fixed bug in the server configuration parser

added Jacoco test report

.gitea/workflows/build.yaml

@@ -9,11 +9,6 @@ jobs:
     steps:
       - name: Checkout sources
         uses: actions/checkout@v4
-      - name: Setup Java
-        uses: actions/setup-java@v4
-        with:
-          distribution: graalvm
-          java-version: 21
       - name: Setup Gradle
         uses: gradle/actions/setup-gradle@v3
       - name: Execute Gradle build

Dockerfile

@@ -1,2 +0,0 @@
-FROM gitea.woggioni.net/woggioni/gbcs:memcached
-COPY --chown=luser:luser conf/gbcs-memcached.xml /home/luser/.config/gbcs/gbcs.xml

build.gradle

@@ -66,6 +66,15 @@ allprojects { subproject ->
         }
     }
 
+    pluginManager.withPlugin('jacoco') {
+        test {
+            finalizedBy jacocoTestReport
+        }
+        jacocoTestReport {
+            dependsOn test
+        }
+    }
+
     pluginManager.withPlugin(catalog.plugins.kotlin.jvm.get().pluginId) {
         tasks.withType(KotlinCompile.class) {
             compilerOptions.jvmTarget = JvmTarget.JVM_21

conf/gbcs-memcached.xml

@@ -1,13 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
-<gbcs:server useVirtualThreads="true" xmlns:xs="http://www.w3.org/2001/XMLSchema-instance"
-             xmlns:gbcs="urn:net.woggioni.gbcs"
-             xmlns:gbcs-memcached="urn:net.woggioni.gbcs-memcached"
-             xs:schemaLocation="urn:net.woggioni.gbcs-memcached jpms://net.woggioni.gbcs.memcached/net/woggioni/gbcs/memcached/schema/gbcs-memcached.xsd urn:net.woggioni.gbcs jpms://net.woggioni.gbcs/net/woggioni/gbcs/schema/gbcs.xsd">
-    <bind host="0.0.0.0" port="13080" />
-    <cache xs:type="gbcs-memcached:memcachedCacheType" max-age="P7D" max-size="16777216" compression-mode="zip">
-        <server host="memcached" port="11211"/>
-    </cache>
-    <authentication>
-        <none/>
-    </authentication>
-</gbcs:server>

conf/logback.xml

@@ -1,21 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" ?>
-<!DOCTYPE configuration>
-
-<configuration>
-    <import class="ch.qos.logback.classic.encoder.PatternLayoutEncoder"/>
-    <import class="ch.qos.logback.core.ConsoleAppender"/>
-
-    <appender name="console" class="ConsoleAppender">
-        <target>System.err</target>
-        <encoder class="PatternLayoutEncoder">
-            <pattern>%d [%highlight(%-5level)] \(%thread\) %logger{36} -%kvp- %msg %n</pattern>
-        </encoder>
-    </appender>
-
-    <root level="info">
-        <appender-ref ref="console"/>
-    </root>
-    <logger name="io.netty" level="debug"/>
-    <logger name="com.google.code.yanf4j" level="warn"/>
-    <logger name="net.rubyeye.xmemcached" level="warn"/>
-</configuration>

docker-compose.yml

@@ -1,36 +0,0 @@
-networks:
-  default:
-    external: false
-    ipam:
-      driver: default
-      config:
-        - subnet: 172.118.0.0/16
-          ip_range: 172.118.0.0/16
-          gateway: 172.118.0.254
-services:
-  gbcs:
-    build:
-      context: .
-    container_name: gbcs
-    restart: unless-stopped
-    ports:
-      - "127.0.0.1:8080:13080"
-      - "[::1]:8080:13080"
-    depends_on:
-      memcached:
-        condition: service_started
-    deploy:
-      resources:
-        limits:
-          cpus: "2.00"
-          memory: 256M
-  memcached:
-    image: memcached
-    container_name: memcached
-    restart: unless-stopped
-    command: -I 64m -m 900m
-    deploy:
-      resources:
-        limits:
-          cpus: "1.00"
-          memory: 1G

docker/Dockerfile

@@ -1,6 +1,4 @@
-FROM alpine:latest AS base-release
+FROM eclipse-temurin:21-jre-alpine AS base-release
-RUN --mount=type=cache,target=/var/cache/apk apk update
-RUN --mount=type=cache,target=/var/cache/apk apk add openjdk21-jre
 RUN adduser -D luser
 USER luser
 WORKDIR /home/luser
@@ -16,6 +14,3 @@ WORKDIR /home/luser/plugins
 RUN --mount=type=bind,source=.,target=/build/distributions tar -xf /build/distributions/gbcs-server-memcached*.tar
 WORKDIR /home/luser
 ENTRYPOINT ["java", "-jar", "/home/luser/gbcs.jar", "server"]
-
-FROM release-memcached as compose
-COPY --chown=luser:luser conf/gbcs-memcached.xml /home/luser/.config/gbcs/gbcs.xml

gbcs-api/src/main/java/net/woggioni/gbcs/api/Configuration.java

@@ -2,10 +2,12 @@ package net.woggioni.gbcs.api;
 
 
 import lombok.EqualsAndHashCode;
+import lombok.NonNull;
 import lombok.Value;
 
 import java.nio.file.Path;
 import java.security.cert.X509Certificate;
+import java.time.Duration;
 import java.util.Map;
 import java.util.Set;
 import java.util.stream.Collectors;
@@ -14,13 +16,32 @@ import java.util.stream.Collectors;
 public class Configuration {
     String host;
     int port;
+    int incomingConnectionsBacklogSize;
     String serverPath;
+    @NonNull
+    EventExecutor eventExecutor;
+    @NonNull
+    Connection connection;
     Map<String, User> users;
     Map<String, Group> groups;
     Cache cache;
     Authentication authentication;
     Tls tls;
-    boolean useVirtualThread;
+
+    @Value
+    public static class EventExecutor {
+        boolean useVirtualThreads;
+    }
+
+    @Value
+    public static class Connection {
+        Duration readTimeout;
+        Duration writeTimeout;
+        Duration idleTimeout;
+        Duration readIdleTimeout;
+        Duration writeIdleTimeout;
+        int maxRequestSize;
+    }
 
     @Value
     public static class Group {
@@ -101,24 +122,28 @@ public class Configuration {
     public static Configuration of(
             String host,
             int port,
+            int incomingConnectionsBacklogSize,
             String serverPath,
+            EventExecutor eventExecutor,
+            Connection connection,
             Map<String, User> users,
             Map<String, Group> groups,
             Cache cache,
             Authentication authentication,
-            Tls tls,
+            Tls tls
-            boolean useVirtualThread
     ) {
         return new Configuration(
                 host,
                 port,
+                incomingConnectionsBacklogSize,
                 serverPath != null && !serverPath.isEmpty() && !serverPath.equals("/") ? serverPath : null,
+                eventExecutor,
+                connection,
                 users,
                 groups,
                 cache,
                 authentication,
-                tls,
+                tls
-                useVirtualThread
         );
     }
 }

gbcs-cli/src/main/kotlin/net/woggioni/gbcs/cli/impl/commands/BenchmarkCommand.kt

@@ -46,7 +46,8 @@ class BenchmarkCommand : GbcsCommand() {
             val random = Random(SecureRandom.getInstance("NativePRNGNonBlocking").nextLong())
             while (true) {
                 val key = Base64.getUrlEncoder().encode(random.nextBytes(16)).toString(Charsets.UTF_8)
-                val value = random.nextBytes(0x1000)
+                val content = random.nextInt().toByte()
+                val value = ByteArray(0x1000, { _ -> content })
                 yield(key to value)
             }
         }

gbcs-client/src/main/kotlin/net/woggioni/gbcs/client/Client.kt

@@ -30,16 +30,18 @@ import io.netty.handler.ssl.SslContextBuilder
 import io.netty.handler.stream.ChunkedWriteHandler
 import io.netty.util.concurrent.Future
 import io.netty.util.concurrent.GenericFutureListener
+import net.woggioni.gbcs.client.impl.Parser
 import net.woggioni.gbcs.common.Xml
 import net.woggioni.gbcs.common.contextLogger
 import net.woggioni.gbcs.common.debug
-import net.woggioni.gbcs.client.impl.Parser
+import net.woggioni.gbcs.common.trace
 import java.net.InetSocketAddress
 import java.net.URI
 import java.nio.file.Files
 import java.nio.file.Path
 import java.security.PrivateKey
 import java.security.cert.X509Certificate
+import java.time.Duration
 import java.util.Base64
 import java.util.concurrent.CompletableFuture
 import java.util.concurrent.atomic.AtomicInteger
@@ -67,6 +69,7 @@ class GbcsClient(private val profile: Configuration.Profile) : AutoCloseable {
         data class Profile(
             val serverURI: URI,
             val authentication: Authentication?,
+            val connectionTimeout : Duration?,
             val maxConnections : Int
         )
 
@@ -104,6 +107,9 @@ class GbcsClient(private val profile: Configuration.Profile) : AutoCloseable {
             option(ChannelOption.TCP_NODELAY, true)
             option(ChannelOption.SO_KEEPALIVE, true)
             remoteAddress(InetSocketAddress(host, port))
+            profile.connectionTimeout?.let {
+                option(ChannelOption.CONNECT_TIMEOUT_MILLIS, it.toMillis().toInt())
+            }
         }
         val channelPoolHandler = object : AbstractChannelPoolHandler() {
 
@@ -114,20 +120,29 @@ class GbcsClient(private val profile: Configuration.Profile) : AutoCloseable {
             private var leaseCount = AtomicInteger()
 
             override fun channelReleased(ch: Channel) {
-                log.debug {
+                val activeLeases = leaseCount.decrementAndGet()
-                    "Released lease ${leaseCount.decrementAndGet()}"
+                log.trace {
+                    "Released channel ${ch.id().asShortText()}, number of active leases: $activeLeases"
                 }
             }
 
-            override fun channelAcquired(ch: Channel?) {
+            override fun channelAcquired(ch: Channel) {
-                log.debug {
+                val activeLeases = leaseCount.getAndIncrement()
-                    "Acquired lease ${leaseCount.getAndIncrement()}"
+                log.trace {
+                    "Acquired channel ${ch.id().asShortText()}, number of active leases: $activeLeases"
                 }
             }
 
             override fun channelCreated(ch: Channel) {
+                val connectionId = connectionCount.getAndIncrement()
                 log.debug {
-                    "Created connection ${connectionCount.getAndIncrement()}"
+                    "Created connection $connectionId, total number of active connections: $connectionId"
+                }
+                ch.closeFuture().addListener {
+                    val activeConnections = connectionCount.decrementAndGet()
+                    log.debug {
+                        "Closed connection $connectionId, total number of active connections: $activeConnections"
+                    }
                 }
                 val pipeline: ChannelPipeline = ch.pipeline()
 
@@ -202,6 +217,7 @@ class GbcsClient(private val profile: Configuration.Profile) : AutoCloseable {
                             ctx.close()
                             pipeline.removeLast()
                             pool.release(channel)
+                            super.exceptionCaught(ctx, cause)
                         }
                     })
                     // Prepare the HTTP request
@@ -219,7 +235,7 @@ class GbcsClient(private val profile: Configuration.Profile) : AutoCloseable {
                                     set(HttpHeaderNames.CONTENT_LENGTH, content.readableBytes())
                                 }
                                 set(HttpHeaderNames.HOST, profile.serverURI.host)
-                                set(HttpHeaderNames.CONNECTION, HttpHeaderValues.CLOSE)
+                                set(HttpHeaderNames.CONNECTION, HttpHeaderValues.KEEP_ALIVE)
                                 set(
                                     HttpHeaderNames.ACCEPT_ENCODING,
                                     HttpHeaderValues.GZIP.toString() + "," + HttpHeaderValues.DEFLATE.toString()
@@ -237,6 +253,8 @@ class GbcsClient(private val profile: Configuration.Profile) : AutoCloseable {
                     // Set headers
                     // Send the request
                     channel.writeAndFlush(request)
+                } else {
+                    responseFuture.completeExceptionally(channelFuture.cause())
                 }
             }
         })

gbcs-client/src/main/kotlin/net/woggioni/gbcs/client/impl/Parser.kt

@@ -11,6 +11,7 @@ import java.nio.file.Path
 import java.security.KeyStore
 import java.security.PrivateKey
 import java.security.cert.X509Certificate
+import java.time.Duration
 
 object Parser {
 
@@ -60,7 +61,9 @@ object Parser {
                     val maxConnections = child.renderAttribute("max-connections")
                         ?.let(String::toInt)
                         ?: 50
-                    profiles[name] = GbcsClient.Configuration.Profile(uri, authentication, maxConnections)
+                    val connectionTimeout = child.renderAttribute("connection-timeout")
+                        ?.let(Duration::parse)
+                    profiles[name] = GbcsClient.Configuration.Profile(uri, authentication, connectionTimeout, maxConnections)
                 }
             }
         }

gbcs-client/src/main/resources/net/woggioni/gbcs/client/schema/gbcs-client.xsd

@@ -14,14 +14,18 @@
 
     <xs:complexType name="profileType">
         <xs:choice>
+            <xs:element name="no-auth" type="gbcs-client:noAuthType"/>
             <xs:element name="basic-auth" type="gbcs-client:basicAuthType"/>
             <xs:element name="tls-client-auth" type="gbcs-client:tlsClientAuthType"/>
         </xs:choice>
         <xs:attribute name="name" type="xs:token" use="required"/>
         <xs:attribute name="base-url" type="xs:anyURI" use="required"/>
         <xs:attribute name="max-connections" type="xs:positiveInteger" default="50"/>
+        <xs:attribute name="connection-timeout" type="xs:duration"/>
     </xs:complexType>
 
+    <xs:complexType name="noAuthType"/>
+
     <xs:complexType name="basicAuthType">
         <xs:attribute name="user" type="xs:token" use="required"/>
         <xs:attribute name="password" type="xs:string" use="required"/>

gbcs-server/build.gradle

@@ -1,6 +1,7 @@
 plugins {
     id 'java-library'
     alias catalog.plugins.kotlin.jvm
+    id 'jacoco'
     id 'maven-publish'
 }
 

