Magnolia 5.6 reached end of life on June 25, 2020. This branch is no longer supported, see End-of-life policy.
...
Permissions to issue REST requests are controlled using Magnolia's standard role-based security mechanism.
Table of Contents |
---|
REST enpoints are a po
URI security is checked by the
Javadoc resource link | ||||
---|---|---|---|---|
|
...
URI access is checked for every endpoint.
JCR access security is a feature of the JCR standard (defined by JCR JSR-170 and JSR-283). JCR access is granted per workspace on path level. It can grant Read-only or Read/Write permission.
...
Info |
---|
JCR access security can be bypassed for the |
Command level security access is the lowest level of access you can configure by role for REST endpoints.
...
Include Page | ||||
---|---|---|---|---|
|
Note |
---|
You can make sweeping changes with commands, such as bypassing approval and deleting the whole site. Commands are therefore subject to special security restrictions. |
To enable the use of commands through REST:
rest-admin
role a permission to issue requests to the commands
endpoint. Permission to the endpoint is denied by default. Add a new rule./modules/rest-services/rest-endpoints/commands/enabledCommands
....
enableHeadingAttributes | false |
---|---|
enableSorting | false |
class | m5-configuration-tree |
enableHighlighting | false |
...
Mgnl f |
---|
...
Mgnl f |
---|
...
Mgnl f |
---|
...
Mgnl n |
---|
...
Mgnl n |
---|
...
Mgnl n |
---|
...
Mgnl n |
---|
...
Mgnl n |
---|
...
Mgnl p |
---|
...
rest-admin
...
Mgnl p |
---|
...
website
...
Mgnl p |
---|
...
activate
...
Mgnl n |
---|
...
Mgnl n |
---|
Properties:
...
required
Enabled commands node.
...
<command>
...
required
Arbitrary name for the command. Use any name you like.
...
access
...
required
Access node.
...
roles
...
required
Roles node.
...
<role>
required
...
|
...
|
...
catalogName
required
...
|
...
commandName
...
Command definition name.
Endpoints always require URI access, they may also require JCR access or a specific role defined at a command level.
...
If the endpoint triggers commands, the command definition grants access via specifically defined roles defined per command:
HTTP method | URI security required | JCR access security | Specific role based security | |
---|---|---|---|---|
delivery | GET | /.rest/delivery/v1/{workspace}/{path} | Read-only access for a path on a workspace | - |
nodes | GET | /.rest/nodes/v1/{workspace}/{path} | Read-only access for a path on a workspace | - |
PUT | /.rest/nodes/v1/{workspace}/{path} | Read/Write access for a path on a workspace | - | |
POST | /.rest/nodes/v1/{workspace}/{path} | Read/Write access for a path on a workspace | - | |
DELETE | /.rest/nodes/v1/{workspace}/{path} | Read/Write access for a path on a workspace | - | |
properties | GET | /.rest/nodes/v1/{workspace}/{path} | Read-only access for a path on a workspace | - |
PUT | /.rest/nodes/v1/{workspace}/{path} | Read/Write access for a path on a workspace | - | |
POST | /.rest/nodes/v1/{workspace}/{path} | Read/Write access for a path on a workspace | - | |
DELETE | /.rest/nodes/v1/{workspace}/{path} | Read/Write access for a path on a workspace | - | |
commands | POST | /.rest/commands/v2/{catalogName}/{command} | - | required |
xx
Note |
---|
You can make sweeping changes with commands, such as bypassing approval and deleting the whole site. Commands are therefore subject to special security restrictions. |
To enable the use of commands through REST:
rest-admin
role a permission to issue requests to the commands
endpoint. Permission to the endpoint is denied by default. Add a new rule./modules/rest-services/rest-endpoints/commands/enabledCommands
.Advanced Tables - Table Plus | |||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| |||||||||||||||||||||||||||||||||||||||||
|
Properties:
enabledCommands | required Enabled commands node. |
| required Arbitrary name for the command. Use any name you like. |
| required Access node. |
| required Roles node. |
| required Role name. Grants the role permission to execute the command . Add the |
| required Catalog where the command resides. |
| required Command definition name. |
The REST module installs four default roles with the following permissions:
...