Magnolia 5.6 reached end of life on June 25, 2020. This branch is no longer supported, see End-of-life policy.
There are three levels of control when REST requests are issued:
Permissions to issue REST requests are controlled using Magnolia's standard role-based security mechanism.
Table of Contents |
---|
REST endpoints are a powerful tool but can also make your site very vulnerable. Make sure you understand how to implement a strong security strategy to safeguard your system.
Web access security is checked by the
Javadoc resource link | ||||
---|---|---|---|---|
|
Web permissions are granted with web access lists - they grant access to a path for Get or Get & Post. You can grant web access per role.
GET
for a given URI.GET
, PUT
, POST
and DELETE
for a given URI.Web access is checked for every endpoint.
JCR access security is a feature of the JCR standard (defined by JCR JSR-170 and JSR-283). JCR access is granted per workspace on path level. It can grant Read-only or Read/Write permission. You can grant JCR access per role.
When using endpoints dealing with JCR repositories (nodes
and properties
to read and write, delivery
to read only) the user must have an appropriate role that provides JCR permissions for the given method.
JCR access security is checked on every endpoint dealing which reads or writes JCR data.
Info |
---|
JCR access security can be bypassed for the |
Command level security access only applies to the commands endpoint.
Role-based access to specific commands are configured in the rest-services
module: /modules/rest-services/rest-endpoints/commands/enabledCommands/
Include Page | ||||
---|---|---|---|---|
|
Endpoints always require URI access, they may also require JCR access or a specific role defined at a command level.
When you request a REST URL, URI security is checked first:
If the endpoint concerns JCR access, JCR access security is checked too:
If the endpoint triggers commands, the command definition grants access via specifically defined roles defined per command:
HTTP method | Web access security required | JCR access security | Specific role based security | |
---|---|---|---|---|
delivery | GET | /.rest/delivery/{workspace}/v1* | Read-only access for a path on a workspace | - |
nodes | GET | /.rest/nodes/v1/{workspace}/{path} | Read-only access for a path on a workspace | - |
PUT | /.rest/nodes/v1/{workspace}/{path} | Read/Write access for a path on a workspace | - | |
POST | /.rest/nodes/v1/{workspace}/{path} | Read/Write access for a path on a workspace | - | |
DELETE | /.rest/nodes/v1/{workspace}/{path} | Read/Write access for a path on a workspace | - | |
properties | GET | /.rest/nodes/v1/{workspace}/{path} | Read-only access for a path on a workspace | - |
PUT | /.rest/nodes/v1/{workspace}/{path} | Read/Write access for a path on a workspace | - | |
POST | /.rest/nodes/v1/{workspace}/{path} | Read/Write access for a path on a workspace | - | |
DELETE | /.rest/nodes/v1/{workspace}/{path} | Read/Write access for a path on a workspace | - | |
commands | POST | /.rest/commands/v2/{catalogName}/{command} | - | required |
The REST module installs four default roles with the following permissions:
rest-admin
– The REST administrator role grants GET/POST permissions to all Magnolia's REST APIs.rest-editor
– The REST editor role grants GET/POST permissions to REST services APIs (nodes, properties), for a limited set of workspaces.rest-anonymous
– The REST anonymous consumer role grants GET permissions to Magnolia's content delivery REST API.rest-backup
– The REST backup role grants permission to execute the backup
command from a running Magnolia instance.Multiexcerpt include | ||||||
---|---|---|---|---|---|---|
|
The superuser account has the rest-admin
role by default so you can use superuser to test your requests. However, for production use, you should create a custom REST role. The anonymous
role is specifically denied access to the REST endpoints.
Magnolia recommends you create custom REST roles granting specific access for specific use cases.
Todo | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|
To be further specified into
|