Re: Deprecation of SlingRepository.loginAdministrative()

[Alexander Klimetschek]

I believe at one point this impersonateFromService was implemented using an 
admin session, i.e. essentially ignoring the "my-service" service user name 
argument. And maybe that implementation is still used in AEM 6.3. However, the 
current state of Sling and Oak would actually use a service user, and your code 
might fail to work.

But when I searched, I couldn't find the source code showing that history.

Does anyone know?

Cheers,
Alex

> On 08.02.2018, at 01:07, Roy Teeuwen <r...@teeuwen.be> wrote:
> 
> Hey Jörg, Alexander,
> 
> Maybe it's just me, but for me the method works (on an AEM 6.3) without 
> putting any impersonators on any user, thats why I of course mentioned the 
> method, else it wouldn't have answered the question:
> 
> def session = slingRepository.impersonateFromService("my-service", new 
> SimpleCredentials("my-user", "".toCharArray()), (String)null);
> 
> Maybe this is a security flaw :)? The reason I use it like this is because I 
> also found that AEM itself uses this method to modify pages in name of users 
> in workflows / jobs...
> 
> Greets,
> Roy
> 
>> On 8 Feb 2018, at 00:25, Alexander Klimetschek <aklim...@adobe.com.INVALID> 
>> wrote:
>> 
>> I had the same question previously. It is not very feasible to configure a 
>> service user as a delegate on each individual human user. Especially when 
>> these human users are constantly added or removed.
>> 
>> This is a question for Oak, I believe.
>> 
>> Cheers,
>> Alex
>> 
>>> On 07.02.2018, at 14:03, Jörg Hoh <jhoh...@googlemail.com> wrote:
>>> 
>>> Hi Roy,
>>> 
>>> that's indeed good news, as it seems to solve the impersonation usecase. On
>>> the other hand the javadoc is quite clear, that the requirements of the
>>> impersonation process itself come from the underlying repository. I
>>> typically use Oak and the Oak documentation at [1] says that with the
>>> DefaultLoginModule it still requires some kind of prerequisits
>>> ("Impersonation another user will only succeed if the impersonated user is
>>> valid (i.e. exists and is not disabled) *and* the the user associated with
>>> the editing session is allowed to impersonate this user.").
>>> 
>>> 
>>> Jörg
>>> 
>>> 
>>> 
>>> [1]
>>> https://jackrabbit.apache.org/oak/docs/security/authentication/default.html#impersonation
>>> 
>>> 
>>> 
>>> 2018-02-07 22:50 GMT+01:00 Roy Teeuwen <r...@teeuwen.be>:
>>> 
>>>> Hey Andres,
>>>> 
>>>> We had a similar use case to do impersonation, there is another method for
>>>> that now:
>>>> 
>>>> https://sling.apache.org/apidocs/sling10/org/apache/
>>>> sling/jcr/api/SlingRepository.html#impersonateFromService-
>>>> java.lang.String-javax.jcr.Credentials-java.lang.String-
>>>> 
>>>> Greets,
>>>> Roy
>>>> 
>>>> 
>>>> On 7 Feb 2018, at 20:49, Andres Bott <cont...@andresbott.com> wrote:
>>>> 
>>>> Maybe a solution would be
>>>> - deprecate / remove the method ( to avoid old code to run as admin)
>>>> - rename the class / method and add an info to the log
>>>> 
>>>> in this way we make sure that old code gets migrated to service users, and
>>>> the places where it really makes sense to use admin user, the developer
>>>> should be aware of it.
>>>> 
>>>> Andres
>>>> 
>>>> 
>>>> El 2018-02-06 14:09, Bertrand Delacretaz escribió:
>>>> 
>>>> On Tue, Feb 6, 2018 at 1:02 PM, Jörg Hoh <jhoh...@googlemail.com> wrote:
>>>> 
>>>> ...Long story short: Is the loginAdministrative() method planned to be
>>>> removed? If yes, we should clearly give best practices and document how it
>>>> can be replaced even in the non-trivial cases. If it's going to stay, we
>>>> should remove the deprecation warning
>>>> 
>>>> I think we need to keep warnings that loginAdmin should be used as
>>>> sparingly as possible.
>>>> And probably provide some examples where it does make sense to use it.
>>>> But deprecation might not be the correct term, as you indicate.
>>>> -Bertrand
>>>> 
>>>> 
>>>> 
>>> 
>>> 
>>> --
>>> Cheers,
>>> Jörg Hoh,
>>> 
>>> http://cqdump.wordpress.com
>>> Twitter: @joerghoh
>> 
> 



signature.asc
Description: Message signed with OpenPGP

Re: Deprecation of SlingRepository.loginAdministrative()

[Alexander Klimetschek]

I had the same question previously. It is not very feasible to configure a 
service user as a delegate on each individual human user. Especially when these 
human users are constantly added or removed.

This is a question for Oak, I believe.

Cheers,
Alex

> On 07.02.2018, at 14:03, Jörg Hoh  wrote:
> 
> Hi Roy,
> 
> that's indeed good news, as it seems to solve the impersonation usecase. On
> the other hand the javadoc is quite clear, that the requirements of the
> impersonation process itself come from the underlying repository. I
> typically use Oak and the Oak documentation at [1] says that with the
> DefaultLoginModule it still requires some kind of prerequisits
> ("Impersonation another user will only succeed if the impersonated user is
> valid (i.e. exists and is not disabled) *and* the the user associated with
> the editing session is allowed to impersonate this user.").
> 
> 
> Jörg
> 
> 
> 
> [1]
> https://jackrabbit.apache.org/oak/docs/security/authentication/default.html#impersonation
> 
> 
> 
> 2018-02-07 22:50 GMT+01:00 Roy Teeuwen :
> 
>> Hey Andres,
>> 
>> We had a similar use case to do impersonation, there is another method for
>> that now:
>> 
>> https://sling.apache.org/apidocs/sling10/org/apache/
>> sling/jcr/api/SlingRepository.html#impersonateFromService-
>> java.lang.String-javax.jcr.Credentials-java.lang.String-
>> 
>> Greets,
>> Roy
>> 
>> 
>> On 7 Feb 2018, at 20:49, Andres Bott  wrote:
>> 
>> Maybe a solution would be
>> - deprecate / remove the method ( to avoid old code to run as admin)
>> - rename the class / method and add an info to the log
>> 
>> in this way we make sure that old code gets migrated to service users, and
>> the places where it really makes sense to use admin user, the developer
>> should be aware of it.
>> 
>> Andres
>> 
>> 
>> El 2018-02-06 14:09, Bertrand Delacretaz escribió:
>> 
>> On Tue, Feb 6, 2018 at 1:02 PM, Jörg Hoh  wrote:
>> 
>> ...Long story short: Is the loginAdministrative() method planned to be
>> removed? If yes, we should clearly give best practices and document how it
>> can be replaced even in the non-trivial cases. If it's going to stay, we
>> should remove the deprecation warning
>> 
>> I think we need to keep warnings that loginAdmin should be used as
>> sparingly as possible.
>> And probably provide some examples where it does make sense to use it.
>> But deprecation might not be the correct term, as you indicate.
>> -Bertrand
>> 
>> 
>> 
> 
> 
> -- 
> Cheers,
> Jörg Hoh,
> 
> http://cqdump.wordpress.com
> Twitter: @joerghoh

Re: i18n json resource files with Sling-Initial-Content (was: Sling pipes release)

[Alexander Klimetschek]

On 03.05.2017, at 10:01, Stefan Seifert  wrote:
> coming back to this - it is possible to load i18n json files with JCR content 
> loader - but one bug prevented it working with the last two releases [1]
> this bug is fixed in the current snapshot release of JCR content loader.
> 
> i've added and example how to do this on the contentloader documentation [2]

Great, thanks!

Cheers,
Alex

Re: Sling pipes release

[Alexander Klimetschek]

On 27.04.2017, at 06:12, Correia  wrote:
> How do I add my second JSON file to the jcr:data on the first file??

The answer to that question must lie in the sling initial content loader 
mechanism, how it can incorporate binary files (i.e. the second en.json that 
should end up as-is as nt:file in the repository). It probably sees all json 
files as descriptor files and tries to read them as jcr content.

Using "ignoreImportProviders=json" won't help, as then the english.json would 
no longer be seen as descriptor file either.

You could turn the english.json into the xml descriptor format, and use 
"ignoreImportProviders=json"… that might not be perfect if you prefer the json 
descriptor format I guess.

Note I am not very familiar with the content loader mechanism and if there is a 
better way.

Cheers,
Alex

Re: Is there a way to limit the results of a query using the Sling API?

[Alexander Klimetschek]

Yet another query api/language?

Cheers,
Alex

 On 13.05.2015, at 06:23, Carsten Ziegeler cziege...@apache.org wrote:
 
 I'm currently trying to design a new query API which is not string based
 anymore. It would be much easier to use, safer and in no way require you
 to write complex SQL or Xpath queries
 
 I'll soon have a draft which I'll post here for discussion
 
 Carsten
 
 Am 13.05.15 um 11:55 schrieb Dirk Rudolph:
 There isn’t a way to do this so far but it would be a nice improvement. 
 
 See https://issues.apache.org/jira/browse/SLING-1873 
 https://issues.apache.org/jira/browse/SLING-1873
 
 Cheers, Dirk
 dirk.rudo...@netcentric.biz mailto:dirk.rudo...@netcentric.biz | 
 www.netcentric.biz http://www.netcentric.biz/
 On 13 May 2015, at 11:19, Santiago García Pimentel 
 santiago.pimen...@netcentric.biz wrote:
 
 Hello,
 
 I wanted to use Sling to find some resources using SQL2 (I would prefer not 
 to use the JCR api directly). Unfortunately it seems that the use of limit 
 in the query is not supported, so it seems that my only option is to create 
 a JCR Query and use query.setLimit(int).
 
 Is this correct? I would prefer to use only the Sling API to get these 
 resources. The ResourceResolver has a findResources() method, but it does 
 not accept any limit.
 
 Greetings.
 -- 
 *Santiago García Pimentel* | Software Engineer
 Netcentric Ibérica SL
 Av. Diagonal 123 -8ª
 08005 Barcelona
 España
 Skype: santiago.garciapimentel
 santiago.pimen...@netcentric.biz | www.netcentric.es
 
 
 
 
 -- 
 Carsten Ziegeler
 Adobe Research Switzerland
 cziege...@apache.org

Re: Reg - Clustering

[Alexander Klimetschek]

On 21.09.2014, at 22:50, Bertrand Delacretaz bdelacre...@apache.org wrote:

 What we recommend against is HTTP sessions

...meaning any in-memory data assigned to some session that is kept across 
multiple requests (as that's what J2EE HTTP Sessions are). You want every 
request to be self-describing and able to start from scratch to make the most 
out of HTTP and be RESTful.

Cheers,
Alex

Re: Differences between type responses for node and resource

[Alexander Klimetschek]

On 12.09.2014, at 10:55, Jason E Bailey jason.bai...@24601.org wrote:

 I have a hard time understanding how there would be added complexity by
 incorporating the nodeType hierarchy into a determination as to whether
 a specific resource is of a specific type. Multiple hierarchies are
 fairly common in programming languages, like the instanceof I mentioned
 that does both the class hierarchy and the interface hierarchy.

Yes, but it gets complicated when you look at the servlet resolution: which 
super type hierarchy has a higher precedence? The current weighting is already 
pretty complex.

