Magnolia 5.6 reached end of life on June 25, 2020. This branch is no longer supported, see End-of-life policy.
...
Expand | ||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||||||||||||||||||||||||
|
Anchor | ||||
---|---|---|---|---|
|
Notewarning | ||||||
---|---|---|---|---|---|---|
Please You must read and understand REST security before enabling and using the REST endpoints on in a productive environment. |
In the context of this tutorial and to get started quickly, you will we use users with roles provided by the default setup of the the the Magnolia bundle.
superuser
...
...
...
...
On In the author context the superuser is grantedinstance, superuser has:
/
on every JCR workspace - workspace, granted by the role superuser
role.Mgnl get |
---|
Mgnl put |
---|
Mgnl post |
---|
Mgnl delete |
---|
/magnoliaAuthor/.rest*
- granted by the role rest-admin
.Note that superuser is given a lot of power. Use it carefully in the context of this tutorial. But never use superuser on a productive environment.
anonymous
...
...
The public context instance is typically is visited by users which who do not authenticate. Nevertheless, such These visits are done as as the anonymous
user - which , who also has some permissions.
On In the public context anonymous user is grantedinstance, anonymous user has:
/
for the JCR workspaces website
, dam
, googleSitemaps
, category
, and tours
.Mgnl get |
---|
GET
for the path /magnoliaAuthor/.rest/delivery/*
As you can see, anonymous user only has read access and can only access the Delivery endpoint. That is sufficient for the moment.
On In a productive environment - we highly recommend to recommend you create custom REST roles granting specific access for specific use cases.
...
Magnolia provides the following REST endpoints out-of-the-box the following REST endpoints:
Multiexcerpt include | ||||
---|---|---|---|---|
|
If you want to use REST to create, update and delete content - , we recommend using you use the Nodes endpoint which supports all required operations. If you mainly want to read data - , consider using the Delivery endpoint. It provides a very handy convenient, formatted JSON and can be customized and configured with YAML via light module. With the Commands endpoint you can trigger commands . And and Cache endpoint deals with cache. And you always
You can also create your own custom endpoints - for inspiration see How to create a custom Java based REST endpoint.
On In this section, we propose suggest some tools you can use to test the REST API - without the need needing to develop a REST consuming client application. Testing your REST requests is handy useful when you are developing client apps and similar things which will that interact with the REST endpoints.
...
Positive | For instance Firefox displays JSON and XML in a very well readable format. | |
Negative | A browser provides only limited control to tailor a request without further add-ons. Requests are sent as
GET and you cannot add more request headers out of the box. | |
Tips | If you want to test on REST resources via
GET , which requires authetication (to get assigned roles not provided to anonymous user - login at Magnolia first, open a new tab on the same window (using the same session) and then requesting the REST resource.Upgrade the browser with add-ons to extend its possibilities to controll the request. |
...