diff --git a/archetypes/echo/src/main/resources/archetype-resources/pom.xml b/archetypes/echo/src/main/resources/archetype-resources/pom.xml
index a6552e20..21d31a01 100644
--- a/archetypes/echo/src/main/resources/archetype-resources/pom.xml
+++ b/archetypes/echo/src/main/resources/archetype-resources/pom.xml
@@ -71,7 +71,7 @@
11${project.version}UTF-8
- 3.11.0
+ 3.13.03.4.0
diff --git a/containers/servlet/src/main/java/org/glassfish/tyrus/servlet/TyrusHttpUpgradeHandler.java b/containers/servlet/src/main/java/org/glassfish/tyrus/servlet/TyrusHttpUpgradeHandler.java
index e60ae924..ae30b4c5 100644
--- a/containers/servlet/src/main/java/org/glassfish/tyrus/servlet/TyrusHttpUpgradeHandler.java
+++ b/containers/servlet/src/main/java/org/glassfish/tyrus/servlet/TyrusHttpUpgradeHandler.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2012, 2022 Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, 2024 Oracle and/or its affiliates. All rights reserved.
*
* This program and the accompanying materials are made available under the
* terms of the Eclipse Public License v. 2.0, which is available at
@@ -46,6 +46,14 @@
*/
public class TyrusHttpUpgradeHandler implements HttpUpgradeHandler, ReadListener {
+ /**
+ *
+ * The size to precede OutOfMemory Exception and potentially DDoS attacks when buffering incoming WebSocket frames.
+ *
+ *
+ * The default value is 4194315 bytes, which correspond to 4M plus few bytes to frame headers.
+ *
+ */
public static final String FRAME_BUFFER_SIZE = "org.glassfish.tyrus.servlet.incoming-buffer-size";
private final CountDownLatch connectionLatch = new CountDownLatch(1);
@@ -98,6 +106,12 @@ public void close(CloseReason reason) {
connectionLatch.countDown();
}
+ /**
+ * Sets the required information before {@link #init(WebConnection)} is invoked.
+ * @param upgradeInfo The WebSocket UpgradeInfo.
+ * @param writer The Tyrus SPI Writer.
+ * @param authenticated Whether the authentication has been used.
+ */
public void preInit(WebSocketEngine.UpgradeInfo upgradeInfo, Writer writer, boolean authenticated) {
this.upgradeInfo = upgradeInfo;
this.writer = writer;
@@ -249,6 +263,10 @@ public String toString() {
return sb.toString();
}
+ /**
+ * Override the default {@link #FRAME_BUFFER_SIZE}.
+ * @param incomingBufferSize The new incoming frame buffer size value.
+ */
public void setIncomingBufferSize(int incomingBufferSize) {
this.incomingBufferSize = incomingBufferSize;
}
diff --git a/pom.xml b/pom.xml
index 4aeb4935..e26f38c3 100644
--- a/pom.xml
+++ b/pom.xml
@@ -77,11 +77,11 @@
- Martin Matula
- http://blog.alutam.com
+ Pavel Bucek
- Pavel Bucek
+ Martin Matula
+ http://blog.alutam.comStepan Kopriva
@@ -118,11 +118,13 @@
6.0.02.6.7
+ 11
- 3.11.0
- 3.6.2
+ 3.13.0
+ 3.7.03.2.13.4.0
+ 2.8.0jakarta.websocketorg.glassfish
@@ -171,15 +173,15 @@
maven-assembly-plugin
- 3.6.0
+ 3.7.1maven-source-plugin
- 3.2.0
+ 3.3.0maven-compiler-plugin
- 3.11.0
+ ${maven.compiler.plugin}maven-release-plugin
@@ -314,7 +316,7 @@
Tyrus ${project.version} API DocumentationTyrus ${project.version} API
- https://projects.eclipse.org/projects/ee4j.tyrus
+ https://eclipse-ee4j.github.io/tyrus-project.github.io/apidocs/latest/
*.core.l10n.*:*.internal.*:org.glassfish.tyrus.core.wsadl.model
@@ -383,8 +385,8 @@
org.apache.maven.pluginsmaven-compiler-plugin
- 11
- 11
+ ${java.version}
+ ${java.version}UTF-8
@@ -596,6 +598,37 @@
+
+ sbom
+
+
+ !skipSBOM
+
+
+
+
+
+ org.cyclonedx
+ cyclonedx-maven-plugin
+ ${cyclonedx.mvn.plugin.version}
+ true
+
+
+ package
+
+ makeAggregateBom
+
+
+
+ framework
+ true
+
+
+
+
+
+
+
diff --git a/tests/release-test/src/test/java/org/glassfish/tyrus/test/artifacts/MultiReleaseTest.java b/tests/release-test/src/test/java/org/glassfish/tyrus/test/artifacts/MultiReleaseTest.java
new file mode 100644
index 00000000..0586f1bc
--- /dev/null
+++ b/tests/release-test/src/test/java/org/glassfish/tyrus/test/artifacts/MultiReleaseTest.java
@@ -0,0 +1,128 @@
+/*
+ * Copyright (c) 2024 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.tyrus.test.artifacts;
+
+import org.apache.maven.model.Dependency;
+import org.codehaus.plexus.util.xml.pull.XmlPullParserException;
+import org.junit.Assert;
+import org.junit.Test;
+
+import java.io.File;
+import java.io.IOException;
+import java.util.List;
+import java.util.Optional;
+import java.util.Properties;
+import java.util.jar.JarEntry;
+import java.util.jar.JarFile;