And I think enforcing more use of resource types and less node types here is a 
good thing :)

  I also
 don't see much confusion occurring from implementing this. If I am
 attempting to validate a whether something is inherited from nt:base I
 clearly have a need in mind that would be separate from desire to know
 if it's a sling component that inherits from foundation/list

BTW, you can handle the case yourself:

Node node = resource.adaptTo(Node.class);
if (node != null) {
if (node.isNodeType(nt)) {
// ...
}
}

Cheers,
Alex

Re: Differences between type responses for node and resource

[Alexander Klimetschek]

Sling resource types have their own super type hierarchy. Using jcr node types 
if no sling:resourceType is specified was added as a fallback for cases where 
it is impractical to set a sling:resourceType. But it does not take into 
account the node type hierarchy, I think because it would simply be too 
complex, since you then have to look at two hierarchies.

I would use sling resource types as much as possible over node types, since 
they are a lot more flexible.

HTH,
Alex

On 11.09.2014, at 14:54, Jason E Bailey jason.bai...@24601.org wrote:

 I understand the difference between the Sling Resource Type and the JCR
 Node type. However the resource.isResourceType is not specifically
 dealing with one or the other. If I had a resource of a node with a
 primaryNodeType of nt:file then doing resource.isResourceType(nt:file)
 would return true. 
 
 I had to dig through the code to see what was going on. 
 
 The basic idea is that calling resource.getResourceType() will return
 the sling:resourceType and if that's not there then it will return the
 jcr:primaryType. When calling isResourceType it will compare against
 the resource.getResourceType() and if that's not a match will march of
 the chain of getSuperResourceType looking for a match, and that matches
 only against the sling:resourceType.
 
 I can sorta see where that's useful from a script resolution point of
 view. I find it odd overall as it's missing out on a section of
 inheritance. It's like having a java instanceof operator ignoring
 interfaces. 
 
 -- 
  Jason
 
 On Wed, Sep 10, 2014, at 01:13 PM, Paul McMahon wrote:
 There isn't necessarily a mapping between Sling Resource Type and the JCR
 Node type. The sling resource type is determined based on the value or
 the sling:resourceType property on the node, where as the JCR Node type
 is determined based on jcr:primaryType value. In most cases nodes of
 sling:resourceType will always be the same jcr:primaryType, but technical
 that isn't a requirement. In  reality there are most jcr:primaryTypes map
 to many different sling:resourceType (or no sling resource type). 
 
 
 Paul McMahon
 Acquity Group, Part of Accenture Interactive
 
 
 On Wednesday, September 10, 2014 9:56 AM, Jason E Bailey
 jason.bai...@24601.org wrote:
 
 
 
 Lets say I have a node of type sling:Folder.
 
 
 
 Calling
 
 node.isNodeType(nt:folder)
 
 will return true, since sling:Folder extends nt:folder
 
 
 
 However
 
 resource.isResourceType(nt:folder)
 
 will return false. I'm assuming since it's attempting to
 resolve up the resource heirarchy(?)
 
 
 
 My question, is there a Foo utility to determine if a given
 resource is of a particular type via the node definition?
 
 
 
 TIA.
 
 --
 Jason E Bailey

Re: behavior of the script resolution with the default servlet

[Alexander Klimetschek]

On 03.09.2014, at 04:39, Sandro Boehme sandro.boe...@gmx.de wrote:

 Both scripts are bound to the html extension and `my_resource_type` is more 
 detailed in the resource type hierarchy than `sling/servlet/default`.
 But as I use the .jcrbrowser selector this gives my script a higher priority 
 than the other one anyways.
 Is that correct?
 
 This is a more concrete scenario description than in my first email:
 
 URL: http://localhost/mynode.jcrbrowser.html
 
 ++ original ++
 sling:resourceType: my_resource_type
 script: /apps/my_resource_type/html.jsp
 
 ++ overwritten by Sling JCRBrowser ++
 resource type: sling/servlet/default
 script: /libs/sling/servlet/default/jcrbrowser/html.jsp

Yes, if you have a selector, than that is very specific and it should take the 
bottom one (sling/servlet/default), since there is no selector specific script 
in your /apps.

Cheers,
Alex

Re: Script language independent overrides

[Alexander Klimetschek]

On 24.07.2014, at 19:11, Justin Edelson jus...@justinedelson.com wrote:

 If the author didn't want to
 do that, they shouldn't use sling:call and instead use sling:include
 with replaceSelectors.

Right. sling:call addresses the script and that is simply wrong - it needs to 
be a sling:include and strictly rely on sling resource resolution (selectors, 
extensions etc.). If you use sling:call and address the script, you of course 
tie yourself to the script engine in question (i.e. usually JSP).

Cheers,
Alex

Re: intellij 13.1?

[Alexander Klimetschek]

I think this is the Osmorc plugin providing the OSGi facet support. I saw 
those warnings as well (with Intellij 13.1) and have it disabled. (Same for 
Spring OSGi and dmServer Support plugins that pop up when I search for osgi 
in Plugins). Then I don't have any OSGi facets nor inspections. This is fine 
for me, I haven't seen any benefit of those OSGi integrations with IntelliJ so 
far, too many false positives. (Happy to be convinced otherwise :))

Cheers,
Alex

On 19.04.2014, at 02:16, Robert A. Decker dec...@robdecker.com wrote:

 Hello,
 
 After I think about a year I’m about to start up another sling project. I’ve 
 used IntelliJ in the past for sling development, but now with IntelliJ 13.1 
 it seems to be more picky on dependencies.
 
 For example, in my parent pom I have:
dependency
groupIdorg.apache.felix/groupId
artifactIdorg.apache.felix.scr/artifactId
version1.8.2/version
scopeprovided/scope
/dependency
 And in my bundle pom:
dependency
groupIdorg.apache.felix/groupId
artifactIdorg.apache.felix.scr.annotations/artifactId
/dependency
 
 In the IntelliJ UI when looking at the pom.xml of the bundle the felix 
 dependency is highlighted in yellow with the message “Dependency is not OSGI 
 ready”, which is what IntelliJ has always done in the past.
 
 However, when I try to use these annotations (Component, Service, Activate, 
 etc) I get compile errors in intelliJ:
 “The package is not exported by the bundle dependencies”
 
 
 In IntelliJ I can change this to a warning:
 http://stackoverflow.com/questions/21465166/how-to-configure-osgi-in-intellij-when-its-handled-by-maven
 
 
 Is this what you’ve done? Or is there another way around this?
 
 Rob

Re: Multiple versions of OSGI Bundles with BundleLists

[Alexander Klimetschek]

On 28.02.2014, at 09:35, Thomas Joseph open4tho...@gmail.com wrote:

 What were the design consideration for restricting multiple versions of an
 OSGi bundle in the sling tooling - while this is an inherent and
 celebrated feature natively available in OSGi? There are many use cases
 where we would want to have this feature in place, and still use Sling.

I think (without having tried multiple versions in practice) this would be 
rather dangerous in reality.

It only makes sense for 3rd party helper libraries - say a logging API or some 
commons utility. Once you have core API modules of your application with 
usually singleton services, you really only want a single instance to be 
running at the same time.

Managing different versions of those 3rd party libraries can be nicely done 
using embedding them in bundles, thus hiding their presence from all the other 
bundles. This works pretty good.

Cheers,
Alex

Re: ResourceProvider not invoked when provider root path is called with HTML extension

[Alexander Klimetschek]

On 13.01.2014, at 13:09, Olaf Otto o...@x100.de wrote:

 However, when
 calling /content/child1/child2.html, the resource provider is never asked
 for a resource.

This seems wrong - when you register the provider under root 
/content/child1/child2 it should be asked for the resource as part of the 
resource resolution step.

Maybe the issue is that it overlaps with another resource provider for /content 
or /content/child1?

Cheers,
Alex

Re: Adding properties to auto-generated nodes

[Alexander Klimetschek]

On 08.01.2014, at 08:36, Buzzterrier tje...@blueorigin.com wrote:

 We are using :nameHint to create a node. We would like to add some properties
 to the this node when it is created. Is there a way to do this?

Just specify the properties normally using the sling post servlet. For 
:nameHint, you will use an URL ending with / or /*. All the properties set like 
myproperty=foo as request parameter will be relative to the node addressed in 
the URL, which in case of the wildcard will be that newly created node.

Here is an example (from the top off my head):

POST /content/*
:nameHint = blogpost
jcr:title = My first post
jcr:description = This is my first post.

Cheers,
Alex

Re: Script resolution newbie question

[Alexander Klimetschek]

On 04.11.2013, at 14:06, Alessandro Bologna alessandro.bolo...@gmail.com 
wrote:

 Again, I fully understand that this is possibly a better approach with
 fewer contents and maybe if there variations on them, but in my use case
 (same exact contents, just different rendering) the approach of extending
 the script search path seems to be more reasonable.

I would say that a virtual resource provider is cleaner. Most importantly 
because it allows to access your virtual separate trees on the server side as 
well without being forced to run within a http request context.

Cheers,
Alex

Re: Script resolution newbie question

[Alexander Klimetschek]

Those separate resource trees I mentioned could just point to the original 
resources, so they don't need to duplicate them. Maybe the trees and/or the 
selection of what gets used might look different than the original, so that can 
be the only option.

OTOH if it is really automatic and applies to all resources (or the few 
exceptions are trivial and based on existing flags on the original sources) I 
agree, creating a separate tree might be difficult. In that case I could 
imagine having a custom resource provider (I am not sure if that was proposed 
already?) might be useful: say you hook it under /alternative2 and just wrap 
the JCR resources from /some/foo, but changing the resource type. And the host 
header would be used upfront in the webserver or sling mappings to get from 
Host: myserver to /alternative2.

I would be careful with too much dynamic script or resource resolution based on 
headers etc., since this becomes less transparent and is harder to debug.

Cheers,
Alex

On 01.11.2013, at 09:01, Alessandro Bologna alessandro.bolo...@gmail.com 
wrote:

 Yes, that's exactly the case. And to explain why using the resource path is
 not an option for us, the fact is that if we could just duplicate the
 resources in a new tree then we would just go ahead and change their
 resource types as well, but with a few millions of those around it's a bit
 painful to do so. And in general, even the tooling to inspect browse etc
 etc that has to deal with them would be struggling a bit.
 
 
 
 On Fri, Nov 1, 2013 at 11:54 AM, Bertrand Delacretaz bdelacre...@apache.org
 wrote:
 
 Hi,
 
 On Fri, Nov 1, 2013 at 4:32 PM, Alessandro Bologna
 alessandro.bolo...@gmail.com wrote:
 we have *one* resource,
 (meaning one jcr node if it's a jcr backed resource), at /content/home
 with
 sling:resourceType H
 
 if a request is for http://www.example.com/home.html, H points to
 /specific/www.example.com/H/html.jsp
 
 if a request is for http://m.example.com/home.html, H points to
 /specific/m.example.com/H/html.jsp
 
 Ok got it - so our examples are similar, in that we build an
 additional search path for scripts based on the current request.
 
 In my case, that path is computed based on part of the path of the
 resource that's been resolved.
 
 In your case, that path is computed based on a request header.
 
 So it looks like a service like follows might do the trick:
 
  /** Instances of this service are taken into account by the servlet
 resolver,
   *  to look for scripts in more places than just the default /apps and
 /libs
   *  for the current request
   */
  public interface ScriptSearchPathsProvider {
/** Return a list of paths that are added in front of the search
 *  path used to resolve scripts. */
SetString getAdditionalScriptSearchPaths(SlingHttpServletRequest
 request);
  }
 
 WDYT?
 
 One issue that comes to mind is handling the rendering servlet's
 cache, as with this it won't be a straight resource type to servlet
 mapping anymore...but if we agree on the basic needs we can look at
 that when needed.
 
 -Bertrand
 

Re: Script resolution newbie question

[Alexander Klimetschek]

Hi Alessandro!

