Magnolia 5.6 reached end of life on June 25, 2020. This branch is no longer supported, see End-of-life policy.
This page is intended for developers who want to start using Magnolia REST features.
In this page, we:
This section is a very brief summary of the most important things from the sections below.
To use Magnolia REST features:
magnolia-rest-integration
, magnolia-rest-services
, magnolia-rest-content-delivery
(version 2.0 or higher). See REST module - Installing if needed.superuser
on the author instance and anonymous
user on the public instance at your own risk.Provide YAML configuration to enable the usage of the delivery endpoint in a light module.
cURL:
curl -X GET 'http://localhost:8080/magnoliaPublic/.rest/delivery/website/v1/travel/about'
GET
a REST.In this section, we assume you are using a Magnolia bundle version 5.6 or higher and you know how to:
magnolia.resources.dir
property in the magnolia.properties
file.
If you do not know how to do all of this, see Set up a Magnolia bundle with all REST modules - step by step instead.
The modules listed below are required to use all Magnolia REST features in a productive context:
magnolia-rest-integration
magnolia-rest-services
magnolia-rest-content-delivery
When using a preconfigured Magnolia bundle, your webapps already contain these three modules. If you are using a custom webapp or bundle, make sure your custom setup contains the modules listed above. See REST module - Installing if needed.
When developing new features, it can be helpful to use the magnolia-rest-tools
module which enables Swagger UI tools.
If you do not want to use the Swagger UI tools, skip ahead to security settings.
The Swagger framework is supported by a set of core tools for designing, building, and documenting RESTful APIs. Source: https://swagger.io/tools/ Magnolia provides integration with Swagger tools directly in the Admin UI. Swagger tools are for development and testing purposes only.
To enable Swagger you must add magnolia-rest-tools
to your webapp(s).
Add the following snippet to the pom file of your webapp:
If you are running a preconfigured Magnolia Tomcat bundle:
$tomcat/webapps/magnoliaAuthor/WEB-INF/lib
$tomcat/webapps/magnoliaPublic/WEB-INF/lib
(if the directory already exists)* The zip file may contain .jar files which are already present in the WEB-INF/lib
folder of your webapps.
The Swagger API explorer tool searches for the API at a path set in When using one of Magnolia's preconfigured bundles running on localhost, set the property to Set the path to where REST services reside on your system. If you run the standard Magnolia bundle and work on the author instance, set the path to http://localhost:8080/magnoliaAuthor/.rest After setting the base path, restart Magnolia. Swagger UI tools is in Dev > REST Tools./modules/rest-tools/config/apiBasepath
. The default value is
http://localhost:8080/.rest
. The value for this property must match the following pattern:<protocol>://<hostname>:<port>/<context>/.rest
http://localhost:8080/magnoliaAuthor/.rest
.
http://localhost:8080/magnoliaAuthor/.rest
.Node name Value
This section provides step by step instructions to set up a Magnolia bundle that contains all REST modules including the magnolia-rest-tools
module to use Swagger UI tools. The procedure uses Magnolia CLI. If you are an experienced Magnolia user, you can skip this and set up Magnolia in your preferred style.
REST endpoints are a powerful tool but can also make your site very vulnerable. Make sure you understand how to implement a strong security strategy to safeguard your system..
You must read and understand REST security before enabling and using the REST endpoints in a productive environment.
In the context of this tutorial and to get started quickly, we use users with roles provided by the default setup of the Magnolia bundle.
superuser
in the author instance - for testing purposes onlyIn the author instance, superuser has:
/
on every JCR workspace, granted by the superuser
role./magnoliaAuthor/.rest*
- granted by the role rest-admin
.Note that superuser is given a lot of power. Use it carefully in the context of this tutorial. But never use superuser on a productive environment.
anonymous
in the public instance The public instance is typically visited by users who do not authenticate. These visits are done as the anonymous
user, who also has some permissions.
In the public instance, anonymous user has:
/
for the JCR workspaces website
, dam
, googleSitemaps
, category
, and tours
.GET
for the path /magnoliaAuthor/.rest/delivery/*
As you can see, anonymous user only has read access and can only access the Delivery endpoint. That is sufficient for the moment.
In a productive environment we highly recommend you create custom REST roles granting specific access for specific use cases.
