Description
Describe the bug
PWM fails to run on Jetty 12, because it attempts to add and remove cookies at points where the servlet request/response are not meant to be editable (per the Servlet API spec). This was permitted anyway in earlier Jetty versions, but Jetty 12 enforces the spec and gives an error.
To Reproduce
Steps to reproduce the behavior:
- Download Jetty 12.x
- Deploy the PWM 2.0.8 WAR file
- Browse to the PWM login screen.
- Log in.
- Directory contents are displayed, instead of the dashboard. Stack trace is logged.
Expected behavior
PWM should start and run in Jetty 12 the same as 11.
Additional context
java.lang.UnsupportedOperationException: Read Only
at org.eclipse.jetty.server.internal.ResponseHttpFields$2.set(ResponseHttpFields.java:227)
at org.eclipse.jetty.server.internal.ResponseHttpFields$2.set(ResponseHttpFields.java:169)
at org.eclipse.jetty.http.HttpFields$Mutable.put(HttpFields.java:1218)
at org.eclipse.jetty.http.HttpFields$Mutable.put(HttpFields.java:1242)
at org.eclipse.jetty.ee8.nested.Response.setHeader(Response.java:595)
at password.pwm.http.filter.CookieManagementFilter.addSameSiteCookieAttribute(CookieManagementFilter.java:143)
at password.pwm.http.filter.CookieManagementFilter.doFilter(CookieManagementFilter.java:78)
jetty/jetty.project#12766 appears to be related.
I attempted to resolve the above by editing CookieManagementFilter to add the cookie before calling filterChain.doFilter; however, this simply resulted in a similar error occurring at a different point in the code (RequestInitializationFilter line 221 attempts to modify a read-only request).