My first REST request and REST API show you how to make requests to Magnolia's REST API. This document is about the REST module.

Magnolia's REST Web service allows you to manipulate content through a Web API. You can create, read, update and delete nodes in the JCR. The nodes can be pages, components, contacts or anything else that is stored in a named workspace. You can also execute commands to activate, export and import content.

The REST service is similar to the Data module in Magnolia 4.5 which pulled data from other sources into Magnolia. However, REST works with the push principle where your application communicates with a Magnolia REST endpoint and exchanges a representation of a resource such as an XML of a page. REST is useful for connection tasks. Use REST to push product data from a third party system into Magnolia and let editors enrich it in a Magnolia app, for example.

Modules

The Java API for RESTful Web Services - JAX-RS - is defined in the packages javax.ws.rs and  javax.xml.bind. These are interfaces and sufficient for endpoint classes during compilation. However, on runtime, when the REST resources are used, a webapp also requires implementations of the these two mentioned packages. Magnolia is using RESTeasy for this purpose.

These dependencies (for both the interfaces and the implementations) are managed by the magnolia-rest-integration module.


Magnolia's REST Web services consist of three modules.

REST Services

This module installs the endpoints of the REST API: node, property and command.

Node nameValue

 modules


 rest-services


 rest-endpoints


 commands


 nodes


 class

info.magnolia.rest.service.node.definition.ConfiguredNodeEndpointDefinition

 implementationClass

info.magnolia.rest.service.node.v1.NodeEndpoint

 properties


REST Integration

The REST Integration module installs the integration part of REST. The module:

  • Manages the dependencies for the required JAX-RS libraries.
  • Monitors /config/<module-name>/rest-endpoints for any new endpoints you want to register. The monitoring mechanism is the same as used for observing registered dialogs, templates and apps. 
  • Installs a special servlet RestDispatcherServlet which dispatches requests to the individual endpoints registered in configuration. 
  • Lets you define additional providers or marshallers (called MessageBodyWorkers in RESTeasy) you might need. The providers are responsible for translating the return object into JSON/XML and vice-versa.
  • Installs the default rest role that initially prevents access to unauthorized requests.

Node nameValue

 modules


 rest-integration


 config


 additionalProviders


 restExceptionMapper


 providerClass

info.magnolia.rest.RestExceptionMapper

 apiDeclarationProvider


 providerClass

com.wordnik.swagger.jaxrs.listing.ApiDeclarationProvider

 resourceListingProvider


 providerClass

com.wordnik.swagger.jaxrs.listing.ResourceListingProvider

REST Tools

The REST Tools module integrates the swagger tools into the Admin UI. These tools ease the development and testing of REST endpoints.

The module extends the RestDispatcherServlet with a custom, API-aware servlet that can read API annotations from all available REST endpoints. The servlet enables the endpoints in the Swagger API explorer. If you write your own endpoint you need to add annotations in the code yourself. 

(warning) Not installed by default.

Installing

Maven is the easiest way to install the modules. Add the following dependencies to your bundle:

<dependency>
  <groupId>info.magnolia.rest</groupId>
  <artifactId>magnolia-rest-services</artifactId>
  <version>1.2.2</version>
</dependency>


<dependency>
  <groupId>info.magnolia.rest</groupId>
  <artifactId>magnolia-rest-integration</artifactId>
  <version>1.2.2</version>
</dependency>


<dependency>
  <groupId>info.magnolia.rest</groupId>
  <artifactId>magnolia-rest-tools</artifactId>
  <version>1.2.2</version>
</dependency>

Pre-built jars are also available for download. See Installing a module for help.

Preconfigured Magnolia bundles contain the modules magnolia-rest-services and magnolia-rest-integration but not magnolia-rest-tools. When adding magnolia-rest-tools directly to your bundle, please unpack the zip file and add all its files to WEB-INF/libs of your webapps.

Configuration

Setting the API base path

The Swagger API explorer tool searches for the API at a path set in /modules/rest-tools/config/apiBasepath. The default value is http://localhost:8080/.rest. The value for this property must match the following pattern:

<protocol>://<hostname>:<port>/<context>/.rest

When using one of Magnolia's preconfigured bundles running on localhost, set the property to  http://localhost:8080/magnoliaAuthor/.rest.

Set the path to where REST services reside on your system. If you run the standard Magnolia bundle and work on the author instance, set the path to http://localhost:8080/magnoliaAuthor/.rest.

Node nameValue

 modules


 rest-tools


 config


 apiBasepath

http://localhost:8080/magnoliaAuthor/.rest

After setting the base path, restart Magnolia.

Swagger is in Dev > REST Tools.


Security

Permissions to issue REST requests are controlled using Magnolia's standard role-based security mechanism.

rest role

The REST module installs a rest role which has the permission to issue requests to the nodes and properties endpoints by default.

Web access

PermissionPath
Deny/.rest*
Deny/.rest/commands*
Deny/.rest/nodes*
Get & Post/.rest/nodes/v1/website*
Deny/.rest/properties*
Get & Post/.rest/properties/v1/website*
Get & Post/.rest/cache/v1*
Get & Post/.rest/api-docs*

Configured access

Applies toNamePath
CommandsDelete/modules/rest-services/rest-endpoints/commands/enabledCommands/markAsDeleted/access/roles

Activate
/modules/rest-services/rest-endpoints/commands/enabledCommands/activate/access/roles

The superuser account has the rest role by default so you can use superuser to test your requests. However, for production use you should create a dedicated account for REST. The anonymous account is specifically denied access to the REST endpoints.

Enabling commands (optional)

Commands are custom actions executed at pre-defined trigger points. Magnolia uses commands to activate content, send email, flush the cache, take backups, import and export data, and to do many other tasks. Commands can perform duties within the system or connect to external resources.

(warning) You can make sweeping changes with commands, such as bypassing approval and deleting the whole site. Commands are therefore subject to a special security restrictions. 

To enable the use of commands through REST:

  1. Open the security app and grant the rest role a permission to the issue requests to the commands endpoint.  Permission to the endpoint is denied by default. Add a new rule.
  2. Whitelist any commands you want to expose to REST. The white list is managed in /modules/rest-services/rest-endpoints/commands/enabledCommands.
Node nameValue

 modules


 rest-services


 rest-endpoints


 commands


 enabledCommands


 activate


 access


 roles


 rest

rest

 catalogName

website

 commandName

activate

 markAsDeleted


Properties:

enabledCommands

required

Enabled commands node.

<command>

required

Arbitrary name for the command. Use any name you like.

access

required

Access node.

roles

required

Roles node.

<role>

required

Role name. Grants the role permission to execute the command . Add the default rest role. The property name is arbitrary but the value must be a valid role name.

catalogName

required

Catalog where the command resides.

commandName

required

Command definition name.

#trackbackRdf ($trackbackUtils.getContentIdentifier($page) $page.title $trackbackUtils.getPingUrl($page))