Servlet 4 metadata-complete=true should skip introspection of annotations #4506
Comments
janbartel
added
the
Specification
Signed-off-by: Jan Bartel <janb@webtide.com>
|
related to #4234? |
|
@olamy yes I believe so. Your issue states that if metadata-complete==true, then ServletSecurity should never be processed. According to the new wording of the servlet spec, that isn't true - when you programmatically add a servlet using the ServletContext.createServlet methods, then you always have to introspect it for ServletSecurity/Multipart/PostConstruct/PreDestroy etc annotations regardless of what metadata-complete says. My reading of the spec is:
This issue is for cases 1 && 2: we have been introspecting servlets/filters/listeners defined in web.xml or web-fragment.xml with metadata-complete==true. |
Signed-off-by: Jan Bartel <janb@webtide.com>
Signed-off-by: Jan Bartel <janb@webtide.com>
Signed-off-by: Jan Bartel <janb@webtide.com>
* Issue #4506 Do not introspect annotations on metadata-complete fragments Signed-off-by: Jan Bartel <janb@webtide.com>
Remaining Issues: - JSP compilation failure caused by: apache/tomcat@224fb6c#diff-ef02fd9c3f90ca4838d3cdaa051489556eca75d537fc396022e0ed456c24d895R329 - `WebSocketClientConnectionHandler.onConnect` assumes that `session.getRemoteAddress()` supplies an `InetSocketAddress` which might not always be true. What's the best approach in our context? Fixed in this commit: - Websocket server Maven artifact renamed from `websocket-server` to `websocket-jetty-server` - `WebSocketServlet` renamed to `JettyWebSocketServlet` - `WebSocketServletFactory` renamed to `JettyWebSocketServletFactory` See: https://www.eclipse.org/jetty/documentation/jetty-10/programming-guide/index.html#pg-migration-94-to-10 - `GzipHandler` is no longer part of `ServletContextHandler` jetty/jetty.project#4765 - Renamed `setWebInfClassesDirs` to `setWebInfClassesResources` jetty/jetty.project#4506 - Split `SslContextFactory` into Client and Server jetty/jetty.project#3464
Remaining Issues: - JSP compilation failure caused by: apache/tomcat@224fb6c#diff-ef02fd9c3f90ca4838d3cdaa051489556eca75d537fc396022e0ed456c24d895R329 - `WebSocketClientConnectionHandler.onConnect` assumes that `session.getRemoteAddress()` supplies an `InetSocketAddress` which might not always be true. What's the best approach in our context? Fixed in this commit: - Websocket server Maven artifact renamed from `websocket-server` to `websocket-jetty-server` - `WebSocketServlet` renamed to `JettyWebSocketServlet` - `WebSocketServletFactory` renamed to `JettyWebSocketServletFactory` See: https://www.eclipse.org/jetty/documentation/jetty-10/programming-guide/index.html#pg-migration-94-to-10 - `GzipHandler` is no longer part of `ServletContextHandler` jetty/jetty.project#4765 - Renamed `setWebInfClassesDirs` to `setWebInfClassesResources` jetty/jetty.project#4506 - Split `SslContextFactory` into Client and Server jetty/jetty.project#3464
Remaining Issues: - JSP compilation failure caused by: apache/tomcat@224fb6c#diff-ef02fd9c3f90ca4838d3cdaa051489556eca75d537fc396022e0ed456c24d895R329 - `WebSocketClientConnectionHandler.onConnect` assumes that `session.getRemoteAddress()` supplies an `InetSocketAddress` which might not always be true. What's the best approach in our context? Fixed in this commit: - Websocket server Maven artifact renamed from `websocket-server` to `websocket-jetty-server` - `WebSocketServlet` renamed to `JettyWebSocketServlet` - `WebSocketServletFactory` renamed to `JettyWebSocketServletFactory` See: https://www.eclipse.org/jetty/documentation/jetty-10/programming-guide/index.html#pg-migration-94-to-10 - `GzipHandler` is no longer part of `ServletContextHandler` jetty/jetty.project#4765 - Renamed `setWebInfClassesDirs` to `setWebInfClassesResources` jetty/jetty.project#4506 - Split `SslContextFactory` into Client and Server jetty/jetty.project#3464
jetty-10
jakartaee/servlet#144
Servlet Spec 4, Changes Since 3.1, pg A-203:
This clarification states that if metadata-complete==true, any annotation that has an equivalent in web.xml must be ignored. This includes all annotations for which jetty introspects on a servlet, filter or listener such as PostConstruct, PreDestroy, Resource, Resources, DeclaresRoles, ServletSecurity, MultipartConfig.
The text was updated successfully, but these errors were encountered: