From 596674088a13cc02253a36810658f07bfe95114d Mon Sep 17 00:00:00 2001
From: maximthomas <maxim.thomas@gmail.com>
Date: Wed, 9 Jul 2025 14:18:17 +0300
Subject: [PATCH 1/6] Update paxweb to 7.2.15

---
 openidm-zip/src/main/resources/conf/jetty.xml | 32 ++++++++++++++++---
 pom.xml                                       |  4 +--
 2 files changed, 29 insertions(+), 7 deletions(-)

diff --git a/openidm-zip/src/main/resources/conf/jetty.xml b/openidm-zip/src/main/resources/conf/jetty.xml
index 6b69125b52..b87af79ec6 100644
--- a/openidm-zip/src/main/resources/conf/jetty.xml
+++ b/openidm-zip/src/main/resources/conf/jetty.xml
@@ -1,5 +1,5 @@
 <?xml version="1.0"?>
-<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
+<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_3.dtd">
 <!--
     ~ The contents of this file are subject to the terms of the Common Development and
     ~ Distribution License (the License). You may not use this file except in compliance with the
@@ -127,9 +127,27 @@
         <Item>TLS_ECDHE_RSA_WITH_RC4_128_SHA</Item>
         -->
 
+        <Item>TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA</Item>
+        <Item>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA</Item>
+        <Item>TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA</Item>
+        <Item>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</Item>
+        <Item>TLS_DHE_RSA_WITH_AES_256_CBC_SHA</Item>
+        <Item>TLS_DHE_DSS_WITH_AES_256_CBC_SHA</Item>
+        <Item>TLS_DHE_RSA_WITH_AES_128_CBC_SHA</Item>
+        <Item>TLS_DHE_DSS_WITH_AES_128_CBC_SHA</Item>
+        <Item>TLS_RSA_WITH_AES_256_GCM_SHA384</Item>
+        <Item>TLS_RSA_WITH_AES_128_GCM_SHA256</Item>
+        <Item>TLS_RSA_WITH_AES_256_CBC_SHA256</Item>
+        <Item>TLS_RSA_WITH_AES_128_CBC_SHA256</Item>
+        <Item>TLS_RSA_WITH_AES_256_CBC_SHA</Item>
+        <Item>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA</Item>
+        <Item>TLS_RSA_WITH_AES_128_CBC_SHA</Item>
+
+
+
     </Array>
 
-    <New id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory">
+    <New id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory$Server">
         <Set name="keyStorePath"><Get class="org.forgerock.openidm.jetty.Param" name="keystoreLocation"/></Set>
         <Set name="keyStorePassword"><Get class="org.forgerock.openidm.jetty.Param" name="keystorePassword"/></Set>
         <Set name="keyStoreType"><Get class="org.forgerock.openidm.jetty.Param" name="keystoreType"/></Set>
@@ -138,7 +156,9 @@
         <Set name="trustStoreType"><Get class="org.forgerock.openidm.jetty.Param" name="truststoreType"/></Set>
         <Set name="trustStorePath"><Get class="org.forgerock.openidm.jetty.Param" name="truststoreLocation"/></Set>
         <Set name="trustStorePassword"><Get class="org.forgerock.openidm.jetty.Param" name="truststorePassword"/></Set>
-        <Set name="wantClientAuth">true</Set>
+        <Set name="WantClientAuth">
+            <Property name="jetty.sslContext.wantClientAuth" deprecated="jetty.ssl.wantClientAuth" default="true"/>
+        </Set>
         <Set name="certAlias"><Get class="org.forgerock.openidm.jetty.Param" name="certAlias"/></Set>
         <Set name="ExcludeProtocols">
             <Array type="java.lang.String">
@@ -150,7 +170,7 @@
         </Set>
     </New>
 
