Merge branch '1.1-stable'

* 1.1-stable: (27 commits)
  update for next development snapshot
  prepare for 1.1.18
  note that ErrorApp::ShowStatus is not public API + delay rack loading
  setup and integration spec with a Rails 4.1 stub
  make back-ported ShowStatus compatible and use it instead of Rack::ShowStatus
  back-port Rack::ShowStatus to be used with out ErrorApp (contains XSS fix see #190)
  missed Gemfile.lock for rack ~> 1.5.2
  context-loader rackup script resolution should work also when rackup.path configured
  search config.ru on context-classloader if not found otherwise
  introduce a new layout where the whole application + gems are packed under WEB-INF/classes
  update to rack ~> 1.5.2 (for JRuby-Rack 1.1.x)
  [travis-ci] more JRuby 1.6.8 excludes + allow failures (still useful for spec regressions)
  do not care about "OpenSSL::Random requires the jruby-openssl gem" on 1.6.8
  [travis-ci ] make sure 1.1 is kept backwards (JRuby 1.6.x) compatible
  fix compatibility for newly added (servlet-env) specs with all (supported) rack versions
  [travis-ci] fix jruby excludes (using explicit jruby-1.7.x version number now)
  use Rack::Utils.best_q_match in ErrorApp if available, also accepts_html? is private API
  re-arrange JRuby::Rack::ErrorApp internals
  even more compatibility with rack's parse_nested_query logic for "pure" servlet-env
  improved rack-compatibility for our "pure" servlet-env request env parsing impl
  ...

Author: kares

.travis.yml

@@ -41,7 +41,6 @@ before_install:
   - ((echo $BUNDLE_GEMFILE | grep rails23) && jruby --1.9 -S gem update --system 1.8.29) || true
 matrix:
   allow_failures:
-    #- rvm: jruby-head
     #- gemfile: gemfiles/rails41.gemfile
   exclude:
     ## avoid jruby-head with JDK6 :
@@ -123,6 +122,14 @@ matrix:
       gemfile: gemfiles/rails41.gemfile
       env: JRUBY_OPTS="--1.8 $JRUBY_OPTS"
       jdk: oraclejdk7
+    - rvm: jruby-1.7.16
+      gemfile: gemfiles/rails41.gemfile
+      env: JRUBY_OPTS="--1.8 $JRUBY_OPTS"
+      jdk: openjdk6
+    - rvm: jruby-1.7.16
+      gemfile: gemfiles/rails41.gemfile
+      env: JRUBY_OPTS="--1.8 $JRUBY_OPTS"
+      jdk: oraclejdk7
     - rvm: jruby-1.7.16
       gemfile: gemfiles/rails41.gemfile
       env: JRUBY_OPTS="--1.8 $JRUBY_OPTS"

History.md

@@ -1,3 +1,14 @@
+## 1.1.18 (13/01/15)
+
+- back-port Rack::ShowStatus to be used with out ErrorApp (contains XSS fix #190)
+- search rackup (config.ru) on context-classloader if not found elsewhere
+- introduce a new ClassPathLayout where the whole app + gems are on CP (#191)
+- update to (vendored) rack ~> 1.5.2 (for JRuby-Rack 1.1.x)
+- use Rack::Utils.best_q_match in ErrorApp if available
+- improved rack-compatibility for our "pure" servlet-env request env parsing
+  * raise a TypeError just like rack does when it detects invalid parameters
+  * compatibility with rack's parse_nested_query logic
+
 ## 1.1.17 (30/12/14)
 
 This release changes deployment from codehaus.org to oss.sonatype.org for artifacts.

