update webapp servlet xml to v4.0, remove ziplet, and utilize container supplied gzip compression

onejar/src/main/java/password/pwm/onejar/TomcatOnejarRunner.java

@@ -155,9 +155,11 @@ public class TomcatOnejarRunner
         {
             connector.setProperty( "address", onejarConfig.getLocalAddress() );
         }
+
+        final Http2Protocol http2Protocol = new Http2Protocol();
+
         connector.setSecure( true );
         connector.setScheme( "https" );
-        connector.addUpgradeProtocol( new Http2Protocol() );
         connector.setProperty( "SSLEnabled", "true" );
         connector.setProperty( "keystoreFile", onejarConfig.getKeystoreFile().toString() );
         connector.setProperty( "keystorePass", onejarConfig.getKeystorePass() );
@@ -169,21 +171,39 @@ public class TomcatOnejarRunner
 
         if ( tlsProperties != null )
         {
-            for ( final String key : tlsProperties.stringPropertyNames() )
+            tlsProperties.stringPropertyNames().forEach( key ->
             {
                 final String value = tlsProperties.getProperty( key );
-                connector.setProperty( key, value );
-            }
+                applyTlsProperty( key, value, connector, http2Protocol );
+            } );
         }
 
+        connector.addUpgradeProtocol( http2Protocol );
+
         return connector;
     }
 
+    static void applyTlsProperty( final String key, final String value, final Connector connector, final Http2Protocol http2Protocol )
+    {
+        if ( "enableCompression".equals( key ) )
+        {
+            if ( Boolean.parseBoolean( value ) )
+            {
+                connector.setProperty( "compression", "on" );
+                http2Protocol.setCompression( "on" );
+            }
+        }
+        else
+        {
+            connector.setProperty( key, value );
+        }
+    }
+
     static String getVersion( ) throws OnejarException
     {
         try
         {
-            final Class clazz = TomcatOnejarRunner.class;
+            final Class<?> clazz = TomcatOnejarRunner.class;
             final String className = clazz.getSimpleName() + ".class";
             final String classPath = clazz.getResource( className ).toString();
             if ( !classPath.startsWith( "jar" ) )

server/pom.xml

@@ -285,17 +285,6 @@
             <artifactId>zxcvbn</artifactId>
             <version>1.7.0</version>
         </dependency>
-        <dependency>
-            <groupId>com.github.ziplet</groupId>
-            <artifactId>ziplet</artifactId>
-            <version>2.4.1</version>
-            <exclusions>
-                <exclusion>
-                    <groupId>com.google.googlejavaformat</groupId>
-                    <artifactId>google-java-format</artifactId>
-                </exclusion>
-            </exclusions>
-        </dependency>
 
         <dependency>
             <!-- added newer dependency of xodus-environment -->

server/src/main/java/password/pwm/http/filter/GZIPFilter.java

@@ -1,108 +0,0 @@
-/*
- * Password Management Servlets (PWM)
- * http://www.pwm-project.org
- *
- * Copyright (c) 2006-2009 Novell, Inc.
- * Copyright (c) 2009-2021 The PWM Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package password.pwm.http.filter;
-
-import com.github.ziplet.filter.compression.CompressingFilter;
-import password.pwm.AppProperty;
-import password.pwm.PwmApplication;
-import password.pwm.error.PwmUnrecoverableException;
-import password.pwm.http.ContextManager;
-import password.pwm.http.PwmURL;
-import password.pwm.util.logging.PwmLogger;
-
-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import java.io.IOException;
-
-/**
- * GZip Filter Wrapper.  This filter must be invoked _before_ a PwmRequest object is instantiated, else
- * it will cache a reference to the original response and break the application.
- */
-public class GZIPFilter implements Filter
-{
-    private static final PwmLogger LOGGER = PwmLogger.forClass( GZIPFilter.class );
-
-    private final CompressingFilter compressingFilter = new CompressingFilter();
-    private boolean enabled = false;
-
-    @Override
-    public void init( final FilterConfig filterConfig )
-            throws ServletException
-    {
-        final PwmApplication pwmApplication;
-        try
-        {
-            pwmApplication = ContextManager.getPwmApplication( filterConfig.getServletContext() );
-            enabled = Boolean.parseBoolean( pwmApplication.getConfig().readAppProperty( AppProperty.HTTP_ENABLE_GZIP ) );
-        }
-        catch ( final PwmUnrecoverableException e )
-        {
-            LOGGER.warn( () -> "unable to load application configuration, defaulting to disabled" );
-        }
-
-        compressingFilter.init( filterConfig );
-    }
-
-    @Override
-    public void destroy( )
-    {
-        compressingFilter.destroy();
-    }
-
-    @Override
-    public void doFilter( final ServletRequest servletRequest, final ServletResponse servletResponse, final FilterChain filterChain )
-            throws IOException, ServletException
-    {
-        if ( enabled && interestInRequest( servletRequest ) )
-        {
-            compressingFilter.doFilter( servletRequest, servletResponse, filterChain );
-        }
-        else
-        {
-            filterChain.doFilter( servletRequest, servletResponse );
-        }
-    }
-
-    private boolean interestInRequest( final ServletRequest servletRequest )
-    {
-        try
-        {
-            final PwmURL pwmURL = PwmURL.create( ( HttpServletRequest ) servletRequest );
-
-            // resource servlet does its own gzip compression with fancy server-side caching
-            if ( pwmURL.isResourceURL() )
-            {
-                return false;
-            }
-        }
-        catch ( final Exception e )
-        {
-            LOGGER.error( () -> "unable to parse request url, defaulting to non-gzip: " + e.getMessage() );
-        }
-
-        return true;
-    }
-}