-    <New id="sslContextFactoryMutualAuth" class="org.eclipse.jetty.util.ssl.SslContextFactory">
+    <New id="sslContextFactoryMutualAuth" class="org.eclipse.jetty.util.ssl.SslContextFactory$Server">
         <Set name="keyStorePath"><Get class="org.forgerock.openidm.jetty.Param" name="keystoreLocation"/></Set>
         <Set name="keyStorePassword"><Get class="org.forgerock.openidm.jetty.Param" name="keystorePassword"/></Set>
         <Set name="keyStoreType"><Get class="org.forgerock.openidm.jetty.Param" name="keystoreType"/></Set>
@@ -159,7 +179,9 @@
         <Set name="trustStoreType"><Get class="org.forgerock.openidm.jetty.Param" name="truststoreType"/></Set>
         <Set name="trustStorePath"><Get class="org.forgerock.openidm.jetty.Param" name="truststoreLocation"/></Set>
         <Set name="trustStorePassword"><Get class="org.forgerock.openidm.jetty.Param" name="truststorePassword"/></Set>
-        <Set name="needClientAuth">true</Set>
+        <Set name="NeedClientAuth">
+            <Property name="jetty.sslContext.needClientAuth" deprecated="jetty.ssl.needClientAuth" default="true"/>
+        </Set>
         <Set name="certAlias"><Get class="org.forgerock.openidm.jetty.Param" name="certAlias"/></Set>
         <Set name="ExcludeProtocols">
             <Array type="java.lang.String">
diff --git a/pom.xml b/pom.xml
index 9068e1df63..2195b0cd35 100644
--- a/pom.xml
+++ b/pom.xml
@@ -120,7 +120,7 @@
         <javascript.maven.plugin.version>2.0.0-alpha-1</javascript.maven.plugin.version>
         <joda-time.version>2.9.4</joda-time.version>
         <h2.version>2.2.220</h2.version>
-        <paxweb.version>4.4.2</paxweb.version>
+        <paxweb.version>7.2.15</paxweb.version>
         <javax.inject.version>1_2</javax.inject.version>
         <xbean.version>4.5</xbean.version>
         <asm.version>5.0.4</asm.version>
@@ -217,7 +217,7 @@
         <module>openidm-security</module>
         <module>openidm-smartevent</module>
         <module>openidm-system</module>
-        <module>openidm-ui</module>
+<!--        <module>openidm-ui</module>-->
         <module>openidm-util</module>
         <module>openidm-workflow-activiti</module>
         <module>openidm-maintenance</module>

From 090bb3715ab6ff208ed932e3355d196e3995c441 Mon Sep 17 00:00:00 2001
From: maximthomas <maxim.thomas@gmail.com>
Date: Wed, 9 Jul 2025 17:03:47 +0300
Subject: [PATCH 2/6] Update paxweb to 7.4.6

---
 openidm-jetty-fragment/pom.xml | 10 ++++++++++
 pom.xml                        |  2 +-
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/openidm-jetty-fragment/pom.xml b/openidm-jetty-fragment/pom.xml
index fca9c30ccf..ed68505ff7 100644
--- a/openidm-jetty-fragment/pom.xml
+++ b/openidm-jetty-fragment/pom.xml
@@ -56,6 +56,16 @@
             <groupId>org.apache.felix</groupId>
             <artifactId>org.apache.felix.framework</artifactId>
         </dependency>
+        <dependency>
+            <groupId>org.osgi</groupId>
+            <artifactId>org.osgi.service.http.whiteboard</artifactId>
+            <version>1.1.0</version>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.felix</groupId>
+            <artifactId>org.apache.felix.http.servlet-api</artifactId>
+            <version>1.1.2</version>
+        </dependency>
 
         <!-- Test Dependencies -->
         <dependency>
diff --git a/pom.xml b/pom.xml
index 2195b0cd35..78f18268d2 100644
--- a/pom.xml
+++ b/pom.xml
@@ -120,7 +120,7 @@
         <javascript.maven.plugin.version>2.0.0-alpha-1</javascript.maven.plugin.version>
         <joda-time.version>2.9.4</joda-time.version>
         <h2.version>2.2.220</h2.version>
-        <paxweb.version>7.2.15</paxweb.version>
+        <paxweb.version>7.4.6</paxweb.version>
         <javax.inject.version>1_2</javax.inject.version>
         <xbean.version>4.5</xbean.version>
         <asm.version>5.0.4</asm.version>

From 75b5a332bf953653f979b9c65416c8cce2684811 Mon Sep 17 00:00:00 2001
From: maximthomas <maxim.thomas@gmail.com>
Date: Thu, 10 Jul 2025 10:50:49 +0300
Subject: [PATCH 3/6] update jetty excludedCipherSuites

---
 openidm-zip/src/main/resources/conf/jetty.xml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/openidm-zip/src/main/resources/conf/jetty.xml b/openidm-zip/src/main/resources/conf/jetty.xml
index b87af79ec6..9a616c6497 100644
--- a/openidm-zip/src/main/resources/conf/jetty.xml
+++ b/openidm-zip/src/main/resources/conf/jetty.xml
@@ -143,7 +143,10 @@
         <Item>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA</Item>
         <Item>TLS_RSA_WITH_AES_128_CBC_SHA</Item>
 
