[GitHub] [jackrabbit-oak] kwin merged pull request #1121: OAK-10448 Convert o.a.j.api.security.user.Query back to ConsumerType
kwin merged PR #1121: URL: https://github.com/apache/jackrabbit-oak/pull/1121 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@jackrabbit.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [jackrabbit-oak] adamcin commented on a diff in pull request #1094: OAK-10424 add support for INSECURE RESULT SIZE and INSECURE FACETS query options and rep:insecureQueryOptions privilege
adamcin commented on code in PR #1094: URL: https://github.com/apache/jackrabbit-oak/pull/1094#discussion_r1327273737 ## oak-lucene/src/test/java/org/apache/jackrabbit/oak/jcr/query/ResultSizeTest.java: ## @@ -126,5 +151,90 @@ private void doTestResultSize(boolean union, int expected) throws RepositoryExce System.clearProperty("oak.fastQuerySize"); } + +private void doTestResultSizeOption(boolean aggregateAtQueryTime) throws RepositoryException { +createData(); +int expectedForUnion = 400; +int expectedForTwoConditions = aggregateAtQueryTime ? 400 : 200; +doTestResultSizeOption(superuser, false, expectedForTwoConditions); +doTestResultSizeOption(superuser, true, expectedForUnion); +Session readOnlySession = null; +try { +readOnlySession = getHelper().getReadOnlySession(); +assertNotNull(readOnlySession); +doTestResultSizeOption(readOnlySession, false, -1); +doTestResultSizeOption(readOnlySession, true, -1); +} finally { +if (readOnlySession != null) { +readOnlySession.logout(); +} +} +} + +private void doTestResultSizeOption(Session session, boolean union, int expected) throws RepositoryException { +QueryManager qm = session.getWorkspace().getQueryManager(); + +String statement; +if (union) { +statement = "select a.[jcr:path] from [nt:base] as a where contains(a.[text], 'Hello') UNION select a.[jcr:path] from [nt:base] as a where contains(a.[text], 'World')"; +} else { +statement = "select a.[jcr:path] from [nt:base] as a where contains(a.[text], 'Hello World')"; +} + +Query q; +long result; +NodeIterator it; +StringBuilder buff; + +// enabled by default now, in LuceneOakRepositoryStub. Disable global +System.setProperty("oak.fastQuerySize", "false"); + +// fast (insecure) case +String fastSizeResult = ""; +q = qm.createQuery(statement + " option (insecure result size)", Query.JCR_SQL2); +if (expected < 0) { +// if expected < 0, i.e. insufficient permissions, expect a InvalidQueryException on execute(). +try { +it = q.execute().getNodes(); +fail("expected an InvalidQueryException caused by a IllegalArgumentException"); +} catch (InvalidQueryException e) { +assertTrue("expected an InvalidQueryException caused by a ParseException", +e.getCause() instanceof IllegalArgumentException); +} +} else { +it = q.execute().getNodes(); +result = it.getSize(); +assertTrue("size: " + result + " expected around " + expected, +result > expected - 50 && +result < expected + 50); +buff = new StringBuilder(); +while (it.hasNext()) { +Node n = it.nextNode(); +buff.append(n.getPath()).append('\n'); +} +fastSizeResult = buff.toString(); +q = qm.createQuery(statement + " option (insecure result size)", Query.JCR_SQL2); +q.setLimit(90); +it = q.execute().getNodes(); +assertEquals(90, it.getSize()); +} + +// default (secure) case +q = qm.createQuery(statement, Query.JCR_SQL2); +it = q.execute().getNodes(); +result = it.getSize(); +assertEquals(-1, result); +buff = new StringBuilder(); +while (it.hasNext()) { +Node n = it.nextNode(); +buff.append(n.getPath()).append('\n'); +} +String regularResult = buff.toString(); +if (expected >= 0) { +assertEquals(regularResult, fastSizeResult); +} + +System.clearProperty("oak.fastQuerySize"); Review Comment: I used the try-finally approach since ResultSizeTest is still in pre-junit4 style. Also modified the existing test method in the same way. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@jackrabbit.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [jackrabbit-oak] sonarcloud[bot] commented on pull request #1122: OAK-10434: oak-segment-azure/oak-blob-cloud-azure: update SDK dependencies
sonarcloud[bot] commented on PR #1122: URL: https://github.com/apache/jackrabbit-oak/pull/1122#issuecomment-1721188712 Kudos, SonarCloud Quality Gate passed! [![Quality Gate passed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/passed-16px.png 'Quality Gate passed')](https://sonarcloud.io/dashboard?id=org.apache.jackrabbit%3Ajackrabbit-oak&pullRequest=1122) [![Bug](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/bug-16px.png 'Bug')](https://sonarcloud.io/project/issues?id=org.apache.jackrabbit%3Ajackrabbit-oak&pullRequest=1122&resolved=false&types=BUG) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=org.apache.jackrabbit%3Ajackrabbit-oak&pullRequest=1122&resolved=false&types=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=org.apache.jackrabbit%3Ajackrabbit-oak&pullRequest=1122&resolved=false&types=BUG) [![Vulnerability](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/vulnerability-16px.png 'Vulnerability')](https://sonarcloud.io/project/issues?id=org.apache.jackrabbit%3Ajackrabbit-oak&pullRequest=1122&resolved=false&types=VULNERABILITY) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=org.apache.jackrabbit%3Ajackrabbit-oak&pullRequest=1122&resolved=false&types=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=org.apache.jackrabbit%3Ajackrabbit-oak&pullRequest=1122&resolved=false&types=VULNERABILITY) [![Security Hotspot](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/security_hotspot-16px.png 'Security Hotspot')](https://sonarcloud.io/project/security_hotspots?id=org.apache.jackrabbit%3Ajackrabbit-oak&pullRequest=1122&resolved=false&types=SECURITY_HOTSPOT) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/security_hotspots?id=org.apache.jackrabbit%3Ajackrabbit-oak&pullRequest=1122&resolved=false&types=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=org.apache.jackrabbit%3Ajackrabbit-oak&pullRequest=1122&resolved=false&types=SECURITY_HOTSPOT) [![Code Smell](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/code_smell-16px.png 'Code Smell')](https://sonarcloud.io/project/issues?id=org.apache.jackrabbit%3Ajackrabbit-oak&pullRequest=1122&resolved=false&types=CODE_SMELL) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=org.apache.jackrabbit%3Ajackrabbit-oak&pullRequest=1122&resolved=false&types=CODE_SMELL) [0 Code Smells](https://sonarcloud.io/project/issues?id=org.apache.jackrabbit%3Ajackrabbit-oak&pullRequest=1122&resolved=false&types=CODE_SMELL) [![No Coverage information](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/CoverageChart/NoCoverageInfo-16px.png 'No Coverage information')](https://sonarcloud.io/component_measures?id=org.apache.jackrabbit%3Ajackrabbit-oak&pullRequest=1122&metric=coverage&view=list) No Coverage information [![0.0%](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/Duplications/3-16px.png '0.0%')](https://sonarcloud.io/component_measures?id=org.apache.jackrabbit%3Ajackrabbit-oak&pullRequest=1122&metric=new_duplicated_lines_density&view=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=org.apache.jackrabbit%3Ajackrabbit-oak&pullRequest=1122&metric=new_duplicated_lines_density&view=list) ![warning](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/message_warning-16px.png 'warning') The version of Java (11.0.20.1) you have used to run this analysis is deprecated and we will stop accepting it soon. Please update to at least Java 17. Read more [here](https://docs.sonarcloud.io/appendices/scanner-environment/) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@jackrabbit.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [jackrabbit-oak] reschke merged pull request #1122: OAK-10434: oak-segment-azure/oak-blob-cloud-azure: update SDK dependencies
