Re: Any plans on extending the 4.4.x stream?

2017-09-15 Thread Grzegorz Grzybek 
Hello Trevor

See https://ops4j1.jira.com/wiki/spaces/paxweb/blog/ - in August I've
released both 4.4.1 and 4.3.4. If you like please create PAXWEB jira issue
or just let me know about required Jetty update and I can release 4.3.5 or
4.4.2 if you like (even 4.2.x)

regards
Grzegorz Grzybek

2017-09-16 7:26 GMT+02:00 'Achim Nierbeck' via OPS4J :

> Hi Trevor,
>
> you still could try out with the 4.3 line.
> It might already contain what you need.
> Regarding Jira and PR, yes, please a Jira with a PR that contains the jira
> number. This way we always can
> make sure which commit belongs to which version.
>
> One thing though, as 6 is the actually last released version, what made it
> hard for you to upgrade?
> Cause even though it's a major version, we look carefully not to break to
> much stuff.
>
>
> regards, Achim
>
>
> 2017-09-16 2:16 GMT+02:00 Niclas Hedhman :
>
>>
>> I suggest that you submit the PR. That is the easy part. Question is if
>> there is someone willing to do the release. If you are, then great... if
>> not, you would need to convince (charm, beer, bribe, threat...) someone to
>> do it.
>>
>> Cheers
>> Niclas
>>
>> On Sat, Sep 16, 2017 at 5:04 AM, Trevor Brown <
>> tbr...@securityfirstcorp.com> wrote:
>>
>>> Hi all,
>>>
>>> My company is using Pax Web 4.2.7 right now. Unfortunately the version
>>> of Jetty in that release (and actually all Pax Web releases, it seems) is
>>> vulnerable to a timing channel attack (see https://github.com/eclips
>>> e/jetty.project/issues/1556 for details).
>>>
>>> I started looking at options, and right now it looks like the only
>>> upgrade path I have that won't require a lot of effort on my part (I
>>> experimented and failed using any of the 6.x releases) is to upgrade within
>>> the 4.x releases of Pax Web. I just rebuilt 4.4.1 locally with Jetty 9.2.22
>>> and all the unit tests passed.
>>>
>>> So I'm wondering whether I should open a JIRA and submit a pull request
>>> for the upgrade in the 4.4.x stream, or whether I should just consider this
>>> a one-off fork for now and maybe work to pick up the Jetty 9.4.x work in
>>> the 6.0.x stream?
>>>
>>> Thanks in advance.
>>>
>>> --
>>> --
>>> --
>>> OPS4J - http://www.ops4j.org - ops4j@googlegroups.com
>>>
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "OPS4J" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to ops4j+unsubscr...@googlegroups.com.
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>
>>
>>
>> --
>> Niclas Hedhman, Software Developer
>> http://polygene.apache.org - New Energy for Java
>>
>> --
>> --
>> --
>> OPS4J - http://www.ops4j.org - ops4j@googlegroups.com
>>
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "OPS4J" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to ops4j+unsubscr...@googlegroups.com.
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
>
> --
>
> Apache Member
> Apache Karaf  Committer & PMC
> OPS4J Pax Web  Committer &
> Project Lead
> blog 
> Co-Author of Apache Karaf Cookbook 
>
> Software Architect / Project Manager / Scrum Master
>
> --
> --
> --
> OPS4J - http://www.ops4j.org - ops4j@googlegroups.com
>
> ---
> You received this message because you are subscribed to the Google Groups
> "OPS4J" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ops4j+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
-- 
--
OPS4J - http://www.ops4j.org - ops4j@googlegroups.com

--- 
You received this message because you are subscribed to the Google Groups 
"OPS4J" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ops4j+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Any plans on extending the 4.4.x stream?

2017-09-15 Thread 'Achim Nierbeck' via OPS4J 
Hi Trevor,

you still could try out with the 4.3 line.
It might already contain what you need.
Regarding Jira and PR, yes, please a Jira with a PR that contains the jira
number. This way we always can
make sure which commit belongs to which version.

One thing though, as 6 is the actually last released version, what made it
hard for you to upgrade?
Cause even though it's a major version, we look carefully not to break to
much stuff.


regards, Achim


2017-09-16 2:16 GMT+02:00 Niclas Hedhman :

>
> I suggest that you submit the PR. That is the easy part. Question is if
> there is someone willing to do the release. If you are, then great... if
> not, you would need to convince (charm, beer, bribe, threat...) someone to
> do it.
>
> Cheers
> Niclas
>
> On Sat, Sep 16, 2017 at 5:04 AM, Trevor Brown <
> tbr...@securityfirstcorp.com> wrote:
>
>> Hi all,
>>
>> My company is using Pax Web 4.2.7 right now. Unfortunately the version of
>> Jetty in that release (and actually all Pax Web releases, it seems) is
>> vulnerable to a timing channel attack (see https://github.com/eclips
>> e/jetty.project/issues/1556 for details).
>>
>> I started looking at options, and right now it looks like the only
>> upgrade path I have that won't require a lot of effort on my part (I
>> experimented and failed using any of the 6.x releases) is to upgrade within
>> the 4.x releases of Pax Web. I just rebuilt 4.4.1 locally with Jetty 9.2.22
>> and all the unit tests passed.
>>
>> So I'm wondering whether I should open a JIRA and submit a pull request
>> for the upgrade in the 4.4.x stream, or whether I should just consider this
>> a one-off fork for now and maybe work to pick up the Jetty 9.4.x work in
>> the 6.0.x stream?
>>
>> Thanks in advance.
>>
>> --
>> --
>> --
>> OPS4J - http://www.ops4j.org - ops4j@googlegroups.com
>>
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "OPS4J" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to ops4j+unsubscr...@googlegroups.com.
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
>
> --
> Niclas Hedhman, Software Developer
> http://polygene.apache.org - New Energy for Java
>
> --
> --
> --
> OPS4J - http://www.ops4j.org - ops4j@googlegroups.com
>
> ---
> You received this message because you are subscribed to the Google Groups
> "OPS4J" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ops4j+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>



-- 

Apache Member
Apache Karaf  Committer & PMC
OPS4J Pax Web  Committer &
Project Lead
blog 
Co-Author of Apache Karaf Cookbook 

Software Architect / Project Manager / Scrum Master

-- 
-- 
--
OPS4J - http://www.ops4j.org - ops4j@googlegroups.com

--- 
You received this message because you are subscribed to the Google Groups 
"OPS4J" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ops4j+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Unit test failures on build

2017-09-15 Thread 'Achim Nierbeck' via OPS4J 
Tevor,
first of all welcome to the community.
Even though you found out it's a self-inflicted issue you ran into, don't
hesitate to ask on this list.
Sometimes answers will take a bit longer but usually somebody is available
to help :)

regards, Achim


2017-09-15 22:59 GMT+02:00 Grzegorz Grzybek :

> Hello
>
> Looks like tests in this branch weren't updated recently. The certificate
> used in the tests expired on "Jan 14, 2013 11:51:59 PM CET"
> (pax-web-itest/pax-web-itest-container/pax-web-itest-
> container-jetty/src/test/resources/keystore)
>
> regards
> Grzegorz Grzybek
>
> 2017-09-15 22:12 GMT+02:00 Trevor Brown :
>
>> I apologize if this is a new guy mistake, but I'm getting these unit test
>> errors when I try to build the 4.4.1 branch on my local system:
>>
>>
>> [INFO] 
>> 
>> [INFO] Building OPS4J Pax Web - Integration Jetty Container Tests 4.4.1
>> [INFO] 
>> 
>> 
>> Omitted for brevity...
>> 
>> Tests in error:
>>   testWC(org.ops4j.pax.web.itest.jetty.WarBasicAuthSecuredIntegrationTest):
>> unable to find valid certification path to requested target
>>   
>> testSlash(org.ops4j.pax.web.itest.jetty.WarBasicAuthSecuredIntegrationTest):
>> unable to find valid certification path to requested target
>>   
>> testWebContainerSN(org.ops4j.pax.web.itest.jetty.WarBasicAuthSecuredIntegrationTest):
>> unable to find valid certification path to requested target
>>   
>> testWebContainerExample(org.ops4j.pax.web.itest.jetty.WarBasicAuthSecuredIntegrationTest):
>> unable to find valid certification path to requested target
>>   
>> testWebContextPath(org.ops4j.pax.web.itest.jetty.WebContainerSecuredIntegrationTest):
>> unable to find valid certification path to requested target
>>   
>> testWebContextPath(org.ops4j.pax.web.itest.jetty.WebContainerSpdyIntegrationTest):
>> unable to find valid certification path to requested target
>>
>>
>> Any ideas what I'm doing wrong? Do I need to import a certificate
>> somewhere to run these tests?
>>
>> --
>> --
>> --
>> OPS4J - http://www.ops4j.org - ops4j@googlegroups.com
>>
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "OPS4J" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to ops4j+unsubscr...@googlegroups.com.
>> For more options, visit https://groups.google.com/d/optout.
>>
>
> --
> --
> --
> OPS4J - http://www.ops4j.org - ops4j@googlegroups.com
>
> ---
> You received this message because you are subscribed to the Google Groups
> "OPS4J" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ops4j+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>



