Skip to content

Issue #12806 - Overhaul ComplianceViolation.Listener reporting #14090

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
joakime wants to merge 32 commits into
base: jetty-12.1.x
Choose a base branch
from
Open

Issue #12806 - Overhaul ComplianceViolation.Listener reporting #14090

joakime wants to merge 32 commits into from
+1,923 −468

Conversation

@joakime
Copy link
Contributor

@joakime joakime commented Nov 25, 2025
edited
Loading

Cleanup all code paths that perform a ComplianceViolation check to do the following ...

  • Always report the violation, if detected.
  • Report if the violation was allowed (or not)
  • Use the HttpChannelState.getCompliaceViolationListener() in all cases (this gets the benefit of a single ComplianceViolation.Listener to use, along with all of the initialize(), onRequestBegin(), and onRequestEnd() techniques.
  • Deprecate the HttpConfiguration notify methods
  • Deprecate the ComplianceViolation.notify() static methods.

Closes #12806

@joakime joakime self-assigned this Nov 25, 2025
@joakime joakime added the Bug For general bugs on Jetty side label Nov 25, 2025
@joakime joakime added the Sponsored This issue affects a user with a commercial support agreement label Nov 25, 2025
@joakime joakime moved this to 👀 In review in Jetty 12.1.5 Nov 25, 2025
@joakime joakime mentioned this pull request Nov 25, 2025
Closed
@joakime joakime removed this from Jetty 12.1.5 Nov 27, 2025
@joakime joakime moved this to 👀 In review in Jetty 12.1.6 Nov 27, 2025
gregw
gregw previously requested changes Nov 27, 2025
View reviewed changes
@joakime joakime marked this pull request as ready for review December 2, 2025 13:01
@joakime joakime requested a review from gregw December 2, 2025 13:01
gregw
gregw reviewed Dec 18, 2025
View reviewed changes
Copy link
Contributor

@gregw gregw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looking better, but still work to do.

@joakime joakime requested a review from sbordet January 9, 2026 23:05
@joakime joakime dismissed gregw’s stale review January 9, 2026 23:06

Very out of date review.
Using @sbordet for review.

sbordet
sbordet requested changes Jan 19, 2026
View reviewed changes
@joakime joakime requested a review from sbordet January 21, 2026 17:04
sbordet
sbordet requested changes Jan 21, 2026
View reviewed changes
jetty-core/jetty-http/src/main/java/org/eclipse/jetty/http/ComplianceUtils.java Outdated
}
}

public static <T extends Throwable> void notifyAndAssert(ComplianceViolation.Mode compliance,
Copy link
Contributor

@sbordet sbordet Jan 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd prefer the *Assert methods to be removed, as they don't add anything, and they're as verbose as just calling allowed()/notifyAndCheck() plus throwing.

Copy link
Contributor Author

@joakime joakime Jan 21, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

so you want to go from ...

if (checkCompliance(compliance, violation1, detail, error))
{
   // do allowed part for violation1
} 
else if (checkCompliance(compliance, violation2, detail, error))
{
   // do allowed part for violation2
}

to

if (allowed(compliance, violation1))
{
   // do allowed part for violation1
} 
else 
{
   throw error(violation1, detail)
}

if (allowed(compliance, violation2))
{
  // do allowed part for violation2
} 
else 
{
  throw error(violation2, detail)
}

That's going to blossom the lines of code a significant bit

lorban
lorban requested changes Jan 21, 2026
View reviewed changes
jetty-core/jetty-http/src/main/java/org/eclipse/jetty/http/QuotedCSV.java Outdated
boolean allowed = _complianceMode.allows(violation);
_listener.onComplianceViolation(new ComplianceViolation.Event(_complianceMode, violation, value, allowed));
if (!allowed)
throw new BadMessageException("Invalid quoted: " + value);
Copy link
Contributor

@lorban lorban Jan 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

BadMessageException is deprecated and has been replaced by HttpException.RuntimeException.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@gregw gregw gregw left review comments

@lorban lorban lorban requested changes

@sbordet sbordet sbordet requested changes

Requested changes must be addressed to merge this pull request.

Assignees

@joakime joakime

Labels

Bug For general bugs on Jetty side Sponsored This issue affects a user with a commercial support agreement

Projects

Jetty 12.1.6
Status: 👀 In review

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

ComplianceViolation.Listener isn't very useful for helping identify clients that need to migrate to standards

5 participants

@joakime @gregw @sbordet @lorban