Attention, REST service user!

Wednesday, February 21, 2024 at 7:04 AM UTC

I lately came across a problem with Domino 14, but it turned out that this issue applies to 12.0.2 FP3 as well.

When you use the REST service control from the Extension Library to provide a custom REST service, you will get an exception which has nothing to do with anything in your XPage or your Java code. The root cause is yet to be examined, but the defect article is already up:

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0110822

In addition, the given example uses a custom service bean to compute the REST service' response in the way very similar to this example:

https://github.com/zeromancer1972/simplerest/blob/master/ODP/Code/Java/net/notesx/JSONService.java

If you use this control, please test your app carefully on the systems named above.

Update 1

I just tested the simple view based REST service setting with this control and I get the exact same error.

Here is an example:

<?xml version="1.0" encoding="UTF-8"?>
<xp:view
    xmlns:xp="http://www.ibm.com/xsp/core"
    xmlns:xe="http://www.ibm.com/xsp/coreex"
    viewState="nostate">
    <xe:restService pathInfo="slots">
        <xe:this.service>
            <xe:viewJsonService viewName="bitSlots">
                <xe:this.columns>
                    <xe:restViewColumn
                        name="name"
                        columnName="name">
                    </xe:restViewColumn>
                    <xe:restViewColumn
                        name="type"
                        columnName="type">
                    </xe:restViewColumn>
                </xe:this.columns>
            </xe:viewJsonService>
        </xe:this.service>
    </xe:restService>
</xp:view>

This got it's own KB article: https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109796

Update 2

As you can see, I got a comment here from Martin who provided a workaround a while back (which I did not notice).

In the XSP properties, change the line

xsp.csrf.protection=true

to

xsp.csrf.protection=false

and the error is gone. I just tested that with V14 (I don't have a test environment for 12.0.2FP3) and also informed support, so I expect the KB article to be updated, too.

If you want to learn more about this option, please checkout this excellent article from Sean Cull here.

Update 3

HCL introduced a fix for 12.0.2FP3 (IF1): https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0110951






Latest comments to this post

Oliver Busse wrote on 27.02.2024, 08:25

Hi John,

according to HCL the IF will fix this: https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0110951

 Link to this comment
John Dalsgaard wrote on 26.02.2024, 16:16

Hi Oliver

Is that the problem that is fixed in IF1? https://ds_infolib.hcltechsw.com/ldd/fixlist.nsf?OpenDatabase&Start=3.27&Count=30&Expand=3.50

/John

 Link to this comment
Martin Vogel wrote on 23.02.2024, 08:42

Hi Oliver, we had the same issue and found a workaround.

Please have a look at https://atnotes.de/index.php/topic,63914.msg406486.html#msg406486

 Link to this comment
Fredrik Norling wrote on 21.02.2024, 11:25

Thanks Oliver for sharing, would have given me problem if I had upgraded some of the servers to fp3 or 14

 Link to this comment

Leave a comment right here