Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn More

View all

Sign in to view all badges

How to increase recursion depth when requesting JSON renditions of JCR?

Avatar

Avatar
Springboard
Level 3
jkpanera
Level 3

Likes

18 likes

Total Posts

107 posts

Correct Reply

2 solutions
Top badges earned
Springboard
Establish
Validate 10
Validate 1
Ignite 5
View profile

Avatar
Springboard
Level 3
jkpanera
Level 3

Likes

18 likes

Total Posts

107 posts

Correct Reply

2 solutions
Top badges earned
Springboard
Establish
Validate 10
Validate 1
Ignite 5
View profile
jkpanera
Level 3

01-06-2021

Hey guys,

 

I can request a representation of the JCR in JSON format by requesting a path with .json at the end. For example:

 

http://author:4502/content/panerabread_com/en-us/menu.2.json

Give me:

{
"jcr:primaryType": "cq:Page",
"jcr:createdBy": "admin",
"jcr:created": "Mon Feb 08 2021 11:10:35 GMT-0600",
"jcr:content": {
"jcr:primaryType": "cq:PageContent",
"jcr:mixinTypes": [
"mix:versionable"
],
"jcr:createdBy": "admin",
"jcr:title": "Menu",
"cq:lastReplicationAction": "Activate",
"jcr:versionHistory": "48bffb93-389c-48b6-adec-52308e1620dc",
"cq:template": "/conf/panerabread/settings/wcm/templates/panerabread-general-page",
"cq:lastReplicatedBy": "admin",
"jcr:language": "en",
"jcr:predecessors": [
"ed1af475-f38f-4fdb-99e5-a2f6af78203a"
],
"cq:contextHubSegmentsPath": "/etc/segmentation/contexthub",
"jcr:created": "Mon Feb 08 2021 11:10:35 GMT-0600",
"cq:lastReplicated": "Mon Mar 15 2021 14:14:34 GMT-0500",
"cq:lastModified": "Mon Nov 18 2019 15:20:17 GMT-0600",
"jcr:description": "Menu",
"jcr:baseVersion": "ed1af475-f38f-4fdb-99e5-a2f6af78203a",
"jcr:isCheckedOut": true,
"pageTitle": "Menu",
"jcr:lastModified": "Tue Nov 10 2020 13:46:46 GMT-0600",
"jcr:uuid": "281efb27-c6ea-4af4-bb2f-7378162d40c3"
}

(actually a lot more you don't need all the details)

 

But I can't do the same on publish:

 

http://publish:4502/content/panerabread_com/en-us/menu.2.json

 

gives:

 

[
"/content/panerabread_com/en-us/menu.1.json",
"/content/panerabread_com/en-us/menu.0.json"
]

 

I believe that publish is restricted from recursing beyond a certain depth for security reasons, but I'd like to be able to enable arbitrary recursion in test environments to more easily troubleshoot issues. What config should I change to enable that?

 

Thanks!

Accepted Solutions (1)

Accepted Solutions (1)

Avatar

Avatar
Establish
MVP
BrianKasingli
MVP

Likes

611 likes

Total Posts

588 posts

Correct Reply

230 solutions
Top badges earned
Establish
Ignite 1
Give Back 5
Give Back 3
Give Back 10
View profile

Avatar
Establish
MVP
BrianKasingli
MVP

Likes

611 likes

Total Posts

588 posts

Correct Reply

230 solutions
Top badges earned
Establish
Ignite 1
Give Back 5
Give Back 3
Give Back 10
View profile
BrianKasingli
MVP

01-06-2021

Try to increase the "JSON Max results" to a larger value from /system/console/configMgr/org.apache.sling.servlets.get.DefaultGetServlet

BrianKasingli_1-1622594202425.png

 

 

Answers (1)

Answers (1)

Avatar

Avatar
Boost 100
Employee
markus_bulla_adobe
Employee

Likes

105 likes

Total Posts

87 posts

Correct Reply

45 solutions
Top badges earned
Boost 100
Applaud 25
Affirm 25
Boost 50
Boost 25
View profile

Avatar
Boost 100
Employee
markus_bulla_adobe
Employee

Likes

105 likes

Total Posts

87 posts

Correct Reply

45 solutions
Top badges earned
Boost 100
Applaud 25
Affirm 25
Boost 50
Boost 25
View profile
markus_bulla_adobe
Employee

02-06-2021

Hi @jkpanera!

 

@BrianKasinglialready pointed you to the according configuration.

 

Please keep in mind that this feature should be used with care on the publish side.

It exposes a lot of internal information to the broad public, potentially including personally identifiable information (PII) such as user names of content authors that are often their e-mail addresses (see jcr:createdBy, cq:lastReplicatedBy, jcr:lastModifiedBy). If you increase the allowMaxResults to high values and expose that on the publish side, an external party could use that mechanism to extract your content including lots of details about content creation, content authors and your application in a structured way. Usually, this is not desired and could even pose a security risk. By default, the JSON selector is (and should be) blocked by the dispatcher filter configurations.

 

If you want to consume content in JSON format for external usage there are other methods that handle similar requirements. So the main question is about your use case and what you want to achieve with this.

Please take a look at the following resources for alternative approaches:

 

Hope that helps!