added anonymous user

.gitea/workflows/build.yaml

@@ -17,45 +17,53 @@ jobs:
       - name: Setup Gradle
         uses: gradle/actions/setup-gradle@v3
       - name: Execute Gradle build
-        env:
+        run: ./gradlew build
-          PUBLISHER_TOKEN: ${{ secrets.PUBLISHER_TOKEN }}
+      - name: Prepare Docker image build
-        run: ./gradlew build publish
+        run: ./gradlew prepareDockerBuild
-  build-docker:
+      - name: Get project version
-    name: "Build Docker images"
+        id: retrieve-version
-    runs-on: hostinger
+        run: ./gradlew -q version >> "$GITHUB_OUTPUT"
-    steps:
+      - name: Set up QEMU
-      -
+        uses: docker/setup-qemu-action@v3
-        name: Set up Docker Buildx
+      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3.4.0
+        uses: docker/setup-buildx-action@v3
         with:
           driver: docker-container
-      -
+      - name: Login to Gitea container registry
-        name: Login to Gitea container registry
         uses: docker/login-action@v3
         with:
           registry: gitea.woggioni.net
           username: woggioni
           password: ${{ secrets.PUBLISHER_TOKEN }}
       -
-        name: Build and push gbcs images
+        name: Build gbcs Docker image
-        uses: docker/build-push-action@v6
+        uses: docker/build-push-action@v5.3.0
         with:
+          context: "docker/build/docker"
+          platforms: linux/amd64,linux/arm64
           push: true
           pull: true
           tags: |
-            "gitea.woggioni.net/woggioni/gbcs:slim"
+            gitea.woggioni.net/woggioni/gbcs:latest
-          cache-from: type=registry,ref=gitea.woggioni.net/woggioni/gbcs:buildx
+            gitea.woggioni.net/woggioni/gbcs:${{ steps.retrieve-version.outputs.VERSION }}
-          cache-to: type=registry,mode=max,compression=zstd,image-manifest=true,oci-mediatypes=true,ref=gitea.woggioni.net/woggioni/gbcs:buildx
           target: release
+          cache-from: type=registry,ref=gitea.woggioni.net/woggioni/gbcs:buildx
       -
-        name: Build and push gbcs memcached image
+        name: Build gbcs memcached Docker image
-        uses: docker/build-push-action@v6
+        uses: docker/build-push-action@v5.3.0
         with:
+          context: "docker/build/docker"
+          platforms: linux/amd64,linux/arm64
           push: true
           pull: true
           tags: |
-            "gitea.woggioni.net/woggioni/gbcs:latest"
+            gitea.woggioni.net/woggioni/gbcs:memcached
-            "gitea.woggioni.net/woggioni/gbcs:memcached"
+            gitea.woggioni.net/woggioni/gbcs:memcached-${{ steps.retrieve-version.outputs.VERSION }}
+          target: release-memcached
           cache-from: type=registry,ref=gitea.woggioni.net/woggioni/gbcs:buildx
           cache-to: type=registry,mode=max,compression=zstd,image-manifest=true,oci-mediatypes=true,ref=gitea.woggioni.net/woggioni/gbcs:buildx
-          target: release-memcached
+      - name: Publish artifacts
+        env:
+          PUBLISHER_TOKEN: ${{ secrets.PUBLISHER_TOKEN }}
+        run: ./gradlew publish
+

Dockerfile

@@ -1,46 +1,2 @@
-FROM container-registry.oracle.com/graalvm/native-image:21 AS oracle
+FROM gitea.woggioni.net/woggioni/gbcs:memcached
-
-FROM ubuntu:24.04 AS build
-COPY --from=oracle /usr/lib64/graalvm/ /usr/lib64/graalvm/
-ENV JAVA_HOME=/usr/lib64/graalvm/graalvm-java21
-USER ubuntu
-WORKDIR /home/ubuntu
-
-RUN mkdir gbcs
-WORKDIR /home/ubuntu/gbcs
-
-COPY --chown=ubuntu:users .git .git
-COPY --chown=ubuntu:users gbcs-base gbcs-base
-COPY --chown=ubuntu:users gbcs-api gbcs-api
-COPY --chown=ubuntu:users gbcs-memcached gbcs-memcached
-COPY --chown=ubuntu:users gbcs-cli gbcs-cli
-COPY --chown=ubuntu:users src src
-COPY --chown=ubuntu:users settings.gradle settings.gradle
-COPY --chown=ubuntu:users build.gradle build.gradle
-COPY --chown=ubuntu:users gradle.properties gradle.properties
-COPY --chown=ubuntu:users gradle gradle
-COPY --chown=ubuntu:users gradlew gradlew
-
-RUN --mount=type=cache,target=/home/ubuntu/.gradle,uid=1000,gid=1000 ./gradlew --no-daemon assemble
-
-FROM alpine:latest AS base-release
-RUN --mount=type=cache,target=/var/cache/apk apk update
-RUN --mount=type=cache,target=/var/cache/apk apk add openjdk21-jre
-RUN adduser -D luser
-USER luser
-WORKDIR /home/luser
-
-FROM base-release AS release
-RUN --mount=type=bind,from=build,source=/home/ubuntu/gbcs/gbcs-cli/build,target=/home/luser/build cp build/libs/gbcs-cli-envelope*.jar gbcs.jar
-ENTRYPOINT ["java", "-jar", "/home/luser/gbcs.jar"]
-
-FROM base-release AS release-memcached
-RUN --mount=type=bind,from=build,source=/home/ubuntu/gbcs/gbcs-cli/build,target=/home/luser/build cp build/libs/gbcs-cli-envelope*.jar gbcs.jar
-RUN mkdir plugins
-WORKDIR /home/luser/plugins
-RUN --mount=type=bind,from=build,source=/home/ubuntu/gbcs/gbcs-memcached/build/distributions,target=/build/distributions tar -xf /build/distributions/gbcs-memcached*.tar
-WORKDIR /home/luser
-ENTRYPOINT ["java", "-jar", "/home/luser/gbcs.jar"]
-
-FROM release-memcached as compose
 COPY --chown=luser:luser conf/gbcs-memcached.xml /home/luser/.config/gbcs/gbcs.xml

benchmark/build.gradle

@@ -0,0 +1,26 @@
+plugins {
+    alias catalog.plugins.gradle.jmh
+    alias catalog.plugins.lombok
+}
+
+import me.champeau.jmh.JMHTask
+
+dependencies {
+    implementation rootProject
+
+    implementation catalog.jwo
+    implementation catalog.xz
+    implementation catalog.jackson.databind
+
+    jmhAnnotationProcessor catalog.lombok
+}
+
+jmh {
+    threads = 4
+    iterations = 2
+    fork = 1
+    warmupIterations = 1
+    warmupForks = 0
+    resultFormat = 'JSON'
+}
+

benchmark/src/jmh/java/net/woggioni/gbcs/benchmark/Main.java

@@ -0,0 +1,262 @@
+package net.woggioni.gbcs.benchmark;
+
+import lombok.Getter;
+import lombok.SneakyThrows;
+import net.woggioni.jwo.Fun;
+import org.openjdk.jmh.annotations.Benchmark;
+import org.openjdk.jmh.annotations.BenchmarkMode;
+import org.openjdk.jmh.annotations.Level;
+import org.openjdk.jmh.annotations.Mode;
+import org.openjdk.jmh.annotations.OutputTimeUnit;
+import org.openjdk.jmh.annotations.Scope;
+import org.openjdk.jmh.annotations.Setup;
+import org.openjdk.jmh.annotations.State;
+import org.openjdk.jmh.annotations.TearDown;
+
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactory;
+import java.net.URI;
+import java.net.http.HttpClient;
+import java.net.http.HttpRequest;
+import java.net.http.HttpResponse;
+import java.nio.charset.StandardCharsets;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.security.KeyStore;
+import java.util.Arrays;
+import java.util.Base64;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.Map;
+import java.util.Optional;
+import java.util.Properties;
+import java.util.Random;
+import java.util.concurrent.TimeUnit;
+import java.util.function.Predicate;
+
+public class Main {
+
+    @SneakyThrows
+    private static Properties loadProperties() {
+        Properties properties = new Properties();
+        try (final var is = Main.class.getResourceAsStream("/benchmark.properties")) {
+            properties.load(is);
+        }
+        return properties;
+    }
+
+    private static final Properties properties = loadProperties();
+
+    @State(Scope.Thread)
+    public static class ExecutionPlan {
+        private final Random random = new Random(101325);
+
+        @Getter
+        private final HttpClient client = createHttpClient();
+
+        private final Map<String, byte[]> entries = new HashMap<>();
+
+
+        private HttpClient createHttpClient() {
+            final var clientBuilder = HttpClient.newBuilder();
+            getSslContext().ifPresent(clientBuilder::sslContext);
+            return clientBuilder.build();
+        }
+
+        public final Map<String, byte[]> getEntries() {
+            return Collections.unmodifiableMap(entries);
+        }
+
+        public Map.Entry<String, byte[]> newEntry() {
+            final var keyBuffer = new byte[0x20];
+            random.nextBytes(keyBuffer);
+            final var key = Base64.getUrlEncoder().encodeToString(keyBuffer);
+            final var value = new byte[0x1000];
+            random.nextBytes(value);
+            return Map.entry(key, value);
+        }
+
+        @SneakyThrows
+        public HttpRequest.Builder newRequestBuilder(String key) {
+            final var requestBuilder = HttpRequest.newBuilder()
+                    .uri(getServerURI().resolve(key));
+            String user = getUser();
+            if (user != null) {
+                requestBuilder.header("Authorization", buildAuthorizationHeader(user, getPassword()));
+            }
+            return requestBuilder;
+        }
+
+        @SneakyThrows
+        public URI getServerURI() {
+            return new URI(properties.getProperty("gbcs.server.url"));
+        }
+
+        @SneakyThrows
+        public Optional<String> getClientTrustStorePassword() {
+            return Optional.ofNullable(properties.getProperty("gbcs.client.ssl.truststore.password"))
+                    .filter(Predicate.not(String::isEmpty));
+
+        }
+
+        @SneakyThrows
+        public Optional<KeyStore> getClientTrustStore() {
+            return Optional.ofNullable(properties.getProperty("gbcs.client.ssl.truststore.file"))
+                    .filter(Predicate.not(String::isEmpty))
+                    .map(Path::of)
+                    .map((Fun<Path, KeyStore>) keyStoreFile -> {
+                        final var keyStore = KeyStore.getInstance("PKCS12");
+                        try (final var is = Files.newInputStream(keyStoreFile)) {
+                            keyStore.load(is, getClientTrustStorePassword().map(String::toCharArray).orElse(null));
+                        }
+                        return keyStore;
+                    });
+
+        }
+
+        @SneakyThrows
+        public Optional<KeyStore> getClientKeyStore() {
+            return Optional.ofNullable(properties.getProperty("gbcs.client.ssl.keystore.file"))
+                    .filter(Predicate.not(String::isEmpty))
+                    .map(Path::of)
+                    .map((Fun<Path, KeyStore>) keyStoreFile -> {
+                        final var keyStore = KeyStore.getInstance("PKCS12");
+                        try (final var is = Files.newInputStream(keyStoreFile)) {
+                            keyStore.load(is, getClientKeyStorePassword().map(String::toCharArray).orElse(null));
+                        }
+                        return keyStore;
+                    });
+
+        }
+
+        @SneakyThrows
+        public Optional<String> getClientKeyStorePassword() {
+            return Optional.ofNullable(properties.getProperty("gbcs.client.ssl.keystore.password"))
+                    .filter(Predicate.not(String::isEmpty));
+
+        }
+
+        @SneakyThrows
+        public Optional<String> getClientKeyPassword() {
+            return Optional.ofNullable(properties.getProperty("gbcs.client.ssl.key.password"))
+                    .filter(Predicate.not(String::isEmpty));
+
+        }
+
+        @SneakyThrows
+        public String getUser() {
+            return Optional.ofNullable(properties.getProperty("gbcs.server.username"))
+                    .filter(Predicate.not(String::isEmpty))
+                    .orElse(null);
+
+        }
+
+        @SneakyThrows
+        public String getPassword() {
+            return Optional.ofNullable(properties.getProperty("gbcs.server.password"))
+                    .filter(Predicate.not(String::isEmpty))
+                    .orElse(null);
+        }
+
+        private String buildAuthorizationHeader(String user, String password) {
+            final var b64 = Base64.getEncoder().encode(String.format("%s:%s", user, password).getBytes(StandardCharsets.UTF_8));
+            return "Basic " + new String(b64);
+        }
+
+        @SneakyThrows
+        private Optional<SSLContext> getSslContext() {
+            return getClientKeyStore().map((Fun<KeyStore, SSLContext>) clientKeyStore -> {
+                final var kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
+                kmf.init(clientKeyStore, getClientKeyStorePassword().map(String::toCharArray).orElse(null));
+
+
+                // Set up trust manager factory with the truststore
+                final var trustManagers = getClientTrustStore().map((Fun<KeyStore, TrustManager[]>) ts -> {
+                    final var tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
+                    tmf.init(ts);
+                    return tmf.getTrustManagers();
+                }).orElse(new TrustManager[0]);
+
+                // Create SSL context with the key and trust managers
+                final var sslContext = SSLContext.getInstance("TLS");
+                sslContext.init(kmf.getKeyManagers(), trustManagers, null);
+                return sslContext;
+            });
+        }
+
+        @SneakyThrows
+        @Setup(Level.Trial)
+        public void setUp() {
+            final var client = getClient();
+            for (int i = 0; i < 1000; i++) {
+                final var pair = newEntry();
+                final var requestBuilder = newRequestBuilder(pair.getKey())
+                        .header("Content-Type", "application/octet-stream")
+                        .PUT(HttpRequest.BodyPublishers.ofByteArray(pair.getValue()));
+                final var response = client.send(requestBuilder.build(), HttpResponse.BodyHandlers.ofString());
+                if (201 != response.statusCode()) {
+                    throw new IllegalStateException(Integer.toString(response.statusCode()));
+                } else {
+                    entries.put(pair.getKey(), pair.getValue());
+                }
+            }
+        }
+
+        @TearDown
+        public void tearDown() {
+            client.close();
+        }
+
+
+        private Iterator<Map.Entry<String, byte[]>> it = null;
+
+        private Map.Entry<String, byte[]> nextEntry() {
+            if (it == null || !it.hasNext()) {
+                it = getEntries().entrySet().iterator();
+            }
+            return it.next();
+        }
+    }
+
+    @SneakyThrows
+    @Benchmark
+    @BenchmarkMode(Mode.Throughput)
+    @OutputTimeUnit(TimeUnit.SECONDS)
+    public void get(ExecutionPlan plan) {
+        final var client = plan.getClient();
+        final var entry = plan.nextEntry();
+        final var requestBuilder = plan.newRequestBuilder(entry.getKey())
+                .header("Accept", "application/octet-stream")
+                .GET();
+        final var response = client.send(requestBuilder.build(), HttpResponse.BodyHandlers.ofByteArray());
+        if (200 != response.statusCode()) {
+            throw new IllegalStateException(Integer.toString(response.statusCode()));
+        } else {
+            if (!Arrays.equals(entry.getValue(), response.body())) {
+                throw new IllegalStateException("Retrieved unexpected value");
+            }
+        }
+    }
+
+
+    @SneakyThrows
+    @Benchmark
+    @BenchmarkMode(Mode.Throughput)
+    @OutputTimeUnit(TimeUnit.SECONDS)
+    public void put(Main.ExecutionPlan plan) {
+        final var client = plan.getClient();
+        final var entry = plan.nextEntry();
+
+        final var requestBuilder = plan.newRequestBuilder(entry.getKey())
+                .header("Content-Type", "application/octet-stream")
+                .PUT(HttpRequest.BodyPublishers.ofByteArray(entry.getValue()));
+
+        final var response = client.send(requestBuilder.build(), HttpResponse.BodyHandlers.ofByteArray());
+        if (201 != response.statusCode()) {
+            throw new IllegalStateException(Integer.toString(response.statusCode()));
+        }
+    }
+}

benchmark/src/jmh/resources/benchmark.properties

@@ -0,0 +1 @@
+gbcs.server.url= http://localhost:8080

build.gradle

@@ -10,15 +10,15 @@ import org.jetbrains.kotlin.gradle.tasks.KotlinCompile
 import org.jetbrains.kotlin.gradle.dsl.JvmTarget
 
 
-allprojects {
+allprojects { subproject ->
     group = 'net.woggioni'
 
         if(project.currentTag.isPresent()) {
-        version = project.currentTag
+            version = project.currentTag.map { it[0] }.get()
         } else {
             version = project.gitRevision.map { gitRevision ->
                 "${getProperty('gbcs.version')}.${gitRevision[0..10]}"
-        }
+            }.get()
         }
 
     repositories {
@@ -36,7 +36,7 @@ allprojects {
     pluginManager.withPlugin('java-library') {
 
         ext {
-            jpmsModuleName = project.group + '.' + project.name.replace('-', '.')
+            jpmsModuleName = subproject.group + '.' + subproject.name.replace('-', '.')
         }
 
         java {
@@ -61,14 +61,13 @@ allprojects {
             options.compilerArgumentProviders << new CommandLineArgumentProvider() {
                 @Override
                 Iterable<String> asArguments() {
-                    return ['--patch-module', project.jpmsModuleName + '=' + project.sourceSets.main.output.asPath]
+                    return ['--patch-module', subproject.jpmsModuleName + '=' + subproject.sourceSets.main.output.asPath]
                 }
             }
             options.javaModuleVersion = version
         }
     }
 
-
     pluginManager.withPlugin(catalog.plugins.kotlin.jvm.get().pluginId) {
         tasks.withType(KotlinCompile.class) {
             compilerOptions.jvmTarget = JvmTarget.JVM_21
@@ -101,17 +100,12 @@ allprojects {
             }
         }
     }
-
-    tasks.withType(AbstractArchiveTask.class) {
-        archiveVersion = project.version
-    }
 }
 
 dependencies {
     implementation catalog.jwo
     implementation catalog.slf4j.api
     implementation catalog.netty.codec.http
-    implementation catalog.netty.codec.http2
 
     api project('gbcs-base')
     api project('gbcs-api')
@@ -136,3 +130,9 @@ publishing {
     }
 }
 
+tasks.register('version') {
+    doLast {
+        println("VERSION=$version")
+    }
+}
+

conf/gbcs-memcached.xml

@@ -1,8 +1,8 @@
 <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
-<gbcs:server useVirtualThreads="false" xmlns:xs="http://www.w3.org/2001/XMLSchema-instance"
+<gbcs:server useVirtualThreads="true" xmlns:xs="http://www.w3.org/2001/XMLSchema-instance"
              xmlns:gbcs="urn:net.woggioni.gbcs"
              xmlns:gbcs-memcached="urn:net.woggioni.gbcs-memcached"
-             xs:schemaLocation="urn:net.woggioni.gbcs-memcached classpath:net/woggioni/gbcs/memcached/schema/gbcs-memcached.xsd urn:net.woggioni.gbcs classpath:net/woggioni/gbcs/schema/gbcs.xsd">
+             xs:schemaLocation="urn:net.woggioni.gbcs-memcached jpms://net.woggioni.gbcs.memcached/net/woggioni/gbcs/memcached/schema/gbcs-memcached.xsd urn:net.woggioni.gbcs jpms://net.woggioni.gbcs/net/woggioni/gbcs/schema/gbcs.xsd">
     <bind host="0.0.0.0" port="13080" />
     <cache xs:type="gbcs-memcached:memcachedCacheType" max-age="P7D" max-size="16777216" compression-mode="zip">
         <server host="memcached" port="11211"/>

conf/logback.xml

@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!DOCTYPE configuration>
+
+<configuration>
+    <import class="ch.qos.logback.classic.encoder.PatternLayoutEncoder"/>
+    <import class="ch.qos.logback.core.ConsoleAppender"/>
+
+    <appender name="console" class="ConsoleAppender">
+        <target>System.err</target>
+        <encoder class="PatternLayoutEncoder">
+            <pattern>%d [%highlight(%-5level)] \(%thread\) %logger{36} -%kvp- %msg %n</pattern>
+        </encoder>
+    </appender>
+
+    <root level="info">
+        <appender-ref ref="console"/>
+    </root>
+    <logger name="io.netty" level="debug"/>
+    <logger name="com.google.code.yanf4j" level="warn"/>
+    <logger name="net.rubyeye.xmemcached" level="warn"/>
+</configuration>

docker-compose.yml

@@ -11,7 +11,6 @@ services:
   gbcs:
     build:
       context: .
-      target: compose
     container_name: gbcs
     restart: unless-stopped
     ports:

docker/Dockerfile

@@ -0,0 +1,21 @@
+FROM alpine:latest AS base-release
+RUN --mount=type=cache,target=/var/cache/apk apk update
+RUN --mount=type=cache,target=/var/cache/apk apk add openjdk21-jre
+RUN adduser -D luser
+USER luser
+WORKDIR /home/luser
+
+FROM base-release AS release
+ADD gbcs-cli-envelope-*.jar gbcs.jar
+ENTRYPOINT ["java", "-jar", "/home/luser/gbcs.jar"]
+
+FROM base-release AS release-memcached
+ADD --chown=luser:luser gbcs-cli-envelope-*.jar gbcs.jar
+RUN mkdir plugins
+WORKDIR /home/luser/plugins
+RUN --mount=type=bind,source=.,target=/build/distributions tar -xf /build/distributions/gbcs-memcached*.tar
+WORKDIR /home/luser
+ENTRYPOINT ["java", "-jar", "/home/luser/gbcs.jar"]
+
+FROM release-memcached as compose
+COPY --chown=luser:luser conf/gbcs-memcached.xml /home/luser/.config/gbcs/gbcs.xml

docker/build.gradle

@@ -0,0 +1,67 @@
+plugins {
+    id 'base'
+    alias(catalog.plugins.gradle.docker)
+}
+
+import com.bmuschko.gradle.docker.tasks.image.DockerBuildImage
+import com.bmuschko.gradle.docker.tasks.image.DockerPushImage
+import com.bmuschko.gradle.docker.tasks.image.DockerTagImage
+
+
+configurations {
+    docker {
+        canBeResolved = true
+        transitive = false
+        visible = false
+        canBeConsumed = false
+    }
+}
+
+dependencies {
+    docker project(path: ':gbcs-cli', configuration: 'release')
+    docker project(path: ':gbcs-memcached', configuration: 'release')
+}
+
+Provider<Task> cleanTaskProvider = tasks.named(BasePlugin.CLEAN_TASK_NAME) {}
+
+Provider<Copy> prepareDockerBuild = tasks.register('prepareDockerBuild', Copy) {
+    dependsOn cleanTaskProvider
+    group = 'docker'
+    into project.layout.buildDirectory.file('docker')
+    from(configurations.docker)
+    from(file('Dockerfile'))
+}
+
+Provider<DockerBuildImage> dockerBuild = tasks.register('dockerBuildImage', DockerBuildImage) {
+    group = 'docker'
+    dependsOn prepareDockerBuild
+    images.add('gitea.woggioni.net/woggioni/gbcs:latest')
+    images.add("gitea.woggioni.net/woggioni/gbcs:${version}")
+}
+
+Provider<DockerTagImage> dockerTag = tasks.register('dockerTagImage', DockerTagImage) {
+    group = 'docker'
+    repository = 'gitea.woggioni.net/woggioni/gbcs'
+    imageId = 'gitea.woggioni.net/woggioni/gbcs:latest'
+    tag = version
+}
+
+Provider<DockerTagImage> dockerTagMemcached = tasks.register('dockerTagMemcachedImage', DockerTagImage) {
+    group = 'docker'
+    repository = 'gitea.woggioni.net/woggioni/gbcs'
+    imageId = 'gitea.woggioni.net/woggioni/gbcs:memcached'
+    tag = "${version}-memcached"
+}
+
+Provider<DockerPushImage> dockerPush = tasks.register('dockerPushImage', DockerPushImage) {
+    group = 'docker'
+    dependsOn dockerTag, dockerTagMemcached
+    registryCredentials {
+        url = getProperty('docker.registry.url')
+        username = 'woggioni'
+        password = System.getenv().get("PUBLISHER_TOKEN")
+    }
+    images = [dockerTag.flatMap{ it.tag }, dockerTagMemcached.flatMap{ it.tag }]
+}
+
+

gbcs-api/build.gradle

@@ -7,10 +7,6 @@ plugins {
 dependencies {
 }
 
-tasks.named(JavaPlugin.COMPILE_JAVA_TASK_NAME, JavaCompile) {
-    options.javaModuleVersion = version
-}
-
 publishing {
     publications {
         maven(MavenPublication) {

gbcs-api/src/main/java/net/woggioni/gbcs/api/Configuration.java

@@ -1,6 +1,7 @@
 package net.woggioni.gbcs.api;
 
 
+import lombok.EqualsAndHashCode;
 import lombok.Value;
 
 import java.nio.file.Path;
@@ -23,25 +24,18 @@ public class Configuration {
 
     @Value
     public static class Group {
+        @EqualsAndHashCode.Include
         String name;
         Set<Role> roles;
-
-        @Override
-        public int hashCode() {
-            return name.hashCode();
-        }
     }
 
     @Value
     public static class User {
+        @EqualsAndHashCode.Include
         String name;
         String password;
         Set<Group> groups;
 
-        @Override
-        public int hashCode() {
-            return name.hashCode();
-        }
 
         public Set<Role> getRoles() {
             return groups.stream()

gbcs-base/build.gradle

@@ -1,5 +1,3 @@
-import org.jetbrains.kotlin.gradle.dsl.JvmTarget
-import org.jetbrains.kotlin.gradle.tasks.KotlinCompile
 
 plugins {
     id 'java-library'
@@ -10,16 +8,6 @@ plugins {
 dependencies {
     compileOnly project(':gbcs-api')
     compileOnly catalog.slf4j.api
-    api catalog.jwo
-}
-
-tasks.named(JavaPlugin.COMPILE_JAVA_TASK_NAME, JavaCompile) {
-    options.compilerArgs << '--patch-module' << 'net.woggioni.gbcs.base=' + project.sourceSets.main.output.asPath
-    options.javaModuleVersion = version
-}
-
-tasks.named("compileKotlin", KotlinCompile.class) {
-    compilerOptions.jvmTarget = JvmTarget.JVM_21
 }
 
 publishing {

gbcs-base/src/main/java/module-info.java

@@ -3,7 +3,6 @@ module net.woggioni.gbcs.base {
     requires java.logging;
     requires org.slf4j;
     requires kotlin.stdlib;
-    requires net.woggioni.jwo;
 
     exports net.woggioni.gbcs.base;
 }

gbcs-base/src/main/kotlin/net/woggioni/gbcs/base/GbcsUrlStreamHandlerFactory.kt

@@ -1,16 +1,20 @@
 package net.woggioni.gbcs.base
 
+import java.io.IOException
 import java.io.InputStream
 import java.net.URL
 import java.net.URLConnection
 import java.net.URLStreamHandler
 import java.net.URLStreamHandlerFactory
+import java.util.Optional
 import java.util.concurrent.atomic.AtomicBoolean
 import java.util.stream.Collectors
 
 
-class ClasspathUrlStreamHandlerFactoryProvider : URLStreamHandlerFactory {
+class GbcsUrlStreamHandlerFactory : URLStreamHandlerFactory {
-    private class Handler(private val classLoader: ClassLoader = ClasspathUrlStreamHandlerFactoryProvider::class.java.classLoader) : URLStreamHandler() {
+
+    private class ClasspathHandler(private val classLoader: ClassLoader = GbcsUrlStreamHandlerFactory::class.java.classLoader) :
+        URLStreamHandler() {
 
         override fun openConnection(u: URL): URLConnection? {
             return javaClass.module
@@ -20,7 +24,7 @@ class ClasspathUrlStreamHandlerFactoryProvider : URLStreamHandlerFactory {
                     val i = path.lastIndexOf('/')
                     val packageName = path.substring(0, i).replace('/', '.')
                     val modules = packageMap[packageName]!!
-                    ModuleResourceURLConnection(
+                    ClasspathResourceURLConnection(
                         u,
                         modules
                     )
@@ -29,14 +33,39 @@ class ClasspathUrlStreamHandlerFactoryProvider : URLStreamHandlerFactory {
         }
     }
 
+    private class JpmsHandler : URLStreamHandler() {
+
+        override fun openConnection(u: URL): URLConnection {
+            val thisModule = javaClass.module
+            val sourceModule = Optional.ofNullable(thisModule)
+                .map { obj: Module -> obj.layer }
+                .flatMap { layer: ModuleLayer ->
+                    val moduleName = u.host
+                    layer.findModule(moduleName)
+                }.orElse(thisModule)
+            return JpmsResourceURLConnection(u, sourceModule)
+        }
+    }
+
+    private class JpmsResourceURLConnection(url: URL, private val module: Module) : URLConnection(url) {
+        override fun connect() {
+        }
+
+        @Throws(IOException::class)
+        override fun getInputStream(): InputStream {
+            return module.getResourceAsStream(getURL().path)
+        }
+    }
+
     override fun createURLStreamHandler(protocol: String): URLStreamHandler? {
         return when (protocol) {
-            "classpath" -> Handler()
+            "classpath" -> ClasspathHandler()
+            "jpms" -> JpmsHandler()
             else -> null
         }
     }
 
-    private class ModuleResourceURLConnection(url: URL?, private val modules: List<Module>) :
+    private class ClasspathResourceURLConnection(url: URL?, private val modules: List<Module>) :
         URLConnection(url) {
         override fun connect() {}
 
@@ -53,12 +82,12 @@ class ClasspathUrlStreamHandlerFactoryProvider : URLStreamHandlerFactory {
         private val installed = AtomicBoolean(false)
         fun install() {
             if (!installed.getAndSet(true)) {
-                URL.setURLStreamHandlerFactory(ClasspathUrlStreamHandlerFactoryProvider())
+                URL.setURLStreamHandlerFactory(GbcsUrlStreamHandlerFactory())
             }
         }
 
         private val packageMap: Map<String, List<Module>> by lazy {
-            ClasspathUrlStreamHandlerFactoryProvider::class.java.module.layer
+            GbcsUrlStreamHandlerFactory::class.java.module.layer
                 .modules()
                 .stream()
                 .flatMap { m: Module ->

gbcs-base/src/main/kotlin/net/woggioni/gbcs/base/Xml.kt

@@ -146,8 +146,8 @@ class Xml(val doc: Document, val element: Element) {
             dbf.isExpandEntityReferences = true
             dbf.isIgnoringComments = true
             dbf.isNamespaceAware = true
-            dbf.isValidating = false
+            dbf.isValidating = schemaResourceURL == null
-            dbf.setFeature("http://apache.org/xml/features/validation/schema", true);
+            dbf.setFeature("http://apache.org/xml/features/validation/schema", true)
             schemaResourceURL?.let {
                 dbf.schema = getSchema(it)
             }
@@ -165,7 +165,7 @@ class Xml(val doc: Document, val element: Element) {
             return resource.openStream().use(db::parse)
         }
 
-    fun parseXml(sourceURL : URL, sourceStream: InputStream? = null, schemaResourceURL: URL? = null): Document {
+        fun parseXml(sourceURL: URL, sourceStream: InputStream? = null, schemaResourceURL: URL? = null): Document {
             val db = newDocumentBuilder(sourceURL, schemaResourceURL)
             return sourceStream?.let(db::parse) ?: sourceURL.openStream().use(db::parse)
         }
@@ -183,7 +183,12 @@ class Xml(val doc: Document, val element: Element) {
             transformer.transform(source, result)
         }
 
-        fun of(namespaceURI: String, qualifiedName: String, schemaResourceURL: URL? = null, cb: Xml.(el: Element) -> Unit): Document {
+        fun of(
+            namespaceURI: String,
+            qualifiedName: String,
+            schemaResourceURL: URL? = null,
+            cb: Xml.(el: Element) -> Unit
+        ): Document {
             val dbf = newDocumentBuilderFactory(schemaResourceURL)
             val db = dbf.newDocumentBuilder()
             val doc = db.newDocument()
@@ -207,7 +212,7 @@ class Xml(val doc: Document, val element: Element) {
 
     fun node(
         name: String,
-        namespaceURI : String? = null,
+        namespaceURI: String? = null,
         attrs: Map<String, String> = emptyMap(),
         cb: Xml.(el: Element) -> Unit = {}
     ): Element {
@@ -222,7 +227,7 @@ class Xml(val doc: Document, val element: Element) {
             }
     }
 
-    fun attr(key: String, value: String, namespaceURI : String? = null) {
+    fun attr(key: String, value: String, namespaceURI: String? = null) {
         element.setAttributeNS(namespaceURI, key, value)
     }
 

gbcs-cli/build.gradle

@@ -18,11 +18,18 @@ Property<String> mainClassName = objects.property(String.class)
 mainClassName.set('net.woggioni.gbcs.cli.GradleBuildCacheServerCli')
 
 tasks.named(JavaPlugin.COMPILE_JAVA_TASK_NAME, JavaCompile) {
-    options.compilerArgs << '--patch-module' << 'net.woggioni.gbcs.cli=' + project.sourceSets.main.output.asPath
-    options.javaModuleVersion = version
     options.javaModuleMainClass = mainClassName
 }
 
+configurations {
+    release {
+        transitive = false
+        canBeConsumed = true
+        canBeResolved = true
+        visible = true
+    }
+}
+
 envelopeJar {
     mainModule = 'net.woggioni.gbcs.cli'
     mainClass = mainClassName
@@ -36,8 +43,6 @@ dependencies {
     implementation catalog.netty.codec.http
     implementation catalog.picocli
 
-//    implementation project(':gbcs-base')
-//    implementation project(':gbcs-api')
     implementation rootProject
 
 //    runtimeOnly catalog.slf4j.jdk14
@@ -50,11 +55,6 @@ Provider<EnvelopeJarTask> envelopeJarTaskProvider = tasks.named('envelopeJar', E
     systemProperties['logback.configurationFile'] = 'classpath:net/woggioni/gbcs/cli/logback.xml'
 }
 
-def envelopeJarArtifact = artifacts.add('archives', envelopeJarTaskProvider.get().archiveFile.get().asFile) {
-    type = 'jar'
-    builtBy envelopeJarTaskProvider
-}
-
 tasks.named(NativeImagePlugin.CONFIGURE_NATIVE_IMAGE_TASK_NAME, NativeImageConfigurationTask) {
     mainClass = 'net.woggioni.gbcs.GraalNativeImageConfiguration'
 }
@@ -65,11 +65,16 @@ tasks.named(NativeImagePlugin.NATIVE_IMAGE_TASK_NAME, NativeImageTask) {
     buildStaticImage = true
 }
 
+artifacts {
+    release(envelopeJarTaskProvider)
+}
+
 publishing {
     publications {
         maven(MavenPublication) {
-            artifact envelopeJarArtifact
+            artifact envelopeJar
         }
     }
 }
 
+

gbcs-cli/src/main/kotlin/net/woggioni/gbcs/cli/GradleBuildCacheServerCli.kt

@@ -2,7 +2,7 @@ package net.woggioni.gbcs.cli
 
 import net.woggioni.gbcs.GradleBuildCacheServer
 import net.woggioni.gbcs.GradleBuildCacheServer.Companion.DEFAULT_CONFIGURATION_URL
-import net.woggioni.gbcs.base.ClasspathUrlStreamHandlerFactoryProvider
+import net.woggioni.gbcs.base.GbcsUrlStreamHandlerFactory
 import net.woggioni.gbcs.base.contextLogger
 import net.woggioni.gbcs.base.debug
 import net.woggioni.gbcs.base.info
@@ -29,7 +29,7 @@ class GradleBuildCacheServerCli(application : Application, private val log : Log
         @JvmStatic
         fun main(vararg args: String) {
             Thread.currentThread().contextClassLoader = GradleBuildCacheServerCli::class.java.classLoader
-            ClasspathUrlStreamHandlerFactoryProvider.install()
+            GbcsUrlStreamHandlerFactory.install()
             val log = contextLogger()
             val app = Application.builder("gbcs")
                 .configurationDirectoryEnvVar("GBCS_CONFIGURATION_DIR")
@@ -92,7 +92,8 @@ class GradleBuildCacheServerCli(application : Application, private val log : Log
                 "Server configuration:\n${String(it.toByteArray())}"
             }
         }
-        GradleBuildCacheServer(configuration).run().use {
+        val server = GradleBuildCacheServer(configuration)
+        server.run().use {
         }
     }
 }

gbcs-cli/src/main/kotlin/net/woggioni/gbcs/cli/impl/commands/PasswordHashCommand.kt

@@ -5,9 +5,9 @@ import net.woggioni.gbcs.cli.impl.GbcsCommand
 import net.woggioni.gbcs.cli.impl.converters.OutputStreamConverter
 import net.woggioni.jwo.UncloseableOutputStream
 import picocli.CommandLine
-import java.io.BufferedWriter
 import java.io.OutputStream
 import java.io.OutputStreamWriter
+import java.io.PrintWriter
 
 
 @CommandLine.Command(
@@ -20,7 +20,7 @@ class PasswordHashCommand : GbcsCommand() {
         names = ["-o", "--output-file"],
         description = ["Write the output to a file instead of stdout"],
         converter = [OutputStreamConverter::class],
-        defaultValue = "stdout",
+        showDefaultValue = CommandLine.Help.Visibility.NEVER,
         paramLabel = "OUTPUT_FILE"
     )
     private var outputStream: OutputStream = UncloseableOutputStream(System.out)
@@ -30,9 +30,8 @@ class PasswordHashCommand : GbcsCommand() {
         val password2 = String(System.console().readPassword("Type your password again for confirmation:"))
         if(password1 != password2) throw IllegalArgumentException("Passwords do not match")
 
-        BufferedWriter(OutputStreamWriter(outputStream, Charsets.UTF_8)).use {
+        PrintWriter(OutputStreamWriter(outputStream, Charsets.UTF_8)).use {
-            it.write(hashPassword(password1))
+            it.println(hashPassword(password1))
-            it.newLine()
         }
     }
 }

gbcs-cli/src/main/resources/net/woggioni/gbcs/cli/logback.xml

@@ -12,10 +12,11 @@
         </encoder>
     </appender>
 
-    <root level="debug">
+    <root level="info">
         <appender-ref ref="console"/>
     </root>
     <logger name="io.netty" level="debug"/>
+    <logger name="io.netty.handler.ssl.BouncyCastlePemReader" level="info"/>
     <logger name="com.google.code.yanf4j" level="warn"/>
     <logger name="net.rubyeye.xmemcached" level="warn"/>
 </configuration>

gbcs-memcached/build.gradle

@@ -22,7 +22,15 @@ configurations {
             }
         }
     }
+
+    release {
+        transitive = false
+        canBeConsumed = true
+        canBeResolved = true
+        visible = true
+    }
 }
+
 dependencies {
     compileOnly project(':gbcs-base')
     compileOnly project(':gbcs-api')
@@ -30,15 +38,6 @@ dependencies {
     implementation catalog.xmemcached
 }
 
-tasks.named(JavaPlugin.COMPILE_JAVA_TASK_NAME, JavaCompile) {
-    options.compilerArgs << '--patch-module' << 'net.woggioni.gbcs.memcached=' + project.sourceSets.main.output.asPath
-    options.javaModuleVersion = version
-}
-
-tasks.named("compileKotlin", KotlinCompile.class) {
-    compilerOptions.jvmTarget = JvmTarget.JVM_21
-}
-
 Provider<Tar> bundleTask = tasks.register("bundle", Tar) {
     from(tasks.named(JavaPlugin.JAR_TASK_NAME))
     from(configurations.bundle)
@@ -49,16 +48,14 @@ tasks.named(BasePlugin.ASSEMBLE_TASK_NAME) {
     dependsOn(bundleTask)
 }
 
-def bundleArtifact = artifacts.add('archives', bundleTask.get().archiveFile.get().asFile) {
+artifacts {
-    type = 'tar'
+    release(bundleTask)
-    builtBy bundleTask
 }
 
-
 publishing {
     publications {
         maven(MavenPublication) {
-            artifact bundleArtifact
+            artifact bundleTask
         }
     }
 }

gbcs-memcached/src/main/kotlin/net/woggioni/gbcs/memcached/MemcachedCacheProvider.kt

@@ -9,14 +9,16 @@ import net.woggioni.gbcs.base.Xml.Companion.asIterable
 import org.w3c.dom.Document
 import org.w3c.dom.Element
 import java.time.Duration
-import java.util.zip.Deflater
 
 class MemcachedCacheProvider : CacheProvider<MemcachedCacheConfiguration> {
     override fun getXmlSchemaLocation() = "classpath:net/woggioni/gbcs/memcached/schema/gbcs-memcached.xsd"
 
     override fun getXmlType() = "memcachedCacheType"
 
-    override fun getXmlNamespace()= "urn:net.woggioni.gbcs-memcached"
+    override fun getXmlNamespace() = "urn:net.woggioni.gbcs-memcached"
+
+    val xmlNamespacePrefix : String
+        get() = "gbcs-memcached"
 
     override fun deserialize(el: Element): MemcachedCacheConfiguration {
         val servers = mutableListOf<HostAndPort>()
@@ -35,7 +37,7 @@ class MemcachedCacheProvider : CacheProvider<MemcachedCacheConfiguration> {
         val compressionMode = el.getAttribute("compression-mode")
             .takeIf(String::isNotEmpty)
             ?.let {
-                when(it) {
+                when (it) {
                     "gzip" -> CompressionMode.GZIP
                     "zip" -> CompressionMode.ZIP
                     else -> CompressionMode.ZIP
@@ -60,12 +62,14 @@ class MemcachedCacheProvider : CacheProvider<MemcachedCacheConfiguration> {
         )
     }
 
-    override fun serialize(doc: Document, cache : MemcachedCacheConfiguration) = cache.run {
+    override fun serialize(doc: Document, cache: MemcachedCacheConfiguration) = cache.run {
-        val result = doc.createElementNS(xmlNamespace,"cache")
+        val result = doc.createElement("cache")
         Xml.of(doc, result) {
-            attr("xs:type", xmlType, GBCS.XML_SCHEMA_NAMESPACE_URI)
+            attr("xmlns:${xmlNamespacePrefix}", xmlNamespace, namespaceURI = "http://www.w3.org/2000/xmlns/")
+
+            attr("xs:type", "${xmlNamespacePrefix}:$xmlType", GBCS.XML_SCHEMA_NAMESPACE_URI)
             for (server in servers) {
-                node("server", xmlNamespace) {
+                node("server") {
                     attr("host", server.host)
                     attr("port", server.port.toString())
                 }
@@ -75,10 +79,12 @@ class MemcachedCacheProvider : CacheProvider<MemcachedCacheConfiguration> {
             digestAlgorithm?.let { digestAlgorithm ->
                 attr("digest", digestAlgorithm)
             }
-            attr("compression-mode", when(compressionMode) {
+            attr(
+                "compression-mode", when (compressionMode) {
                     CompressionMode.GZIP -> "gzip"
                     CompressionMode.ZIP -> "zip"
-            })
+                }
+            )
         }
         result
     }

gbcs-memcached/src/main/resources/net/woggioni/gbcs/memcached/schema/gbcs-memcached.xsd

@@ -20,14 +20,14 @@
                 <xs:attribute name="max-age" type="xs:duration" default="P1D"/>
                 <xs:attribute name="max-size" type="xs:unsignedInt" default="1048576"/>
                 <xs:attribute name="digest" type="xs:token" />
-                <xs:attribute name="compression-type" type="gbcs-memcached:compressionType" default="deflate"/>
+                <xs:attribute name="compression-mode" type="gbcs-memcached:compressionType" default="zip"/>
             </xs:extension>
         </xs:complexContent>
     </xs:complexType>
 
     <xs:simpleType name="compressionType">
         <xs:restriction base="xs:token">
-            <xs:enumeration value="deflate"/>
+            <xs:enumeration value="zip"/>
             <xs:enumeration value="gzip"/>
         </xs:restriction>
     </xs:simpleType>

gradle.properties

@@ -1,9 +1,10 @@
 org.gradle.configuration-cache=false
 org.gradle.parallel=true
-org.gradle.caching=false
+org.gradle.caching=true
 
 gbcs.version = 0.0.1
 
-lys.version = 2025.01.09
+lys.version = 2025.01.10
 
 gitea.maven.url = https://gitea.woggioni.net/api/packages/woggioni/maven
+docker.registry.url=gitea.woggioni.net

settings.gradle

@@ -30,5 +30,6 @@ include 'gbcs-api'
 include 'gbcs-base'
 include 'gbcs-memcached'
 include 'gbcs-cli'
-
+include 'docker'
+include 'benchmark'
 

src/main/java/module-info.java

@@ -1,5 +1,4 @@
 import net.woggioni.gbcs.api.CacheProvider;
-import net.woggioni.gbcs.url.ClasspathUrlStreamHandlerFactoryProvider;
 import net.woggioni.gbcs.cache.FileSystemCacheProvider;
 
 module net.woggioni.gbcs {
@@ -11,7 +10,6 @@ module net.woggioni.gbcs {
     requires io.netty.buffer;
     requires io.netty.transport;
     requires io.netty.codec.http;
-    requires io.netty.codec.http2;
     requires io.netty.common;
     requires io.netty.handler;
     requires io.netty.codec;
@@ -21,11 +19,10 @@ module net.woggioni.gbcs {
     requires net.woggioni.gbcs.api;
 
     exports net.woggioni.gbcs;
+
     opens net.woggioni.gbcs;
     opens net.woggioni.gbcs.schema;
 
-    uses java.net.URLStreamHandlerFactory;
-    provides java.net.URLStreamHandlerFactory with ClasspathUrlStreamHandlerFactoryProvider;
     uses CacheProvider;
     provides CacheProvider with FileSystemCacheProvider;
 }

src/main/java/net/woggioni/gbcs/url/ClasspathUrlStreamHandlerFactoryProvider.java

@@ -1,104 +0,0 @@
-package net.woggioni.gbcs.url;
-
-import net.woggioni.jwo.Fun;
-import net.woggioni.jwo.LazyValue;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.net.URL;
-import java.net.URLConnection;
-import java.net.URLStreamHandler;
-import java.net.URLStreamHandlerFactory;
-import java.util.List;
-import java.util.Map;
-import java.util.Optional;
-import java.util.concurrent.atomic.AtomicBoolean;
-import java.util.stream.Collectors;
-
-public class ClasspathUrlStreamHandlerFactoryProvider implements URLStreamHandlerFactory {
-
-    private static final AtomicBoolean installed = new AtomicBoolean(false);
-    public static void install() {
-        if(!installed.getAndSet(true)) {
-            URL.setURLStreamHandlerFactory(new ClasspathUrlStreamHandlerFactoryProvider());
-        }
-    }
-
-    private static final LazyValue<Map<String, List<Module>>> packageMap = LazyValue.of(() ->
-            ClasspathUrlStreamHandlerFactoryProvider.class.getModule().getLayer()
-                .modules()
-                .stream()
-                .flatMap(m -> m.getPackages().stream().map(p -> Map.entry(p, m)))
-                .collect(
-                    Collectors.groupingBy(
-                        Map.Entry::getKey,
-                        Collectors.mapping(
-                            Map.Entry::getValue,
-                            Collectors.toUnmodifiableList()
-                        )
-                    )
-                ),
-            LazyValue.ThreadSafetyMode.NONE
-    );
-
-
-    private static class Handler extends URLStreamHandler {
-        private final ClassLoader classLoader;
-
-        public Handler() {
-            this.classLoader = getClass().getClassLoader();
-        }
-
-        public Handler(ClassLoader classLoader) {
-            this.classLoader = classLoader;
-        }
-
-        @Override
-        protected URLConnection openConnection(URL u) throws IOException {
-            return Optional.ofNullable(getClass().getModule())
-                    .filter(m -> m.getLayer() != null)
-                    .map(m -> {
-                        final var path = u.getPath();
-                        final var i = path.lastIndexOf('/');
-                        final var packageName = path.substring(0, i).replace('/', '.');
-                        final var modules = packageMap.get().get(packageName);
-                        return (URLConnection) new ModuleResourceURLConnection(u, modules);
-                    })
-                    .or(() -> Optional.of(classLoader).map(cl -> cl.getResource(u.getPath())).map((Fun<URL, URLConnection>) URL::openConnection))
-                    .orElse(null);
-        }
-    }
-
-    @Override
-    public URLStreamHandler createURLStreamHandler(String protocol) {
-        URLStreamHandler result;
-        switch (protocol) {
-            case "classpath":
-                result = new Handler();
-                break;
-            default:
-                result = null;
-        }
-        return result;
-    }
-
-    private static final class ModuleResourceURLConnection extends URLConnection {
-        private final List<Module> modules;
-
-        ModuleResourceURLConnection(URL url, List<Module> modules) {
-            super(url);
-            this.modules = modules;
-        }
-
-        public void connect() {
-        }
-
-        public InputStream getInputStream() throws IOException {
-            for(final var module : modules) {
-                final var result = module.getResourceAsStream(getURL().getPath());
-                if(result != null) return result;
-            }
-            return null;
-        }
-    }
-}

src/main/kotlin/net/woggioni/gbcs/GradleBuildCacheServer.kt

@@ -12,7 +12,6 @@ import io.netty.channel.ChannelInitializer
 import io.netty.channel.ChannelOption
 import io.netty.channel.ChannelPromise
 import io.netty.channel.DefaultFileRegion
-import io.netty.channel.EventLoopGroup
 import io.netty.channel.SimpleChannelInboundHandler
 import io.netty.channel.nio.NioEventLoopGroup
 import io.netty.channel.socket.nio.NioServerSocketChannel
@@ -34,9 +33,6 @@ import io.netty.handler.codec.http.HttpServerCodec
 import io.netty.handler.codec.http.HttpUtil
 import io.netty.handler.codec.http.HttpVersion
 import io.netty.handler.codec.http.LastHttpContent
-import io.netty.handler.codec.http2.Http2FrameCodecBuilder
-import io.netty.handler.ssl.ApplicationProtocolNames
-import io.netty.handler.ssl.ApplicationProtocolNegotiationHandler
 import io.netty.handler.ssl.ClientAuth
 import io.netty.handler.ssl.SslContext
 import io.netty.handler.ssl.SslContextBuilder
@@ -58,19 +54,13 @@ import net.woggioni.gbcs.base.PasswordSecurity.decodePasswordHash
 import net.woggioni.gbcs.base.PasswordSecurity.hashPassword
 import net.woggioni.gbcs.base.Xml
 import net.woggioni.gbcs.base.contextLogger
-import net.woggioni.gbcs.base.debug
 import net.woggioni.gbcs.base.info
 import net.woggioni.gbcs.configuration.Parser
 import net.woggioni.gbcs.configuration.Serializer
-import net.woggioni.gbcs.url.ClasspathUrlStreamHandlerFactoryProvider
-import net.woggioni.jwo.Application
 import net.woggioni.jwo.JWO
 import net.woggioni.jwo.Tuple2
-import java.io.ByteArrayOutputStream
 import java.io.OutputStream
 import java.net.InetSocketAddress
-import java.net.URL
-import java.net.URLStreamHandlerFactory
 import java.nio.channels.FileChannel
 import java.nio.file.Files
 import java.nio.file.Path
@@ -79,7 +69,6 @@ import java.security.PrivateKey
 import java.security.cert.X509Certificate
 import java.util.Arrays
 import java.util.Base64
-import java.util.concurrent.Executors
 import java.util.regex.Matcher
 import java.util.regex.Pattern
 import javax.naming.ldap.LdapName
@@ -113,6 +102,7 @@ class GradleBuildCacheServer(private val cfg: Configuration) {
     private class ClientCertificateAuthenticator(
         authorizer: Authorizer,
         private val sslEngine: SSLEngine,
+        private val anonymousUserRoles: Set<Role>?,
         private val userExtractor: Configuration.UserExtractor?,
         private val groupExtractor: Configuration.GroupExtractor?,
     ) : AbstractNettyHttpAuthenticator(authorizer) {
@@ -123,16 +113,16 @@ class GradleBuildCacheServer(private val cfg: Configuration) {
 
         override fun authenticate(ctx: ChannelHandlerContext, req: HttpRequest): Set<Role>? {
             return try {
-                sslEngine.session.peerCertificates
+                sslEngine.session.peerCertificates.takeIf {
-            } catch (es: SSLPeerUnverifiedException) {
-                null
-            }?.takeIf {
                     it.isNotEmpty()
                 }?.let { peerCertificates ->
                     val clientCertificate = peerCertificates.first() as X509Certificate
                     val user = userExtractor?.extract(clientCertificate)
                     val group = groupExtractor?.extract(clientCertificate)
                     (group?.roles ?: emptySet()) + (user?.roles ?: emptySet())
+                } ?: anonymousUserRoles
+            } catch (es: SSLPeerUnverifiedException) {
+                anonymousUserRoles
             }
         }
     }
@@ -150,21 +140,21 @@ class GradleBuildCacheServer(private val cfg: Configuration) {
                 log.debug(ctx) {
                     "Missing Authorization header"
                 }
-                return null
+                return users[""]?.roles
             }
             val cursor = authorizationHeader.indexOf(' ')
             if (cursor < 0) {
                 log.debug(ctx) {
                     "Invalid Authorization header: '$authorizationHeader'"
                 }
-                return null
+                return users[""]?.roles
             }
             val authenticationType = authorizationHeader.substring(0, cursor)
             if ("Basic" != authenticationType) {
                 log.debug(ctx) {
                     "Invalid authentication type header: '$authenticationType'"
                 }
-                return null
+                return users[""]?.roles
             }
             val (username, password) = Base64.getDecoder().decode(authorizationHeader.substring(cursor + 1))
                 .let(::String)
@@ -188,8 +178,12 @@ class GradleBuildCacheServer(private val cfg: Configuration) {
         }
     }
 
-    private class ServerInitializer(private val cfg: Configuration) : ChannelInitializer<Channel>() {
+    private class ServerInitializer(
+        private val cfg: Configuration,
+        private val eventExecutorGroup: EventExecutorGroup
+    ) : ChannelInitializer<Channel>() {
 
+        companion object {
             private fun createSslCtx(tls: Configuration.Tls): SslContext {
                 val keyStore = tls.keyStore
                 return if (keyStore == null) {
@@ -197,7 +191,7 @@ class GradleBuildCacheServer(private val cfg: Configuration) {
                 } else {
                     val javaKeyStore = loadKeystore(keyStore.file, keyStore.password)
                     val serverKey = javaKeyStore.getKey(
-                    keyStore.keyAlias, keyStore.keyPassword?.let(String::toCharArray)
+                        keyStore.keyAlias, (keyStore.keyPassword ?: "").let(String::toCharArray)
                     ) as PrivateKey
                     val serverCert: Array<X509Certificate> =
                         Arrays.stream(javaKeyStore.getCertificateChain(keyStore.keyAlias))
@@ -206,8 +200,7 @@ class GradleBuildCacheServer(private val cfg: Configuration) {
                     SslContextBuilder.forServer(serverKey, *serverCert).apply {
                         if (tls.isVerifyClients) {
                             clientAuth(ClientAuth.OPTIONAL)
-                        val trustStore = tls.trustStore
+                            tls.trustStore?.let { trustStore ->
-                        if (trustStore != null) {
                                 val ts = loadKeystore(trustStore.file, trustStore.password)
                                 trustManager(
                                     ClientCertificateValidator.getTrustManager(ts, trustStore.isCheckCertificateStatus)
@@ -218,27 +211,6 @@ class GradleBuildCacheServer(private val cfg: Configuration) {
                 }
             }
 
-        private val sslContext: SslContext? = cfg.tls?.let(this::createSslCtx)
-        private val group: EventExecutorGroup = DefaultEventExecutorGroup(Runtime.getRuntime().availableProcessors())
-
-        companion object {
-
-            private fun getServerAPNHandler(): ApplicationProtocolNegotiationHandler {
-                val serverAPNHandler: ApplicationProtocolNegotiationHandler =
-                    object : ApplicationProtocolNegotiationHandler(ApplicationProtocolNames.HTTP_2) {
-                        override fun configurePipeline(ctx: ChannelHandlerContext, protocol: String) {
-                            if (ApplicationProtocolNames.HTTP_2 == protocol) {
-                                ctx.pipeline().addLast(
-                                    Http2FrameCodecBuilder.forServer().build()
-                                )
-                                return
-                            }
-                            throw IllegalStateException("Protocol: $protocol not supported")
-                        }
-                    }
-                return serverAPNHandler
-            }
-
             fun loadKeystore(file: Path, password: String?): KeyStore {
                 val ext = JWO.splitExtension(file)
                     .map(Tuple2<String, String>::get_2)
@@ -261,6 +233,8 @@ class GradleBuildCacheServer(private val cfg: Configuration) {
             }
         }
 
+        private val sslContext: SslContext? = cfg.tls?.let(Companion::createSslCtx)
+
         private fun userExtractor(authentication: Configuration.ClientCertificateAuthentication) =
             authentication.userExtractor?.let { extractor ->
                 val pattern = Pattern.compile(extractor.pattern)
@@ -294,23 +268,22 @@ class GradleBuildCacheServer(private val cfg: Configuration) {
             val auth = cfg.authentication
             var authenticator: AbstractNettyHttpAuthenticator? = null
             if (auth is Configuration.BasicAuthentication) {
-                val roleAuthorizer = RoleAuthorizer()
+                authenticator = (NettyHttpBasicAuthenticator(cfg.users, RoleAuthorizer()))
-                authenticator = (NettyHttpBasicAuthenticator(cfg.users, roleAuthorizer))
             }
             if (sslContext != null) {
                 val sslHandler = sslContext.newHandler(ch.alloc())
+                pipeline.addLast(sslHandler)
 
                 if (auth is Configuration.ClientCertificateAuthentication) {
-                    val roleAuthorizer = RoleAuthorizer()
                     authenticator = ClientCertificateAuthenticator(
-                        roleAuthorizer,
+                        RoleAuthorizer(),
                         sslHandler.engine(),
+                        cfg.users[""]?.roles,
                         userExtractor(auth),
                         groupExtractor(auth)
                     )
                 }
             }
-//            pipeline.addLast(getServerAPNHandler())
             pipeline.addLast(HttpServerCodec())
             pipeline.addLast(HttpChunkContentCompressor(1024))
             pipeline.addLast(ChunkedWriteHandler())
@@ -320,7 +293,7 @@ class GradleBuildCacheServer(private val cfg: Configuration) {
             }
             val cacheImplementation = cfg.cache.materialize()
             val prefix = Path.of("/").resolve(Path.of(cfg.serverPath ?: "/"))
-            pipeline.addLast(group, ServerHandler(cacheImplementation, prefix))
+            pipeline.addLast(eventExecutorGroup, ServerHandler(cacheImplementation, prefix))
             pipeline.addLast(ExceptionHandler())
         }
     }
@@ -370,20 +343,12 @@ class GradleBuildCacheServer(private val cfg: Configuration) {
 
         companion object {
             private val log = contextLogger()
-
-            private fun splitPath(req: HttpRequest): Pair<String?, String> {
-                val uri = req.uri()
-                val i = uri.lastIndexOf('/')
-                if (i < 0) throw RuntimeException(String.format("Malformed request URI: '%s'", uri))
-                return uri.substring(0, i) to uri.substring(i + 1)
-            }
         }
 
         override fun channelRead0(ctx: ChannelHandlerContext, msg: FullHttpRequest) {
             val keepAlive: Boolean = HttpUtil.isKeepAlive(msg)
             val method = msg.method()
             if (method === HttpMethod.GET) {
-//                val (prefix, key) = splitPath(msg)
                 val path = Path.of(msg.uri())
                 val prefix = path.parent
                 val key = path.fileName.toString()
@@ -479,46 +444,50 @@ class GradleBuildCacheServer(private val cfg: Configuration) {
     }
 
     class ServerHandle(
-        private val httpChannel: ChannelFuture,
+        httpChannelFuture: ChannelFuture,
-        private val bossGroup: EventLoopGroup,
+        private val executorGroups: Iterable<EventExecutorGroup>
-        private val workerGroup: EventLoopGroup
     ) : AutoCloseable {
+        private val httpChannel: Channel = httpChannelFuture.channel()
 
-        private val closeFuture: ChannelFuture = httpChannel.channel().closeFuture()
+        private val closeFuture: ChannelFuture = httpChannel.closeFuture()
 
         fun shutdown(): ChannelFuture {
-            return httpChannel.channel().close()
+            return httpChannel.close()
         }
 
         override fun close() {
             try {
                 closeFuture.sync()
             } finally {
-                val fut1 = workerGroup.shutdownGracefully()
+                executorGroups.forEach {
-                val fut2 = if (bossGroup !== workerGroup) {
+                    it.shutdownGracefully().sync()
-                    bossGroup.shutdownGracefully()
+                }
-                } else null
+            }
-                fut1.sync()
+            log.info {
-                fut2?.sync()
+                "GradleBuildCacheServer has been gracefully shut down"
             }
         }
     }
 
     fun run(): ServerHandle {
         // Create the multithreaded event loops for the server
-        val bossGroup = NioEventLoopGroup()
+        val bossGroup = NioEventLoopGroup(0)
         val serverSocketChannel = NioServerSocketChannel::class.java
-        val workerGroup = if (cfg.isUseVirtualThread) {
+        val workerGroup = bossGroup
-            NioEventLoopGroup(0, Executors.newVirtualThreadPerTaskExecutor())
+        val eventExecutorGroup = run {
+            val threadFactory = if (cfg.isUseVirtualThread) {
+                Thread.ofVirtual().factory()
             } else {
-            NioEventLoopGroup(0, Executors.newWorkStealingPool())
+                null
+            }
+            DefaultEventExecutorGroup(Runtime.getRuntime().availableProcessors(), threadFactory)
         }
         // A helper class that simplifies server configuration
         val bootstrap = ServerBootstrap().apply {
             // Configure the server
             group(bossGroup, workerGroup)
             channel(serverSocketChannel)
-            childHandler(ServerInitializer(cfg))
+            childHandler(ServerInitializer(cfg, eventExecutorGroup))
             option(ChannelOption.SO_BACKLOG, 128)
             childOption(ChannelOption.SO_KEEPALIVE, true)
         }
@@ -527,42 +496,16 @@ class GradleBuildCacheServer(private val cfg: Configuration) {
         // Bind and start to accept incoming connections.
         val bindAddress = InetSocketAddress(cfg.host, cfg.port)
         val httpChannel = bootstrap.bind(bindAddress).sync()
-        return ServerHandle(httpChannel, bossGroup, workerGroup)
+        log.info {
+            "GradleBuildCacheServer is listening on ${cfg.host}:${cfg.port}"
+        }
+        return ServerHandle(httpChannel, setOf(bossGroup, workerGroup, eventExecutorGroup))
     }
 
     companion object {
 
-        private val log by lazy {
-            contextLogger()
-        }
-
-        private const val PROTOCOL_HANDLER = "java.protocol.handler.pkgs"
-        private const val HANDLERS_PACKAGE = "net.woggioni.gbcs.url"
-
         val DEFAULT_CONFIGURATION_URL by lazy { "classpath:net/woggioni/gbcs/gbcs-default.xml".toUrl() }
 
-        /**
-         * Reset any cached handlers just in case a jar protocol has already been used. We
-         * reset the handler by trying to set a null [URLStreamHandlerFactory] which
-         * should have no effect other than clearing the handlers cache.
-         */
-        private fun resetCachedUrlHandlers() {
-            try {
-                URL.setURLStreamHandlerFactory(null)
-            } catch (ex: Error) {
-                // Ignore
-            }
-        }
-
-        fun registerUrlProtocolHandler() {
-            val handlers = System.getProperty(PROTOCOL_HANDLER, "")
-            System.setProperty(
-                PROTOCOL_HANDLER,
-                if (handlers == null || handlers.isEmpty()) HANDLERS_PACKAGE else "$handlers|$HANDLERS_PACKAGE"
-            )
-            resetCachedUrlHandlers()
-        }
-
         fun loadConfiguration(configurationFile: Path): Configuration {
             val dbf = Xml.newDocumentBuilderFactory(null)
             val db = dbf.newDocumentBuilder()
@@ -570,64 +513,10 @@ class GradleBuildCacheServer(private val cfg: Configuration) {
             return Parser.parse(doc)
         }
 
-        fun dumpConfiguration(conf : Configuration, outputStream: OutputStream) {
+        fun dumpConfiguration(conf: Configuration, outputStream: OutputStream) {
             Xml.write(Serializer.serialize(conf), outputStream)
         }
 
-        fun loadConfiguration(args: Array<String>): Configuration {
+        private val log = contextLogger()
-//            Thread.currentThread().contextClassLoader = GradleBuildCacheServer::class.java.classLoader
-            val app = Application.builder("gbcs")
-                .configurationDirectoryEnvVar("GBCS_CONFIGURATION_DIR")
-                .configurationDirectoryPropertyKey("net.woggioni.gbcs.conf.dir")
-                .build()
-            val confDir = app.computeConfigurationDirectory()
-            val configurationFile = confDir.resolve("gbcs.xml")
-            if (!Files.exists(configurationFile)) {
-                log.info {
-                    "Creating default configuration file at '$configurationFile'"
-                }
-                Files.createDirectories(confDir)
-                val defaultConfigurationFileResource = DEFAULT_CONFIGURATION_URL
-                Files.newOutputStream(configurationFile).use { outputStream ->
-                    defaultConfigurationFileResource.openStream().use { inputStream ->
-                        JWO.copy(inputStream, outputStream)
-                    }
-                }
-            }
-//            val schemaUrl = javaClass.getResource("/net/woggioni/gbcs/gbcs.xsd")
-//            val schemaUrl = GBCS.CONFIGURATION_SCHEMA_URL
-            val dbf = Xml.newDocumentBuilderFactory(null)
-//            dbf.schema = Xml.getSchema(this::class.java.module.getResourceAsStream("/net/woggioni/gbcs/gbcs.xsd"))
-//            dbf.schema = Xml.getSchema(schemaUrl)
-            val db = dbf.newDocumentBuilder()
-            val doc = Files.newInputStream(configurationFile).use(db::parse)
-            return Parser.parse(doc)
-        }
-
-        @JvmStatic
-        fun main(args: Array<String>) {
-            ClasspathUrlStreamHandlerFactoryProvider.install()
-            val configuration = loadConfiguration(args)
-            log.debug {
-                ByteArrayOutputStream().also {
-                    Xml.write(Serializer.serialize(configuration), it)
-                }.let {
-                    "Server configuration:\n${String(it.toByteArray())}"
-                }
-            }
-            GradleBuildCacheServer(configuration).run().use {
-            }
-        }
-    }
-}
-
-object GraalNativeImageConfiguration {
-    @JvmStatic
-    fun main(args: Array<String>) {
-        val conf = GradleBuildCacheServer.loadConfiguration(args)
-        GradleBuildCacheServer(conf).run().use {
-            Thread.sleep(3000)
-            it.shutdown()
-        }
     }
 }

src/main/kotlin/net/woggioni/gbcs/auth/ClientCertificateValidator.kt

@@ -1,16 +1,18 @@
 package net.woggioni.gbcs.auth
 
+import io.netty.channel.ChannelHandlerContext
+import io.netty.channel.ChannelInboundHandlerAdapter
+import io.netty.handler.ssl.SslHandler
+import io.netty.handler.ssl.SslHandshakeCompletionEvent
 import java.security.KeyStore
 import java.security.cert.CertPathValidator
+import java.security.cert.CertPathValidatorException
+import java.security.cert.CertificateException
 import java.security.cert.CertificateFactory
 import java.security.cert.PKIXParameters
 import java.security.cert.PKIXRevocationChecker
 import java.security.cert.X509Certificate
 import java.util.EnumSet
-import io.netty.channel.ChannelHandlerContext
-import io.netty.channel.ChannelInboundHandlerAdapter
-import io.netty.handler.ssl.SslHandler
-import io.netty.handler.ssl.SslHandshakeCompletionEvent
 import javax.net.ssl.SSLSession
 import javax.net.ssl.TrustManagerFactory
 import javax.net.ssl.X509TrustManager
@@ -48,7 +50,11 @@ class ClientCertificateValidator private constructor(
                 object : X509TrustManager {
                     override fun checkClientTrusted(chain: Array<out X509Certificate>, authType: String) {
                         val clientCertificateChain = certificateFactory.generateCertPath(chain.toList())
+                        try {
                             validator.validate(clientCertificateChain, params)
+                        } catch (ex : CertPathValidatorException) {
+                            throw CertificateException(ex)
+                        }
                     }
 
                     override fun checkServerTrusted(chain: Array<out X509Certificate>, authType: String) {

src/main/kotlin/net/woggioni/gbcs/configuration/Parser.kt

@@ -23,28 +23,30 @@ object Parser {
 
     fun parse(document: Document): Configuration {
         val root = document.documentElement
+        val anonymousUser = User("", null, emptySet())
         var cache: Cache? = null
         var host = "127.0.0.1"
         var port = 11080
-        var users = emptyMap<String, User>()
+        var users : Map<String, User> = mapOf(anonymousUser.name to anonymousUser)
         var groups = emptyMap<String, Group>()
         var tls: Tls? = null
         val serverPath = root.getAttribute("path")
         val useVirtualThread = root.getAttribute("useVirtualThreads")
             .takeIf(String::isNotEmpty)
-            ?.let(String::toBoolean) ?: false
+            ?.let(String::toBoolean) ?: true
         var authentication: Authentication? = null
         for (child in root.asIterable()) {
-            when (child.localName) {
+            val tagName = child.localName
+            when (tagName) {
                 "authorization" -> {
+                    var knownUsers = sequenceOf(anonymousUser)
                     for (gchild in child.asIterable()) {
-                        when (child.localName) {
+                        when (gchild.localName) {
                             "users" -> {
-                                users = parseUsers(child)
+                                knownUsers += parseUsers(gchild)
                             }
-
                             "groups" -> {
-                                val pair = parseGroups(child, users)
+                                val pair = parseGroups(gchild, knownUsers)
                                 users = pair.first
                                 groups = pair.second
                             }
@@ -76,17 +78,17 @@ object Parser {
                             "client-certificate" -> {
                                 var tlsExtractorUser: TlsCertificateExtractor? = null
                                 var tlsExtractorGroup: TlsCertificateExtractor? = null
-                                for (gchild in child.asIterable()) {
+                                for (ggchild in gchild.asIterable()) {
-                                    when (gchild.localName) {
+                                    when (ggchild.localName) {
                                         "group-extractor" -> {
-                                            val attrName = gchild.getAttribute("attribute-name")
+                                            val attrName = ggchild.getAttribute("attribute-name")
-                                            val pattern = gchild.getAttribute("pattern")
+                                            val pattern = ggchild.getAttribute("pattern")
                                             tlsExtractorGroup = TlsCertificateExtractor(attrName, pattern)
                                         }
 
                                         "user-extractor" -> {
-                                            val attrName = gchild.getAttribute("attribute-name")
+                                            val attrName = ggchild.getAttribute("attribute-name")
-                                            val pattern = gchild.getAttribute("pattern")
+                                            val pattern = ggchild.getAttribute("pattern")
                                             tlsExtractorUser = TlsCertificateExtractor(attrName, pattern)
                                         }
                                     }
@@ -151,23 +153,22 @@ object Parser {
         }
     }.toSet()
 
-    private fun parseUserRefs(root: Element) = root.asIterable().asSequence().filter {
+    private fun parseUserRefs(root: Element) = root.asIterable().asSequence().map {
-        it.localName == "user"
-    }.map {
         it.getAttribute("ref")
     }.toSet()
 
-    private fun parseUsers(root: Element): Map<String, User> {
+    private fun parseUsers(root: Element): Sequence<User> {
         return root.asIterable().asSequence().filter {
             it.localName == "user"
         }.map { el ->
             val username = el.getAttribute("name")
             val password = el.getAttribute("password").takeIf(String::isNotEmpty)
-            username to User(username, password, emptySet())
+            User(username, password, emptySet())
-        }.toMap()
+        }
     }
 
-    private fun parseGroups(root: Element, knownUsers: Map<String, User>): Pair<Map<String, User>, Map<String, Group>> {
+    private fun parseGroups(root: Element, knownUsers: Sequence<User>): Pair<Map<String, User>, Map<String, Group>> {
+        val knownUsersMap = knownUsers.associateBy(User::getName)
         val userGroups = mutableMapOf<String, MutableSet<String>>()
         val groups = root.asIterable().asSequence().filter {
             it.localName == "group"
@@ -177,7 +178,7 @@ object Parser {
             for (child in el.asIterable()) {
                 when (child.localName) {
                     "users" -> {
-                        parseUserRefs(child).mapNotNull(knownUsers::get).forEach { user ->
+                        parseUserRefs(child).mapNotNull(knownUsersMap::get).forEach { user ->
                             userGroups.computeIfAbsent(user.name) {
                                 mutableSetOf()
                             }.add(groupName)
@@ -191,7 +192,7 @@ object Parser {
             }
             groupName to Group(groupName, roles)
         }.toMap()
-        val users = knownUsers.map { (name, user) ->
+        val users = knownUsersMap.map { (name, user) ->
             name to User(name, user.password, userGroups[name]?.mapNotNull { groups[it] }?.toSet() ?: emptySet())
         }.toMap()
         return users to groups

src/main/kotlin/net/woggioni/gbcs/configuration/Serializer.kt

@@ -17,7 +17,7 @@ object Serializer {
             attr("useVirtualThreads", conf.isUseVirtualThread.toString())
 //            attr("xmlns:xs", GradleBuildCacheServer.XML_SCHEMA_NAMESPACE_URI)
             val value = schemaLocations.asSequence().map { (k, v) -> "$k $v" }.joinToString(" ")
-            attr("xs:schemaLocation",value , namespaceURI = GBCS.XML_SCHEMA_NAMESPACE_URI)
+            attr("xs:schemaLocation", value , namespaceURI = GBCS.XML_SCHEMA_NAMESPACE_URI)
 
             conf.serverPath
                 ?.takeIf(String::isNotEmpty)
@@ -35,6 +35,7 @@ object Serializer {
             node("authorization") {
                 node("users") {
                     for(user in conf.users.values) {
+                        if(user.name.isNotEmpty()) {
                             node("user") {
                                 attr("name", user.name)
                                 user.password?.let { password ->
@@ -43,6 +44,7 @@ object Serializer {
                             }
                         }
                     }
+                }
                 node("groups") {
                     val groups = conf.users.values.asSequence()
                         .flatMap {
@@ -55,10 +57,18 @@ object Serializer {
                             attr("name", group.name)
                             if(users.isNotEmpty()) {
                                 node("users") {
+                                    var anonymousUser : Configuration.User? = null
                                     for(user in users) {
+                                        if(user.name.isNotEmpty()) {
                                             node("user") {
                                                 attr("ref", user.name)
                                             }
+                                        } else {
+                                            anonymousUser = user
+                                        }
+                                    }
+                                    if(anonymousUser != null) {
+                                        node("anonymous")
                                     }
                                 }
                             }
@@ -82,6 +92,12 @@ object Serializer {
                         }
                         is Configuration.ClientCertificateAuthentication -> {
                             node("client-certificate") {
+                                authentication.groupExtractor?.let { extractor ->
+                                    node("group-extractor") {
+                                        attr("attribute-name", extractor.rdnType)
+                                        attr("pattern", extractor.pattern)
+                                    }
+                                }
                                 authentication.userExtractor?.let { extractor ->
                                     node("user-extractor") {
                                         attr("attribute-name", extractor.rdnType)

src/main/resources/net/woggioni/gbcs/gbcs-default.xml

@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
 <gbcs:server useVirtualThreads="false" xmlns:xs="http://www.w3.org/2001/XMLSchema-instance"
              xmlns:gbcs="urn:net.woggioni.gbcs"
-             xs:schemaLocation="urn:net.woggioni.gbcs classpath:net/woggioni/gbcs/schema/gbcs.xsd">
+             xs:schemaLocation="urn:net.woggioni.gbcs jpms://net.woggioni.gbcs/net/woggioni/gbcs/schema/gbcs.xsd">
     <bind host="127.0.0.1" port="8080"/>
     <cache xs:type="gbcs:fileSystemCacheType" path="/tmp/gbcs" max-age="P7D"/>
     <authentication>

src/main/resources/net/woggioni/gbcs/schema/gbcs.xsd

@@ -10,9 +10,6 @@
         <xs:sequence minOccurs="0">
             <xs:element name="bind" type="gbcs:bindType" maxOccurs="1"/>
             <xs:element name="cache" type="gbcs:cacheType" maxOccurs="1"/>
-<!--            <xs:choice>-->
-<!--                <xs:element name="fileSystemCache" type="fileSystemCacheType"/>-->
-<!--            </xs:choice>-->
             <xs:element name="authorization" type="gbcs:authorizationType" minOccurs="0">
                 <xs:key name="userId">
                     <xs:selector xpath="users/user"/>
@@ -24,11 +21,10 @@
                 </xs:keyref>
             </xs:element>
             <xs:element name="authentication" type="gbcs:authenticationType" minOccurs="0" maxOccurs="1"/>
-            <xs:element name="tls-certificate-authorization" type="gbcs:tlsCertificateAuthorizationType" minOccurs="0" maxOccurs="1"/>
             <xs:element name="tls" type="gbcs:tlsType" minOccurs="0" maxOccurs="1"/>
         </xs:sequence>
         <xs:attribute name="path" type="xs:string" use="optional"/>
-        <xs:attribute name="useVirtualThreads" type="xs:boolean" use="optional"/>
+        <xs:attribute name="useVirtualThreads" type="xs:boolean" use="optional" default="true"/>
     </xs:complexType>
 
