This cannot be enforced strictly for openfire IQ handlers to process packets for custom namespaces. I am modifying the original fix to exclude IQ handlers and also check for anonymous users.

S2s fixes. Thanks for doing this. I am experimenting with websockets for Openfire s2s and I need these fixes.

OF-709: Somewhere between my initial commit, Flow's squashing and the code review, this code change was dropped. It is required to enable access to http-bind root folder for static web pages.

OF-823 Numeric overflow in MUCPersistenceManager when loading history ol...

This adds TLS information and Authentication choices to the server session
details page.

In doing so, it factors out a ServerSession interface, and LocalServerSession
class.

Now subsumed by other checks.

A few changes here:

1) Don't recurse up the DNS tree. That's just wrong.

2) Also, don't assume that a subdomain is handled by a parent domain's server.
Still wrong.

3) Check certificates post-connect using our new logic, and drop the session
if they don't match and we're not meant to be doing dialback.

4) Do use EXTERNAL if offered, even if we're using a self-signed certificate.
There's no value in not doing so, it's a bizarre behaviour.

5) Disable S2S Compression; it's currently not working. XPP reset seems to fail,
so doing replacement of the input stream instead.

6) Protect against a null features after TLS. Seems unlikely to happen, but
still.

If a server requires TLS, it will reject our attempts to verify a dialback
key currently. Log this in the logs rather than (confusingly) ignoring it.

When processing a <db:result/>, this checks for the certificate first. If
this matches, then we don't bother actually dialling back, speeding up the
session setup.

This factors out the certificate verification function.

See XEP-0220, Dialback Errors.

This reduces disconnect in the case of piggybacking errors, and provides better
diagnostics.

Remove activation.jar - It's bundled since Java6

Ignore .DS_Store files

(instead of IQOwnerHandler)

Plugin: user service - add new request type: grouplist & usergrouplist 

OF-397 Do not deliver offline messages to clients with negative priority

OF-818 Message routing to bare JID can route to negative priority resour...

Fix 'RFC 6121 8.5.1. No Such User' for IQ stanzas

OF-805 [MUC] OF does not return all affiliated users when requesting mul...

Remove dispensable logic in the IQOwnerHandler, which deals with MUC aff...

Fixes to javadocs to allow rpmbuild to work

MUC affiliations are managed in the #admin namespace, not in the #owner namespace.
This is already a minor contribution to OF-178 (Updating MUC to latest version).

When requesting:
<iq type="get" to="6ace0fd2f59f13c2484336dd06b4462a@bizmanager.msz006" id="getRoomMemberList">
<query xmlns="http://jabber.org/protocol/muc#admin">
<item affiliation="member"/>
<item affiliation="owner"/>
<item affiliation="admin"/>
</query>
</iq>

Openfire does only return admins (the last requested affiliation).
This fix rectifies this.

This commit fixes the regression, that was introduced with the addition of Message Carbons.
Message Carbons are delivered to all non-negative sessions.
If there's no Message Carbons-enabled session, it will be delivered to the highest priority session only.

As per RFC 6121 8.5.2.1.1. Message and XEP-0160

IQ stanzas, which were routed to a non-existent user were falsely replied to with an IQ-result (e.g. ping).
This fix checks for the existence of the user and returns an error, in case the user does not exist.

OF-405 - TLS certificate validation and authentication issues

OF-819 IQs of type error get falsely routed to IQ.createResult() which r...

OF-819 IQs of type error get falsely routed to IQ.createResult() which results in an Exception and connection termination

This can happen, if the session is in wrong status (e.g. if the user has not yet authenticated) and the client responds with an error IQ.
Only reply to an IQ if it is type get or set.