[jira] [Commented] (SLING-11988) Apache Sling Testing Sling Mock Core Vulnerabilities
[ https://issues.apache.org/jira/browse/SLING-11988?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17754844#comment-17754844 ] Nok Arrenu commented on SLING-11988: [~sseifert] - Thank you so much for responding to this ticket and recommending a possible solution for us. > Apache Sling Testing Sling Mock Core Vulnerabilities > > > Key: SLING-11988 > URL: https://issues.apache.org/jira/browse/SLING-11988 > Project: Sling > Issue Type: Bug >Reporter: Nok Arrenu >Priority: Major > > Hello Apache Sling team, > The latest [Apache Sling Testing Sling Mock > Core|https://mvnrepository.com/artifact/org.apache.sling/org.apache.sling.testing.sling-mock.core] > version 3.4.10 > ([https://mvnrepository.com/artifact/org.apache.sling/org.apache.sling.testing.sling-mock.core/3.4.10]) > that was released in May 2023 currently has these 3 vulnerabilities: > [CVE-2023-25621|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25621] > [CVE-2022-32549|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32549] > [CVE-2021-29425|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29425] > Can you please share your timeline on when the above vulnerabilities will be > fixed? > Thanks! -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [sling-maven-enforcer-rules] dependabot[bot] opened a new pull request, #4: Bump org.apache.maven:maven-core from 3.2.5 to 3.8.1
dependabot[bot] opened a new pull request, #4: URL: https://github.com/apache/sling-maven-enforcer-rules/pull/4 Bumps [org.apache.maven:maven-core](https://github.com/apache/maven) from 3.2.5 to 3.8.1. Commits https://github.com/apache/maven/commit/05c21c65bdfed0f71a2f2ada8b84da59348c4c5d;>05c21c6 [maven-release-plugin] prepare release maven-3.8.1 https://github.com/apache/maven/commit/d295dc362fe7d7b189b4976a5742a17362eb51a1;>d295dc3 [MNG-7128] keep blocked attribute from mirrors in artifact repositories https://github.com/apache/maven/commit/a46906806a31edb462b935e380a657b6efde6231;>a469068 next version in branch 3.8.x is 3.8.1-SNAPSHOT https://github.com/apache/maven/commit/dad8a3e1c55f34b7949945bc622f26447ddbf4f9;>dad8a3e [maven-release-plugin] prepare for next development iteration https://github.com/apache/maven/commit/6aa1f4acf5d6323e9aa08b763cb9933dc96749b9;>6aa1f4a [maven-release-plugin] prepare release maven-3.8.0 https://github.com/apache/maven/commit/907d53ad3264718f66ff15e1363d76b07dd0c05f;>907d53a [MNG-7118] block HTTP repositories by default https://github.com/apache/maven/commit/899465aeec03753ea91e15a79579eab76369c016;>899465a [MNG-7117] add support for blocked mirror https://github.com/apache/maven/commit/fa79cb22e456cc65522b5bab8c4240fe08c5775f;>fa79cb2 [MNG-7116] add support for mirrorOf external:http:* https://github.com/apache/maven/commit/e5f6634e17362387282b3867c9b23d4b54fea871;>e5f6634 use Maven Resolver 1.6.2 https://github.com/apache/maven/commit/09f77da9b0c39848fe763bdd4a392151eec0d8c3;>09f77da [MNG-7119] Upgrade Maven Wagon to 3.4.3 Additional commits viewable in https://github.com/apache/maven/compare/maven-3.2.5...maven-3.8.1;>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apache/sling-maven-enforcer-rules/network/alerts). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [VOTE] Release Apache Sling Testing ResourceResolver Mock 1.4.4, Testing OSGi Mock 3.3.10, Testing Sling Mock 3.4.12
On Tue, 2023-08-15 at 13:57 +, Stefan Seifert wrote: > Please vote to approve this release: +1 Robert signature.asc Description: This is a digitally signed message part
Re: [VOTE] Release Apache Sling Engine 2.15.6
+1 (non-binding) - Andy > On Aug 15, 2023, at 6:26 AM, Radu Cotescu wrote: > > Hi, > > We solved 1 issue in this release: > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310710=12353543=Text > > Staging repository: > https://repository.apache.org/content/repositories/orgapachesling-2778/ > > You can use this UNIX script to download the release and verify the > signatures: > https://raw.githubusercontent.com/apache/sling-tooling-release/master/check_staged_release.sh > > Usage: > sh check_staged_release.sh 2778 /tmp/sling-staging > > Please vote to approve this release: > > [ ] +1 Approve the release > [ ] 0 Don't care > [ ] -1 Don't release, because ... > > This majority vote is open for at least 72 hours. > > Regards, > Radu Cotescu
Re: [VOTE] Release Apache Sling Testing ResourceResolver Mock 1.4.4, Testing OSGi Mock 3.3.10, Testing Sling Mock 3.4.12
+1 Carsten On 15.08.2023 15:57, Stefan Seifert wrote: Hi, Testing ResourceResolver Mock 1.4.4 (2 issues) https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310710=12353251 Testing OSGi Mock 3.3.10 (3 issues) https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310710=12353250 Testing Sling Mock 3.4.12 (4 issues) https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310710=12353252 Staging repository: https://repository.apache.org/content/repositories/orgapachesling-2779/ You can use this UNIX script to download the release and verify the signatures: https://raw.githubusercontent.com/apache/sling-tooling-release/master/check_staged_release.sh Usage: sh check_staged_release.sh 2779 /tmp/sling-staging Please vote to approve this release: [ ] +1 Approve the release [ ] 0 Don't care [ ] -1 Don't release, because ... This majority vote is open for at least 72 hours. stefan -- Carsten Ziegeler Adobe cziege...@apache.org
RE: [VOTE] Release Apache Sling Testing ResourceResolver Mock 1.4.4, Testing OSGi Mock 3.3.10, Testing Sling Mock 3.4.12
+1 stefan
RE: [VOTE] Release Apache Sling Engine 2.15.6
+1 stefan
[VOTE] Release Apache Sling Testing ResourceResolver Mock 1.4.4, Testing OSGi Mock 3.3.10, Testing Sling Mock 3.4.12
Hi, Testing ResourceResolver Mock 1.4.4 (2 issues) https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310710=12353251 Testing OSGi Mock 3.3.10 (3 issues) https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310710=12353250 Testing Sling Mock 3.4.12 (4 issues) https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310710=12353252 Staging repository: https://repository.apache.org/content/repositories/orgapachesling-2779/ You can use this UNIX script to download the release and verify the signatures: https://raw.githubusercontent.com/apache/sling-tooling-release/master/check_staged_release.sh Usage: sh check_staged_release.sh 2779 /tmp/sling-staging Please vote to approve this release: [ ] +1 Approve the release [ ] 0 Don't care [ ] -1 Don't release, because ... This majority vote is open for at least 72 hours. stefan
[jira] [Resolved] (SLING-11796) The ResourceResolverFactory dependency should be dynamic
[
https://issues.apache.org/jira/browse/SLING-11796?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Carsten Ziegeler resolved SLING-11796.
--
Resolution: Fixed
> The ResourceResolverFactory dependency should be dynamic
>
>
> Key: SLING-11796
> URL: https://issues.apache.org/jira/browse/SLING-11796
> Project: Sling
> Issue Type: Improvement
> Components: Servlets
>Affects Versions: Servlets Resolver 2.9.4
>Reporter: Radu Cotescu
>Assignee: Carsten Ziegeler
>Priority: Major
> Fix For: Servlets Resolver 2.9.16
>
>
> The {{BundledScriptTracker}} requires the {{ResourceResolverFactory}} to
> determine servlets for resource types should be added to the servlets
> hierarchy. However, in a system with a large number of servlets a restart of
> the {{ResourceResolverFactory}} forces the servlets' reregistration. This is
> an expensive operation which should happen if really required. Since the
> tracker only needs the search path information from the
> {{ResourceResolverFactory}}, this reference should be made dynamic and the
> tracker should reregister the servlets only in the case the search paths
> array has changed.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[GitHub] [sling-org-apache-sling-servlets-resolver] cziegeler merged pull request #41: SLING-11796 - The ResourceResolverFactory dependency should be dynamic
cziegeler merged PR #41: URL: https://github.com/apache/sling-org-apache-sling-servlets-resolver/pull/41 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [VOTE] Release Apache Sling Engine 2.15.6
+1 Carsten On 15.08.2023 15:26, Radu Cotescu wrote: Hi, We solved 1 issue in this release: https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310710=12353543=Text Staging repository: https://repository.apache.org/content/repositories/orgapachesling-2778/ You can use this UNIX script to download the release and verify the signatures: https://raw.githubusercontent.com/apache/sling-tooling-release/master/check_staged_release.sh Usage: sh check_staged_release.sh 2778 /tmp/sling-staging Please vote to approve this release: [ ] +1 Approve the release [ ] 0 Don't care [ ] -1 Don't release, because ... This majority vote is open for at least 72 hours. Regards, Radu Cotescu -- Carsten Ziegeler Adobe cziege...@apache.org
[GitHub] [sling-org-apache-sling-servlets-resolver] sonarcloud[bot] commented on pull request #41: Manage updates of search paths with separate service/component
sonarcloud[bot] commented on PR #41: URL: https://github.com/apache/sling-org-apache-sling-servlets-resolver/pull/41#issuecomment-1678949130 SonarCloud Quality Gate failed. [](https://sonarcloud.io/dashboard?id=apache_sling-org-apache-sling-servlets-resolver=41) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-servlets-resolver=41=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-servlets-resolver=41=false=BUG) [3 Bugs](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-servlets-resolver=41=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-servlets-resolver=41=false=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-servlets-resolver=41=false=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-servlets-resolver=41=false=VULNERABILITY) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-servlets-resolver=41=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-servlets-resolver=41=false=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-servlets-resolver=41=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-servlets-resolver=41=false=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-servlets-resolver=41=false=CODE_SMELL) [2 Code Smells](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-servlets-resolver=41=false=CODE_SMELL) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-servlets-resolver=41=new_coverage=list) [44.9% Coverage](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-servlets-resolver=41=new_coverage=list) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-servlets-resolver=41=new_duplicated_lines_density=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-servlets-resolver=41=new_duplicated_lines_density=list)  The version of Java (11.0.16.1) you have used to run this analysis is deprecated and we will stop accepting it soon. Please update to at least Java 17. Read more [here](https://docs.sonarcloud.io/appendices/scanner-environment/)  Catch issues before they fail your Quality Gate with our IDE extension  [SonarLint](https://www.sonarsource.com/products/sonarlint/features/connected-mode/?referrer=sonarcloud-welcome) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[VOTE] Release Apache Sling Engine 2.15.6
Hi, We solved 1 issue in this release: https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310710=12353543=Text Staging repository: https://repository.apache.org/content/repositories/orgapachesling-2778/ You can use this UNIX script to download the release and verify the signatures: https://raw.githubusercontent.com/apache/sling-tooling-release/master/check_staged_release.sh Usage: sh check_staged_release.sh 2778 /tmp/sling-staging Please vote to approve this release: [ ] +1 Approve the release [ ] 0 Don't care [ ] -1 Don't release, because ... This majority vote is open for at least 72 hours. Regards, Radu Cotescu
[jira] [Resolved] (SLING-12003) The RequestDispatcher should flush the buffer on forward only if the buffer hasn't already been closed
[
https://issues.apache.org/jira/browse/SLING-12003?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Radu Cotescu resolved SLING-12003.