-
+        <Item>TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA</Item>
+        <Item>TLS_ECDH_RSA_WITH_AES_256_CBC_SHA</Item>
+        <Item>TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA</Item>
+        <Item>TLS_ECDH_RSA_WITH_AES_128_CBC_SHA</Item>
 
     </Array>
 

From f670080366c146eb85b299c641772307877f493a Mon Sep 17 00:00:00 2001
From: maximthomas <maxim.thomas@gmail.com>
Date: Fri, 11 Jul 2025 07:49:32 +0300
Subject: [PATCH 4/6] rearrange dependencies

---
 openidm-jetty-fragment/pom.xml |  2 --
 pom.xml                        | 16 ++++++++++++++--
 2 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/openidm-jetty-fragment/pom.xml b/openidm-jetty-fragment/pom.xml
index ed68505ff7..ea05004767 100644
--- a/openidm-jetty-fragment/pom.xml
+++ b/openidm-jetty-fragment/pom.xml
@@ -59,12 +59,10 @@
         <dependency>
             <groupId>org.osgi</groupId>
             <artifactId>org.osgi.service.http.whiteboard</artifactId>
-            <version>1.1.0</version>
         </dependency>
         <dependency>
             <groupId>org.apache.felix</groupId>
             <artifactId>org.apache.felix.http.servlet-api</artifactId>
-            <version>1.1.2</version>
         </dependency>
 
         <!-- Test Dependencies -->
diff --git a/pom.xml b/pom.xml
index 78f18268d2..993c934d42 100644
--- a/pom.xml
+++ b/pom.xml
@@ -137,6 +137,7 @@
         <osgi.promise.version>1.1.1</osgi.promise.version>
         <osgi.function.version>1.1.0</osgi.function.version>
         <osgi.pushstream.version>1.0.1</osgi.pushstream.version>
+        <osgi.whiteboard.version>1.1.0</osgi.whiteboard.version>
 
         <felix.framework.version>6.0.5</felix.framework.version>
         <felix.configadmin.version>1.9.18</felix.configadmin.version>
@@ -156,6 +157,7 @@
         <felix.webconsole.memoryusage.version>1.0.10</felix.webconsole.memoryusage.version>
         <felix.webconsole.obr.version>1.0.4</felix.webconsole.obr.version>
         <felix.webconsole.packageadmin.version>1.0.4</felix.webconsole.packageadmin.version>
+        <felix.servlet.version>1.1.2</felix.servlet.version>
 
         <!-- Site properties -->
         <siteDistributionURL>scp://community.internal.forgerock.com/var/www/vhosts/openidm.forgerock.org/httpdocs</siteDistributionURL>
@@ -217,7 +219,7 @@
         <module>openidm-security</module>
         <module>openidm-smartevent</module>
         <module>openidm-system</module>
-<!--        <module>openidm-ui</module>-->
+        <module>openidm-ui</module>
         <module>openidm-util</module>
         <module>openidm-workflow-activiti</module>
         <module>openidm-maintenance</module>
@@ -476,7 +478,11 @@
                 <artifactId>org.osgi.util.pushstream</artifactId>
                 <version>${osgi.pushstream.version}</version>
             </dependency>
-
+            <dependency>
+                <groupId>org.osgi</groupId>
+                <artifactId>org.osgi.service.http.whiteboard</artifactId>
+                <version>${osgi.whiteboard.version}</version>
+            </dependency>
             <dependency>
                 <groupId>org.apache.felix</groupId>
                 <artifactId>org.apache.felix.framework</artifactId>
@@ -603,6 +609,12 @@
                 <version>${felix.scr.version}</version>
             </dependency>
 
+            <dependency>
+                <groupId>org.apache.felix</groupId>
+                <artifactId>org.apache.felix.http.servlet-api</artifactId>
+                <version>${felix.servlet.version}</version>
+            </dependency>
+
             <!-- Quartz based scheduler OSGi bundle.
                  This version wraps the original jar which is not a bundle
             -->

From c0dd44cd85a0776ffd5685d60c48c8bc2a4ce462 Mon Sep 17 00:00:00 2001
From: maximthomas <maxim.thomas@gmail.com>
Date: Fri, 11 Jul 2025 08:53:12 +0300
Subject: [PATCH 5/6] update copyright

