Hey Eric, Thanks for the clarification. That makes sense. Good reason for moving it out of default install.
Cheers, Roger On 12/5/11 9:29 PM, "Eric Norman" <[email protected]> wrote: > Hi Roger, > > For your reference, the discussion related to discouraging the query > servlet is at [1]. So basically the query servlet has been moved to a > compatibility bundle that will not be installed by default, but if you > really need it you can still install it. > > Allowing the full query string to be supplied as a request parameter can be > easily abused to do denial-of-service or unintended information > disclosure attack. > > 1. http://markmail.org/message/sxurvywelnyt3ntz > > > On Mon, Dec 5, 2011 at 5:21 PM, Roger Reed <[email protected]> wrote: > >> Thanks for pointing me to the related JIRA ticket. >> >> I'm assuming the get servlets are still safe to use, and those are the only >> available servlets that come with the default Sling install. >> >> Are there any plans to add a working query servlet? I think a query >> servlet >> with the ability to output entire nodes' as JSON, and not just the path, >> would be very useful. >> >> >> On 12/4/11 12:20 PM, "Eric Norman" <[email protected]> wrote: >> >>> Per SLING-2226 (see [1] ) usage of the JsonQueryServlet is discouraged. >>> >>> As to the cause of this NPE, I believe [2] is the revision of that class >>> that you are using. On line 193 of that file where the NPE was thrown, >> it >>> looks like either the row returned by the query was null or the row >> didn't >>> have a 'jcr:path' column value for some reason. You may be able to tell >>> for sure by attaching a java debugger to the sling process. >>> >>> I also see some code changes for SLING-1533 [3] that injects the >> 'jcr:path' >>> if it is missing from the column list, so perhaps your problem is related >>> to what that was fixing. >>> >>> 1. https://issues.apache.org/jira/browse/SLING-2226 >>> 2. >>> >> http://svn.apache.org/viewvc/sling/trunk/bundles/servlets/get/src/main/java/o>> r >>> >> g/apache/sling/servlets/get/impl/JsonQueryServlet.java?revision=983310&view=m>> a >>> rkup&pathrev=983310 >>> 3. >>> >> https://fisheye6.atlassian.com/viewrep/sling/trunk/bundles/jcr/resource/src/m>> a >>> >> in/java/org/apache/sling/jcr/resource/internal/JcrResourceResolver.java?r1=11>> 3 >>> 1133&r2=1131257 >>> >>> On Fri, Dec 2, 2011 at 5:52 PM, Roger Reed <[email protected]> wrote: >>> >>>> Hello, >>>> >>>> I¹m getting a NullPointerException when executing a simple XPATH query >> via >>>> the JsonQueryServlet. How stable is the JsonQueryServlet? I¹m using >> the >>>> servlet in version 6 WAR. This does work fine when I have >> different/less >>>> data in the repository. >>>> >>>> Thanks, >>>> >>>> Roger >>>> >>>> >>>> >>>> >> http://localhost:7070/sling/content.query.json?queryType=xpath&statement=//* >>>> [@jcr:primaryType='test:imageReference'] >>>> >>>> java.lang.NullPointerException >>>> at >>>> >>>> >> org.apache.sling.servlets.get.impl.JsonQueryServlet.dumpResult(JsonQueryServ >>>> let.java:193) >>>> at >>>> >>>> >> org.apache.sling.servlets.get.impl.JsonQueryServlet.doGet(JsonQueryServlet.j >>>> ava:106) >>>> at >>>> >>>> >> org.apache.sling.api.servlets.SlingSafeMethodsServlet.mayService(SlingSafeMe >>>> thodsServlet.java:268) >>>> at >>>> >>>> >> org.apache.sling.api.servlets.SlingSafeMethodsServlet.service(SlingSafeMetho >>>> dsServlet.java:344) >>>> at >>>> >>>> >> org.apache.sling.api.servlets.SlingSafeMethodsServlet.service(SlingSafeMetho >>>> dsServlet.java:375) >>>> at >>>> >>>> >> org.apache.sling.engine.impl.request.RequestData.service(RequestData.java:52 >>>> 9) >>>> at >>>> >>>> >> org.apache.sling.engine.impl.SlingRequestProcessorImpl.processComponent(Slin >>>> gRequestProcessorImpl.java:274) >>>> at >>>> >>>> >> org.apache.sling.engine.impl.filter.RequestSlingFilterChain.render(RequestSl >>>> ingFilterChain.java:49) >>>> at >>>> >>>> >> org.apache.sling.engine.impl.filter.AbstractSlingFilterChain.doFilter(Abstra >>>> ctSlingFilterChain.java:64) >>>> at >>>> >>>> >> org.apache.sling.engine.impl.debug.RequestProgressTrackerLogFilter.doFilter( >>>> RequestProgressTrackerLogFilter.java:59) >>>> at >>>> >>>> >> org.apache.sling.engine.impl.filter.AbstractSlingFilterChain.doFilter(Abstra >>>> ctSlingFilterChain.java:60) >>>> at >>>> >>>> >> org.apache.sling.engine.impl.SlingRequestProcessorImpl.processRequest(SlingR >>>> equestProcessorImpl.java:161) >>>> at >>>> >>>> >> org.apache.sling.engine.impl.SlingMainServlet.service(SlingMainServlet.java: >>>> 183) >>>> at >>>> >>>> >> org.apache.felix.http.base.internal.handler.ServletHandler.doHandle(ServletH >>>> andler.java:96) >>>> at >>>> >>>> >> org.apache.felix.http.base.internal.handler.ServletHandler.handle(ServletHan >>>> dler.java:79) >>>> at >>>> >>>> >> org.apache.felix.http.base.internal.dispatch.ServletPipeline.handle(ServletP >>>> ipeline.java:42) >>>> at >>>> >>>> >> org.apache.felix.http.base.internal.dispatch.InvocationFilterChain.doFilter( >>>> InvocationFilterChain.java:49) >>>> at >>>> >>>> >> org.apache.felix.http.base.internal.dispatch.HttpFilterChain.doFilter(HttpFi >>>> lterChain.java:33) >>>> at >>>> >>>> >> org.apache.felix.http.base.internal.dispatch.FilterPipeline.dispatch(FilterP >>>> ipeline.java:48) >>>> at >>>> >>>> >> org.apache.felix.http.base.internal.dispatch.Dispatcher.dispatch(Dispatcher. >>>> java:39) >>>> at >>>> >>>> >> org.apache.felix.http.base.internal.DispatcherServlet.service(DispatcherServ >>>> let.java:67) >>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:820) >>>> at >>>> org.apache.felix.http.proxy.ProxyServlet.service(ProxyServlet.java:60) >>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:820) >>>> at >>>> >>>> >> org.apache.sling.launchpad.base.webapp.SlingServletDelegate.service(SlingSer >>>> vletDelegate.java:277) >>>> at >>>> >>>> >> org.apache.sling.launchpad.webapp.SlingServlet.service(SlingServlet.java:148 >>>> ) >>>> at >>>> >>>> >> weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSe >>>> curityHelper.java:227) >>>> at >>>> >>>> >> weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelpe >>>> r.java:125) >>>> at >>>> >> weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292) >>>> at >>>> >> weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:175) >>>> at >>>> >>>> >> weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(W >>>> ebAppServletContext.java:3498) >>>> at >>>> >>>> >> weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubjec >>>> t.java:321) >>>> at weblogic.security.service.SecurityManager.runAs(Unknown Source) >>>> at >>>> >>>> >> weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletC >>>> ontext.java:2180) >>>> at >>>> >>>> >> weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext. >>>> java:2086) >>>> at >>>> >>>> >> weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:140 >>>> 6) >>>> at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201) >>>> at weblogic.work.ExecuteThread.run(ExecuteThread.java:173) >>>> >>>> >>>> >>>> >> >> >>
