benchmarks/pom.xml

@@ -25,12 +25,12 @@
     <parent>
         <groupId>io.undertow</groupId>
         <artifactId>undertow-parent</artifactId>
-        <version>2.0.23.Final</version>
+        <version>2.0.25.Final</version>
     </parent>
 
     <groupId>io.undertow</groupId>
     <artifactId>undertow-benchmarks</artifactId>
-    <version>2.0.23.Final</version>
+    <version>2.0.25.Final</version>
 
     <name>Undertow Benchmarks</name>
 

core/pom.xml

@@ -25,12 +25,12 @@
     <parent>
         <groupId>io.undertow</groupId>
         <artifactId>undertow-parent</artifactId>
-        <version>2.0.23.Final</version>
+        <version>2.0.25.Final</version>
     </parent>
 
     <groupId>io.undertow</groupId>
     <artifactId>undertow-core</artifactId>
-    <version>2.0.23.Final</version>
+    <version>2.0.25.Final</version>
 
     <name>Undertow Core</name>
 

core/src/main/java/io/undertow/security/handlers/SinglePortConfidentialityHandler.java

@@ -19,6 +19,7 @@ package io.undertow.security.handlers;
 
 import io.undertow.server.HttpHandler;
 import io.undertow.server.HttpServerExchange;
+import io.undertow.util.NetworkUtils;
 
 import java.net.URI;
 import java.net.URISyntaxException;
@@ -45,7 +46,8 @@ public class SinglePortConfidentialityHandler extends AbstractConfidentialityHan
 
     protected URI getRedirectURI(final HttpServerExchange exchange, final int port) throws URISyntaxException {
         final StringBuilder uriBuilder = new StringBuilder();
-        uriBuilder.append("https://").append(exchange.getHostName());
+        uriBuilder.append("https://");
+        uriBuilder.append(NetworkUtils.formatPossibleIpv6Address(exchange.getHostName()));
         if (port > 0) {
             uriBuilder.append(":").append(port);
         }

coverage-report/pom.xml

@@ -3,7 +3,7 @@
     <parent>
         <groupId>io.undertow</groupId>
         <artifactId>undertow-parent</artifactId>
-        <version>2.0.23.Final</version>
+        <version>2.0.25.Final</version>
     </parent>
     <artifactId>undertow-coverage-report</artifactId>
     <name>Undertow Test Coverage Report</name>

debian/changelog

+undertow (2.0.25-1) unstable; urgency=medium
+
+  * New upstream version 2.0.25.
+
+ -- Markus Koschany <apo@debian.org>  Mon, 26 Aug 2019 21:15:06 +0200
+
 undertow (2.0.23-1) unstable; urgency=medium
 
   * New upstream version 2.0.23.

dist/pom.xml

@@ -25,12 +25,12 @@
     <parent>
         <groupId>io.undertow</groupId>
         <artifactId>undertow-parent</artifactId>
-        <version>2.0.23.Final</version>
+        <version>2.0.25.Final</version>
     </parent>
 
     <groupId>io.undertow</groupId>
     <artifactId>undertow-dist</artifactId>
-    <version>2.0.23.Final</version>
+    <version>2.0.25.Final</version>
 
     <name>Undertow: Distribution</name>
 

examples/pom.xml

@@ -25,12 +25,12 @@
     <parent>
         <groupId>io.undertow</groupId>
         <artifactId>undertow-parent</artifactId>
-        <version>2.0.23.Final</version>
+        <version>2.0.25.Final</version>
     </parent>
 
     <groupId>io.undertow</groupId>
     <artifactId>undertow-examples</artifactId>
-    <version>2.0.23.Final</version>
+    <version>2.0.25.Final</version>
 
     <name>Undertow Examples</name>
 

karaf/pom.xml

@@ -25,12 +25,12 @@
     <parent>
         <groupId>io.undertow</groupId>
         <artifactId>undertow-parent</artifactId>
-        <version>2.0.23.Final</version>
+        <version>2.0.25.Final</version>
     </parent>
 
     <groupId>io.undertow</groupId>
     <artifactId>karaf</artifactId>
-    <version>2.0.23.Final</version>
+    <version>2.0.25.Final</version>
     <packaging>pom</packaging>
 
     <name>Undertow Karaf Features</name>

parser-generator/pom.xml

@@ -25,12 +25,12 @@
     <parent>
         <groupId>io.undertow</groupId>
         <artifactId>undertow-parent</artifactId>
-        <version>2.0.23.Final</version>
+        <version>2.0.25.Final</version>
     </parent>
 
     <groupId>io.undertow</groupId>
     <artifactId>undertow-parser-generator</artifactId>
-    <version>2.0.23.Final</version>
+    <version>2.0.25.Final</version>
 
     <name>Undertow Parser Generator</name>
     <description>An annotation processor that is used to generate the HTTP parser</description>

pom.xml

@@ -28,7 +28,7 @@
 
     <groupId>io.undertow</groupId>
     <artifactId>undertow-parent</artifactId>
-    <version>2.0.23.Final</version>
+    <version>2.0.25.Final</version>
 
     <name>Undertow</name>
     <description>Undertow</description>

servlet/pom.xml

@@ -25,12 +25,12 @@
     <parent>
         <groupId>io.undertow</groupId>
         <artifactId>undertow-parent</artifactId>
-        <version>2.0.23.Final</version>
+        <version>2.0.25.Final</version>
     </parent>
 
     <groupId>io.undertow</groupId>
     <artifactId>undertow-servlet</artifactId>
-    <version>2.0.23.Final</version>
+    <version>2.0.25.Final</version>
 
     <name>Undertow Servlet</name>
 

servlet/src/main/java/io/undertow/servlet/spec/HttpServletRequestImpl.java

@@ -102,6 +102,9 @@ public final class HttpServletRequestImpl implements HttpServletRequest {
     @Deprecated
     public static final AttachmentKey<Boolean> SECURE_REQUEST = HttpServerExchange.SECURE_REQUEST;
 
+    static final AttachmentKey<Boolean> REQUESTED_SESSION_ID_SET = AttachmentKey.create(Boolean.class);
+    static final AttachmentKey<String> REQUESTED_SESSION_ID = AttachmentKey.create(String.class);
+
     private final HttpServerExchange exchange;
     private final ServletContextImpl originalServletContext;
     private ServletContextImpl servletContext;
@@ -347,6 +350,10 @@ public final class HttpServletRequestImpl implements HttpServletRequest {
 
     @Override
     public String getRequestedSessionId() {
+        Boolean isRequestedSessionIdSaved = exchange.getAttachment(REQUESTED_SESSION_ID_SET);
+        if (isRequestedSessionIdSaved != null && isRequestedSessionIdSaved) {
+            return exchange.getAttachment(REQUESTED_SESSION_ID);
+        }
         SessionConfig config = originalServletContext.getSessionConfig();
         if(config instanceof ServletContextImpl.ServletContextSessionConfig) {
             return ((ServletContextImpl.ServletContextSessionConfig)config).getDelegate().findSessionId(exchange);

servlet/src/main/java/io/undertow/servlet/spec/ServletContextImpl.java

@@ -862,6 +862,11 @@ public class ServletContextImpl implements ServletContext {
             } else if (create) {
 
                 String existing = c.findSessionId(exchange);
+                Boolean isRequestedSessionIdSaved = exchange.getAttachment(HttpServletRequestImpl.REQUESTED_SESSION_ID_SET);
+                if (isRequestedSessionIdSaved == null || !isRequestedSessionIdSaved) {
+                    exchange.putAttachment(HttpServletRequestImpl.REQUESTED_SESSION_ID_SET, Boolean.TRUE);
+                    exchange.putAttachment(HttpServletRequestImpl.REQUESTED_SESSION_ID, existing);
+                }
 
