KREST-1030 Upgrade Jetty to fix a number of CVEs.

This brings the #249
and the #151 changes
to the older branches.

In addition to that, it also makes the smallest possible changes in
order to fix failures in SslTest.java after the upgrade. This doesn't
cleanly map to an existing change in the higher version branches,
because the problem was addressed before a Jetty upgrade started
causing SslTest.java to fail, but the closest equivalent is probably
the combination of #147
and #155.

core/src/main/java/io/confluent/rest/Application.java

@@ -363,7 +363,7 @@ protected void configureSecurityHandler(ServletContextHandler context) {
   }
 
   private SslContextFactory createSslContextFactory() {
-    SslContextFactory sslContextFactory = new SslContextFactory();
+    SslContextFactory sslContextFactory = new SslContextFactory.Server();
     if (!config.getString(RestConfig.SSL_KEYSTORE_LOCATION_CONFIG).isEmpty()) {
       sslContextFactory.setKeyStorePath(
           config.getString(RestConfig.SSL_KEYSTORE_LOCATION_CONFIG)

core/src/test/java/io/confluent/rest/CustomInitTest.java

@@ -141,7 +141,7 @@ public void onError(Throwable t) {
 
     WebSocket ws = Dsl.asyncHttpClient()
         .prepareGet(WS_URI + "/test")
-        .setRequestTimeout(5000)
+        .setRequestTimeout(10000)
         .execute(wsHandler)
         .get();
 

core/src/test/java/io/confluent/rest/SaslTest.java

@@ -163,14 +163,14 @@ public void testNoAuthAttemptOnWs() throws Exception {
   @Test
   public void testBadLoginAttempt() throws Exception {
     try (CloseableHttpResponse response =
-        makeGetRequest("/test", "this shouldnt work")) {
+        makeGetRequest("/test", "dGVzdA==")) {
       assertEquals(UNAUTHORIZED.getStatusCode(), response.getStatusLine().getStatusCode());
     }
   }
 
   @Test
   public void testBadLoginAttemptOnWs() throws Exception {
-    int statusCode = makeWsGetRequest("this shouldnt work");
+    int statusCode = makeWsGetRequest("dGVzdA==");
     assertEquals(UNAUTHORIZED.getStatusCode(), statusCode);
   }
 
@@ -272,7 +272,7 @@ public void onError(Throwable t) {
     }
 
     WebSocket ws = requestBuilder
-        .setRequestTimeout(5000)
+        .setRequestTimeout(10000)
         .execute(wsHandler)
         .get();
 

core/src/test/java/io/confluent/rest/metrics/MetricsResourceMethodApplicationListenerIntegrationTest.java

@@ -1,5 +1,6 @@
 package io.confluent.rest.metrics;
 
+import javax.servlet.ServletException;
 import org.eclipse.jetty.server.Request;
 import org.eclipse.jetty.server.handler.ErrorHandler;
 import org.eclipse.jetty.servlet.ServletContextHandler;
@@ -107,7 +108,7 @@ public void handle(
             Request baseRequest,
             HttpServletRequest request,
             HttpServletResponse response
-        ) throws IOException {
+        ) throws IOException, ServletException {
           handledException = (Throwable) request.getAttribute(RequestDispatcher.ERROR_EXCEPTION);
           super.handle(target, baseRequest, request, response);
         }

pom.xml

@@ -51,7 +51,7 @@
         <apache.httpclient.version>4.5.13</apache.httpclient.version>
         <confluent.maven.repo>http://packages.confluent.io/maven/</confluent.maven.repo>
         <jersey.version>2.27</jersey.version>
-        <jetty.version>9.4.14.v20181114</jetty.version>
+        <jetty.version>9.4.40.v20210413</jetty.version>
         <asynchttpclient.version>2.2.0</asynchttpclient.version>
         <guava.version>30.1.1-jre</guava.version>
     </properties>