You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@calcite.apache.org by kr...@apache.org on 2019/04/05 20:08:35 UTC
[calcite-avatica] branch master updated: [CALCITE-2972] Upgrade
jetty to 9.4.15.v20190215
This is an automated email from the ASF dual-hosted git repository.
krisden pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/calcite-avatica.git
The following commit(s) were added to refs/heads/master by this push:
new 6da2296 [CALCITE-2972] Upgrade jetty to 9.4.15.v20190215
6da2296 is described below
commit 6da2296ff14cf5049cab58c3361440be37a43c63
Author: Kevin Risden <kr...@apache.org>
AuthorDate: Tue Apr 2 16:19:45 2019 -0400
[CALCITE-2972] Upgrade jetty to 9.4.15.v20190215
Skip TLS testing on IBM Java due the combination of:
* Jetty 9.4.12+ ignores SSL_* ciphers due to security - eclipse/jetty.project#2807
* IBM uses SSL_* cipher names for ALL ciphers not following RFC cipher names. See eclipse/jetty.project#2807 for details
Signed-off-by: Kevin Risden <kr...@apache.org>
---
pom.xml | 2 +-
.../calcite/avatica/server/AvaticaSpnegoAuthenticator.java | 5 +++--
.../java/org/apache/calcite/avatica/server/HttpServer.java | 2 --
.../avatica/server/PropertyBasedSpnegoLoginService.java | 14 ++++++++------
.../java/org/apache/calcite/avatica/SslDriverTest.java | 10 ++++++++++
5 files changed, 22 insertions(+), 11 deletions(-)
diff --git a/pom.xml b/pom.xml
index e8aff9f..4d366cd 100644
--- a/pom.xml
+++ b/pom.xml
@@ -87,7 +87,7 @@ limitations under the License.
<javadoc-link>https://docs.oracle.com/javase/8/docs/api/</javadoc-link>
<jcip-annotations.version>1.0-1</jcip-annotations.version>
<jcommander.version>1.72</jcommander.version>
- <jetty.version>9.4.11.v20180605</jetty.version>
+ <jetty.version>9.4.15.v20190215</jetty.version>
<junit.version>4.12</junit.version>
<kerby.version>1.1.1</kerby.version>
<maven-assembly-plugin.version>3.1.1</maven-assembly-plugin.version>
diff --git a/server/src/main/java/org/apache/calcite/avatica/server/AvaticaSpnegoAuthenticator.java b/server/src/main/java/org/apache/calcite/avatica/server/AvaticaSpnegoAuthenticator.java
index af0670f..53724ca 100644
--- a/server/src/main/java/org/apache/calcite/avatica/server/AvaticaSpnegoAuthenticator.java
+++ b/server/src/main/java/org/apache/calcite/avatica/server/AvaticaSpnegoAuthenticator.java
@@ -19,7 +19,6 @@ package org.apache.calcite.avatica.server;
import org.eclipse.jetty.http.HttpHeader;
import org.eclipse.jetty.security.ServerAuthException;
import org.eclipse.jetty.security.authentication.DeferredAuthentication;
-import org.eclipse.jetty.security.authentication.SpnegoAuthenticator;
import org.eclipse.jetty.server.Authentication;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -35,7 +34,9 @@ import javax.servlet.http.HttpServletResponse;
* Custom SpnegoAuthenticator which will still reponse with a WWW-Authentication: Negotiate
* header if the client provides some other kind of authentication header.