On 31.10.2013, at 07:28, Alessandro Bologna alessandro.bolo...@gmail.com 
wrote:

 For requests that have a specific header, say Host:otherapp, I want
 instead to use scripts located at /apps/myotherapp/page.
 
 Short of duplicating the resource, what's the best practice to implement this?

I would say the best practice actually IS to have a separate resource tree for 
another host/tenant. As soon as ACLs or other little differences between hosts 
come into play, this is the best approach. Otherwise you'll start 
reimplementing a lot of what the repository and sling gives you already.

Cheers,
Alex

Re: Full text indexing is not happening

[Alexander Klimetschek]

I think this is a question for the Jackrabbit mailing list - unless the Sling 
launchpad deployment includes a broken configuration wrt to Jackrabbit's 
search config (repository.xml or indexing_configuration.xml).

For more info see
http://wiki.apache.org/jackrabbit/Search
http://wiki.apache.org/jackrabbit/IndexingConfiguration

Cheers,
Alex

Re: Feature Request

[Alexander Klimetschek]

Could we have a helper method/service here as well? Not just for JSPs but for 
java code as well.

It's a common question that people want to render a request result into a 
string (or simply get the stream; internally a bytearrayoutputstream probably), 
and the answer yes, you can do that, just build your own dummy 
request/response wrappers and place your own outputstream in there is a bit 
difficult.

Two recent examples that could make use of that in Sling:
- Bertrand's health check which does script execution: 
http://svn.apache.org/repos/asf/sling/trunk/contrib/extensions/healthcheck/hc-sling/src/main/java/org/apache/sling/hc/sling/impl/HttpResponse.java
 (see javadoc)
- web resources (from SLING-2805) that allow for compilers to be written as 
sling script engines (ok, that's just an idea)

Cheers,
Alex

On 19.04.2013, at 16:45, Felix Meschberger fmesc...@adobe.com wrote:

 Hi Mike
 
 I agree, that this would be a nice addition. I don't think this is too
 hard to implement, basically all it takes is wrap the response and
 overwrite the getWriter method to capture the output in a StringBuilder
 which can then be pumped into the variable or StringReader.
 
 Would you be able to come up with a patch ?
 
 Regards
 Felix
 
 On 19.04.13 13:55, mjkelleher mj.kelle...@gmail.com wrote:
 
 Hello,
 
 Posted a new feature request:
 https://issues.apache.org/jira/browse/SLING-2834
 
 Some of the standard EE taglibs support this feature, and would be nice
 if sling:include did also.
 
 Thanks,
 
 --mike
 

Re: Resource Resolving basic questions

[Alexander Klimetschek]

On 28.01.2013, at 11:32, Ulrich Schmidt ulrich-dieter.schm...@gombers.de 
wrote:

 I see that I have mixed up path resolution and resource resolution 
 (retrieving rendering script). But what does longest matching resource 
 mean. To use the cheatsheet-sample: The absolute path /wiki/Sling must exist 
 to resolve the request (or it is mapped by some means. then the mapped path 
 must exist).

Longest matching: If there would be just a node /wiki (and no /wiki/Sling), a 
request with an URL such as /wiki/Sling.html would still match:

An example, given the URL /wiki/Sling.html

/wiki/Sling exists
= resource /wiki/Sling
 extension html

/wiki exists (but no Sling below)
= resource /wiki
 suffix /Sling.html

nothing matching exists
= resource type = sling:nonexisting
  path = /wiki/Sling.html (the full unmodified url)

 If the node is of type nt:file we are done.

No, for resource resolution, the node type is completely irrelevant. Any JCR 
node will be seen as a resource.

 If it contains a rt or rst-attribute this will be used to retrieve script 
 location.

Yes. If these properties do not exist, the node type will be used. E.g. 
nt:file would become rt = nt/file. Or if the special path resource type 
provider is installed (or any other), it would use the path if no rt/rst 
properties are present.

(Note that these are properties in JCR, not attributes).

   (3) In either case (resolved by sling:resourceType, 
   sling:resourceSuperType or 
   using the node itself) Sling looks for scripts contained in the resolved 
   node. 
  
  If you mean resolve node = request resource, then no. The resource type is 
  looked up 
  - by path (if it's absolute): rt = /apps/project/components/foo 
  - inside the resource resolver search path (if it's relative, common) 
  rt = project/components/foo = search in /apps/project/components/foo and 
  in /libs/project/components/foo (if search path is /apps, /libs) 
 
  
 Sorry, I'm not sure whether I understand what is compared in expression 
 resolve node == request.resource. The script location is looked up as 
 described above and the script itself selected according to a best match 
 rule. Looking up inside the resource resolver search path probably means 
 probably the same as what I called using best match rule, doesn't it?

Not really... I see the confusion. Both steps (resource resolution + script 
resolution) use the same ResourceResolver service [1], which is very central to 
Sling, but quite differently:

a) resource resolution uses ResourceResolver.resolve()
- using the request resource resolver = under the name of the user of the 
request (important for ACLs)
- if there is no match, it will return the special NonExistingResource (rt = 
sling:nonexisting as mentioned above)
- no search path is used here

b) script resolution used ResourceResolver.getResource()
- using a special resource resolver instance with a special script user (has 
rights to read .jsp etc.; basically the execute permission if you will)
- if there is no match, returns null
- applies the search path if you path a relative path (e.g. a resource type 
such as project/components/foo)

Note that case b) is very common for any server-side processing where you want 
to look up resources. It's like Session.getNode() in the JCR API.

[1] 
http://sling.apache.org/apidocs/sling6/org/apache/sling/api/resource/ResourceResolver.html

Cheers,
Alex

Re: Resource Resolving basic questions

[Alexander Klimetschek]

On 25.01.2013, at 18:22, Ulrich Schmidt ulrich-dieter.schm...@gombers.de 
wrote:

 Being new with Sling, I need to get familiar with it. Until now I understand
 that there is no comprehensive reference describing the Sling architecture and
 methods in detail. Until now I saw some CQ5-samples which don't work for me 
 and
 I don't understand how one comes to expect that they should work.

There's also

http://sling.apache.org/site/architecture.html
http://sling.apache.org/site/dispatching-requests.html
http://sling.apache.org/site/url-decomposition.html

and other links on http://sling.apache.org/site/the-sling-engine.html that 
might help.

And the wiki https://cwiki.apache.org/SLING/index.html has some useful stuff as 
well.

 This is what I understand so far (source: Sling
 cheatsheet(http://dev.day.com/content/ddc/blog/2008/07/cheatsheet.html)   and 
 CQ
 Basics (http://dev.day.com/docs/en/cq/current/developing/the_basics.html):
 
 (1) Sling splts the URI in different parts and maps them to the resources.

Yes.

 (2) The path is either mapped according to the sling:resourceType or the
 sling:resourceSuperType (both attributes either specified to the path-node or
 inherited from parents) or to the node (specified by the path) itself; in this
 case the node must be  of type nt:file or contain a subnode of type nt:file.

Not really. After parsing the URL, the longest matching resource found is used 
as resource for the request. First step done.

Then for rendering, sling searches for a servlet/script. This is done based on 
the sling:resourceType  sling:resourceSuperType, or, if not available, the 
node type of the request resource is used (for JCR resources; some:NodeType = 
read like a resource type some/NodeType).

 (3) In either case (resolved by sling:resourceType, sling:resourceSuperType or
 using the node itself) Sling looks for scripts contained in the resolved node.

If you mean resolve node = request resource, then no. The resource type is 
looked up
- by path (if it's absolute): rt = /apps/project/components/foo
- inside the resource resolver search path (if it's relative, common)
  rt = project/components/foo = search in /apps/project/components/foo and in 
/libs/project/components/foo (if search path is /apps, /libs)

 (4) There are four ScriptTypes supported: est (ECMAScript), java (Java Source
 becomes compiled), jsp (Java Server Pages) and jst (Java Script Templates).  
 The
 type js is not mentioned in The Basics.

esP, not esT. esp are javascript templates (ecmascript = javascript), i.e. like 
JSPs.

Example: 
https://cwiki.apache.org/SLING/scripting-variables.html#Scriptingvariables-ESP

Any JSR 223 Java scripting engine can be hooked in. There are scala and groovy 
floating around for example. See also
http://stackoverflow.com/questions/6558055/is-osgi-fundamentally-incompatible-with-jsr-223-scripting-language-discovery/6562563#6562563

 (5) For HTTP-GET requests there is a best match sequence for looking up the
 script name; for HTTP-PUT-requests an exact-match is required.

The normal variant for a GET request to a html extension would be html.jsp 
(assuming jsps). Since this is very common, as a dev you are likely to have 
many html.jsp files open, not knowing where they belong, Sling added a shortcut 
to use the component name (parent folder) instead:

/apps/projects/components/foo/foo.jsp

 These are some of the samples I don't understand:
 
 see also How to Create a Fully Featured Internet Website
 (http://dev.day.com/docs/en/cq/current/howto/website.html) and the discussion 
 at
 the bottom. Ulrich, thats me.

I guess that's more of a question for the CQ forum or mailing list, but I'll 
answer inline anyway:

 (a) the node /content/mywebsite/en/products is of type cq:Page and the subnode
 jcr:content has an attribute
 sling:resourceType=mywebsite/components/contentpage.
 The path /apps/mywebsite/components/contentpage contains a node body.jsp (and
 some others referenced by body.jsp).
 The request http://localhost:4502//content/mywebsite/en/products.html renders
 the node /apps/mywebsite/components/contentpage/body.jsp.
 This is the first thing I don't understand. Why is body.jsp looked up for
 rendering; why does it belong to the best match sequence showed in (5).

There is more (also noted on the page, but no so clear): there is a 
contentpage.jsp which is called first (that's the GET-html shortcut jsp). This 
one then explicitly includes head.jsp  body.jsp, using the CQ-specific 
cq:include tag (which includes the script directly, working differently than 
sling:include).

 (b) One of the jsps included by body.jsp displays an image. The image is also 
 a
 node in /apps/mywebsite/components/contentpage/
 Within the jsp the string /content/mywebsite/en/products/navimage.png is
 specified. But the image does not show up in the browser. When I specify
 /apps/mywebsite/components/contentpage/navimage.png instead all works fine. So
 if resolving for the website
 

Re: Adding dependencies

[Alexander Klimetschek]

On 27.11.2012, at 22:31, Dan Klco dan.k...@sixdimensions.com wrote:

 Thanks, that is exactly what I was looking for.  Is there any documentation 
 on these annotations?

Here is the relevant documentation: http://sling.apache.org/site/servlets.html

This could get some annotation based samples (e.g. Usage with SCR annotations 
on servlet classes).

Cheers,
Alex

Re: Adding dependencies

[Alexander Klimetschek]

On 14.11.2012, at 19:06, Dan Klco dan.k...@sixdimensions.com wrote:

 create a framework in Sling allow defining resource based servlets via 
 annotating methods

That would break Sling's RESTful mantra addresses resources, not scripts. 
Servlets are scripts and do not define resources - this is done through the 
resource API as the first step in request handling, before the servlet is 
selected based on the resource type.

 and add support serializing responses

What do you think is missing here?

 and loading parameters from the request.

Same question here. You can have a service or helper that you use from within 
your servlets to read parameters the way you want. To generalize, you could 
have an abstract base servlet that does that for you.

In general, it's not a good idea when web frameworks try to completely abstract 
away the protocol (HTTP  REST-style).

Cheers,
Alex

Re: Adding dependencies

[Alexander Klimetschek]

On 14.11.2012, at 03:56, Wayne Lund wxl...@yahoo.com wrote:

 Why would you say sling is more elegant?

