Magnolia 4.5 reached end of life on June 30, 2016. This branch is no longer supported, see End-of-life policy.
Security in Magnolia is controlled with a built-in access management system. The purpose of this system is to:
The system is based on the Java Authentication and Authorization Service (JAAS). You can set permissions for all types of users whether real people or processes, and control access to resources such as Web pages, documents, data, forums and templates. Permissions are controlled through a combination of users, groups, roles and ACLs in AdminCentral.
Magnolia uses the Jackrabbit reference implementation of the Java Content Repository (JCR) standard. The version of JCR used is 2.0. ACL checks are performed at the JCR level. This low-level checking has the following benefits:
Internal security is based on the Java Authentication and Authorization Service (JAAS). User permissions are assigned and managed in the form of ACls via groups and roles assigned to the users. Security can be configured either for URIs that a user is allowed (or denied) to access or on a more granular level via ACLs bound directly to the content in repository. User permissions are then checked on each manipulation of content by the user. This includes checking permissions on searches and making sure that the user cannot find the content that they have not been granted access to. See more information on administering security below. Permissions are controlled through a combination of Users, Groups, Roles and ACLs in the Security menu in AdminCentral.
External security is achieved via servlet container features. The strength of the security depends on the container used to run Magnolia. To improve the security, Magnolia recommends that you run Apache Web Server or another proxy server in front of the application server.
To minimize the risk of attacks on user accounts on a public instance, best practice is to limit user accounts to the required number and type. There are two basic solutions to limit the user account data needed by public instances:
superuseraccount. Once this account is set up, you can add other accounts as needed. See the workflow documentation and how to add user accounts.
./magnolia) from public IP addresses. Next, specify the IP addresses from which users should have permission to log in to AdminCentral. For further information, see IP and HTTP permissions.
Content security. Since content and templates are usually customized or completely developed by the users of Magnolia, it is the responsibility of users to ensure that developed content is not exploitable by cross-site scripting, HTML injection or similar attacks. For templates provided with Magnolia, the system tries to ensure there are no such vulnerabilities.