--
Resolution: Fixed
> The RequestDispatcher should flush the buffer on forward only if the buffer
> hasn't already been closed
> --
>
> Key: SLING-12003
> URL: https://issues.apache.org/jira/browse/SLING-12003
> Project: Sling
> Issue Type: Improvement
> Components: Engine
>Affects Versions: Engine 2.2.10
>Reporter: Radu Cotescu
>Assignee: Radu Cotescu
>Priority: Major
> Fix For: Engine 2.15.6
>
>
> The {{SlingRequestDispatcher#forward}} call [0] attempts to close the
> response buffer even if this has already been closed by the servlet to which
> the request was originally forwarded. The Servlet Specification [1] mentions
> the following in section 9.4:
> {quote}Before the forward method of the RequestDispatcher interface returns
> without exception, the response content must be sent and committed, and
> closed by the servlet container, unless the request was put into the
> asynchronous mode.
> {quote}
> As such, the {{RequestDispatcher#forward}} implementation should indeed make
> sure the response is committed, but it's not necessarily the only one that
> must commit the response. Jetty seems to have the same understanding [2],
> where the close is performed only if the response hasn't already been
> committed and the request is not async.
> [0] -
> [https://github.com/apache/sling-org-apache-sling-engine/blob/368690a2a81fd8a121e62767fcd32b63936a65b8/src/main/java/org/apache/sling/engine/impl/request/SlingRequestDispatcher.java#L125-L128]
> [1] -
> [https://download.oracle.com/otn-pub/jcp/servlet-3_1-fr-spec/servlet-3_1-final.pdf]
> [2] -
> [https://github.com/eclipse/jetty.project/blob/jetty-11.0.x/jetty-server/src/main/java/org/eclipse/jetty/server/Dispatcher.java#L218]
>
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[GitHub] [sling-org-apache-sling-engine] raducotescu merged pull request #39: SLING-12003 - The RequestDispatcher should flush the buffer on forward only if the buffer hasn't already been closed
raducotescu merged PR #39: URL: https://github.com/apache/sling-org-apache-sling-engine/pull/39 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Updated] (SLING-11916) MockEventAdminTest.testPostEvents times out on Jenkins/Windows
[
https://issues.apache.org/jira/browse/SLING-11916?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Stefan Seifert updated SLING-11916:
---
Fix Version/s: (was: Testing OSGi Mock 3.3.10)
the latest builds i observed did run fine in the CI - removing the next version
from the ticket
> MockEventAdminTest.testPostEvents times out on Jenkins/Windows
> --
>
> Key: SLING-11916
> URL: https://issues.apache.org/jira/browse/SLING-11916
> Project: Sling
> Issue Type: Bug
> Components: Testing
>Reporter: Robert Munteanu
>Priority: Major
>
> The error is
>
> {noformat}
> [ERROR] org.apache.sling.testing.mock.osgi.MockEventAdminTest.testPostEvents
> Time elapsed: 3.02 s <<< ERROR!
> org.junit.runners.model.TestTimedOutException: test timed out after 3000
> milliseconds
> {noformat}
> and seems to affect both Java 11 and 17.
> https://ci-builds.apache.org/blue/organizations/jenkins/Sling%2Fmodules%2Fsling-org-apache-sling-testing-osgi-mock/detail/PR-27/1/pipeline
> (Java 11, Windows)
> https://ci-builds.apache.org/blue/organizations/jenkins/Sling%2Fmodules%2Fsling-org-apache-sling-testing-osgi-mock/detail/master/229/pipeline
> (Java 17, Windows)
> https://ci-builds.apache.org/blue/organizations/jenkins/Sling%2Fmodules%2Fsling-org-apache-sling-testing-osgi-mock/detail/master/228/pipeline
> (Java 17, Windows)
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Closed] (SLING-11458) Regress - "Writer has already been closed" exception in GraphQLServlet
[
https://issues.apache.org/jira/browse/SLING-11458?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Radu Cotescu closed SLING-11458.
> Regress - "Writer has already been closed" exception in GraphQLServlet
> --
>
> Key: SLING-11458
> URL: https://issues.apache.org/jira/browse/SLING-11458
> Project: Sling
> Issue Type: Bug
> Components: GraphQL
>Affects Versions: GraphQL Core 0.0.4
>Reporter: Evgeny Tugarev
>Assignee: Radu Cotescu
>Priority: Major
>
> The GraphQLServlet shouldn't call {{response.getWriter().flush()}} as the
> {{JsonWriter}} used by the {{JsonSerializer}} implements {{Closeable}} and as
> such [closes the
> Writer|https://github.com/jdereg/json-io/blob/cf849f15460decf10a8a320390de11965bb5996b/src/main/java/com/cedarsoftware/util/io/JsonWriter.java#L2413].
> This causes a "Writer has already been closed" Exception when {{flush()}} is
> called.
> This was fixed in commit d27f4bb7 but then this commit: 11c7e389 did undo the
> fix as now the JsonWriter is closed when existing the try-catch block.
> I will undo it and prevent the premature closure as this is causing issues
> like when the call to this servlet is made through a dispatcher.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Resolved] (SLING-11458) Regress - "Writer has already been closed" exception in GraphQLServlet
[
https://issues.apache.org/jira/browse/SLING-11458?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Radu Cotescu resolved SLING-11458.
--
Assignee: Radu Cotescu (was: Andreas Schaefer)
Resolution: Not A Problem
> Regress - "Writer has already been closed" exception in GraphQLServlet
> --
>
> Key: SLING-11458
> URL: https://issues.apache.org/jira/browse/SLING-11458
> Project: Sling
> Issue Type: Bug
> Components: GraphQL
>Affects Versions: GraphQL Core 0.0.4
>Reporter: Evgeny Tugarev
>Assignee: Radu Cotescu
>Priority: Major
>
> The GraphQLServlet shouldn't call {{response.getWriter().flush()}} as the
> {{JsonWriter}} used by the {{JsonSerializer}} implements {{Closeable}} and as
> such [closes the
> Writer|https://github.com/jdereg/json-io/blob/cf849f15460decf10a8a320390de11965bb5996b/src/main/java/com/cedarsoftware/util/io/JsonWriter.java#L2413].
> This causes a "Writer has already been closed" Exception when {{flush()}} is
> called.
> This was fixed in commit d27f4bb7 but then this commit: 11c7e389 did undo the
> fix as now the JsonWriter is closed when existing the try-catch block.
> I will undo it and prevent the premature closure as this is causing issues
> like when the call to this servlet is made through a dispatcher.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[GitHub] [sling-org-apache-sling-engine] sonarcloud[bot] commented on pull request #39: SLING-12003 - The RequestDispatcher should flush the buffer on forward only if the buffer hasn't already been cl
sonarcloud[bot] commented on PR #39: URL: https://github.com/apache/sling-org-apache-sling-engine/pull/39#issuecomment-1678878207 Kudos, SonarCloud Quality Gate passed! [](https://sonarcloud.io/dashboard?id=apache_sling-org-apache-sling-engine=39) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-engine=39=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-engine=39=false=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-engine=39=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-engine=39=false=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-engine=39=false=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-engine=39=false=VULNERABILITY) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-engine=39=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-engine=39=false=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-engine=39=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-engine=39=false=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-engine=39=false=CODE_SMELL) [0 Code Smells](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-engine=39=false=CODE_SMELL) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-engine=39=new_coverage=list) [100.0% Coverage](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-engine=39=new_coverage=list) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-engine=39=new_duplicated_lines_density=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-engine=39=new_duplicated_lines_density=list)  The version of Java (11.0.16.1) you have used to run this analysis is deprecated and we will stop accepting it soon. Please update to at least Java 17. Read more [here](https://docs.sonarcloud.io/appendices/scanner-environment/) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (SLING-12001) Can't use MockFindQueryResources when making use of getServiceResourceResolver
[
https://issues.apache.org/jira/browse/SLING-12001?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17754634#comment-17754634
]
Robin Brouns commented on SLING-12001:
--
Cool thanks [~sseifert]!
