Merge branch 'main' into jandex-deploy

Author: lprimak

.github/ISSUE_TEMPLATE/config.yml

@@ -1,7 +1,7 @@
 blank_issues_enabled: false
 contact_links:
-  - name: Payara Community Forum
-    url: http://www.payara.org/forum
+  - name: Payara Forum
+    url: https://forum.payara.fish/
     about: Please ask and answer questions about the Payara Platform here.
   - name: Security Issues
     url: https://mailxto.com/smwknx

appserver/admin/gf_template/src/main/resources/config/domain.xml

@@ -222,6 +222,8 @@
                 <jvm-options>[17|]--add-exports=java.naming/com.sun.jndi.ldap=ALL-UNNAMED</jvm-options>
                 <jvm-options>[17|]--add-opens=java.base/java.io=ALL-UNNAMED</jvm-options>
                 <jvm-options>[21|]--add-opens=java.base/jdk.internal.misc=ALL-UNNAMED</jvm-options>
+                <jvm-options>[24|]--sun-misc-unsafe-memory-access=allow</jvm-options>
+                <jvm-options>[24|]--enable-native-access=ALL-UNNAMED</jvm-options>
                 <jvm-options>-Xmx512m</jvm-options>
                 <jvm-options>-XX:NewRatio=2</jvm-options>
                 <jvm-options>-XX:+UnlockDiagnosticVMOptions</jvm-options>
@@ -461,6 +463,8 @@
                 <jvm-options>[17|]--add-exports=java.naming/com.sun.jndi.ldap=ALL-UNNAMED</jvm-options>
                 <jvm-options>[17|]--add-opens=java.base/java.io=ALL-UNNAMED</jvm-options>
                 <jvm-options>[21|]--add-opens=java.base/jdk.internal.misc=ALL-UNNAMED</jvm-options>
+                <jvm-options>[24|]--sun-misc-unsafe-memory-access=allow</jvm-options>
+                <jvm-options>[24|]--enable-native-access=ALL-UNNAMED</jvm-options>
                 <jvm-options>-Xmx512m</jvm-options>
                 <jvm-options>-XX:NewRatio=2</jvm-options>
                 <jvm-options>-XX:+UnlockDiagnosticVMOptions</jvm-options>

appserver/admin/gf_template_web/src/main/resources/config/domain.xml

@@ -217,6 +217,8 @@
         <jvm-options>[17|]--add-exports=java.naming/com.sun.jndi.ldap=ALL-UNNAMED</jvm-options>
         <jvm-options>[17|]--add-opens=java.base/java.io=ALL-UNNAMED</jvm-options>
         <jvm-options>[21|]--add-opens=java.base/jdk.internal.misc=ALL-UNNAMED</jvm-options>
+        <jvm-options>[24|]--sun-misc-unsafe-memory-access=allow</jvm-options>
+        <jvm-options>[24|]--enable-native-access=ALL-UNNAMED</jvm-options>
         <jvm-options>-Xmx512m</jvm-options>
         <jvm-options>-XX:NewRatio=2</jvm-options>
         <jvm-options>-XX:+UnlockDiagnosticVMOptions</jvm-options>
@@ -451,6 +453,8 @@
         <jvm-options>[17|]--add-exports=java.naming/com.sun.jndi.ldap=ALL-UNNAMED</jvm-options>
         <jvm-options>[17|]--add-opens=java.base/java.io=ALL-UNNAMED</jvm-options>
         <jvm-options>[21|]--add-opens=java.base/jdk.internal.misc=ALL-UNNAMED</jvm-options>
+        <jvm-options>[24|]--sun-misc-unsafe-memory-access=allow</jvm-options>
+        <jvm-options>[24|]--enable-native-access=ALL-UNNAMED</jvm-options>
         <jvm-options>-Xmx512m</jvm-options>
         <jvm-options>-XX:NewRatio=2</jvm-options>
         <jvm-options>-XX:+UnlockDiagnosticVMOptions</jvm-options>

appserver/admingui/cluster-l10n/src/main/resources/org/glassfish/cluster/admingui/Strings_de.properties