It's more elegant because:
- addresses resources, not scripts
- no regexp hell
- with JCR, clearly defined resource space

Cheers,
Alex

Re: Multi-tenancy support in Sling - SLING-2656

[Alexander Klimetschek]

On 12.11.2012, at 10:55, Felix Meschberger fmesc...@adobe.com wrote:
 Considering that most requests to websites are anonymous, I suggest
 that multi-tenancy support should only care about the resource being
 requested, not about the requesting user, This also guarantees
 consistent results for rendering.
 
 This (and the following) raise good questions. And we are not ready to answer 
 them (yet) and we are not even considering per-tenant applications (for above 
 stated reasons).

I'd agree with Julian. A tenant should be dependent on something clearly 
defined through the URL: e.g. the domain / Host header or a URL path, such as 
domain.com/tenant. So it's essentially request-dependent, not necessarily user 
or content dependent.

Otherwise it would also overlap too much with ACLs.

 * A ResourceResolver representing a user (just like JCR Session does) can be 
 adapted to a Tenant to which the user belongs.

Hmm, I am not sure if a user belongs to a (single) tenant. What if a user 
should be able to log into multiple tenants? For example, an agency with 
multiple customers (who are tenants) or just the admin users of the site 
provider.

 * A Resource can be adapted to a Tenant under the assumption that the 
 respective Resource belongs to one of the Tenant's data areas in the 
 repository.

What if there are shared resources? You probably need the resources from a 
request-specific resource resolver, which in turn handles the request-dependent 
tenant resolution, so you get the right tenant from the resource based on that, 
but not based on the resource's location.

Cheers,
Alex

Re: Overriding of sling:messages in sling i18n

[Alexander Klimetschek]

On 07.11.2012, at 10:06, Dirk Rudolph dirk.rudo...@t-systems-mms.com wrote:

 When I now introduce an app that should use the component defined in the
 lib, they shouldn't use the keys defined in the lib because it's possible
 that a translation of one message differs for different apps

This is IMHO a typical scenario for using translation comments as mentioned.

Cheers,
Alex

Re: Overriding of sling:messages in sling i18n

[Alexander Klimetschek]

The mechanism was mainly designed for a basic search path using /apps and 
/libs. What is your use case with a search path like /apps/,/apps/bar, 
/apps/foo/ and localization?

If you just want to separate dictionaries:
a) use different translation hints/comments for identical strings that need 
different translations in a different context; in CQ's i18n apis the key (for 
the resource bundle / sling:key) is built using string ((comment)) if a 
comment is present
b) you can have different dictionaries with a different basename [0] and 
access using [1]

[0] http://sling.apache.org/site/internationalization-support.html
[1] 
http://dev.day.com/docs/en/cq/current/javadoc/org/apache/sling/api/SlingHttpServletRequest.html#getResourceBundle(java.lang.String,%20java.util.Locale)

HTH,
Alex

Re: Configuring Sling ResourceResolver

[Alexander Klimetschek]

On 01.11.2012, at 18:30, Jakob Külzer jakob.kuel...@gmail.com wrote:
 What is the recommended way of configuring the resolver? Obviously, having
 someone enter the rules manually on the console is not an option, so
 something that is stored in the tree and can be packaged and redeployed
 would be ideal. Is there a way to configure the ResourceResolver (the
 JcrResourceResolverImpl to be more precise) via sling:OsgiConfig?

I think the best way is to configure them via /etc/map, this can be packaged.

Cheers,
Alex

Re: Runmodes, JCRInstaller and the Console

[Alexander Klimetschek]

On 29.10.2012, at 16:47, Jakob Külzer jakob.kuel...@gmail.com wrote:

 Are /app/foo/config* folders not exclusive or? For example, if I have
 config and config.dev and the runmodes are foo,dev, would it not load
 config.dev only? Or is configuration in config (without any runmodes)
 always selected).

Yes, if you have a config folder without any runmode, it is always 
considered. However, a specific service configuration in config.mode should 
be preferred over one for the same service pid in config. The config folder 
acts as default configuration basically.

Cheers,
Alex

Re: defining a new primary node type on a fly

[Alexander Klimetschek]

On 10.10.2012, at 06:16, Dimitar Dimitrov ddimit...@consult.bg wrote:

 I am trying to import new node type definition by CND on a fly.
 We develop a Adobe Flex based interface which can build CND by 
 hierarchical UI and I want to import this new node type into the JCR 
 repository.
 For now when I want to import new node type definition I make a new OSGI 
 Sling bundle and import the schema into it.
 Is there another way to importing the newly generated CND into the 
 repository and start using it immediately.

I think you are overusing node types here. For something like UI elements that 
will evolve a lot, I would not use a fixed schema in the repository. Rather use 
a few generic types like widget/component etc. but keep them unstructured.

Because I see that your next question will be how to change existing node 
types on the fly ;-)

Cheers,
Alex

Re: where is ResourceResolver.adaptTo(Session.class) implemented?

[Alexander Klimetschek]

On 11.09.2012, at 08:24, Sam Lee skyn...@gmail.com wrote:

 Which AdapterFactory implements
 resourceResolver.adaptTo(javax.jcr.Session.class) ?

I think it's the JcrResourceProvider, with the adaptTo being forwarded from 
the jcr resource resolver:
http://svn.apache.org/viewvc/sling/trunk/bundles/jcr/resource/src/main/java/org/apache/sling/jcr/resource/internal/helper/jcr/JcrResourceProvider.java?view=markup

 I am doing a lot of this in servlet that handles POST request:
 slingRequest.getResourceResolver().adaptTo(Session.class).save();
 
 And, I get a lot of
 Caused by: org.apache.jackrabbit.core.state.StaleItemStateException:
 4d530d2b-c3a2-4dd4-9e41-4d515f2a1bf8/itemTagged has been modified externally

This means session A tries to update something that another session B modified 
in the meantime (between session A reading the item and trying to write it).

This could be due to concurrent requests - if you only use the request jcr 
session as with resolver.adaptTo(Session.class) mentioned above. In which case 
this is normal.

But maybe you also create a second session in parallel in the same request and 
use them both at the same time?

 I am pretty sure I'm not managing Session and persisting properly in POST
 request handler.
 
 Is there a guideline (and example) for managing Session and persistence?

By default, use the request session only. You get access control (session uses 
the request user) and usually you only want one transaction per request.

If you have concurrent requests modifiying the same nodes, you have to think 
about avoiding that on a high level (e.g. jcr locks although they can be 
tricky) or retrying the failed change automatically.

HTH,
Alex

Re: Empty string property values

[Alexander Klimetschek]

On 16.07.2012, at 17:07, Jeremy Booth wrote:
 For our app we do need to
 differentiate between provided empty and not provided.

I can imagine that this makes sense sometimes (albeit I haven't come across 
this yet).

 On 16 July 2012 15:42, Carsten Ziegeler cziege...@apache.org wrote:
 the handling of the empty value happens in the Sling Post servlet -
 afaik this was a decision in the early days of the post servlet to
 treat an empty value like no value.

Yes, that was always in the code (I remember refactoring that once for the 
@Patch feature). It's clearly commented, albeit the initial reasoning seems 
lost:

// if no value is present or a single empty string is given,
// just remove the existing property (if any)
removeProperty(parent, prop);

 However, the sling post servlet docs say something different:

http://sling.apache.org/site/manipulating-content-the-slingpostservlet-servletspost.html#ManipulatingContent-TheSlingPostServlet%28servlets.post%29-%7B%7B@IgnoreBlanks%7D%7D

The 2nd example in that section:

form method=POST action=/content/page/first enctype=multipart/form-data
input type=hidden name=stringProperty@TypeHint value=String/
input type=text name=stringProperty value=/
/form

This will _not_ result in an empty property, but in no property at all (just 
tested it).

Without knowing the original reasoning for  == null, I would say the sling 
post servlet documentation is king and this is a bug :-)

But one needs to be careful here, as there are so many options involved: 
single- vs. multi-value properties, @IgnoreBlanks, @DefaultValue = :null, 
@DefaultValue = :ignore ... (see also RequestPropertyTest).

Cheers,
Alex

Re: sling.include-ing another page

[Alexander Klimetschek]

On 06.03.2012, at 00:59, David G. wrote:

 Is it possible to sling.include another page in a JSP?

Yes.

(Though I guess with page you refer to a CQ proprietary concept, you might 
want to discuss that on a CQ list).

 I am making a custom set of error jsp's and I want to include the html 
 representation a content page in the 404 response (rather than 302 to the 
 page).
 
 I've played around with sling.include passing the Page resource,  the Page's 
 PageContent resource, explicit string  paths to the page (including .html 
 ext), etc. but nothing the actual page itself is never shown. 

Maybe the user cannot read the page?

 Also, to note, sling.include(/content/site/errors/404) keeps the 404, 
 whereas sling.include(/content/site/errors/404.html) magically turns the 
 response into a 200 (even though the contents of the page is not rendered).

The resulting page might set a different response code - and you might want to 
use a forward instead of an include here.

Cheers,
Alex

-- 
Alexander Klimetschek
Developer // Adobe (Day) // Berlin - Basel

Re: registering a servlet to handle /imgs/

[Alexander Klimetschek]

On 19.12.11 23:35, Alexander Klimetschek aklim...@adobe.com wrote:
Also, you could put it under /content/imgs or /libs/imgs

Ups, I meant /apps/imgs or maybe /etc/imgs (/apps  /libs should usually
be closed as much as possible for public instances to avoid any chance of
exposing code or configuration).

Chees,
Alex

-- 
Alexander Klimetschek
Developer // Adobe (Day) // Berlin - Basel

Re: serve static file?

[Alexander Klimetschek]

On 29.08.11 15:58, sam ² skyn...@gmail.com wrote:

I'm tried
http://sling.apache.org/site/accessing-filesystem-resources-extensionsfsre
source.html
...
I restarted sling, too. But I don't see  /apps/fs  or  /fs  in the
repository even when I create files under /home/sam/jcr.

The file system resource provider works on the filesystem, and only maps
those directories from the fs into Sling's virtual resource view. If you
look at the JCR repository, you won't see them. There is currently no tool
that I am aware of which would display the Sling resource tree.

Cheers,
Alex

-- 
Alexander Klimetschek
Developer // Adobe (Day) // Berlin - Basel

Re: Beginners question with Sling.

[Alexander Klimetschek]

On 08.07.11 10:39, Phil Rice phil.rice.erud...@googlemail.com wrote:
DefaultHttpClient client = new DefaultHttpClient();
client.getCredentialsProvider().setCredentials(new AuthScope(localhost,
8080), new UsernamePasswordCredentials(admin, admin));

I guess you need to use preemptive auth:

client.getParams().setAuthenticationPreemptive(true);

http://hc.apache.org/httpclient-3.x/authentication.html


Regards,
Alex

-- 
Alexander Klimetschek
Developer // Adobe (Day) // Berlin - Basel

Re: AW: Inheritance and URL decomposition

[Alexander Klimetschek]

What tag exactly do you use to do the include? Because there is an
important difference in cq:include script=foo.jsp / compared to
cq/sling:include path=foo /.

cq:include with script will look up the script by name directly instead of
using the resource type/selector/extension resolution (albeit it does
handle rt inheritance).

Regards,
Alex

On 01.04.11 10:02, Marco Dohnke marco.doh...@valtech.de wrote:

Thanks for your answers. Both sound quite interesting. I will check them
although JSPs are not my first choice too. Because I didn't found an
alternative yet, I am also interested in new ideas.

-Ursprüngliche Nachricht-
Von: sam lee [mailto:skyn...@gmail.com]
Gesendet: Freitag, 1. April 2011 15:30
An: users@sling.apache.org
Betreff: Re: Inheritance and URL decomposition

I think he really means cq:include/.

