-
Notifications
You must be signed in to change notification settings - Fork 80
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[WFLY-19808] Bump WFLY-15452 from Preview to Community stability
- Loading branch information
Showing
1 changed file
with
133 additions
and
0 deletions.
There are no files selected for viewing
133 changes: 133 additions & 0 deletions
133
undertow/WFLY-19808_ajp-listener_allowed_attr_pattern.adoc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,133 @@ | ||
| = [Community]modify ajp-listener to allow specifying pattern for ajp request attributes | ||
| :author: Bartosz Baranowski | ||
| :email: [email protected] | ||
| :toc: left | ||
| :icons: font | ||
| :idprefix: | ||
| :idseparator: - | ||
|
|
||
| == Overview | ||
|
|
||
| Since UNDERTOW-1667 one can set additional AJP request attribute parsing permission via env variable. However there is no way to set it in WFLY config/model. This RFE's goal is to make it possible. | ||
| NOTE: this is promotion from Preview to Community level. | ||
|
|
||
| == Issue Metadata | ||
|
|
||
| === Issue | ||
|
|
||
| * https://issues.redhat.com/browse/WFLY-19808[WFLY-19808] | ||
|
|
||
| === Related Issues | ||
|
|
||
| * https://issues.redhat.com/browse/UNDERTOW-1667[UNDERTOW-1667] | ||
| * https://issues.redhat.com/browse/UNDERTOW-1977[UNDERTOW-1977] | ||
| * https://issues.redhat.com/browse/WFLY-15453[WFLY-15453] | ||
| * https://github.com/wildfly/wildfly-proposals/blob/main/undertow/WFLY-15452_ajp-listener_allowed_attr_pattern.adoc[WFLY_PROPOSAL_15453] | ||
|
|
||
| === Stability Level | ||
| // Choose the planned stability level for the proposed functionality | ||
| * [ ] Experimental | ||
|
|
||
| * [ ] Preview | ||
|
|
||
| * [X] Community | ||
|
|
||
| * [ ] default | ||
|
|
||
| === Dev Contacts | ||
|
|
||
| * mailto:{email}[{author}] | ||
|
|
||
| === QE Contacts | ||
|
|
||
| * mailto:[email protected][Martin Svehla] | ||
|
|
||
| === Testing By | ||
| // Put an x in the relevant field to indicate if testing will be done by Engineering or QE. | ||
| // Discuss with QE during the Kickoff state to decide this | ||
| * [ ] Engineering | ||
|
|
||
| * [X] QE | ||
|
|
||
| === Affected Projects or Components | ||
|
|
||
| * undertow | ||
|
|
||
| === Other Interested Projects | ||
|
|
||
| === Relevant Installation Types | ||
| // Remove the x next to the relevant field if the feature in question is not relevant | ||
| // to that kind of WildFly installation | ||
| * [x] Traditional standalone server (unzipped or provisioned by Galleon) | ||
|
|
||
| * [x] Managed domain | ||
|
|
||
| * [x] OpenShift s2i | ||
|
|
||
| * [x] Bootable jar | ||
|
|
||
| == Requirements | ||
|
|
||
| === Hard Requirements | ||
|
|
||
| * Being able to configure pattern via model/xml. | ||
| [literal] | ||
| <subsystem xmlns="urn:jboss:domain:undertow:14.0" default-server="some-server" default-servlet-container="myContainer" default-virtual-host="default-virtual-host" instance-id="some-id" statistics-enabled="true"> | ||
| ... | ||
| <server default-host="other-host" name="some-server" servlet-container="myContainer"> | ||
| ... | ||
| <ajp-listener ... allowed_request_attr_pattern="(?:apple|banana)" .../> | ||
| ... | ||
| </server> | ||
| ... | ||
| </subsystem> | ||
|
|
||
| Parameters will be present in undertow server element(for standalone: /subsystem=undertow/server=default-server/ajp-listener=myListener): | ||
| * allowed_request_attr_pattern | ||
| ** Default: null | ||
| ** Type: String(regex - java.util.regex.Pattern) | ||
|
|
||
| === Nice-to-Have Requirements | ||
|
|
||
| === Non-Requirements | ||
|
|
||
| == Backwards Compatibility | ||
|
|
||
| Possibly. Subsystem transformers should be able to handle it. | ||
|
|
||
| === Default Configuration | ||
|
|
||
| No change. | ||
|
|
||
| === Importing Existing Configuration | ||
|
|
||
| No steps should suffice, as it would mean defaulting to 'null', which is default value in undertow source. | ||
|
|
||
| === Deployments | ||
|
|
||
| Not affected. | ||
|
|
||
| === Interoperability | ||
|
|
||
| Not affected. | ||
|
|
||
| == Implementation Plan | ||
|
|
||
| Done. | ||
|
|
||
| == Security Considerations | ||
|
|
||
| Possibly. UNDERTOW-1667 is a CVE, so this RFE should be documented well, in order to warn users of potential exposure. | ||
| However, by defualt undertow will ignore non-standard and not matching attributes, hence user is failure point. | ||
|
|
||
| == Test Plan | ||
|
|
||
| Unit tests should cover new functionality(there is already test case covering AjpListener). | ||
|
|
||
| == Community Documentation | ||
|
|
||
| Task for WFLY documentation already exist - WFLY-15453. HOwever, this is model change and there is model reference doc generated, so its unclear which approach is better? | ||
|
|
||
| == Release Note Content | ||
|
|
||
| Allow configuration of AJP request attribute pattern with model entry, rather than only via system property. |