Merge remote-tracking branch 'origin/jetty-10.0.x' into jetty-11.0.x

demos/demo-jetty-webapp/src/test/resources/test-realm.properties

@@ -5,7 +5,7 @@
 #  <username>: <password>[,<rolename> ...]
 #
 # Passwords may be clear text, obfuscated or checksummed.  The class 
-# org.eclipse.util.Password should be used to generate obfuscated
+# org.eclipse.jetty.util.security.Password should be used to generate obfuscated
 # passwords or password checksums
 #
 # If DIGEST Authentication is used, the password must be in a recoverable

demos/demo-spec/demo-spec-webapp/src/etc/realm.properties

@@ -5,7 +5,7 @@
 #  <username>: <password>[,<rolename> ...]
 #
 # Passwords may be clear text, obfuscated or checksummed.  The class 
-# org.eclipse.util.Password should be used to generate obfuscated
+# org.eclipse.jetty.util.security.Password should be used to generate obfuscated
 # passwords or password checksums
 #
 # If DIGEST Authentication is used, the password must be in a recoverable

demos/embedded/src/main/resources/demo/demo-realm.properties

@@ -5,7 +5,7 @@
 #  <username>: <password>[,<rolename> ...]
 #
 # Passwords may be clear text, obfuscated or checksummed.  The class 
-# org.eclipse.util.Password should be used to generate obfuscated
+# org.eclipse.jetty.util.security.Password should be used to generate obfuscated
 # passwords or password checksums
 #
 # If DIGEST Authentication is used, the password must be in a recoverable

jetty-deploy/src/test/resources/etc/realm.properties

@@ -5,7 +5,7 @@
 #  <username>: <password>[,<rolename> ...]
 #
 # Passwords may be clear text, obfuscated or checksummed.  The class 
-# org.eclipse.util.Password should be used to generate obfuscated
+# org.eclipse.jetty.util.security.Password should be used to generate obfuscated
 # passwords or password checksums
 #
 # If DIGEST Authentication is used, the password must be in a recoverable

jetty-home/src/main/resources/modules/demo.d/demo-realm.properties

@@ -5,7 +5,7 @@
 #  <username>: <password>[,<rolename> ...]
 #
 # Passwords may be clear text, obfuscated or checksummed.  The class 
-# org.eclipse.util.Password should be used to generate obfuscated
+# org.eclipse.jetty.util.security.Password should be used to generate obfuscated
 # passwords or password checksums
 #
 # If DIGEST Authentication is used, the password must be in a recoverable

jetty-home/src/main/resources/modules/jolokia/jolokia-realm.properties

@@ -0,0 +1,31 @@
+#
+# ========================================================================
+# Copyright (c) 1995-2022 Mort Bay Consulting Pty Ltd and others.
+#
+# This program and the accompanying materials are made available under the
+# terms of the Eclipse Public License v. 2.0 which is available at
+# https://www.eclipse.org/legal/epl-2.0, or the Apache License, Version 2.0
+# which is available at https://www.apache.org/licenses/LICENSE-2.0.
+#
+# SPDX-License-Identifier: EPL-2.0 OR Apache-2.0
+# ========================================================================
+#
+
+#
+# This file defines users passwords and roles for a HashUserRealm
+#
+# The format is
+#  <username>: <password>[,<rolename> ...]
+#
+# Passwords may be clear text, obfuscated or checksummed.  The class
+# org.eclipse.jetty.util.security.Password should be used to generate obfuscated
+# passwords or password checksums
+#
+# If DIGEST Authentication is used, the password must be in a recoverable
+# format, either plain text or OBF:.
+
+# - Example using MD5 for digest auth (The credential is a MD5 hash of username:realmname:password)
+# jolokia:MD5:164c88b302622e17050af52c89945d44,jolokia
+
+# - Example using plaintext
+# jolokia:jetty,jolokia