/apps/component/page
/apps/component/page/head.jsp
/apps/component/page/body.jsp
/apps/component/page/center.jsp
...
/apps/component/page/html.jsp

And, in html.jsp, you do:
cq:include script=center.jsp/


And, you have:
/apps/component/product  @sling:resourceSuperType = component/page
/apps/component/product/center.jsp
/apps/component/product/simple.html.jsp

And, in simple.html.jsp, you do:
cq:include script=html.jsp/

Then, I think component/page/html.jsp will be included since you did not
overwrote it in component/product.
And, the html.jsp in turn will include center.jsp.. and since center.jsp
is
overwritten, product/center.jsp will be used.

But that's CQ stuff.

In sling, you'll have to write your own taglib that does that. I am not
sure
if cq:include/ is open source.

But seriously... I would want to move away from jsp and use a proper html
templating.
Has anyone done this?




On Fri, Apr 1, 2011 at 9:21 AM, Justin Edelson
jus...@justinedelson.comwrote:

 Depending on the scope of the change between the regular and simple
 views, one thing you could do is just have an if statement in your
 center.jsp which does something like this:

 % if (simple.equals(slingRequest.getSelectorString()) { %
 !-- do the simple thing --
 % } else { %
 !-- do the non-simple thing --
 % } %

 Within the if / else blocks, you could include other scripts of course.

 HTH,
 Justin

 On Fri, Apr 1, 2011 at 5:27 AM, Marco Dohnke marco.doh...@valtech.de
 wrote:
  Yes I know. I also tried several ways with the resourceSuperType. The
 problem is:
 
  /apps/myapp/components/product/center.jsp overwrites
 /apps/myapp/components/page/center.jsp because the resourceSuperType is
set
 on it.
 
  But a sling selector is not useable for that. If I use
 /apps/.../product/simple.jsp I have to reimplement all what I
implemented in
 the page component. That's not very DRY. I thought there is a way to
achieve
 this.
 
  Kind regards,
  Marco
 
  -Ursprüngliche Nachricht-
  Von: Felix Meschberger [mailto:fmesc...@adobe.com]
  Gesendet: Freitag, 1. April 2011 10:50
  An: users@sling.apache.org
  Betreff: Re: Inheritance and URL decomposition
 
  Hi,
 
  Am Donnerstag, den 31.03.2011, 14:41 +0100 schrieb sam lee:
  Day CQ mailing list is: http://groups.google.com/group/day-communique
 
  If the resource, /products/my-first-product ,  has
sling:resourceType =
  /apps/foo/product,
  then, to render .html version of the resource,
  /apps/foo/product/html.jsp
  will be used.
  To render simple.html version of the resource,
  /apps/foo/product/simple.html.jsp will be used.
 
  You can do whatever you want in those .jsp files.
 
  I am not sure about inheritance.
  You can set /products/my-first-product's  sling:resourceSuperType =
  /apps/foo/page ..
  But I am not sure if that will help for your script resolution (using
  sling:include/).
 
  Yes, sling supports sling:resourceSuperType of course and thus all
  resolutions for scripts and servlets will check the resource type
  hierarchy.
 
  Regards
  Felix
 
 
 




-- 
Alexander Klimetschek
Developer // Adobe (Day) // Berlin - Basel

Re: sharing http session between sling servlets and other web applications in an EAR

[Alexander Klimetschek]

On 03.03.11 19:47, Unmesh Joshi unmeshjo...@gmail.com wrote:

The actual deserialization is going on and it happens only when
session.getAttribute is called from JSP in sling. If its called from
SlingServlet, which is in OSGI bundle, this doesn't happen.
We do not need serialization at all, but not sure why this kind of
thing is happening only when called from JSP running in sling.

Ok, that sounds a bit weird. How does the stack trace (when debugging)
look like if you call session.getAttribute() from a servlet in sling?

Regards,
Alex

-- 
Alexander Klimetschek
Developer // Adobe (Day) // Berlin - Basel

Re: sharing http session between sling servlets and other web applications in an EAR

[Alexander Klimetschek]

On 03.03.11 07:01, Unmesh Joshi unmeshjo...@gmail.com wrote:
1. Why would the classes be resolved in JSP components when exported
from a OSGI bundle which includes all the shared jars.
Here they are not getting loaded by shared ear class loader.

If these are JSPs running inside Sling, I would guess: it might be that
the classloader used by the JSP scripting engine actually directly uses
the shared classloader from the servlet container, without the need for
the special framework extension fragment in the OSGi container. But not
sure.

Some colleagues told me that session objects are actually getting
serialized and then deserialized in OSGI container, so the   behaviour
is similar to how remote calls work with serialization.

No, there is no serialization going on. AFAIK this only happens in servlet
containers that cache sessions on disk and/or move the session across
instances and hence need to serialize/deserialize them.

This statefulness (and complexity) you get here from using http sessions
is the central point why they are considered a bad idea (tm). OSGi itself
doesn't do anything here (since it is about classloading and a general
framework) and Sling also doesn't do anything with HttpSessions, so they
use them as they are provided by the underlying servlet container.

2. How does OSGI framework know about Ear classloader as its parent
classloader (and not go to Java system classloader)?
In the OSGI bundles, if I try to get parent classloader by calling
getClassLoader().getParent(), I get null, which I suppose means
bootstrap classloader.

I think the OSGi class loader prevents you from going to the parent class
loader, in order to make sure its class loading mechanism is not
mitigated. Internally it still has access to the parent class loader that
it gets from the servlet container (if the OSGi framework is running
inside a webapp, as it is the case with Sling), but here you need the
framework extension fragment being present so that OSGi can properly pass
those classes through (again, not 100% sure, Felix probably knows it
much better than me).

Regards,
Alex

-- 
Alexander Klimetschek
Developer // Adobe (Day) // Berlin - Basel

Re: sharing http session between sling servlets and other web applications in an EAR

[Alexander Klimetschek]

On 03.03.11 14:44, Unmesh Joshi unmeshjo...@gmail.com wrote:
When JSP running inside sling is trying to get session objects, it is
ALWAYS getting deserialized by weblogic. See the following stack
trace. This does not happen when Sling servlet is trying to get
session data. Is something special happens when JSP is processed by
sling?

at java.io.ObjectStreamClass.initNonProxy(ObjectStreamClass.java:546)
at 
java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1552)
at 
java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1466)
at 
java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1699)
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1305)
at java.io.ObjectInputStream.readObject(ObjectInputStream.java:348)
at 
weblogic.common.internal.PassivationUtils.toObject(PassivationUtils.java:5
4)
at 
weblogic.common.internal.PassivationUtils.toObject(PassivationUtils.java:4
6)
at 
weblogic.common.internal.PassivationUtils.copy(PassivationUtils.java:64)
at 
weblogic.servlet.internal.AttributeWrapper.getObject(AttributeWrapper.java
:100)
at 
weblogic.servlet.internal.AttributeWrapper.getObject(AttributeWrapper.java
:44)
at 
weblogic.servlet.internal.session.SessionData.getAttribute(SessionData.jav
a:395)
at 
weblogic.servlet.internal.session.SharedSessionData.getAttribute(SharedSes
sionData.java:59)
at 
org.apache.jsp.apps.myapp.components.Login.Login_jsp._jspService(Login_jsp
.java:145)

Well, not sure from the stacktrace if there is an actual deserialization
going on. Weblogic could also just try to read from some cache.

Maybe you could disable that serialization in Weblogic - I don't really
see the reason why you want that overhead between two webapps on the same
web application server. (Except persisting the sessions on disk is
important)

In any case, this is all happening inside Weblogic, not Sling. The JSP
just calls session.getAttribute() here.

Regards,
Alex

-- 
Alexander Klimetschek
Developer // Adobe (Day) // Berlin - Basel

Re: request.getCharacterEncoding() always returns ISO-8859-1

[Alexander Klimetschek]

On 25.02.11 11:43, Markus Joschko markus.josc...@gmail.com wrote:
Nevertheless I wonder why it is necessary to include a mandatory
parameter with always the same value.
Can't this be done by sling?

Yes, but it must match the value of the response of the previous request
(i.e. the html containing the form). Because this is the character
encoding that all browsers will use to construct the form - the problem is
only that they don't explicitly mention that in the request.

So it depends what character encoding the servlet or jsp is using to build
the html in the first place, hence by making it global on the input side
(you can't easily make output in utf-8 a global setting for all
servlets/jsps), you could run into issues. That's why the typical approach
settled on explicitly including the _charset_ parameter - because that one
is written in the code that is also setting the response output encoding.

Regards,
Alex

-- 
Alexander Klimetschek
Developer // Adobe (Day) // Berlin - Basel

Re: request.getCharacterEncoding() always returns ISO-8859-1

[Alexander Klimetschek]

On 25.02.11 16:41, James Stansell jstan...@gmail.com wrote:
These days UTF-8 seems like a reasonable convention to take advantage of.

Yes, but AFAIU from a standards perspective ISO-8859-1 is the default
fallback. Especially if you consider requests coming from other clients,
that were not provided by your web application itself as HTML pages.

Regards,
Alex

-- 
Alexander Klimetschek
Developer // Adobe (Day) // Berlin - Basel

Re: request.getCharacterEncoding() always returns ISO-8859-1

[Alexander Klimetschek]

On 25.02.11 17:12, Felix Meschberger fmesc...@adobe.com wrote:
But listening to our clients and users and understanding that most of
the time UTF-8 is used anyway, how about this solution:

  * We stick with the _charset_ parameter. Whatever that parameter
conveys is used to decode parameters.
  * If the parameter does not exist, we support a new configuration
option defining the default encoding to be used.
  * If the configuration option is also missing, we default to the
same value as we do today; which is ISO-8859-1

Of course the configuration option would not be set by default (for
backwards compatibility reasons).

Sounds good!

Regards,
Alex

-- 
Alexander Klimetschek
Developer // Adobe (Day) // Berlin - Basel

Re: Problem with registering a servlet for initial POST / Override SlingPostServlet

[Alexander Klimetschek]

On 20.02.11 08:49, Claus Augusti cl...@formatvorlage.de wrote:
curl -Fsling:resourceType=wcmpp/image -Fstate=1 -Ftitle=foobar
$SAURL/test/1

The sling:resourceType to resolve the resource type will only be taken
from the existing resources (in the repository). Specifying
sling:resourceType as a request parameter in this case will simply be
used like any other property for the sling post servlet, when creating
this node.

Doing a subsequent post to /test/1 triggers my servlet as expected, not
the SlingPostServlet.

Because now /test/1 with sling:resourceType=wcmpp/image exists in the
repository, hence the servlet resolution is different now.

 The only way I can get it to work at all for the
initial post is register the servlet using an additional:

@scr.property name=sling.servlet.paths
values.0=sling/servlet/default/POST

As specified, using an explicit path overrides everything else (and
makes my servlet the default servlet because of the prefix 0) and is not
the desired outcome.

Yes, this overrides the sling post servlet and you don't want to do that.

The point is that servlet resolution for non-existing resources is a
special case: normally, you don't want the client to know or specify the
resource type, incl. non-existing resources. But since no resource exists,
that could tell the type, handling must be different. The starting point
is that non-existing resource get a special sling:nonexisting resource
type, which you can handle. To separate them, you can act on selectors or
extensions (see https://issues.apache.org/jira/browse/SLING-864 ) or have
some custom handling based e.g. on paths.