> Can't use MockFindQueryResources when making use of getServiceResourceResolver
> --
>
> Key: SLING-12001
> URL: https://issues.apache.org/jira/browse/SLING-12001
> Project: Sling
> Issue Type: Bug
> Components: Testing
>Affects Versions: Testing ResourceResolver Mock 1.4.2
>Reporter: Robin Brouns
>Assignee: Stefan Seifert
>Priority: Major
> Fix For: Testing ResourceResolver Mock 1.4.4
>
>
> I want to mock resourceResolver.findResources and found that there is a way
> to do this via
> [https://github.com/apache/sling-org-apache-sling-testing-resourceresolver-mock/blob/master/src/main/java/org/apache/sling/testing/resourceresolver/MockFindQueryResources.java#L43]
>
> {code:java}
> MockFindQueryResources.addFindResourceHandler(...) {code}
> This works as long as the Sling Context its Resource Resolver
> (context.resourceResolver()) is used. But we have a piece of code, which uses
> a Service Resource Resolver:
> {code:java}
> private ResourceResolver getServiceResolver() throws LoginException {
> return resourceResolverFactory.getServiceResourceResolver(
> Collections.singletonMap(ResourceResolverFactory.SUBSERVICE,
> CLEAN_UP_SERVICE_NAME)
> );
> }{code}
> We can't mock the findResources method for this Service Resource Resolver, as
> the ResourceResolverFactory *always* internally creates a new
> MockResourceResolver object (see
> [https://github.com/apache/sling-org-apache-sling-testing-resourceresolver-mock/blob/master/src/main/java/org/apache/sling/testing/resourceresolver/MockResourceResolverFactory.java#L102)].
>
> This means that *all* of the in memory changes like
> * findResourcesHandlers
> * queryResourcesHandlers
> * ...
> are lost, so MockFindQueryResources can't be used, because we can't get the
> service resolver from the context (because it is always a new object).
> Same holds true for
> MockResourceResolverFactory.getAdministrativeResourceResolver(...).
> Is it maybe an idea to add functionality to register the Resource Handlers on
> the MockResourceResolverFactory, which is able to pass them down to the
> MockResourceResolver on creation?
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[GitHub] [sling-org-apache-sling-engine] raducotescu opened a new pull request, #39: SLING-12003 - The RequestDispatcher should flush the buffer on forward only if the buffer hasn't already been close
raducotescu opened a new pull request, #39: URL: https://github.com/apache/sling-org-apache-sling-engine/pull/39 * flush only if the response has not been committed -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Resolved] (SLING-12001) Can't use MockFindQueryResources when making use of getServiceResourceResolver
[
https://issues.apache.org/jira/browse/SLING-12001?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Stefan Seifert resolved SLING-12001.
Resolution: Fixed
ok, we're going with PR #11 keeping the handlers centrally in
MockResourceResolverFactoryOptions
https://github.com/apache/sling-org-apache-sling-testing-resourceresolver-mock/commit/ed4e8fcac08401408ec8ce7f1e4d08a60e8a83a6
> Can't use MockFindQueryResources when making use of getServiceResourceResolver
> --
>
> Key: SLING-12001
> URL: https://issues.apache.org/jira/browse/SLING-12001
> Project: Sling
> Issue Type: Bug
> Components: Testing
>Affects Versions: Testing ResourceResolver Mock 1.4.2
>Reporter: Robin Brouns
>Assignee: Stefan Seifert
>Priority: Major
> Fix For: Testing ResourceResolver Mock 1.4.4
>
>
> I want to mock resourceResolver.findResources and found that there is a way
> to do this via
> [https://github.com/apache/sling-org-apache-sling-testing-resourceresolver-mock/blob/master/src/main/java/org/apache/sling/testing/resourceresolver/MockFindQueryResources.java#L43]
>
> {code:java}
> MockFindQueryResources.addFindResourceHandler(...) {code}
> This works as long as the Sling Context its Resource Resolver
> (context.resourceResolver()) is used. But we have a piece of code, which uses
> a Service Resource Resolver:
> {code:java}
> private ResourceResolver getServiceResolver() throws LoginException {
> return resourceResolverFactory.getServiceResourceResolver(
> Collections.singletonMap(ResourceResolverFactory.SUBSERVICE,
> CLEAN_UP_SERVICE_NAME)
> );
> }{code}
> We can't mock the findResources method for this Service Resource Resolver, as
> the ResourceResolverFactory *always* internally creates a new
> MockResourceResolver object (see
> [https://github.com/apache/sling-org-apache-sling-testing-resourceresolver-mock/blob/master/src/main/java/org/apache/sling/testing/resourceresolver/MockResourceResolverFactory.java#L102)].
>
> This means that *all* of the in memory changes like
> * findResourcesHandlers
> * queryResourcesHandlers
> * ...
> are lost, so MockFindQueryResources can't be used, because we can't get the
> service resolver from the context (because it is always a new object).
> Same holds true for
> MockResourceResolverFactory.getAdministrativeResourceResolver(...).
> Is it maybe an idea to add functionality to register the Resource Handlers on
> the MockResourceResolverFactory, which is able to pass them down to the
> MockResourceResolver on creation?
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[GitHub] [sling-org-apache-sling-testing-resourceresolver-mock] stefanseifert merged pull request #11: SLING-12001 Store MockFindResourcesHandler/MockQueryResourceHandler in MockResourceResolverFactor
stefanseifert merged PR #11: URL: https://github.com/apache/sling-org-apache-sling-testing-resourceresolver-mock/pull/11 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [sling-org-apache-sling-testing-resourceresolver-mock] stefanseifert commented on pull request #10: SLING-12001 Allow to set MockFindResourcesHandler/MockQueryResourceHandler on MockResourceR
stefanseifert commented on PR #10: URL: https://github.com/apache/sling-org-apache-sling-testing-resourceresolver-mock/pull/10#issuecomment-1678826719 Replaced by #11 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [sling-org-apache-sling-testing-resourceresolver-mock] stefanseifert closed pull request #10: SLING-12001 Allow to set MockFindResourcesHandler/MockQueryResourceHandler on MockResourceResolve
stefanseifert closed pull request #10: SLING-12001 Allow to set MockFindResourcesHandler/MockQueryResourceHandler on MockResourceResolverFactory URL: https://github.com/apache/sling-org-apache-sling-testing-resourceresolver-mock/pull/10 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (SLING-12001) Can't use MockFindQueryResources when making use of getServiceResourceResolver
[
https://issues.apache.org/jira/browse/SLING-12001?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17754534#comment-17754534
]
Robin Brouns commented on SLING-12001:
--
True, for the unit tests, it doesn't matter that much. If you still want to
have the fields available in the MockResourceResolver, you can always change
the constructor to:
{code:java}
public MockResourceResolver(MockResourceResolverFactoryOptions options,
MockResourceResolverFactory factory, Map>
resources, Map attributes) {
this.temporaryResources = new LinkedHashMap();
this.deletedResources = new HashSet();
this.findResourcesHandlers = options.getFindResourcesHandlers();
this.queryResourcesHandlers = options.getQueryResourcesHandlers();
this.factory = factory;
this.options = options;
this.resources = resources;
this.attributes = attributes;
} {code}
but for now I think it is fine if they reside within the
MockResourceResolverFactoryOptions
> Can't use MockFindQueryResources when making use of getServiceResourceResolver
> --
>
> Key: SLING-12001
> URL: https://issues.apache.org/jira/browse/SLING-12001
> Project: Sling
> Issue Type: Bug
> Components: Testing
>Affects Versions: Testing ResourceResolver Mock 1.4.2
>Reporter: Robin Brouns
>Assignee: Stefan Seifert
>Priority: Major
> Fix For: Testing ResourceResolver Mock 1.4.4
>
>
> I want to mock resourceResolver.findResources and found that there is a way
> to do this via
> [https://github.com/apache/sling-org-apache-sling-testing-resourceresolver-mock/blob/master/src/main/java/org/apache/sling/testing/resourceresolver/MockFindQueryResources.java#L43]
>
> {code:java}
> MockFindQueryResources.addFindResourceHandler(...) {code}
> This works as long as the Sling Context its Resource Resolver
> (context.resourceResolver()) is used. But we have a piece of code, which uses
> a Service Resource Resolver:
> {code:java}
> private ResourceResolver getServiceResolver() throws LoginException {
> return resourceResolverFactory.getServiceResourceResolver(
> Collections.singletonMap(ResourceResolverFactory.SUBSERVICE,
> CLEAN_UP_SERVICE_NAME)
> );
> }{code}
> We can't mock the findResources method for this Service Resource Resolver, as
> the ResourceResolverFactory *always* internally creates a new
> MockResourceResolver object (see
> [https://github.com/apache/sling-org-apache-sling-testing-resourceresolver-mock/blob/master/src/main/java/org/apache/sling/testing/resourceresolver/MockResourceResolverFactory.java#L102)].
>
> This means that *all* of the in memory changes like
> * findResourcesHandlers
> * queryResourcesHandlers
> * ...
> are lost, so MockFindQueryResources can't be used, because we can't get the
> service resolver from the context (because it is always a new object).
> Same holds true for
> MockResourceResolverFactory.getAdministrativeResourceResolver(...).
> Is it maybe an idea to add functionality to register the Resource Handlers on
> the MockResourceResolverFactory, which is able to pass them down to the
> MockResourceResolver on creation?
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Resolved] (SLING-12002) sling-mock: Prevent StdOut logging from ESAPI
[
https://issues.apache.org/jira/browse/SLING-12002?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Stefan Seifert resolved SLING-12002.
