Skip to content

Commit

Permalink
Move ClassMatcher to core to have a consistent fix for addServerClass…
Browse files Browse the repository at this point in the history 
…es in all environments (#11566)

* Issue #11514 - Cleanup `jetty.webapp.addServerClasses` property behavior for ee10/ee9/ee8

* Fix test

* Merging patterns (default -> env -> config)

* Moved ClassMatcher to util

* Adding more deprecations

* Changing XML demos/tests to use new getter names

* rollback xml changes in ee9/ee8

---------

Co-authored-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Co-authored-by: Jan Bartel <janb@webtide.com>
  • Loading branch information
@gregw @joakime @janbartel
3 people authored Apr 12, 2024
1 parent 83526f7 commit 30bee71
Show file tree
Hide file tree
Showing 62 changed files with 1,991 additions and 2,153 deletions.
2 changes: 1 addition & 1 deletion ...ion/jetty-documentation/src/main/asciidoc/operations-guide/modules/modules.adoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -128,7 +128,7 @@ Appends the value to the existing value.
This is useful to append a value to properties that accept a comma separated list of values, for example:
+
----
jetty.webapp.addServerClasses+=,com.acme
jetty.webapp.addProtectedClasses+=,com.acme
----
+
// TODO: check what happens if the property is empty and +=,value is done: is the comma stripped? If so add a sentence about this.
Expand Down
61 changes: 61 additions & 0 deletions jetty-core/jetty-ee/pom.xml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">

<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-core</artifactId>
<version>12.0.9-SNAPSHOT</version>
</parent>
<artifactId>jetty-ee</artifactId>
<name>Core :: EE Common</name>

<properties>
<bundle-symbolic-name>${project.groupId}.ee</bundle-symbolic-name>
<spotbugs.onlyAnalyze>org.eclipse.jetty.ee.*</spotbugs.onlyAnalyze>
</properties>

<dependencies>
<dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-server</artifactId>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
</dependency>
<dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-slf4j-impl</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.eclipse.jetty.tests</groupId>
<artifactId>jetty-test-multipart</artifactId>
<version>${project.version}</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.eclipse.jetty.toolchain</groupId>
<artifactId>jetty-test-helper</artifactId>
<scope>test</scope>
</dependency>
</dependencies>

<build>
<plugins>
<plugin>
<groupId>org.apache.felix</groupId>
<artifactId>maven-bundle-plugin</artifactId>
<extensions>true</extensions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<configuration>
<argLine>@{argLine} ${jetty.surefire.argLine} --add-reads org.eclipse.jetty.ee=org.eclipse.jetty.logging</argLine>
</configuration>
</plugin>
</plugins>
</build>
</project>
23 changes: 23 additions & 0 deletions jetty-core/jetty-ee/src/main/config/etc/jetty-ee-webapp.xml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
<?xml version="1.0"?>
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "https://www.eclipse.org/jetty/configure_10_0.dtd">

<Configure id="Server" class="org.eclipse.jetty.server.Server">
<Call class="org.eclipse.jetty.ee.WebAppClassLoading" name="addProtectedClasses">
<Arg><Ref refid="Server"/></Arg>
<Arg>
<Call class="org.eclipse.jetty.util.StringUtil" name="csvSplit">
<Arg><Property name="jetty.server.addProtectedClasses"/></Arg>
</Call>
</Arg>
</Call>

<Call class="org.eclipse.jetty.ee.WebAppClassLoading" name="addHiddenClasses">
<Arg><Ref refid="Server"/></Arg>
<Arg>
<Call class="org.eclipse.jetty.util.StringUtil" name="csvSplit">
<Arg><Property name="jetty.server.addHiddenClasses"/></Arg>
</Call>
</Arg>
</Call>

</Configure>
31 changes: 31 additions & 0 deletions jetty-core/jetty-ee/src/main/config/modules/ee-webapp.mod
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
# DO NOT EDIT THIS FILE - See: https://eclipse.dev/jetty/documentation/

[description]
# tag::description[]
This module provide common configuration of Java Servlet web applications over all environments.
# end::description[]

[xml]
etc/jetty-ee-webapp.xml

[lib]
lib/jetty-ee-${jetty.version}.jar

[ini-template]
# tag::ini-template[]
## Add to the server wide default jars and packages protected or hidden from webapps.
## Protected (aka System) classes cannot be overridden by a webapp.
## Hidden (aka Server) classes cannot be seen by a webapp
## Lists of patterns are comma separated and may be either:
## + a qualified classname e.g. 'com.acme.Foo'
## + a package name e.g. 'net.example.'
## + a jar file e.g. '${jetty.base.uri}/lib/dependency.jar'
## + a directory of jars,resource or classes e.g. '${jetty.base.uri}/resources'
## + A pattern preceded with a '-' is an exclusion, all other patterns are inclusions
##
## The +=, operator appends to a CSV list with a comma as needed.
##
#jetty.server.addProtectedClasses+=,org.example.
#jetty.server.addHiddenClasses+=,org.example.
# end::ini-template[]