Magnolia provides the following REST endpoints out-of-the-box:
Endpoint | HTTP methods | Swagger UI enabled | |||
---|---|---|---|---|---|
delivery | GET Read node. | - | - | - | - |
nodes | GET | PUT | POST | DELETE | ✓ |
Read node | Create node | Update node | Delete node | ||
properties | GET | PUT Create property | POST Update property | DELETE | ✓ |
Read property | Delete property | ||||
commands | - | - | POST Execute command | - | ✓ |
If you want to use REST to create, update and delete content, we recommend you use the Nodes endpoint which supports all required operations. If you mainly want to read data, consider using the Delivery endpoint. It provides convenient, formatted JSON and can be customized and configured with YAML via light module. With the Commands endpoint you can trigger commands and Cache endpoint deals with cache.
You can also create your own custom endpoints.
In this section, we suggest some tools you can use to test the REST API without needing to develop a REST consuming client application. Testing your REST requests is useful when you are developing client apps and similar things that interact with the REST endpoints.
Positive | For instance Firefox displays JSON and XML in a very readable format. |
Negative | A browser provides only limited control to tailor a request without further add-ons. Requests are sent as |
Tips | If you want to test on REST resources via Upgrade the browser with add-ons to extend its possibilities to control the request. |
cURL
is a command line tool. It can be used on most well-known operating systems.
Download | https://curl.haxx.se/download.html |
Positive | Very flexible for tailoring the request (method, request headers, user credentials, and so on). Response can be further processed. |
Negative | Not everybody likes command line tools. The response is not easy to read without further tooling. No out-of-the-box automatic URL encoding. |
Tips | On the first attempt of a request, use the If the response body is fine and delivers JSON, pretty-print and colorize the response body with tools such as jq. |
If you have not installed magnolia-rest-tools
, which provides the Swagger UI tools, skip this section or see how to enable the swagger tools above.
Positive | Seamlessly integrated into the Magnolia Admin UI. Comfortable to use form-based interface. |
Negative | The endpoints require specific annotations to make them appear on the Swagger UI tools. Delivery endpoint is not annotated and does not appear on the Swagger tools. REST request is sent by the user who logged into Magnolia; it is difficult to test with different users. |
Go to Dev > REST Tools. When you open the the Magnolia REST Tools app, you should see something similar to this screen: The Swagger UI lists the bundled endpoints which already have Swagger annotations. These are the endpoints from themagnolia-rest-services
module (propertiesv1, commandsv2, nodesv1) and one from the cache-browser-app
(cachev1).
Click List operations or Expand operations to get the details for the operations.
Here is an example for the nodes
endpoint GET operation:
Enter values at least for the mandatory parameters and click Try it out!.
Swagger shows the response code, the response headers and the response body:
The delivery endpoint is a REST API provided by Magnolia out-of-the-box. Use it for obtaining JCR data as JSON.
In addition to defining security settings, you must provide YAML-based configuration for the delivery endpoint so that it can serve JSON.
delivery
endpointWe will create a light module to provide the YAML-based configuration required for the delivery endpoint.
In your light-modules folder, which is configured with the property magnolia.resources.dir
, create the following structure:
define-delivery-endpoint/ └── restEndpoints/ └── delivery-base-definition.yaml
You can use this code to start with for the delivery-base-definition.yaml
file:
class: info.magnolia.rest.delivery.jcr.v1.JcrDeliveryEndpointDefinition params: website: depth: 2 nodeTypes: - mgnl:page - mgnl:area - mgnl:component childNodeTypes: - mgnl:area - mgnl:component rootPath: / includeSystemProperties: false
For the time being, note the following points:
website
is the name of the endpoint prefix. In our case it is also the name of a JCR workspace. We use the value of the endpoint prefix later on in the REST request URL.With the configuration provided above, you are ready to send REST requests to your Magnolia instance.
We will fetch the content of the page /travel/about
on the website workspace. Have a look at Delivery endpoint API - readNode to understand how to compose the URL. We need:
website
travel/about
URL => /.rest/delivery/website/v1/travel/about
Now add the "context" (the name of the webapp), the domain and the protocol, and you get these URLs:
You can request the first URL, which goes to the public instance, with the browser as the anonymous user (without authentication). For the second URL, you must authenticate.
To test these URLs with cURL, use the following commands:
curl -X GET 'http://localhost:8080/magnoliaPublic/.rest/delivery/website/v1/travel/about'
curl -X GET 'http://localhost:8080/magnoliaAuthor/.rest/delivery/website/v1/travel/about' \ -u superuser:superuser