Resolution: Fixed
https://github.com/apache/sling-org-apache-sling-testing-sling-mock/commit/7a8706a9024dede95d94c9a348815863a120f048
> sling-mock: Prevent StdOut logging from ESAPI
> -
>
> Key: SLING-12002
> URL: https://issues.apache.org/jira/browse/SLING-12002
> Project: Sling
> Issue Type: Improvement
> Components: Testing
>Reporter: Stefan Seifert
>Assignee: Stefan Seifert
>Priority: Minor
> Fix For: Testing Sling Mock 3.4.12
>
>
> since SLING-10391 the ESAPI outputs a bunch of log messages to stdout each
> times unit tests are run, example:
> {noformat}
> ESAPI: WARNING: System property [org.owasp.esapi.opsteam] is not set
> ESAPI: WARNING: System property [org.owasp.esapi.devteam] is not set
> ESAPI: Attempting to load ESAPI.properties via file I/O.
> ESAPI: Attempting to load ESAPI.properties as resource file via file I/O.
> ESAPI: Not found in 'org.owasp.esapi.resources' directory or file not
> readable:
> D:\Develop\github\wcm-io\io.wcm.samples\bundles\core\ESAPI.properties
> ESAPI: Not found in SystemResource Directory/resourceDirectory:
> .esapi\ESAPI.properties
> ESAPI: Not found in 'user.home' (C:\Users\stefan.seifert) directory:
> C:\Users\stefan.seifert\esapi\ESAPI.properties
> ESAPI: Loading ESAPI.properties via file I/O failed. Exception was:
> java.io.FileNotFoundException
> ESAPI: Attempting to load ESAPI.properties via the classpath.
> ESAPI: SUCCESSFULLY LOADED ESAPI.properties via the CLASSPATH from '/ (root)'
> using current thread context class loader!
> ESAPI: SecurityConfiguration for Validator.ConfigurationFile.MultiValued not
> found in ESAPI.properties. Using default: false
> ESAPI: Attempting to load validation.properties via file I/O.
> ESAPI: Attempting to load validation.properties as resource file via file I/O.
> ESAPI: Not found in 'org.owasp.esapi.resources' directory or file not
> readable:
> D:\Develop\github\wcm-io\io.wcm.samples\bundles\core\validation.properties
> ESAPI: Not found in SystemResource Directory/resourceDirectory:
> .esapi\validation.properties
> ESAPI: Not found in 'user.home' (C:\Users\stefan.seifert) directory:
> C:\Users\stefan.seifert\esapi\validation.properties
> ESAPI: Loading validation.properties via file I/O failed.
> ESAPI: Attempting to load validation.properties via the classpath.
> ESAPI: SUCCESSFULLY LOADED validation.properties via the CLASSPATH from '/
> (root)' using current thread context class loader!
> {noformat}
> in https://github.com/ESAPI/esapi-java-legacy/issues/68 is a discussion of
> removing/improving this approach of console logging before the actual logging
> implementation/adapter is in place - but this issue is already quite old.
> but there is a system property {{org.owasp.esapi.logSpecial.discard}} that
> prevents that console logging.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[GitHub] [sling-org-apache-sling-testing-sling-mock] stefanseifert merged pull request #29: SLING-12002 Discard "special logging" to stdout from ESAPI
stefanseifert merged PR #29: URL: https://github.com/apache/sling-org-apache-sling-testing-sling-mock/pull/29 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [sling-org-apache-sling-testing-sling-mock] stefanseifert commented on pull request #29: SLING-12002 Discard "special logging" to stdout from ESAPI
stefanseifert commented on PR #29: URL: https://github.com/apache/sling-org-apache-sling-testing-sling-mock/pull/29#issuecomment-1678644599 lets keep it simple for now... -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Assigned] (SLING-12003) The RequestDispatcher should flush the buffer on forward only if the buffer hasn't already been closed
[
https://issues.apache.org/jira/browse/SLING-12003?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Radu Cotescu reassigned SLING-12003:
Assignee: Radu Cotescu
> The RequestDispatcher should flush the buffer on forward only if the buffer
> hasn't already been closed
> --
>
> Key: SLING-12003
> URL: https://issues.apache.org/jira/browse/SLING-12003
> Project: Sling
> Issue Type: Improvement
> Components: Engine
>Affects Versions: Engine 2.2.10
>Reporter: Radu Cotescu
>Assignee: Radu Cotescu
>Priority: Major
> Fix For: Engine 2.15.6
>
>
> The {{SlingRequestDispatcher#forward}} call [0] attempts to close the
> response buffer even if this has already been closed by the servlet to which
> the request was originally forwarded. The Servlet Specification [1] mentions
> the following in section 9.4:
> {quote}Before the forward method of the RequestDispatcher interface returns
> without exception, the response content must be sent and committed, and
> closed by the servlet container, unless the request was put into the
> asynchronous mode.
> {quote}
> As such, the {{RequestDispatcher#forward}} implementation should indeed make
> sure the response is committed, but it's not necessarily the only one that
> must commit the response. Jetty seems to have the same understanding [2],
> where the close is performed only if the response hasn't already been
> committed and the request is not async.
> [0] -
> [https://github.com/apache/sling-org-apache-sling-engine/blob/368690a2a81fd8a121e62767fcd32b63936a65b8/src/main/java/org/apache/sling/engine/impl/request/SlingRequestDispatcher.java#L125-L128]
> [1] -
> [https://download.oracle.com/otn-pub/jcp/servlet-3_1-fr-spec/servlet-3_1-final.pdf]
> [2] -
> [https://github.com/eclipse/jetty.project/blob/jetty-11.0.x/jetty-server/src/main/java/org/eclipse/jetty/server/Dispatcher.java#L218]
>
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (SLING-11998) SlingPostServlet responds with wrong status code upon Oak Access error
[ https://issues.apache.org/jira/browse/SLING-11998?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17754507#comment-17754507 ] Juerg Meier commented on SLING-11998: - [~rombert] The version used is the offical Sling12 "LTS" download from [https://sling.apache.org/downloads.cgi,] docker image (oak tar). According to MANIFEST.MF of the org.apache.sling.feature.launcher.jar, this is Implementation-Version: 1.1.26 . > SlingPostServlet responds with wrong status code upon Oak Access error > -- > > Key: SLING-11998 > URL: https://issues.apache.org/jira/browse/SLING-11998 > Project: Sling > Issue Type: Bug > Components: Engine > Environment: Sling 12 >Reporter: Juerg Meier >Priority: Major > > In Sling 12, the SlingPostServlet sends back a HTTP status 422 Invalid > Payload if the underlying OAK persistence layer reports an access error to a > resource. > The correct response code is HTTP 403 Forbidden: > ??The request contained valid data and was understood by the server, but the > server is refusing action. This may be due to the user not having the > necessary permissions for a resource...?? > This is exactly opposite to 422, which indicates that the payload is > erroneous. This misleads subsequent debugging efforts. Additionally, this > error is not logged with launcher/error.log. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (SLING-12003) The RequestDispatcher should flush the buffer on forward only if the buffer hasn't already been closed
[
https://issues.apache.org/jira/browse/SLING-12003?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17754504#comment-17754504
]
Radu Cotescu commented on SLING-12003:
--
Exactly. I could submit a PR, unless you want to take this over.
> The RequestDispatcher should flush the buffer on forward only if the buffer
> hasn't already been closed
> --
>
> Key: SLING-12003
> URL: https://issues.apache.org/jira/browse/SLING-12003
> Project: Sling
> Issue Type: Improvement
> Components: Engine
>Affects Versions: Engine 2.2.10
>Reporter: Radu Cotescu
>Priority: Major
> Fix For: Engine 2.15.6
>
>
> The {{SlingRequestDispatcher#forward}} call [0] attempts to close the
> response buffer even if this has already been closed by the servlet to which
> the request was originally forwarded. The Servlet Specification [1] mentions
> the following in section 9.4:
> {quote}Before the forward method of the RequestDispatcher interface returns
> without exception, the response content must be sent and committed, and
> closed by the servlet container, unless the request was put into the
> asynchronous mode.
> {quote}
> As such, the {{RequestDispatcher#forward}} implementation should indeed make
> sure the response is committed, but it's not necessarily the only one that
> must commit the response. Jetty seems to have the same understanding [2],
> where the close is performed only if the response hasn't already been
> committed and the request is not async.
> [0] -
> [https://github.com/apache/sling-org-apache-sling-engine/blob/368690a2a81fd8a121e62767fcd32b63936a65b8/src/main/java/org/apache/sling/engine/impl/request/SlingRequestDispatcher.java#L125-L128]
> [1] -
> [https://download.oracle.com/otn-pub/jcp/servlet-3_1-fr-spec/servlet-3_1-final.pdf]
> [2] -
> [https://github.com/eclipse/jetty.project/blob/jetty-11.0.x/jetty-server/src/main/java/org/eclipse/jetty/server/Dispatcher.java#L218]
>
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (SLING-12003) The RequestDispatcher should flush the buffer on forward only if the buffer hasn't already been closed
[
https://issues.apache.org/jira/browse/SLING-12003?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17754501#comment-17754501
]
Carsten Ziegeler commented on SLING-12003:
--
So we could the isCommitted() check around the flush. No need to get into the
async business :)
> The RequestDispatcher should flush the buffer on forward only if the buffer
> hasn't already been closed
> --
>
> Key: SLING-12003
> URL: https://issues.apache.org/jira/browse/SLING-12003
> Project: Sling
> Issue Type: Improvement
> Components: Engine
>Affects Versions: Engine 2.2.10
>Reporter: Radu Cotescu
>Priority: Major
> Fix For: Engine 2.15.6
>
>
> The {{SlingRequestDispatcher#forward}} call [0] attempts to close the
> response buffer even if this has already been closed by the servlet to which
> the request was originally forwarded. The Servlet Specification [1] mentions
> the following in section 9.4:
> {quote}Before the forward method of the RequestDispatcher interface returns
> without exception, the response content must be sent and committed, and
> closed by the servlet container, unless the request was put into the
> asynchronous mode.
