Expand my Community achievements bar.

SOLVED

How to increase recursion depth when requesting JSON renditions of JCR?

Avatar

Level 5

Hey guys,

 

I can request a representation of the JCR in JSON format by requesting a path with .json at the end. For example:

 

http://author:4502/content/panerabread_com/en-us/menu.2.json

Give me:

{
"jcr:primaryType": "cq:Page",
"jcr:createdBy": "admin",
"jcr:created": "Mon Feb 08 2021 11:10:35 GMT-0600",
"jcr:content": {
"jcr:primaryType": "cq:PageContent",
"jcr:mixinTypes": [
"mix:versionable"
],
"jcr:createdBy": "admin",
"jcr:title": "Menu",
"cq:lastReplicationAction": "Activate",
"jcr:versionHistory": "48bffb93-389c-48b6-adec-52308e1620dc",
"cq:template": "/conf/panerabread/settings/wcm/templates/panerabread-general-page",
"cq:lastReplicatedBy": "admin",
"jcr:language": "en",
"jcr:predecessors": [
"ed1af475-f38f-4fdb-99e5-a2f6af78203a"
],
"cq:contextHubSegmentsPath": "/etc/segmentation/contexthub",
"jcr:created": "Mon Feb 08 2021 11:10:35 GMT-0600",
"cq:lastReplicated": "Mon Mar 15 2021 14:14:34 GMT-0500",
"cq:lastModified": "Mon Nov 18 2019 15:20:17 GMT-0600",
"jcr:description": "Menu",
"jcr:baseVersion": "ed1af475-f38f-4fdb-99e5-a2f6af78203a",
"jcr:isCheckedOut": true,
"pageTitle": "Menu",
"jcr:lastModified": "Tue Nov 10 2020 13:46:46 GMT-0600",
"jcr:uuid": "281efb27-c6ea-4af4-bb2f-7378162d40c3"
}

(actually a lot more you don't need all the details)

 

But I can't do the same on publish:

 

http://publish:4502/content/panerabread_com/en-us/menu.2.json

 

gives:

 

[
"/content/panerabread_com/en-us/menu.1.json",
"/content/panerabread_com/en-us/menu.0.json"
]

 

I believe that publish is restricted from recursing beyond a certain depth for security reasons, but I'd like to be able to enable arbitrary recursion in test environments to more easily troubleshoot issues. What config should I change to enable that?

 

Thanks!

1 Accepted Solution

Avatar

Correct answer by
Community Advisor

Try to increase the "JSON Max results" to a larger value from /system/console/configMgr/org.apache.sling.servlets.get.DefaultGetServlet

BrianKasingli_1-1622594202425.png

 

 

View solution in original post

2 Replies

Avatar

Correct answer by
Community Advisor

Try to increase the "JSON Max results" to a larger value from /system/console/configMgr/org.apache.sling.servlets.get.DefaultGetServlet

BrianKasingli_1-1622594202425.png

 

 

Avatar

Employee Advisor

Hi @jkpanera!

 

@BrianKasinglialready pointed you to the according configuration.

 

Please keep in mind that this feature should be used with care on the publish side.

It exposes a lot of internal information to the broad public, potentially including personally identifiable information (PII) such as user names of content authors that are often their e-mail addresses (see jcr:createdBy, cq:lastReplicatedBy, jcr:lastModifiedBy). If you increase the allowMaxResults to high values and expose that on the publish side, an external party could use that mechanism to extract your content including lots of details about content creation, content authors and your application in a structured way. Usually, this is not desired and could even pose a security risk. By default, the JSON selector is (and should be) blocked by the dispatcher filter configurations.

 

If you want to consume content in JSON format for external usage there are other methods that handle similar requirements. So the main question is about your use case and what you want to achieve with this.

Please take a look at the following resources for alternative approaches:

 

Hope that helps!