Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Upgrade from javax.servlet-api-3.1 to jakarta.servlet-api:4.0 and ban javax.servlet:javax.servlet-api #693

Merged
merged 9 commits into from
Apr 28, 2023
10 changes: 5 additions & 5 deletions pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -171,9 +171,9 @@
</dependency>
<dependency>
<!-- used in JTH and jenkins core > 2.x -->
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<version>3.1.0</version>
<groupId>jakarta.servlet</groupId>
<artifactId>jakarta.servlet-api</artifactId>
<version>4.0.4</version>
</dependency>
<dependency>
<groupId>junit</groupId>
Expand Down Expand Up @@ -239,8 +239,8 @@

<!-- dependencies provided by virtue of running in Jenkins -->
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<groupId>jakarta.servlet</groupId>
<artifactId>jakarta.servlet-api</artifactId>
<scope>provided</scope>
</dependency>

Expand Down
3 changes: 3 additions & 0 deletions src/it/servlet-api/invoker.properties
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
# install, not verify, because we want to check the artifact as we would be about to deploy it
# release.skipTests normally set in jenkins-release profile since release:perform would do the tests
invoker.goals=-Dstyle.color=always -ntp -Pjenkins-release -Drelease.skipTests=false clean install
37 changes: 37 additions & 0 deletions src/it/servlet-api/pom.xml
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.jenkins-ci.plugins</groupId>
<artifactId>plugin</artifactId>
<version>@project.version@</version>
<relativePath/>
</parent>
<groupId>org.jenkins-ci.plugins.its</groupId>
<artifactId>servlet-api</artifactId>
<version>1.0-SNAPSHOT</version>
<packaging>hpi</packaging>
<properties>
<jenkins.version>2.361.4</jenkins.version>
</properties>
<repositories>
<repository>
<id>repo.jenkins-ci.org</id>
<url>https://repo.jenkins-ci.org/public/</url>
</repository>
</repositories>
<pluginRepositories>
<pluginRepository>
<id>repo.jenkins-ci.org</id>
<url>https://repo.jenkins-ci.org/public/</url>
</pluginRepository>
</pluginRepositories>
<dependencies>
<dependency>
<groupId>org.jenkins-ci.plugins</groupId>
<artifactId>structs</artifactId>
<version>1.5</version>
</dependency>
</dependencies>
</project>
2 changes: 2 additions & 0 deletions src/it/servlet-api/src/main/resources/index.jelly
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
<?jelly escape-by-default='true'?>
<div/>
34 changes: 34 additions & 0 deletions src/it/servlet-api/src/test/java/test/ServletAPITest.java
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
package test;

import org.junit.Rule;
import org.junit.Test;
import org.jvnet.hudson.test.JenkinsRule;

import hudson.security.LegacySecurityRealm;
import jenkins.model.Jenkins;

public class ServletAPITest {

@Rule
public final JenkinsRule rule = new JenkinsRule();

/**
* When having both Servlet APIs 3.1 and 4.0 in classpath, the following error
* is logged on server side:
*
* <pre>
* WARNING o.e.jetty.server.HttpChannel#handleException: /jenkins/j_security_check
* java.lang.AbstractMethodError: Receiver class org.eclipse.jetty.security.authentication.SessionAuthentication does not define or inherit an
* implementation of the resolved emethod 'abstract void valueBound(javax.servlet.http.HttpSessionBindingEvent)' of interface
jeromepochat marked this conversation as resolved.
Show resolved Hide resolved
* javax.servlet.http.HttpSessionBindingListener. at org.eclipse.jetty.server.session.Session.bindValue(Session.java:357)
* </pre>
*
* And then on client side getting "500 Server Error for
* http://localhost:.../jenkins/j_security_check"
*/
@Test
public void involveHttpSessionBindingListener() throws Exception {
Jenkins.get().setSecurityRealm(new LegacySecurityRealm());
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Note that the error is not reproducible after

Suggested change
Jenkins.get().setSecurityRealm(new LegacySecurityRealm());
Jenkins.get().setSecurityRealm(rule.createDummySecurityRealm());

I point this out because LegacySecurityRealm is almost never used (it was superseded in 2007 and should perhaps be dropped altogether along with support for non-Winstone containers), and if a routine usage of HtmlUnit were broken after some core or tooling update we would have noticed that in lots of popular plugins by now.

Copy link
Contributor Author

@jeromepochat jeromepochat Feb 17, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for this fix @jglick !

BTW it this PR is still revelant as similar issue could occurs as having multiple versions of APIs in same classloader (at least from plugin tests).

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Potentially yes. I suspect the conflict just rarely matters, but using LegacySecurityRealm in a test activates a code path in the servlet container which is otherwise rarely encountered.

rule.createWebClient().login("bob");
}
}