessionManager sessionManager = new HashSessionManager(); - sessionManager.setHttpOnly(true); + SessionHandler sessionHandler = rootContext.getSessionHandler(); + sessionHandler.setHttpOnly(true); // Use secure cookies if only serving https - sessionManager.setSecureRequestOnly( (params.port <= 0 && params.securePort > 0) || - (params.port > 0 && params.securePort > 0 && settings.getBoolean(Keys.server.redirectToHttpsPort, true)) ); - rootContext.getSessionHandler().setSessionManager(sessionManager); + sessionHandler.setSecureRequestOnly( (params.port <= 0 && params.securePort > 0) || + (params.port > 0 && params.securePort > 0 && settings.getBoolean(Keys.server.redirectToHttpsPort, true)) ); // Ensure there is a defined User Service String realmUsers = params.userService; @@ -457,8 +456,9 @@ public class GitBlitServer { } // Setup the Gitblit context - GitblitContext gitblit = newGitblit(settings, baseFolder); - rootContext.addEventListener(gitblit); + ListenerHolder gitblitHolder = new ListenerHolder(GitblitContext.class); + gitblitHolder.setListener(newGitblit(settings, baseFolder)); + rootContext.getServletHandler().addListener(gitblitHolder); try { // start the shutdown monitor -- 2.39.5