HIVE-29393: Upgrade Jetty 9.4.x to 10.0.24

Author: smohite

common/src/java/org/apache/hive/http/HttpServer.java

@@ -661,7 +661,7 @@ ServerConnector createAndAddChannelConnector(int queueSize, Builder b) {
     if (!b.useSSL) {
       connector = new ServerConnector(webServer, http);
     } else {
-      SslContextFactory sslContextFactory = new SslContextFactory.Server();
+      SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
       sslContextFactory.setKeyStorePath(b.keyStorePath);
       sslContextFactory.setKeyStoreType(b.keyStoreType == null || b.keyStoreType.isEmpty() ?
           KeyStore.getDefaultType(): b.keyStoreType);

common/src/java/org/apache/hive/http/security/PamAuthenticator.java

@@ -24,7 +24,8 @@
 import org.eclipse.jetty.security.authentication.LoginAuthenticator;
 import org.eclipse.jetty.server.Authentication;
 import org.eclipse.jetty.server.UserIdentity;
-import org.eclipse.jetty.util.B64Code;
+import java.util.Base64;
+import java.nio.charset.StandardCharsets;
 
 import javax.security.sasl.AuthenticationException;
 import javax.servlet.ServletRequest;
@@ -41,9 +42,9 @@
   This class authenticates HS2 web UI via PAM. To authenticate use
 
    * httpGet with header name "Authorization"
-   * and header value "Basic authB64Code"
+   * and header value "Basic authBase64Code"
 
-    where  authB64Code is Base64 string for "login:password"
+    where  authBase64Code is Base64 string for "login:password"
  */
 
 public class PamAuthenticator extends LoginAuthenticator {
@@ -79,7 +80,8 @@ public Authentication validateRequest(ServletRequest req, ServletResponse res, b
           String method = credentials.substring(0, space);
           if ("basic".equalsIgnoreCase(method)) {
             credentials = credentials.substring(space + 1);
-            credentials = B64Code.decode(credentials, StandardCharsets.ISO_8859_1);
+            byte[] decodedBytes = Base64.getDecoder().decode(credentials);
+            credentials = new String(decodedBytes, StandardCharsets.ISO_8859_1);
             int i = credentials.indexOf(':');
             if (i > 0) {
               String username = credentials.substring(0, i);

hcatalog/webhcat/svr/pom.xml

@@ -234,6 +234,10 @@
       <artifactId>junit-vintage-engine</artifactId>
       <scope>test</scope>
     </dependency>
+    <dependency>
+      <groupId>org.eclipse.jetty</groupId>
+      <artifactId>jetty-util</artifactId>
+    </dependency>
   </dependencies>
   <build>
     <resources>

hcatalog/webhcat/svr/src/main/java/org/apache/hive/hcatalog/templeton/Main.java

@@ -26,6 +26,8 @@
 import java.io.File;
 import java.io.FileInputStream;
 import java.io.IOException;
+import java.nio.file.Path;
+import java.nio.file.Paths;
 import java.util.ArrayList;
 import java.util.EnumSet;
 import java.util.HashMap;
@@ -35,6 +37,7 @@
 import org.apache.hadoop.security.authentication.server.AuthenticationFilter;
 import org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler;
 import org.apache.hadoop.hive.common.IPStackUtils;
+import org.eclipse.jetty.util.resource.PathResource;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.apache.commons.lang3.StringUtils;
@@ -63,6 +66,7 @@
 import org.eclipse.jetty.servlet.ServletContextHandler;
 import org.eclipse.jetty.servlet.ServletHolder;
 import org.eclipse.jetty.util.ssl.SslContextFactory;
+import org.eclipse.jetty.util.resource.Resource;
 import org.eclipse.jetty.xml.XmlConfiguration;
 import org.slf4j.bridge.SLF4JBridgeHandler;
 
@@ -204,9 +208,11 @@ public Server runServer(int port)
     if (StringUtils.isEmpty(conf.jettyConfiguration())) {
       server = new Server(port);
     } else {
-        FileInputStream jettyConf = new FileInputStream(conf.jettyConfiguration());
-        XmlConfiguration configuration = new XmlConfiguration(jettyConf);
-        server = (Server)configuration.configure();
+        Path configPath = Paths.get(conf.jettyConfiguration());
+        PathResource jettyResource = new PathResource(configPath);
+
+        XmlConfiguration configuration = new XmlConfiguration(jettyResource);
+        server = (Server) configuration.configure();
     }
 