*/
-public class AvaticaSpnegoAuthenticator extends SpnegoAuthenticator {
+@SuppressWarnings("deprecation")
+public class AvaticaSpnegoAuthenticator extends
+ org.eclipse.jetty.security.authentication.SpnegoAuthenticator {
private static final Logger LOG = LoggerFactory.getLogger(AvaticaSpnegoAuthenticator.class);
@Override public Authentication validateRequest(ServletRequest request,
diff --git a/server/src/main/java/org/apache/calcite/avatica/server/HttpServer.java b/server/src/main/java/org/apache/calcite/avatica/server/HttpServer.java
index 27fbda5..2e152f7 100644
--- a/server/src/main/java/org/apache/calcite/avatica/server/HttpServer.java
+++ b/server/src/main/java/org/apache/calcite/avatica/server/HttpServer.java
@@ -260,7 +260,6 @@ public class HttpServer {
private ServerConnector configureServerConnector() {
final ServerConnector connector = getServerConnector();
connector.setIdleTimeout(60 * 1000);
- connector.setSoLingerTime(-1);
connector.setPort(port);
server.setConnectors(new Connector[] { connector });
return connector;
@@ -426,7 +425,6 @@ public class HttpServer {
*/
protected ServerConnector configureConnector(ServerConnector connector, int port) {
connector.setIdleTimeout(60 * 1000);
- connector.setSoLingerTime(-1);
connector.setPort(port);
return connector;
}
diff --git a/server/src/main/java/org/apache/calcite/avatica/server/PropertyBasedSpnegoLoginService.java b/server/src/main/java/org/apache/calcite/avatica/server/PropertyBasedSpnegoLoginService.java
index 027b369..d3accf2 100644
--- a/server/src/main/java/org/apache/calcite/avatica/server/PropertyBasedSpnegoLoginService.java
+++ b/server/src/main/java/org/apache/calcite/avatica/server/PropertyBasedSpnegoLoginService.java
@@ -16,7 +16,6 @@
*/
package org.apache.calcite.avatica.server;
-import org.eclipse.jetty.security.SpnegoLoginService;
import org.eclipse.jetty.security.SpnegoUserPrincipal;
import org.eclipse.jetty.server.UserIdentity;
import org.eclipse.jetty.util.B64Code;
@@ -36,11 +35,13 @@ import javax.security.auth.Subject;
import javax.servlet.ServletRequest;
/**
- * A customization of {@link SpnegoLoginService} which directly specifies the server's
- * principal instead of requiring a file to exist. Known to work with Jetty-9.2.x, any other
- * version would require testing/inspection to ensure the logic is still sound.
+ * A customization of {@link org.eclipse.jetty.security.SpnegoLoginService} which directly
+ * specifies the server's principal instead of requiring a file to exist. Known to work with
+ * Jetty-9.2.x, any other version would require testing/inspection to ensure the logic is still
+ * sound.
*/
-public class PropertyBasedSpnegoLoginService extends SpnegoLoginService {
+@SuppressWarnings("deprecation")
+public class PropertyBasedSpnegoLoginService extends org.eclipse.jetty.security.SpnegoLoginService {
private static final Logger LOG = LoggerFactory.getLogger(PropertyBasedSpnegoLoginService.class);
private static final String TARGET_NAME_FIELD_NAME = "_targetName";
@@ -56,7 +57,8 @@ public class PropertyBasedSpnegoLoginService extends SpnegoLoginService {
// without the need for a one-line file to do the same thing.
//
// AbstractLifeCycle's doStart() method does nothing, so we aren't missing any extra logic.
- final Field targetNameField = SpnegoLoginService.class.getDeclaredField(TARGET_NAME_FIELD_NAME);
+ final Field targetNameField = org.eclipse.jetty.security.SpnegoLoginService.class
+ .getDeclaredField(TARGET_NAME_FIELD_NAME);
targetNameField.setAccessible(true);
targetNameField.set(this, serverPrincipal);
}
diff --git a/server/src/test/java/org/apache/calcite/avatica/SslDriverTest.java b/server/src/test/java/org/apache/calcite/avatica/SslDriverTest.java
index bd4c494..891cf69 100644
--- a/server/src/test/java/org/apache/calcite/avatica/SslDriverTest.java
+++ b/server/src/test/java/org/apache/calcite/avatica/SslDriverTest.java
@@ -36,6 +36,7 @@ import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.junit.AfterClass;
+import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;
@@ -69,6 +70,7 @@ import java.util.Objects;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
+import static org.junit.Assume.assumeFalse;
/**
* Test case for Avatica with TLS connectors.
@@ -119,6 +121,14 @@ public class SslDriverTest {
return parameters;
}
+ @BeforeClass public static void setupClass() {
+ // Skip TLS testing on IBM Java due the combination of:
+ // - Jetty 9.4.12+ ignores SSL_* ciphers due to security - eclipse/jetty.project#2807
+ // - IBM uses SSL_* cipher names for ALL ciphers not following RFC cipher names
+ // See eclipse/jetty.project#2807 for details
+ assumeFalse(System.getProperty("java.vendor").contains("IBM"));
+ }
+
@AfterClass public static void stopKdc() {
for (HttpServer server : SERVERS_TO_STOP) {
server.stop();