gemfiles/rails40.gemfile.lock

@@ -1,25 +1,25 @@
 GEM
   remote: https://rubygems.org/
   specs:
-    actionmailer (4.0.8)
-      actionpack (= 4.0.8)
-      mail (~> 2.5.4)
-    actionpack (4.0.8)
-      activesupport (= 4.0.8)
+    actionmailer (4.0.13)
+      actionpack (= 4.0.13)
+      mail (~> 2.5, >= 2.5.4)
+    actionpack (4.0.13)
+      activesupport (= 4.0.13)
       builder (~> 3.1.0)
       erubis (~> 2.7.0)
       rack (~> 1.5.2)
       rack-test (~> 0.6.2)
-    activemodel (4.0.8)
-      activesupport (= 4.0.8)
+    activemodel (4.0.13)
+      activesupport (= 4.0.13)
       builder (~> 3.1.0)
-    activerecord (4.0.8)
-      activemodel (= 4.0.8)
+    activerecord (4.0.13)
+      activemodel (= 4.0.13)
       activerecord-deprecated_finders (~> 1.0.2)
-      activesupport (= 4.0.8)
+      activesupport (= 4.0.13)
       arel (~> 4.0.0)
     activerecord-deprecated_finders (1.0.3)
-    activesupport (4.0.8)
+    activesupport (4.0.13)
       i18n (~> 0.6, >= 0.6.9)
       minitest (~> 4.2)
       multi_json (~> 1.3)
@@ -30,28 +30,26 @@ GEM
     diff-lcs (1.2.5)
     erubis (2.7.0)
     hike (1.2.3)
-    i18n (0.6.11)
-    mail (2.5.4)
-      mime-types (~> 1.16)
-      treetop (~> 1.4.8)
-    mime-types (1.25.1)
+    i18n (0.7.0)
+    mail (2.6.3)
+      mime-types (>= 1.16, < 3)
+    mime-types (2.4.3)
     minitest (4.7.5)
     multi_json (1.10.1)
-    polyglot (0.3.5)
     rack (1.5.2)
-    rack-test (0.6.2)
+    rack-test (0.6.3)
       rack (>= 1.0)
-    rails (4.0.8)
-      actionmailer (= 4.0.8)
-      actionpack (= 4.0.8)
-      activerecord (= 4.0.8)
-      activesupport (= 4.0.8)
+    rails (4.0.13)
+      actionmailer (= 4.0.13)
+      actionpack (= 4.0.13)
+      activerecord (= 4.0.13)
+      activesupport (= 4.0.13)
       bundler (>= 1.3.0, < 2.0)
-      railties (= 4.0.8)
+      railties (= 4.0.13)
       sprockets-rails (~> 2.0)
-    railties (4.0.8)
-      actionpack (= 4.0.8)
-      activesupport (= 4.0.8)
+    railties (4.0.13)
+      actionpack (= 4.0.13)
+      activesupport (= 4.0.13)
       rake (>= 0.8.7)
       thor (>= 0.18.1, < 2.0)
     rake (10.3.2)
@@ -63,22 +61,19 @@ GEM
     rspec-expectations (2.14.5)
       diff-lcs (>= 1.1.3, < 2.0)
     rspec-mocks (2.14.6)
-    sprockets (2.12.1)
+    sprockets (2.12.3)
       hike (~> 1.2)
       multi_json (~> 1.0)
       rack (~> 1.0)
       tilt (~> 1.1, != 1.3.0)
-    sprockets-rails (2.1.3)
+    sprockets-rails (2.2.2)
       actionpack (>= 3.0)
       activesupport (>= 3.0)
-      sprockets (~> 2.8)
+      sprockets (>= 2.8, < 4.0)
     thor (0.19.1)
     thread_safe (0.3.4-java)
     tilt (1.4.1)
-    treetop (1.4.15)
-      polyglot
-      polyglot (>= 0.3.1)
-    tzinfo (0.3.41)
+    tzinfo (0.3.42)
 