Regards,
Alex

-- 
Alexander Klimetschek
Developer // Adobe (Day) // Berlin - Basel

Re: Resources and Servlets

[Alexander Klimetschek]

On 20.02.11 18:38, Unmesh Joshi unmeshjo...@gmail.com wrote:

 If you mean sling.servlet.paths that just models the same behavior as
if
 you would place a jsp under that path, e.g.
 /apps/myapp/components/foo/foo.servlet (servlet being used as extension
 for java servlets). Under the hood, the sling servlet resolution
mechanism
 always works based on paths, AFAIK, so this is simply an alternate way
for
 servlets than using sling.servlet.methods,
sling.servlet.resourceType
 etc.
But when we use sling.servlet.paths, even if resource is not
available, the servlet gets invoked for the path. How is that? Am I
missing anything?


Ah, yes, that is one special case, for java servlets. Not sure how if it
depends on the sling.servlet.paths ending with .servlet...

Regards,
Alex

-- 
Alexander Klimetschek
Developer // Adobe (Day) // Berlin - Basel

Re: getting ResourceResolver from JCR Session

[Alexander Klimetschek]

On 15.02.11 16:14, sam lee skyn...@gmail.com wrote:

Actually, I am writing Day CQ workflow:

public void execute(WorkItem item, WorkflowSession workflowSession,
MetaDataMap map) throws WorkflowException {

I get Session like:

final Session session = workflowSession.getSession();


Maybe this is Day specific. I'll open a customer support ticket on Day
side.

Not really, workflows are a background scenario where you have no request
and thus pre-defined resource resolver available.

Unless the Sling guys have a replacement for it (i.e. wrapping an existing
jcr session), I would continue to use the JcrResourceResolverFactory at
the moment.

Regards,
Alex

-- 
Alexander Klimetschek
Developer // Adobe (Day) // Berlin - Basel

Re: getting ResourceResolver from JCR Session

[Alexander Klimetschek]

On 15.02.11 17:43, Carsten Ziegeler cziege...@apache.org wrote:

If you're using Sling API 2.2.0 you can put the session into the
authentication map:

map.put( user.jcr.session, session);

and then call

getResourceResolver(map) on the ResourceResolverFactory.

Cool, didn't know that. Would probably be useful if this would be noted in
the deprecated notice of the JcrResourceResolverFactory class.

Regards,
Alex

-- 
Alexander Klimetschek
Developer // Adobe (Day) // Berlin - Basel

Re: Registering sling servlet for resource

[Alexander Klimetschek]

On 13.02.11 20:00, Unmesh Joshi unmeshjo...@gmail.com wrote:
/* @scr.property name=sling.servlet.resourceTypes value=test/login*/

If this is the complete javadoc annotations for the servlet class, then
the following is missing:

- @scr.component / @scr.service marking it as a component and service
(providing an implementation for the javax.servlet.Servlet interface)
- setting  the property sling.servlet.methods to handle POST requests
(by default, I think it will only be called for GET requests)

Hence you probably need:

/**
 * @scr.component metatype=false
 * @scr.service
 * @scr.property name=sling.servlet.resourceTypes value=test/login
 * @scr.property name=sling.servlet.methods value=POST
 */


Regards,
Alex

-- 
Alexander Klimetschek
Developer // Adobe (Day) // Berlin - Basel

Re: No JCR event when using the usermanager

[Alexander Klimetschek]

On 27.01.11 22:29, Felix Meschberger fmesc...@adobe.com wrote:
Vidar is right. In Jackrabbit 1 users used to be stored in the security
workspace. In Jackrabbit 2 this has been made a bit more pluggable, but
IIRC users are still stored in the security workspace.

I think the default in Jackrabbit 2 is to store users in the default
workspace (using the UserPerWorkspaceUserManager).

Regards,
Alex

-- 
Alexander Klimetschek
Developer // Adobe (Day) // Berlin - Basel

Re: Sling.getContent() and resourceType

[Alexander Klimetschek]

On 27.01.11 17:23, Andrew Top a...@adobe.com wrote:
How do I get Sling.getContent() to not follow the resourceType on a JCR
node?
...
I ended up using a GET.jsp so that sling/JCR would direct all GET
requests to my JSP page (i.e. http://server:port/mynode).

I think getContent() will use path.json, right? Then you should avoid
overwriting the json extension in your script, which you do by the generic
GET.jsp. If you only generate html in your jsp for example (for handling
requests like /something.html), you could use a GET.html.jsp.

Regards,
Alex

-- 
Alexander Klimetschek
Developer // Adobe (Day) // Berlin - Basel

Re: Sling.getContent() and resourceType

[Alexander Klimetschek]

On 27.01.11 17:55, Andrew Top a...@adobe.com wrote:
I have a node at /records say.  I want to user to be able to hit that
node by specifying the URL:  http://server:port/records.

What do you mean by hit that node? How do the responses look like -
html, xml, etc.?


  I have been using resourceType to accomplish that.  But without
specifying any selectors, extensions, suffixes, or anything else, I find
I need to use GET.jsp.  Is there a better way?  Or do I require the user
to add a 'html'?

You add whatever extension (and selectors) you are using. Using extensions
based on the response format is such a good practice that it is built into
the heart of Sling.

Using no extension at all is possible, but then you need to manually
handle the default servlets if you rely on them. For example, for the json
needed by getContent() you would have a GET.json.jsp and do sth. like
sling:include resourceType=default-json-servlet (where
default-json-servlet needs to be replaced with the right type, I don't
know it at the moment).

Regards,
Alex

-- 
Alexander Klimetschek
Developer // Adobe (Day) // Berlin - Basel

Re: Create a node in a different path and redirect to that

[Alexander Klimetschek]

On 24.01.11 10:32, Markus Joschko markus.josc...@gmail.com wrote:
It seems to cover a lot of the issues. I still think that it makes
sense to introduce preprocessors in addition.
Even if the operations are exposed as services, as long as the code is
package private (which makes sense), it is hard to extend them and
decorating them appropriately only works when code can be called
before and after the operations is executed.

Ok, I was thinking that you'd have a custom operation that will first
create your intermediary path and then call the existing modify operation
as service.

Regards,
Alex

-- 
Alexander Klimetschek
Developer // Adobe (Day) // Berlin - Basel

Re: [Off-Topic] Property level security

[Alexander Klimetschek]

On 13.01.11 08:25, Markus Joschko markus.josc...@gmail.com wrote:
I thought more in the direction of node traversal. Instead of loading
just one node and checking ACLs I have to load the parent node and
three childnodes to get a complete view. I have no idea how node
retrieval is implemented in jackrabbit but given there is a database
behind I fear that I have four db requests (parent+3 children) reads
instead of one to create my view.

This depends on the persistence manager. The bundle DB persistence manager
will do that (one bundle per node), but if you use e.g. the embedded Derby
or H2 persistence managers, you don't have network latency.

Also, the nodes are cached in Jackrabbit in-memory, so if you have
repeated read-only access to those nodes, there will be no need to fetch
them from the persistence manager again.

But you touch a good point: generally it is good to have a higher property
per node ratio - something like 5-10 properties per node. With 4 nodes per
request however, it should still be fine!

Regards,
Alex

-- 
Alexander Klimetschek
Developer // Adobe (Day) // Berlin - Basel

Re: Sling+ModeShape

[Alexander Klimetschek]

On 14.01.11 22:33, Carl Hall c...@hallwaytech.com wrote:

On Fri, Jan 14, 2011 at 2:47 AM, Carsten Ziegeler
cziege...@apache.orgwrote:
We have more features on our list for the resource resolver
 (factory/provider) which would allow to create, update and delete
 resources as well (I think there is a wiki page regarding this). So if
 you need something in this area, maybe it's now a good time to address
 these things

The resource resolver and resource provider have been invaluable to us.
The
resource layer in general has made our work much easier.

Please note that the current value of the resource API over the JCR API is
only that it is simpler, thus more quickly to implement with some custom
backend. If more and more is added to the Resource API, especially all the
complexities of write operations, this value will be completely lost, and
I would urge everyone doing so to implement the needed subset of the JCR
API instead.

Federation/virtual mounting (which is another useful feature of the
resource API) can also be done with the JCR API as modeshape shows or
something that we have in our proprietary CRX repository here at Adobe/Day.

It all just boils down to the development effort... but with JCR you get a
well-though out standard.

Just my 2 cents,
Alex

-- 
Alexander Klimetschek
Developer // Adobe (Day) // Berlin - Basel

Re: [Off-Topic] Property level security

[Alexander Klimetschek]

On 17.01.11 15:42, Markus Joschko markus.josc...@gmail.com wrote:
Does jackrabbit really make a request per next() call on the children
iterator or does it optimize and fetches all children (as long as the
number is reasonable low) when retrieving the iterator?

For getNodes() it uses a LazyItemIterator that fetches only on next(). In
your use case you will probably rather use getNode(childnode), where you
fetch node by node (since your application will most probably know what
the child nodes are).

But when talking about a few child nodes that won't make any difference at
all.

Finally, as noted before, if you do have use cases which fetch a lot of
different nodes (or better say: in all cases) your repository will be much
faster if you use a local persistence manager with no network connection
and no roundtrips.

Regards,
Alex

-- 
Alexander Klimetschek
Developer // Adobe (Day) // Berlin - Basel

Re: [Off-Topic] Property level security

[Alexander Klimetschek]

On 12.01.11 19:43, Markus Joschko markus.josc...@gmail.com wrote:
When property security is not an option I can only think about
introducing a childnode containing the approver information which can
be secured with the JCR capabilities.
However I already have the requirement to also protect three other
properties and I wonder what the performance impact might be when
splitting the node into a parent and protected children.

At every read operation of the parent node I then have to assemble all
children to provide a view to the client.
And the parent node is requested very often.
Any thoughts on this?

I think this approach with a protected subnode should be fine - and no
performance issue. ACL checks are done for every node anyway.

Regards,
Alex

-- 
Alexander Klimetschek
Developer // Adobe (Day) // Berlin - Basel

Re: Evaluating sling

[Alexander Klimetschek]

On 05.01.11 13:02, Markus Joschko markus.josc...@gmail.com wrote:
That's for the input side. I am also interested in the output
verification.
If I can't rely on my data having a certain format, I need to check
every property before accessing it.

I don't understand: if you do validate on input and/or use node types to
enforce a certain schema in your repository, why do you want to validate
it on output again?

If you have a model with more relaxed constraints, I agree, you want to
have some basic validation of the content. But I think this is the domain
of the application. A different application/template etc. might have a
slightly different view on the data. To do that, wrappers around Node or
Resource are what is IMHO typically used. You still get access to the
unstructured node, but you also can provide more complex, validating
getter-methods to use in your JSP templates.

And as I said, it is easy with JCR to for example read a long from a
property accidentally stored as string (see [1] and [2]).

I can do it in my view/template/script as it is done in the
options.esp from slingbucks
  // If field has a jcr:title property, we can use it.
if(f[jcr:title]) {   ...

or I check this before I pass the node/type/object to the
view/template to render it.
I'd prefer the later one to keep the template clean. Can this check be
done in a filter?

For output, a servlet filter (we are talking about plain standard javax
servlet filters here!) would need to parse the html/response format
created by your JSPs, which is probably a bit too complex ;-)

I am not talking about checking just a single property but instead
verifying that the data that I load from the repository is
representing
the type that I expect:

title,text,email = blog comment object that I can render in my view
email, picture = something is wrong here. My view can't handle this
one - error page

In Sling, you have the sling:resourceType that defines all the rendering.
It is a bit like a more flexible node type. Sling will resolve the right
JSP for a given resource type, so inside that JSP you can expect a certain
structure, if you otherwise ensure that these are properly created.

