Upgrade from javax.servlet-api-3.1 to jakarta.servlet-api:4.0 and ban javax.servlet:javax.servlet-api
#693
Conversation
|
I am not sure offhand if this is safe. Does it even work—is there a reproducible test case for the observed error? See https://github.com/jenkinsci/plugin-pom/tree/master/src/it Since #478 we require 2.361.x or newer. Core is using this dep in jenkinsci/jenkins#6801 which is only in 3.363. In current versions of core it seems the only 3.x Servlet dep comes via the old Jetty 9 WebSocket adapter, which as in jenkinsci/jenkins#7101 (comment) I think could now be deleted since jenkinsci/jenkins-test-harness#453 is widely adopted. |
Co-authored-by: Jesse Glick <[email protected]>
…into fix/servlet-api
|
Test case added 7b2d225 |
|
I tried locally to remove Jetty 9 WebSocket adpater from core, but this does not fix plugin issue as |
| */ | ||
| @Test | ||
| public void involveHttpSessionBindingListener() throws Exception { | ||
| Jenkins.get().setSecurityRealm(new LegacySecurityRealm()); |
There was a problem hiding this comment.
Note that the error is not reproducible after
| Jenkins.get().setSecurityRealm(new LegacySecurityRealm()); | |
| Jenkins.get().setSecurityRealm(rule.createDummySecurityRealm()); |
I point this out because LegacySecurityRealm is almost never used (it was superseded in 2007 and should perhaps be dropped altogether along with support for non-Winstone containers), and if a routine usage of HtmlUnit were broken after some core or tooling update we would have noticed that in lots of popular plugins by now.
There was a problem hiding this comment.
Thanks for this fix @jglick !
BTW it this PR is still revelant as similar issue could occurs as having multiple versions of APIs in same classloader (at least from plugin tests).
There was a problem hiding this comment.
Potentially yes. I suspect the conflict just rarely matters, but using LegacySecurityRealm in a test activates a code path in the servlet container which is otherwise rarely encountered.
Co-authored-by: Jesse Glick <[email protected]>
|
maybe a bit nit :) |
olamy
changed the title
javax.servlet-api-3.1 to jakarta.servlet-api:4.0javax.servlet-api-3.1 to jakarta.servlet-api:4.0 and ban javax.servlet:javax.servlet-api
In order to validate the plugin with Jetty 12, we need to get jenkinsci/plugin-pom#693 which is included in `4.62` version. That bump occurred on the `analysis-pom` version `6.7.0`.
When running tests based on
JenkinsRule, multiple servlet APIs are available from tests classpath, then causing some issues.For example :
javax.servlet.http.HttpSessionBindingListenerimplementation class from Jetty is compiled using 4.0 (withdefault) and test execution is using 3.1 (withoutdefault), then causing: