Update `ErrorPageFilter` so that a Tomcat `ClientAbortException` no
longer causes "Cannot forward to error page for request" logging for
committed responses. Since a `ClientAbortException` indicates that the
client is no longer available it's of no consequence that the request
has been committed and the forward will fail.
Closes gh-13221
Port "setHttpOnly on the TomcatContext" fix from commit 4d84933ee4 to
2.0.x. Since `Session` details are now configured on the
`WebServerFactory` we can directly configure the context.
See gh-12580
Update `ServerProperties` to also call `setHttpOnly` on the
`TomcatContext`. It appears that this is required in addition to
using the `ServletContextInitializer` to setup `SessionCookieConfig`.
Closes gh-12580
For Tomcat, if an SslStoreProvider is configured,
`SslStoreProviderUrlStreamHandlerFactory` stores the trust-store with an
empty password. Previously, if a password was supplied using the
ssl.trust-store-password property, that would be the password used to
load the trust-store and the connector would warn with "Password
verification failed" message.
Fixes gh-12688
This commit fixes endpoint extension discovery when the related endpoint
is sub-classed. Previously, a strict by type check was applied against
the `endpoint` attribute of `EndpointExtension`.
Rather than using a `Class` check, this commit extracts the id of an
endpoint and uses it to match its extension, if any.
Closes gh-13082