[SPARK-47086][SPARK-48022][BUILD][CORE][WEBUI] Upgrade Jetty to 12.1.4, Jersey to 3.1.11 and Servlet to 6.0 #53116
Conversation
github-actions
bot
added
SQL
STRUCTURED STREAMING
WEB UI
BUILD
SPARK SHELL
YARN
CORE
DSTREAM
labels
| override def setStatus(status: Int): Unit = this.status = status | ||
|
|
||
| override def setStatus(sc: Int, sm: String): Unit = {} | ||
|
|
There was a problem hiding this comment.
These methods are removed because Servlet 6.0 doesn't support them.
https://jakarta.ee/specifications/servlet/6.0/apidocs/jakarta.servlet/jakarta/servlet/http/httpservletresponse
| if (queryString == null) { | ||
| return null; | ||
| } | ||
| Map<String, String[]> params = jakarta.servlet.http.HttpUtils.parseQueryString( queryString ); |
There was a problem hiding this comment.
HttpUtils was deprecated in Servlet 5.0 and removed in 6.0.
https://jakarta.ee/specifications/servlet/5.0/apidocs/jakarta/servlet/http/httputils
There was a problem hiding this comment.
Thank you, @sarutak . To minimize the PR, could you spin off this HttpUtils-related change PR?
There was a problem hiding this comment.
@dongjoon-hyun
You mean, merge this part first in another PR and then merge this PR right?
There was a problem hiding this comment.
Yes, I mean handling HttpUtils-deprecation first in the existing dependencies of master branch. This will help eventually this PR by reducing the complexity.
There was a problem hiding this comment.
OK, I will open another one.
…pServlet.java` with `HttpServletRequest.getQueryString` ### What changes were proposed in this pull request? This PR aims to replace `HtmlUtils.parseQueryString` in `ThriftHttpServlet.java` with `HttpServletRequest.getQueryString` ### Why are the changes needed? `HttpUtils` was deprecated in Servlet 5.0 and removed in 6.0. https://jakarta.ee/specifications/servlet/5.0/apidocs/jakarta/servlet/http/httputils This change is necessary for upgrading Jetty to 12 in #53116 ### Does this PR introduce _any_ user-facing change? No. ### How was this patch tested? GA. ### Was this patch authored or co-authored using generative AI tooling? No. Closes #53119 from sarutak/replace-http-utils. Authored-by: Kousuke Saruta <[email protected]> Signed-off-by: Dongjoon Hyun <[email protected]>
sarutak
force-pushed
the
upgrade-jetty
branch
from
ac779f7 to
451d794
Compare
| } | ||
|
|
||
| test("SPARK-45522: Jetty 10 and above shouuld return status code 302 with correct redirect url" + | ||
| test("SPARK-47086: Jetty 12 and above should return status code 301 with correct redirect url" + |
There was a problem hiding this comment.
Oh, is this changed from 302 (Temporary Redirect) to 301 (Permanent Redirect)?
There was a problem hiding this comment.
Yes. When a context root path is accessed without trailing slash, 301 is returned.
- https://github.com/jetty/jetty.project/blob/4137e00793d583cfc4ce76bf607e482178a85597/jetty-core/jetty-server/src/main/java/org/eclipse/jetty/server/handler/ContextHandler.java#L1205
- https://github.com/jetty/jetty.project/blob/4137e00793d583cfc4ce76bf607e482178a85597/jetty-core/jetty-server/src/main/java/org/eclipse/jetty/server/handler/ContextHandler.java#L1259
While Servlet's HttpServletResponse.sendRedirect still returns 302.
| jersey-container-servlet/3.0.18//jersey-container-servlet-3.0.18.jar | ||
| jersey-hk2/3.0.18//jersey-hk2-3.0.18.jar | ||
| jersey-server/3.0.18//jersey-server-3.0.18.jar | ||
| jersey-client/3.1.11//jersey-client-3.1.11.jar |
There was a problem hiding this comment.