gbcs-server/src/main/kotlin/net/woggioni/gbcs/server/GradleBuildCacheServer.kt

@@ -7,61 +7,61 @@ import io.netty.channel.Channel
 import io.netty.channel.ChannelDuplexHandler
 import io.netty.channel.ChannelFuture
 import io.netty.channel.ChannelFutureListener
+import io.netty.channel.ChannelHandler.Sharable
 import io.netty.channel.ChannelHandlerContext
+import io.netty.channel.ChannelInboundHandlerAdapter
 import io.netty.channel.ChannelInitializer
 import io.netty.channel.ChannelOption
 import io.netty.channel.ChannelPromise
-import io.netty.channel.DefaultFileRegion
-import io.netty.channel.SimpleChannelInboundHandler
 import io.netty.channel.nio.NioEventLoopGroup
 import io.netty.channel.socket.nio.NioServerSocketChannel
 import io.netty.handler.codec.DecoderException
 import io.netty.handler.codec.compression.CompressionOptions
 import io.netty.handler.codec.http.DefaultFullHttpResponse
 import io.netty.handler.codec.http.DefaultHttpContent
-import io.netty.handler.codec.http.DefaultHttpResponse
-import io.netty.handler.codec.http.FullHttpRequest
 import io.netty.handler.codec.http.FullHttpResponse
 import io.netty.handler.codec.http.HttpContentCompressor
 import io.netty.handler.codec.http.HttpHeaderNames
-import io.netty.handler.codec.http.HttpHeaderValues
-import io.netty.handler.codec.http.HttpMethod
 import io.netty.handler.codec.http.HttpObjectAggregator
 import io.netty.handler.codec.http.HttpRequest
 import io.netty.handler.codec.http.HttpResponseStatus
 import io.netty.handler.codec.http.HttpServerCodec
-import io.netty.handler.codec.http.HttpUtil
 import io.netty.handler.codec.http.HttpVersion
-import io.netty.handler.codec.http.LastHttpContent
 import io.netty.handler.ssl.ClientAuth
 import io.netty.handler.ssl.SslContext
 import io.netty.handler.ssl.SslContextBuilder
-import io.netty.handler.stream.ChunkedNioFile
+import io.netty.handler.ssl.SslHandler
-import io.netty.handler.stream.ChunkedNioStream
 import io.netty.handler.stream.ChunkedWriteHandler
+import io.netty.handler.timeout.IdleStateEvent
+import io.netty.handler.timeout.IdleStateHandler
+import io.netty.handler.timeout.ReadTimeoutException
+import io.netty.handler.timeout.ReadTimeoutHandler
+import io.netty.handler.timeout.WriteTimeoutException
+import io.netty.handler.timeout.WriteTimeoutHandler
 import io.netty.util.concurrent.DefaultEventExecutorGroup
 import io.netty.util.concurrent.EventExecutorGroup
-import net.woggioni.gbcs.api.Cache
 import net.woggioni.gbcs.api.Configuration
 import net.woggioni.gbcs.api.Role
+import net.woggioni.gbcs.api.exception.ConfigurationException
 import net.woggioni.gbcs.api.exception.ContentTooLargeException
-import net.woggioni.gbcs.server.auth.AbstractNettyHttpAuthenticator
-import net.woggioni.gbcs.server.auth.Authorizer
-import net.woggioni.gbcs.server.auth.ClientCertificateValidator
-import net.woggioni.gbcs.server.auth.RoleAuthorizer
 import net.woggioni.gbcs.common.GBCS.toUrl
 import net.woggioni.gbcs.common.PasswordSecurity.decodePasswordHash
 import net.woggioni.gbcs.common.PasswordSecurity.hashPassword
 import net.woggioni.gbcs.common.Xml
 import net.woggioni.gbcs.common.contextLogger
+import net.woggioni.gbcs.common.debug
 import net.woggioni.gbcs.common.info
+import net.woggioni.gbcs.server.auth.AbstractNettyHttpAuthenticator
+import net.woggioni.gbcs.server.auth.Authorizer
+import net.woggioni.gbcs.server.auth.ClientCertificateValidator
+import net.woggioni.gbcs.server.auth.RoleAuthorizer
 import net.woggioni.gbcs.server.configuration.Parser
 import net.woggioni.gbcs.server.configuration.Serializer
+import net.woggioni.gbcs.server.handler.ServerHandler
 import net.woggioni.jwo.JWO
 import net.woggioni.jwo.Tuple2
 import java.io.OutputStream
 import java.net.InetSocketAddress
-import java.nio.channels.FileChannel
 import java.nio.file.Files
 import java.nio.file.Path
 import java.security.KeyStore
@@ -69,14 +69,32 @@ import java.security.PrivateKey
 import java.security.cert.X509Certificate
 import java.util.Arrays
 import java.util.Base64
+import java.util.concurrent.TimeUnit
 import java.util.regex.Matcher
 import java.util.regex.Pattern
 import javax.naming.ldap.LdapName
-import javax.net.ssl.SSLEngine
 import javax.net.ssl.SSLPeerUnverifiedException
 
 
 class GradleBuildCacheServer(private val cfg: Configuration) {
+    private val log = contextLogger()
+
+    companion object {
+
+        val DEFAULT_CONFIGURATION_URL by lazy { "classpath:net/woggioni/gbcs/gbcs-default.xml".toUrl() }
+        private const val SSL_HANDLER_NAME = "sslHandler"
+
+        fun loadConfiguration(configurationFile: Path): Configuration {
+            val doc = Files.newInputStream(configurationFile).use {
+                Xml.parseXml(configurationFile.toUri().toURL(), it)
+            }
+            return Parser.parse(doc)
+        }
+
+        fun dumpConfiguration(conf: Configuration, outputStream: OutputStream) {
+            Xml.write(Serializer.serialize(conf), outputStream)
+        }
+    }
 
     private class HttpChunkContentCompressor(
         threshold: Int,
@@ -99,20 +117,19 @@ class GradleBuildCacheServer(private val cfg: Configuration) {
         }
     }
 
+    @Sharable
     private class ClientCertificateAuthenticator(
         authorizer: Authorizer,
-        private val sslEngine: SSLEngine,
         private val anonymousUserRoles: Set<Role>?,
         private val userExtractor: Configuration.UserExtractor?,
         private val groupExtractor: Configuration.GroupExtractor?,
     ) : AbstractNettyHttpAuthenticator(authorizer) {
 
-        companion object {
-            private val log = contextLogger()
-        }
-
         override fun authenticate(ctx: ChannelHandlerContext, req: HttpRequest): Set<Role>? {
             return try {
+                val sslHandler = (ctx.pipeline().get(SSL_HANDLER_NAME) as? SslHandler)
+                    ?: throw ConfigurationException("Client certificate authentication cannot be used when TLS is disabled")
+                val sslEngine = sslHandler.engine()
                 sslEngine.session.peerCertificates.takeIf {
                     it.isNotEmpty()
                 }?.let { peerCertificates ->
@@ -127,13 +144,11 @@ class GradleBuildCacheServer(private val cfg: Configuration) {
         }
     }
 
+    @Sharable
     private class NettyHttpBasicAuthenticator(
         private val users: Map<String, Configuration.User>, authorizer: Authorizer
     ) : AbstractNettyHttpAuthenticator(authorizer) {
-
-        companion object {
         private val log = contextLogger()
-        }
 
         override fun authenticate(ctx: ChannelHandlerContext, req: HttpRequest): Set<Role>? {
             val authorizationHeader = req.headers()[HttpHeaderNames.AUTHORIZATION] ?: let {
@@ -233,6 +248,30 @@ class GradleBuildCacheServer(private val cfg: Configuration) {
             }
         }
 
+        private val log = contextLogger()
+
+        private val serverHandler = let {
+            val cacheImplementation = cfg.cache.materialize()
+            val prefix = Path.of("/").resolve(Path.of(cfg.serverPath ?: "/"))
+            ServerHandler(cacheImplementation, prefix)
+        }
+
+        private val exceptionHandler = ExceptionHandler()
+
+        private val authenticator = when (val auth = cfg.authentication) {
+            is Configuration.BasicAuthentication -> NettyHttpBasicAuthenticator(cfg.users, RoleAuthorizer())
+            is Configuration.ClientCertificateAuthentication -> {
+                ClientCertificateAuthenticator(
+                    RoleAuthorizer(),
+                    cfg.users[""]?.roles,
+                    userExtractor(auth),
+                    groupExtractor(auth)
+                )
+            }
+
+            else -> null
+        }
+
         private val sslContext: SslContext? = cfg.tls?.let(Companion::createSslCtx)
 
         private fun userExtractor(authentication: Configuration.ClientCertificateAuthentication) =
@@ -264,40 +303,46 @@ class GradleBuildCacheServer(private val cfg: Configuration) {
             }
 
