Initial update of dependencies to Jakarta EE 10 versions.

appserver/admin/template/src/main/resources/config/default-web.xml

@@ -1,6 +1,7 @@
 <?xml version="1.0" encoding="ISO-8859-1"?>
 <!--
 
+    Copyright (c) 2021 Contributors to Eclipse Foundation.
     Copyright (c) 2006, 2021 Oracle and/or its affiliates. All rights reserved.
 
     This program and the accompanying materials are made available under the
@@ -278,7 +279,7 @@
 
   <servlet>
     <servlet-name>jsp</servlet-name>
-    <servlet-class>org.apache.jasper.servlet.JspServlet</servlet-class>
+    <servlet-class>org.glassfish.wasp.servlet.JspServlet</servlet-class>
     <init-param>
       <param-name>xpoweredBy</param-name>
       <param-value>true</param-value>

appserver/admingui/common/src/main/java/org/glassfish/admingui/common/handlers/CommonHandlers.java

@@ -25,40 +25,39 @@
 
 package org.glassfish.admingui.common.handlers;
 
-import com.sun.enterprise.config.serverbeans.ServerTags;
-import com.sun.jsftemplating.annotation.Handler;
-import com.sun.jsftemplating.annotation.HandlerInput;
-import com.sun.jsftemplating.annotation.HandlerOutput;
-import com.sun.jsftemplating.el.PageSessionResolver;
-import com.sun.jsftemplating.handlers.NavigationHandlers;
-import com.sun.jsftemplating.layout.descriptors.handler.HandlerContext;
-import com.sun.jsftemplating.util.Util;
-
 import java.io.IOException;
 import java.io.Serializable;
 import java.text.DateFormat;
+import java.text.SimpleDateFormat;
+import java.util.ArrayList;
 import java.util.Date;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 import java.util.ResourceBundle;
 import java.util.logging.Level;
 import java.util.logging.Logger;
-import java.text.SimpleDateFormat;
-import java.util.ArrayList;
 
-import jakarta.faces.component.UIComponent;
-import jakarta.faces.component.UIInput;
-import jakarta.faces.component.UIViewRoot;
-import jakarta.faces.context.FacesContext;
-import jakarta.servlet.http.HttpServletResponse;
 import org.glassfish.admingui.common.tree.FilterTreeEvent;
-
 import org.glassfish.admingui.common.util.GuiUtil;
 import org.glassfish.admingui.common.util.MiscUtil;
 import org.glassfish.admingui.common.util.RestUtil;
 import org.glassfish.admingui.common.util.TargetUtil;
 
+import com.sun.enterprise.config.serverbeans.ServerTags;
+import com.sun.jsftemplating.annotation.Handler;
+import com.sun.jsftemplating.annotation.HandlerInput;
+import com.sun.jsftemplating.annotation.HandlerOutput;
+import com.sun.jsftemplating.handlers.NavigationHandlers;
+import com.sun.jsftemplating.layout.descriptors.handler.HandlerContext;
+import com.sun.jsftemplating.util.Util;
+
+import jakarta.faces.component.UIComponent;
+import jakarta.faces.component.UIInput;
+import jakarta.faces.component.UIViewRoot;
+import jakarta.faces.context.FacesContext;
+import jakarta.servlet.http.HttpServletResponse;
+
 
 public class CommonHandlers {
 
@@ -826,10 +825,9 @@ public static List filterAdminObjects(HandlerContext context) {
     private static String handleBareAttribute(FacesContext ctx, String url) {
         // Get Page Session...
         UIViewRoot root = ctx.getViewRoot();
-        Map<String, Serializable> pageSession =
-            PageSessionResolver.getPageSession(ctx, root);
+        Map<String, Serializable> pageSession = null; // PageSessionResolver.getPageSession(ctx, root);
         if (pageSession == null) {
-            pageSession = PageSessionResolver.createPageSession(ctx, root);
+            pageSession = createPageSession(ctx, root); // PageSessionResolver.createPageSession(ctx, root);
         }
         String request = ctx.getExternalContext().getRequestParameterMap().get("bare");
         if (request != null) {
@@ -853,6 +851,26 @@ private static String handleBareAttribute(FacesContext ctx, String url) {
         return url;
     }
 
