Skip to main content

Using JavaScript hashCode to enable Cocoon caching of POST requests

I've just faced an issue with the Cocoon caching related to POST requests. Let me describe the use case here. We use a custom XQueryGenerator to execute XQuery code over Sedna XML Database and then process the XML results in the Cocoon pipeline. For the sake of performance, I configured the pipeline caching based on the expiration timeout of 60 seconds for all XQuery invocations: 
<map:pipeline id="cached-services" type="expires" internal-only="true">
  <map:parameter name="cache-expires" value="60"/>
  <map:parameter name="cache-key" 
                 value="{request:sitemapURI}?{request:queryString}"/>

  <map:match pattern="cached-internal-xquery/**">
    <map:generate src="cocoon:/xquery-macro/{1}" type="queryStringXquery">
      <map:parameter name="contextPath" value="{request:contextPath}"/>
    </map:generate>
    <map:transform src="xslt/postprocessXqueryResults.xslt" type="saxon"/>
    <map:serialize type="xml"/>
  </map:match>
</map:pipeline>
So you can see that both a request sitemap URI and a query string are used to form the cache key. It works perfectly until you want to send XQuery parameters via POST method instead of GET. Then the query string will be empty and identical for all the POST requests. As a result, one POST request's results will be cached for all of them, the caching breaks it all.

You may wonder why we need POST requests to actually load XML data. This is because we cannot predict how many request parameters will be there as they are generated from the list of identifiers like this: 
// id_list is a Collection of identifiers to be sent as request parameters
var postData = id_list.stringJoin(
        function(object) { return "id=" + object },
        "&"
);
    
var uri = "xquery/basictype_tree";

// This sends an asynchronous request and
// inserts its results into the containerId element.
new SimpleContainerTransaction(
    {
        "uri": uri, "containerId": "treenode-details-container",
        "method": "POST", "data": postData
    }
).execute();
Here the SimpleContainerTransaction is a part of a custom YUI3-based Transaction utility.

Now it's time to fix the issue. It seems quite obvious that we should simply generate a fake GET parameter in addition to meaningful POST parameters. This fake parameter will be a hash of POST parameters to make identical requests have identical hash values. As soon as we implement this, the caching should work perfectly for this use case as well.

As we generate POST parameters string in JavaScript, I googled for JavaScript hash implementations and discovered this pretty overview of possible JavaScript hash solutions. So I adapted the first one and incorporated it into our project JS library: 
String.prototype.hashCode = function() {
    var charCode, hash = 0;
    if (this.length == 0) return hash;
    for (var i = 0; i < this.length; i++) {
        charCode = this.charCodeAt(i);
        hash = ((hash << 5) - hash) + charCode;
        hash = hash & hash; // Convert to 32bit integer
    }
    return hash;
}
This extends all String objects' with the hashCode function. So let's fix now the caching issue by appending POST parameters hash as a GET parameter to the URL: 
var uri = "xquery/basictype_tree?hash=" + postData.hashCode();
That's it, the caching works fine again.
Labels:

Comments

Post a Comment

Popular posts from this blog

Connection to Amazon Neptune endpoint from EKS during development

This small article will describe how to connect to Amazon Neptune database endpoint from your PC during development. Amazon Neptune is a fully managed graph database service from Amazon. Due to security reasons direct connections to Neptune are not allowed, so it's impossible to attach a public IP address or load balancer to that service. Instead access is restricted to the same VPC where Neptune is set up, so applications should be deployed in the same VPC to be able to access the database. That's a great idea for Production however it makes it very difficult to develop, debug and test applications locally. The instructions below will help you to create a tunnel towards Neptune endpoint considering you use Amazon EKS - a managed Kubernetes service from Amazon. As a side note, if you don't use EKS, the same idea of creating a tunnel can be implemented using a Bastion server . In Kubernetes we'll create a dedicated proxying pod. Prerequisites. Setting up a tunnel. ...
Post a Comment
Read more

Notes on upgrade to JSF 2.1, Servlet 3.0, Spring 4.0, RichFaces 4.3

This article is devoted to an upgrade of a common JSF Spring application. Time flies and there is already Java EE 7 platform out and widely used. It's sometimes said that Spring framework has become legacy with appearance of Java EE 6. But it's out of scope of this post. Here I'm going to provide notes about the minimal changes that I found required for the upgrade of the application from JSF 1.2 to 2.1, from JSTL 1.1.2 to 1.2, from Servlet 2.4 to 3.0, from Spring 3.1.3 to 4.0.5, from RichFaces 3.3.3 to 4.3.7. It must be mentioned that the latest final RichFaces release 4.3.7 depends on JSF 2.1, JSTL 1.2 and Servlet 3.0.1 that dictated those versions. This post should not be considered as comprehensive but rather showing how I did the upgrade. See the links for more details. Jetty & Tomcat. JSTL. JSF & Facelets. Servlet. Spring framework. RichFaces. Jetty & Tomcat First, I upgraded the application to run with the latest servlet container versio...
1 comment
Read more

Managing Content Security Policy (CSP) in IBM MAS Manage

This article explores a new system property introduced in IBM MAS 8.11.0 and Manage 8.7.0+ that enhances security but can inadvertently break Google Maps functionality within Manage. We'll delve into the root cause, provide a step-by-step solution, and offer best practices for managing Content Security Policy (CSP) effectively. Understanding the issue IBM MAS 8.11.0 and Manage 8.7.0 introduced the mxe.sec.header.Content_Security_Policy   property, implementing CSP to safeguard against injection attacks. While beneficial, its default configuration restricts external resources, causing Google Maps and fonts to malfunction. CSP dictates which domains can serve various content types (scripts, images, fonts) to a web page. The default value in this property blocks Google-related domains by default. Original value font-src 'self' data: https://1.www.s81c.com *.walkme.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' ...
Post a Comment
Read more