> {quote}
> As such, the {{RequestDispatcher#forward}} implementation should indeed make
> sure the response is committed, but it's not necessarily the only one that
> must commit the response. Jetty seems to have the same understanding [2],
> where the close is performed only if the response hasn't already been
> committed and the request is not async.
> [0] -
> [https://github.com/apache/sling-org-apache-sling-engine/blob/368690a2a81fd8a121e62767fcd32b63936a65b8/src/main/java/org/apache/sling/engine/impl/request/SlingRequestDispatcher.java#L125-L128]
> [1] -
> [https://download.oracle.com/otn-pub/jcp/servlet-3_1-fr-spec/servlet-3_1-final.pdf]
> [2] -
> [https://github.com/eclipse/jetty.project/blob/jetty-11.0.x/jetty-server/src/main/java/org/eclipse/jetty/server/Dispatcher.java#L218]
>
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Comment Edited] (SLING-12003) The RequestDispatcher should flush the buffer on forward only if the buffer hasn't already been closed
[
https://issues.apache.org/jira/browse/SLING-12003?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17754501#comment-17754501
]
Carsten Ziegeler edited comment on SLING-12003 at 8/15/23 9:00 AM:
---
So we could add the isCommitted() check around the flush. No need to get into
the async business :)
was (Author: cziegeler):
So we could the isCommitted() check around the flush. No need to get into the
async business :)
> The RequestDispatcher should flush the buffer on forward only if the buffer
> hasn't already been closed
> --
>
> Key: SLING-12003
> URL: https://issues.apache.org/jira/browse/SLING-12003
> Project: Sling
> Issue Type: Improvement
> Components: Engine
>Affects Versions: Engine 2.2.10
>Reporter: Radu Cotescu
>Priority: Major
> Fix For: Engine 2.15.6
>
>
> The {{SlingRequestDispatcher#forward}} call [0] attempts to close the
> response buffer even if this has already been closed by the servlet to which
> the request was originally forwarded. The Servlet Specification [1] mentions
> the following in section 9.4:
> {quote}Before the forward method of the RequestDispatcher interface returns
> without exception, the response content must be sent and committed, and
> closed by the servlet container, unless the request was put into the
> asynchronous mode.
> {quote}
> As such, the {{RequestDispatcher#forward}} implementation should indeed make
> sure the response is committed, but it's not necessarily the only one that
> must commit the response. Jetty seems to have the same understanding [2],
> where the close is performed only if the response hasn't already been
> committed and the request is not async.
> [0] -
> [https://github.com/apache/sling-org-apache-sling-engine/blob/368690a2a81fd8a121e62767fcd32b63936a65b8/src/main/java/org/apache/sling/engine/impl/request/SlingRequestDispatcher.java#L125-L128]
> [1] -
> [https://download.oracle.com/otn-pub/jcp/servlet-3_1-fr-spec/servlet-3_1-final.pdf]
> [2] -
> [https://github.com/eclipse/jetty.project/blob/jetty-11.0.x/jetty-server/src/main/java/org/eclipse/jetty/server/Dispatcher.java#L218]
>
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[GitHub] [sling-org-apache-sling-testing-resourceresolver-mock] sonarcloud[bot] commented on pull request #11: SLING-12001 Store MockFindResourcesHandler/MockQueryResourceHandler in MockResourceResolv
sonarcloud[bot] commented on PR #11: URL: https://github.com/apache/sling-org-apache-sling-testing-resourceresolver-mock/pull/11#issuecomment-1678622181 Kudos, SonarCloud Quality Gate passed! [](https://sonarcloud.io/dashboard?id=apache_sling-org-apache-sling-testing-resourceresolver-mock=11) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-resourceresolver-mock=11=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-resourceresolver-mock=11=false=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-resourceresolver-mock=11=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-resourceresolver-mock=11=false=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-resourceresolver-mock=11=false=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-resourceresolver-mock=11=false=VULNERABILITY) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-testing-resourceresolver-mock=11=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-testing-resourceresolver-mock=11=false=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-testing-resourceresolver-mock=11=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-resourceresolver-mock=11=false=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-resourceresolver-mock=11=false=CODE_SMELL) [0 Code Smells](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-resourceresolver-mock=11=false=CODE_SMELL) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-testing-resourceresolver-mock=11=new_coverage=list) [100.0% Coverage](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-testing-resourceresolver-mock=11=new_coverage=list) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-testing-resourceresolver-mock=11=new_duplicated_lines_density=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-testing-resourceresolver-mock=11=new_duplicated_lines_density=list)  The version of Java (11.0.16.1) you have used to run this analysis is deprecated and we will stop accepting it soon. Please update to at least Java 17. Read more [here](https://docs.sonarcloud.io/appendices/scanner-environment/) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (SLING-12001) Can't use MockFindQueryResources when making use of getServiceResourceResolver
[
https://issues.apache.org/jira/browse/SLING-12001?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17754499#comment-17754499
]
Stefan Seifert commented on SLING-12001:
well, this would be a completely different but also interesting approach. i've
created a second PR
https://github.com/apache/sling-org-apache-sling-testing-resourceresolver-mock/pull/11
which moves the storage of the handlers to the
MockResourceResolverFactoryOptions - which is usually shared by the main
resource resolver and all new instances created via the factory.
maybe that's even more elegant also it comes with a bit hidden side-effects -
but that should not matter in unit test context?
> Can't use MockFindQueryResources when making use of getServiceResourceResolver
> --
>
> Key: SLING-12001
> URL: https://issues.apache.org/jira/browse/SLING-12001
> Project: Sling
> Issue Type: Bug
> Components: Testing
>Affects Versions: Testing ResourceResolver Mock 1.4.2
>Reporter: Robin Brouns
>Assignee: Stefan Seifert
>Priority: Major
> Fix For: Testing ResourceResolver Mock 1.4.4
>
>
> I want to mock resourceResolver.findResources and found that there is a way
> to do this via
> [https://github.com/apache/sling-org-apache-sling-testing-resourceresolver-mock/blob/master/src/main/java/org/apache/sling/testing/resourceresolver/MockFindQueryResources.java#L43]
>
> {code:java}
> MockFindQueryResources.addFindResourceHandler(...) {code}
> This works as long as the Sling Context its Resource Resolver
> (context.resourceResolver()) is used. But we have a piece of code, which uses
> a Service Resource Resolver:
> {code:java}
> private ResourceResolver getServiceResolver() throws LoginException {
> return resourceResolverFactory.getServiceResourceResolver(
> Collections.singletonMap(ResourceResolverFactory.SUBSERVICE,
> CLEAN_UP_SERVICE_NAME)
> );
> }{code}
> We can't mock the findResources method for this Service Resource Resolver, as
> the ResourceResolverFactory *always* internally creates a new
> MockResourceResolver object (see
> [https://github.com/apache/sling-org-apache-sling-testing-resourceresolver-mock/blob/master/src/main/java/org/apache/sling/testing/resourceresolver/MockResourceResolverFactory.java#L102)].
>
> This means that *all* of the in memory changes like
> * findResourcesHandlers
> * queryResourcesHandlers
> * ...
> are lost, so MockFindQueryResources can't be used, because we can't get the
> service resolver from the context (because it is always a new object).
> Same holds true for
> MockResourceResolverFactory.getAdministrativeResourceResolver(...).
> Is it maybe an idea to add functionality to register the Resource Handlers on
> the MockResourceResolverFactory, which is able to pass them down to the
> MockResourceResolver on creation?
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (SLING-11458) Regress - "Writer has already been closed" exception in GraphQLServlet
[
https://issues.apache.org/jira/browse/SLING-11458?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17754497#comment-17754497
]
Radu Cotescu commented on SLING-11458:
--
The GraphQL Servlet doesn't do anything wrong. The error mentioned in this
issue can happen when requests are forwarded to the GraphQL servlet and the
actual cause is described in SLING-12003.
> Regress - "Writer has already been closed" exception in GraphQLServlet
> --
>
> Key: SLING-11458
> URL: https://issues.apache.org/jira/browse/SLING-11458
> Project: Sling
> Issue Type: Bug
> Components: GraphQL
>Affects Versions: GraphQL Core 0.0.4
>Reporter: Evgeny Tugarev
>Assignee: Andreas Schaefer
>Priority: Major
>
> The GraphQLServlet shouldn't call {{response.getWriter().flush()}} as the
> {{JsonWriter}} used by the {{JsonSerializer}} implements {{Closeable}} and as
> such [closes the
> Writer|https://github.com/jdereg/json-io/blob/cf849f15460decf10a8a320390de11965bb5996b/src/main/java/com/cedarsoftware/util/io/JsonWriter.java#L2413].
> This causes a "Writer has already been closed" Exception when {{flush()}} is
> called.
> This was fixed in commit d27f4bb7 but then this commit: 11c7e389 did undo the
> fix as now the JsonWriter is closed when existing the try-catch block.