reschke merged PR #1122: URL: https://github.com/apache/jackrabbit-oak/pull/1122 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@jackrabbit.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [jackrabbit-oak] reschke opened a new pull request, #1122: OAK-10434: oak-segment-azure/oak-blob-cloud-azure: update SDK dependencies
reschke opened a new pull request, #1122: URL: https://github.com/apache/jackrabbit-oak/pull/1122 (no comment) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@jackrabbit.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [jackrabbit-oak] nit0906 merged pull request #1118: OAK-10442 | Fixing docs to reflect aggregation does not support node …
nit0906 merged PR #1118: URL: https://github.com/apache/jackrabbit-oak/pull/1118 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@jackrabbit.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[ANNOUNCE] Apache Jackrabbit Oak 1.22.17 released
The Apache Jackrabbit community is pleased to announce the release of Apache Jackrabbit Oak 1.22.17. The release is available for download at: http://jackrabbit.apache.org/downloads.html See the full release notes below for details about this release: Release Notes -- Apache Jackrabbit Oak -- Version 1.22.17 Introduction Jackrabbit Oak is a scalable, high-performance hierarchical content repository designed for use as the foundation of modern world-class web sites and other demanding content applications. Jackrabbit Oak 1.22.17 is a patch release that contains fixes and improvements over Oak 1.22. Jackrabbit Oak 1.22.x releases are considered stable and targeted for production use. The Oak effort is a part of the Apache Jackrabbit project. Apache Jackrabbit is a project of the Apache Software Foundation. Changes in Oak 1.22.17 -- Technical task [OAK-10415] - AbstractTwoNodeTest: make teardown more robust [OAK-10416] - AbstractTwoNodeTest: ensure RDB fixture uses empty DB Bug [OAK-8711] - Queries with facets should not use traversal [OAK-8863] - Oak-doc should cover BinaryUploadOptions usage [OAK-10405] - document-store: potential NPE in AbstractTwoNodeTest teardown Improvement [OAK-9567] - Avoid NullPointerException in ReadWriteVersionManager.removeVersion [OAK-9966] - Internal code calls Node.isCheckedOut and VersionManager.isCheckedOut [OAK-9970] - Internal code calls LockManager.isLocked(String) [OAK-10003] - Upgrade tika to 1.28.5 [OAK-10225] - Utility to rate limit writes in case async indexing is delayed Task [OAK-8659] - Deprecate support for lucene custom scorer [OAK-9669] - Update commons-io dependency to 2.11.0 [OAK-10154] - Guava deprecations: set minimal logging level to 'error' [OAK-10201] - oak-blob-plugins: exported packages need to be marked @internal [OAK-10304] - log registration of invalid namespace names [OAK-10316] - Importer exception always should mention path [OAK-10349] - Update Tomcat dependency to 9.0.78 [OAK-10366] - Update Oak trunk and Oak 1.22 to Jackrabbit 2.20.11 [OAK-10389] - remove commons-lang dependency [OAK-10390] - Update commons-io dependency to 2.13.0 [OAK-10394] - Update commons-lang3 dependency to 3.13.0 [OAK-10395] - Update commons-codec dependency to 1.16.0 [OAK-10400] - auth-ldap/benchmarks: use default dependency for commons-lang3 [OAK-10401] - search-mt/solr-osgi: use default versions of commons-math3 [OAK-10402] - benchmarks: remove commons-math dependency (use math3 instead) [OAK-10403] - update Tomcat JDBC dependency to 8.5.92 [OAK-10404] - improve TarFilesTest.testCollectBlobReferences diagnostics [OAK-10407] - run/lucene: update gson dependencies to 2.10.1 [OAK-10421] - Bump up minimal warning level for deprecated uses of java.security.Group to INFO In addition to the above-mentioned changes, this release contains all changes included up to the previous Apache Jackrabbit Oak 1.22.x release. For more detailed information about all the changes in this and other Oak releases, please see the Oak issue tracker at https://issues.apache.org/jira/browse/OAK