Could you mention jersey version in the PR title because this is also important, @sarutak ?
sarutak
changed the title
sarutak
changed the title
|
As far as I recall, when @HiuKwok previously attempted to migrate to Jetty 12, a problem with the Has this issue been resolved now? |
It sounds like a shocking news, @dongjoon-hyun, I understand 4.1 has been feature frozen, do you think we can have an exception for this one, otherwise, that means Spark 4.1 has no workaround during its 18 months lifecycle if Jetty 11 exposes new CVEs. |
Yes. Otherwise, this test should fail because of the following reason:
|
| val redirectServer = if (server.contains(":") && !server.startsWith("[")) { | ||
| s"[$server]" | ||
| } else { | ||
| server | ||
| } |
There was a problem hiding this comment.
this can be simplified by using Utils.addBracketsIfNeeded(server)
There was a problem hiding this comment.
This part is just brought from the original code. Unless we need to refactor this part within this PR, I'd like to complete upgrading first and then open a followup PR.
There was a problem hiding this comment.
was not aware of that, it's fine then.
| when(clientRequest.getScheme()).thenReturn("http") | ||
| when(clientRequest.getHeader("host")).thenReturn(s"$localhost:8080") | ||
| when(clientRequest.getPathInfo()).thenReturn("/proxy/worker-id/jobs") | ||
| when(clientRequest.getPathInfo()).thenReturn("/worker-id/jobs") |
There was a problem hiding this comment.
Good question. This change is relevant to this part.
/proxy is a context root so the returned value from HttpServletRequest#getPathInfo should not contain /proxy. In old versions of Jetty, the returned value can strangely contain a context root.
As of Jetty 12, Jetty specific Core API and the standard Servlet API are decoupled and getPathInfo doesn't return a path with a context root (/proxy in this case).
There was a problem hiding this comment.
thanks for the explanation, the Jetty 12 behavior sounds more reasonable, do you think it is worth leaving some comment (at def createProxyLocationHeader, not here) to briefly explain such behavior changes?
There was a problem hiding this comment.
I'm OK to leave a comment. I'll do it and your another suggestion together in a followup PR.
pan3793
left a comment
pan3793
left a comment
There was a problem hiding this comment.
Have manually verified with YARN integration, proxy works as expected.
$ spark-sql
WARNING: Using incubator modules: jdk.incubator.vector
Setting default log level to "WARN".
To adjust logging level use sc.setLogLevel(newLevel). For SparkR, use setLogLevel(newLevel).
2025-11-20 06:50:36 WARN Client: Neither spark.yarn.jars nor spark.yarn.archive is set, falling back to uploading libraries under SPARK_HOME.
Spark Web UI available at http://hadoop-master1.orb.local:4040
Spark master: yarn, Application Id: application_1763621405849_0001
spark-sql (default)>
Access http://hadoop-master1.orb.local:4040 and it is correctly redirected to the YARN RM address.
|
@pan3793 Thank you for verifying! |
4 participants
What changes were proposed in this pull request?
This PR proposes to upgrade Jetty to 12.1.4, Jersey to 3.1.11 and Servlet to 6.0 which need to be upgraded together.
Because Jetty 12 is significantly changed from 11.x, this PR mainly considers following things to upgrade.
Filterwhile it's difficult to do it with Jetty specificCore API.ProxyRedirectHandleris rewritten using newCore APIbecauseHandlerWrapperis no longer available. It's difficult to implementProxyRedirectHandlerwith the standard Servlet API soCore APIis used.Why are the changes needed?
Jetty 11 is already EOF and starting Jan 1, 2026, no more release will be published.
jetty/jetty.project#13918
Does this PR introduce any user-facing change?
No.
How was this patch tested?
Existing tests with some tweaks.
Was this patch authored or co-authored using generative AI tooling?
No.