Remove optional jetty runtime

- Simplifies pom making future upgrades easier
- Fixes tests picking up jetty runtime

Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
master
Andrew DeMaria 5 years ago
parent 39f75fd4a0
commit ef22d6d8ed
  1. 19
      airsonic-main/cve-suppressed.xml
  2. 31
      airsonic-main/pom.xml
  3. 8
      airsonic-main/src/main/java/org/airsonic/player/Application.java
  4. 4
      airsonic-main/src/main/java/org/airsonic/player/controller/StreamController.java
  5. 4
      airsonic-main/src/main/java/org/airsonic/player/spring/LoggingExceptionResolver.java
  6. 6
      pom.xml

@ -47,13 +47,6 @@
<cpe regex="true">.*</cpe> <cpe regex="true">.*</cpe>
</suppress> </suppress>
<!-- Jetty is currently only used for developer experimentation -->
<suppress>
<notes>Jetty is currently only used for developer experimentations</notes>
<gav regex="true">^org\.eclipse\.jetty:.*$</gav>
<cpe>cpe:/a:org.eclipse.jetty:</cpe>
</suppress>
<!-- No git functionality is used from the following dependencies --> <!-- No git functionality is used from the following dependencies -->
<suppress> <suppress>
<notes><![CDATA[file name: org.eclipse.persistence.core-2.5.1.jar]]></notes> <notes><![CDATA[file name: org.eclipse.persistence.core-2.5.1.jar]]></notes>
@ -111,12 +104,6 @@
<cve>CVE-2016-5425</cve> <cve>CVE-2016-5425</cve>
</suppress> </suppress>
<!-- Jetty is currently disabled and not added to the built war -->
<suppress>
<notes><![CDATA[file name: jetty-schemas-3.1.jar]]></notes>
<gav regex="true">^org\.eclipse\.jetty\..*$</gav>
<cpe>cpe:/a:mortbay_jetty:jetty</cpe>
</suppress>
<!--Vulnerabilty lies in Database Clusterscripts--> <!--Vulnerabilty lies in Database Clusterscripts-->
<suppress> <suppress>
<notes><![CDATA[file name: postgresql-42.1.4.jar]]></notes> <notes><![CDATA[file name: postgresql-42.1.4.jar]]></notes>
@ -184,17 +171,17 @@
<cvssBelow>9.0</cvssBelow> <cvssBelow>9.0</cvssBelow>
</suppress> </suppress>
<suppress> <suppress>
<notes>False positive for tomcat vuln in eclipse jetty/jasper compat lib</notes> <notes>False positive for tomcat vuln in eclipse jasper compat lib</notes>
<gav regex="true">^org\.mortbay\.jasper:apache-jsp:.*$</gav> <gav regex="true">^org\.mortbay\.jasper:apache-jsp:.*$</gav>
<cve>CVE-2016-5425</cve> <cve>CVE-2016-5425</cve>
</suppress> </suppress>
<suppress> <suppress>
<notes>False positive for tomcat vuln in eclipse jetty/jasper compat lib</notes> <notes>False positive for tomcat vuln in eclipse jasper compat lib</notes>
<gav regex="true">^org\.mortbay\.jasper:apache-jsp:.*$</gav> <gav regex="true">^org\.mortbay\.jasper:apache-jsp:.*$</gav>
<cve>CVE-2017-6056</cve> <cve>CVE-2017-6056</cve>
</suppress> </suppress>
<suppress> <suppress>
<notes>False positive for tomcat vuln in eclipse jetty/jasper compat lib</notes> <notes>False positive for tomcat vuln in eclipse jasper compat lib</notes>
<gav regex="true">^org\.mortbay\.jasper:apache-jsp:.*$</gav> <gav regex="true">^org\.mortbay\.jasper:apache-jsp:.*$</gav>
<cve>CVE-2019-10072</cve> <cve>CVE-2019-10072</cve>
</suppress> </suppress>

@ -512,24 +512,6 @@
<artifactId>tomcat-embed-jasper</artifactId> <artifactId>tomcat-embed-jasper</artifactId>
<scope>${tomcat.server.scope}</scope> <scope>${tomcat.server.scope}</scope>
</dependency> </dependency>
<!-- Embedded Jetty -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-jetty</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>apache-jsp</artifactId>
<scope>provided</scope>
</dependency>
<!-- Provided by the servlet container, but found by dependency:analyze even if used via reflection -->
<dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-io</artifactId>
<scope>provided</scope>
</dependency>
<dependency> <dependency>
<groupId>com.fasterxml.jackson.core</groupId> <groupId>com.fasterxml.jackson.core</groupId>
@ -620,8 +602,6 @@
<configuration> <configuration>
<mainClass>org.airsonic.player.Application</mainClass> <mainClass>org.airsonic.player.Application</mainClass>
<layout>WAR</layout> <layout>WAR</layout>
<excludeGroupIds>${boot.group.excludes}</excludeGroupIds>
<excludeArtifactIds>${boot.artifact.excludes}</excludeArtifactIds>
</configuration> </configuration>
<executions> <executions>
<execution> <execution>
@ -715,17 +695,6 @@
<activation> <activation>
<activeByDefault>true</activeByDefault> <activeByDefault>true</activeByDefault>
</activation> </activation>
<properties>
<boot.group.excludes>org.eclipse.jetty,org.eclipse.jetty.websocket,org.mortbay.jasper,org.eclipse.jetty.toolchain,org.ow2.asm</boot.group.excludes>
<boot.artifact.excludes>spring-boot-starter-jetty</boot.artifact.excludes>
</properties>
</profile>
<profile>
<id>jetty-embed</id>
<properties>
<boot.group.excludes>org.apache.tomcat.embed</boot.group.excludes>
<boot.artifact.excludes>spring-boot-starter-tomcat</boot.artifact.excludes>
</properties>
</profile> </profile>
<profile> <profile>
<id>ide-tomcat-embed</id> <id>ide-tomcat-embed</id>

@ -214,14 +214,6 @@ public class Application extends SpringBootServletInitializer implements Embedde
LOG.warn("An error happened while trying to optimize tomcat", e); LOG.warn("An error happened while trying to optimize tomcat", e);
} }
try {
Class<?> jettyESCF = Class.forName("org.springframework.boot.context.embedded.jetty.JettyEmbeddedServletContainerFactory");
if (jettyESCF.isInstance(container)) {
LOG.warn("Detected Jetty web server. Here there be dragons.");
}
} catch (NoClassDefFoundError | ClassNotFoundException e) {
LOG.debug("No jetty classes found");
}
} }
public static void main(String[] args) { public static void main(String[] args) {

@ -258,9 +258,7 @@ public class StreamController {
// This happens often and outside of the control of the server, so // This happens often and outside of the control of the server, so
// we catch Tomcat/Jetty "connection aborted by client" exceptions // we catch Tomcat/Jetty "connection aborted by client" exceptions
// and display a short error message. // and display a short error message.
boolean shouldCatch = false; boolean shouldCatch = Util.isInstanceOfClassName(e, "org.apache.catalina.connector.ClientAbortException");
shouldCatch |= Util.isInstanceOfClassName(e, "org.apache.catalina.connector.ClientAbortException");
shouldCatch |= Util.isInstanceOfClassName(e, "org.eclipse.jetty.io.EofException");
if (shouldCatch) { if (shouldCatch) {
LOG.info("{}: Client unexpectedly closed connection while loading {} ({})", LOG.info("{}: Client unexpectedly closed connection while loading {} ({})",
request.getRemoteAddr(), request.getRemoteAddr(),

@ -21,9 +21,7 @@ public class LoggingExceptionResolver implements HandlerExceptionResolver, Order
// This happens often and outside of the control of the server, so // This happens often and outside of the control of the server, so
// we catch Tomcat/Jetty "connection aborted by client" exceptions // we catch Tomcat/Jetty "connection aborted by client" exceptions
// and display a short error message. // and display a short error message.
boolean shouldCatch = false; boolean shouldCatch = Util.isInstanceOfClassName(e, "org.apache.catalina.connector.ClientAbortException");
shouldCatch |= Util.isInstanceOfClassName(e, "org.apache.catalina.connector.ClientAbortException");
shouldCatch |= Util.isInstanceOfClassName(e, "org.eclipse.jetty.io.EofException");
if (shouldCatch) { if (shouldCatch) {
LOG.info("{}: Client unexpectedly closed connection while loading {} ({})", request.getRemoteAddr(), Util.getAnonymizedURLForRequest(request), e.getCause().toString()); LOG.info("{}: Client unexpectedly closed connection while loading {} ({})", request.getRemoteAddr(), Util.getAnonymizedURLForRequest(request), e.getCause().toString());
return null; return null;

@ -129,12 +129,6 @@
<artifactId>guava</artifactId> <artifactId>guava</artifactId>
<version>27.1-jre</version> <version>27.1-jre</version>
</dependency> </dependency>
<dependency>
<groupId>org.eclipse.jdt</groupId>
<artifactId>ecj</artifactId>
<version>3.14.0</version>
<scope>provided</scope>
</dependency>
<dependency> <dependency>
<groupId>org.apache.ant</groupId> <groupId>org.apache.ant</groupId>
<artifactId>ant</artifactId> <artifactId>ant</artifactId>

Loading…
Cancel
Save