         override fun initChannel(ch: Channel) {
+            log.debug {
+                "Created connection ${ch.id().asShortText()}"
+            }
+            ch.closeFuture().addListener {
+                log.debug {
+                    "Closed connection ${ch.id().asShortText()}"
+                }
+            }
             val pipeline = ch.pipeline()
-            val auth = cfg.authentication
+            cfg.connection.apply {
-            var authenticator: AbstractNettyHttpAuthenticator? = null
+                pipeline.addLast(ReadTimeoutHandler(readTimeout.toMillis(), TimeUnit.MILLISECONDS))
-            if (auth is Configuration.BasicAuthentication) {
+                pipeline.addLast(WriteTimeoutHandler(writeTimeout.toMillis(), TimeUnit.MILLISECONDS))
-                authenticator = (NettyHttpBasicAuthenticator(cfg.users, RoleAuthorizer()))
+                pipeline.addLast(IdleStateHandler(false, 0, 0, idleTimeout.toMillis(), TimeUnit.MILLISECONDS))
             }
-            if (sslContext != null) {
+            pipeline.addLast(object : ChannelInboundHandlerAdapter() {
-                val sslHandler = sslContext.newHandler(ch.alloc())
+                override fun userEventTriggered(ctx: ChannelHandlerContext, evt: Any) {
-                pipeline.addLast(sslHandler)
+                    if (evt is IdleStateEvent) {
-
+                        log.debug {
-                if (auth is Configuration.ClientCertificateAuthentication) {
+                            "Idle timeout reached on channel ${ch.id().asShortText()}, closing the connection"
-                    authenticator = ClientCertificateAuthenticator(
-                        RoleAuthorizer(),
-                        sslHandler.engine(),
-                        cfg.users[""]?.roles,
-                        userExtractor(auth),
-                        groupExtractor(auth)
-                    )
                         }
+                        ctx.close()
+                    }
+                }
+            })
+            sslContext?.newHandler(ch.alloc())?.also {
+                pipeline.addLast(SSL_HANDLER_NAME, it)
             }
             pipeline.addLast(HttpServerCodec())
             pipeline.addLast(HttpChunkContentCompressor(1024))
             pipeline.addLast(ChunkedWriteHandler())
-            pipeline.addLast(HttpObjectAggregator(Int.MAX_VALUE))
+            pipeline.addLast(HttpObjectAggregator(cfg.connection.maxRequestSize))
             authenticator?.let {
                 pipeline.addLast(it)
             }
-            val cacheImplementation = cfg.cache.materialize()
+            pipeline.addLast(eventExecutorGroup, serverHandler)
-            val prefix = Path.of("/").resolve(Path.of(cfg.serverPath ?: "/"))
+            pipeline.addLast(exceptionHandler)
-            pipeline.addLast(eventExecutorGroup, ServerHandler(cacheImplementation, prefix))
-            pipeline.addLast(ExceptionHandler())
         }
     }
 
+    @Sharable
     private class ExceptionHandler : ChannelDuplexHandler() {
         private val log = contextLogger()
 
@@ -329,7 +374,20 @@ class GradleBuildCacheServer(private val cfg: Configuration) {
                     ctx.writeAndFlush(TOO_BIG.retainedDuplicate())
                         .addListener(ChannelFutureListener.CLOSE_ON_FAILURE)
                 }
-
+                is ReadTimeoutException -> {
+                    log.debug {
+                        val channelId = ctx.channel().id().asShortText()
+                        "Read timeout on channel $channelId, closing the connection"
+                    }
+                    ctx.close()
+                }
+                is WriteTimeoutException -> {
+                    log.debug {
+                        val channelId = ctx.channel().id().asShortText()
+                        "Write timeout on channel $channelId, closing the connection"
+                    }
+                    ctx.close()
+                }
                 else -> {
                     log.error(cause.message, cause)
                     ctx.close()
@@ -338,118 +396,13 @@ class GradleBuildCacheServer(private val cfg: Configuration) {
         }
     }
 
-    private class ServerHandler(private val cache: Cache, private val serverPrefix: Path) :
-        SimpleChannelInboundHandler<FullHttpRequest>() {
-
-        companion object {
-            private val log = contextLogger()
-        }
-
-        override fun channelRead0(ctx: ChannelHandlerContext, msg: FullHttpRequest) {
-            val keepAlive: Boolean = HttpUtil.isKeepAlive(msg)
-            val method = msg.method()
-            if (method === HttpMethod.GET) {
-                val path = Path.of(msg.uri())
-                val prefix = path.parent
-                val key = path.fileName.toString()
-                if (serverPrefix == prefix) {
-                    cache.get(key)?.let { channel ->
-                        log.debug(ctx) {
-                            "Cache hit for key '$key'"
-                        }
-                        val response = DefaultHttpResponse(msg.protocolVersion(), HttpResponseStatus.OK)
-                        response.headers()[HttpHeaderNames.CONTENT_TYPE] = HttpHeaderValues.APPLICATION_OCTET_STREAM
-                        if (!keepAlive) {
-                            response.headers().set(HttpHeaderNames.CONNECTION, HttpHeaderValues.CLOSE)
-                            response.headers().set(HttpHeaderNames.TRANSFER_ENCODING, HttpHeaderValues.IDENTITY)
-                        } else {
-                            response.headers().set(HttpHeaderNames.CONNECTION, HttpHeaderValues.KEEP_ALIVE)
-                            response.headers().set(HttpHeaderNames.TRANSFER_ENCODING, HttpHeaderValues.CHUNKED)
-                        }
-                        ctx.write(response)
-                        when (channel) {
-                            is FileChannel -> {
-                                if (keepAlive) {
-                                    ctx.write(ChunkedNioFile(channel))
-                                    ctx.writeAndFlush(LastHttpContent.EMPTY_LAST_CONTENT)
-                                } else {
-                                    ctx.writeAndFlush(DefaultFileRegion(channel, 0, channel.size()))
-                                        .addListener(ChannelFutureListener.CLOSE)
-                                }
-                            }
-
-                            else -> {
-                                ctx.write(ChunkedNioStream(channel))
-                                ctx.writeAndFlush(LastHttpContent.EMPTY_LAST_CONTENT)
-                            }
-                        }
-                    } ?: let {
-                        log.debug(ctx) {
-                            "Cache miss for key '$key'"
-                        }
-                        val response = DefaultFullHttpResponse(msg.protocolVersion(), HttpResponseStatus.NOT_FOUND)
-                        response.headers()[HttpHeaderNames.CONTENT_LENGTH] = 0
-                        ctx.writeAndFlush(response)
-                    }
-                } else {
-                    log.warn(ctx) {
-                        "Got request for unhandled path '${msg.uri()}'"
-                    }
-                    val response = DefaultFullHttpResponse(msg.protocolVersion(), HttpResponseStatus.BAD_REQUEST)
-                    response.headers()[HttpHeaderNames.CONTENT_LENGTH] = 0
-                    ctx.writeAndFlush(response)
-                }
-            } else if (method === HttpMethod.PUT) {
-                val path = Path.of(msg.uri())
-                val prefix = path.parent
-                val key = path.fileName.toString()
-
-                if (serverPrefix == prefix) {
-                    log.debug(ctx) {
-                        "Added value for key '$key' to build cache"
-                    }
-                    val bodyBytes = msg.content().run {
-                        if (isDirect) {
-                            ByteArray(readableBytes()).also {
-                                readBytes(it)
-                            }
-                        } else {
-                            array()
-                        }
-                    }
-                    cache.put(key, bodyBytes)
-                    val response = DefaultFullHttpResponse(
-                        msg.protocolVersion(), HttpResponseStatus.CREATED,
-                        Unpooled.copiedBuffer(key.toByteArray())
-                    )
-                    response.headers()[HttpHeaderNames.CONTENT_LENGTH] = response.content().readableBytes()
-                    ctx.writeAndFlush(response)
-                } else {
-                    log.warn(ctx) {
-                        "Got request for unhandled path '${msg.uri()}'"
-                    }
-                    val response = DefaultFullHttpResponse(msg.protocolVersion(), HttpResponseStatus.BAD_REQUEST)
-                    response.headers()[HttpHeaderNames.CONTENT_LENGTH] = "0"
-                    ctx.writeAndFlush(response)
-                }
-            } else {
-                log.warn(ctx) {
-                    "Got request with unhandled method '${msg.method().name()}'"
-                }
-                val response = DefaultFullHttpResponse(msg.protocolVersion(), HttpResponseStatus.BAD_REQUEST)
-                response.headers()[HttpHeaderNames.CONTENT_LENGTH] = "0"
-                ctx.writeAndFlush(response)
-            }
-        }
-    }
-
     class ServerHandle(
         httpChannelFuture: ChannelFuture,
         private val executorGroups: Iterable<EventExecutorGroup>
     ) : AutoCloseable {
         private val httpChannel: Channel = httpChannelFuture.channel()
-
         private val closeFuture: ChannelFuture = httpChannel.closeFuture()
+        private val log = contextLogger()
 
         fun shutdown(): ChannelFuture {
             return httpChannel.close()
@@ -475,7 +428,7 @@ class GradleBuildCacheServer(private val cfg: Configuration) {
         val serverSocketChannel = NioServerSocketChannel::class.java
         val workerGroup = bossGroup
         val eventExecutorGroup = run {
-            val threadFactory = if (cfg.isUseVirtualThread) {
+            val threadFactory = if (cfg.eventExecutor.isUseVirtualThreads) {
                 Thread.ofVirtual().factory()
             } else {
                 null
@@ -488,7 +441,7 @@ class GradleBuildCacheServer(private val cfg: Configuration) {
             group(bossGroup, workerGroup)
             channel(serverSocketChannel)
             childHandler(ServerInitializer(cfg, eventExecutorGroup))
-            option(ChannelOption.SO_BACKLOG, 128)
+            option(ChannelOption.SO_BACKLOG, cfg.incomingConnectionsBacklogSize)
             childOption(ChannelOption.SO_KEEPALIVE, true)
         }
 