---
 openidm-jetty-fragment/pom.xml                | 1 +
 openidm-zip/src/main/resources/conf/jetty.xml | 1 +
 pom.xml                                       | 2 +-
 3 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/openidm-jetty-fragment/pom.xml b/openidm-jetty-fragment/pom.xml
index ea05004767..f9b967b626 100644
--- a/openidm-jetty-fragment/pom.xml
+++ b/openidm-jetty-fragment/pom.xml
@@ -13,6 +13,7 @@
  ~ information: "Portions copyright [year] [name of copyright owner]".
  ~
  ~ Copyright 2011-2016 ForgeRock AS.
+ ~ Portions copyright 2025 3A Systems LLC.
   -->
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
     <modelVersion>4.0.0</modelVersion>
diff --git a/openidm-zip/src/main/resources/conf/jetty.xml b/openidm-zip/src/main/resources/conf/jetty.xml
index 9a616c6497..430bb5b099 100644
--- a/openidm-zip/src/main/resources/conf/jetty.xml
+++ b/openidm-zip/src/main/resources/conf/jetty.xml
@@ -14,6 +14,7 @@
     ~ information: "Portions copyright [year] [name of copyright owner]".
     ~
     ~ Copyright 2015-2016 ForgeRock AS.
+    ~ Portions copyright 2025 3A Systems LLC.
 -->
 <Configure id="Server" class="org.eclipse.jetty.server.Server">
 
diff --git a/pom.xml b/pom.xml
index 993c934d42..f194b4d773 100644
--- a/pom.xml
+++ b/pom.xml
@@ -13,7 +13,7 @@
   ~ information: "Portions copyright [year] [name of copyright owner]".
   ~
   ~ Copyright 2011-2016 ForgeRock AS.
-  ~ Portions Copyrighted 2019-2024 3A Systems LLC.
+  ~ Portions copyright 2019-2025 3A Systems LLC.
   -->
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
     <modelVersion>4.0.0</modelVersion>

From 9785d99e09b0ce8be96e4bc5d75bd0501088cd2b Mon Sep 17 00:00:00 2001
From: maximthomas <maxim.thomas@gmail.com>
Date: Fri, 11 Jul 2025 09:45:00 +0300
Subject: [PATCH 6/6] GzipFilter is deprecated, move to GzipHandler

---
 openidm-zip/src/main/resources/conf/jetty.xml         | 11 ++++++++++-
 .../src/main/resources/conf/servletfilter-gzip.json   | 11 -----------
 2 files changed, 10 insertions(+), 12 deletions(-)
 delete mode 100644 openidm-zip/src/main/resources/conf/servletfilter-gzip.json

diff --git a/openidm-zip/src/main/resources/conf/jetty.xml b/openidm-zip/src/main/resources/conf/jetty.xml
index 430bb5b099..7872929196 100644
--- a/openidm-zip/src/main/resources/conf/jetty.xml
+++ b/openidm-zip/src/main/resources/conf/jetty.xml
@@ -141,7 +141,6 @@
         <Item>TLS_RSA_WITH_AES_256_CBC_SHA256</Item>
         <Item>TLS_RSA_WITH_AES_128_CBC_SHA256</Item>
         <Item>TLS_RSA_WITH_AES_256_CBC_SHA</Item>
-        <Item>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA</Item>
         <Item>TLS_RSA_WITH_AES_128_CBC_SHA</Item>
 
         <Item>TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA</Item>
@@ -197,6 +196,16 @@
         </Set>
     </New>
 
+    <Get id="OrigHandler" name="handler" />
+
+    <Set name="handler">
+        <New id="GzipHandler" class="org.eclipse.jetty.server.handler.gzip.GzipHandler">
+            <Set name="handler">
+                <Ref refid="OrigHandler" />
+            </Set>
+        </New>
+    </Set>
+
     <Call name="addConnector">
         <Arg>
             <New class="org.eclipse.jetty.server.ServerConnector">
diff --git a/openidm-zip/src/main/resources/conf/servletfilter-gzip.json b/openidm-zip/src/main/resources/conf/servletfilter-gzip.json
deleted file mode 100644
index 6d4545ba6b..0000000000
--- a/openidm-zip/src/main/resources/conf/servletfilter-gzip.json
+++ /dev/null
@@ -1,11 +0,0 @@
-{
-    "classPathURLs" : [ ],
-    "systemProperties" : { },
-    "requestAttributes" : { },
-    "initParams" : { },
-    "scriptExtensions" : { },
-    "urlPatterns" : [
-        "/*"
-    ],
-    "filterClass" : "org.eclipse.jetty.servlets.GzipFilter"
-}
\ No newline at end of file