> I will undo it and prevent the premature closure as this is causing issues
> like when the call to this servlet is made through a dispatcher.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[GitHub] [sling-org-apache-sling-testing-resourceresolver-mock] stefanseifert opened a new pull request, #11: SLING-12001 Store MockFindResourcesHandler/MockQueryResourceHandler in MockResourceResolve
stefanseifert opened a new pull request, #11: URL: https://github.com/apache/sling-org-apache-sling-testing-resourceresolver-mock/pull/11 https://issues.apache.org/jira/browse/SLING-12001 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Created] (SLING-12003) The RequestDispatcher should flush the buffer on forward only if the buffer hasn't already been closed
Radu Cotescu created SLING-12003:
Summary: The RequestDispatcher should flush the buffer on forward
only if the buffer hasn't already been closed
Key: SLING-12003
URL: https://issues.apache.org/jira/browse/SLING-12003
Project: Sling
Issue Type: Improvement
Components: Engine
Affects Versions: Engine 2.2.10
Reporter: Radu Cotescu
Fix For: Engine 2.15.6
The {{SlingRequestDispatcher#forward}} call [0] attempts to close the response
buffer even if this has already been closed by the servlet to which the request
was originally forwarded. The Servlet Specification [1] mentions the following
in section 9.4:
{quote}Before the forward method of the RequestDispatcher interface returns
without exception, the response content must be sent and committed, and closed
by the servlet container, unless the request was put into the asynchronous mode.
{quote}
As such, the {{RequestDispatcher#forward}} implementation should indeed make
sure the response is committed, but it's not necessarily the only one that must
commit the response. Jetty seems to have the same understanding [2], where the
close is performed only if the response hasn't already been committed and the
request is not async.
[0] -
[https://github.com/apache/sling-org-apache-sling-engine/blob/368690a2a81fd8a121e62767fcd32b63936a65b8/src/main/java/org/apache/sling/engine/impl/request/SlingRequestDispatcher.java#L125-L128]
[1] -
[https://download.oracle.com/otn-pub/jcp/servlet-3_1-fr-spec/servlet-3_1-final.pdf]
[2] -
[https://github.com/eclipse/jetty.project/blob/jetty-11.0.x/jetty-server/src/main/java/org/eclipse/jetty/server/Dispatcher.java#L218]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (SLING-12001) Can't use MockFindQueryResources when making use of getServiceResourceResolver
[
https://issues.apache.org/jira/browse/SLING-12001?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17754489#comment-17754489
]
Robin Brouns commented on SLING-12001:
--
Looks good to me [~sseifert]! This will fix indeed the issue. One small remark,
to make these handlers maybe part of the
MockResourceResolverFactoryOptions so the MockResourceResolver can init based
on the options (instead of factory executing some additional init for the
MockResourceResolver).
> Can't use MockFindQueryResources when making use of getServiceResourceResolver
> --
>
> Key: SLING-12001
> URL: https://issues.apache.org/jira/browse/SLING-12001
> Project: Sling
> Issue Type: Bug
> Components: Testing
>Affects Versions: Testing ResourceResolver Mock 1.4.2
>Reporter: Robin Brouns
>Assignee: Stefan Seifert
>Priority: Major
> Fix For: Testing ResourceResolver Mock 1.4.4
>
>
> I want to mock resourceResolver.findResources and found that there is a way
> to do this via
> [https://github.com/apache/sling-org-apache-sling-testing-resourceresolver-mock/blob/master/src/main/java/org/apache/sling/testing/resourceresolver/MockFindQueryResources.java#L43]
>
> {code:java}
> MockFindQueryResources.addFindResourceHandler(...) {code}
> This works as long as the Sling Context its Resource Resolver
> (context.resourceResolver()) is used. But we have a piece of code, which uses
> a Service Resource Resolver:
> {code:java}
> private ResourceResolver getServiceResolver() throws LoginException {
> return resourceResolverFactory.getServiceResourceResolver(
> Collections.singletonMap(ResourceResolverFactory.SUBSERVICE,
> CLEAN_UP_SERVICE_NAME)
> );
> }{code}
> We can't mock the findResources method for this Service Resource Resolver, as
> the ResourceResolverFactory *always* internally creates a new
> MockResourceResolver object (see
> [https://github.com/apache/sling-org-apache-sling-testing-resourceresolver-mock/blob/master/src/main/java/org/apache/sling/testing/resourceresolver/MockResourceResolverFactory.java#L102)].
>
> This means that *all* of the in memory changes like
> * findResourcesHandlers
> * queryResourcesHandlers
> * ...
> are lost, so MockFindQueryResources can't be used, because we can't get the
> service resolver from the context (because it is always a new object).
> Same holds true for
> MockResourceResolverFactory.getAdministrativeResourceResolver(...).
> Is it maybe an idea to add functionality to register the Resource Handlers on
> the MockResourceResolverFactory, which is able to pass them down to the
> MockResourceResolver on creation?
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (SLING-12001) Can't use MockFindQueryResources when making use of getServiceResourceResolver
[
https://issues.apache.org/jira/browse/SLING-12001?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Stefan Seifert updated SLING-12001:
---
Fix Version/s: Testing ResourceResolver Mock 1.4.4
> Can't use MockFindQueryResources when making use of getServiceResourceResolver
> --
>
> Key: SLING-12001
> URL: https://issues.apache.org/jira/browse/SLING-12001
> Project: Sling
> Issue Type: Bug
> Components: Testing
>Affects Versions: Testing ResourceResolver Mock 1.4.2
>Reporter: Robin Brouns
>Assignee: Stefan Seifert
>Priority: Major
> Fix For: Testing ResourceResolver Mock 1.4.4
>
>
> I want to mock resourceResolver.findResources and found that there is a way
> to do this via
> [https://github.com/apache/sling-org-apache-sling-testing-resourceresolver-mock/blob/master/src/main/java/org/apache/sling/testing/resourceresolver/MockFindQueryResources.java#L43]
>
> {code:java}
> MockFindQueryResources.addFindResourceHandler(...) {code}
> This works as long as the Sling Context its Resource Resolver
> (context.resourceResolver()) is used. But we have a piece of code, which uses
> a Service Resource Resolver:
> {code:java}
> private ResourceResolver getServiceResolver() throws LoginException {
> return resourceResolverFactory.getServiceResourceResolver(
> Collections.singletonMap(ResourceResolverFactory.SUBSERVICE,
> CLEAN_UP_SERVICE_NAME)
> );
> }{code}
> We can't mock the findResources method for this Service Resource Resolver, as
> the ResourceResolverFactory *always* internally creates a new
> MockResourceResolver object (see
> [https://github.com/apache/sling-org-apache-sling-testing-resourceresolver-mock/blob/master/src/main/java/org/apache/sling/testing/resourceresolver/MockResourceResolverFactory.java#L102)].
>
> This means that *all* of the in memory changes like
> * findResourcesHandlers
> * queryResourcesHandlers
> * ...
> are lost, so MockFindQueryResources can't be used, because we can't get the
> service resolver from the context (because it is always a new object).
> Same holds true for
> MockResourceResolverFactory.getAdministrativeResourceResolver(...).
> Is it maybe an idea to add functionality to register the Resource Handlers on
> the MockResourceResolverFactory, which is able to pass them down to the
> MockResourceResolver on creation?
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[GitHub] [sling-org-apache-sling-testing-resourceresolver-mock] sonarcloud[bot] commented on pull request #10: SLING-12001 Allow to set MockFindResourcesHandler/MockQueryResourceHandler on MockResourc
sonarcloud[bot] commented on PR #10: URL: https://github.com/apache/sling-org-apache-sling-testing-resourceresolver-mock/pull/10#issuecomment-1678578435 Kudos, SonarCloud Quality Gate passed! [](https://sonarcloud.io/dashboard?id=apache_sling-org-apache-sling-testing-resourceresolver-mock=10) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-resourceresolver-mock=10=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-resourceresolver-mock=10=false=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-resourceresolver-mock=10=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-resourceresolver-mock=10=false=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-resourceresolver-mock=10=false=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-resourceresolver-mock=10=false=VULNERABILITY) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-testing-resourceresolver-mock=10=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-testing-resourceresolver-mock=10=false=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-testing-resourceresolver-mock=10=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-resourceresolver-mock=10=false=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-resourceresolver-mock=10=false=CODE_SMELL) [0 Code Smells](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-resourceresolver-mock=10=false=CODE_SMELL) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-testing-resourceresolver-mock=10=new_coverage=list) [90.9% Coverage](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-testing-resourceresolver-mock=10=new_coverage=list) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-testing-resourceresolver-mock=10=new_duplicated_lines_density=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-testing-resourceresolver-mock=10=new_duplicated_lines_density=list)  The version of Java (11.0.16.1) you have used to run this analysis is deprecated and we will stop accepting it soon. Please update to at least Java 17. Read more [here](https://docs.sonarcloud.io/appendices/scanner-environment/) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (SLING-12001) Can't use MockFindQueryResources when making use of getServiceResourceResolver
[
https://issues.apache.org/jira/browse/SLING-12001?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17754480#comment-17754480
]
Stefan Seifert commented on SLING-12001:
[~robin.bro...@amplexor.com] good idea, i've created a proposal following your
approach in
https://github.com/apache/sling-org-apache-sling-testing-resourceresolver-mock/pull/10
> Can't use MockFindQueryResources when making use of getServiceResourceResolver
> --
>
> Key: SLING-12001
> URL: https://issues.apache.org/jira/browse/SLING-12001
> Project: Sling
> Issue Type: Bug
> Components: Testing
>Affects Versions: Testing ResourceResolver Mock 1.4.2
>Reporter: Robin Brouns
>Assignee: Stefan Seifert
>Priority: Major
>
> I want to mock resourceResolver.findResources and found that there is a way
> to do this via
> [https://github.com/apache/sling-org-apache-sling-testing-resourceresolver-mock/blob/master/src/main/java/org/apache/sling/testing/resourceresolver/MockFindQueryResources.java#L43]
>
> {code:java}
> MockFindQueryResources.addFindResourceHandler(...) {code}
> This works as long as the Sling Context its Resource Resolver
> (context.resourceResolver()) is used. But we have a piece of code, which uses
> a Service Resource Resolver:
> {code:java}
> private ResourceResolver getServiceResolver() throws LoginException {
> return resourceResolverFactory.getServiceResourceResolver(
> Collections.singletonMap(ResourceResolverFactory.SUBSERVICE,
> CLEAN_UP_SERVICE_NAME)
> );
> }{code}
> We can't mock the findResources method for this Service Resource Resolver, as
> the ResourceResolverFactory *always* internally creates a new
> MockResourceResolver object (see
> [https://github.com/apache/sling-org-apache-sling-testing-resourceresolver-mock/blob/master/src/main/java/org/apache/sling/testing/resourceresolver/MockResourceResolverFactory.java#L102)].