@@ -501,22 +454,4 @@ class GradleBuildCacheServer(private val cfg: Configuration) {
         }
         return ServerHandle(httpChannel, setOf(bossGroup, workerGroup, eventExecutorGroup))
     }
-
-    companion object {
-
-        val DEFAULT_CONFIGURATION_URL by lazy { "classpath:net/woggioni/gbcs/gbcs-default.xml".toUrl() }
-
-        fun loadConfiguration(configurationFile: Path): Configuration {
-            val doc = Files.newInputStream(configurationFile).use {
-                Xml.parseXml(configurationFile.toUri().toURL(), it)
-            }
-            return Parser.parse(doc)
-        }
-
-        fun dumpConfiguration(conf: Configuration, outputStream: OutputStream) {
-            Xml.write(Serializer.serialize(conf), outputStream)
-        }
-
-        private val log = contextLogger()
-    }
 }

gbcs-server/src/main/kotlin/net/woggioni/gbcs/server/auth/ClientCertificateValidator.kt

@@ -19,8 +19,9 @@ import javax.net.ssl.X509TrustManager
 
 
 class ClientCertificateValidator private constructor(
-    private val sslHandler : SslHandler,
+    private val sslHandler: SslHandler,
-    private val x509TrustManager: X509TrustManager) : ChannelInboundHandlerAdapter() {
+    private val x509TrustManager: X509TrustManager
+) : ChannelInboundHandlerAdapter() {
     override fun userEventTriggered(ctx: ChannelHandlerContext, evt: Any) {
         if (evt is SslHandshakeCompletionEvent) {
             if (evt.isSuccess) {
@@ -36,13 +37,14 @@ class ClientCertificateValidator private constructor(
     }
 
     companion object {
-        fun getTrustManager(trustStore : KeyStore?, certificateRevocationEnabled : Boolean) : X509TrustManager {
+        fun getTrustManager(trustStore: KeyStore?, certificateRevocationEnabled: Boolean): X509TrustManager {
-            return if(trustStore != null) {
+            return if (trustStore != null) {
                 val certificateFactory = CertificateFactory.getInstance("X.509")
                 val validator = CertPathValidator.getInstance("PKIX").apply {
                     val rc = revocationChecker as PKIXRevocationChecker
                     rc.options = EnumSet.of(
-                        PKIXRevocationChecker.Option.NO_FALLBACK)
+                        PKIXRevocationChecker.Option.NO_FALLBACK
+                    )
                 }
                 val params = PKIXParameters(trustStore).apply {
                     isRevocationEnabled = certificateRevocationEnabled
@@ -52,7 +54,7 @@ class ClientCertificateValidator private constructor(
                         val clientCertificateChain = certificateFactory.generateCertPath(chain.toList())
                         try {
                             validator.validate(clientCertificateChain, params)
-                        } catch (ex : CertPathValidatorException) {
+                        } catch (ex: CertPathValidatorException) {
                             throw CertificateException(ex)
                         }
                     }
@@ -62,7 +64,7 @@ class ClientCertificateValidator private constructor(
                     }
 
                     private val acceptedIssuers = trustStore.aliases().asSequence()
-                        .filter (trustStore::isCertificateEntry)
+                        .filter(trustStore::isCertificateEntry)
                         .map(trustStore::getCertificate)
                         .map { it as X509Certificate }
                         .toList()
@@ -72,11 +74,16 @@ class ClientCertificateValidator private constructor(
                 }
             } else {
                 val trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm())
-                trustManagerFactory.trustManagers.asSequence().filter { it is X509TrustManager }.single() as X509TrustManager
+                trustManagerFactory.trustManagers.asSequence().filter { it is X509TrustManager }
+                    .single() as X509TrustManager
             }
         }
 
-        fun of(sslHandler : SslHandler, trustStore : KeyStore?, certificateRevocationEnabled : Boolean) : ClientCertificateValidator {
+        fun of(
+            sslHandler: SslHandler,
+            trustStore: KeyStore?,
+            certificateRevocationEnabled: Boolean
+        ): ClientCertificateValidator {
             return ClientCertificateValidator(sslHandler, getTrustManager(trustStore, certificateRevocationEnabled))
         }
     }

gbcs-server/src/main/kotlin/net/woggioni/gbcs/server/configuration/Parser.kt

@@ -19,11 +19,22 @@ import org.w3c.dom.Document
 import org.w3c.dom.Element
 import org.w3c.dom.TypeInfo
 import java.nio.file.Paths
+import java.time.Duration
+import java.time.temporal.ChronoUnit
 
 object Parser {
     fun parse(document: Document): Configuration {
         val root = document.documentElement
         val anonymousUser = User("", null, emptySet())
+        var connection: Configuration.Connection = Configuration.Connection(
+            Duration.of(10, ChronoUnit.SECONDS),
+            Duration.of(10, ChronoUnit.SECONDS),
+            Duration.of(60, ChronoUnit.SECONDS),
+            Duration.of(30, ChronoUnit.SECONDS),
+            Duration.of(30, ChronoUnit.SECONDS),
+            67108864
+        )
+        var eventExecutor: Configuration.EventExecutor = Configuration.EventExecutor(true)
         var cache: Cache? = null
         var host = "127.0.0.1"
         var port = 11080
@@ -31,42 +42,11 @@ object Parser {
         var groups = emptyMap<String, Group>()
         var tls: Tls? = null
         val serverPath = root.renderAttribute("path")
-        val useVirtualThread = root.renderAttribute("useVirtualThreads")
+        var incomingConnectionsBacklogSize = 1024
-            ?.let(String::toBoolean) ?: true
         var authentication: Authentication? = null
         for (child in root.asIterable()) {
             val tagName = child.localName
             when (tagName) {
-                "authorization" -> {
-                    var knownUsers = sequenceOf(anonymousUser)
-                    for (gchild in child.asIterable()) {
-                        when (gchild.localName) {
-                            "users" -> {
-                                knownUsers += parseUsers(gchild)
-                            }
-                            "groups" -> {
-                                val pair = parseGroups(gchild, knownUsers)
-                                users = pair.first
-                                groups = pair.second
-                            }
-                        }
-                    }
-                }
-
-                "bind" -> {
-                    host = child.renderAttribute("host") ?: throw ConfigurationException("host attribute is required")
-                    port = Integer.parseInt(child.renderAttribute("port"))
-                }
-
-                "cache" -> {
-                    cache = (child as TypeInfo).let { tf ->
-                        val typeNamespace = tf.typeNamespace
-                        val typeName = tf.typeName
-                        CacheSerializers.index[typeNamespace to typeName]
-                            ?: throw IllegalArgumentException("Cache provider for namespace '$typeNamespace' not found")
-                    }.deserialize(child)
-                }
-
                 "authentication" -> {
                     for (gchild in child.asIterable()) {
                         when (gchild.localName) {
@@ -98,6 +78,66 @@ object Parser {
                     }
                 }
 
