eclipse-ee4j · jansupol · Jun 27, 2024 · Jun 19, 2024 · Jun 20, 2024
diff --git a/archetypes/echo/src/main/resources/archetype-resources/pom.xml b/archetypes/echo/src/main/resources/archetype-resources/pom.xml
@@ -71,7 +71,7 @@
         <java.version>11</java.version>
         <tyrus.version>${project.version}</tyrus.version>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-        <maven.compiler.plugin>3.11.0</maven.compiler.plugin>
+        <maven.compiler.plugin>3.13.0</maven.compiler.plugin>
         <maven.war.plugin.version>3.4.0</maven.war.plugin.version>
     </properties>
 </project>
diff --git a/containers/servlet/src/main/java/org/glassfish/tyrus/servlet/TyrusHttpUpgradeHandler.java b/containers/servlet/src/main/java/org/glassfish/tyrus/servlet/TyrusHttpUpgradeHandler.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012, 2022 Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, 2024 Oracle and/or its affiliates. All rights reserved.
  *
  * This program and the accompanying materials are made available under the
  * terms of the Eclipse Public License v. 2.0, which is available at
@@ -46,6 +46,14 @@
  */
 public class TyrusHttpUpgradeHandler implements HttpUpgradeHandler, ReadListener {
 
+    /**
+     * <p>
+     *     The size to precede OutOfMemory Exception and potentially DDoS attacks when buffering incoming WebSocket frames.
+     * </p>
+     * <p>
+     *     The default value is 4194315 bytes, which correspond to 4M plus few bytes to frame headers.
+     * </p>
+     */
     public static final String FRAME_BUFFER_SIZE = "org.glassfish.tyrus.servlet.incoming-buffer-size";
 
     private final CountDownLatch connectionLatch = new CountDownLatch(1);
@@ -98,6 +106,12 @@ public void close(CloseReason reason) {
         connectionLatch.countDown();
     }
 
+    /**
+     * Sets the required information before {@link #init(WebConnection)} is invoked.
+     * @param upgradeInfo The WebSocket UpgradeInfo.
+     * @param writer The Tyrus SPI Writer.
+     * @param authenticated Whether the authentication has been used.
+     */
     public void preInit(WebSocketEngine.UpgradeInfo upgradeInfo, Writer writer, boolean authenticated) {
         this.upgradeInfo = upgradeInfo;
         this.writer = writer;
@@ -249,6 +263,10 @@ public String toString() {
         return sb.toString();
     }
 
+    /**
+     * Override the default {@link #FRAME_BUFFER_SIZE}.
+     * @param incomingBufferSize The new incoming frame buffer size value.
+     */
     public void setIncomingBufferSize(int incomingBufferSize) {
         this.incomingBufferSize = incomingBufferSize;
     }

diff --git a/pom.xml b/pom.xml
@@ -77,11 +77,11 @@
 
     <contributors>
         <contributor>
-            <name>Martin Matula</name>
-            <url>http://blog.alutam.com</url>
+            <name>Pavel Bucek</name>
         </contributor>
         <contributor>
-            <name>Pavel Bucek</name>
+            <name>Martin Matula</name>
+            <url>http://blog.alutam.com</url>
         </contributor>
         <contributor>
             <name>Stepan Kopriva</name>
@@ -118,11 +118,13 @@
         <servlet.api.version>6.0.0</servlet.api.version>
         <spring.boot.version>2.6.7</spring.boot.version>
 
+        <java.version>11</java.version>
 
-        <maven.compiler.plugin>3.11.0</maven.compiler.plugin>
-        <maven-javadoc-plugin.version>3.6.2</maven-javadoc-plugin.version>
+        <maven.compiler.plugin>3.13.0</maven.compiler.plugin>
+        <maven-javadoc-plugin.version>3.7.0</maven-javadoc-plugin.version>
         <maven.surefire.plugin.version>3.2.1</maven.surefire.plugin.version>
         <maven.war.plugin.version>3.4.0</maven.war.plugin.version>
+        <cyclonedx.mvn.plugin.version>2.8.0</cyclonedx.mvn.plugin.version>
 
