Return-Path: 
 <dev-return-7043-apmail-clerezza-dev-archive=clerezza.apache.org@clerezza.apache.org>
X-Original-To: apmail-clerezza-dev-archive@www.apache.org
Delivered-To: apmail-clerezza-dev-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id A764EC348
	for <apmail-clerezza-dev-archive@www.apache.org>;
 Thu, 18 Jul 2013 16:19:24 +0000 (UTC)
Received: (qmail 83681 invoked by uid 500); 18 Jul 2013 16:19:24 -0000
Delivered-To: apmail-clerezza-dev-archive@clerezza.apache.org
Received: (qmail 83598 invoked by uid 500); 18 Jul 2013 16:19:23 -0000
Mailing-List: contact dev-help@clerezza.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@clerezza.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@clerezza.apache.org>
List-Post: <mailto:dev@clerezza.apache.org>
List-Id: <dev.clerezza.apache.org>
Reply-To: dev@clerezza.apache.org
Delivered-To: mailing list dev@clerezza.apache.org
Received: (qmail 83584 invoked by uid 99); 18 Jul 2013 16:19:21 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 18 Jul 2013 16:19:21 +0000
X-ASF-Spam-Status: No, hits=0.0 required=5.0
	tests=
X-Spam-Check-By: apache.org
Received-SPF: error (nike.apache.org: local policy)
Received: from [213.238.45.90] (HELO r2-d2.netlabs.org) (213.238.45.90)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 18 Jul 2013 16:19:13 +0000
Received: (qmail 41284 invoked by uid 89); 18 Jul 2013 16:18:30 -0000
Received: from unknown (HELO mail-la0-f41.google.com)
 (farewellutopia@netlabs.org@209.85.215.41)
  by 0 with ESMTPA; 18 Jul 2013 16:18:30 -0000
Received: by mail-la0-f41.google.com with SMTP id fn20so2680789lab.14
        for <dev@clerezza.apache.org>; Thu, 18 Jul 2013 09:18:30 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20120113;
        h=mime-version:x-originating-ip:in-reply-to:references:date
         :message-id:subject:from:to:content-type:content-transfer-encoding
         :x-gm-message-state;
        bh=Cio8xCMolp6mvWNNEhJI1podSUB3YawtiBNbREphE7E=;
        b=gkZZrha8wOMi7P8sOE3uEyjJ3cRQrJUVlTwzxSeik3qzwkgFtXyjMz7LBUEvpO1iJz
         CBckP0muFjbyS/XBaQoMxeBMTaLYplsRT7vdRD8zn4L8/CcRVJO8VF+cFC2VAbSTl8/3
         ca3niE97JXAR6+UUIEOM5dfXmgcu2LlsHWPjNFEQIxKNxpBiLKOpHAL9Zxy4nXD83slO
         OryACLjImezjdbvgsL15HI0CFEo/DjmfAQWcMHfKT7MZ+J023vmHiWdSXPfjclUZhv6W
         asHjRxp9bz4Hm3JhwoUyNTttDqfGNavrlk95HVdB/e2QRzBGCGJQwIwal/qOWPlHsIfp
         ULcA==
MIME-Version: 1.0
X-Received: by 10.152.20.40 with SMTP id k8mr5773522lae.25.1374164310275; Thu,
 18 Jul 2013 09:18:30 -0700 (PDT)
Received: by 10.152.125.144 with HTTP; Thu, 18 Jul 2013 09:18:30 -0700 (PDT)
X-Originating-IP: [31.24.10.206]
In-Reply-To: <51E70AF0.7080504@apache.org>
References: 
 <CALvhUEVkTmaV+3QA-H7fSHpjkP2fE6=16gZd-aotxnHVor7r-g@mail.gmail.com>
	<CAOzb7FKnw0hZdJvxWYNUhJtev5Bf8qs6mj+Xcam0i6GSBdNp0w@mail.gmail.com>
	<CALvhUEVtYJt_PHxwU0zD7oJNE_c7+qs-hTt+JJAuYmiB9i5DMA@mail.gmail.com>
	<51E70AF0.7080504@apache.org>
Date: Thu, 18 Jul 2013 18:18:30 +0200
Message-ID: 
 <CALvhUEVBgCroJ97qQoK0bkUpUb=44Pn9gokPZvo5AT_w_XHtnQ@mail.gmail.com>
Subject: Re: Sparql: handle queries and update requests together or
 separately?
From: =?ISO-8859-1?Q?Reto_Bachmann=2DGm=FCr?= <reto@wymiwyg.com>
To: dev@clerezza.apache.org
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
X-Gm-Message-State: 
 ALoCoQkaz+UL5SvMzbp5WECkwd3Fq5YIPvz5ILmZgkQjh6SXvelZLQhpv9eskCIQhSrnJQJs343e
X-Virus-Checked: Checked by ClamAV on apache.org