+                "authorization" -> {
+                    var knownUsers = sequenceOf(anonymousUser)
+                    for (gchild in child.asIterable()) {
+                        when (gchild.localName) {
+                            "users" -> {
+                                knownUsers += parseUsers(gchild)
+                            }
+                            "groups" -> {
+                                val pair = parseGroups(gchild, knownUsers)
+                                users = pair.first
+                                groups = pair.second
+                            }
+                        }
+                    }
+                }
+
+                "bind" -> {
+                    host = child.renderAttribute("host") ?: throw ConfigurationException("host attribute is required")
+                    port = Integer.parseInt(child.renderAttribute("port"))
+                    incomingConnectionsBacklogSize = child.renderAttribute("incoming-connections-backlog-size")
+                        ?.let(Integer::parseInt)
+                        ?: 1024
+                }
+
+                "cache" -> {
+                    cache = (child as TypeInfo).let { tf ->
+                        val typeNamespace = tf.typeNamespace
+                        val typeName = tf.typeName
+                        CacheSerializers.index[typeNamespace to typeName]
+                            ?: throw IllegalArgumentException("Cache provider for namespace '$typeNamespace' not found")
+                    }.deserialize(child)
+                }
+
+                "connection" -> {
+                    val writeTimeout = child.renderAttribute("write-timeout")
+                        ?.let(Duration::parse) ?: Duration.of(10, ChronoUnit.SECONDS)
+                    val readTimeout = child.renderAttribute("read-timeout")
+                        ?.let(Duration::parse) ?: Duration.of(10, ChronoUnit.SECONDS)
+                    val idleTimeout = child.renderAttribute("idle-timeout")
+                        ?.let(Duration::parse) ?: Duration.of(30, ChronoUnit.SECONDS)
+                    val readIdleTimeout = child.renderAttribute("read-idle-timeout")
+                        ?.let(Duration::parse) ?: Duration.of(60, ChronoUnit.SECONDS)
+                    val writeIdleTimeout = child.renderAttribute("write-idle-timeout")
+                        ?.let(Duration::parse) ?: Duration.of(60, ChronoUnit.SECONDS)
+                    val maxRequestSize = child.renderAttribute("max-request-size")
+                        ?.let(String::toInt) ?: 67108864
+                    connection = Configuration.Connection(
+                        readTimeout,
+                        writeTimeout,
+                        idleTimeout,
+                        readIdleTimeout,
+                        writeIdleTimeout,
+                        maxRequestSize
+                    )
+                }
+                "event-executor" -> {
+                    val useVirtualThread = root.renderAttribute("use-virtual-threads")
+                        ?.let(String::toBoolean) ?: true
+                    eventExecutor = Configuration.EventExecutor(useVirtualThread)
+                }
                 "tls" -> {
                     val verifyClients = child.renderAttribute("verify-clients")
                         ?.let(String::toBoolean) ?: false
@@ -136,7 +176,19 @@ object Parser {
                 }
             }
         }
-        return Configuration(host, port, serverPath, users, groups, cache!!, authentication, tls, useVirtualThread)
+        return Configuration.of(
+            host,
+            port,
+            incomingConnectionsBacklogSize,
+            serverPath,
+            eventExecutor,
+            connection,
+            users,
+            groups,
+            cache!!,
+            authentication,
+            tls,
+        )
     }
 
     private fun parseRoles(root: Element) = root.asIterable().asSequence().map {
@@ -148,8 +200,12 @@ object Parser {
     }.toSet()
 
     private fun parseUserRefs(root: Element) = root.asIterable().asSequence().map {
-        it.renderAttribute("ref")
+        when(it.localName) {
-    }.toSet()
+            "user" -> it.renderAttribute("ref")
+            "anonymous" -> ""
+            else -> ConfigurationException("Unrecognized tag '${it.localName}'")
+        }
+    }
 
     private fun parseUsers(root: Element): Sequence<User> {
         return root.asIterable().asSequence().filter {

gbcs-server/src/main/kotlin/net/woggioni/gbcs/server/configuration/Serializer.kt

@@ -14,7 +14,6 @@ object Serializer {
             it.xmlNamespace to it.xmlSchemaLocation
         }.toMap()
         return Xml.of(GBCS.GBCS_NAMESPACE_URI, GBCS.GBCS_PREFIX + ":server") {
-            attr("useVirtualThreads", conf.isUseVirtualThread.toString())
 //            attr("xmlns:xs", GradleBuildCacheServer.XML_SCHEMA_NAMESPACE_URI)
             val value = schemaLocations.asSequence().map { (k, v) -> "$k $v" }.joinToString(" ")
             attr("xs:schemaLocation", value , namespaceURI = GBCS.XML_SCHEMA_NAMESPACE_URI)
@@ -27,6 +26,20 @@ object Serializer {
             node("bind") {
                 attr("host", conf.host)
                 attr("port", conf.port.toString())
+                attr("incoming-connections-backlog-size", conf.incomingConnectionsBacklogSize.toString())
+            }
+            node("connection") {
+                conf.connection.let { connection ->
+                    attr("read-timeout", connection.readTimeout.toString())
+                    attr("write-timeout", connection.writeTimeout.toString())
+                    attr("idle-timeout", connection.idleTimeout.toString())
+                    attr("read-idle-timeout", connection.readIdleTimeout.toString())
+                    attr("write-idle-timeout", connection.writeIdleTimeout.toString())
+                    attr("max-request-size", connection.maxRequestSize.toString())
+                }
+            }
+            node("event-executor") {
+                attr("use-virtual-threads", conf.eventExecutor.isUseVirtualThreads.toString())
             }
             val cache = conf.cache
             val serializer : CacheProvider<Configuration.Cache> =