     <xs:complexType name="bindType">
@@ -131,6 +127,7 @@
     <xs:complexType name="userRefsType">
         <xs:sequence>
                 <xs:element name="user" type="gbcs:userRefType" maxOccurs="unbounded" minOccurs="0"/>
+                <xs:element name="anonymous" minOccurs="0" maxOccurs="1"/>
         </xs:sequence>
     </xs:complexType>
 

src/test/java/net/woggioni/gbcs/utils/NetworkUtils.java

@@ -0,0 +1,30 @@
+package net.woggioni.gbcs.utils;
+
+import net.woggioni.jwo.JWO;
+
+import java.io.IOException;
+import java.net.InetAddress;
+import java.net.ServerSocket;
+
+public class NetworkUtils {
+
+    private static final int MAX_ATTEMPTS = 50;
+
+    public static int getFreePort() {
+        int count = 0;
+        while(count < MAX_ATTEMPTS) {
+            try (ServerSocket serverSocket = new ServerSocket(0, 50, InetAddress.getLocalHost())) {
+                final var candidate = serverSocket.getLocalPort();
+                if (candidate > 0) {
+                    return candidate;
+                } else {
+                    JWO.newThrowable(RuntimeException.class, "Got invalid port number: %d", candidate);
+                    throw new RuntimeException("Error trying to find an open port");
+                }
+            } catch (IOException ignored) {
+                ++count;
+            }
+        }
+        throw new RuntimeException("Error trying to find an open port");
+    }
+}

src/test/kotlin/net/woggioni/gbcs/test/AbstractBasicAuthServerTest.kt

@@ -0,0 +1,76 @@
+package net.woggioni.gbcs.test
+
+import net.woggioni.gbcs.api.Configuration
+import net.woggioni.gbcs.api.Role
+import net.woggioni.gbcs.base.Xml
+import net.woggioni.gbcs.cache.FileSystemCacheConfiguration
+import net.woggioni.gbcs.configuration.Serializer
+import net.woggioni.gbcs.utils.NetworkUtils
+import java.net.URI
+import java.net.http.HttpRequest
+import java.nio.charset.StandardCharsets
+import java.nio.file.Path
+import java.time.Duration
+import java.util.Base64
+import java.util.zip.Deflater
+import kotlin.random.Random
+
+
+abstract class AbstractBasicAuthServerTest : AbstractServerTest() {
+
+    private lateinit var cacheDir : Path
+
+    protected val random = Random(101325)
+    protected val keyValuePair = newEntry(random)
+    protected val serverPath = "gbcs"
+    protected val readersGroup = Configuration.Group("readers", setOf(Role.Reader))
+    protected val writersGroup = Configuration.Group("writers", setOf(Role.Writer))
+
+    abstract protected val users : List<Configuration.User>
+
+    override fun setUp() {
+        this.cacheDir = testDir.resolve("cache")
+        cfg = Configuration(
+            "127.0.0.1",
+            NetworkUtils.getFreePort(),
+            serverPath,
+            users.asSequence().map { it.name to it}.toMap(),
+            sequenceOf(writersGroup, readersGroup).map { it.name to it}.toMap(),
+            FileSystemCacheConfiguration(this.cacheDir,
+                maxAge = Duration.ofSeconds(3600 * 24),
+                digestAlgorithm = "MD5",
+                compressionLevel = Deflater.DEFAULT_COMPRESSION,
+                compressionEnabled = false
+            ),
+            Configuration.BasicAuthentication(),
+            null,
+            true,
+        )
+        Xml.write(Serializer.serialize(cfg), System.out)
+    }
+
+    override fun tearDown() {
+    }
+
+    protected fun buildAuthorizationHeader(user : Configuration.User, password : String) : String {
+        val b64 = Base64.getEncoder().encode("${user.name}:${password}".toByteArray(Charsets.UTF_8)).let{
+            String(it, StandardCharsets.UTF_8)
+        }
+        return "Basic $b64"
+    }
+
+    protected fun newRequestBuilder(key : String) = HttpRequest.newBuilder()
+        .uri(URI.create("http://${cfg.host}:${cfg.port}/$serverPath/$key"))
+
+
+    protected fun newEntry(random : Random) : Pair<String, ByteArray> {
+        val key = ByteArray(0x10).let {
+            random.nextBytes(it)
+            Base64.getUrlEncoder().encodeToString(it)
+        }
+        val value = ByteArray(0x1000).also {
+            random.nextBytes(it)
+        }
+        return key to value
+    }
+}

src/test/kotlin/net/woggioni/gbcs/test/AbstractTlsServerTest.kt

@@ -0,0 +1,192 @@
+package net.woggioni.gbcs.test
+
+import io.netty.handler.codec.http.HttpResponseStatus
+import net.woggioni.gbcs.api.Configuration
+import net.woggioni.gbcs.api.Role
+import net.woggioni.gbcs.base.Xml
+import net.woggioni.gbcs.cache.FileSystemCacheConfiguration
+import net.woggioni.gbcs.configuration.Serializer
+import net.woggioni.gbcs.utils.CertificateUtils
+import net.woggioni.gbcs.utils.CertificateUtils.X509Credentials
+import net.woggioni.gbcs.utils.NetworkUtils
+import org.bouncycastle.asn1.x500.X500Name
+import org.junit.jupiter.api.Assertions
+import org.junit.jupiter.api.Order
+import org.junit.jupiter.api.Test
+import java.net.URI
+import java.net.http.HttpClient
+import java.net.http.HttpRequest
+import java.net.http.HttpResponse
+import java.nio.charset.StandardCharsets
+import java.nio.file.Files
+import java.nio.file.Path
+import java.security.KeyStore
+import java.security.KeyStore.PasswordProtection
+import java.time.Duration
+import java.util.Base64
+import java.util.zip.Deflater
+import javax.net.ssl.KeyManagerFactory
+import javax.net.ssl.SSLContext
+import javax.net.ssl.TrustManagerFactory
+import kotlin.random.Random
+
+
+abstract class AbstractTlsServerTest : AbstractServerTest() {
+
+    companion object {
+        private const val CA_CERTIFICATE_ENTRY = "gbcs-ca"
+        private const val CLIENT_CERTIFICATE_ENTRY = "gbcs-client"
+        private const val SERVER_CERTIFICATE_ENTRY = "gbcs-server"
+        private const val PASSWORD = "password"
+    }
+
+    private lateinit var cacheDir: Path
+    private lateinit var serverKeyStoreFile: Path
+    private lateinit var clientKeyStoreFile: Path
+    private lateinit var trustStoreFile: Path
+    private lateinit var serverKeyStore: KeyStore
+    private lateinit var clientKeyStore: KeyStore
+    private lateinit var trustStore: KeyStore
+    protected lateinit var ca: X509Credentials
+
+    protected val readersGroup = Configuration.Group("readers", setOf(Role.Reader))
+    protected val writersGroup = Configuration.Group("writers", setOf(Role.Writer))
+    protected val random = Random(101325)
+    protected val keyValuePair = newEntry(random)
+    private val serverPath : String? = null
+
+    protected abstract val users : List<Configuration.User>
+
+    protected fun createKeyStoreAndTrustStore() {
+        ca = CertificateUtils.createCertificateAuthority(CA_CERTIFICATE_ENTRY, 30)
+        val serverCert = CertificateUtils.createServerCertificate(ca, X500Name("CN=$SERVER_CERTIFICATE_ENTRY"), 30)
+        val clientCert = CertificateUtils.createClientCertificate(ca, X500Name("CN=$CLIENT_CERTIFICATE_ENTRY"), 30)
+
+        serverKeyStore = KeyStore.getInstance("PKCS12").apply {
+            load(null, null)
+            setEntry(CA_CERTIFICATE_ENTRY, KeyStore.TrustedCertificateEntry(ca.certificate), PasswordProtection(null))
+            setEntry(
+                SERVER_CERTIFICATE_ENTRY,
+                KeyStore.PrivateKeyEntry(
+                    serverCert.keyPair().private,
+                    arrayOf(serverCert.certificate(), ca.certificate)
+                ),
+                PasswordProtection(PASSWORD.toCharArray())
+            )
+        }
+        Files.newOutputStream(this.serverKeyStoreFile).use {
+            serverKeyStore.store(it, null)
+        }
+
+        clientKeyStore = KeyStore.getInstance("PKCS12").apply {
+            load(null, null)
+            setEntry(CA_CERTIFICATE_ENTRY, KeyStore.TrustedCertificateEntry(ca.certificate), PasswordProtection(null))
+            setEntry(
+                CLIENT_CERTIFICATE_ENTRY,
+                KeyStore.PrivateKeyEntry(
+                    clientCert.keyPair().private,
+                    arrayOf(clientCert.certificate(), ca.certificate)
+                ),
+                PasswordProtection(PASSWORD.toCharArray())
+            )
+        }
+        Files.newOutputStream(this.clientKeyStoreFile).use {
+            clientKeyStore.store(it, null)
+        }
+
+        trustStore = KeyStore.getInstance("PKCS12").apply {
+            load(null, null)
+            setEntry(CA_CERTIFICATE_ENTRY, KeyStore.TrustedCertificateEntry(ca.certificate), PasswordProtection(null))
+        }
+        Files.newOutputStream(this.trustStoreFile).use {
+            trustStore.store(it, null)
+        }
+    }
+
+    protected fun getClientKeyStore(ca: X509Credentials, subject: X500Name) = KeyStore.getInstance("PKCS12").apply {
+        val clientCert = CertificateUtils.createClientCertificate(ca, subject, 30)
+
+        load(null, null)
+        setEntry(CA_CERTIFICATE_ENTRY, KeyStore.TrustedCertificateEntry(ca.certificate), PasswordProtection(null))
+        setEntry(
+            CLIENT_CERTIFICATE_ENTRY,
+            KeyStore.PrivateKeyEntry(clientCert.keyPair().private, arrayOf(clientCert.certificate(), ca.certificate)),
+            PasswordProtection(PASSWORD.toCharArray())
+        )
+    }
+
+    protected fun getHttpClient(clientKeyStore: KeyStore?): HttpClient {
+        val kmf = clientKeyStore?.let {
+            KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()).apply {
+                init(it, PASSWORD.toCharArray())
+            }
+        }
+
+
+        // Set up trust manager factory with the truststore
+        val tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm())
+        tmf.init(trustStore)
+
+        // Create SSL context with the key and trust managers
+        val sslContext = SSLContext.getInstance("TLS").apply {
+            init(kmf?.keyManagers ?: emptyArray(), tmf.trustManagers, null)
+        }
+        return HttpClient.newBuilder().sslContext(sslContext).build()
+    }
+
+    override fun setUp() {
+        this.clientKeyStoreFile = testDir.resolve("client-keystore.p12")
+        this.serverKeyStoreFile = testDir.resolve("server-keystore.p12")
+        this.trustStoreFile = testDir.resolve("truststore.p12")
+        this.cacheDir = testDir.resolve("cache")
+        createKeyStoreAndTrustStore()
+        cfg = Configuration(
+            "127.0.0.1",
+            NetworkUtils.getFreePort(),
+            serverPath,
+            users.asSequence().map { it.name to it }.toMap(),
+            sequenceOf(writersGroup, readersGroup).map { it.name to it }.toMap(),
+            FileSystemCacheConfiguration(this.cacheDir,
+                maxAge = Duration.ofSeconds(3600 * 24),
+                compressionEnabled = true,
+                compressionLevel = Deflater.DEFAULT_COMPRESSION,
+                digestAlgorithm = "MD5"
+            ),
+            Configuration.ClientCertificateAuthentication(
+                Configuration.TlsCertificateExtractor("CN", "(.*)"),
+                null
+            ),
+            Configuration.Tls(
+                Configuration.KeyStore(this.serverKeyStoreFile, null, SERVER_CERTIFICATE_ENTRY, PASSWORD),
+                Configuration.TrustStore(this.trustStoreFile, null, false),
+                true
+            ),
+            false,
+        )
+        Xml.write(Serializer.serialize(cfg), System.out)
+    }
+
+    override fun tearDown() {
+    }
+
+    protected fun newRequestBuilder(key: String) = HttpRequest.newBuilder()
+        .uri(URI.create("https://${cfg.host}:${cfg.port}/${serverPath ?: ""}/$key"))
+
+    private fun buildAuthorizationHeader(user: Configuration.User, password: String): String {
+        val b64 = Base64.getEncoder().encode("${user.name}:${password}".toByteArray(Charsets.UTF_8)).let {
+            String(it, StandardCharsets.UTF_8)
+        }
+        return "Basic $b64"
+    }
+
+    protected fun newEntry(random: Random): Pair<String, ByteArray> {
+        val key = ByteArray(0x10).let {
+            random.nextBytes(it)
+            Base64.getUrlEncoder().encodeToString(it)
+        }
+        val value = ByteArray(0x1000).also {
+            random.nextBytes(it)
+        }
+        return key to value
+    }
+}

src/test/kotlin/net/woggioni/gbcs/test/BasicAuthServerTest.kt

@@ -1,91 +1,29 @@
 package net.woggioni.gbcs.test
 
 import io.netty.handler.codec.http.HttpResponseStatus
-import net.woggioni.gbcs.auth.AbstractNettyHttpAuthenticator.Companion.hashPassword
-import net.woggioni.gbcs.api.Role
-import net.woggioni.gbcs.base.Xml
 import net.woggioni.gbcs.api.Configuration
-import net.woggioni.gbcs.cache.FileSystemCacheConfiguration
+import net.woggioni.gbcs.api.Role
-import net.woggioni.gbcs.configuration.Serializer
+import net.woggioni.gbcs.base.PasswordSecurity.hashPassword
 import org.junit.jupiter.api.Assertions
 import org.junit.jupiter.api.Order
 import org.junit.jupiter.api.Test
-import java.net.ServerSocket
-import java.net.URI
 import java.net.http.HttpClient
 import java.net.http.HttpRequest
 import java.net.http.HttpResponse
-import java.nio.charset.StandardCharsets
-import java.nio.file.Path
-import java.time.Duration
-import java.util.Base64
-import java.util.zip.Deflater
-import kotlin.random.Random
 
