Comments (6)
It is not expected behaviour. We made some changes in #11568 to fix some issues with relative resource resolution. However, it looks like we have broken absolute resource resolution at the same time?
@joakime @janbartel @lorban Actually, whilst I think this is broken, I'm not sure how any of the changes in 12.0.8 could have affected it as they were about resources, whilst I see that SslConfiguration
is doing direct Path
manipulation to resolve the configuration:
public static String resolvePath(String dir, String destPath)
{
if (StringUtil.isEmpty(dir) || StringUtil.isEmpty(destPath))
return null;
return Paths.get(dir).resolve(destPath).normalize().toString();
}
Firstly, I think this is another mistaken use of Path
in jetty-12 rather than just using the Resource
APIs as intended....
but then I thought Path.resolve
correctly handles absolute destinations.
Perhaps this is windows not see '/' as a path separator? @ovidijusnortal is this on windows or unix?
Note that this is invoked by the XML in jetty-ssl-context.xml
:
<Set name="TrustStorePath">
<Call name="resolvePath" class="org.eclipse.jetty.xml.XmlConfiguration">
<Arg><Property name="jetty.base"/></Arg>
<Arg><Property name="jetty.sslContext.trustStorePath" deprecated="jetty.sslContext.trustStoreAbsolutePath,jetty.truststore" /></Arg>
</Call>
</Set>
So the invocation of the resolvePath
method can be replaced in this XML to work around this issue. Or the setTrustStoreResource
method used instead.
But let's investigate a bit more to see exactly what changed before we say exactly how to work around it.
from jetty.project.
@gregw found this on unix
from jetty.project.
@gregw I think that what you are referring to and what @ovidijusnortal is referring to are different things.
The OP is having issues with his project at https://github.com/nordic-institute/X-Road/
This was first noticed by OP's project when going from 12.0.6 to 12.0.8
The use of apiTrustStore
in the OPs project is at ...
The apiTrustStore
he has gets eventually loaded into something SSL related at ...
Which is eventually used in a class org.apache.hc.core5.ssl.SSLContexts
. (but by this point in time the apiTrustStore
field is already prepared, and set by Spring configuration)
This doesn't seem to be the path that is of concern.
The OP shows us the full (presumably bad) path of /tmp/jetty-docbase.8085.8617281078912905990/etc/xroad/ssl/center-admin-service.p12
If we check the configuration of center-admin-service.p12
that's coming from something else.
server:
port: 4000
ssl:
key-store: /etc/xroad/ssl/center-admin-service.p12
key-store-password: center-admin-service
enabled: true
ciphers: TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
protocol: TLS
enabled-protocols: TLSv1.2,TLSv1.3
compression:
enabled: true
mime-types: application/json,application/xml,text/html,text/xml,text/plain,application/javascript,text/css,image/jpeg
servlet:
session:
cookie:
same-site: Strict
That looks like standard spring-boot configuration for a server.
The project seems to be using spring-boot version 3.2.3 (at the time of the testing of that dependabot update from 12.0.6 to 12.0.8)
Looking at spring-boot project, they have not yet updated / tested on Jetty 12.0.8
from jetty.project.
same with spring boot 3.2.4 version. Spring boot right now is on 12.0.7 if I'm correct.
If I try to fetch that configuration value as a String then return value is /etc/xroad/ssl/center-admin-service.p12
as expected but when some spring magic is applied to make it as Path object then this /tmp/jetty-docbase.8085.8617281078912905990/etc/xroad/ssl/center-admin-service.p12
is result.
from jetty.project.
Of note, this behavior has been reported to spring-boot before.
- spring-projects/spring-boot#26132
- spring-projects/spring-framework#26702
- spring-projects/spring-boot#25881
Judging from the comments in those issues, it looks like if you specify the configuration using URI syntax it will work as intended ...
server:
port: 4000
ssl:
key-store: file:/etc/xroad/ssl/center-admin-service.p12
from jetty.project.
@joakime @ovidijusnortal so it appears that this is a Spring issue, not a Jetty issue, thus can we close this issue?
from jetty.project.
Related Issues (20)
- After creating the keystore according to the official documentation, executing the following code fails to establish an HTTPS connection when accessed from a web browser. HOT 1
- jetty-ee8-websocket-javax-server export not honoured HOT 2
- HTTP2 async failure on a stream can lead to the connection being aborted HOT 5
- SecureRequestCustomizer() for HTTP3 HOT 1
- Jetty Releases 12.0.10
- Memory leak in `ArrayRetainableByteBufferPool$RetainedBucket` HOT 1
- Define core deployment HOT 8
- README link is broken HOT 6
- Server resources are not found if the server is subclassed in a different package
- Remove old documentation resources.
- HttpChannelState does not satisfy the contract of Content.Source HOT 2
- Issue with Configuring Specific Static Resources in the same base directory ee10 jetty 12.0.10 HOT 18
- Jetty 12 Core SecurityHandler relies on ContextHandler HOT 2
- GzipHandler switches response transfer encoding to chunked HOT 4
- DefaultServlet configured for a subdir responds with 404 on existing files HOT 9
- Behavioural change in Jetty 12: POST /non-existing returns 405, instead of 404 (GET /non-existing still returns 404) HOT 3
- Jetty 12: 400: Ambiguous URI path encoding for path <%=FOO%>~1 (encoded: %3C%25%3DFOO%25%3E%7E1) HOT 10
- mtls not working with http/3 HOT 2
- Hello World Example Fails to Run HOT 3
- Client hangs despite setting timeout
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from jetty.project.