     ServletContextHandler root = new ServletContextHandler(server, "/");
@@ -289,7 +295,7 @@ private Connector createChannelConnector(Server server) {
 
     if (conf.getBoolean(AppConfig.USE_SSL, false)) {
       LOG.info("Using SSL for templeton.");
-      SslContextFactory sslContextFactory = new SslContextFactory.Server();
+      SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
       sslContextFactory.setKeyStorePath(conf.get(AppConfig.KEY_STORE_PATH, DEFAULT_KEY_STORE_PATH));
       sslContextFactory.setKeyStorePassword(conf.get(AppConfig.KEY_STORE_PASSWORD, DEFAULT_KEY_STORE_PASSWORD));
       Set<String> excludedSSLProtocols = Sets.newHashSet(Splitter.on(",").trimResults().omitEmptyStrings()

itests/hive-unit/src/test/java/org/apache/hive/jdbc/TestActivePassiveHA.java

@@ -59,7 +59,7 @@
 import org.apache.http.StatusLine;
 import org.apache.http.util.EntityUtils;
 import org.eclipse.jetty.http.HttpHeader;
-import org.eclipse.jetty.util.B64Code;
+import java.util.Base64;
 import org.eclipse.jetty.util.StringUtil;
 import org.junit.After;
 import org.junit.AfterClass;
@@ -812,9 +812,9 @@ private String sendAuthMethod(HttpRequestBase method, boolean enableAuth, boolea
   }
 
   private void setupAuthHeaders(final HttpRequestBase method) {
-    String authB64Code =
-        B64Code.encode(ADMIN_USER + ":" + ADMIN_PASSWORD, StringUtil.__ISO_8859_1);
-    method.setHeader(HttpHeader.AUTHORIZATION.asString(), "Basic " + authB64Code);
+    String credentials = ADMIN_USER + ":" + ADMIN_PASSWORD;
+    String authBase64Code = Base64.getEncoder().encodeToString(credentials.getBytes(StandardCharsets.ISO_8859_1));
+    method.setHeader(HttpHeader.AUTHORIZATION.asString(), "Basic " + authBase64Code);
   }
 
   private Map<String, String> getConfOverlay(final String instanceId) {

itests/qtest-druid/pom.xml

@@ -32,7 +32,7 @@
     <hive.path.to.root>../..</hive.path.to.root>
     <druid.curator.version>4.0.0</druid.curator.version>
     <druid.jersey.version>1.19.3</druid.jersey.version>
-    <druid.jetty.version>9.4.57.v20241219</druid.jetty.version>
+    <druid.jetty.version>10.0.24</druid.jetty.version>
     <druid.derby.version>10.11.1.1</druid.derby.version>
     <druid.guava.version>16.0.1</druid.guava.version>
     <druid.guice.version>4.1.0</druid.guice.version>

packaging/src/license/licenses.xml

@@ -301,8 +301,8 @@
     </dependency>
     <dependency>
       <groupId>org.eclipse.jetty.websocket</groupId>
-      <artifactId>websocket-api</artifactId>
-      <version>9.4.57.v20241219</version>
+      <artifactId>websocket-jetty-api</artifactId>
+      <version>10.0.24</version>
       <licenses>
         <license>
           <name>Apache Software License - Version 2.0</name>
@@ -313,8 +313,8 @@
     </dependency>
     <dependency>
       <groupId>org.eclipse.jetty.websocket</groupId>
-      <artifactId>websocket-client</artifactId>
-      <version>9.4.57.v20241219</version>
+      <artifactId>websocket-jetty-client</artifactId>
+      <version>10.0.24</version>
       <licenses>
         <license>
           <name>Apache Software License - Version 2.0</name>
@@ -337,8 +337,8 @@
     </dependency>
     <dependency>
       <groupId>org.eclipse.jetty.websocket</groupId>
-      <artifactId>websocket-server</artifactId>
-      <version>9.4.57.v20241219</version>
+      <artifactId>websocket-jetty-server</artifactId>
+      <version>10.0.24</version>
       <licenses>
         <license>
           <name>Apache Software License - Version 2.0</name>
@@ -507,7 +507,7 @@
     <dependency>
       <groupId>org.eclipse.jetty</groupId>
       <artifactId>jetty-server</artifactId>
-      <version>9.4.57.v20241219</version>
+      <version>10.0.24</version>
       <licenses>
         <license>
           <name>Apache Software License - Version 2.0</name>
@@ -531,7 +531,7 @@
     <dependency>
       <groupId>org.eclipse.jetty</groupId>
       <artifactId>jetty-util-ajax</artifactId>
-      <version>9.4.57.v20241219</version>
+      <version>10.0.24</version>
       <licenses>
         <license>
           <name>Apache Software License - Version 2.0</name>
@@ -543,7 +543,7 @@
     <dependency>
       <groupId>org.eclipse.jetty</groupId>
       <artifactId>jetty-util</artifactId>
-      <version>9.4.57.v20241219</version>
+      <version>10.0.24</version>
       <licenses>
         <license>
           <name>Apache Software License - Version 2.0</name>