+import java.util.stream.Collectors;
+import java.util.stream.Stream;
+import java.util.zip.ZipEntry;
+
+public class MultiReleaseTest {
+ private static final String s = "";
+ private static final File localRepository = MavenUtil.getLocalMavenRepository();
+ private static final Properties properties = MavenUtil.getMavenProperties();
+
+ @Test
+ public void testIsJdkMultiRelease() throws IOException, XmlPullParserException {
+ TestResult result = testJdkVersions("11", jdk11multiRelease(properties));
+ //Assertions.assertTrue(result.result(), "Some error occurred, see previous messages");
+ Assert.assertTrue("Some error occurred, see previous messages", result.result());
+ }
+
+ private static TestResult testJdkVersions(String version, DependencyPair... dependencies)
+ throws XmlPullParserException, IOException {
+ final TestResult result = new TestResult();
+ if (dependencies == null || dependencies.length == 0) {
+ System.out.append("No dependencies found for jdk ").println(version);
+ return result;
+ }
+
+ Stream deps = MavenUtil.streamTyrusJars();
+ List files = MavenUtil.keepTyrusJars(deps, dependencies)
+ .map(dependency -> MavenUtil.getArtifactJar(localRepository, dependency, properties))
+ .collect(Collectors.toList());
+
+ //Assertions.assertEquals(dependencies.length, files.size(), "Some jdk " + version + " dependencies not found");
+ if (dependencies.length != files.size()) {
+ System.out.println("Expected:");
+ for (DependencyPair pair : dependencies) {
+ System.out.println(pair);
+ }
+ System.out.println("Resolved:");
+ for (File file : files) {
+ System.out.println(file.getName());
+ }
+ Assert.assertEquals("Some jdk " + version + " dependencies not found", dependencies.length, files.size());
+ }
+
+ for (File jar : files) {
+ JarFile jarFile = new JarFile(jar);
+ if (!jarFile.isMultiRelease()) {
+ result.exception().append("Not a multirelease jar ").append(jar.getName()).println("!");
+ }
+ ZipEntry versions = jarFile.getEntry("META-INF/versions/" + version);
+ System.out.append("Accessing META-INF/versions/").append(version).append(" of ").println(jar.getName());
+ if (versions == null) {
+ result.exception().append("No classes for JDK ").append(version).append(" for ").println(jar.getName());
+ }
+ result.ok().append("Classes for JDK ").append(version).append(" found for ").println(jar.getName());
+
+ Optional file = jarFile.stream()
+ .filter(entry -> !entry.isDirectory())
+ .filter(entry -> !entry.getName().contains("versions"))
+ .filter(entry -> entry.getName().endsWith(".class"))
+ .findAny();
+ JarEntry jarEntry = file.get();
+ result.append(ClassVersionChecker.checkClassVersion(jarFile, jarEntry, properties));
+ }
+
+ // Verify that number of multirelease jars matches the expected dependencies
+ StringBuilder multi = new StringBuilder();
+ int multiCnt = 0;
+ List allFiles = MavenUtil.streamTyrusJars()
+ .map(dependency -> MavenUtil.getArtifactJar(localRepository, dependency, properties))
+ .collect(Collectors.toList());
+ for (File jar : files) {
+ JarFile jarFile = new JarFile(jar);
+ if (jarFile.isMultiRelease()) {
+ multiCnt++;
+ multi.append("Multirelease jar ").append(jar.getName()).append('\n');
+ }
+ }
+ if (files.size() == multiCnt) {
+ result.ok().println("There is expected number of multirelease jars");
+ } else {
+ result.exception().println("There is unexpected number of multirelease jars:");
+ result.exception().append(multi).println("");
+ }
+
+ return result;
+ }
+
+ private static DependencyPair[] jdk11multiRelease(Properties properties) throws XmlPullParserException, IOException {
+ String tyrusVersion = MavenUtil.getTyrusVersion(properties);
+ if (tyrusVersion.startsWith("2.0")) {
+ return MavenUtil.streamTyrusJars()
+ .map(d -> new DependencyPair(d.getGroupId(), d.getArtifactId()))
+ .collect(Collectors.toList())
+ .toArray(new DependencyPair[0]);
+ }
+ return new DependencyPair[]{};
+ }
+
+}
diff --git a/tests/servlet/embedded-glassfish-test/pom.xml b/tests/servlet/embedded-glassfish-test/pom.xml
index 9c9d454d..735a6f8a 100644
--- a/tests/servlet/embedded-glassfish-test/pom.xml
+++ b/tests/servlet/embedded-glassfish-test/pom.xml
@@ -301,10 +301,9 @@
- org.apache.maven.pluginsmaven-compiler-plugin
- 11
+ 11
diff --git a/tests/servlet/pom.xml b/tests/servlet/pom.xml
index 53dbc547..dd447330 100755
--- a/tests/servlet/pom.xml
+++ b/tests/servlet/pom.xml
@@ -50,6 +50,4 @@
debug
-
-