 PLATFORMS
   java

gemfiles/rails41.gemfile.lock

@@ -1,27 +1,27 @@
 GEM
   remote: https://rubygems.org/
   specs:
-    actionmailer (4.1.4)
-      actionpack (= 4.1.4)
-      actionview (= 4.1.4)
-      mail (~> 2.5.4)
-    actionpack (4.1.4)
-      actionview (= 4.1.4)
-      activesupport (= 4.1.4)
+    actionmailer (4.1.9)
+      actionpack (= 4.1.9)
+      actionview (= 4.1.9)
+      mail (~> 2.5, >= 2.5.4)
+    actionpack (4.1.9)
+      actionview (= 4.1.9)
+      activesupport (= 4.1.9)
       rack (~> 1.5.2)
       rack-test (~> 0.6.2)
-    actionview (4.1.4)
-      activesupport (= 4.1.4)
+    actionview (4.1.9)
+      activesupport (= 4.1.9)
       builder (~> 3.1)
       erubis (~> 2.7.0)
-    activemodel (4.1.4)
-      activesupport (= 4.1.4)
+    activemodel (4.1.9)
+      activesupport (= 4.1.9)
       builder (~> 3.1)
-    activerecord (4.1.4)
-      activemodel (= 4.1.4)
-      activesupport (= 4.1.4)
+    activerecord (4.1.9)
+      activemodel (= 4.1.9)
+      activesupport (= 4.1.9)
       arel (~> 5.0.0)
-    activesupport (4.1.4)
+    activesupport (4.1.9)
       i18n (~> 0.6, >= 0.6.9)
       json (~> 1.7, >= 1.7.7)
       minitest (~> 5.1)
@@ -32,31 +32,29 @@ GEM
     diff-lcs (1.2.5)
     erubis (2.7.0)
     hike (1.2.3)
-    i18n (0.6.11)
-    json (1.8.1-java)
-    mail (2.5.4)
-      mime-types (~> 1.16)
-      treetop (~> 1.4.8)
-    mime-types (1.25.1)
-    minitest (5.4.0)
+    i18n (0.7.0)
+    json (1.8.2-java)
+    mail (2.6.3)
+      mime-types (>= 1.16, < 3)
+    mime-types (2.4.3)
+    minitest (5.5.1)
     multi_json (1.10.1)
-    polyglot (0.3.5)
     rack (1.5.2)
-    rack-test (0.6.2)
+    rack-test (0.6.3)
       rack (>= 1.0)
-    rails (4.1.4)
-      actionmailer (= 4.1.4)
-      actionpack (= 4.1.4)
-      actionview (= 4.1.4)
-      activemodel (= 4.1.4)
-      activerecord (= 4.1.4)
-      activesupport (= 4.1.4)
+    rails (4.1.9)
+      actionmailer (= 4.1.9)
+      actionpack (= 4.1.9)
+      actionview (= 4.1.9)
+      activemodel (= 4.1.9)
+      activerecord (= 4.1.9)
+      activesupport (= 4.1.9)
       bundler (>= 1.3.0, < 2.0)
-      railties (= 4.1.4)
+      railties (= 4.1.9)
       sprockets-rails (~> 2.0)
-    railties (4.1.4)
-      actionpack (= 4.1.4)
-      activesupport (= 4.1.4)
+    railties (4.1.9)
+      actionpack (= 4.1.9)
+      activesupport (= 4.1.9)
       rake (>= 0.8.7)
       thor (>= 0.18.1, < 2.0)
     rake (10.3.2)
@@ -68,21 +66,18 @@ GEM
     rspec-expectations (2.14.5)
       diff-lcs (>= 1.1.3, < 2.0)
     rspec-mocks (2.14.6)
-    sprockets (2.12.1)
+    sprockets (2.12.3)
       hike (~> 1.2)
       multi_json (~> 1.0)
       rack (~> 1.0)
       tilt (~> 1.1, != 1.3.0)
-    sprockets-rails (2.1.3)
+    sprockets-rails (2.2.2)
       actionpack (>= 3.0)
       activesupport (>= 3.0)
-      sprockets (~> 2.8)
+      sprockets (>= 2.8, < 4.0)
     thor (0.19.1)
     thread_safe (0.3.4-java)
     tilt (1.4.1)
-    treetop (1.4.15)
-      polyglot
-      polyglot (>= 0.3.1)
     tzinfo (1.2.2)
       thread_safe (~> 0.1)
 

src/main/java/org/jruby/rack/DefaultRackApplicationFactory.java

@@ -7,13 +7,14 @@
 
 package org.jruby.rack;
 