gbcs-server/src/main/kotlin/net/woggioni/gbcs/server/handler/ServerHandler.kt

@@ -0,0 +1,129 @@
+package net.woggioni.gbcs.server.handler
+
+import io.netty.buffer.Unpooled
+import io.netty.channel.ChannelFutureListener
+import io.netty.channel.ChannelHandler
+import io.netty.channel.ChannelHandlerContext
+import io.netty.channel.DefaultFileRegion
+import io.netty.channel.SimpleChannelInboundHandler
+import io.netty.handler.codec.http.DefaultFullHttpResponse
+import io.netty.handler.codec.http.DefaultHttpResponse
+import io.netty.handler.codec.http.FullHttpRequest
+import io.netty.handler.codec.http.HttpHeaderNames
+import io.netty.handler.codec.http.HttpHeaderValues
+import io.netty.handler.codec.http.HttpMethod
+import io.netty.handler.codec.http.HttpResponseStatus
+import io.netty.handler.codec.http.HttpUtil
+import io.netty.handler.codec.http.LastHttpContent
+import io.netty.handler.stream.ChunkedNioFile
+import io.netty.handler.stream.ChunkedNioStream
+import net.woggioni.gbcs.api.Cache
+import net.woggioni.gbcs.common.contextLogger
+import net.woggioni.gbcs.server.debug
+import net.woggioni.gbcs.server.warn
+import java.nio.channels.FileChannel
+import java.nio.file.Path
+
+@ChannelHandler.Sharable
+class ServerHandler(private val cache: Cache, private val serverPrefix: Path) :
+    SimpleChannelInboundHandler<FullHttpRequest>() {
+
+    private val log = contextLogger()
+
+    override fun channelRead0(ctx: ChannelHandlerContext, msg: FullHttpRequest) {
+        val keepAlive: Boolean = HttpUtil.isKeepAlive(msg)
+        val method = msg.method()
+        if (method === HttpMethod.GET) {
+            val path = Path.of(msg.uri())
+            val prefix = path.parent
+            val key = path.fileName.toString()
+            if (serverPrefix == prefix) {
+                cache.get(key)?.let { channel ->
+                    log.debug(ctx) {
+                        "Cache hit for key '$key'"
+                    }
+                    val response = DefaultHttpResponse(msg.protocolVersion(), HttpResponseStatus.OK)
+                    response.headers()[HttpHeaderNames.CONTENT_TYPE] = HttpHeaderValues.APPLICATION_OCTET_STREAM
+                    if (!keepAlive) {
+                        response.headers().set(HttpHeaderNames.CONNECTION, HttpHeaderValues.CLOSE)
+                        response.headers().set(HttpHeaderNames.TRANSFER_ENCODING, HttpHeaderValues.IDENTITY)
+                    } else {
+                        response.headers().set(HttpHeaderNames.CONNECTION, HttpHeaderValues.KEEP_ALIVE)
+                        response.headers().set(HttpHeaderNames.TRANSFER_ENCODING, HttpHeaderValues.CHUNKED)
+                    }
+                    ctx.write(response)
+                    when (channel) {
+                        is FileChannel -> {
+                            if (keepAlive) {
+                                ctx.write(ChunkedNioFile(channel))
+                                ctx.writeAndFlush(LastHttpContent.EMPTY_LAST_CONTENT)
+                            } else {
+                                ctx.writeAndFlush(DefaultFileRegion(channel, 0, channel.size()))
+                                    .addListener(ChannelFutureListener.CLOSE)
+                            }
+                        }
+
+                        else -> {
+                            ctx.write(ChunkedNioStream(channel))
+                            ctx.writeAndFlush(LastHttpContent.EMPTY_LAST_CONTENT)
+                        }
+                    }
+                } ?: let {
+                    log.debug(ctx) {
+                        "Cache miss for key '$key'"
+                    }
+                    val response = DefaultFullHttpResponse(msg.protocolVersion(), HttpResponseStatus.NOT_FOUND)
+                    response.headers()[HttpHeaderNames.CONTENT_LENGTH] = 0
+                    ctx.writeAndFlush(response)
+                }
+            } else {
+                log.warn(ctx) {
+                    "Got request for unhandled path '${msg.uri()}'"
+                }
+                val response = DefaultFullHttpResponse(msg.protocolVersion(), HttpResponseStatus.BAD_REQUEST)
+                response.headers()[HttpHeaderNames.CONTENT_LENGTH] = 0
+                ctx.writeAndFlush(response)
+            }
+        } else if (method === HttpMethod.PUT) {
+            val path = Path.of(msg.uri())
+            val prefix = path.parent
+            val key = path.fileName.toString()
+
+            if (serverPrefix == prefix) {
+                log.debug(ctx) {
+                    "Added value for key '$key' to build cache"
+                }
+                val bodyBytes = msg.content().run {
+                    if (isDirect) {
+                        ByteArray(readableBytes()).also {
+                            readBytes(it)
+                        }
+                    } else {
+                        array()
+                    }
+                }
+                cache.put(key, bodyBytes)
+                val response = DefaultFullHttpResponse(
+                    msg.protocolVersion(), HttpResponseStatus.CREATED,
+                    Unpooled.copiedBuffer(key.toByteArray())
+                )
+                response.headers()[HttpHeaderNames.CONTENT_LENGTH] = response.content().readableBytes()
+                ctx.writeAndFlush(response)
+            } else {
+                log.warn(ctx) {
+                    "Got request for unhandled path '${msg.uri()}'"
+                }
+                val response = DefaultFullHttpResponse(msg.protocolVersion(), HttpResponseStatus.BAD_REQUEST)
+                response.headers()[HttpHeaderNames.CONTENT_LENGTH] = "0"
+                ctx.writeAndFlush(response)
+            }
+        } else {
+            log.warn(ctx) {
+                "Got request with unhandled method '${msg.method().name()}'"
+            }
+            val response = DefaultFullHttpResponse(msg.protocolVersion(), HttpResponseStatus.BAD_REQUEST)
+            response.headers()[HttpHeaderNames.CONTENT_LENGTH] = "0"
+            ctx.writeAndFlush(response)
+        }
+    }
+}

gbcs-server/src/main/resources/net/woggioni/gbcs/server/gbcs-default.xml

@@ -1,8 +1,17 @@
 <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
-<gbcs:server useVirtualThreads="false" xmlns:xs="http://www.w3.org/2001/XMLSchema-instance"
+<gbcs:server
+             xmlns:xs="http://www.w3.org/2001/XMLSchema-instance"
              xmlns:gbcs="urn:net.woggioni.gbcs.server"
              xs:schemaLocation="urn:net.woggioni.gbcs.server jpms://net.woggioni.gbcs.server/net/woggioni/gbcs/server/schema/gbcs.xsd">
-    <bind host="127.0.0.1" port="8080"/>
+    <bind host="127.0.0.1" port="8080" incoming-connections-backlog-size="1024"/>
+    <connection
+            max-request-size="67108864"
+            idle-timeout="PT30S"
+            read-timeout="PT10S"
+            write-timeout="PT10S"
+            read-idle-timeout="PT60S"
+            write-idle-timeout="PT60S"/>
+    <event-executor use-virtual-threads="true"/>
     <cache xs:type="gbcs:fileSystemCacheType" path="/tmp/gbcs" max-age="P7D"/>
     <authentication>
         <none/>

gbcs-server/src/main/resources/net/woggioni/gbcs/server/schema/gbcs.xsd

@@ -8,6 +8,8 @@
     <xs:complexType name="serverType">
         <xs:sequence minOccurs="0">
             <xs:element name="bind" type="gbcs:bindType" maxOccurs="1"/>
+            <xs:element name="connection" type="gbcs:connectionType" minOccurs="0" maxOccurs="1"/>
+            <xs:element name="event-executor" type="gbcs:eventExecutorType" minOccurs="0" maxOccurs="1"/>
             <xs:element name="cache" type="gbcs:cacheType" maxOccurs="1"/>
             <xs:element name="authorization" type="gbcs:authorizationType" minOccurs="0">
                 <xs:key name="userId">
@@ -23,12 +25,25 @@
             <xs:element name="tls" type="gbcs:tlsType" minOccurs="0" maxOccurs="1"/>
         </xs:sequence>
         <xs:attribute name="path" type="xs:string" use="optional"/>
-        <xs:attribute name="useVirtualThreads" type="xs:boolean" use="optional" default="true"/>
     </xs:complexType>
 
     <xs:complexType name="bindType">
         <xs:attribute name="host" type="xs:token" use="required"/>
         <xs:attribute name="port" type="xs:unsignedShort" use="required"/>
+        <xs:attribute name="incoming-connections-backlog-size" type="xs:unsignedInt" use="optional" default="1024"/>
+    </xs:complexType>
+
+    <xs:complexType name="connectionType">
+        <xs:attribute name="read-timeout" type="xs:duration" use="optional" default="PT10S"/>
+        <xs:attribute name="write-timeout" type="xs:duration" use="optional" default="PT10S"/>
+        <xs:attribute name="idle-timeout" type="xs:duration" use="optional" default="PT30S"/>
+        <xs:attribute name="read-idle-timeout" type="xs:duration" use="optional" default="PT60S"/>
+        <xs:attribute name="write-idle-timeout" type="xs:duration" use="optional" default="PT60S"/>
+        <xs:attribute name="max-request-size" type="xs:unsignedInt" use="optional" default="67108864"/>
+    </xs:complexType>
+
+    <xs:complexType name="eventExecutorType">
+        <xs:attribute name="use-virtual-threads" type="xs:boolean" use="optional" default="true"/>
     </xs:complexType>
 
     <xs:complexType name="cacheType" abstract="true"/>

gbcs-server/src/test/kotlin/net/woggioni/gbcs/server/test/AbstractBasicAuthServerTest.kt

