Versions Compared

Old Version 8

changes.mady.by.user Julie Legendre

Saved on

compared with

New Version 9

changes.mady.by.user Julie Legendre

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

URI access security

URI security is checkecked checked by the 

Javadoc resource link
classNameinfo.magnolia.cms.security.URISecurityFilter
renderTypeasynchronous
. The filter checks whether the role(s) of the requesting user allow to the user to request the a given path by the with given method.

URI permissions are granted by ACLs Access Control Lists (ACL). An ACL grants access to a path for getGet or getGet & postPost.get => grants

  • Get – Grants the HTTP method GET for a given URI.

...

  • Get & Post – Grants the HTTP methods GETPUTPOST and DELETE for a given URI.

URI access is checked for every endpoint.

JCR access security

JCR acces access security is a feature of the JCR standard (defined by JCR JSR-170 and JSR-283). JCR access is granted per workspace on path level - it can grant the permision to read or to read&write. It can grant Read-only or Read/Write permission.

When using endpoints dealing with JCR repositories (nodes and properties to read and write -, delivery to read only - ) the given user must have an appropriate role which that provides JCR permissions for the given method.

JCR access security is checked on every endpoint dealing which reads or writes JCR data. (

Exception: It can be bypassed for the delivery endpoint for testing reasonspurposes.)

Specific role based security applied to commands

...

Info

Depending on the endpoint - , its access requires always URI access, may require JCR access or may require a specific role defined defined on command level.

...

If the endpoint triggers commands - the command definition grants access via specifically defined roles defined per command ... (oder so ähnlich ...).


HTTP
method		URI security required

JCR access security


Specific role based security

delivery GET

/.rest/delivery/v1/{workspace}/{path}

 read access for a path on a workspace-
nodes GET

/.rest/nodes/v1/{workspace}/{path}

 read access for a path on a workspace-
PUT

/.rest/nodes/v1/{workspace}/{path}

 read&write access for a path on a workspace-
POST

/.rest/nodes/v1/{workspace}/{path}

 read&write access for a path on a workspace-
DELETE/.rest/nodes/v1/{workspace}/{path} read&write access for a path on a workspace-
properties GET/.rest/nodes/v1/{workspace}/{path} read access for a path on a workspace-
PUT/.rest/nodes/v1/{workspace}/{path} read&write access for a path on a workspace-
POST/.rest/nodes/v1/{workspace}/{path} read&write access for a path on a workspace-
DELETE/.rest/nodes/v1/{workspace}/{path} read&write access for a path on a workspace-
commands POST/.rest/commands/v2/{catalogName}/{command}-required

...