Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use Built-in Java HTTP Server instead of Jetty 11 #2315

Draft
wants to merge 4 commits into
base: 4.9.x
Choose a base branch
from
Draft

Use Built-in Java HTTP Server instead of Jetty 11 #2315

wants to merge 4 commits into from

Conversation

sdelamo
Copy link
Contributor

@sdelamo sdelamo commented Mar 19, 2025
edited
Loading

Jetty 11 has a CVE. This pull request removes the usage of Jetty 11 and replaces it with the built-in Java HTTP Server.

Jetty 12 Handler uses org.eclipse.jetty.server.Request instead of jakarta.servlet.http.HttpServletRequest. org.eclipse.jetty.server.Request no longer implements HttpServletRequest. Because of that, to get rid of Jetty 11, we had two options: rewrite to Jetty 12 or migrate AwsApiProxyTestServer to use the Java Built-in HTTP Server and remove the usage of Jetty.

I gone the path of using the built-in HTTP Server. There are several classes introduced in this PR which I think should be in micronaut core.

@sdelamo sdelamo added the type: improvement A minor improvement to an existing feature label Mar 19, 2025
@sdelamo sdelamo requested review from graemerocher and yawkat March 19, 2025 14:18
sdelamo
sdelamo commented Mar 19, 2025
View reviewed changes
...-proxy-test/src/main/java/io/micronaut/function/aws/proxy/test/HttpServerEmbeddedServer.java Outdated
import java.util.concurrent.atomic.AtomicBoolean;

@Internal
class HttpServerEmbeddedServer implements EmbeddedServer {
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@graemerocher @yawkat I would like to move this class to core. What do you think? That way I could use it in every cloud module (aws, gcp, azure).

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

or maybe in servlet.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1 to putting it into servlet

@sdelamo sdelamo force-pushed the built-in-http-server branch from bd0afdc to 9aa83fe Compare March 19, 2025 15:06
@sdelamo sdelamo added the type: breaking Introduces a breaking change label Mar 19, 2025
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Failed Quality Gate failed

Failed conditions
1 New Critical Issues (required ≤ 0)

See analysis details on SonarQube Cloud

Catch issues before they fail your Quality Gate with our IDE extension SonarQube for IDE

@sdelamo sdelamo marked this pull request as draft March 20, 2025 16:26
@sdelamo sdelamo mentioned this pull request Mar 20, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@graemerocher graemerocher Awaiting requested review from graemerocher

@yawkat yawkat Awaiting requested review from yawkat

Assignees
No one assigned
Labels
type: breaking Introduces a breaking change type: improvement A minor improvement to an existing feature
Projects
4.8.0 Release
Status: Ready for Review
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@sdelamo @yawkat