Magnolia 5.6 reached end of life on June 25, 2020. This branch is no longer supported, see End-of-life policy.
...
URI security is checkecked checked by the
Javadoc resource link | ||||
---|---|---|---|---|
|
URI permissions are granted by ACLs Access Control Lists (ACL). An ACL grants access to a path for getGet or getGet & postPost.get => grants
GET
for a given URI....
GET
, PUT
, POST
and DELETE
for a given URI.URI access is checked for every endpoint.
JCR acces access security is a feature of the JCR standard (defined by JCR JSR-170 and JSR-283). JCR access is granted per workspace on path level - it can grant the permision to read or to read&write. It can grant Read-only or Read/Write permission.
When using endpoints dealing with JCR repositories - (nodes
and properties
to read and write -, delivery
to read only - ) the given user must have an appropriate role which that provides JCR permissions for the given method.
JCR access security is checked on every endpoint dealing which reads or writes JCR data. (
Exception: It can be bypassed for the delivery
endpoint for testing reasonspurposes.)
...
Info |
---|
Depending on the endpoint - , its access requires always URI access, may require JCR access or may require a specific role defined defined on command level. |
...
If the endpoint triggers commands - the command definition grants access via specifically defined roles defined per command ... (oder so ähnlich ...).
HTTP method | URI security required | JCR access security | Specific role based security | |
---|---|---|---|---|
delivery | GET | /.rest/delivery/v1/{workspace}/{path} | read access for a path on a workspace | - |
nodes | GET | /.rest/nodes/v1/{workspace}/{path} | read access for a path on a workspace | - |
PUT | /.rest/nodes/v1/{workspace}/{path} | read&write access for a path on a workspace | - | |
POST | /.rest/nodes/v1/{workspace}/{path} | read&write access for a path on a workspace | - | |
DELETE | /.rest/nodes/v1/{workspace}/{path} | read&write access for a path on a workspace | - | |
properties | GET | /.rest/nodes/v1/{workspace}/{path} | read access for a path on a workspace | - |
PUT | /.rest/nodes/v1/{workspace}/{path} | read&write access for a path on a workspace | - | |
POST | /.rest/nodes/v1/{workspace}/{path} | read&write access for a path on a workspace | - | |
DELETE | /.rest/nodes/v1/{workspace}/{path} | read&write access for a path on a workspace | - | |
commands | POST | /.rest/commands/v2/{catalogName}/{command} | - | required |
...