>
> This means that *all* of the in memory changes like
> * findResourcesHandlers
> * queryResourcesHandlers
> * ...
> are lost, so MockFindQueryResources can't be used, because we can't get the
> service resolver from the context (because it is always a new object).
> Same holds true for
> MockResourceResolverFactory.getAdministrativeResourceResolver(...).
> Is it maybe an idea to add functionality to register the Resource Handlers on
> the MockResourceResolverFactory, which is able to pass them down to the
> MockResourceResolver on creation?
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[GitHub] [sling-org-apache-sling-testing-resourceresolver-mock] stefanseifert opened a new pull request, #10: SLING-12001 Allow to set MockFindResourcesHandler/MockQueryResourceHandler on MockResource
stefanseifert opened a new pull request, #10: URL: https://github.com/apache/sling-org-apache-sling-testing-resourceresolver-mock/pull/10 https://issues.apache.org/jira/browse/SLING-12001 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Assigned] (SLING-12001) Can't use MockFindQueryResources when making use of getServiceResourceResolver
[
https://issues.apache.org/jira/browse/SLING-12001?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Stefan Seifert reassigned SLING-12001:
--
Assignee: Stefan Seifert
> Can't use MockFindQueryResources when making use of getServiceResourceResolver
> --
>
> Key: SLING-12001
> URL: https://issues.apache.org/jira/browse/SLING-12001
> Project: Sling
> Issue Type: Bug
> Components: Testing
>Affects Versions: Testing ResourceResolver Mock 1.4.2
>Reporter: Robin Brouns
>Assignee: Stefan Seifert
>Priority: Major
>
> I want to mock resourceResolver.findResources and found that there is a way
> to do this via
> [https://github.com/apache/sling-org-apache-sling-testing-resourceresolver-mock/blob/master/src/main/java/org/apache/sling/testing/resourceresolver/MockFindQueryResources.java#L43]
>
> {code:java}
> MockFindQueryResources.addFindResourceHandler(...) {code}
> This works as long as the Sling Context its Resource Resolver
> (context.resourceResolver()) is used. But we have a piece of code, which uses
> a Service Resource Resolver:
> {code:java}
> private ResourceResolver getServiceResolver() throws LoginException {
> return resourceResolverFactory.getServiceResourceResolver(
> Collections.singletonMap(ResourceResolverFactory.SUBSERVICE,
> CLEAN_UP_SERVICE_NAME)
> );
> }{code}
> We can't mock the findResources method for this Service Resource Resolver, as
> the ResourceResolverFactory *always* internally creates a new
> MockResourceResolver object (see
> [https://github.com/apache/sling-org-apache-sling-testing-resourceresolver-mock/blob/master/src/main/java/org/apache/sling/testing/resourceresolver/MockResourceResolverFactory.java#L102)].
>
> This means that *all* of the in memory changes like
> * findResourcesHandlers
> * queryResourcesHandlers
> * ...
> are lost, so MockFindQueryResources can't be used, because we can't get the
> service resolver from the context (because it is always a new object).
> Same holds true for
> MockResourceResolverFactory.getAdministrativeResourceResolver(...).
> Is it maybe an idea to add functionality to register the Resource Handlers on
> the MockResourceResolverFactory, which is able to pass them down to the
> MockResourceResolver on creation?
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (SLING-12002) sling-mock: Prevent StdOut logging from ESAPI
[
https://issues.apache.org/jira/browse/SLING-12002?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Stefan Seifert updated SLING-12002:
---
Description:
since SLING-10391 the ESAPI outputs a bunch of log messages to stdout each
times unit tests are run, example:
{noformat}
ESAPI: WARNING: System property [org.owasp.esapi.opsteam] is not set
ESAPI: WARNING: System property [org.owasp.esapi.devteam] is not set
ESAPI: Attempting to load ESAPI.properties via file I/O.
ESAPI: Attempting to load ESAPI.properties as resource file via file I/O.
ESAPI: Not found in 'org.owasp.esapi.resources' directory or file not readable:
D:\Develop\github\wcm-io\io.wcm.samples\bundles\core\ESAPI.properties
ESAPI: Not found in SystemResource Directory/resourceDirectory:
.esapi\ESAPI.properties
ESAPI: Not found in 'user.home' (C:\Users\stefan.seifert) directory:
C:\Users\stefan.seifert\esapi\ESAPI.properties
ESAPI: Loading ESAPI.properties via file I/O failed. Exception was:
java.io.FileNotFoundException
ESAPI: Attempting to load ESAPI.properties via the classpath.
ESAPI: SUCCESSFULLY LOADED ESAPI.properties via the CLASSPATH from '/ (root)'
using current thread context class loader!
ESAPI: SecurityConfiguration for Validator.ConfigurationFile.MultiValued not
found in ESAPI.properties. Using default: false
ESAPI: Attempting to load validation.properties via file I/O.
ESAPI: Attempting to load validation.properties as resource file via file I/O.
ESAPI: Not found in 'org.owasp.esapi.resources' directory or file not readable:
D:\Develop\github\wcm-io\io.wcm.samples\bundles\core\validation.properties
ESAPI: Not found in SystemResource Directory/resourceDirectory:
.esapi\validation.properties
ESAPI: Not found in 'user.home' (C:\Users\stefan.seifert) directory:
C:\Users\stefan.seifert\esapi\validation.properties
ESAPI: Loading validation.properties via file I/O failed.
ESAPI: Attempting to load validation.properties via the classpath.
ESAPI: SUCCESSFULLY LOADED validation.properties via the CLASSPATH from '/
(root)' using current thread context class loader!
{noformat}
in https://github.com/ESAPI/esapi-java-legacy/issues/68 is a discussion of
removing/improving this approach of console logging before the actual logging
implementation/adapter is in place - but this issue is already quite old.
but there is a system property {{org.owasp.esapi.logSpecial.discard}} that
prevents that console logging.
was:
since SLING-10391 the ESAPI outputs a bunch of log messages to stdout each
times unit tests are run, example:
{noformat}
ESAPI: WARNING: System property [org.owasp.esapi.opsteam] is not set
ESAPI: WARNING: System property [org.owasp.esapi.devteam] is not set
ESAPI: Attempting to load ESAPI.properties via file I/O.
ESAPI: Attempting to load ESAPI.properties as resource file via file I/O.
ESAPI: Not found in 'org.owasp.esapi.resources' directory or file not readable:
D:\Develop\github\wcm-io\io.wcm.samples\bundles\core\ESAPI.properties
ESAPI: Not found in SystemResource Directory/resourceDirectory:
.esapi\ESAPI.properties
ESAPI: Not found in 'user.home' (C:\Users\stefan.seifert) directory:
C:\Users\stefan.seifert\esapi\ESAPI.properties
ESAPI: Loading ESAPI.properties via file I/O failed. Exception was:
java.io.FileNotFoundException
ESAPI: Attempting to load ESAPI.properties via the classpath.
ESAPI: SUCCESSFULLY LOADED ESAPI.properties via the CLASSPATH from '/ (root)'
using current thread context class loader!
ESAPI: SecurityConfiguration for Validator.ConfigurationFile.MultiValued not
found in ESAPI.properties. Using default: false
ESAPI: Attempting to load validation.properties via file I/O.
ESAPI: Attempting to load validation.properties as resource file via file I/O.
ESAPI: Not found in 'org.owasp.esapi.resources' directory or file not readable:
D:\Develop\github\wcm-io\io.wcm.samples\bundles\core\validation.properties
ESAPI: Not found in SystemResource Directory/resourceDirectory:
.esapi\validation.properties
ESAPI: Not found in 'user.home' (C:\Users\stefan.seifert) directory:
C:\Users\stefan.seifert\esapi\validation.properties
ESAPI: Loading validation.properties via file I/O failed.
ESAPI: Attempting to load validation.properties via the classpath.
ESAPI: SUCCESSFULLY LOADED validation.properties via the CLASSPATH from '/
(root)' using current thread context class loader!
{noformat}
in https://github.com/ESAPI/esapi-java-legacy/issues/68 is a discussion of
removing/improving this approach of console logging before the actual logging
implementation/adapter is in place - but this issue is already quite out.
but there is a system property {{org.owasp.esapi.logSpecial.discard}} that
prevents that console logging.