@@ -11,6 +11,7 @@ import java.net.http.HttpRequest
 import java.nio.charset.StandardCharsets
 import java.nio.file.Path
 import java.time.Duration
+import java.time.temporal.ChronoUnit
 import java.util.Base64
 import java.util.zip.Deflater
 import kotlin.random.Random
@@ -30,10 +31,20 @@ abstract class AbstractBasicAuthServerTest : AbstractServerTest() {
 
     override fun setUp() {
         this.cacheDir = testDir.resolve("cache")
-        cfg = Configuration(
+        cfg = Configuration.of(
             "127.0.0.1",
             NetworkUtils.getFreePort(),
+            50,
             serverPath,
+            Configuration.EventExecutor(false),
+            Configuration.Connection(
+                Duration.of(10, ChronoUnit.SECONDS),
+                Duration.of(10, ChronoUnit.SECONDS),
+                Duration.of(60, ChronoUnit.SECONDS),
+                Duration.of(30, ChronoUnit.SECONDS),
+                Duration.of(30, ChronoUnit.SECONDS),
+                0x1000
+            ),
             users.asSequence().map { it.name to it}.toMap(),
             sequenceOf(writersGroup, readersGroup).map { it.name to it}.toMap(),
             FileSystemCacheConfiguration(this.cacheDir,
@@ -44,7 +55,6 @@ abstract class AbstractBasicAuthServerTest : AbstractServerTest() {
             ),
             Configuration.BasicAuthentication(),
             null,
-            true,
         )
         Xml.write(Serializer.serialize(cfg), System.out)
     }

gbcs-server/src/test/kotlin/net/woggioni/gbcs/server/test/AbstractTlsServerTest.kt

@@ -18,6 +18,7 @@ import java.nio.file.Path
 import java.security.KeyStore
 import java.security.KeyStore.PasswordProtection
 import java.time.Duration
+import java.time.temporal.ChronoUnit
 import java.util.Base64
 import java.util.zip.Deflater
 import javax.net.ssl.KeyManagerFactory
@@ -138,7 +139,17 @@ abstract class AbstractTlsServerTest : AbstractServerTest() {
         cfg = Configuration(
             "127.0.0.1",
             NetworkUtils.getFreePort(),
+            100,
             serverPath,
+            Configuration.EventExecutor(false),
+            Configuration.Connection(
+                Duration.of(10, ChronoUnit.SECONDS),
+                Duration.of(10, ChronoUnit.SECONDS),
+                Duration.of(60, ChronoUnit.SECONDS),
+                Duration.of(30, ChronoUnit.SECONDS),
+                Duration.of(30, ChronoUnit.SECONDS),
+                0x1000
+            ),
             users.asSequence().map { it.name to it }.toMap(),
             sequenceOf(writersGroup, readersGroup).map { it.name to it }.toMap(),
             FileSystemCacheConfiguration(this.cacheDir,
@@ -156,7 +167,6 @@ abstract class AbstractTlsServerTest : AbstractServerTest() {
                 Configuration.TrustStore(this.trustStoreFile, null, false),
                 true
             ),
-            false,
         )
         Xml.write(Serializer.serialize(cfg), System.out)
     }

gbcs-server/src/test/kotlin/net/woggioni/gbcs/server/test/NoAuthServerTest.kt

@@ -15,6 +15,7 @@ import java.net.http.HttpRequest
 import java.net.http.HttpResponse
 import java.nio.file.Path
 import java.time.Duration
+import java.time.temporal.ChronoUnit
 import java.util.Base64
 import java.util.zip.Deflater
 import kotlin.random.Random
@@ -33,7 +34,17 @@ class NoAuthServerTest : AbstractServerTest() {
         cfg = Configuration(
             "127.0.0.1",
             NetworkUtils.getFreePort(),
+            100,
             serverPath,
+            Configuration.EventExecutor(false),
+            Configuration.Connection(
+                Duration.of(10, ChronoUnit.SECONDS),
+                Duration.of(10, ChronoUnit.SECONDS),
+                Duration.of(60, ChronoUnit.SECONDS),
+                Duration.of(30, ChronoUnit.SECONDS),
+                Duration.of(30, ChronoUnit.SECONDS),
+                0x1000
+            ),
             emptyMap(),
             emptyMap(),
             FileSystemCacheConfiguration(
@@ -45,7 +56,6 @@ class NoAuthServerTest : AbstractServerTest() {
             ),
             null,
             null,
-            true,
         )
         Xml.write(Serializer.serialize(cfg), System.out)
     }

gbcs-server/src/test/resources/net/woggioni/gbcs/server/test/gbcs-default.xml

@@ -1,8 +1,16 @@
 <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
-<gbcs:server useVirtualThreads="false" xmlns:xs="http://www.w3.org/2001/XMLSchema-instance"
+<gbcs:server xmlns:xs="http://www.w3.org/2001/XMLSchema-instance"
              xmlns:gbcs="urn:net.woggioni.gbcs.server"
              xs:schemaLocation="urn:net.woggioni.gbcs.server jpms://net.woggioni.gbcs.server/net/woggioni/gbcs/server/schema/gbcs.xsd">
-    <bind host="127.0.0.1" port="11443"/>
+    <bind host="127.0.0.1" port="11443" incoming-connections-backlog-size="22"/>
+    <connection
+            write-timeout="PT25M"
+            read-timeout="PT20M"
+            read-idle-timeout="PT10M"
+            write-idle-timeout="PT11M"
+            idle-timeout="PT30M"
+            max-request-size="101325"/>
+    <event-executor use-virtual-threads="false"/>
     <cache xs:type="gbcs:fileSystemCacheType" path="/tmp/gbcs" max-age="P7D"/>
     <authentication>
         <none/>

gbcs-server/src/test/resources/net/woggioni/gbcs/server/test/gbcs-memcached.xml

@@ -1,9 +1,17 @@
 <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
-<gbcs:server useVirtualThreads="false" xmlns:xs="http://www.w3.org/2001/XMLSchema-instance"
+<gbcs:server xmlns:xs="http://www.w3.org/2001/XMLSchema-instance"
              xmlns:gbcs="urn:net.woggioni.gbcs.server"
              xmlns:gbcs-memcached="urn:net.woggioni.gbcs.server.memcached"
              xs:schemaLocation="urn:net.woggioni.gbcs.server.memcached jpms://net.woggioni.gbcs.server.memcached/net/woggioni/gbcs/server/memcached/schema/gbcs-memcached.xsd urn:net.woggioni.gbcs.server jpms://net.woggioni.gbcs.server/net/woggioni/gbcs/server/schema/gbcs.xsd">
-    <bind host="127.0.0.1" port="11443" />
+    <bind host="127.0.0.1" port="11443" incoming-connections-backlog-size="50"/>
+    <connection
+            write-timeout="PT25M"
+            read-timeout="PT20M"
+            read-idle-timeout="PT10M"
+            write-idle-timeout="PT11M"
+            idle-timeout="PT30M"
+            max-request-size="101325"/>
+    <event-executor use-virtual-threads="false"/>
     <cache xs:type="gbcs-memcached:memcachedCacheType" max-age="P7D" max-size="101325" digest="SHA-256">
         <server host="127.0.0.1" port="11211"/>
     </cache>

gbcs-server/src/test/resources/net/woggioni/gbcs/server/test/gbcs-tls.xml

@@ -1,8 +1,16 @@
 <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
-<gbcs:server useVirtualThreads="false" xmlns:xs="http://www.w3.org/2001/XMLSchema-instance"
+<gbcs:server xmlns:xs="http://www.w3.org/2001/XMLSchema-instance"
              xmlns:gbcs="urn:net.woggioni.gbcs.server"
              xs:schemaLocation="urn:net.woggioni.gbcs.server jpms://net.woggioni.gbcs.server/net/woggioni/gbcs/server/schema/gbcs.xsd">
-    <bind host="127.0.0.1" port="11443"/>
+    <bind host="127.0.0.1" port="11443" incoming-connections-backlog-size="180"/>
+    <connection
+            write-timeout="PT25M"
+            read-timeout="PT20M"
+            read-idle-timeout="PT10M"
+            write-idle-timeout="PT11M"
+            idle-timeout="PT30M"
+            max-request-size="4096"/>
+    <event-executor use-virtual-threads="false"/>
     <cache xs:type="gbcs:fileSystemCacheType" path="/tmp/gbcs" max-age="P7D"/>
     <authorization>
         <users>