pom.xml

@@ -160,7 +160,7 @@
     <javax-servlet.version>3.1.0</javax-servlet.version>
     <javolution.version>5.5.1</javolution.version>
     <jettison.version>1.5.4</jettison.version>
-    <jetty.version>9.4.57.v20241219</jetty.version>
+    <jetty.version>10.0.24</jetty.version>
     <jersey.version>1.19.4</jersey.version>
     <!-- HIVE-28992: only upgrade to newer than 3.25.0 if you tested the prompt -->
     <jline.version>3.25.0</jline.version>

service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpCLIService.java

@@ -126,22 +126,18 @@ public void setThreadFactory(ThreadFactory threadFactory) {
       conf.setResponseHeaderSize(responseHeaderSize);
       conf.setSendServerVersion(false);
       conf.setSendXPoweredBy(false);
-      final HttpConnectionFactory http = new HttpConnectionFactory(conf) {
-        public Connection newConnection(Connector connector, EndPoint endPoint) {
-          Connection connection = super.newConnection(connector, endPoint);
-          connection.addListener(new Connection.Listener() {
-            public void onOpened(Connection connection) {
-              openConnection();
-            }
-
-            public void onClosed(Connection connection) {
-              closeConnection();
-            }
-          });
-          return connection;
+      final HttpConnectionFactory http = new HttpConnectionFactory(conf);
+      http.addBean(new Connection.Listener() {
+        @Override
+        public void onOpened(Connection connection) {
+          openConnection();
         }
-      };
 
+        @Override
+        public void onClosed(Connection connection) {
+          closeConnection();
+        }
+      });
       boolean useSsl = hiveConf.getBoolVar(ConfVars.HIVE_SERVER2_USE_SSL);
       String schemeName = useSsl ? "https" : "http";
 
@@ -163,7 +159,7 @@ public void onClosed(Connection connection) {
         if (keyStoreAlgorithm.isEmpty()) {
           keyStoreAlgorithm = KeyManagerFactory.getDefaultAlgorithm();
         }
-        SslContextFactory sslContextFactory = new SslContextFactory.Server();
+        SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
         String[] excludedProtocols = hiveConf.getVar(ConfVars.HIVE_SSL_PROTOCOL_BLACKLIST).split(",");
         LOG.info("HTTP Server SSL: adding excluded protocols: " + Arrays.toString(excludedProtocols));
         sslContextFactory.addExcludeProtocols(excludedProtocols);

service/src/test/org/apache/hive/service/server/TestHS2HttpServerLDAP.java

@@ -35,7 +35,8 @@
 import org.apache.http.params.BasicHttpParams;
 import org.apache.http.params.HttpParams;
 import org.eclipse.jetty.http.HttpHeader;
-import org.eclipse.jetty.util.B64Code;
+import java.util.Base64;
+import java.nio.charset.StandardCharsets;
 import org.eclipse.jetty.util.StringUtil;
 
 import java.nio.charset.StandardCharsets;
@@ -89,8 +90,9 @@ public void testValidCredentialsWithAuthorizationHeader() throws Exception {
       httpclient = builder.build();
 
       HttpGet httpGet = new HttpGet("http://" + HOST + ":" + webUIPort + "/jmx");
-      String authB64Code = B64Code.encode(VALID_USER + ":" + VALID_PASS, StringUtil.__ISO_8859_1);
-      httpGet.setHeader(HttpHeader.AUTHORIZATION.asString(), "Basic " + authB64Code);
+      String credentials = VALID_USER + ":" + VALID_PASS;
+      String authBase64Code = Base64.getEncoder().encodeToString(credentials.getBytes(StandardCharsets.ISO_8859_1));
+      httpGet.setHeader(HttpHeader.AUTHORIZATION.asString(), "Basic " + authBase64Code);
       httpclient.execute(httpGet);
 
       Assert.assertTrue(isAuthorized(httpCookieStore.getCookies()));
@@ -110,8 +112,9 @@ public void testInvalidCredentialsWithInAuthorizationHeader() throws Exception {
       httpclient = builder.build();
 
       HttpGet httpGet = new HttpGet("http://" + HOST + ":" + webUIPort + "/jmx");
-      String authB64Code = B64Code.encode(INVALID_USER + ":" + INVALID_PASS, StringUtil.__ISO_8859_1);
-      httpGet.setHeader(HttpHeader.AUTHORIZATION.asString(), "Basic " + authB64Code);
+      String credentials = INVALID_USER + ":" + INVALID_PASS;
+      String authBase64Code = Base64.getEncoder().encodeToString(credentials.getBytes(StandardCharsets.ISO_8859_1));
+      httpGet.setHeader(HttpHeader.AUTHORIZATION.asString(), "Basic " + authBase64Code);
       httpclient.execute(httpGet);
 
       Assert.assertFalse(isAuthorized(httpCookieStore.getCookies()));