22 changes: 22 additions & 0 deletions jetty-core/jetty-ee/src/main/java/module-info.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
//
// ========================================================================
// Copyright (c) 1995 Mort Bay Consulting Pty Ltd and others.
//
// This program and the accompanying materials are made available under the
// terms of the Eclipse Public License v. 2.0 which is available at
// https://www.eclipse.org/legal/epl-2.0, or the Apache License, Version 2.0
// which is available at https://www.apache.org/licenses/LICENSE-2.0.
//
// SPDX-License-Identifier: EPL-2.0 OR Apache-2.0
// ========================================================================
//

module org.eclipse.jetty.ee
{
requires org.slf4j;

requires transitive org.eclipse.jetty.util;
requires transitive org.eclipse.jetty.server;

exports org.eclipse.jetty.ee;
}
214 changes: 214 additions & 0 deletions jetty-core/jetty-ee/src/main/java/org/eclipse/jetty/ee/WebAppClassLoading.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,214 @@
//
// ========================================================================
// Copyright (c) 1995 Mort Bay Consulting Pty Ltd and others.
//
// This program and the accompanying materials are made available under the
// terms of the Eclipse Public License v. 2.0 which is available at
// https://www.eclipse.org/legal/epl-2.0, or the Apache License, Version 2.0
// which is available at https://www.apache.org/licenses/LICENSE-2.0.
//
// SPDX-License-Identifier: EPL-2.0 OR Apache-2.0
// ========================================================================
//

package org.eclipse.jetty.ee;

import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.util.Attributes;
import org.eclipse.jetty.util.ClassMatcher;
import org.eclipse.jetty.util.component.Environment;

/**
* Common attributes and methods for configuring the {@link ClassLoader Class loading} of web application:
* <ul>
* <li>Protected (a.k.a. System) classes are classes typically provided by the JVM, that cannot be replaced by the
* web application, and they are always loaded via the environment or system classloader. They are visible but
* protected.</li>
* <li>Hidden (a.k.a. Server) classes are those used to implement the Server and are not made available to the
* web application. They are hidden from the web application {@link ClassLoader}.</li>
* </ul>
* <p>These protections are set to reasonable defaults {@link #DEFAULT_PROTECTED_CLASSES} and {@link #DEFAULT_HIDDEN_CLASSES},
* which may be programmatically configured and will affect the defaults applied to all web applications in the same JVM.
*
* <p>
* The defaults applied by a specific {@link Server} can be configured using {@link #addProtectedClasses(Server, String...)} and
* {@link #addHiddenClasses(Server, String...)}. Alternately the {@link Server} attributes {@link #PROTECTED_CLASSES_ATTRIBUTE}
* and {@link #HIDDEN_CLASSES_ATTRIBUTE} may be used to direct set a {@link ClassMatcher} to use for all web applications
* within the server instance.
* </p>
* <p>
* The defaults applied by a specific {@link Environment} can be configured using {@link #addProtectedClasses(Environment, String...)} and
* {@link #addHiddenClasses(Environment, String...)}. Alternately the {@link Environment} attributes {@link #PROTECTED_CLASSES_ATTRIBUTE}
* and {@link #HIDDEN_CLASSES_ATTRIBUTE} may be used to direct set a {@link ClassMatcher} to use for all web applications
* within the server instance.
* </p>
* <p>
* Ultimately, the configurations set by this class only affects the defaults applied to each web application
* {@link org.eclipse.jetty.server.handler.ContextHandler Context} and the {@link ClassMatcher} fields of the web applications
* can be directly access to configure a specific context.
* </p>
*/
public class WebAppClassLoading
{
public static final String PROTECTED_CLASSES_ATTRIBUTE = "org.eclipse.jetty.webapp.systemClasses";
public static final String HIDDEN_CLASSES_ATTRIBUTE = "org.eclipse.jetty.webapp.serverClasses";

/**
* The default protected (system) classes used by a web application, which will be applied to the {@link ClassMatcher}s created
* by {@link #getProtectedClasses(Environment)}.
*/
public static final ClassMatcher DEFAULT_PROTECTED_CLASSES = new ClassMatcher(
"java.", // Java SE classes (per servlet spec v2.5 / SRV.9.7.2)
"javax.", // Java SE classes (per servlet spec v2.5 / SRV.9.7.2)
"jakarta.", // Jakarta classes (per servlet spec v5.0 / Section 15.2.1)
"org.xml.", // javax.xml
"org.w3c." // javax.xml
);

/**
* The default hidden (server) classes used by a web application, which can be applied to the {@link ClassMatcher}s created
* by {@link #getHiddenClasses(Environment)}.
*/
public static final ClassMatcher DEFAULT_HIDDEN_CLASSES = new ClassMatcher(
"org.eclipse.jetty." // hide jetty classes
);

/**
* Get the default protected (system) classes for a {@link Server}
* @param server The {@link Server} for the defaults
* @return The default protected (system) classes for the {@link Server}, which will be empty if not previously configured.
*/
public static ClassMatcher getProtectedClasses(Server server)
{
return getClassMatcher(server, PROTECTED_CLASSES_ATTRIBUTE, null);
}