Release Contents This release consists of a single source archive packaged as a zip file. The archive can be unpacked with the jar tool from your JDK installation. See the README.md file for instructions on how to build this release. The source archive is accompanied by a SHA512 checksums and a PGP signature that you can use to verify the authenticity of your download. The public key used for the PGP signature can be found at https://www.apache.org/dist/jackrabbit/KEYS. About Apache Jackrabbit Oak --- Jackrabbit Oak is a scalable, high-performance hierarchical content repository designed for use as the foundation of modern world-class web sites and other demanding content applications. The Oak effort is a part of the Apache Jackrabbit project. Apache Jackrabbit is a project of the Apache Software Foundation. For more information, visit http://jackrabbit.apache.org/oak About The Apache Software Foundation Established in 1999, The Apache Software Foundation provides organizational, legal, and financial support for more than 140 freely-available, collaboratively-developed Open Source projects. The pragmatic Apache License enables individual and commercial users to easily deploy Apache software; the Foundation's intellectual property framework limits the legal exposure of its 3,800+ contributors. For more information, visit http://www.apache.org/
[jira] [Updated] (JCR-4951) Update oak-jackrabbit-api.version.used in trunk and 2.20 to Oak 1.22.16
[ https://issues.apache.org/jira/browse/JCR-4951?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Julian Reschke updated JCR-4951: Labels: candidate_jackrabbit_2.20 (was: ) > Update oak-jackrabbit-api.version.used in trunk and 2.20 to Oak 1.22.16 > --- > > Key: JCR-4951 > URL: https://issues.apache.org/jira/browse/JCR-4951 > Project: Jackrabbit Content Repository > Issue Type: Task > Components: parent >Reporter: Julian Reschke >Assignee: Julian Reschke >Priority: Minor > Labels: candidate_jackrabbit_2.20 > Fix For: 2.22, 2.21.20 > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (JCR-4971) Update oak-jackrabbit-api.version.used in trunk and 2.20 to Oak 1.22.17
[ https://issues.apache.org/jira/browse/JCR-4971?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17765503#comment-17765503 ] Julian Reschke commented on JCR-4971: - trunk: [r1912323|http://svn.apache.org/r1912323] > Update oak-jackrabbit-api.version.used in trunk and 2.20 to Oak 1.22.17 > --- > > Key: JCR-4971 > URL: https://issues.apache.org/jira/browse/JCR-4971 > Project: Jackrabbit Content Repository > Issue Type: Task > Components: parent >Reporter: Julian Reschke >Assignee: Julian Reschke >Priority: Minor > Labels: candidate_jackrabbit_2.20 > Fix For: 2.22, 2.21.20 > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (JCR-4971) Update oak-jackrabbit-api.version.used in trunk and 2.20 to Oak 1.22.17
[ https://issues.apache.org/jira/browse/JCR-4971?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Julian Reschke updated JCR-4971: Labels: candidate_jackrabbit_2.20 (was: ) > Update oak-jackrabbit-api.version.used in trunk and 2.20 to Oak 1.22.17 > --- > > Key: JCR-4971 > URL: https://issues.apache.org/jira/browse/JCR-4971 > Project: Jackrabbit Content Repository > Issue Type: Task > Components: parent >Reporter: Julian Reschke >Assignee: Julian Reschke >Priority: Minor > Labels: candidate_jackrabbit_2.20 > Fix For: 2.22, 2.21.20 > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Resolved] (JCR-4971) Update oak-jackrabbit-api.version.used in trunk and 2.20 to Oak 1.22.17
[ https://issues.apache.org/jira/browse/JCR-4971?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Julian Reschke resolved JCR-4971. - Fix Version/s: 2.21.20 Resolution: Fixed > Update oak-jackrabbit-api.version.used in trunk and 2.20 to Oak 1.22.17 > --- > > Key: JCR-4971 > URL: https://issues.apache.org/jira/browse/JCR-4971 > Project: Jackrabbit Content Repository > Issue Type: Task > Components: parent >Reporter: Julian Reschke >Assignee: Julian Reschke >Priority: Minor > Fix For: 2.22, 2.21.20 > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (JCR-4951) Update oak-jackrabbit-api.version.used in trunk and 2.20 to Oak 1.22.16