But in most cases the flexibility I was talking about is about adding new
properties (in future versions or for other apps), without having to
change your schema. This won't affect existing renderers (e.g. a JSP) at
all, if they just access the properties they expect and know.

Finally, from a general standpoint, it is a good practice to show as much
as possible instead of throwing an error at the user. So in your example
above you could at least show the email and have some default values for
the missing title and text, for example.

[1] 
http://www.day.com/specs/jcr/2.0/3_Repository_Model.html#PropertyTypeConver
sion
[2] http://www.day.com/specs/jcr/1.0/6.2.6_Property_Type_Conversion.html

Regards,
Alex

-- 
Alexander Klimetschek
Developer // Adobe (Day) // Berlin - Basel

Re: Evaluating sling

[Alexander Klimetschek]

On 05.01.11 14:12, Markus Joschko markus.josc...@gmail.com wrote:
But, when I understand the documentation of the PostServlet correctly
you have to explicitely
add an operation parameter to trigger the extension. Can I also
validate without relying on the client?
Otherwise the data can get into the repository unvalidated if the
parameter is forgotten or omitted.

A custom SlingPostProcessor runs after the post servlet has run the
respective post operation, so it works for all operations.

I wanted to know whether the filter knows enough about an incoming
request and if the currentNode object
is available to the filter. So the filter can validate and set request
attributes which can further be processed by the template.

Yes, the filter gets the SlingHttpServletRequest object (you need to cast
the (Http)ServletRequest object). Then you have access to the Resource of
the current request:

Resource res = slingRequest.getResource();

To get the node, you need to use the adapt mechanism (the currentNode in
JSPs/ESPs is only one of the variables preset in the script engines):

Node node = res.adaptTo(Node.class);

Regards,
Alex

-- 
Alexander Klimetschek
Developer // Adobe (Day) // Berlin - Basel

Re: Evaluating sling

[Alexander Klimetschek]

On 04.01.11 22:17, Markus Joschko markus.josc...@gmail.com wrote:
How do you get hold of the services in the JSP? Sorry I am not very
familiar with OSGI.
Is there a registry that can be used to get hold of a service?

sling.getService(com.foo.MyService.class)

See also https://cwiki.apache.org/SLING/scripting-variables.html

In a Java servlet it is even easier, since servlets are OSGi SCR
components anyway (to be exact: they are javax.servlet.Servlet service
implementations). There you can use the scr javadoc annotation style for
members:

/** @scr.reference */
MyService myservice;

Can services be injected into a taglib?

Yes, code is like that (to get the SlingScriptHelper which is the sling
from above):

SlingBindings bindings = (SlingBindings)
pageContext.getRequest().getAttribute(SlingBindings.class.getName());
SlingScriptHelper sling = bindings.getSling();
sling.getService(com.foo.MyService.class);


You would use ACL of course that prevent people from writing into
 locations they are not allowed to. The execution of scripts (setting a
 resource type and uploading a script) is restricted/able to certain
 folders.

Is there an example somewhere on how to do that? I would be interested.

You mean ACLs? See the Jackrabbit project, e.g.
http://wiki.apache.org/jackrabbit/AccessControl

Or the script restriction? This is configurable on the
org.apache.sling.servlets.resolver.SlingServletResolver, to configure it
in the felix webconsole, you can go to
http://localhost:8080/system/console/configMgr/org.apache.sling.servlets.re
solver.SlingServletResolver (port and context path depend on
installation). The default actually seems to be the whole repository (/).

Mhm, correct me if I am wrong but nt:unstructured allows the user to
define own properties on the fly as well, or?
I can name at least one security consultant who would freak out if
people can store content uncontrolled in the repository.

Because exactly? There would be a reason that he is allowed to add or edit
something in the first place.

OK, then the message is: If I want to have support for input
validation it makes sense to have custom node types (which might
inherit from nt:unstructured).

Not necessarily, I would opt for validation inside servlet filters, custom
POST script/servlet or sling post processor. Node types should only be
used for things that you know are really fixed and won't change much in
the future. Such as the common nt:file and nt:folder definitions in the
JCR spec.

That's where I see the types. They ensure that mandatory properties
are ... mandatory.
If in the future certain properties become optional it'll still be
possible to introduce these checks.

But not if these are enforced at the data layer and a (difficult) schema
change is needed to make them optional. You can change node types or
update node type definitions in JCR, but as in any repository/database,
this is not always trivial.

Regards,
Alex

-- 
Alexander Klimetschek
Developer // Adobe (Day) // Berlin - Basel

Re: Evaluating sling

[Alexander Klimetschek]

 administrative tasks.

Regards,
Alex

-- 
Alexander Klimetschek
Developer // Adobe (Day) // Berlin - Basel

Re: Evaluating sling

[Alexander Klimetschek]

 is there or not.

It is generally good to follow the robustness principle wrt data: ... be
liberal in what you accept. The above duck-typing, which is simple with
JCR, does exactly that. This allows it to change your content model much
easier in the future, when different requirements arise.

I am more in favor of having strong types and less code then more code
and loose types.

This might be good for the short-term (less code to write and to think
about), but for most applications this is a hurdle for the long term. A
good read regarding this is
http://dev.day.com/content/ddc/blog/2009/01/jcrrdbmsreport.html

Regards,
Alex

-- 
Alexander Klimetschek
Developer // Adobe (Day) // Berlin - Basel

Re: New tutorial about 'Getting Resources and Properties in Sling'

[Alexander Klimetschek]

On 15.12.10 17:30, sam lee skyn...@gmail.com wrote:

when I do,

final ResourceResolver resourceResolver =
resolverFactory.getAdministrativeResourceResolver(null);
final Session session = resourceResolver.adaptTo(Session.class);


do I need to call session.logout();?

Yes, if you create the session / resource resolver (which is what the
ResourceResolverFactory is doing), you should log out when you no longer
need it. When you only use the ResourceResolver, you should call close()
on it (it will in turn call session.logout() if it is based on a JCR
session).

This is different than for the implicit resourceResolver you get during
normal request processing. Sling manages closing of that one.

maybe

Session  session = null;
try {
 resolver = resolverFactory.getAdministrativeResourceResolver(null);
 session = resolver.adaptTo(Session.class);
 //spawn thread.. pass session..etc

} catch (...) {
} finally {
if (session != null  session.isLive()) {
session.logout();
}
}

Yes, except you don't need the isLive() check (logout() does not throw an
exception if its called twice).

And regarding thread spawning...

If I spawn threads and pass session, I'll have to pass call back too.
session.logout() in finally block will cause problem with the spawned
threads.

JCR Sessions are not thread-safe!

If you have different threads with a need for an admin session, then each
one should create its own session. Also, I would suggest to clean up i.e.
close sessions as soon as possible. Creating a session is cheap.

Regards,
Alex

-- 
Alexander Klimetschek
Developer // Adobe (Day) // Berlin - Basel

Re: Questions about sling and Day CQ

[Alexander Klimetschek]

On 03.12.10 07:50, Unmesh Joshi unmeshjo...@gmail.com wrote:
3. How are Day CQ and Sling related? Because we are unable to get dev
licenses for Day CQ. Is it worth doing spikes on Apache sling and
assume that the same thing will fit in Day CQ?

CQ's rendering is done by Sling, so all the things you learn in (core)
Sling can be applied to CQ.

Otherwise CQ provides more in many aspects, like providing a component
model, that itself uses the normal sling:resourceType for rendering. And
all the features and UI you need for a proper WCM, of course.

Regards,
Alex

-- 
Alexander Klimetschek
Developer // Adobe (Day) // Berlin - Basel

Re: Setting content type for dynamic JSPs

[Alexander Klimetschek]

On 02.11.10 16:32, Markus Pielmeier markus.pielme...@googlemail.com
wrote:


Hi,


I'm currently implementing some JSP pages for my Sling components. How
can I define a specific HTTP response content type for my dynamic JSP
pages? I want my page to be delivered with text/css MIME type.

I've created a new component my_component. Below MyComponent I've
added a JSP with the name my_component.css.jsp. my_component.css.jsp
has the following content:
---snip---
%...@page contentType=text/css; charset=utf-8%
.my_demo_css {
  /* further dynamic CSS code comes here */
}
---snip---

I can access my component with a URL like
http://localhost:4502/.../my_content.css. But the HTTP response from
Sling is delivered with a text/html content type.

Generally I'm not sure how Sling determines the response content type
for a delivered page. When I understand the documentation [1] right
then Sling uses the file extension to determine the MIME type for the
content type? But which extension is meant here? Is it the file
extension of the URL? Or is it the extension of my files in the JCR?

No, this mime type setting should only apply if a binary file is directly
streamed from the repository (using sling's fallback webdav servlet), but
not if this is a node with a resource type that is rendered using a jsp
script. In that case the jsp defines the content type of the response.

I've also tries to set the content type in the JSP manually:
---snip---
% response.setContentType(text/css; charset=utf-8); %
---snip---
This doesen't work either.

Both the @page directive and the response.setContentType() should work.

Are you sure you inspected that using a tool like curl? I remember
browsers sometimes showing text/html for all text files if you view them
directly in the browser...

 To me it seems like (maybe Sling)
overwrites the content type after my JSP is fully rendered. Can this
be the case?

I don't think so...

Regards,
Alex

-- 
Alexander Klimetschek
Developer // Adobe (Day) // Berlin - Basel

Re: Form post as submission...

[Alexander Klimetschek]

On Thu, Jul 22, 2010 at 21:44, Justin Edelson justinedel...@gmail.com wrote:
 On 7/22/10 3:17 PM, Tony Giaccone wrote:
 order
       nameBob Smith/name
       accountNumber12345/accountNumber
       lineItems
               lineItem id=1
                       qty1/qty
                       descWidget/desc
                       price1.99/price
                       lineTotal1.99/price
               /lineItem
               lineItem id=2
                       qty2/qty
                       descBar/desc
                       price2.00/price
                       lineTotal4.00/price
               /lineItem
       /lineItems
 /order


 I would treat this as four nodes:

 /orders/{orderID} - the order
 /orders/{orderID}/lineItems - a sling:OrderableFolder
 /orders/{orderID}/lineItems/1 - the first item
 /orders/{orderID}/lineItems/2 - the second item

From a nice paths/URLs content model perspective, I would give them
readable names. In this example using the description for example,
using :nameHint = description.

/orders/{orderID} - the order
/orders/{orderID}/items - a sling:OrderableFolder
/orders/{orderID}/items/widget
/orders/{orderID}/items/bar
/orders/{orderID}/items/bar_1

:nameHint will ensure a unique name in case of duplicates. Also using
shorter names like items instead of lineItems has its advantages
(shorter URLs, more easily readable, etc.).

Just my 2 cents...
Alex

-- 
Alexander Klimetschek
alexander.klimetsc...@day.com

Re: Form post as submission...

[Alexander Klimetschek]

On Fri, Jul 23, 2010 at 14:00, Tony Giaccone tgiacc...@masslight.net wrote:
 There's no name for a line item, that you can use like you would a blog 
 posting.

Have you seen my reply?

In reality, there always is some kind of name. Auto-numbered integer
IDs are only so common, because relational databases made them
popular, and use them for efficient relations between tables. But an
ID only has to be unique... and a unique string name or path is
sufficient as well. Giving it a readable name makes it more easy for
the developer and content administrator to work with the content.
Just as in a unix filesystem.

Regards,
Alex

-- 
Alexander Klimetschek
alexander.klimetsc...@day.com

Re: Form post as submission...

