[improve][misc] Upgrade to Jetty 12.1.x

[lhotari]

Fixes #22939

Motivation

Jetty 9.x currently used by Pulsar is not maintained anymore. The end of community support was in 6/2022 and end of life in 1/2025: jetty/jetty.project#7958

Jetty 9.4.58.v20250814 contains CVE-2024-6763 and there aren't plans to address it in Jetty 9 since it's end-of-life.

Modifications

• Upgrade to Jetty 12.1.5 using EE8 (javax.servlet namespace) APIs
• Add Zookeeper and BookKeeper Prometheus metrics providers where Jetty 9 usage has been changed to use Jetty 12.1.x/ee8. These modules have been added under jetty-upgrade directory.
• Replace Jetty specific ServletHolder getServletHolder() method with Object getServletInstance() method in the AdditionalServlet interface. This currently supports javax.servlet.Servlet instances, but later on support for jakarta.servlet.Servlet could be added.
• Patch Zookeeper Server so that the Admin server package is replaced with a patched package that uses Jetty 12.1.x API so that Zookeeper Admin server can be run in the Pulsar deployment with Jetty 12.1.x.
  • In Zookeeper there's issue https://issues.apache.org/jira/browse/ZOOKEEPER-4931 to track Jetty upgrade. Until that is finished, we will have to use the patched artifact in order to switch to Jetty 12 while enabling the Admin server. The Admin server is important for Zookeeper backup & restore operations.

Additional information

There's some remaining use of Jetty 9 in the project.

• pulsar-io/alluxio
• tiered-storage/file-system test scope

Please notice that this upgrade contains a breaking change in the org.apache.pulsar.broker.web.plugin.servlet.AdditionalServlet interface due to the existing interface coupling directly to Jetty 9 implementation details with the use of org.eclipse.jetty.servlet.ServletHolder class in the AdditionalServlet interface. This coupling has been removed in this PR.

Documentation

• doc
• doc-required
• doc-not-needed
• doc-complete

[codecov-commenter]

Codecov Report

❌ Patch coverage is 46.47809% with 965 lines in your changes missing coverage. Please review.
✅ Project coverage is 72.66%. Comparing base (fbab357) to head (2cd5c50).
⚠️ Report is 1 commits behind head on master.

Files with missing lines	Patch %	Lines
...va/org/apache/zookeeper/server/admin/Commands.java	0.00%	404 Missing ⚠️
...pache/zookeeper/server/admin/JettyAdminServer.java	0.00%	157 Missing ⚠️
...rometheus/zookeeper/PrometheusMetricsProvider.java	86.54%	27 Missing and 10 partials ⚠️
...apache/zookeeper/server/admin/CommandResponse.java	0.00%	31 Missing ⚠️
...cs/prometheus/bookkeeper/PrometheusTextFormat.java	76.47%	22 Missing and 6 partials ⚠️
...ometheus/bookkeeper/PrometheusMetricsProvider.java	75.82%	18 Missing and 4 partials ⚠️
...g/apache/zookeeper/server/admin/JsonOutputter.java	0.00%	21 Missing ⚠️
...che/zookeeper/server/admin/AdminServerFactory.java	0.00%	20 Missing ⚠️
...ookkeeper/ThreadScopedDataSketchesStatsLogger.java	58.69%	17 Missing and 2 partials ⚠️
...org/apache/zookeeper/server/admin/CommandBase.java	0.00%	17 Missing ⚠️
... and 38 more

Additional details and impacted files

@@              Coverage Diff              @@
##             master   #25100       +/-   ##
=============================================
+ Coverage     30.84%   72.66%   +41.82%     
- Complexity       51    34167    +34116     
=============================================
  Files          1840     1953      +113     
  Lines        145469   154250     +8781     
  Branches      16907    17563      +656     
=============================================
+ Hits          44866   112084    +67218     
+ Misses        93599    33247    -60352     
- Partials       7004     8919     +1915     

Flag	Coverage Δ
inttests	25.69% <22.62%> (-0.67%)	⬇️
systests	22.46% <19.68%> (-0.54%)	⬇️
unittests	73.58% <41.00%> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines	Coverage Δ
...r/broker/web/plugin/servlet/AdditionalServlet.java	100.00% <100.00%> (ø)
...ugin/servlet/AdditionalServletWithClassLoader.java	92.59% <100.00%> (+92.59%)	⬆️
...pulsar/jetty/metrics/JettyStatisticsCollector.java	100.00% <100.00%> (ø)
...pache/pulsar/jetty/tls/JettySslContextFactory.java	90.47% <100.00%> (+40.47%)	⬆️
...oker/web/plugin/servlet/MockAdditionalServlet.java	0.00% <ø> (ø)
...ats/prometheus/PulsarPrometheusMetricsServlet.java	50.00% <ø> (+40.90%)	⬆️
...org/apache/pulsar/broker/web/ExceptionHandler.java	100.00% <100.00%> (+100.00%)	⬆️
.../pulsar/client/admin/internal/PulsarAdminImpl.java	79.04% <100.00%> (+13.33%)	⬆️
...client/admin/internal/http/AsyncHttpConnector.java	85.13% <100.00%> (+20.05%)	⬆️
...he/pulsar/websocket/MultiTopicConsumerHandler.java	38.63% <ø> (+38.63%)	⬆️
... and 51 more

... and 1488 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[lhotari]

This PR is ready for review, I just marked it draft so that we don't merge it before we are ready to do so.