 
-class BasicAuthServerTest : AbstractServerTest() {
+class BasicAuthServerTest : AbstractBasicAuthServerTest() {
 
     companion object {
         private const val PASSWORD = "password"
     }
 
-    private lateinit var cacheDir : Path
+    override val users = listOf(
-
-    private val random = Random(101325)
-    private val keyValuePair = newEntry(random)
-    private val serverPath = "gbcs"
-
-    override fun setUp() {
-        this.cacheDir = testDir.resolve("cache")
-        val readersGroup = Configuration.Group("readers", setOf(Role.Reader))
-        val writersGroup = Configuration.Group("writers", setOf(Role.Writer))
-        cfg = Configuration(
-            "127.0.0.1",
-            ServerSocket(0).localPort + 1,
-            serverPath,
-            listOf(
         Configuration.User("user1", hashPassword(PASSWORD), setOf(readersGroup)),
         Configuration.User("user2", hashPassword(PASSWORD), setOf(writersGroup)),
-                Configuration.User("user3", hashPassword(PASSWORD), setOf(readersGroup, writersGroup))
+        Configuration.User("user3", hashPassword(PASSWORD), setOf(readersGroup, writersGroup)),
-            ).asSequence().map { it.name to it}.toMap(),
+        Configuration.User("", null, setOf(readersGroup))
-            sequenceOf(writersGroup, readersGroup).map { it.name to it}.toMap(),
-            FileSystemCacheConfiguration(this.cacheDir,
-                maxAge = Duration.ofSeconds(3600 * 24),
-                digestAlgorithm = "MD5",
-                compressionLevel = Deflater.DEFAULT_COMPRESSION,
-                compressionEnabled = false
-            ),
-            Configuration.BasicAuthentication(),
-            null,
-            true,
     )
-        Xml.write(Serializer.serialize(cfg), System.out)
-    }
-
-    override fun tearDown() {
-    }
-
-    fun buildAuthorizationHeader(user : Configuration.User, password : String) : String {
-        val b64 = Base64.getEncoder().encode("${user.name}:${password}".toByteArray(Charsets.UTF_8)).let{
-            String(it, StandardCharsets.UTF_8)
-        }
-        return "Basic $b64"
-    }
-
-    fun newRequestBuilder(key : String) = HttpRequest.newBuilder()
-        .uri(URI.create("http://${cfg.host}:${cfg.port}/$serverPath/$key"))
-
-
-    fun newEntry(random : Random) : Pair<String, ByteArray> {
-        val key = ByteArray(0x10).let {
-            random.nextBytes(it)
-            Base64.getUrlEncoder().encodeToString(it)
-        }
-        val value = ByteArray(0x1000).also {
-            random.nextBytes(it)
-        }
-        return key to value
-    }
 
     @Test
     @Order(1)
@@ -98,7 +36,7 @@ class BasicAuthServerTest : AbstractServerTest() {
             .PUT(HttpRequest.BodyPublishers.ofByteArray(value))
 
         val response: HttpResponse<String> = client.send(requestBuilder.build(), HttpResponse.BodyHandlers.ofString())
-        Assertions.assertEquals(HttpResponseStatus.UNAUTHORIZED.code(), response.statusCode())
+        Assertions.assertEquals(HttpResponseStatus.FORBIDDEN.code(), response.statusCode())
     }
 
     @Test
@@ -177,6 +115,20 @@ class BasicAuthServerTest : AbstractServerTest() {
 
     @Test
     @Order(6)
+    fun getAsAnonymousUser() {
+        val client: HttpClient = HttpClient.newHttpClient()
+        val (key, value) = keyValuePair
+
+        val requestBuilder = newRequestBuilder(key)
+            .GET()
+
+        val response: HttpResponse<ByteArray> = client.send(requestBuilder.build(), HttpResponse.BodyHandlers.ofByteArray())
+        Assertions.assertEquals(HttpResponseStatus.OK.code(), response.statusCode())
+        Assertions.assertArrayEquals(value, response.body())
+    }
+
+    @Test
+    @Order(7)
     fun getMissingKeyAsAReaderUser() {
         val client: HttpClient = HttpClient.newHttpClient()
 

src/test/kotlin/net/woggioni/gbcs/test/ConfigurationTest.kt

@@ -1,10 +1,10 @@
 package net.woggioni.gbcs.test
 
 import net.woggioni.gbcs.base.GBCS.toUrl
+import net.woggioni.gbcs.base.GbcsUrlStreamHandlerFactory
 import net.woggioni.gbcs.base.Xml
 import net.woggioni.gbcs.configuration.Parser
 import net.woggioni.gbcs.configuration.Serializer
-import net.woggioni.gbcs.url.ClasspathUrlStreamHandlerFactoryProvider
 import org.junit.jupiter.api.Assertions
 import org.junit.jupiter.api.io.TempDir
 import org.junit.jupiter.params.ParameterizedTest
@@ -18,11 +18,12 @@ class ConfigurationTest {
         strings = [
             "classpath:net/woggioni/gbcs/test/gbcs-default.xml",
             "classpath:net/woggioni/gbcs/test/gbcs-memcached.xml",
+            "classpath:net/woggioni/gbcs/test/gbcs-tls.xml",
         ]
     )
     @ParameterizedTest
     fun test(configurationUrl: String, @TempDir testDir: Path) {
-        ClasspathUrlStreamHandlerFactoryProvider.install()
+        GbcsUrlStreamHandlerFactory.install()
         val doc = Xml.parseXml(configurationUrl.toUrl())
         val cfg = Parser.parse(doc)
         val configFile = testDir.resolve("gbcs.xml")

src/test/kotlin/net/woggioni/gbcs/test/NoAnonymousUserBasicAuthServerTest.kt

@@ -0,0 +1,53 @@
+package net.woggioni.gbcs.test
+
+import io.netty.handler.codec.http.HttpResponseStatus
+import net.woggioni.gbcs.api.Configuration
+import net.woggioni.gbcs.api.Role
+import net.woggioni.gbcs.base.PasswordSecurity.hashPassword
+import org.junit.jupiter.api.Assertions
+import org.junit.jupiter.api.Order
+import org.junit.jupiter.api.Test
+import java.net.http.HttpClient
+import java.net.http.HttpRequest
+import java.net.http.HttpResponse
+
+
+class NoAnonymousUserBasicAuthServerTest : AbstractBasicAuthServerTest() {
+
+    companion object {
+        private const val PASSWORD = "anotherPassword"
+    }
+
+    override val users = listOf(
+        Configuration.User("user1", hashPassword(PASSWORD), setOf(readersGroup)),
+        Configuration.User("user2", hashPassword(PASSWORD), setOf(writersGroup)),
+        Configuration.User("user3", hashPassword(PASSWORD), setOf(readersGroup, writersGroup)),
+    )
+
+    @Test
+    @Order(1)
+    fun putWithNoAuthorizationHeader() {
+        val client: HttpClient = HttpClient.newHttpClient()
+        val (key, value) = keyValuePair
+
+        val requestBuilder = newRequestBuilder(key)
+            .header("Content-Type", "application/octet-stream")
+            .PUT(HttpRequest.BodyPublishers.ofByteArray(value))
+
+        val response: HttpResponse<String> = client.send(requestBuilder.build(), HttpResponse.BodyHandlers.ofString())
+        Assertions.assertEquals(HttpResponseStatus.UNAUTHORIZED.code(), response.statusCode())
+    }
+
+    @Test
+    @Order(2)
+    fun getWithNoAuthorizationHeader() {
+        val client: HttpClient = HttpClient.newHttpClient()
+        val (key, value) = keyValuePair
+
+        val requestBuilder = newRequestBuilder(key)
+            .GET()
+
+        val response: HttpResponse<ByteArray> = client.send(requestBuilder.build(), HttpResponse.BodyHandlers.ofByteArray())
+        Assertions.assertEquals(HttpResponseStatus.UNAUTHORIZED.code(), response.statusCode())
+    }
+}

src/test/kotlin/net/woggioni/gbcs/test/NoAnonymousUserTlsServerTest.kt

@@ -0,0 +1,47 @@
+package net.woggioni.gbcs.test
+
+import io.netty.handler.codec.http.HttpResponseStatus
+import net.woggioni.gbcs.api.Configuration
+import org.junit.jupiter.api.Assertions
+import org.junit.jupiter.api.Order
+import org.junit.jupiter.api.Test
+import java.net.http.HttpClient
+import java.net.http.HttpRequest
+import java.net.http.HttpResponse
+
+class NoAnonymousUserTlsServerTest : AbstractTlsServerTest() {
+
+    override val users = listOf(
+        Configuration.User("user1", null, setOf(readersGroup)),
+        Configuration.User("user2", null, setOf(writersGroup)),
+        Configuration.User("user3", null, setOf(readersGroup, writersGroup)),
+    )
+
+    @Test
+    @Order(1)
+    fun getAsAnonymousUser() {
+        val (key, _) = keyValuePair
+        val client: HttpClient = getHttpClient(null)
+
+        val requestBuilder = newRequestBuilder(key)
+            .header("Content-Type", "application/octet-stream")
+            .GET()
+
+        val response: HttpResponse<ByteArray> = client.send(requestBuilder.build(), HttpResponse.BodyHandlers.ofByteArray())
+        Assertions.assertEquals(HttpResponseStatus.UNAUTHORIZED.code(), response.statusCode())
+    }
+
+    @Test
+    @Order(2)
+    fun putAsAnonymousUser() {
+        val (key, value) = keyValuePair
+        val client: HttpClient = getHttpClient(null)
+
+        val requestBuilder = newRequestBuilder(key)
+            .header("Content-Type", "application/octet-stream")
+            .PUT(HttpRequest.BodyPublishers.ofByteArray(value))
+
+        val response: HttpResponse<String> = client.send(requestBuilder.build(), HttpResponse.BodyHandlers.ofString())
+        Assertions.assertEquals(HttpResponseStatus.UNAUTHORIZED.code(), response.statusCode())
+    }
+}

src/test/kotlin/net/woggioni/gbcs/test/NoAuthServerTest.kt

@@ -5,6 +5,7 @@ import net.woggioni.gbcs.base.Xml
 import net.woggioni.gbcs.api.Configuration
 import net.woggioni.gbcs.cache.FileSystemCacheConfiguration
 import net.woggioni.gbcs.configuration.Serializer
+import net.woggioni.gbcs.utils.NetworkUtils
 import org.junit.jupiter.api.Assertions
 import org.junit.jupiter.api.Order
 import org.junit.jupiter.api.Test
@@ -32,7 +33,7 @@ class NoAuthServerTest : AbstractServerTest() {
         this.cacheDir = testDir.resolve("cache")
         cfg = Configuration(
             "127.0.0.1",
-            ServerSocket(0).localPort + 1,
+            NetworkUtils.getFreePort(),
             serverPath,
             emptyMap(),
             emptyMap(),
@@ -104,4 +105,28 @@ class NoAuthServerTest : AbstractServerTest() {
         val response: HttpResponse<ByteArray> = client.send(requestBuilder.build(), HttpResponse.BodyHandlers.ofByteArray())
         Assertions.assertEquals(HttpResponseStatus.NOT_FOUND.code(), response.statusCode())
     }
+
+//    @Test
+//    @Order(4)
+//    fun manyRequestsTest() {
+//        val client: HttpClient = HttpClient.newHttpClient()
+//
+//        for(i in 0 until 100000) {
+//
+//            val newEntry = random.nextBoolean()
+//            val (key, _) = if(newEntry) {
+//                newEntry(random)
+//            } else {
+//                keyValuePair
+//            }
+//            val requestBuilder = newRequestBuilder(key).GET()
+//
+//            val response: HttpResponse<ByteArray> = client.send(requestBuilder.build(), HttpResponse.BodyHandlers.ofByteArray())
+//            if(newEntry) {
+//                Assertions.assertEquals(HttpResponseStatus.NOT_FOUND.code(), response.statusCode())
+//            } else {
+//                Assertions.assertEquals(HttpResponseStatus.OK.code(), response.statusCode())
+//            }
+//        }
+//    }
 }

src/test/kotlin/net/woggioni/gbcs/test/TlsServerTest.kt

@@ -8,6 +8,7 @@ import net.woggioni.gbcs.cache.FileSystemCacheConfiguration
 import net.woggioni.gbcs.configuration.Serializer
 import net.woggioni.gbcs.utils.CertificateUtils
 import net.woggioni.gbcs.utils.CertificateUtils.X509Credentials
+import net.woggioni.gbcs.utils.NetworkUtils
 import org.bouncycastle.asn1.x500.X500Name
 import org.junit.jupiter.api.Assertions
 import org.junit.jupiter.api.Order
@@ -31,185 +32,17 @@ import javax.net.ssl.TrustManagerFactory
 import kotlin.random.Random
 
 
-class TlsServerTest : AbstractServerTest() {
+class TlsServerTest : AbstractTlsServerTest() {
 
-    companion object {
+    override val users = listOf(
-        private const val CA_CERTIFICATE_ENTRY = "gbcs-ca"
-        private const val CLIENT_CERTIFICATE_ENTRY = "gbcs-client"
-        private const val SERVER_CERTIFICATE_ENTRY = "gbcs-server"
-        private const val PASSWORD = "password"
-    }
-
-    private lateinit var cacheDir: Path
-    private lateinit var serverKeyStoreFile: Path
-    private lateinit var clientKeyStoreFile: Path
-    private lateinit var trustStoreFile: Path
-    private lateinit var serverKeyStore: KeyStore
-    private lateinit var clientKeyStore: KeyStore
-    private lateinit var trustStore: KeyStore
-    private lateinit var ca: X509Credentials
-
-    private val readersGroup = Configuration.Group("readers", setOf(Role.Reader))
-    private val writersGroup = Configuration.Group("writers", setOf(Role.Writer))
-    private val random = Random(101325)
-    private val keyValuePair = newEntry(random)
-    private val serverPath : String? = null
-
-    private val users = listOf(
         Configuration.User("user1", null, setOf(readersGroup)),
         Configuration.User("user2", null, setOf(writersGroup)),
-        Configuration.User("user3", null, setOf(readersGroup, writersGroup))
+        Configuration.User("user3", null, setOf(readersGroup, writersGroup)),
+        Configuration.User("", null, setOf(readersGroup))
     )
 
-    fun createKeyStoreAndTrustStore() {
-        ca = CertificateUtils.createCertificateAuthority(CA_CERTIFICATE_ENTRY, 30)
-        val serverCert = CertificateUtils.createServerCertificate(ca, X500Name("CN=$SERVER_CERTIFICATE_ENTRY"), 30)
-        val clientCert = CertificateUtils.createClientCertificate(ca, X500Name("CN=$CLIENT_CERTIFICATE_ENTRY"), 30)
-
-        serverKeyStore = KeyStore.getInstance("PKCS12").apply {
-            load(null, null)
-            setEntry(CA_CERTIFICATE_ENTRY, KeyStore.TrustedCertificateEntry(ca.certificate), PasswordProtection(null))
-            setEntry(
-                SERVER_CERTIFICATE_ENTRY,
-                KeyStore.PrivateKeyEntry(
-                    serverCert.keyPair().private,
-                    arrayOf(serverCert.certificate(), ca.certificate)
-                ),
-                PasswordProtection(PASSWORD.toCharArray())
-            )
-        }
-        Files.newOutputStream(this.serverKeyStoreFile).use {
-            serverKeyStore.store(it, null)
-        }
-
-        clientKeyStore = KeyStore.getInstance("PKCS12").apply {
-            load(null, null)
-            setEntry(CA_CERTIFICATE_ENTRY, KeyStore.TrustedCertificateEntry(ca.certificate), PasswordProtection(null))
-            setEntry(
-                CLIENT_CERTIFICATE_ENTRY,
-                KeyStore.PrivateKeyEntry(
-                    clientCert.keyPair().private,
-                    arrayOf(clientCert.certificate(), ca.certificate)
-                ),
-                PasswordProtection(PASSWORD.toCharArray())
-            )
-        }
-        Files.newOutputStream(this.clientKeyStoreFile).use {
-            clientKeyStore.store(it, null)
-        }
-
-        trustStore = KeyStore.getInstance("PKCS12").apply {
-            load(null, null)
-            setEntry(CA_CERTIFICATE_ENTRY, KeyStore.TrustedCertificateEntry(ca.certificate), PasswordProtection(null))
-        }
-        Files.newOutputStream(this.trustStoreFile).use {
-            trustStore.store(it, null)
-        }
-    }
-
-    fun getClientKeyStore(ca: X509Credentials, subject: X500Name) = KeyStore.getInstance("PKCS12").apply {
-        val clientCert = CertificateUtils.createClientCertificate(ca, subject, 30)
-
-        load(null, null)
-        setEntry(CA_CERTIFICATE_ENTRY, KeyStore.TrustedCertificateEntry(ca.certificate), PasswordProtection(null))
-        setEntry(
-            CLIENT_CERTIFICATE_ENTRY,
-            KeyStore.PrivateKeyEntry(clientCert.keyPair().private, arrayOf(clientCert.certificate(), ca.certificate)),
-            PasswordProtection(PASSWORD.toCharArray())
-        )
-    }
-
-    fun getHttpClient(clientKeyStore: KeyStore?): HttpClient {
-        val kmf = clientKeyStore?.let {
-            KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()).apply {
-                init(it, PASSWORD.toCharArray())
-            }
-        }
-
-
-        // Set up trust manager factory with the truststore
-        val tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm())
-        tmf.init(trustStore)
-
-        // Create SSL context with the key and trust managers
-        val sslContext = SSLContext.getInstance("TLS").apply {
-            init(kmf?.keyManagers ?: emptyArray(), tmf.trustManagers, null)
-        }
-        return HttpClient.newBuilder().sslContext(sslContext).build()
-    }
-
-    override fun setUp() {
-        this.clientKeyStoreFile = testDir.resolve("client-keystore.p12")
-        this.serverKeyStoreFile = testDir.resolve("server-keystore.p12")
-        this.trustStoreFile = testDir.resolve("truststore.p12")
-        this.cacheDir = testDir.resolve("cache")
-        createKeyStoreAndTrustStore()
-        cfg = Configuration(
-            "127.0.0.1",
-            ServerSocket(0).localPort + 1,
-            serverPath,
-            users.asSequence().map { it.name to it }.toMap(),
-            sequenceOf(writersGroup, readersGroup).map { it.name to it }.toMap(),
-            FileSystemCacheConfiguration(this.cacheDir,
-                maxAge = Duration.ofSeconds(3600 * 24),
-                compressionEnabled = true,
-                compressionLevel = Deflater.DEFAULT_COMPRESSION,
-                digestAlgorithm = "MD5"
-            ),
-            Configuration.ClientCertificateAuthentication(
-                Configuration.TlsCertificateExtractor("CN", "(.*)"),
-                null
-            ),
-            Configuration.Tls(
-                Configuration.KeyStore(this.serverKeyStoreFile, null, SERVER_CERTIFICATE_ENTRY, PASSWORD),
-                Configuration.TrustStore(this.trustStoreFile, null, false),
-                true
-            ),
-            false,
-        )
-        Xml.write(Serializer.serialize(cfg), System.out)
-    }
-
-    override fun tearDown() {
-    }
-
-    fun newRequestBuilder(key: String) = HttpRequest.newBuilder()
-        .uri(URI.create("https://${cfg.host}:${cfg.port}/${serverPath ?: ""}/$key"))
-
-    fun buildAuthorizationHeader(user: Configuration.User, password: String): String {
-        val b64 = Base64.getEncoder().encode("${user.name}:${password}".toByteArray(Charsets.UTF_8)).let {
-            String(it, StandardCharsets.UTF_8)
-        }
-        return "Basic $b64"
-    }
-
-    fun newEntry(random: Random): Pair<String, ByteArray> {
-        val key = ByteArray(0x10).let {
-            random.nextBytes(it)
-            Base64.getUrlEncoder().encodeToString(it)
-        }
-        val value = ByteArray(0x1000).also {
-            random.nextBytes(it)
-        }
-        return key to value
-    }
-
     @Test
     @Order(1)
-    fun putWithNoClientCertificate() {
-        val client: HttpClient = getHttpClient(null)
-        val (key, value) = keyValuePair
-
-        val requestBuilder = newRequestBuilder(key)
-            .header("Content-Type", "application/octet-stream")
-            .PUT(HttpRequest.BodyPublishers.ofByteArray(value))
-
-        val response: HttpResponse<String> = client.send(requestBuilder.build(), HttpResponse.BodyHandlers.ofString())
-        Assertions.assertEquals(HttpResponseStatus.UNAUTHORIZED.code(), response.statusCode())
-    }
-
-    @Test
-    @Order(2)
     fun putAsAReaderUser() {
         val (key, value) = keyValuePair
         val user = cfg.users.values.find {
@@ -225,9 +58,8 @@ class TlsServerTest : AbstractServerTest() {
     }
 
     @Test
-    @Order(3)
+    @Order(2)
     fun getAsAWriterUser() {
-
         val (key, _) = keyValuePair
         val user = cfg.users.values.find {
             Role.Writer in it.roles
@@ -235,7 +67,6 @@ class TlsServerTest : AbstractServerTest() {
         val client: HttpClient = getHttpClient(getClientKeyStore(ca, X500Name("CN=${user.name}")))
 
         val requestBuilder = newRequestBuilder(key)
-            .header("Authorization", buildAuthorizationHeader(user, PASSWORD))
             .GET()
 
         val response: HttpResponse<String> = client.send(requestBuilder.build(), HttpResponse.BodyHandlers.ofString())
@@ -243,9 +74,8 @@ class TlsServerTest : AbstractServerTest() {
     }
 
     @Test
-    @Order(4)
+    @Order(3)
     fun putAsAWriterUser() {
-
         val (key, value) = keyValuePair
         val user = cfg.users.values.find {
             Role.Writer in it.roles
@@ -254,7 +84,6 @@ class TlsServerTest : AbstractServerTest() {
 
         val requestBuilder = newRequestBuilder(key)
             .header("Content-Type", "application/octet-stream")
-            .header("Authorization", buildAuthorizationHeader(user, PASSWORD))
             .PUT(HttpRequest.BodyPublishers.ofByteArray(value))
 
         val response: HttpResponse<String> = client.send(requestBuilder.build(), HttpResponse.BodyHandlers.ofString())
@@ -262,7 +91,7 @@ class TlsServerTest : AbstractServerTest() {
     }
 
     @Test
-    @Order(5)
+    @Order(4)
     fun getAsAReaderUser() {
         val (key, value) = keyValuePair
         val user = cfg.users.values.find {
@@ -271,7 +100,6 @@ class TlsServerTest : AbstractServerTest() {
         val client: HttpClient = getHttpClient(getClientKeyStore(ca, X500Name("CN=${user.name}")))
 
         val requestBuilder = newRequestBuilder(key)
-            .header("Authorization", buildAuthorizationHeader(user, PASSWORD))
             .GET()
 
         val response: HttpResponse<ByteArray> =
@@ -281,7 +109,7 @@ class TlsServerTest : AbstractServerTest() {
     }
 
     @Test
-    @Order(6)
+    @Order(5)
     fun getMissingKeyAsAReaderUser() {
         val (key, _) = newEntry(random)
         val user = cfg.users.values.find {
@@ -290,11 +118,39 @@ class TlsServerTest : AbstractServerTest() {
         val client: HttpClient = getHttpClient(getClientKeyStore(ca, X500Name("CN=${user.name}")))
 
         val requestBuilder = newRequestBuilder(key)
-            .header("Authorization", buildAuthorizationHeader(user, PASSWORD))
             .GET()
 
         val response: HttpResponse<ByteArray> =
             client.send(requestBuilder.build(), HttpResponse.BodyHandlers.ofByteArray())
         Assertions.assertEquals(HttpResponseStatus.NOT_FOUND.code(), response.statusCode())
     }
+
+    @Test
+    @Order(6)
+    fun getAsAnonymousUser() {
+        val (key, value) = keyValuePair
+        val client: HttpClient = getHttpClient(null)
+
+        val requestBuilder = newRequestBuilder(key)
+            .header("Content-Type", "application/octet-stream")
+            .GET()
+
+        val response: HttpResponse<ByteArray> = client.send(requestBuilder.build(), HttpResponse.BodyHandlers.ofByteArray())
+        Assertions.assertEquals(HttpResponseStatus.OK.code(), response.statusCode())
+        Assertions.assertArrayEquals(value, response.body())
+    }
+
+    @Test
+    @Order(7)
+    fun putAsAnonymousUser() {
+        val (key, value) = keyValuePair
+        val client: HttpClient = getHttpClient(null)
+
+        val requestBuilder = newRequestBuilder(key)
+            .header("Content-Type", "application/octet-stream")
+            .PUT(HttpRequest.BodyPublishers.ofByteArray(value))
+
+        val response: HttpResponse<String> = client.send(requestBuilder.build(), HttpResponse.BodyHandlers.ofString())
+        Assertions.assertEquals(HttpResponseStatus.FORBIDDEN.code(), response.statusCode())
+    }
 }

src/test/resources/logback.xml

@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!DOCTYPE configuration>
+
+<configuration>
+    <import class="ch.qos.logback.classic.encoder.PatternLayoutEncoder"/>
+    <import class="ch.qos.logback.core.ConsoleAppender"/>
+
+    <appender name="console" class="ConsoleAppender">
+        <target>System.err</target>
+        <encoder class="PatternLayoutEncoder">
+            <pattern>%d [%highlight(%-5level)] \(%thread\) %logger{36} -%kvp- %msg %n</pattern>
+        </encoder>
+    </appender>
+
+    <root level="info">
+        <appender-ref ref="console"/>
+    </root>
+    <logger name="io.netty" level="debug"/>
+    <logger name="com.google.code.yanf4j" level="warn"/>
+    <logger name="net.rubyeye.xmemcached" level="warn"/>
+</configuration>

src/test/resources/net/woggioni/gbcs/test/gbcs-default.xml

@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
 <gbcs:server useVirtualThreads="false" xmlns:xs="http://www.w3.org/2001/XMLSchema-instance"
              xmlns:gbcs="urn:net.woggioni.gbcs"
-             xs:schemaLocation="urn:net.woggioni.gbcs classpath:net/woggioni/gbcs/schema/gbcs.xsd">
+             xs:schemaLocation="urn:net.woggioni.gbcs jpms://net.woggioni.gbcs/net/woggioni/gbcs/schema/gbcs.xsd">
     <bind host="127.0.0.1" port="11443"/>
     <cache xs:type="gbcs:fileSystemCacheType" path="/tmp/gbcs" max-age="P7D"/>
     <authentication>

src/test/resources/net/woggioni/gbcs/test/gbcs-memcached.xml

@@ -2,9 +2,9 @@
 <gbcs:server useVirtualThreads="false" xmlns:xs="http://www.w3.org/2001/XMLSchema-instance"
              xmlns:gbcs="urn:net.woggioni.gbcs"
              xmlns:gbcs-memcached="urn:net.woggioni.gbcs-memcached"
-             xs:schemaLocation="urn:net.woggioni.gbcs classpath:net/woggioni/gbcs/schema/gbcs.xsd urn:net.woggioni.gbcs-memcached classpath:net/woggioni/gbcs/memcached/schema/gbcs-memcached.xsd">
+             xs:schemaLocation="urn:net.woggioni.gbcs-memcached jpms://net.woggioni.gbcs.memcached/net/woggioni/gbcs/memcached/schema/gbcs-memcached.xsd urn:net.woggioni.gbcs jpms://net.woggioni.gbcs/net/woggioni/gbcs/schema/gbcs.xsd">
     <bind host="127.0.0.1" port="11443" />
-    <cache xs:type="gbcs-memcached:memcachedCacheType" max-age="P7D" max-size="101325" compression-mode="gzip" digest="SHA-256">
+    <cache xs:type="gbcs-memcached:memcachedCacheType" max-age="P7D" max-size="101325" digest="SHA-256">
         <server host="127.0.0.1" port="11211"/>
     </cache>
     <authentication>

src/test/resources/net/woggioni/gbcs/test/gbcs-tls.xml

@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<gbcs:server useVirtualThreads="false" xmlns:xs="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:gbcs="urn:net.woggioni.gbcs"
+             xs:schemaLocation="urn:net.woggioni.gbcs jpms://net.woggioni.gbcs/net/woggioni/gbcs/schema/gbcs.xsd">
+    <bind host="127.0.0.1" port="11443"/>
+    <cache xs:type="gbcs:fileSystemCacheType" path="/tmp/gbcs" max-age="P7D"/>
+    <authorization>
+        <users>
+            <user name="user1" password="password1"/>
+            <user name="user2" password="password2"/>
+            <user name="user3" password="password3"/>
+        </users>
+        <groups>
+            <group name="readers">
+                <users>
+                    <user ref="user1"/>
+<!--                    <user ref="user5"/>-->
+                    <anonymous/>
+                </users>
+                <roles>
+                    <reader/>
+                </roles>
+            </group>
+            <group name="writers">
+                <users>
+                    <user ref="user2"/>
+                </users>
+                <roles>
+                    <writer/>
+                </roles>
+            </group>
+            <group name="readers-writers">
+                <users>
+                    <user ref="user3"/>
+                </users>
+                <roles>
+                    <reader/>
+                    <writer/>
+                </roles>
+            </group>
+        </groups>
+    </authorization>
+    <authentication>
+        <client-certificate>
+            <group-extractor pattern="group-pattern" attribute-name="O"/>
+            <user-extractor pattern="user-pattern" attribute-name="CN"/>
+        </client-certificate>
+    </authentication>
+    <tls>
+        <keystore file="keystore.pfx" key-alias="key1" password="password" key-password="key-password"/>
+        <truststore file="truststore.pfx" password="password" check-certificate-status="true" />
+    </tls>
+</gbcs:server>