Problem with App Engine Java with new HTTP Connector - It's return status 403. "Error: !Secure"

[suttiwat]

Refer to "Google App Engine Java new performant HTTP connector" document. https://github.com/GoogleCloudPlatform/appengine-java-standard/blob/main/httpconnector.md

So I decide to test with my app. After I add this below properties into appengine-web.xml

property name="appengine.use.httpconnector" value="true"

and then re-deploy the service. Perform testing by HTTP GET on the browser, it's return status 403. And display the message: Error: !Secure" on the browser.

So I have revert it by change the value from 'true' to 'false' and re-deploy everything work as usual.

My environement is below ...
Runtime: java17
Using app-engine-apis: true
on F4 instance, automatic scaling.

Anybody has this kind of issue like me?

[ludoch]

Thanks for the report, looking!

[ludoch]

While we investigate, there is another setting you can try that will help us:
By default Java17 still uses jetty9.4. There is another flag to move to Jetty12:
Please add

<system-properties>
        <property name="appengine.use.EE8" value="true"/>
 </system-properties>

That will keep javax.servlet.* APIs, but move to Jetty12. Since the code path is a bit different, it would be nice to see if you see the same issue.

[suttiwat]

Thank Ludoch, As I checked from https://cloud.google.com/appengine/docs/standard/java-gen2/upgrade-java-runtime As I see from the "Java runtime compatibility" table , I don't see Java 17 with Jetty 12 is listed in the table.

The question is, If I add properties "appengine.use.EE8" and set it to true on Java 17. Is it supported configuration in Production environment? I'm worry, because it's not list in the table. I need to run my server app on supported production environment without any risk. So please make sure on this. I've no plan to update to Java 21 yet.

I will be feel good and safe if that table included Java 17 and Jetty 12 on the list. :)

[ludoch]

Ack!

[suttiwat]

Hi Ludoch , After I added property "appengine.use.EE8" (jetty 12) to my test service. Now it's running as expected with new HTTP connector. No return 403 as I seen right now.

So Refer to my previous comment above, If I use "appengine.use.EE8" with Java 17 , it's in supported production environment right? No side effect or any risk? So that I will apply this to my production environment next.

Waiting for your confirmation.

Thanks Ludoch

[ludoch]

The last PR should do the fix for Jetty94 path (default in Java17).
For EE8 on Java17, the intent is to make it public, pending some extra internal probers we need to put in place. You should not see app behavior differences or they would be very similar to EE8 and Java21, as the EE8 code base is identical for both JDKs.

[ludoch]

The fix is now propagating to production environment (currently 65%, eta before end of the weekend)