+    /**
+     * <p>
+     * This method will create a new "page session" <code>Map</code>. It will overwrite any existing "page session"
+     * <code>Map</code>, so be careful.
+     * </p>
+     */
+    public static Map<String, Serializable> createPageSession(FacesContext ctx, UIViewRoot root) {
+        if (root == null) {
+            root = ctx.getViewRoot();
+        }
+        // Create it...
+        Map<String, Serializable> map = new HashMap<>(4);
+
+        // Store it...
+        root.getAttributes().put("_ps", map);
+
+        // Return it...
+        return map;
+    }
+
     /**
      * Add the name/value pair to the given url.
      * @param url

appserver/admingui/common/src/main/java/org/glassfish/admingui/common/security/AdminConsoleAuthModule.java

@@ -63,12 +63,11 @@
 import com.sun.enterprise.security.SecurityServicesUtil;
 
 /**
- * This class is responsible for providing the Authentication support
- * needed by the admin console to both access the admin console pages
- * as well as invoke REST requests.
+ * This class is responsible for providing the Authentication support needed by the admin console to both access the
+ * admin console pages as well as invoke REST requests.
  */
 public class AdminConsoleAuthModule implements ServerAuthModule {
-    //public static final String TOKEN_ADMIN_LISTENER_PORT = "${ADMIN_LISTENER_PORT}";
+    // public static final String TOKEN_ADMIN_LISTENER_PORT = "${ADMIN_LISTENER_PORT}";
 
     private CallbackHandler handler = null;
 
@@ -78,7 +77,7 @@ public class AdminConsoleAuthModule implements ServerAuthModule {
 
     private String loginErrorPage = null;
 
-    private static final Class[] SUPPORTED_MESSAGE_TYPES = new Class[]{HttpServletRequest.class, HttpServletResponse.class};
+    private static final Class[] SUPPORTED_MESSAGE_TYPES = new Class[] { HttpServletRequest.class, HttpServletResponse.class };
 
     private static final String SAVED_SUBJECT = "Saved_Subject";
 
@@ -106,34 +105,32 @@ public class AdminConsoleAuthModule implements ServerAuthModule {
     private static final Logger logger = GuiUtil.getLogger();
 
     /**
-     * This method configures this AuthModule and makes sure all the
-     * information needed to continue is present.
+     * This method configures this AuthModule and makes sure all the information needed to continue is present.
      */
     @Override
     public void initialize(MessagePolicy requestPolicy, MessagePolicy responsePolicy, CallbackHandler handler, Map options) throws AuthException {
         this.handler = handler;
         if (options != null) {
             this.loginPage = (String) options.get("loginPage");
             if (loginPage == null) {
-                throw new AuthException("'loginPage' "
-                        + "must be supplied as a property in the provider-config "
-                        + "in the domain.xml file!");
+                throw new AuthException(
+                        "'loginPage' " + "must be supplied as a property in the provider-config " + "in the domain.xml file!");
             }
             this.loginErrorPage = (String) options.get("loginErrorPage");
             if (loginErrorPage == null) {
-                throw new AuthException("'loginErrorPage' "
-                        + "must be supplied as a property in the provider-config "
-                        + "in the domain.xml file!");
+                throw new AuthException(
+                        "'loginErrorPage' " + "must be supplied as a property in the provider-config " + "in the domain.xml file!");
             }
             ServiceLocator habitat = SecurityServicesUtil.getInstance().getHabitat();
             Domain domain = habitat.getService(Domain.class);
-            NetworkListener adminListener = domain.getServerNamed("server").getConfig().getNetworkConfig().getNetworkListener("admin-listener");
+            NetworkListener adminListener = domain.getServerNamed("server").getConfig().getNetworkConfig()
+                    .getNetworkListener("admin-listener");
             SecureAdmin secureAdmin = habitat.getService(SecureAdmin.class);
 
             final String host = adminListener.getAddress();
             // Save the REST URL we need to authenticate the user.
-            this.restURL =  (SecureAdmin.Util.isEnabled(secureAdmin) ? "https://" : "http://") +
-                    (host.equals("0.0.0.0") ? "localhost" : host) + ":" + adminListener.getPort() + "/management/sessions";
+            this.restURL = (SecureAdmin.Util.isEnabled(secureAdmin) ? "https://" : "http://")
+                    + (host.equals("0.0.0.0") ? "localhost" : host) + ":" + adminListener.getPort() + "/management/sessions";
         }
     }
 