On Wed, Jul 17, 2013 at 11:21 PM, Andy Seaborne <andy@apache.org> wrote:
> On 17/07/13 10:08, Reto Bachmann-Gm=FCr wrote:
>>
>> Hi Hasan
>>
>>>> The recent changes towards full sparql 1.1 treat queries and update
>>>> requests together. That is we have one method that accepts both.
>>>
>>>
>>>
>>> Do you mean HTTP method?
>>
>>
>> I meant java method. But because it's the same Java method it will be
>> harder for the code to handle queries via HTTP GET not also to allow
>> update requests.
>>>
>>>
>>>
>>>> I'm
>>>> wondering if this makes sense. One reason against this approach is
>>>> that the Sparql protocol mandates different ways for submitting
>>>> queries and update requests.
>
>
> Clerezza can have one API operation - it's the on-the-wire HTTP mapping t=
hat
> SPARQL protocol defines.  The required difference is either MIME type or =
via
> ?request=3D or ?query=3D.  It's a very light check of the query string ne=
eded
> but if you pre-parsing anyway, then you'll know if it's a query or an
> update.
>
> In fact, SPARQL protocol does not mandate different endpoints at the leve=
l
> of HTTP - it does make it possible and it encourages different service
> endpoints for query and update which are different languages (for securit=
y
> reasons and for query/update injection attacks).  But it does not mandate
> any endpoint naming.
>
> BTW
> Queries can be sent by POST as well as GET - this is necessary in the "re=
al"
> world because URLs over 1k (and more often 4k) are not reliable (some cac=
he
> and proxy server silently truncate the URL).  And, from experience, I see
> people use POST on forms even when GET would do.

The question here is about Java methods not HTTP methods.

So the question is if we should have one method:

Object executeSparql(String)

Or two

Object executeSparqlQuery(String)
void executeSparqlUpdate(String)

(default graph params left out for simplicity)

The Sparql protocol requirements are a raeson for the second approach.
Even if we just have one HTTP enpoint the first approach would cause
more code an computation to be needed:

If ((httpMethod =3D=3D GET) || (paramName =3D=3D "req") || (contenType =3D=
=3D
"application/sparql-query")) {
    if (sparqlPreParser.parse(s).isQuery() {
        tcManager.executeSparql(s);
    } else {
        throw UpdateRequestSubmittedAsQuery();
    }
} else ...

Whereas with the secon approach no preparsing is needed for the http endpoi=
nt

If ((httpMethod =3D=3D GET) || (paramName =3D=3D "req") || (contenType =3D=
=3D
"application/sparql-query")) {
    tcManager.executeSparqlQuery(s);
} else ...

So the question for me is if there are other usecases which would
support having only a single method on the API level?

Cheers,
Reto


>
>
>         Andy
>
>
>>>
>>>
>>> If HTTP method is meant here, I can only find by quickly run through th=
e
>>> doc
>>> http://www.w3.org/TR/2013/REC-sparql11-protocol-20130321/#protocol
>>>
>>> that we may want to use HTTP Get for the query and POST for the update.
>>>
>>>
>>>> But if in clerezza queries end up being
>>>> handled by a method than is also capable of updates it would be hard
>>>> to enforce that no update comes in disguise of a query. (Not that this
>>>> would be a security issue, but it would be against standard and best
>>>> practices to update a graph on a get request).
>>>>
>>>
>>> If that is the case, I think we can add or modify function in the
>>> preparser
>>> to get
>>> information about whether it is an update or query, and react
>>> accordingly.
>>
>>
>> That would be one approach. The other would be two have two different
>> methods in TcManager for queries and updates. And if we want a
>> fastlane for updates too, to have two pre-parsers.
>>
>> Cheers,
>> Reto
>>
>>>
>>> Cheers
>>> Hasan
>>>
>>>>
>>>> Cheers,
>>>> Reto
>>>>
>