jetty-osgi/test-jetty-osgi/src/test/config/etc/realm.properties

@@ -5,7 +5,7 @@
 #  <username>: <password>[,<rolename> ...]
 #
 # Passwords may be clear text, obfuscated or checksummed.  The class 
-# org.eclipse.util.Password should be used to generate obfuscated
+# org.eclipse.jetty.util.security.Password should be used to generate obfuscated
 # passwords or password checksums
 #
 # If DIGEST Authentication is used, the password must be in a recoverable

jetty-security/src/test/resources/realm.properties

@@ -5,7 +5,7 @@
 #  <username>: <password>[,<rolename> ...]
 #
 # Passwords may be clear text, obfuscated or checksummed.  The class 
-# org.eclipse.util.Password should be used to generate obfuscated
+# org.eclipse.jetty.util.security.Password should be used to generate obfuscated
 # passwords or password checksums
 #
 # If DIGEST Authentication is used, the password must be in a recoverable

jetty-util/src/main/java/org/eclipse/jetty/util/security/Password.java

@@ -29,7 +29,7 @@
  * </pre>
  *
  * Passwords that begin with OBF: are de obfuscated. Passwords can be obfuscated
- * by run org.eclipse.util.Password as a main class. Obfuscated password are
+ * by run {@link org.eclipse.jetty.util.security.Password} as a main class. Obfuscated password are
  * required if a system needs to recover the full password (eg. so that it may
  * be passed to another system). They are not secure, but prevent casual
  * observation.

pom.xml

@@ -43,7 +43,7 @@
     <felix.version>7.0.3</felix.version>
     <findbugs.jsr305.version>3.0.2</findbugs.jsr305.version>
     <google.errorprone.version>2.11.0</google.errorprone.version>
-    <grpc.version>1.45.0</grpc.version>
+    <grpc.version>1.45.1</grpc.version>
     <gson.version>2.9.0</gson.version>
     <guava.version>31.1-jre</guava.version>
     <guice.version>5.1.0</guice.version>

tests/test-distribution/src/test/resources/realm.properties

@@ -5,7 +5,7 @@
 #  <username>: <password>[,<rolename> ...]
 #
 # Passwords may be clear text, obfuscated or checksummed.  The class 
-# org.eclipse.util.Password should be used to generate obfuscated
+# org.eclipse.jetty.util.security.Password should be used to generate obfuscated
 # passwords or password checksums
 #
 # If DIGEST Authentication is used, the password must be in a recoverable

tests/test-integration/src/test/resources/realm.properties

@@ -5,7 +5,7 @@
 #  <username>: <password>[,<rolename> ...]
 #
 # Passwords may be clear text, obfuscated or checksummed.  The class 
-# org.eclipse.util.Password should be used to generate obfuscated
+# org.eclipse.jetty.util.security.Password should be used to generate obfuscated
 # passwords or password checksums
 #
 # If DIGEST Authentication is used, the password must be in a recoverable

tests/test-quickstart/src/test/resources/realm.properties

@@ -5,7 +5,7 @@
 #  <username>: <password>[,<rolename> ...]
 #
 # Passwords may be clear text, obfuscated or checksummed.  The class 
-# org.eclipse.util.Password should be used to generate obfuscated
+# org.eclipse.jetty.util.security.Password should be used to generate obfuscated
 # passwords or password checksums
 #
 # If DIGEST Authentication is used, the password must be in a recoverable

tests/test-sessions/test-mongodb-sessions/src/test/resources/realm.properties

@@ -5,7 +5,7 @@
 #  <username>: <password>[,<rolename> ...]
 #
 # Passwords may be clear text, obfuscated or checksummed.  The class 
-# org.eclipse.util.Password should be used to generate obfuscated
+# org.eclipse.jetty.util.security.Password should be used to generate obfuscated
 # passwords or password checksums
 #
 # If DIGEST Authentication is used, the password must be in a recoverable