From c5365a812d2ff88b109367362bae78efadec1cb8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Pochat?= <jpochat@cloudbees.com>
Date: Thu, 16 Feb 2023 14:42:43 +0100
Subject: [PATCH 1/6] Upgrade from javax.servlet-api-3.1 to
 jakarta.servlet-api:4.0

---
 pom.xml | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/pom.xml b/pom.xml
index f02afbfb79..4b07847ed2 100644
--- a/pom.xml
+++ b/pom.xml
@@ -171,9 +171,9 @@
       </dependency>
       <dependency>
         <!-- used in JTH and jenkins core > 2.x -->
-        <groupId>javax.servlet</groupId>
-        <artifactId>javax.servlet-api</artifactId>
-        <version>3.1.0</version>
+        <groupId>jakarta.servlet</groupId>
+        <artifactId>jakarta.servlet-api</artifactId>
+        <version>4.0.3</version>
       </dependency>
       <dependency>
         <groupId>junit</groupId>
@@ -239,8 +239,8 @@
 
     <!-- dependencies provided by virtue of running in Jenkins -->
     <dependency>
-      <groupId>javax.servlet</groupId>
-      <artifactId>javax.servlet-api</artifactId>
+      <groupId>jakarta.servlet</groupId>
+      <artifactId>jakarta.servlet-api</artifactId>
       <scope>provided</scope>
     </dependency>
 

From 3fee819db7deea568b6037a10f034b80d7c4d765 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Pochat?= <jpochat@cloudbees.com>
Date: Fri, 17 Feb 2023 09:33:25 +0100
Subject: [PATCH 2/6] Upgrade jarkarta.servlet-api from 4.0.3 to 4.0.4

Co-authored-by: Jesse Glick <jglick@cloudbees.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 4b07847ed2..89df22e968 100644
--- a/pom.xml
+++ b/pom.xml
@@ -173,7 +173,7 @@
         <!-- used in JTH and jenkins core > 2.x -->
         <groupId>jakarta.servlet</groupId>
         <artifactId>jakarta.servlet-api</artifactId>
-        <version>4.0.3</version>
+        <version>4.0.4</version>
       </dependency>
       <dependency>
         <groupId>junit</groupId>

From 7b2d225df2af7aad1c81dae105a0f2d76b62c949 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Pochat?= <jpochat@cloudbees.com>
Date: Fri, 17 Feb 2023 11:15:35 +0100
Subject: [PATCH 3/6] Add ServletAPITest

---
 src/it/servlet-api/invoker.properties         |  3 ++
 src/it/servlet-api/pom.xml                    | 37 +++++++++++++++++++
 .../src/main/resources/index.jelly            |  2 +
 .../src/test/java/test/ServletAPITest.java    | 34 +++++++++++++++++
 4 files changed, 76 insertions(+)
 create mode 100644 src/it/servlet-api/invoker.properties
 create mode 100644 src/it/servlet-api/pom.xml
 create mode 100644 src/it/servlet-api/src/main/resources/index.jelly
 create mode 100644 src/it/servlet-api/src/test/java/test/ServletAPITest.java

diff --git a/src/it/servlet-api/invoker.properties b/src/it/servlet-api/invoker.properties
new file mode 100644
index 0000000000..ccb70fca53
--- /dev/null
+++ b/src/it/servlet-api/invoker.properties
@@ -0,0 +1,3 @@
+# install, not verify, because we want to check the artifact as we would be about to deploy it
+# release.skipTests normally set in jenkins-release profile since release:perform would do the tests
+invoker.goals=-Dstyle.color=always -ntp -Pjenkins-release -Drelease.skipTests=false clean install
diff --git a/src/it/servlet-api/pom.xml b/src/it/servlet-api/pom.xml
new file mode 100644
index 0000000000..5f9eb97409
--- /dev/null
+++ b/src/it/servlet-api/pom.xml
@@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <parent>
+        <groupId>org.jenkins-ci.plugins</groupId>
+        <artifactId>plugin</artifactId>
+        <version>@project.version@</version>
+        <relativePath/>
+    </parent>
+    <groupId>org.jenkins-ci.plugins.its</groupId>
+    <artifactId>servlet-api</artifactId>
+    <version>1.0-SNAPSHOT</version>
+    <packaging>hpi</packaging>
+    <properties>
+        <jenkins.version>2.361.4</jenkins.version>
+    </properties>
+    <repositories>
+        <repository>
+            <id>repo.jenkins-ci.org</id>
+            <url>https://repo.jenkins-ci.org/public/</url>
+        </repository>
+    </repositories>
+    <pluginRepositories>
+        <pluginRepository>
+            <id>repo.jenkins-ci.org</id>
+            <url>https://repo.jenkins-ci.org/public/</url>
+        </pluginRepository>
+    </pluginRepositories>
+    <dependencies>
+        <dependency>
+            <groupId>org.jenkins-ci.plugins</groupId>
+            <artifactId>structs</artifactId>
+            <version>1.5</version>
+        </dependency>
+    </dependencies>
+</project>
diff --git a/src/it/servlet-api/src/main/resources/index.jelly b/src/it/servlet-api/src/main/resources/index.jelly
new file mode 100644
index 0000000000..2f655e510a
--- /dev/null
+++ b/src/it/servlet-api/src/main/resources/index.jelly
@@ -0,0 +1,2 @@
+<?jelly escape-by-default='true'?>
+<div/>
diff --git a/src/it/servlet-api/src/test/java/test/ServletAPITest.java b/src/it/servlet-api/src/test/java/test/ServletAPITest.java
new file mode 100644
index 0000000000..fcaaf2b6f5
--- /dev/null
+++ b/src/it/servlet-api/src/test/java/test/ServletAPITest.java
@@ -0,0 +1,34 @@
+package test;
+
+import org.junit.Rule;
+import org.junit.Test;
+import org.jvnet.hudson.test.JenkinsRule;
+
+import hudson.security.LegacySecurityRealm;
+import jenkins.model.Jenkins;
+
+public class ServletAPITest {
+
+    @Rule
+    public final JenkinsRule rule = new JenkinsRule();
+
+    /**
+     * When having both Servlet APIs 3.1 and 4.0 in classpath, the following error
+     * is logged on server side:
+     * 
+     * <pre>
+     * WARNING	o.e.jetty.server.HttpChannel#handleException: /jenkins/j_security_check
+     * java.lang.AbstractMethodError: Receiver class org.eclipse.jetty.security.authentication.SessionAuthentication does not define or inherit an
+     * implementation of the resolved emethod 'abstract void valueBound(javax.servlet.http.HttpSessionBindingEvent)' of interface
+     * javax.servlet.http.HttpSessionBindingListener. at org.eclipse.jetty.server.session.Session.bindValue(Session.java:357)
+     * </pre>
+     * 
+     * And then on client side getting "500 Server Error for
+     * http://localhost:.../jenkins/j_security_check"
+     */
+    @Test
+    public void involveHttpSessionBindingListener() throws Exception {
+        Jenkins.get().setSecurityRealm(new LegacySecurityRealm());
+        rule.createWebClient().login("bob");
+    }
+}

From fa67413b2b2e7919443267ab99b0f871fdf3ee17 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Pochat?= <jpochat@cloudbees.com>
Date: Fri, 17 Feb 2023 14:48:52 +0100
Subject: [PATCH 4/6] Typo

Co-authored-by: Jesse Glick <jglick@cloudbees.com>
---
 src/it/servlet-api/src/test/java/test/ServletAPITest.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/it/servlet-api/src/test/java/test/ServletAPITest.java b/src/it/servlet-api/src/test/java/test/ServletAPITest.java
index fcaaf2b6f5..22b86ac58f 100644
--- a/src/it/servlet-api/src/test/java/test/ServletAPITest.java
+++ b/src/it/servlet-api/src/test/java/test/ServletAPITest.java
@@ -19,7 +19,7 @@ public class ServletAPITest {
      * <pre>
      * WARNING	o.e.jetty.server.HttpChannel#handleException: /jenkins/j_security_check
      * java.lang.AbstractMethodError: Receiver class org.eclipse.jetty.security.authentication.SessionAuthentication does not define or inherit an
-     * implementation of the resolved emethod 'abstract void valueBound(javax.servlet.http.HttpSessionBindingEvent)' of interface
+     * implementation of the resolved method 'abstract void valueBound(javax.servlet.http.HttpSessionBindingEvent)' of interface
      * javax.servlet.http.HttpSessionBindingListener. at org.eclipse.jetty.server.session.Session.bindValue(Session.java:357)
      * </pre>
      * 

From 3bed3c929c109e09f27bfbe4b45d609453eb6393 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Pochat?= <jpochat@cloudbees.com>
Date: Wed, 26 Apr 2023 12:33:49 +0200
Subject: [PATCH 5/6] Fix Spotless issues