         <api_package>jakarta.websocket</api_package>
         <impl_namespace>org.glassfish</impl_namespace>
@@ -171,15 +173,15 @@
                 </plugin>
                 <plugin>
                     <artifactId>maven-assembly-plugin</artifactId>
-                    <version>3.6.0</version>
+                    <version>3.7.1</version>
                 </plugin>
                 <plugin>
                     <artifactId>maven-source-plugin</artifactId>
-                    <version>3.2.0</version>
+                    <version>3.3.0</version>
                 </plugin>
                 <plugin>
                     <artifactId>maven-compiler-plugin</artifactId>
-                    <version>3.11.0</version>
+                    <version>${maven.compiler.plugin}</version>
                 </plugin>
                 <plugin>
                     <artifactId>maven-release-plugin</artifactId>
@@ -314,7 +316,7 @@
                         <doctitle>Tyrus ${project.version} API Documentation</doctitle>
                         <windowtitle>Tyrus ${project.version} API</windowtitle>
                         <links>
-                            <link>https://projects.eclipse.org/projects/ee4j.tyrus</link>
+                            <link>https://eclipse-ee4j.github.io/tyrus-project.github.io/apidocs/latest/</link>
                         </links>
                         <excludePackageNames>
                             *.core.l10n.*:*.internal.*:org.glassfish.tyrus.core.wsadl.model
@@ -383,8 +385,8 @@
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-compiler-plugin</artifactId>
                 <configuration>
-                    <source>11</source>
-                    <target>11</target>
+                    <source>${java.version}</source>
+                    <target>${java.version}</target>
                     <encoding>UTF-8</encoding>
                 </configuration>
             </plugin>
@@ -596,6 +598,37 @@
                 </plugins>
             </build>
         </profile>
+        <profile>
+            <id>sbom</id>
+            <activation>
+                <property>
+                    <name>!skipSBOM</name>
+                </property>
+            </activation>
+            <build>
+                <plugins>
+                    <plugin>
+                        <groupId>org.cyclonedx</groupId>
+                        <artifactId>cyclonedx-maven-plugin</artifactId>
+                        <version>${cyclonedx.mvn.plugin.version}</version>
+                        <inherited>true</inherited>
+                        <executions>
+                            <execution>
+                                <phase>package</phase>
+                                <goals>
+                                    <goal>makeAggregateBom</goal>
+                                </goals>
+                                <configuration>
+                                    <!--                            <schemaVersion>1.4</schemaVersion>-->
+                                    <projectType>framework</projectType>
+                                    <excludeTestProject>true</excludeTestProject>
+                                </configuration>
+                            </execution>
+                        </executions>
+                    </plugin>
+                </plugins>
+            </build>
+        </profile>
     </profiles>
 