> sling-mock: Prevent StdOut logging from ESAPI
> -
>
> Key: SLING-12002
> URL: https://issues.apache.org/jira/browse/SLING-12002
>
[GitHub] [sling-org-apache-sling-testing-sling-mock] sonarcloud[bot] commented on pull request #29: SLING-12002 Discard "special logging" to stdout from ESAPI
sonarcloud[bot] commented on PR #29: URL: https://github.com/apache/sling-org-apache-sling-testing-sling-mock/pull/29#issuecomment-1678534816 Kudos, SonarCloud Quality Gate passed! [](https://sonarcloud.io/dashboard?id=apache_sling-org-apache-sling-testing-sling-mock=29) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-sling-mock=29=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-sling-mock=29=false=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-sling-mock=29=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-sling-mock=29=false=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-sling-mock=29=false=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-sling-mock=29=false=VULNERABILITY) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-testing-sling-mock=29=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-testing-sling-mock=29=false=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-testing-sling-mock=29=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-sling-mock=29=false=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-sling-mock=29=false=CODE_SMELL) [0 Code Smells](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-sling-mock=29=false=CODE_SMELL) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-testing-sling-mock=29=new_coverage=list) [100.0% Coverage](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-testing-sling-mock=29=new_coverage=list) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-testing-sling-mock=29=new_duplicated_lines_density=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-testing-sling-mock=29=new_duplicated_lines_density=list)  The version of Java (11.0.16.1) you have used to run this analysis is deprecated and we will stop accepting it soon. Please update to at least Java 17. Read more [here](https://docs.sonarcloud.io/appendices/scanner-environment/) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [sling-org-apache-sling-testing-sling-mock] sonarcloud[bot] commented on pull request #29: SLING-12002 Discard "special logging" to stdout from ESAPI
sonarcloud[bot] commented on PR #29: URL: https://github.com/apache/sling-org-apache-sling-testing-sling-mock/pull/29#issuecomment-1678534571 Kudos, SonarCloud Quality Gate passed! [](https://sonarcloud.io/dashboard?id=apache_sling-org-apache-sling-testing-sling-mock=29) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-sling-mock=29=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-sling-mock=29=false=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-sling-mock=29=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-sling-mock=29=false=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-sling-mock=29=false=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-sling-mock=29=false=VULNERABILITY) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-testing-sling-mock=29=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-testing-sling-mock=29=false=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-testing-sling-mock=29=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-sling-mock=29=false=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-sling-mock=29=false=CODE_SMELL) [0 Code Smells](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-sling-mock=29=false=CODE_SMELL) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-testing-sling-mock=29=new_coverage=list) [100.0% Coverage](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-testing-sling-mock=29=new_coverage=list) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-testing-sling-mock=29=new_duplicated_lines_density=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-testing-sling-mock=29=new_duplicated_lines_density=list)  The version of Java (11.0.16.1) you have used to run this analysis is deprecated and we will stop accepting it soon. Please update to at least Java 17. Read more [here](https://docs.sonarcloud.io/appendices/scanner-environment/) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [sling-org-apache-sling-testing-sling-mock] stefanseifert opened a new pull request, #29: SLING-12002 Discard "special logging" to stdout from ESAPI
stefanseifert opened a new pull request, #29: URL: https://github.com/apache/sling-org-apache-sling-testing-sling-mock/pull/29 https://issues.apache.org/jira/browse/SLING-12002 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Created] (SLING-12002) sling-mock: Prevent StdOut logging from ESAPI
Stefan Seifert created SLING-12002:
--
Summary: sling-mock: Prevent StdOut logging from ESAPI
Key: SLING-12002
URL: https://issues.apache.org/jira/browse/SLING-12002
Project: Sling
Issue Type: Improvement
Components: Testing
Reporter: Stefan Seifert
Assignee: Stefan Seifert
since SLING-10391 the ESAPI outputs a bunch of log messages to stdout each
times unit tests are run, example:
{noformat}
ESAPI: WARNING: System property [org.owasp.esapi.opsteam] is not set
ESAPI: WARNING: System property [org.owasp.esapi.devteam] is not set
ESAPI: Attempting to load ESAPI.properties via file I/O.
ESAPI: Attempting to load ESAPI.properties as resource file via file I/O.
ESAPI: Not found in 'org.owasp.esapi.resources' directory or file not readable:
D:\Develop\github\wcm-io\io.wcm.samples\bundles\core\ESAPI.properties
ESAPI: Not found in SystemResource Directory/resourceDirectory:
.esapi\ESAPI.properties
ESAPI: Not found in 'user.home' (C:\Users\stefan.seifert) directory:
C:\Users\stefan.seifert\esapi\ESAPI.properties
ESAPI: Loading ESAPI.properties via file I/O failed. Exception was:
java.io.FileNotFoundException
ESAPI: Attempting to load ESAPI.properties via the classpath.
ESAPI: SUCCESSFULLY LOADED ESAPI.properties via the CLASSPATH from '/ (root)'
using current thread context class loader!
ESAPI: SecurityConfiguration for Validator.ConfigurationFile.MultiValued not
found in ESAPI.properties. Using default: false
ESAPI: Attempting to load validation.properties via file I/O.
ESAPI: Attempting to load validation.properties as resource file via file I/O.
ESAPI: Not found in 'org.owasp.esapi.resources' directory or file not readable:
D:\Develop\github\wcm-io\io.wcm.samples\bundles\core\validation.properties
ESAPI: Not found in SystemResource Directory/resourceDirectory:
.esapi\validation.properties
ESAPI: Not found in 'user.home' (C:\Users\stefan.seifert) directory:
C:\Users\stefan.seifert\esapi\validation.properties
ESAPI: Loading validation.properties via file I/O failed.
ESAPI: Attempting to load validation.properties via the classpath.
ESAPI: SUCCESSFULLY LOADED validation.properties via the CLASSPATH from '/
(root)' using current thread context class loader!
{noformat}
in https://github.com/ESAPI/esapi-java-legacy/issues/68 is a discussion of
removing/improving this approach of console logging before the actual logging
implementation/adapter is in place - but this issue is already quite out.
but there is a system property {{org.owasp.esapi.logSpecial.discard}} that
prevents that console logging.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (SLING-10391) Improve MockXSSAPIImpl
[
https://issues.apache.org/jira/browse/SLING-10391?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17754462#comment-17754462
]
Stefan Seifert commented on SLING-10391:
i've found a separate system property {{org.owasp.esapi.logSpecial.discard}}
that allows to disable that logging, continuing in SLING-12002
> Improve MockXSSAPIImpl
> --
>
> Key: SLING-10391
> URL: https://issues.apache.org/jira/browse/SLING-10391
> Project: Sling
> Issue Type: Improvement
> Components: Testing
>Affects Versions: Testing Sling Mock 3.0.2
>Reporter: Henry Kuijpers
>Assignee: Stefan Seifert
>Priority: Major
> Fix For: Testing Sling Mock 3.4.12
>
>
> MockXSSAPIImpl only has a few very simplistic method implementations (i.e.
> for encodeForHTML it returns the input as-is).
> I think we can make some improvements to it, by:
> * Use StringEscapeUtils.escapeHtml4() to do HTML escaping (so that we can at
> least see a difference in the output)
> * Use StringEscapeUtils.escapeXml() to do XML escaping
> etc.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (SLING-12002) sling-mock: Prevent StdOut logging from ESAPI
[
https://issues.apache.org/jira/browse/SLING-12002?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Stefan Seifert updated SLING-12002:
---
Fix Version/s: Testing Sling Mock 3.4.12
> sling-mock: Prevent StdOut logging from ESAPI
> -
>
> Key: SLING-12002
> URL: https://issues.apache.org/jira/browse/SLING-12002
> Project: Sling
> Issue Type: Improvement
> Components: Testing
>Reporter: Stefan Seifert
>Assignee: Stefan Seifert
>Priority: Minor
> Fix For: Testing Sling Mock 3.4.12
>
>
> since SLING-10391 the ESAPI outputs a bunch of log messages to stdout each
> times unit tests are run, example:
> {noformat}
> ESAPI: WARNING: System property [org.owasp.esapi.opsteam] is not set
> ESAPI: WARNING: System property [org.owasp.esapi.devteam] is not set
> ESAPI: Attempting to load ESAPI.properties via file I/O.
> ESAPI: Attempting to load ESAPI.properties as resource file via file I/O.
> ESAPI: Not found in 'org.owasp.esapi.resources' directory or file not
> readable:
> D:\Develop\github\wcm-io\io.wcm.samples\bundles\core\ESAPI.properties
> ESAPI: Not found in SystemResource Directory/resourceDirectory:
> .esapi\ESAPI.properties
> ESAPI: Not found in 'user.home' (C:\Users\stefan.seifert) directory:
> C:\Users\stefan.seifert\esapi\ESAPI.properties
> ESAPI: Loading ESAPI.properties via file I/O failed. Exception was:
> java.io.FileNotFoundException
> ESAPI: Attempting to load ESAPI.properties via the classpath.
> ESAPI: SUCCESSFULLY LOADED ESAPI.properties via the CLASSPATH from '/ (root)'
> using current thread context class loader!
> ESAPI: SecurityConfiguration for Validator.ConfigurationFile.MultiValued not
> found in ESAPI.properties. Using default: false
> ESAPI: Attempting to load validation.properties via file I/O.
> ESAPI: Attempting to load validation.properties as resource file via file I/O.
> ESAPI: Not found in 'org.owasp.esapi.resources' directory or file not
> readable:
> D:\Develop\github\wcm-io\io.wcm.samples\bundles\core\validation.properties
> ESAPI: Not found in SystemResource Directory/resourceDirectory:
> .esapi\validation.properties
> ESAPI: Not found in 'user.home' (C:\Users\stefan.seifert) directory:
> C:\Users\stefan.seifert\esapi\validation.properties
> ESAPI: Loading validation.properties via file I/O failed.
> ESAPI: Attempting to load validation.properties via the classpath.
> ESAPI: SUCCESSFULLY LOADED validation.properties via the CLASSPATH from '/
> (root)' using current thread context class loader!
> {noformat}
> in https://github.com/ESAPI/esapi-java-legacy/issues/68 is a discussion of
> removing/improving this approach of console logging before the actual logging
> implementation/adapter is in place - but this issue is already quite out.
> but there is a system property {{org.owasp.esapi.logSpecial.discard}} that
> prevents that console logging.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