[Alexander Klimetschek]

On Fri, Jul 23, 2010 at 15:24, Justin Edelson justinedel...@gmail.com wrote:
 Pretty sure :nameHint can't be used for anything other than the
 top-level node submitted in a post.

 input type=text name=name value=Bob Smith/
 input type=text name=accountNumber value=12345/
 input type=text name=items/widget/qty value=1/
 input type=text name=items/bar/qty value=2/

 If you have a second items/bar/qty, it'll just overwrite the first.

 Am I missing something?

Ah, you might be right. But that is then only a limitation of the post
servlet, that one could improve. Or workaround to get the right
content structure.

Regards,
Alex

-- 
Alexander Klimetschek
alexander.klimetsc...@day.com

Re: Form post as submission...

[Alexander Klimetschek]

On Fri, Jul 23, 2010 at 15:44, Justin Edelson justinedel...@gmail.com wrote:
 Alex is correct that this isn't a very user-friendly name, but I'm not
 sure how much that matters *in this particular context*.

Agreed, in this context, numbers might be ok.

 Line items have limited data and they have exactly the same structure, and 
 they have data that's of the same types.

 So my question is, am I modeling at the wrong level of abstraction? Should I 
 have one node that describes the whole order? If so how do I handle line 
 items in that entry?
 I think you're heading in the right direction - one node containing the
 first-level properties of the order and then an ordered list of child
 nodes for the line items. As I said, I suggest using an intermediate
 node between the order node and the line items.

There is one small important thing, that looks like it's already
implicitly present in the proposed structures, but still should be
highlighted: for the values, use JCR properties. The plain XML
structure of a single line item, with XML elements for each value

qty1/qty
descWidget/desc
price1.99/price
lineTotal1.99/price

could naively be mapped to JCR nodes. But this would be very
inefficient, also for the Jackrabbit implementation. And since you
have multi-value properties in JCR, which in XML must be expressed as
elements (if comma-separated attribute values don't do it), you can
handle all cases.

Regards,
Alex

-- 
Alexander Klimetschek
alexander.klimetsc...@day.com

Re: Registering a Filter with Felix

[Alexander Klimetschek]

On Sat, May 22, 2010 at 16:59, Mike - RAC rac.m...@gmail.com wrote:
 I created a Servlet Filter that checks whether the user is allowed to access
 a node or not.

Have you considered using JCR access control for that?

Regards,
Alex

-- 
Alexander Klimetschek
alexander.klimetsc...@day.com

Re: Pointers on scripting data to html

[Alexander Klimetschek]

On Tue, May 25, 2010 at 02:14, Justin Edelson justinedel...@gmail.com wrote:
 If I was using Sling in an order management system, I would still model
 it as a tree of nodes. Nodes aren't expensive to create (although 50
 nodes for an order seems high).

A high number of nodes typically comes from a one-to-one mapping from
XML structures. But this can be reduced in JCR, most importantly
through the availability of multi-value properties. And one should not
have one node per key-value pair, ie. one node that just holds one
property. Instead these could move up on level and be among other
key-value properties.

A good ratio to aim for is to have 5-10 properties per node on average
in your content model (or even more). The reason is that Jackrabbit
stores so called node bundles which contain a node with all its
properties. The less nodes you have, the faster your reads.

Regards,
Alex

-- 
Alexander Klimetschek
alexander.klimetsc...@day.com

Re: Another topic, something easy (I hope).

[Alexander Klimetschek]

On Wed, May 26, 2010 at 22:45, Peter Chiochetti p...@myzel.net wrote:
 How can in insert a new value into that node replacing a value that exists
 already?

 currentNode.checkin(); changeValue(); currentNode.checkout(); // correct
 sequence?

No, a little bit different:

currentNode.checkout(); // make the HEAD of the versioned node modifiable

changeValue(); // modify using normal JCR ops
session.save(); // save changes (this could happen multiple times
between checkouts/ins)

currentNode.checkin(); // archive a new version based on the current HEAD

Regards,
Alex

-- 
Alexander Klimetschek
alexander.klimetsc...@day.com

Re: missing something..

[Alexander Klimetschek]

On Wed, May 12, 2010 at 03:56, Tony Giaccone t...@giaccone.org wrote:
        String repoURL = 
 http://admin:ad...@localhost:8080/sling/content/myNode;;

            PostMethod post = new PostMethod(repoURL);
 ...
                        status = client.executeMethod( post );
 ...
 javax.jcr.AccessDeniedException: /content/myNode/sling:resourceType: not 
 allowed to add or modify item


Note sure, but I think commons-httpclient doesn't use credentials
given in the url like admin:admin. You have to use a Credentials
object.

Or maybe it is not doing a preemptive authentication (which is
required for a POST to sling for the out-of-the-box http basic auth
handler in Sling, afaik).

See here: http://hc.apache.org/httpclient-3.x/authentication.html

Regards,
Alex

-- 
Alexander Klimetschek
alexander.klimetsc...@day.com

Re: Sling on GAE

[Alexander Klimetschek]

On Wed, Apr 14, 2010 at 20:00, Luca Masini luca.mas...@gmail.com wrote:
 I would love to use Sling to access the Google Data Store and program user
 interface in an easy way. Now I know that, due to limitations on the GAE
 environment this will be really hard (I don't know how to make Felix run on
 there without writing files or launching threads), so I want to discuss this
 with Sling experts and know what do you think about the idea and if is
 something doable.

So you would want to use Sling directly on top of the Google Data
Store and not use JCR? In theory this should be possible, but might
require additional work besides the basic issues like multiple
threads, running an OSGi framework etc. Many things in Sling work
based on a JCR repository. You can build a resource tree based on
other backends, but this is a bit like reinventing the wheel.

If JCR should be used as well on GAE below Sling, this also requires
changes to Jackrabbit: first a datastore/persistence manager using the
google data store as backend and secondly removing all background
threads in Jackrabbit. See also
http://wiki.apache.org/jackrabbit/JackrabbitOnCloud or the discussion
at http://markmail.org/thread/n4redkdzyxaval7r

I think it would be easier if the GAE guys would remove some of the
constraints to allow for infrastructure apps. Maybe you can persuade
them ;-)

Regards,
Alex

-- 
Alexander Klimetschek
alexander.klimetsc...@day.com

Re: SlingPostServlet saves operations that throw an error in the log but return 200 responses

[Alexander Klimetschek]

On Thu, Apr 1, 2010 at 20:13, Michael Yin yincr...@gmail.com wrote:
 Just tested this. setting :status to standard still resulted in a 200 OK
 response.

Looks like a bug. I quickly looked at the newest version of the code
involved and it looks a bit different than before and too complicated
(*) to see the code paths without debugging. But it seems that it
could spit out a 200 even if an exception happened.

I think you should report an issue in Jira.

(*) My observations: HtmlResponse and the new JSONResponse have
prepare() (sets status code before send() sets it again), a
PN_STATUS_CODE property (never set?), getError() (overrides
PN_STATUS_CODE?) and a setStatus parameter in send (ignored in
JSONResponse).

Regards,
Alex

-- 
Alexander Klimetschek
alexander.klimetsc...@day.com

Re: SlingPostServlet saves operations that throw an error in the log but return 200 responses

[Alexander Klimetschek]

On Wed, Mar 31, 2010 at 03:06, Michael Yin yincr...@gmail.com wrote:
 I would argue that errors should be given an appropriate response. Most of
 the other actions that I've seen return appropriate error responses, such as
 doing xpath searches with improper syntax returns a 500 or when a resource
 isn't found, returning a 404. You can still output HTML with a non-200
 response. Otherwise it just seems inconsistent.

By default, http error codes should be set. This behavior can be
controlled via the :status parameter.

http://sling.apache.org/site/manipulating-content-the-slingpostservlet-servletspost.html#ManipulatingContent-TheSlingPostServlet%2528servlets.post%2529-%257B%257B%253Astatus%257D%257D

The reason for having 200's in some cases is when using ajax/iframe
requests from browsers, where non-200 responses might get lost.

Regards,
Alex

-- 
Alexander Klimetschek
alexander.klimetsc...@day.com

Re: XPath queries

[Alexander Klimetschek]

On Wed, Mar 24, 2010 at 21:57, Michael Yin yincr...@gmail.com wrote:
 Is there any documentation on doing xpath queries via sling?
 I found this blog post, but it'd be nice if there were some official docs.

 http://in-the-sling.blogspot.com/2008/09/how-to-use-json-query-servlet.html

As noted in that article, the json query servlet is get by using the
query selector and the json extension. The query type is given in
the queryType parameter (xpath or sql) and the statement is in the
statement parameter.

The queries itself are standard JCR queries, see the JCR 1.0 spec [1]
[2], the jackrabbit mailing lists or some googling for eg. jcr
xpath.

[1] http://jcp.org/en/jsr/detail?id=170
[2] http://www.day.com/specs/jcr/1.0/

Regards,
Alex

-- 
Alexander Klimetschek
alexander.klimetsc...@day.com

Re: Reserve a Path for a particular Servlet

[Alexander Klimetschek]

On Thu, Feb 25, 2010 at 20:53, Andreas Schaefer schaef...@me.com wrote:
 Still the servlet is not called using this:

        curl -X POST http://localhost:8080/client/myTest

 but it works with this:

        curl -X POST http://localhost:8080/client.servlet/myTest

 Does this mean that the a servlet path without '.servlet' suffix is only 
 handled when that particular path is entered? And with the '.servlet' suffix 
 any path after that is redirected to that servlet?

 Is there any way to tell Sling to redirect a sub path to a particular servlet 
 without the '.servlet' suffix??

It very much depends on what part of the path exists as resource/node
already. Sling will use the longest matching and existing path as
resource and resolve servlets from there. See [1]. Then either a
servlet with a matching path will be used (sling.servlet.paths) or the
resource type (node type or sling:resourceType) will be used to locate
a servlet.

I would recommend to use the latter variant as much as possible. Using
the resource type indirection gives you more flexibility: you can use
the same servlet for many resources and changing URLs is done by
changing content only, not modifying servlet code.

[1] http://sling.apache.org/site/url-decomposition.html

Regards,
Alex

-- 
Alexander Klimetschek
alexander.klimetsc...@day.com

Re: Script-based access control

[Alexander Klimetschek]

On Fri, Nov 13, 2009 at 14:23, Vidar Ramdal vi...@idium.no wrote:
 I remember a blog post from some time ago, which provided an example
 of implementing access control in Sling/JCR using a (java-)script.
 However, I cannot find back to this blog post. Does this ring a bell
 with anyone?

I guess you mean
http://dev.day.com/microsling/content/blogs/main/theaclisdead.html

Regards,
Alex

-- 
Alexander Klimetschek
alexander.klimetsc...@day.com

Re: Loading configuration files

[Alexander Klimetschek]

On Fri, Oct 30, 2009 at 18:21, Vidar Ramdal vi...@idium.no wrote:
 Is there a way to provide configuration files (*.config) as
 initial-content in a bundle?

 We need to set a config property for the Authorization Header
 Authenticator, and I've found the config file under the
 sling/config/org/o/a/s/httpauth/impl/AuthorizationHeaderAuthenticationHandler.config
 - which I have edited.
 Now, I'd like to apply this configuration when I install a bundle.

 Is that possible, and how?

Yes, using the jcrinstall bundle and creating a sling:OsgiConfig node
(which you can easily define as initial content). The node must reside
in a config folder and have the name of the service pid, ie. the
class name. For Example:

/libs/sling/config/org.apache.sling.commons.log.LogManager

The properties of this node will be mapped one to one on OSGI config
properties, eg.

org.apache.sling.commons.log.level = info
(string property)

See also Install, modify and remove a configuration on
http://sling.apache.org/site/jcr-installer-jcrjcrinstall-and-osgiinstaller.html

Regards,
Alex

-- 
Alexander Klimetschek
alexander.klimetsc...@day.com