                 if (originalServletContext != this) {
                     //this is a cross context request
@@ -907,7 +912,7 @@ public class ServletContextImpl implements ServletContext {
                                 }
                             }
                         }
-                        if (!found && !c.sessionCookieSource(exchange).equals(SessionConfig.SessionCookieSource.URL)) {
+                        if (!found) {
                             c.clearSession(exchange, existing);
                         }
                     } else {
@@ -1203,6 +1208,11 @@ public class ServletContextImpl implements ServletContext {
         @Override
         public void clearSession(HttpServerExchange exchange, String sessionId) {
             exchange.putAttachment(INVALIDATED, sessionId);
+            Boolean isRequestedSessionIdSaved = exchange.getAttachment(HttpServletRequestImpl.REQUESTED_SESSION_ID_SET);
+            if (isRequestedSessionIdSaved == null || !isRequestedSessionIdSaved) {
+                exchange.putAttachment(HttpServletRequestImpl.REQUESTED_SESSION_ID_SET, Boolean.TRUE);
+                exchange.putAttachment(HttpServletRequestImpl.REQUESTED_SESSION_ID, sessionId);
+            }
             delegate.clearSession(exchange, sessionId);
         }
 

servlet/src/test/java/io/undertow/servlet/test/session/RequestedSessionIdURLTrackingModeTestCase.java

-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2019 Red Hat, Inc., and individual contributors
- * as indicated by the @author tags.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS,
- *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-package io.undertow.servlet.test.session;
-
-import java.io.IOException;
-import java.util.Collections;
-import javax.servlet.ServletContext;
-import javax.servlet.ServletException;
-import javax.servlet.SessionTrackingMode;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.http.HttpResponse;
-import org.apache.http.client.methods.HttpGet;
-import org.junit.Assert;
-import org.junit.BeforeClass;
-import org.junit.Test;
-import org.junit.runner.RunWith;
-
-import io.undertow.server.session.SessionConfig;
-import io.undertow.servlet.ServletExtension;
-import io.undertow.servlet.Servlets;
-import io.undertow.servlet.api.DeploymentInfo;
-import io.undertow.servlet.api.ServletSessionConfig;
-import io.undertow.servlet.test.util.DeploymentUtils;
-import io.undertow.testutils.DefaultServer;
-import io.undertow.testutils.HttpClientUtils;
-import io.undertow.testutils.TestHttpClient;
-import io.undertow.util.StatusCodes;
-
-/**
- * Testing getRequestedSessionId when is null and when client specifies a sessionId
- *
- * @author tmiyar
- */
-@RunWith(DefaultServer.class)
-public class RequestedSessionIdURLTrackingModeTestCase {
-
-
-    @BeforeClass
-    public static void setup() {
-        DeploymentUtils.setupServlet(new ServletExtension() {
-            @Override
-            public void handleDeployment(DeploymentInfo deploymentInfo, ServletContext servletContext) {
-                deploymentInfo.setServletSessionConfig(new ServletSessionConfig().setSessionTrackingModes(Collections.singleton(SessionTrackingMode.URL)));
-            }
-        }, Servlets.servlet(RequestedSessionIdServlet.class).addMapping("/test"));
-    }
-
-
-
-    @Test
-    public void testGetRequestedSessionId() throws IOException {
-        TestHttpClient client = new TestHttpClient();
-
-        try {
-            HttpGet get = new HttpGet(DefaultServer.getDefaultServerURL() + "/servletContext/test;jsessionid=null");
-            HttpResponse result = client.execute(get);
-            Assert.assertEquals(StatusCodes.OK, result.getStatusLine().getStatusCode());
-            HttpClientUtils.readResponse(result);
-            get = new HttpGet(DefaultServer.getDefaultServerURL() + "/servletContext/test;jsessionid=test");
-            result = client.execute(get);
-            Assert.assertEquals(StatusCodes.OK, result.getStatusLine().getStatusCode());
-            HttpClientUtils.readResponse(result);
-        } finally {
-            client.close();
-        }
-    }
-
-
-    /**
-     * The SessionManager.createSession(true) *MUST* call {@link SessionConfig#findSessionId(io.undertow.server.HttpServerExchange)} (io.undertow.server.HttpServerExchange)} first to
-     * determine if an existing session ID is present in the exchange. If this id is present then it must be used
-     * as the new session ID.
-     * @author tmiyar
-     * @see io.undertow.server.session.SessionManager
-     */
-    public static class RequestedSessionIdServlet extends HttpServlet {
-
-        @Override
-        protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
-            //Before there is any session
-            String sessionIdBefore = req.getRequestedSessionId();
-            //create a new session
-            req.getSession(true);
-            //should return client provided session
-            String sessionIdAfter = req.getRequestedSessionId();
-
-            Assert.assertTrue(String.format("sessionIdBefore %s, sessionIdAfter %s", sessionIdBefore, sessionIdAfter), sessionIdBefore.equals(sessionIdAfter));
-
-        }
-    }
-
-}

servlet/src/test/java/io/undertow/servlet/test/session/ServletURLRewritingSessionTestCase.java

@@ -35,7 +35,6 @@ import org.apache.http.client.methods.HttpGet;
 import org.apache.http.impl.client.BasicCookieStore;
 import org.junit.Assert;
 import org.junit.BeforeClass;
-import org.junit.Ignore;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import io.undertow.servlet.ServletExtension;
@@ -171,7 +170,6 @@ public class ServletURLRewritingSessionTestCase {
     }
 
     @Test
-    @Ignore("Failing after fix for UNDERTOW-1575")
     public void testURLRewritingWithExistingOldSessionIdAndOtherPathParams() throws IOException {
         TestHttpClient client = new TestHttpClient();
         client.setCookieStore(new BasicCookieStore());
@@ -183,6 +181,7 @@ public class ServletURLRewritingSessionTestCase {
             Header[] header = result.getHeaders(COUNT);
             Assert.assertEquals("0", header[0].getValue());
 
+
             get = new HttpGet(url);
             result = client.execute(get);
             Assert.assertEquals(StatusCodes.OK, result.getStatusLine().getStatusCode());
@@ -203,11 +202,33 @@ public class ServletURLRewritingSessionTestCase {
         }
     }
 
+    @Test
+    public void testGetRequestedSessionId() throws IOException {
+        TestHttpClient client = new TestHttpClient();
+        try {
+            HttpGet get = new HttpGet(DefaultServer.getDefaultServerURL() + "/servletContext/foo");
+            HttpResponse result = client.execute(get);
+            Assert.assertEquals(StatusCodes.OK, result.getStatusLine().getStatusCode());
+            HttpClientUtils.readResponse(result);
+            get = new HttpGet(DefaultServer.getDefaultServerURL() + "/servletContext/foo;jsessionid=test");
+            result = client.execute(get);
+            Assert.assertEquals(StatusCodes.OK, result.getStatusLine().getStatusCode());
+            HttpClientUtils.readResponse(result);
+        } finally {
+            client.close();
+        }
+    }
+
     public static class URLRewritingServlet extends HttpServlet {
 
         @Override
         protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
+
+            String sessionIdBefore = req.getRequestedSessionId();
             HttpSession session = req.getSession(true);
+            String sessionIdAfter = req.getRequestedSessionId();
+            Assert.assertEquals(String.format("sessionIdBefore %s, sessionIdAfter %s", sessionIdBefore, sessionIdAfter), sessionIdBefore, sessionIdAfter);
+
             Object existing = session.getAttribute(COUNT);
             if (existing == null) {
                 session.setAttribute(COUNT, 0);

websockets-jsr/pom.xml

@@ -25,12 +25,12 @@
     <parent>
         <groupId>io.undertow</groupId>
         <artifactId>undertow-parent</artifactId>
-        <version>2.0.23.Final</version>
+        <version>2.0.25.Final</version>
     </parent>
 
     <groupId>io.undertow</groupId>
     <artifactId>undertow-websockets-jsr</artifactId>
-    <version>2.0.23.Final</version>
+    <version>2.0.25.Final</version>
 
     <name>Undertow WebSockets JSR356 implementations</name>