-- 

Apache Member
Apache Karaf  Committer & PMC
OPS4J Pax Web  Committer &
Project Lead
blog 
Co-Author of Apache Karaf Cookbook 

Software Architect / Project Manager / Scrum Master

-- 
-- 
--
OPS4J - http://www.ops4j.org - ops4j@googlegroups.com

--- 
You received this message because you are subscribed to the Google Groups 
"OPS4J" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ops4j+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Any plans on extending the 4.4.x stream?

2017-09-15 Thread Niclas Hedhman 
I suggest that you submit the PR. That is the easy part. Question is if
there is someone willing to do the release. If you are, then great... if
not, you would need to convince (charm, beer, bribe, threat...) someone to
do it.

Cheers
Niclas

On Sat, Sep 16, 2017 at 5:04 AM, Trevor Brown 
wrote:

> Hi all,
>
> My company is using Pax Web 4.2.7 right now. Unfortunately the version of
> Jetty in that release (and actually all Pax Web releases, it seems) is
> vulnerable to a timing channel attack (see https://github.com/
> eclipse/jetty.project/issues/1556 for details).
>
> I started looking at options, and right now it looks like the only upgrade
> path I have that won't require a lot of effort on my part (I experimented
> and failed using any of the 6.x releases) is to upgrade within the 4.x
> releases of Pax Web. I just rebuilt 4.4.1 locally with Jetty 9.2.22 and all
> the unit tests passed.
>
> So I'm wondering whether I should open a JIRA and submit a pull request
> for the upgrade in the 4.4.x stream, or whether I should just consider this
> a one-off fork for now and maybe work to pick up the Jetty 9.4.x work in
> the 6.0.x stream?
>
> Thanks in advance.
>
> --
> --
> --
> OPS4J - http://www.ops4j.org - ops4j@googlegroups.com
>
> ---
> You received this message because you are subscribed to the Google Groups
> "OPS4J" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ops4j+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>



-- 
Niclas Hedhman, Software Developer
http://polygene.apache.org - New Energy for Java

-- 
-- 
--
OPS4J - http://www.ops4j.org - ops4j@googlegroups.com

--- 
You received this message because you are subscribed to the Google Groups 
"OPS4J" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ops4j+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Any plans on extending the 4.4.x stream?

2017-09-15 Thread Trevor Brown 
Hi all,

My company is using Pax Web 4.2.7 right now. Unfortunately the version of 
Jetty in that release (and actually all Pax Web releases, it seems) is 
vulnerable to a timing channel attack 
(see https://github.com/eclipse/jetty.project/issues/1556 for details).

I started looking at options, and right now it looks like the only upgrade 
path I have that won't require a lot of effort on my part (I experimented 
and failed using any of the 6.x releases) is to upgrade within the 4.x 
releases of Pax Web. I just rebuilt 4.4.1 locally with Jetty 9.2.22 and all 
the unit tests passed.

So I'm wondering whether I should open a JIRA and submit a pull request for 
the upgrade in the 4.4.x stream, or whether I should just consider this a 
one-off fork for now and maybe work to pick up the Jetty 9.4.x work in the 
6.0.x stream?

Thanks in advance.

-- 
-- 
--
OPS4J - http://www.ops4j.org - ops4j@googlegroups.com

--- 
You received this message because you are subscribed to the Google Groups 
"OPS4J" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ops4j+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Unit test failures on build

2017-09-15 Thread Grzegorz Grzybek 
Hello

Looks like tests in this branch weren't updated recently. The certificate
used in the tests expired on "Jan 14, 2013 11:51:59 PM CET"
(pax-web-itest/pax-web-itest-container/pax-web-itest-container-jetty/src/test/resources/keystore)

regards
Grzegorz Grzybek

2017-09-15 22:12 GMT+02:00 Trevor Brown :

> I apologize if this is a new guy mistake, but I'm getting these unit test
> errors when I try to build the 4.4.1 branch on my local system:
>
>
> [INFO] 
> 
> [INFO] Building OPS4J Pax Web - Integration Jetty Container Tests 4.4.1
> [INFO] 
> 
> 
> Omitted for brevity...
> 
> Tests in error:
>   testWC(org.ops4j.pax.web.itest.jetty.WarBasicAuthSecuredIntegrationTest):
> unable to find valid certification path to requested target
>   testSlash(org.ops4j.pax.web.itest.jetty.WarBasicAuthSecuredIntegrationTest):
> unable to find valid certification path to requested target
>   testWebContainerSN(org.ops4j.pax.web.itest.jetty.
> WarBasicAuthSecuredIntegrationTest): unable to find valid certification
> path to requested target
>   testWebContainerExample(org.ops4j.pax.web.itest.jetty.
> WarBasicAuthSecuredIntegrationTest): unable to find valid certification
> path to requested target
>   testWebContextPath(org.ops4j.pax.web.itest.jetty.
> WebContainerSecuredIntegrationTest): unable to find valid certification
> path to requested target
>   testWebContextPath(org.ops4j.pax.web.itest.jetty.
> WebContainerSpdyIntegrationTest): unable to find valid certification path
> to requested target
>
>
> Any ideas what I'm doing wrong? Do I need to import a certificate
> somewhere to run these tests?
>
> --
> --
> --
> OPS4J - http://www.ops4j.org - ops4j@googlegroups.com
>
> ---
> You received this message because you are subscribed to the Google Groups
> "OPS4J" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ops4j+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
-- 
--
OPS4J - http://www.ops4j.org - ops4j@googlegroups.com

--- 
You received this message because you are subscribed to the Google Groups 
"OPS4J" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ops4j+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Unit test failures on build

2017-09-15 Thread Trevor Brown 
I apologize if this is a new guy mistake, but I'm getting these unit test 
errors when I try to build the 4.4.1 branch on my local system:


[INFO] 

[INFO] Building OPS4J Pax Web - Integration Jetty Container Tests 4.4.1
[INFO] 


Omitted for brevity...

Tests in error:
  testWC(org.ops4j.pax.web.itest.jetty.WarBasicAuthSecuredIntegrationTest): 
unable to find valid certification path to requested target
  
testSlash(org.ops4j.pax.web.itest.jetty.WarBasicAuthSecuredIntegrationTest): 
unable to find valid certification path to requested target
  
testWebContainerSN(org.ops4j.pax.web.itest.jetty.WarBasicAuthSecuredIntegrationTest):
 
unable to find valid certification path to requested target
  
testWebContainerExample(org.ops4j.pax.web.itest.jetty.WarBasicAuthSecuredIntegrationTest):
 
unable to find valid certification path to requested target
  
testWebContextPath(org.ops4j.pax.web.itest.jetty.WebContainerSecuredIntegrationTest):
 
unable to find valid certification path to requested target
  
testWebContextPath(org.ops4j.pax.web.itest.jetty.WebContainerSpdyIntegrationTest):
 
unable to find valid certification path to requested target


Any ideas what I'm doing wrong? Do I need to import a certificate somewhere 
to run these tests?

-- 
-- 
--
OPS4J - http://www.ops4j.org - ops4j@googlegroups.com

--- 
You received this message because you are subscribed to the Google Groups 
"OPS4J" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ops4j+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

pax-web - httpcontext is called even for urls outside its context

2017-09-15 Thread Martin Lichtin 
Environment: Karaf 4.0.9
Using Camel to register as a servlet like

  
  
  
  




  

I noticed that the httpContext is called also for requests outside /rest. 
How come?

For example, making a request for /foo, I see

2017-09-15 19:27:12,236 | DEBUG | qtp770314750-202 | 
ServerModel  | eb.service.spi.model.ServerModel  338 | 
214 - org.ops4j.pax.web.pax-web-spi - 4.3.0 | Path [/foo] does not match 
any context
2017-09-15 19:27:12,236 | DEBUG | qtp770314750-202 | 
HttpServiceContext   | etty.internal.HttpServiceContext  285 | 
212 - org.ops4j.pax.web.pax-web-jetty - 4.3.0 | Handling request for [/foo] 
using http context [my.path.MyHttpContext@42bf376e]

I would not have expected the HttpContext to be called in that circumstance.

-- 
-- 
--
OPS4J - http://www.ops4j.org - ops4j@googlegroups.com

--- 
You received this message because you are subscribed to the Google Groups 
"OPS4J" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ops4j+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.