[ https://issues.apache.org/jira/browse/JCR-4951?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17765498#comment-17765498 ] Julian Reschke commented on JCR-4951: - trunk: [r1912321|http://svn.apache.org/r1912321] > Update oak-jackrabbit-api.version.used in trunk and 2.20 to Oak 1.22.16 > --- > > Key: JCR-4951 > URL: https://issues.apache.org/jira/browse/JCR-4951 > Project: Jackrabbit Content Repository > Issue Type: Task > Components: parent >Reporter: Julian Reschke >Assignee: Julian Reschke >Priority: Minor > Fix For: 2.22, 2.21.20 > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [jackrabbit-oak] nfsantos commented on a diff in pull request #1094: OAK-10424 add support for INSECURE RESULT SIZE and INSECURE FACETS query options and rep:insecureQueryOptions privilege
nfsantos commented on code in PR #1094: URL: https://github.com/apache/jackrabbit-oak/pull/1094#discussion_r1326909040 ## oak-lucene/src/test/java/org/apache/jackrabbit/oak/jcr/query/ResultSizeTest.java: ## @@ -126,5 +151,90 @@ private void doTestResultSize(boolean union, int expected) throws RepositoryExce System.clearProperty("oak.fastQuerySize"); } + +private void doTestResultSizeOption(boolean aggregateAtQueryTime) throws RepositoryException { +createData(); +int expectedForUnion = 400; +int expectedForTwoConditions = aggregateAtQueryTime ? 400 : 200; +doTestResultSizeOption(superuser, false, expectedForTwoConditions); +doTestResultSizeOption(superuser, true, expectedForUnion); +Session readOnlySession = null; +try { +readOnlySession = getHelper().getReadOnlySession(); +assertNotNull(readOnlySession); +doTestResultSizeOption(readOnlySession, false, -1); +doTestResultSizeOption(readOnlySession, true, -1); +} finally { +if (readOnlySession != null) { +readOnlySession.logout(); +} +} +} + +private void doTestResultSizeOption(Session session, boolean union, int expected) throws RepositoryException { +QueryManager qm = session.getWorkspace().getQueryManager(); + +String statement; +if (union) { +statement = "select a.[jcr:path] from [nt:base] as a where contains(a.[text], 'Hello') UNION select a.[jcr:path] from [nt:base] as a where contains(a.[text], 'World')"; +} else { +statement = "select a.[jcr:path] from [nt:base] as a where contains(a.[text], 'Hello World')"; +} + +Query q; +long result; +NodeIterator it; +StringBuilder buff; + +// enabled by default now, in LuceneOakRepositoryStub. Disable global +System.setProperty("oak.fastQuerySize", "false"); + +// fast (insecure) case +String fastSizeResult = ""; +q = qm.createQuery(statement + " option (insecure result size)", Query.JCR_SQL2); +if (expected < 0) { +// if expected < 0, i.e. insufficient permissions, expect a InvalidQueryException on execute(). +try { +it = q.execute().getNodes(); +fail("expected an InvalidQueryException caused by a IllegalArgumentException"); +} catch (InvalidQueryException e) { +assertTrue("expected an InvalidQueryException caused by a ParseException", +e.getCause() instanceof IllegalArgumentException); +} +} else { +it = q.execute().getNodes(); +result = it.getSize(); +assertTrue("size: " + result + " expected around " + expected, +result > expected - 50 && +result < expected + 50); +buff = new StringBuilder(); +while (it.hasNext()) { +Node n = it.nextNode(); +buff.append(n.getPath()).append('\n'); +} +fastSizeResult = buff.toString(); +q = qm.createQuery(statement + " option (insecure result size)", Query.JCR_SQL2); +q.setLimit(90); +it = q.execute().getNodes(); +assertEquals(90, it.getSize()); +} + +// default (secure) case +q = qm.createQuery(statement, Query.JCR_SQL2); +it = q.execute().getNodes(); +result = it.getSize(); +assertEquals(-1, result); +buff = new StringBuilder(); +while (it.hasNext()) { +Node n = it.nextNode(); +buff.append(n.getPath()).append('\n'); +} +String regularResult = buff.toString(); +if (expected >= 0) { +assertEquals(regularResult, fastSizeResult); +} + +System.clearProperty("oak.fastQuerySize"); Review Comment: For setting and resetting system properties in tests, have a look at the [RestoreSystemProperties](https://stefanbirkner.github.io/system-rules/apidocs/org/junit/contrib/java/lang/system/RestoreSystemProperties.html) class in JUnit. At the end of a test method, it resets any system property that was set in the method to the original value. It is already a dependency in Oak. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@jackrabbit.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [jackrabbit-oak] nfsantos commented on a diff in pull request #1094: OAK-10424 add support for INSECURE RESULT SIZE and INSECURE FACETS query options and rep:insecureQueryOptions privilege
nfsantos commented on code in PR #1094: URL: https://github.com/apache/jackrabbit-oak/pull/1094#discussion_r1326909040 ## oak-lucene/src/test/java/org/apache/jackrabbit/oak/jcr/query/ResultSizeTest.java: ## @@ -126,5 +151,90 @@ private void doTestResultSize(boolean union, int expected) throws RepositoryExce System.clearProperty("oak.fastQuerySize"); } + +private void doTestResultSizeOption(boolean aggregateAtQueryTime) throws RepositoryException { +createData(); +int expectedForUnion = 400; +int expectedForTwoConditions = aggregateAtQueryTime ? 400 : 200; +doTestResultSizeOption(superuser, false, expectedForTwoConditions); +doTestResultSizeOption(superuser, true, expectedForUnion); +Session readOnlySession = null; +try { +readOnlySession = getHelper().getReadOnlySession(); +assertNotNull(readOnlySession); +doTestResultSizeOption(readOnlySession, false, -1); +doTestResultSizeOption(readOnlySession, true, -1); +} finally { +if (readOnlySession != null) { +readOnlySession.logout(); +} +} +} + +private void doTestResultSizeOption(Session session, boolean union, int expected) throws RepositoryException { +QueryManager qm = session.getWorkspace().getQueryManager(); + +String statement; +if (union) { +statement = "select a.[jcr:path] from [nt:base] as a where contains(a.[text], 'Hello') UNION select a.[jcr:path] from [nt:base] as a where contains(a.[text], 'World')"; +} else { +statement = "select a.[jcr:path] from [nt:base] as a where contains(a.[text], 'Hello World')"; +} + +Query q; +long result; +NodeIterator it; +StringBuilder buff; + +// enabled by default now, in LuceneOakRepositoryStub. Disable global +System.setProperty("oak.fastQuerySize", "false"); + +// fast (insecure) case +String fastSizeResult = ""; +q = qm.createQuery(statement + " option (insecure result size)", Query.JCR_SQL2); +if (expected < 0) { +// if expected < 0, i.e. insufficient permissions, expect a InvalidQueryException on execute(). +try { +it = q.execute().getNodes(); +fail("expected an InvalidQueryException caused by a IllegalArgumentException"); +} catch (InvalidQueryException e) { +assertTrue("expected an InvalidQueryException caused by a ParseException", +e.getCause() instanceof IllegalArgumentException); +} +} else { +it = q.execute().getNodes(); +result = it.getSize(); +assertTrue("size: " + result + " expected around " + expected, +result > expected - 50 && +result < expected + 50); +buff = new StringBuilder(); +while (it.hasNext()) { +Node n = it.nextNode(); +buff.append(n.getPath()).append('\n'); +} +fastSizeResult = buff.toString(); +q = qm.createQuery(statement + " option (insecure result size)", Query.JCR_SQL2); +q.setLimit(90); +it = q.execute().getNodes(); +assertEquals(90, it.getSize()); +} + +// default (secure) case +q = qm.createQuery(statement, Query.JCR_SQL2); +it = q.execute().getNodes(); +result = it.getSize(); +assertEquals(-1, result); +buff = new StringBuilder(); +while (it.hasNext()) { +Node n = it.nextNode(); +buff.append(n.getPath()).append('\n'); +} +String regularResult = buff.toString(); +if (expected >= 0) { +assertEquals(regularResult, fastSizeResult); +} + +System.clearProperty("oak.fastQuerySize"); Review Comment: For setting and resetting system properties in tests, have a look at the `[RestoreSystemProperties](https://stefanbirkner.github.io/system-rules/apidocs/org/junit/contrib/java/lang/system/RestoreSystemProperties.html)` class in JUnit. At the end of a test method, it resets any system property that was set in the method to the original value. It is already a dependency in Oak. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@jackrabbit.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [jackrabbit-oak] thomasmueller commented on pull request #1094: OAK-10424 add support for INSECURE RESULT SIZE and INSECURE FACETS query options and rep:insecureQueryOptions privilege
thomasmueller commented on PR #1094: URL: https://github.com/apache/jackrabbit-oak/pull/1094#issuecomment-1720784973 I'm not blocking this, but the "finally" block would be nice. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@jackrabbit.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [jackrabbit-oak] thomasmueller commented on a diff in pull request #1094: OAK-10424 add support for INSECURE RESULT SIZE and INSECURE FACETS query options and rep:insecureQueryOptions privile
thomasmueller commented on code in PR #1094: URL: https://github.com/apache/jackrabbit-oak/pull/1094#discussion_r1326883609 ## oak-lucene/src/test/java/org/apache/jackrabbit/oak/jcr/query/ResultSizeTest.java: ## @@ -126,5 +151,90 @@ private void doTestResultSize(boolean union, int expected) throws RepositoryExce System.clearProperty("oak.fastQuerySize"); } + +private void doTestResultSizeOption(boolean aggregateAtQueryTime) throws RepositoryException { +createData(); +int expectedForUnion = 400; +int expectedForTwoConditions = aggregateAtQueryTime ? 400 : 200; +doTestResultSizeOption(superuser, false, expectedForTwoConditions); +doTestResultSizeOption(superuser, true, expectedForUnion); +Session readOnlySession = null; +try { +readOnlySession = getHelper().getReadOnlySession(); +assertNotNull(readOnlySession); +doTestResultSizeOption(readOnlySession, false, -1); +doTestResultSizeOption(readOnlySession, true, -1); +} finally { +if (readOnlySession != null) { +readOnlySession.logout(); +} +} +} + +private void doTestResultSizeOption(Session session, boolean union, int expected) throws RepositoryException { +QueryManager qm = session.getWorkspace().getQueryManager(); + +String statement; +if (union) { +statement = "select a.[jcr:path] from [nt:base] as a where contains(a.[text], 'Hello') UNION select a.[jcr:path] from [nt:base] as a where contains(a.[text], 'World')"; +} else { +statement = "select a.[jcr:path] from [nt:base] as a where contains(a.[text], 'Hello World')"; +} + +Query q; +long result; +NodeIterator it; +StringBuilder buff; + +// enabled by default now, in LuceneOakRepositoryStub. Disable global +System.setProperty("oak.fastQuerySize", "false"); + +// fast (insecure) case +String fastSizeResult = ""; +q = qm.createQuery(statement + " option (insecure result size)", Query.JCR_SQL2); +if (expected < 0) { +// if expected < 0, i.e. insufficient permissions, expect a InvalidQueryException on execute(). +try { +it = q.execute().getNodes(); +fail("expected an InvalidQueryException caused by a IllegalArgumentException"); +} catch (InvalidQueryException e) { +assertTrue("expected an InvalidQueryException caused by a ParseException", +e.getCause() instanceof IllegalArgumentException); +} +} else { +it = q.execute().getNodes(); +result = it.getSize(); +assertTrue("size: " + result + " expected around " + expected, +result > expected - 50 && +result < expected + 50); +buff = new StringBuilder(); +while (it.hasNext()) { +Node n = it.nextNode(); +buff.append(n.getPath()).append('\n'); +} +fastSizeResult = buff.toString(); +q = qm.createQuery(statement + " option (insecure result size)", Query.JCR_SQL2); +q.setLimit(90); +it = q.execute().getNodes(); +assertEquals(90, it.getSize()); +} + +// default (secure) case +q = qm.createQuery(statement, Query.JCR_SQL2); +it = q.execute().getNodes(); +result = it.getSize(); +assertEquals(-1, result); +buff = new StringBuilder(); +while (it.hasNext()) { +Node n = it.nextNode(); +buff.append(n.getPath()).append('\n'); +} +String regularResult = buff.toString(); +if (expected >= 0) { +assertEquals(regularResult, fastSizeResult); +} + +System.clearProperty("oak.fastQuerySize"); Review Comment: This should be inside a "finally" block, so that if the test fails, other tests are not affected. ## oak-doc/src/site/markdown/query/query-engine.md: ## @@ -267,6 +269,22 @@ Limitations: you need to also set the property `refresh` to `true` (Boolean), so that the change is applied. No indexing is required. + Query Option Insecure Result Size + +`@since Oak 1.60.0 (OAK-10424)` + +NOTE: The principal executing the query must have been granted the repository privilege `rep:insecureQueryOptions` (see [Privilege Management / Query Execution](../security/privilege/mappingtoprivileges.md#query-execution)). + +Enabling this option activates the same Compatibility behavior for NodeIterator.getSize() as described in [Result Size](#result-size), but only for the query being executed. Review Comment: Typo(?): lowercase "compatibility" -- This is an automated message from the Apache Git Service. To respond to the me
[jira] [Resolved] (JCR-4951) Update oak-jackrabbit-api.version.used in trunk and 2.20 to Oak 1.22.16
[ https://issues.apache.org/jira/browse/JCR-4951?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Julian Reschke resolved JCR-4951. - Resolution: Fixed > Update oak-jackrabbit-api.version.used in trunk and 2.20 to Oak 1.22.16 > --- > > Key: JCR-4951 > URL: https://issues.apache.org/jira/browse/JCR-4951 > Project: Jackrabbit Content Repository > Issue Type: Task > Components: parent >Reporter: Julian Reschke >Assignee: Julian Reschke >Priority: Minor > Fix For: 2.22, 2.21.20 > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (JCR-4971) Update oak-jackrabbit-api.version.used in trunk and 2.20 to Oak 1.22.17
[ https://issues.apache.org/jira/browse/JCR-4971?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Julian Reschke updated JCR-4971: Fix Version/s: (was: 2.21.20) > Update oak-jackrabbit-api.version.used in trunk and 2.20 to Oak 1.22.17 > --- > > Key: JCR-4971 > URL: https://issues.apache.org/jira/browse/JCR-4971 > Project: Jackrabbit Content Repository > Issue Type: Task > Components: parent >Reporter: Julian Reschke >Assignee: Julian Reschke >Priority: Minor > Fix For: 2.22 > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (JCR-4971) Update oak-jackrabbit-api.version.used in trunk and 2.20 to Oak 1.22.17
Julian Reschke created JCR-4971: --- Summary: Update oak-jackrabbit-api.version.used in trunk and 2.20 to Oak 1.22.17 Key: JCR-4971 URL: https://issues.apache.org/jira/browse/JCR-4971 Project: Jackrabbit Content Repository Issue Type: Task Components: parent Reporter: Julian Reschke Assignee: Julian Reschke Fix For: 2.22, 2.21.20 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (JCR-4951) Update oak-jackrabbit-api.version.used in trunk and 2.20 to Oak 1.22.16
[ https://issues.apache.org/jira/browse/JCR-4951?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Julian Reschke updated JCR-4951: Fix Version/s: 2.21.20 > Update oak-jackrabbit-api.version.used in trunk and 2.20 to Oak 1.22.16 > --- > > Key: JCR-4951 > URL: https://issues.apache.org/jira/browse/JCR-4951 > Project: Jackrabbit Content Repository > Issue Type: Task > Components: parent >Reporter: Julian Reschke >Assignee: Julian Reschke >Priority: Minor > Fix For: 2.22, 2.21.20 > > -- This message was sent by Atlassian Jira (v8.20.10#820010)