Here's a rolling list of updates made to the javaxt-server
Version 3.0 (Current Release) 12/11/2017
Replaced the core HTTP engine with a stripped down version of Jetty. This was done as a stop-gap measure to circumvent an SSL issue with Chrome clients.
The Jetty-based version of javaxt-server is designed as a drop in replacement of the 2.0.x releases of javaxt-server. Simply replace your old jar with the 3.x release and you should be good to go!
Version 2.0.12 3/7/2017
- Updated logic used to initialize SSLContext and the SSLEngine in the HttpServlet class.
- Added new HttpServlet.setKeyManager() method. This allows for custom KeyManagers to support multiple SSL Certificates in a KeyStore.
- Refactored the way data is read from the SocketChannel. The new implementation relies on Thread.sleep() to wait for bytes.
Version 2.0.11 9/25/2016
- Critical bug fix writing bytes to the data to the SocketChannel. Previous implementation would hang while waiting to write to the SocketChannel.
- Added new methods to the Cookie, HttpServlet, HttpServletResponse, and ServletException classes to better conform to the Servlet spec.
Version 2.0.10 7/19/2013
- Implemented support for Range requests.
- Added new CgiServlet that can be used to host virtually any CGI application (e.g. UMN MapServer).
- Fixed bug reading TLS application data. This error prevented the server from processing large POST requests (e.g. file uploads) over SSL.
- Fixed bug formatting dates. All HTTP date/time stamps MUST be represented in Greenwich Mean Time (GMT), without exception.
- Fixed bug setting cookies. Also, added support for cookies without values.
- Implemented Servlet.init() method in the HttpServlet class.
Version 2.0.9 1/7/2013
- Updated logic for how Authenticators are used. Authenticators are now instantiated with each new HTTP request.
Implementations can store credentials, authentication status, user information, etc as class variables.
This enhancement required interface changes to the Authenticator class.
- Re-enabled GZIP compression for SSL clients after fixing a bug in the writeChunk method in the HttpServletResponse class.
Version 2.0.8 10/27/2012
- Expanded the API in the HttpServletRequest, HttpServletResponse, and ServletContext to cover most of the functionality defined in Version 2.5 of the Java Servlet API. This required modifications to several other classes including Server and HttpSession.
- Added new Authenticator interface used to help authenticate clients.
- Added new JspServlet class used to process JSP files.
- Added new HttpServletResponse.write() method to accapt a java.io.InputStream.
- Bug fix for HTTP 1.0 clients. By default, the server was "chunk" encoding gzip'd responses.
Servers are explicitly forbidden from sending "chunked" encoded responses to clients announcing themselves as HTTP/1.0 (e.g. Squid 2.5).
- Temporarily disabled GZIP compression for SSL clients.
Version 2.0.7 7/10/2012
- Fixed yet another bug processing multi-part form data.
The FormInputStream was appending instead of prependeding bytes to the cache resulting in incorrect form values for some binary data.
Version 2.0.6 6/12/2012
- Fixed bug processing multi-part form data. Updated the FormInput class to handle forms with empty file inputs.
- Updated jar manifest to report correct version number (was previously hardcoded to 2.0.2).
Version 2.0.5 6/2/2012
- Implemented ServletOutputStream class to allow users to stream raw bytes to the client.
- Fixed bug processing multi-part form data. The FormInputStream wasn't returning correct values when reading bytes from the cache.
- Fixed bug processing ServletExceptions. The server was returning status code 400 instead of the status code defined in the ServletException.
- Fixed null pointer exception in the setHeader method.
Version 2.0.4 5/8/2012
- Removed the "Accept-Ranges" header from the default servlet response. Range requests are not supported at this time.
- Fixed bug in the ServletInputStream.read() method. Added logic to convert unsigned bytes to int.
- Updated the HttpServletRequest.nextByte() method to return a Byte instead of a byte. This allows us to return null values when numBytesRead==-1.
- Fixed bug in the FormValue.read() method to properly handle ints returned from the getNextByte() method.
Version 2.0.3 4/25/2012
- Fixed bug in the FormInputStream.read() method. Added a check to see if the input has been fully read.
- Fixed bug in the FormValue.toFile() method. Needed to ensure parent file exists before instantiating a FileOutputStream.
Version 2.0.2 4/20/2012
- Updated the HttpServlet.getSSLEngine() method to explicitly indicate the no client authentication is required. "setNeedClientAuth(false)" vs "setWantClientAuth(true)". This is required for Safari 5. It appears that with Safari 5 (or perhaps even earlier) the browser will negotiate client certificates improperly with the web server. While other browsers like Google Chrome and Firefox will not have an issue, Safari is rendered incapable of connecting to these sites without a server-side change.
- Commented out the truststore and keystore configuration in the ServletTest class.
- Added support for SSLv2 ClientHello messages.
- Fixed bug unwrapping SSL messages in the HttpServletRequest.initHandshake() method. I incorrectly assumed that the client was done sending data over and I ended up with an empty ByteBuffer when the SSLEngine was expecting more data to unwrap.
- Added while loop in the HttpServletRequest.wrap() method to encrypt SSL application data. Hopefully this will eliminate a bug I observed when browsing SSL web pages where images were failing to load randomly.
Version 2.0.1 3/31/2012
- Updated the HttpServletRequest.getParameter() method to return a null if the key is not found or if the value is an empty string.
Version 2.0.0 3/30/2012