Merge pull request #3033 from jtnord/JENKINS-37062

[JENKINS-37062] incorporate changes from stapler 1.253 (servlet 3.1)

cli/pom.xml

@@ -31,7 +31,6 @@
     <dependency>
       <groupId>commons-codec</groupId>
       <artifactId>commons-codec</artifactId>
-      <version>1.4</version>
     </dependency>
     <dependency>
       <groupId>commons-io</groupId>

core/pom.xml

@@ -39,7 +39,7 @@ THE SOFTWARE.
 
   <properties>
     <staplerFork>true</staplerFork>
-    <stapler.version>1.252</stapler.version>
+    <stapler.version>1.253</stapler.version>
     <spring.version>2.5.6.SEC03</spring.version>
     <groovy.version>2.4.11</groovy.version>
     <!-- TODO: Actually many issues are being filtered by src/findbugs/findbugs-excludes.xml -->
@@ -472,9 +472,9 @@ THE SOFTWARE.
       <scope>test</scope>
     </dependency>
     <dependency><!-- needed by Jelly -->
-      <groupId>javax.servlet</groupId>
-      <artifactId>jstl</artifactId>
-      <version>1.1.0</version>
+      <groupId>javax.servlet.jsp.jstl</groupId>
+      <artifactId>javax.servlet.jsp.jstl-api</artifactId>
+      <version>1.2.1</version>
     </dependency>
     <dependency>
       <groupId>org.slf4j</groupId>
@@ -572,10 +572,9 @@ THE SOFTWARE.
       <version>1.1</version>
     </dependency>
 
-    <dependency><!-- Jenkins doesn't depend on it but some plugin wants the latest version. Bundling 1.6 until we figure out a mechanism to let plugins load its own -->
+    <dependency>
       <groupId>commons-codec</groupId>
       <artifactId>commons-codec</artifactId>
-      <version>1.8</version>
     </dependency>
 
     <dependency>

core/src/main/java/jenkins/slaves/EncryptedSlaveAgentJnlpFile.java

@@ -4,12 +4,12 @@
 import hudson.security.Permission;
 import hudson.slaves.SlaveComputer;
 import hudson.util.Secret;
+
 import hudson.Util;
 import org.kohsuke.stapler.HttpResponse;
 import org.kohsuke.stapler.ResponseImpl;
 import org.kohsuke.stapler.StaplerRequest;
 import org.kohsuke.stapler.StaplerResponse;
-import org.kohsuke.stapler.compression.FilterServletOutputStream;
 
 import javax.crypto.Cipher;
 import javax.crypto.SecretKey;
@@ -18,12 +18,15 @@
 import javax.servlet.RequestDispatcher;
 import javax.servlet.ServletException;
 import javax.servlet.ServletOutputStream;
+import javax.servlet.WriteListener;
 import javax.servlet.http.HttpServletResponseWrapper;
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.io.PrintWriter;
 import java.security.GeneralSecurityException;
 import java.security.SecureRandom;
+import java.util.logging.Level;
+import java.util.logging.Logger;
 
 /**
  * Serves the JNLP file.
@@ -35,6 +38,9 @@
  * @since 1.560
  */
 public class EncryptedSlaveAgentJnlpFile implements HttpResponse {
+
+    private static final Logger LOG = Logger.getLogger(EncryptedSlaveAgentJnlpFile.class.getName());
+
     /**
      * The object that owns the Jelly view that renders JNLP file.
      * This is typically a {@link SlaveComputer} and if so we'll use {@link SlaveComputer#getJnlpMac()}
@@ -64,13 +70,13 @@ public EncryptedSlaveAgentJnlpFile(AccessControlled it, String viewName, String
     }
 
     @Override
-    public void generateResponse(StaplerRequest req, StaplerResponse res, Object node) throws IOException, ServletException {
+    public void generateResponse(StaplerRequest req, final StaplerResponse res, Object node) throws IOException, ServletException {
         RequestDispatcher view = req.getView(it, viewName);
         if ("true".equals(req.getParameter("encrypt"))) {
-            final ByteArrayOutputStream baos = new ByteArrayOutputStream();
+            final CapturingServletOutputStream csos = new CapturingServletOutputStream();
             StaplerResponse temp = new ResponseImpl(req.getStapler(), new HttpServletResponseWrapper(res) {
                 @Override public ServletOutputStream getOutputStream() throws IOException {
-                    return new FilterServletOutputStream(baos);
+                    return csos;
                 }
                 @Override public PrintWriter getWriter() throws IOException {
                     throw new IllegalStateException();
@@ -92,7 +98,7 @@ public void generateResponse(StaplerRequest req, StaplerResponse res, Object nod
             try {
                 Cipher c = Secret.getCipher("AES/CFB8/NoPadding");
                 c.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(iv));
-                encrypted = c.doFinal(baos.toByteArray());
+                encrypted = c.doFinal(csos.getBytes());
             } catch (GeneralSecurityException x) {
                 throw new IOException(x);
             }
@@ -104,4 +110,52 @@ public void generateResponse(StaplerRequest req, StaplerResponse res, Object nod
             view.forward(req, res);
         }
     }
+
+
+    /**
+     * A {@link ServletOutputStream} that captures all the data rather than writing to a client.
+     */
+    private static class CapturingServletOutputStream extends ServletOutputStream { 
+
+        private ByteArrayOutputStream baos = new ByteArrayOutputStream();
+
+        @Override
+        public boolean isReady() {
+            return true;
+        }
+
+        @Override
+        public void setWriteListener(WriteListener writeListener) {
+            // we are always ready to write so we just call once to say we are ready.
+            try {
+                // should we do this on a separate thread to avoid deadlocks?
+                writeListener.onWritePossible();
+            } catch (IOException e) {
+                LOG.log(Level.WARNING, "Failed to notify WriteListener.onWritePossible", e);
+            }
+        }
+
+        @Override
+        public void write(int b) throws IOException {
+            baos.write(b);
+        }
+
+        @Override
+        public void write(byte[] b) throws IOException {
+            baos.write(b);
+        }
+
+        @Override
+        public void write(byte[] b, int off, int len) throws IOException {
+            baos.write(b, off, len);
+        }
+
+        /** 
+         * Get the data that has been written to this ServletOutputStream.
+         * @return the data that has been written to this ServletOutputStream.
+         */
+        byte[] getBytes() {
+            return baos.toByteArray();
+        }
+    }
 }

pom.xml

@@ -233,6 +233,31 @@ THE SOFTWARE.
         <artifactId>access-modifier-annotation</artifactId>
         <version>${access-modifier-annotation.version}</version>
       </dependency>
+      <dependency>
+        <!--  make sure these old servlet versions are never used by us or by any plugins which end up depending on this version -->
+        <!--  plugin-pom tries to fudge servlet support to be compatible with cores < 2.0 and JTH which needs 3.x for jetty,
+              and ends up causing issues with some IDEs -->
+        <groupId>javax.servlet</groupId>
+        <!-- the old artifactID for the servlet API -->
+        <artifactId>servlet-api</artifactId>
+        <version>[0]</version>
+        <!-- 
+              "[0]" is a range that must be exaclty 0
+              this is different to "0" which is hint to use version 0.
+              therefore unless anyone else uses ranges (they should not) this version will always win
+              We have deployed a version 0 to jenkins repo which has an empty jar
+              This prevents conflicts between the old Servet API and the new Servlet API as the groupIDs have changed
+              see https://github.com/jenkinsci/jenkins/pull/3033/files#r141325857 for a fuller description
+        -->
+        <scope>provided</scope>
+        <optional>true</optional>
+      </dependency>
+      <!--  TODO also add commons-logging and log4j -->
+      <dependency>
+        <groupId>commons-codec</groupId>
+        <artifactId>commons-codec</artifactId>
+        <version>1.9</version>
+      </dependency>
     </dependencies>
   </dependencyManagement>
 
@@ -249,6 +274,12 @@ THE SOFTWARE.
       <artifactId>test-annotations</artifactId>
       <scope>test</scope>
     </dependency>
+    <dependency>
+      <!-- make sure our dependency tree and all others are clean of the legacy servlet api.  -->
+      <groupId>javax.servlet</groupId>
+      <!-- the old artifactID for the servlet API -->
+      <artifactId>servlet-api</artifactId>
+    </dependency>
   </dependencies>
 
   <build>
@@ -327,8 +358,8 @@ THE SOFTWARE.
             <dependency>
               <!-- this provided scope dependency doesn't get added to GMaven unless explicitly added here -->
               <groupId>javax.servlet</groupId>
-              <artifactId>servlet-api</artifactId>
-              <version>2.4</version>
+              <artifactId>javax.servlet-api</artifactId>
+              <version>3.1.0</version>
             </dependency>
             <dependency>
               <groupId>org.codehaus.gmaven.runtime</groupId>

war/pom.xml

@@ -61,12 +61,8 @@ THE SOFTWARE.
           jars that are not needed in war. most of the exclusions should happen in the core, to make IDEs happy, not here.
         -->
         <exclusion>
-          <groupId>javax.servlet</groupId>
-          <artifactId>servlet-api</artifactId>
-        </exclusion>
-        <exclusion>
-          <groupId>javax.servlet</groupId>
-          <artifactId>jsp-api</artifactId>
+          <groupId>javax.servlet.jsp</groupId>
+          <artifactId>javax.servlet.jsp-api</artifactId>
         </exclusion>
         <!-- Stapler 1.195 fails to declare this as optional, and the 1.1 version lacks a license: -->
         <exclusion>