Improve detection of secure requests for HTTP/1

[sbordet]

Jetty version(s)
12.1.x

HTTP version
HTTP/1.1

Description
HttpConnection.HttpStreamOverHTTP1.headerComplete() tries to detect whether a request is secure via instanceof SslEndPoint.

However, this does not work when HAProxy offloads TLS and then sends PROXY-V2 information to the backend.

The correct way is more likely endPoint.getSslSessionData() != null.

[joakime]

When using PROXY-V2 will you get Forwarding headers?

[sbordet]

When using PROXY-V2 will you get Forwarding headers?

No, it's a different wire protocol at low level.

We should document that PROXY-V1 does not support the transmission of security attributes, so the request will always be detected as non-secure.

[sbordet]

This change is necessary because other components may need to know whether a request is secure, most notably SecurityHandler when using Constraint.SECURE_TRANSPORT.

In a deployment with HAProxy to offload TLS and Jetty in the backend with such security configuration, requests that have that constraint will currently fail, as the request is not considered secure when it arrives in Jetty.