/**
* Get the default protected (system) classes for an {@link Environment}
* @param environment The {@link Server} for the defaults
* @return The default protected (system) classes for the {@link Environment}, which will be the {@link #DEFAULT_PROTECTED_CLASSES} if not previously configured.
*/
public static ClassMatcher getProtectedClasses(Environment environment)
{
return getClassMatcher(environment, PROTECTED_CLASSES_ATTRIBUTE, DEFAULT_PROTECTED_CLASSES);
}

/**
* Add a protected (system) Class pattern to use for all WebAppContexts.
* @param patterns the patterns to use
*/
public static void addProtectedClasses(String... patterns)
{
DEFAULT_PROTECTED_CLASSES.add(patterns);
}

/**
* Add a protected (system) Class pattern to use for all WebAppContexts of a given {@link Server}.
* @param attributes The {@link Attributes} instance to add classes to
* @param patterns the patterns to use
*/
public static void addProtectedClasses(Attributes attributes, String... patterns)
{
if (patterns != null && patterns.length > 0)
getClassMatcher(attributes, PROTECTED_CLASSES_ATTRIBUTE, null).add(patterns);
}

/**
* Add a protected (system) Class pattern to use for all WebAppContexts of a given {@link Server}.
* @param server The {@link Server} instance to add classes to
* @param patterns the patterns to use
*/
public static void addProtectedClasses(Server server, String... patterns)
{
if (patterns != null && patterns.length > 0)
getClassMatcher(server, PROTECTED_CLASSES_ATTRIBUTE, null).add(patterns);
}

/**
* Add a protected (system) Class pattern to use for WebAppContexts of a given environment.
* @param environment The {@link Environment} instance to add classes to
* @param patterns the patterns to use
*/
public static void addProtectedClasses(Environment environment, String... patterns)
{
if (patterns != null && patterns.length > 0)
getClassMatcher(environment, PROTECTED_CLASSES_ATTRIBUTE, DEFAULT_PROTECTED_CLASSES).add(patterns);
}

/**
* Get the default hidden (server) classes for a {@link Server}
* @param server The {@link Server} for the defaults
* @return The default hidden (server) classes for the {@link Server}, which will be empty if not previously configured.
*
*/
public static ClassMatcher getHiddenClasses(Server server)
{
return getClassMatcher(server, HIDDEN_CLASSES_ATTRIBUTE, null);
}

/**
* Get the default hidden (server) classes for an {@link Environment}
* @param environment The {@link Server} for the defaults
* @return The default hidden (server) classes for the {@link Environment}, which will be {@link #DEFAULT_PROTECTED_CLASSES} if not previously configured.
*/
public static ClassMatcher getHiddenClasses(Environment environment)
{
return getClassMatcher(environment, HIDDEN_CLASSES_ATTRIBUTE, DEFAULT_HIDDEN_CLASSES);
}

/**
* Add a hidden (server) Class pattern to use for all WebAppContexts of a given {@link Server}.
* @param patterns the patterns to use
*/
public static void addHiddenClasses(String... patterns)
{
DEFAULT_HIDDEN_CLASSES.add(patterns);
}

/**
* Add a hidden (server) Class pattern to use for all WebAppContexts of a given {@link Server}.
* @param attributes The {@link Attributes} instance to add classes to
* @param patterns the patterns to use
*/
@Deprecated (forRemoval = true)
public static void addHiddenClasses(Attributes attributes, String... patterns)
{
if (patterns != null && patterns.length > 0)
getClassMatcher(attributes, HIDDEN_CLASSES_ATTRIBUTE, null).add(patterns);
}

/**
* Add a hidden (server) Class pattern to use for all WebAppContexts of a given {@link Server}.
* @param server The {@link Server} instance to add classes to
* @param patterns the patterns to use
*/
public static void addHiddenClasses(Server server, String... patterns)
{
if (patterns != null && patterns.length > 0)
getClassMatcher(server, HIDDEN_CLASSES_ATTRIBUTE, null).add(patterns);
}

/**
* Add a hidden (server) Class pattern to use for all ee9 WebAppContexts.
* @param environment The {@link Environment} instance to add classes to
* @param patterns the patterns to use
*/
public static void addHiddenClasses(Environment environment, String... patterns)
{
if (patterns != null && patterns.length > 0)
getClassMatcher(environment, HIDDEN_CLASSES_ATTRIBUTE, DEFAULT_HIDDEN_CLASSES).add(patterns);
}

private static ClassMatcher getClassMatcher(Attributes attributes, String attribute, ClassMatcher defaultPatterns)
{
Object existing = attributes.getAttribute(attribute);
if (existing instanceof ClassMatcher cm)
return cm;

ClassMatcher classMatcher = (existing instanceof String[] stringArray)
? new ClassMatcher(stringArray) : new ClassMatcher(defaultPatterns);
attributes.setAttribute(attribute, classMatcher);
return classMatcher;
}

}
Loading

0 comments on commit 30bee71

Please sign in to comment.