Hi Roger, For your reference, the discussion related to discouraging the query servlet is at [1]. So basically the query servlet has been moved to a compatibility bundle that will not be installed by default, but if you really need it you can still install it.
Allowing the full query string to be supplied as a request parameter can be easily abused to do denial-of-service or unintended information disclosure attack. 1. http://markmail.org/message/sxurvywelnyt3ntz On Mon, Dec 5, 2011 at 5:21 PM, Roger Reed <[email protected]> wrote: > Thanks for pointing me to the related JIRA ticket. > > I'm assuming the get servlets are still safe to use, and those are the only > available servlets that come with the default Sling install. > > Are there any plans to add a working query servlet? I think a query > servlet > with the ability to output entire nodes' as JSON, and not just the path, > would be very useful. > > > On 12/4/11 12:20 PM, "Eric Norman" <[email protected]> wrote: > > > Per SLING-2226 (see [1] ) usage of the JsonQueryServlet is discouraged. > > > > As to the cause of this NPE, I believe [2] is the revision of that class > > that you are using. On line 193 of that file where the NPE was thrown, > it > > looks like either the row returned by the query was null or the row > didn't > > have a 'jcr:path' column value for some reason. You may be able to tell > > for sure by attaching a java debugger to the sling process. > > > > I also see some code changes for SLING-1533 [3] that injects the > 'jcr:path' > > if it is missing from the column list, so perhaps your problem is related > > to what that was fixing. > > > > 1. https://issues.apache.org/jira/browse/SLING-2226 > > 2. > > > http://svn.apache.org/viewvc/sling/trunk/bundles/servlets/get/src/main/java/or > > > g/apache/sling/servlets/get/impl/JsonQueryServlet.java?revision=983310&view=ma > > rkup&pathrev=983310 > > 3. > > > https://fisheye6.atlassian.com/viewrep/sling/trunk/bundles/jcr/resource/src/ma > > > in/java/org/apache/sling/jcr/resource/internal/JcrResourceResolver.java?r1=113 > > 1133&r2=1131257 > > > > On Fri, Dec 2, 2011 at 5:52 PM, Roger Reed <[email protected]> wrote: > > > >> Hello, > >> > >> I¹m getting a NullPointerException when executing a simple XPATH query > via > >> the JsonQueryServlet. How stable is the JsonQueryServlet? I¹m using > the > >> servlet in version 6 WAR. This does work fine when I have > different/less > >> data in the repository. > >> > >> Thanks, > >> > >> Roger > >> > >> > >> > >> > http://localhost:7070/sling/content.query.json?queryType=xpath&statement=//* > >> [@jcr:primaryType='test:imageReference'] > >> > >> java.lang.NullPointerException > >> at > >> > >> > org.apache.sling.servlets.get.impl.JsonQueryServlet.dumpResult(JsonQueryServ > >> let.java:193) > >> at > >> > >> > org.apache.sling.servlets.get.impl.JsonQueryServlet.doGet(JsonQueryServlet.j > >> ava:106) > >> at > >> > >> > org.apache.sling.api.servlets.SlingSafeMethodsServlet.mayService(SlingSafeMe > >> thodsServlet.java:268) > >> at > >> > >> > org.apache.sling.api.servlets.SlingSafeMethodsServlet.service(SlingSafeMetho > >> dsServlet.java:344) > >> at > >> > >> > org.apache.sling.api.servlets.SlingSafeMethodsServlet.service(SlingSafeMetho > >> dsServlet.java:375) > >> at > >> > >> > org.apache.sling.engine.impl.request.RequestData.service(RequestData.java:52 > >> 9) > >> at > >> > >> > org.apache.sling.engine.impl.SlingRequestProcessorImpl.processComponent(Slin > >> gRequestProcessorImpl.java:274) > >> at > >> > >> > org.apache.sling.engine.impl.filter.RequestSlingFilterChain.render(RequestSl > >> ingFilterChain.java:49) > >> at > >> > >> > org.apache.sling.engine.impl.filter.AbstractSlingFilterChain.doFilter(Abstra > >> ctSlingFilterChain.java:64) > >> at > >> > >> > org.apache.sling.engine.impl.debug.RequestProgressTrackerLogFilter.doFilter( > >> RequestProgressTrackerLogFilter.java:59) > >> at > >> > >> > org.apache.sling.engine.impl.filter.AbstractSlingFilterChain.doFilter(Abstra > >> ctSlingFilterChain.java:60) > >> at > >> > >> > org.apache.sling.engine.impl.SlingRequestProcessorImpl.processRequest(SlingR > >> equestProcessorImpl.java:161) > >> at > >> > >> > org.apache.sling.engine.impl.SlingMainServlet.service(SlingMainServlet.java: > >> 183) > >> at > >> > >> > org.apache.felix.http.base.internal.handler.ServletHandler.doHandle(ServletH > >> andler.java:96) > >> at > >> > >> > org.apache.felix.http.base.internal.handler.ServletHandler.handle(ServletHan > >> dler.java:79) > >> at > >> > >> > org.apache.felix.http.base.internal.dispatch.ServletPipeline.handle(ServletP > >> ipeline.java:42) > >> at > >> > >> > org.apache.felix.http.base.internal.dispatch.InvocationFilterChain.doFilter( > >> InvocationFilterChain.java:49) > >> at > >> > >> > org.apache.felix.http.base.internal.dispatch.HttpFilterChain.doFilter(HttpFi > >> lterChain.java:33) > >> at > >> > >> > org.apache.felix.http.base.internal.dispatch.FilterPipeline.dispatch(FilterP > >> ipeline.java:48) > >> at > >> > >> > org.apache.felix.http.base.internal.dispatch.Dispatcher.dispatch(Dispatcher. > >> java:39) > >> at > >> > >> > org.apache.felix.http.base.internal.DispatcherServlet.service(DispatcherServ > >> let.java:67) > >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:820) > >> at > >> org.apache.felix.http.proxy.ProxyServlet.service(ProxyServlet.java:60) > >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:820) > >> at > >> > >> > org.apache.sling.launchpad.base.webapp.SlingServletDelegate.service(SlingSer > >> vletDelegate.java:277) > >> at > >> > >> > org.apache.sling.launchpad.webapp.SlingServlet.service(SlingServlet.java:148 > >> ) > >> at > >> > >> > weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSe > >> curityHelper.java:227) > >> at > >> > >> > weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelpe > >> r.java:125) > >> at > >> > weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292) > >> at > >> > weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:175) > >> at > >> > >> > weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(W > >> ebAppServletContext.java:3498) > >> at > >> > >> > weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubjec > >> t.java:321) > >> at weblogic.security.service.SecurityManager.runAs(Unknown Source) > >> at > >> > >> > weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletC > >> ontext.java:2180) > >> at > >> > >> > weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext. > >> java:2086) > >> at > >> > >> > weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:140 > >> 6) > >> at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201) > >> at weblogic.work.ExecuteThread.run(ExecuteThread.java:173) > >> > >> > >> > >> > > >