@@ -107,7 +107,7 @@ dg.SelectedInstances=Selected Instances
 clusterNew.DG=Deployment Group
 clusterNew.DGHelp=Choose a deployment group for the instance
 clusters.PageTitle=Clusters (Deprecated)
-clusters.PageTitleHelp=Create and manage Payara Server clusters. A cluster is a named collection of Payara Server instances that provides high availability through scalability, load balancing, and failure protection.<br/>Clusters are deprecated in Payara 5 and we recommend you migrate to Deployment Groups 
+clusters.PageTitleHelp=Create and manage Payara Server clusters. A cluster is a named collection of Payara Server instances that provides high availability through scalability, load balancing, and failure protection.<br/>Clusters are deprecated since Payara 5 and we recommend you migrate to Deployment Groups 
 clusters.TableTitle=Deprecated Clusters
 clusters.instanceCol=Instances
 cluster.error.start-cluster=When trying to start the following clusters:

appserver/admingui/cluster/src/main/resources/org/glassfish/cluster/admingui/Strings.properties

@@ -104,7 +104,7 @@ dg.SelectedInstances=Selected Instances
 clusterNew.DG=Deployment Group
 clusterNew.DGHelp=Choose a deployment group for the instance
 clusters.PageTitle=Clusters (Deprecated)
-clusters.PageTitleHelp=Create and manage Payara Server clusters. A cluster is a named collection of Payara Server instances that provides high availability through scalability, load balancing, and failure protection.<br/>Clusters are deprecated in Payara 5 and we recommend you migrate to Deployment Groups 
+clusters.PageTitleHelp=Create and manage Payara Server clusters. A cluster is a named collection of Payara Server instances that provides high availability through scalability, load balancing, and failure protection.<br/>Clusters are deprecated since Payara 5 and we recommend you migrate to Deployment Groups 
 clusters.TableTitle=Deprecated Clusters
 clusters.instanceCol=Instances
 cluster.error.start-cluster=When trying to start the following clusters:

appserver/admingui/common/src/main/java/org/glassfish/admingui/common/security/AdminConsoleAuthModule.java

@@ -99,7 +99,7 @@ public class AdminConsoleAuthModule implements ServerAuthModule {
 
     private static final String SAVED_SUBJECT = "Saved_Subject";
     private static final String USER_NAME = "userName";
-    private static final String ORIG_REQUEST_PATH = "origRequestPath";
+    private static final String ORIG_REQUEST_PATH = "__origRequestPath";
     private static final String RESPONSE_TYPE = "application/json";
 
     /**
@@ -369,6 +369,9 @@ private AuthStatus redirectBack(HttpSession session, HttpServletRequest request,
         try {
             // Redirect...
             String origRequest = (String) session.getAttribute(ORIG_REQUEST_PATH);
+            //clear session attribute for security reason
+            session.removeAttribute(ORIG_REQUEST_PATH);
+
             // Explicitly test for favicon.ico, as Firefox seems to ask for this on
             // every page
             if (origRequest == null || "/favicon.ico".equals(origRequest)) {

appserver/admingui/web/src/main/resources/configuration/virtualServerAttrs.inc

@@ -39,6 +39,7 @@
     holder.
 
 -->
+<!-- Portions Copyright 2025 Payara Foundation and/or its affiliates -->
 
 <!-- web/configuration/virtualServerAttrs.inc -->
 #include "/common/applications/applicationHandlers.inc"
@@ -69,6 +70,17 @@
             <sun:checkbox label="$resource{i18n.common.Enabled}" selected="#{pageSession.valueMap['ssoCookieHttpOnly']}"  selectedValue="true" />
         </sun:property>
 
+        <sun:property id="sessionCookieHttpOnly"  labelAlign="left" noWrap="#{true}" overlapLabel="#{false}" label="$resource{i18n_web.vs.sessionCookieHttpOnly}" helpText="$resource{i18n_web.vs.sessionCookieHttpOnlyHelp}">
+            <sun:checkbox label="$resource{i18n.common.Enabled}" selected="#{pageSession.valueMap['sessionCookieHttpOnly']}"  selectedValue="true" />
+        </sun:property>
+
+#         <sun:property id="sessionCookieSecure"  labelAlign="left" noWrap="#{true}" overlapLabel="#{false}" label="$resource{i18n_web.vs.sessionCookieSecure}" helpText="$resource{i18n_web.vs.sessionCookieSecureHelp}">
+#             <sun:checkbox label="$resource{i18n.common.Enabled}" selected="#{pageSession.valueMap['sessionCookieSecure']}"  selectedValue="true" />
+#         </sun:property>
+        <sun:property id="sessionCookieSecure"  labelAlign="left" noWrap="#{true}" overlapLabel="#{false}" label="$resource{i18n_web.vs.sessionCookieSecure}" helpText="$resource{i18n_web.vs.sessionCookieSecureHelp}">
+             <sun:dropDown id="cookieSecure"  selected="#{pageSession.valueMap['sessionCookieSecure']}" labels={"$resource{i18n_web.vs.sessionCookieSecure.dynamic}","$resource{i18n_web.vs.alwaysEnable}","$resource{i18n_web.vs.alwaysDisable}"} values={"dynamic","true","false"} />
+         </sun:property>
+
         <sun:property id="nwProps"  labelAlign="left" noWrap="#{true}" overlapLabel="#{false}" label="$resource{i18n_web.vs.NetworkListeners}" helpText="$resource{i18n_web.vs.NetworkListenersHelp}">
             <sun:listbox id="nw" immediate="#{true}" multiple="#{true}"  rows="$int{4}" 
                 labels="$pageSession{availableNetworkListeners}"