server/src/main/java/password/pwm/util/OnejarHelper.java

@@ -20,6 +20,7 @@
 
 package password.pwm.util;
 
+import password.pwm.AppProperty;
 import password.pwm.PwmApplication;
 import password.pwm.PwmApplicationMode;
 import password.pwm.PwmConstants;
@@ -80,6 +81,7 @@ public class OnejarHelper
         final String sslProtocolSettingValue = ExportHttpsTomcatConfigCommand.TomcatConfigWriter.getTlsProtocolsValue( appConfig );
         final Properties newProps = new Properties();
         newProps.setProperty( "sslEnabledProtocols",  sslProtocolSettingValue );
+        newProps.setProperty( "enableCompression", appConfig.readAppProperty( AppProperty.HTTP_ENABLE_GZIP ) );
         final String ciphers = appConfig.readSettingAsString( PwmSetting.HTTPS_CIPHERS );
         if ( StringUtil.notEmpty( ciphers ) )
         {

webapp/src/main/webapp/META-INF/context.xml

@@ -25,4 +25,5 @@
   <JarScanner>
     <JarScanFilter tldSkip="*.*"/>
   </JarScanner>
+  <CookieProcessor sameSiteCookies="strict" />
 </Context>

webapp/src/main/webapp/WEB-INF/web.xml

@@ -19,16 +19,18 @@
   ~ limitations under the License.
   -->
 
-<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-         xmlns="http://java.sun.com/xml/ns/javaee"
-         xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
-         id="PWM" version="3.0">
+<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee web-app_4_0.xsd"
+         version="4.0">
+
     <display-name>PWM Password Management</display-name>
     <!-- <distributable/> Clustering/Session replication is not supported -->
     <description>Password Management Servlet</description>
     <context-param>
         <description>
-            Explicit location of application path working directory or the literal value "unspecified".  See the environment documentation at /public/reference/environment.jsp for more information.
+            Explicit location of application path working directory or the literal value "unspecified".
+            See the environment documentation at /public/reference/environment.jsp for more information.
         </description>
         <param-name>applicationPath</param-name>
         <param-value>unspecified</param-value>
@@ -121,10 +123,6 @@
         <filter-name>CookieUpdateFilter</filter-name>
         <filter-class>password.pwm.http.filter.CookieManagementFilter</filter-class>
     </filter>
-    <filter>
-        <filter-name>GZIPFilter</filter-name>
-        <filter-class>password.pwm.http.filter.GZIPFilter</filter-class>
-    </filter>
     <filter>
         <filter-name>DomainInitFilter</filter-name>
         <filter-class>password.pwm.http.filter.DomainInitFilter</filter-class>
@@ -165,10 +163,6 @@
         <filter-name>CookieUpdateFilter</filter-name>
         <url-pattern>/*</url-pattern>
     </filter-mapping>
-    <filter-mapping>
-        <filter-name>GZIPFilter</filter-name>
-        <url-pattern>/*</url-pattern>
-    </filter-mapping>
     <filter-mapping>
         <filter-name>DomainInitFilter</filter-name>
         <url-pattern>/*</url-pattern>