@@ -145,19 +142,15 @@ public Class[] getSupportedMessageTypes() {
         return SUPPORTED_MESSAGE_TYPES;
     }
 
-
     /**
      * This is where the validation happens...
      */
     @Override
     public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException {
         // Make sure we need to check...
-        HttpServletRequest request =
-                (HttpServletRequest) messageInfo.getRequestMessage();
-        HttpServletResponse response =
-                (HttpServletResponse) messageInfo.getResponseMessage();
-        if (!isMandatory(messageInfo)
-                && !request.getRequestURI().endsWith("/j_security_check")) {
+        HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage();
+        HttpServletResponse response = (HttpServletResponse) messageInfo.getResponseMessage();
+        if (!isMandatory(messageInfo) && !request.getRequestURI().endsWith("/j_security_check")) {
             return AuthStatus.SUCCESS;
         }
 
@@ -167,7 +160,7 @@ public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject
             return AuthStatus.FAILURE;
         }
 
-        Subject savedClientSubject = (Subject) session.getValue(SAVED_SUBJECT);
+        Subject savedClientSubject = (Subject) session.getAttribute(SAVED_SUBJECT);
         if (savedClientSubject != null) {
             // Copy all principals...
             clientSubject.getPrincipals().addAll(savedClientSubject.getPrincipals());
@@ -177,23 +170,21 @@ public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject
         }
 
         // See if we've already calculated the serverName / serverPort
-        if (session.getValue(REST_SERVER_NAME) == null) {
+        if (session.getAttribute(REST_SERVER_NAME) == null) {
             // Save this for use later...
             URL url = null;
             try {
                 url = new URL(restURL);
             } catch (MalformedURLException ex) {
-                throw new IllegalArgumentException(
-                        "Unable to parse REST URL: (" + restURL + ")", ex);
+                throw new IllegalArgumentException("Unable to parse REST URL: (" + restURL + ")", ex);
             }
-            session.putValue(REST_SERVER_NAME, url.getHost());
-            session.putValue(REST_SERVER_PORT, url.getPort());
+            session.setAttribute(REST_SERVER_NAME, savedClientSubject);
+            session.setAttribute(REST_SERVER_PORT, url.getPort());
         }
 
         // See if the username / password has been passed in...
         String username = request.getParameter("j_username");
-        char[] password = request.getParameter("j_password") != null
-                ? request.getParameter("j_password").toCharArray() : null;
+        char[] password = request.getParameter("j_password") != null ? request.getParameter("j_password").toCharArray() : null;
         if ((username == null) || (password == null) || !request.getMethod().equalsIgnoreCase("post")) {
             // Not passed in, show the login page...
             String origPath = request.getRequestURI();
@@ -213,14 +204,6 @@ public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject
             return AuthStatus.SEND_CONTINUE;
         }
 
-// Don't use the PasswordValidationCallback... use REST authorization instead.
-//        char[] pwd = new char[password.length()];
-//        password.getChars(0, password.length(), pwd, 0);
-//        PasswordValidationCallback pwdCallback =
-//            new PasswordValidationCallback(clientSubject, username, pwd);
-
-        // Make REST Request
-
         Client client2 = RestUtil.initialize(ClientBuilder.newBuilder()).build();
         WebTarget target = client2.target(restURL);
         target.register(HttpAuthenticationFeature.basic(username, new String(password)));
@@ -233,10 +216,9 @@ public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject
         // Check to see if successful..
         if (restResp.isSuccess()) {
             // Username and Password sent in... validate them!
-            CallerPrincipalCallback cpCallback =
-                    new CallerPrincipalCallback(clientSubject, username);
+            CallerPrincipalCallback cpCallback = new CallerPrincipalCallback(clientSubject, username);
             try {
-                handler.handle(new Callback[]{ /*pwdCallback,*/cpCallback});
+                handler.handle(new Callback[] { /* pwdCallback, */cpCallback });
             } catch (Exception ex) {
                 AuthException ae = new AuthException();
                 ae.initCause(ex);
@@ -245,7 +227,7 @@ public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject
 
             request.changeSessionId();
 
-                // Get the "extraProperties" section of the response...
+            // Get the "extraProperties" section of the response...
             Object obj = restResp.getResponse().get("data");
             Map extraProperties = null;
             if ((obj != null) && (obj instanceof Map)) {
@@ -257,29 +239,28 @@ public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject
 
             // Save the Rest Token...
             if (extraProperties != null) {
-                session.putValue(REST_TOKEN, extraProperties.get("token"));
+                session.setAttribute(REST_TOKEN, extraProperties.get("token"));
             }
 
             // Save the Subject...
-            session.putValue(SAVED_SUBJECT, clientSubject);
+            session.setAttribute(SAVED_SUBJECT, clientSubject);
 
             // Save the userName
-            session.putValue(USER_NAME, username);
+            session.setAttribute(USER_NAME, username);
 
             try {
                 // Redirect...
-                String origRequest = (String)session.getAttribute(ORIG_REQUEST_PATH);
+                String origRequest = (String) session.getAttribute(ORIG_REQUEST_PATH);
                 // Explicitly test for favicon.ico, as Firefox seems to ask for this on
                 // every page
                 if ((origRequest == null) || "/favicon.ico".equals(origRequest)) {
                     origRequest = "/index.jsf";
                 }
                 logger.log(Level.INFO, "Redirecting to {0}", neutralizeForLog(origRequest));
                 if (InputValidationUtil.validateStringforCRLF(origRequest)) {
-                    response.sendError(403,"Forbidden");
+                    response.sendError(403, "Forbidden");
                 }
-                response.sendRedirect(
-                        response.encodeRedirectURL(InputValidationUtil.removeLinearWhiteSpaces(origRequest)));
+                response.sendRedirect(response.encodeRedirectURL(InputValidationUtil.removeLinearWhiteSpaces(origRequest)));
             } catch (Exception ex) {
                 AuthException ae = new AuthException();
                 ae.initCause(ex);
@@ -294,6 +275,7 @@ public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject
                 request.setAttribute("errorText", GuiUtil.getMessage("alert.ConfigurationError"));
                 request.setAttribute("messageText", GuiUtil.getMessage("alert.EnableSecureAdmin"));
             }
+
             RequestDispatcher rd = request.getRequestDispatcher(this.loginErrorPage);
             try {
                 rd.forward(request, response);
@@ -302,6 +284,7 @@ public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject
                 ae.initCause(ex);
                 throw ae;
             }
+
             return AuthStatus.SEND_FAILURE;
         }
     }
@@ -317,7 +300,6 @@ public void cleanSubject(MessageInfo messageInfo, Subject subject) throws AuthEx
     }
 
     private boolean isMandatory(MessageInfo messageInfo) {
-        return Boolean.valueOf((String) messageInfo.getMap().get(
-                "jakarta.security.auth.message.MessagePolicy.isMandatory"));
+        return Boolean.valueOf((String) messageInfo.getMap().get("jakarta.security.auth.message.MessagePolicy.isMandatory"));
     }
 }

appserver/appclient/client/acc/pom.xml

@@ -1,6 +1,7 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!--
 
+    Copyright (c) 2021 Contributors to Eclipse Foundation.
     Copyright (c) 1997, 2021 Oracle and/or its affiliates. All rights reserved.
 
     This program and the accompanying materials are made available under the
@@ -345,6 +346,11 @@
             <artifactId>jakarta.enterprise.cdi-api</artifactId>
             <scope>compile</scope>
         </dependency>
+        <dependency>
+            <groupId>jakarta.enterprise</groupId>
+            <artifactId>jakarta.enterprise.lang-model</artifactId>
+            <scope>compile</scope>
+        </dependency>
 
         <dependency>
             <groupId>jakarta.authorization</groupId>

appserver/appclient/client/acc/src/main/java/org/glassfish/appclient/client/acc/ACCClassLoader.java

@@ -1,4 +1,5 @@
 /*
+ * Copyright (c) 2021 Contributors to Eclipse Foundation.
  * Copyright (c) 1997, 2021 Oracle and/or its affiliates. All rights reserved.
  *
  * This program and the accompanying materials are made available under the
@@ -167,7 +168,6 @@ public ACCClassLoader(URL[] urls, ClassLoader parent) {
         clientCLDelegate = new ClientClassLoaderDelegate(this);
     }
 
-
     private ACCClassLoader(URL[] urls, ClassLoader parent, boolean shouldTransform) {
         this(urls, parent);
         this.shouldTransform = shouldTransform;