Starting with Magnolia CMS 4.5, security is implemented at the JCR level.
- Administering security
- Security in detail
OverviewJava Content Repository. Magnolia CMS uses the Jackrabbit reference implementation of the Java Content Repository (JCR) standard. The version of JCR used is 2.0. ACL checks are performed at the JCR level. This low-level checking has the following benefits:
- Better performance than checking in the application code.
- Repository can be exposed to third party apps. Access Control Lists (ACLs) still apply.
- Use JCR API directly without needing to wrap objects.
Internal security is based on the Java Authentication and Authorization Service (JAAS). User permissions are assigned and managed in the form of ACls via groups and roles assigned to the users. Security can be configured either for URIs that a user is allowed (or denied) to access or on a more granular level via ACLs bound directly to the content in repository. User permissions are then checked on each manipulation of content by the user. This includes checking permissions on searches and making sure that the user cannot find the content that they have not been granted access to. See more information on administering security below.
External security is achieved via servlet container features. The strength of the security depends on the container used to run Magnolia CMS. To improve the security, Magnolia recommends that you run Apache Web Server or another proxy server in front of the application server.
To minimize the risk of attacks on user accounts on a public instance, best practice is to limit user accounts to the required number and type. There are two basic solutions to limit the user account data needed by public instances:
- Workflow: For workflow, the only mandatory user account is the
superuseraccount. Once this account is set up, you can add other accounts as needed. See the workflow documentation and how to add user accounts.
- IP solution: Disable external access to AdminCentral (URIs starting with
./magnolia) from public IP addresses. Next, specify the IP addresses from which users should have permission to log in to AdminCentral. For further information, see IP and http permissions.
Content security. Since content and templates are usually customized or completely developed by the users of Magnolia CMS, it is the responsibility of users to ensure that developed content is not exploitable by cross-site scripting, HTML injection or similar attacks. For templates provided with Magnolia CMS, the system tries to ensure there are no such vulnerabilities.
Security in Magnolia CMS is controlled with a built-in access management system. The purpose of this system is to:
- Authenticate users. Reliably and securely determine who is using the system and provide them with means to sign into the application.
- Authorize users to ensure they have the permissions to do the actions required such as editing pages or creating categories.