-import java.io.IOException;
+
 import java.io.File;
+import java.io.IOException;
+import java.io.InputStream;
 import java.lang.reflect.InvocationTargetException;
 import java.lang.reflect.Method;
 import java.net.URISyntaxException;
 import java.net.URL;
-import java.util.Iterator;
 import java.util.Map;
 import java.util.Set;
 
@@ -195,7 +196,7 @@ public IRubyObject createErrorApplicationObject(final Ruby runtime) {
         }
         if (errorApp == null) {
             errorApp = "require 'jruby/rack/error_app' \n" +
-            "use Rack::ShowStatus \n" +
+            "use JRuby::Rack::ErrorApp::ShowStatus \n" +
             "run JRuby::Rack::ErrorApp.new";
         }
         runtime.evalScriptlet("load 'jruby/rack/boot/rack.rb'");
@@ -510,23 +511,34 @@ private String findConfigRuPathInSubDirectories(final String path, int level) {
 
             if (level > 0) {
                 level--;
-                for ( Iterator<String> i = entries.iterator(); i.hasNext(); ) {
-                    String subpath = i.next();
-                    if (subpath.endsWith("/")) {
+                for ( String subpath : entries ) {
+                    final int len = subpath.length();
+                    if ( len > 0 && subpath.charAt(len - 1) == '/' ) {
                         subpath = findConfigRuPathInSubDirectories(subpath, level);
-                        if (subpath != null) {
-                            return subpath;
-                        }
+                        if ( subpath != null ) return subpath;
                     }
                 }
             }
         }
         return null;
     }
 
-    private String resolveRackupScript() throws RackInitializationException {
-        rackupLocation = "<web.xml>";
+    private static String getContextLoaderScript(final String name, final boolean silent)
+        throws IOException {
+        try { // still try context-loader for resolving rackup :
+            final ClassLoader contextLoader = Thread.currentThread().getContextClassLoader();
+            InputStream is = contextLoader.getResourceAsStream(name);
+            return IOHelpers.inputStreamToString(is);
+        }
+        catch (IOException e) {
+            if ( silent ) return null; throw e;
+        }
+        catch (RuntimeException e) {
+            if ( silent ) return null; throw e;
+        }
+    }
 
+    private String resolveRackupScript() throws RackInitializationException {
         String rackup = rackContext.getConfig().getRackup();
         if (rackup == null) {
             rackup = rackContext.getConfig().getRackupPath();
@@ -543,16 +555,39 @@ private String resolveRackupScript() throws RackInitializationException {
             }
 
             if (rackup != null) {
-                rackupLocation = rackContext.getRealPath(rackup);
+                InputStream is;
                 try {
-                    rackup = IOHelpers.inputStreamToString(rackContext.getResourceAsStream(rackup));
+                    is = rackContext.getResourceAsStream(rackup);
+                    rackupLocation = rackContext.getRealPath(rackup);
+                    return this.rackupScript = IOHelpers.inputStreamToString(is);
+                }
+                catch (IOException e) {
+                    try { // last - try context-loader for resolving rackup :
+                        if ( (rackup = getContextLoaderScript(rackup, true)) != null ) {
+                            return this.rackupScript = rackup;
+                        }
+                    }
+                    catch (IOException ex) { /* won't happen */ }
+
+                    rackContext.log(RackLogger.ERROR, "failed to read rackup from '"+ rackup + "' (" + e + ")");
+                    throw new RackInitializationException("failed to read rackup input", e);
+                }
+            }
+            else {
+                rackup = "config.ru";
+                try {
+                    rackup = getContextLoaderScript(rackup, false);
+                    rackupLocation = "uri:classloader://config.ru";
                 }
                 catch (IOException e) {
                     rackContext.log(ERROR, "failed to read rackup from '"+ rackup + "' (" + e + ")");
                     throw new RackInitializationException("failed to read rackup input", e);
                 }
             }
         }
+        else {
+            rackupLocation = "<web.xml>";
+        }
 
         return this.rackupScript = rackup;
     }