You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by bu...@apache.org on 2018/04/05 12:57:30 UTC

svn commit: r1027894 - in /websites/production/cxf/content: cache/docs.pageCache docs/jax-rs-search.html

Author: buildbot
Date: Thu Apr  5 12:57:29 2018
New Revision: 1027894

Log:
Production update by buildbot for cxf

Modified:
    websites/production/cxf/content/cache/docs.pageCache
    websites/production/cxf/content/docs/jax-rs-search.html

Modified: websites/production/cxf/content/cache/docs.pageCache
==============================================================================
Binary files - no diff available.

Modified: websites/production/cxf/content/docs/jax-rs-search.html
==============================================================================
--- websites/production/cxf/content/docs/jax-rs-search.html (original)
+++ websites/production/cxf/content/docs/jax-rs-search.html Thu Apr  5 12:57:29 2018
@@ -118,11 +118,11 @@ Apache CXF -- JAX-RS Search
            <!-- Content -->
            <div class="wiki-content">
 <div id="ConfluenceContent"><h1 id="JAX-RSSearch-JAX-RSSearch">JAX-RS Search</h1><p>&#160;</p><p><style type="text/css">/*<![CDATA[*/
-div.rbtoc1522857365130 {padding: 0px;}
-div.rbtoc1522857365130 ul {list-style: disc;margin-left: 0px;}
-div.rbtoc1522857365130 li {margin-left: 0px;padding-left: 0px;}
+div.rbtoc1522933011851 {padding: 0px;}
+div.rbtoc1522933011851 ul {list-style: disc;margin-left: 0px;}
+div.rbtoc1522933011851 li {margin-left: 0px;padding-left: 0px;}
 
-/*]]>*/</style></p><div class="toc-macro rbtoc1522857365130">
+/*]]>*/</style></p><div class="toc-macro rbtoc1522933011851">
 <ul class="toc-indentation"><li><a shape="rect" href="#JAX-RSSearch-JAX-RSSearch">JAX-RS Search</a>
 <ul class="toc-indentation"><li><a shape="rect" href="#JAX-RSSearch-AdvancedSearchQueries">Advanced Search Queries</a></li><li><a shape="rect" href="#JAX-RSSearch-SupportedQueryLanguages">Supported Query Languages</a>
 <ul class="toc-indentation"><li><a shape="rect" href="#JAX-RSSearch-FeedItemQueryLanguage">Feed Item Query Language</a></li><li><a shape="rect" href="#JAX-RSSearch-OpenDataProtocol">Open Data Protocol</a></li></ul>
@@ -288,7 +288,7 @@ assertEquals("SELECT LEVEL_COLUMN FROM t
               WHERE LEVEL_COLUMN &gt; '10'",
               visitor.getQuery());
 </pre>
-</div></div><p>The fields map can help hide the names of the actual table columns/record fields from the Web frontend. Example, the users will know that the 'level' property is available while internally it will be converted to a LEVEL_COLUMN name.</p><h3 id="JAX-RSSearch-JPA2.0">JPA 2.0</h3><p>CXF 2.6.4 and CXF 2.7.1 introduce org.apache.cxf.jaxrs.ext.search.jpa.JPATypedQueryVisitor and org.apache.cxf.jaxrs.ext.search.jpa.JPACriteriaQueryVisitor which can be used to capture FIQL/OData expressions into <br clear="none"> javax.persistence.TypedQuery or javax.persistence.criteria.CriteriaQuery objects.</p><p>For example, given:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
+</div></div><p>The fields map can help hide the names of the actual table columns/record fields from the Web frontend. Example, the users will know that the 'level' property is available while internally it will be converted to a LEVEL_COLUMN name.</p><p><strong>Warning</strong>: Using the SQLPrinterVisitor may leave your service open to SQL injection attacks. Please take appropriate steps to avoid these attacks (for example validating queries using a custom PropertyValidator, or <a shape="rect" class="external-link" href="https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet#Defense_Option_4:_Escaping_All_User-Supplied_Input" rel="nofollow">manually escaping</a> the input values).</p><h3 id="JAX-RSSearch-JPA2.0">JPA 2.0</h3><p>CXF 2.6.4 and CXF 2.7.1 introduce org.apache.cxf.jaxrs.ext.search.jpa.JPATypedQueryVisitor and org.apache.cxf.jaxrs.ext.search.jpa.JPACriteriaQueryVisitor which can be used to capture FIQL/OData expressions into <br clear="none"> javax.persiste
 nce.TypedQuery or javax.persistence.criteria.CriteriaQuery objects.</p><p>For example, given:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
 <pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">public class Book {
 
     private String title;
@@ -547,7 +547,7 @@ LdapQueryVisitor&lt;Condition&gt; visito
 filter.accept(visitor.visitor());
 String ldap = visitor.getQuery();
 </pre>
-</div></div><h3 id="JAX-RSSearch-HBase">HBase</h3><p>&#160;</p><p>CXF 3.0.2 introduces an initial support for querying HBase databases. Please see <a shape="rect" class="external-link" href="https://fisheye6.atlassian.com/browse/cxf/rt/rs/extensions/search/src/test/java/org/apache/cxf/jaxrs/ext/search/hbase/HBaseVisitorTest.java?r=35b9209c04154bb00f1168cbeaa94314af070609" rel="nofollow">this test</a> for more information.</p><h3 id="JAX-RSSearch-Customvisitors">Custom visitors</h3><p>In cases when a custom conversion has to be done, a converter for doing the untyped (example, SQL) or typed (example, JPA2 TypedQuery) conversions can be provided.</p><h4 id="JAX-RSSearch-Untypedconverters">Untyped converters</h4><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
+</div></div><p>Note that <a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/CXF-7701">since</a> CXF 3.2.5 the query values are encoded by default, to prevent possible LDAP injection attacks. If you want to support wildcard searching with the LdapQueryVisitor from CXF 3.2.5 onwards, it is necessary to set the 'encodeQueryValues' property of LdapQueryVisitor to 'false'.</p><h3 id="JAX-RSSearch-HBase">HBase</h3><p>&#160;</p><p>CXF 3.0.2 introduces an initial support for querying HBase databases. Please see <a shape="rect" class="external-link" href="https://fisheye6.atlassian.com/browse/cxf/rt/rs/extensions/search/src/test/java/org/apache/cxf/jaxrs/ext/search/hbase/HBaseVisitorTest.java?r=35b9209c04154bb00f1168cbeaa94314af070609" rel="nofollow">this test</a> for more information.</p><h3 id="JAX-RSSearch-Customvisitors">Custom visitors</h3><p>In cases when a custom conversion has to be done, a converter for doing the untyped (example, SQL) or typed (exampl
 e, JPA2 TypedQuery) conversions can be provided.</p><h4 id="JAX-RSSearch-Untypedconverters">Untyped converters</h4><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
 <pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">public class CustomSQLVisitor&lt;T&gt; extends AbstractSearchConditionVisitor&lt;T, String&gt; {
 
     private String tableName;