     <reporting>

diff --git a/tests/release-test/src/test/java/org/glassfish/tyrus/test/artifacts/MultiReleaseTest.java b/tests/release-test/src/test/java/org/glassfish/tyrus/test/artifacts/MultiReleaseTest.java
@@ -0,0 +1,128 @@
+/*
+ * Copyright (c) 2024 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.tyrus.test.artifacts;
+
+import org.apache.maven.model.Dependency;
+import org.codehaus.plexus.util.xml.pull.XmlPullParserException;
+import org.junit.Assert;
+import org.junit.Test;
+
+import java.io.File;
+import java.io.IOException;
+import java.util.List;
+import java.util.Optional;
+import java.util.Properties;
+import java.util.jar.JarEntry;
+import java.util.jar.JarFile;
+import java.util.stream.Collectors;
+import java.util.stream.Stream;
+import java.util.zip.ZipEntry;
+
+public class MultiReleaseTest {
+    private static final String s = "";
+    private static final File localRepository = MavenUtil.getLocalMavenRepository();
+    private static final Properties properties = MavenUtil.getMavenProperties();
+
+    @Test
+    public void testIsJdkMultiRelease() throws IOException, XmlPullParserException {
+        TestResult result = testJdkVersions("11", jdk11multiRelease(properties));
+        //Assertions.assertTrue(result.result(), "Some error occurred, see previous messages");
+        Assert.assertTrue("Some error occurred, see previous messages", result.result());
+    }
+
+    private static TestResult testJdkVersions(String version, DependencyPair... dependencies)
+            throws XmlPullParserException, IOException {
+        final TestResult result = new TestResult();
+        if (dependencies == null || dependencies.length == 0) {
+            System.out.append("No dependencies found for jdk ").println(version);
+            return result;
+        }
+
+        Stream<Dependency> deps = MavenUtil.streamTyrusJars();
+        List<File> files = MavenUtil.keepTyrusJars(deps, dependencies)
+                .map(dependency -> MavenUtil.getArtifactJar(localRepository, dependency, properties))
+                .collect(Collectors.toList());
+
+        //Assertions.assertEquals(dependencies.length, files.size(), "Some jdk " + version + " dependencies not found");
+        if (dependencies.length != files.size()) {
+            System.out.println("Expected:");
+            for (DependencyPair pair : dependencies) {
+                System.out.println(pair);
+            }
+            System.out.println("Resolved:");
+            for (File file : files) {
+                System.out.println(file.getName());
+            }
+            Assert.assertEquals("Some jdk " + version + " dependencies not found", dependencies.length, files.size());
+        }
+
+        for (File jar : files) {
+            JarFile jarFile = new JarFile(jar);
+            if (!jarFile.isMultiRelease()) {
+                result.exception().append("Not a multirelease jar ").append(jar.getName()).println("!");
+            }
+            ZipEntry versions = jarFile.getEntry("META-INF/versions/" + version);
+            System.out.append("Accessing META-INF/versions/").append(version).append(" of ").println(jar.getName());
+            if (versions == null) {
+                result.exception().append("No classes for JDK ").append(version).append(" for ").println(jar.getName());
+            }
+            result.ok().append("Classes for JDK ").append(version).append(" found for ").println(jar.getName());
+
+            Optional<JarEntry> file = jarFile.stream()
+                    .filter(entry -> !entry.isDirectory())
+                    .filter(entry -> !entry.getName().contains("versions"))
+                    .filter(entry -> entry.getName().endsWith(".class"))
+                    .findAny();
+            JarEntry jarEntry = file.get();
+            result.append(ClassVersionChecker.checkClassVersion(jarFile, jarEntry, properties));
+        }
+
+        // Verify that number of multirelease jars matches the expected dependencies
+        StringBuilder multi = new StringBuilder();
+        int multiCnt = 0;
+        List<File> allFiles = MavenUtil.streamTyrusJars()
+                .map(dependency -> MavenUtil.getArtifactJar(localRepository, dependency, properties))
+                .collect(Collectors.toList());
+        for (File jar : files) {
+            JarFile jarFile = new JarFile(jar);
+            if (jarFile.isMultiRelease()) {
+                multiCnt++;
+                multi.append("Multirelease jar ").append(jar.getName()).append('\n');
+            }
+        }
+        if (files.size() == multiCnt) {
+            result.ok().println("There is expected number of multirelease jars");
+        } else {
+            result.exception().println("There is unexpected number of multirelease jars:");
+            result.exception().append(multi).println("");
+        }
+
+        return result;
+    }
+
+    private static DependencyPair[] jdk11multiRelease(Properties properties) throws XmlPullParserException, IOException {
+        String tyrusVersion = MavenUtil.getTyrusVersion(properties);
+        if (tyrusVersion.startsWith("2.0")) {
+            return MavenUtil.streamTyrusJars()
+                    .map(d -> new DependencyPair(d.getGroupId(), d.getArtifactId()))
+                    .collect(Collectors.toList())
+                    .toArray(new DependencyPair[0]);
+        }
+        return new DependencyPair[]{};
+    }
+
+}
diff --git a/tests/servlet/embedded-glassfish-test/pom.xml b/tests/servlet/embedded-glassfish-test/pom.xml
@@ -301,10 +301,9 @@
                 </executions>
             </plugin>
             <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-compiler-plugin</artifactId>
                 <configuration>
-                    <target>11</target>
+                    <release>11</release>
                 </configuration>
             </plugin>
         </plugins>

diff --git a/tests/servlet/pom.xml b/tests/servlet/pom.xml
@@ -50,6 +50,4 @@
         <module>debug</module>
     </modules>
 
-    <dependencies>
-    </dependencies>
 </project>