appserver/admingui/web/src/main/resources/configuration/virtualServerButtons.inc

@@ -39,6 +39,7 @@
     holder.
 
 -->
+<!-- Portions Copyright 2025 Payara Foundation and/or its affiliates -->
 
 <!-- configuration/virtualServerButtons.inc -->
 #include "/common/shared/commonHandlers.inc"
@@ -83,7 +84,7 @@
                             convertToFalse="#{pageSession.convertToFalseList}"
                             onlyUseAttrs="#{pageSession.onlyUseAttrs}"
                     );
-                    setPageSessionAttribute(key="onlyUseAttrs" value={"ssoEnabled", "ssoCookieHttpOnly", "accessLoggingEnabled", "docroot", "accessLog"})
+                    setPageSessionAttribute(key="onlyUseAttrs" value={"ssoEnabled", "ssoCookieHttpOnly", "sessionCookieHttpOnly", "sessionCookieSecure", "accessLoggingEnabled", "docroot", "accessLog"})
                     gf.createEntity(endpoint="#{pageSession.selfUrl}/#{pageSession.valueMap['id']}"
                             attrs="#{pageSession.valueMap}"
                             onlyUseAttrs="#{pageSession.onlyUseAttrs}"

appserver/admingui/web/src/main/resources/configuration/virtualServerEdit.jsf

@@ -39,6 +39,7 @@
     holder.
 
 -->
+<!-- Portions Copyright 2025 Payara Foundation and/or its affiliates -->
 
 <!-- configuration/virtualServerEdit.jsf -->
 
@@ -65,7 +66,8 @@
         gf.getEntityAttrs(endpoint="#{pageSession.selfUrl}.json", valueMap="#{pageSession.valueMap}");
         gf.restRequest(endpoint="#{pageSession.selfUrl}/property.json" method="GET" result="#{requestScope.propTable}");
         setPageSessionAttribute(key="tableList" value="#{requestScope.propTable.data.extraProperties.properties}");
-        setPageSessionAttribute(key="convertToFalseList" value={"ssoCookieHttpOnly"});
+        setPageSessionAttribute(key="convertToFalseList" value={"ssoCookieHttpOnly", "sessionCookieHttpOnly"});
+        setPageSessionAttribute(key="sessionCookieSecure" value="dynamic");
         //set the following for including buttons.inc
         setPageSessionAttribute(key="edit" value="#{true}" );
         setPageSessionAttribute(key="showDefaultButton" value="#{true}" );

appserver/admingui/web/src/main/resources/configuration/virtualServerNew.jsf

@@ -39,6 +39,7 @@
     holder.
 
 -->
+<!-- Portions Copyright 2025 Payara Foundation and/or its affiliates -->
 
 <!-- configuration/virtualServerNew.jsf" -->
 
@@ -63,7 +64,8 @@
         mapPut(map="#{pageSession.valueMap}" key="ssoEnabled" value="inherit");
         mapPut(map="#{pageSession.valueMap}" key="accessLoggingEnabled" value="inherit");
         mapPut(map="#{pageSession.valueMap}" key="accessLog" value="");
-        setPageSessionAttribute(key="convertToFalseList" value={"ssoCookieHttpOnly"});
+        setPageSessionAttribute(key="convertToFalseList" value={"ssoCookieHttpOnly", "sessionCookieHttpOnly"});
+        setPageSessionAttribute(key="sessionCookieSecure" value="dynamic");
         setPageSessionAttribute(key="edit" value="#{false}" );
         setPageSessionAttribute(key="showDefaultButton" value="#{true}" );
         setPageSessionAttribute(key="showCancelButton" value="#{true}" );