[
https://issues.apache.org/jira/browse/SLING-8375?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16874074#comment-16874074
]
Viorel Lupu commented on SLING-8375:
------------------------------------
[~rombert]: After reviewing the PR to automatically identify and skip protected
properties it was found that for example {{jcr:created}} and {{security:acl}}
have different semantics in oak although they are both protected so this
approach was discarded in favour of introducing a new POST parameter
{{:ignoreProperties}} which will take a list of properties to skip. What do you
think about this alternative approach? It will be safer, more configurable and
more predictable, and will won't have any risk of regressions.
Also, do you think it would make sense to make {{jcr:created}} and
{{jcr:createdBy}} be the default items in the list?
> SlingPostServlet: :import operation must skip protected properties if present
> -----------------------------------------------------------------------------
>
> Key: SLING-8375
> URL: https://issues.apache.org/jira/browse/SLING-8375
> Project: Sling
> Issue Type: Improvement
> Components: Servlets
> Environment: AEM 6.3
> Reporter: Viorel Lupu
> Priority: Major
> Labels: import, json
> Fix For: Servlets Post 2.3.32
>
> Attachments: error-import-json.log
>
> Time Spent: 3h
> Remaining Estimate: 0h
>
> h2. Description
> Posting JSON content to the SlingPostServlet with *:import* operation as
> documented at
> [https://sling.apache.org/documentation/bundles/manipulating-content-the-slingpostservlet-servlets-post.html#importing-content-structures]
> fails when the JSON payload contains protected property names such as:
>
> {code:java}
> "jcr:createdBy",
> "jcr:created",
> "jcr:createdBy",
> "jcr:baseVersion",
> "jcr:lastModified",
> "jcr:lastModifiedBy",
> "jcr:uuid",
> "cq:lastModified",
> "cq:lastModifiedBy",
> "cq:lastReplicated",
> "jcr:versionHistory",
> "rep:policy",
> "onTime",
> "offTime"
> {code}
> {code:java}
> # curl invocation
> curl -L -vv -u admin:admin \
> -F ":operation=import" \
> -F ":contentType=json" \
> -F ":name=newcontentnode" \
> -F ":[email protected]" \
> -F ":replace=true" \
> -H 'Referer: http://localhost:4502/content/we-retail/language-masters/en' \
> -H 'User-Agent: Adobe-Campaign/5.0' \
> http://localhost:4502/content/we-retail/language-masters/en{code}
>
> h2. Suggested Improvement
> Add a new POST parameter {{:ignoreProperties}} which can take a
> comma-separated list of properties for the importer to skip.
> h2. Error.log:
> more detailed error log attached to issue
>
> {code:java}
> 26.04.2019 16:34:55.298 *ERROR* [0:0:0:0:0:0:0:1 [1556289295274] POST
> /content/we-retail/language-masters HTTP/1.1]
> org.apache.sling.servlets.post.impl.operations.ImportOperation Exception
> during response processing.
> javax.jcr.nodetype.ConstraintViolationException: Property is protected:
> jcr:createdBy = admin
> at
> org.apache.jackrabbit.oak.jcr.delegate.NodeDelegate.setProperty(NodeDelegate.java:525)
> at
> org.apache.jackrabbit.oak.jcr.session.NodeImpl$35.perform(NodeImpl.java:1376)
> at
> org.apache.jackrabbit.oak.jcr.session.NodeImpl$35.perform(NodeImpl.java:1364)
> at
> org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.perform(SessionDelegate.java:208)
> at org.apache.jackrabbit.oak.jcr.session.ItemImpl.perform(ItemImpl.java:112)
> at
> org.apache.jackrabbit.oak.jcr.session.NodeImpl.internalSetProperty(NodeImpl.java:1364)
> at
> org.apache.jackrabbit.oak.jcr.session.NodeImpl.setProperty(NodeImpl.java:434)
> at
> org.apache.sling.jcr.contentloader.internal.DefaultContentCreator.createProperty(DefaultContentCreator.java:361)
> at
> org.apache.sling.jcr.contentloader.internal.readers.JsonReader.createProperty(JsonReader.java:226)
> at
> org.apache.sling.jcr.contentloader.internal.readers.JsonReader.createNode(JsonReader.java:199)
> at
> org.apache.sling.jcr.contentloader.internal.readers.JsonReader.createNode(JsonReader.java:197)
> at
> org.apache.sling.jcr.contentloader.internal.readers.JsonReader.parse(JsonReader.java:159)
> at
> org.apache.sling.jcr.contentloader.internal.DefaultContentImporter.importContent(DefaultContentImporter.java:93)
> at
> org.apache.sling.servlets.post.impl.operations.ImportOperation.doRun(ImportOperation.java:176)
> at
> org.apache.sling.servlets.post.AbstractPostOperation.run(AbstractPostOperation.java:97)
> at
> org.apache.sling.servlets.post.impl.SlingPostServlet.doPost(SlingPostServlet.java:205)
> at
> org.apache.sling.api.servlets.SlingAllMethodsServlet.mayService(SlingAllMethodsServlet.java:146)
> at
> org.apache.sling.api.servlets.SlingSafeMethodsServlet.service(SlingSafeMethodsServlet.java:342)
> at
> org.apache.sling.api.servlets.SlingSafeMethodsServlet.service(SlingSafeMethodsServlet.java:374)
> at
> org.apache.sling.engine.impl.request.RequestData.service(RequestData.java:552)
> {code}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