---
 src/it/servlet-api/pom.xml                    | 69 +++++++++----------
 .../src/test/java/test/ServletAPITest.java    |  9 ++-
 2 files changed, 38 insertions(+), 40 deletions(-)

diff --git a/src/it/servlet-api/pom.xml b/src/it/servlet-api/pom.xml
index 5f9eb97409..7d24cd64db 100644
--- a/src/it/servlet-api/pom.xml
+++ b/src/it/servlet-api/pom.xml
@@ -1,37 +1,36 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
-    <modelVersion>4.0.0</modelVersion>
-    <parent>
-        <groupId>org.jenkins-ci.plugins</groupId>
-        <artifactId>plugin</artifactId>
-        <version>@project.version@</version>
-        <relativePath/>
-    </parent>
-    <groupId>org.jenkins-ci.plugins.its</groupId>
-    <artifactId>servlet-api</artifactId>
-    <version>1.0-SNAPSHOT</version>
-    <packaging>hpi</packaging>
-    <properties>
-        <jenkins.version>2.361.4</jenkins.version>
-    </properties>
-    <repositories>
-        <repository>
-            <id>repo.jenkins-ci.org</id>
-            <url>https://repo.jenkins-ci.org/public/</url>
-        </repository>
-    </repositories>
-    <pluginRepositories>
-        <pluginRepository>
-            <id>repo.jenkins-ci.org</id>
-            <url>https://repo.jenkins-ci.org/public/</url>
-        </pluginRepository>
-    </pluginRepositories>
-    <dependencies>
-        <dependency>
-            <groupId>org.jenkins-ci.plugins</groupId>
-            <artifactId>structs</artifactId>
-            <version>1.5</version>
-        </dependency>
-    </dependencies>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+  <parent>
+    <groupId>org.jenkins-ci.plugins</groupId>
+    <artifactId>plugin</artifactId>
+    <version>@project.version@</version>
+    <relativePath />
+  </parent>
+  <groupId>org.jenkins-ci.plugins.its</groupId>
+  <artifactId>servlet-api</artifactId>
+  <version>1.0-SNAPSHOT</version>
+  <packaging>hpi</packaging>
+  <properties>
+    <jenkins.version>2.361.4</jenkins.version>
+  </properties>
+  <dependencies>
+    <dependency>
+      <groupId>org.jenkins-ci.plugins</groupId>
+      <artifactId>structs</artifactId>
+      <version>1.5</version>
+    </dependency>
+  </dependencies>
+  <repositories>
+    <repository>
+      <id>repo.jenkins-ci.org</id>
+      <url>https://repo.jenkins-ci.org/public/</url>
+    </repository>
+  </repositories>
+  <pluginRepositories>
+    <pluginRepository>
+      <id>repo.jenkins-ci.org</id>
+      <url>https://repo.jenkins-ci.org/public/</url>
+    </pluginRepository>
+  </pluginRepositories>
 </project>
diff --git a/src/it/servlet-api/src/test/java/test/ServletAPITest.java b/src/it/servlet-api/src/test/java/test/ServletAPITest.java
index 22b86ac58f..6e8e73cbf9 100644
--- a/src/it/servlet-api/src/test/java/test/ServletAPITest.java
+++ b/src/it/servlet-api/src/test/java/test/ServletAPITest.java
@@ -1,12 +1,11 @@
 package test;
 
+import hudson.security.LegacySecurityRealm;
+import jenkins.model.Jenkins;
 import org.junit.Rule;
 import org.junit.Test;
 import org.jvnet.hudson.test.JenkinsRule;
 
-import hudson.security.LegacySecurityRealm;
-import jenkins.model.Jenkins;
-
 public class ServletAPITest {
 
     @Rule
@@ -15,14 +14,14 @@ public class ServletAPITest {
     /**
      * When having both Servlet APIs 3.1 and 4.0 in classpath, the following error
      * is logged on server side:
-     * 
+     *
      * <pre>
      * WARNING	o.e.jetty.server.HttpChannel#handleException: /jenkins/j_security_check
      * java.lang.AbstractMethodError: Receiver class org.eclipse.jetty.security.authentication.SessionAuthentication does not define or inherit an
      * implementation of the resolved method 'abstract void valueBound(javax.servlet.http.HttpSessionBindingEvent)' of interface
      * javax.servlet.http.HttpSessionBindingListener. at org.eclipse.jetty.server.session.Session.bindValue(Session.java:357)
      * </pre>
-     * 
+     *
      * And then on client side getting "500 Server Error for
      * http://localhost:.../jenkins/j_security_check"
      */

From aece72169f2c1d5af0fa0ca04348f2e97360f792 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Pochat?= <jpochat@cloudbees.com>
Date: Thu, 27 Apr 2023 09:24:52 +0200
Subject: [PATCH 6/6] Ban javax.servlet:javax.servlet-api

---
 pom.xml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/pom.xml b/pom.xml
index 479e87048a..3894af3556 100644
--- a/pom.xml
+++ b/pom.xml
@@ -556,6 +556,7 @@
                 </enforceBytecodeVersion>
                 <bannedDependencies>
                   <excludes>
+                    <exclude>javax.servlet:javax.servlet-api</exclude>
                     <exclude>javax.servlet:servlet-api</exclude>
                     <exclude>org.sonatype.sisu:sisu-guice</exclude>
                     <exclude>log4j:log4j:*:jar:compile</exclude>