Hi
I just stumbled over some strange errors in our web application that uses the Java SDK:
Caused by: java.security.PrivilegedActionException: java.lang.ClassNotFoundException: class dk.dtu.aqua.catchlog.bean.ExtViewBean : com.couchbase.client.core.error.InvalidArgumentException: The key must not be longer than 250 bytes (was 283 bytes including the collection prefix). {"bucket":"data","collection":"_default","documentId":"FishingClub:487C622908C3AC89C1257F6100253A72 AND 3099=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(107)||CHR(118)||CHR(106)||CHR(113)||(SELECT (CASE WHEN (3099=3099) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(120)||CHR(120)||CHR(118)||CHR(113)||CHR(62))) FROM DUAL)-- MOjH","scope":"_default"}
at java.security.AccessController.doPrivileged(AccessController.java:698)
at com.sun.faces.config.ManagedBeanFactory.newInstance(ManagedBeanFactory.java:216)
... 47 more
Caused by: java.lang.ClassNotFoundException: class dk.dtu.aqua.catchlog.bean.ExtViewBean : com.couchbase.client.core.error.InvalidArgumentException: The key must not be longer than 250 bytes (was 283 bytes including the collection prefix). {"bucket":"data","collection":"_default","documentId":"FishingClub:487C622908C3AC89C1257F6100253A72 AND 3099=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(107)||CHR(118)||CHR(106)||CHR(113)||(SELECT (CASE WHEN (3099=3099) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(120)||CHR(120)||CHR(118)||CHR(113)||CHR(62))) FROM DUAL)-- MOjH","scope":"_default"}
at java.beans.Beans.instantiate(Beans.java:244)
at java.beans.Beans.instantiate(Beans.java:88)
at com.sun.faces.config.ManagedBeanFactory$1.run(ManagedBeanFactory.java:222)
at java.security.AccessController.doPrivileged(AccessController.java:694)
... 48 more
Caused by: com.couchbase.client.core.error.InvalidArgumentException: The key must not be longer than 250 bytes (was 283 bytes including the collection prefix). {"bucket":"data","collection":"_default","documentId":"FishingClub:487C622908C3AC89C1257F6100253A72 AND 3099=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(107)||CHR(118)||CHR(106)||CHR(113)||(SELECT (CASE WHEN (3099=3099) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(120)||CHR(120)||CHR(118)||CHR(113)||CHR(62))) FROM DUAL)-- MOjH","scope":"_default"}
at com.couchbase.client.java.AsyncUtils.block(AsyncUtils.java:51)
at com.couchbase.client.java.Collection.get(Collection.java:184)
at dk.dtu.aqua.catchlog.dao.CouchbaseFishingClubDAO.loadFishingClub(CouchbaseFishingClubDAO.java:234)
at dk.dtu.aqua.catchlog.dao.facade.FishingClubCRUDFacade.getFishingClubByUnid(FishingClubCRUDFacade.java:87)
at dk.dtu.aqua.catchlog.view.ClubView.(ClubView.java:27)
at dk.dtu.aqua.catchlog.bean.ExtViewBean.(ExtViewBean.java:25)
at java.lang.Class.newInstancePrototype(Class.java:1773)
at java.lang.Class.newInstance(Class.java:1762)
at java.beans.Beans.instantiate(Beans.java:240)
... 51 more
Suppressed: java.lang.Exception: The above exception was originally thrown by another thread at the following location.
at com.couchbase.client.core.msg.kv.BaseKeyValueRequest.checkKeyLength(BaseKeyValueRequest.java:192)
at com.couchbase.client.core.msg.kv.BaseKeyValueRequest.encodedExternalKeyWithCollection(BaseKeyValueRequest.java:172)
at com.couchbase.client.core.msg.kv.BaseKeyValueRequest.encodedKeyWithCollection(BaseKeyValueRequest.java:145)
at com.couchbase.client.core.msg.kv.GetRequest.encode(GetRequest.java:66)
at com.couchbase.client.core.io.netty.kv.KeyValueMessageHandler.write(KeyValueMessageHandler.java:208)
at com.couchbase.client.core.deps.io.netty.channel.AbstractChannelHandlerContext.invokeWrite0(AbstractChannelHandlerContext.java:717)
at com.couchbase.client.core.deps.io.netty.channel.AbstractChannelHandlerContext.invokeWriteAndFlush(AbstractChannelHandlerContext.java:764)
at com.couchbase.client.core.deps.io.netty.channel.AbstractChannelHandlerContext$WriteTask.run(AbstractChannelHandlerContext.java:1071)
at com.couchbase.client.core.deps.io.netty.util.concurrent.AbstractEventExecutor.safeExecute(AbstractEventExecutor.java:164)
at com.couchbase.client.core.deps.io.netty.util.concurrent.SingleThreadEventExecutor.runAllTasks(SingleThreadEventExecutor.java:472)
at com.couchbase.client.core.deps.io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:384)
at com.couchbase.client.core.deps.io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989)
at com.couchbase.client.core.deps.io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
at com.couchbase.client.core.deps.io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
at java.lang.Thread.run(Thread.java:811)
and there are several variants like:
Caused by: java.lang.ClassNotFoundException: class dk.dtu.aqua.catchlog.bean.ExtViewBean : com.couchbase.client.core.error.InvalidArgumentException: The key must not be longer than 250 bytes (was 251 bytes including the collection prefix). {"bucket":"data","collection":"_default","documentId":"FishingClub:487C622908C3AC89C1257F6100253A72') AND 9338=CAST((CHR(113)||CHR(120)||CHR(122)||CHR(107)||CHR(113))||(SELECT (CASE WHEN (9338=9338) THEN 1 ELSE 0 END))::text||(CHR(113)||CHR(112)||CHR(106)||CHR(106)||CHR(113)) AS NUMERIC) AND ('ycrk'='ycrk","scope":"_default"}
These are initiated from a bean that servers as entry form for external users that are not logged into our application. Users have no way to directly interact with the CB server.
This is the method that reports the error (line 234):
where the “key” seems to contain a lot of “rubish”. I build the key by adding type in front of the key (with a ‘:’ in between), e.g. “FishingClub:487C622908C3AC89C1257F6100253A72”
Should I do anything to avoid the above? Any “standard advice” that I may have overlooked?