Magnolia 5.7 reached extended end of life on May 31, 2022. Support for this branch is limited, see End-of-life policy. Please note that to cover the extra maintenance effort, this EEoL period is a paid extension in the life of the branch. Customers who opt for the extended maintenance will need a new license key to run future versions of Magnolia 5.7. If you have any questions or to subscribe to the extended maintenance, please get in touch with your local contact at Magnolia.
This page describes the API for handling personal data protection tasks if you are developing a custom module in Java. The API is applicable also for the purposes of GDPR – General Data Protection Regulation (Regulation (EU) 2016/679). The API covers two areas of personal data protection: handling visitor consent and managing cookies.
Handling visitor and consent information
To use the visitor API, make sure that your project depends on the Visitor manager module:
The VisitorManager and the Visitor are the central interfaces needed for handling visitor information. The
magnolia-privacy-visitor-manager module provides a JCR-based implementation for the Visitor manager (JcrBasedVisitorManager), which stores data in the JCR
The VisitorManager is a singleton. To get an instance, inject it in the public constructor of the class where you want to use it.
Line 11: Assigns the injected VisitorManager to the private final class member variable.
Getting a visitor
Use the Visitor to get a visitor.
Getting visitor consent
Getting all references to a visitor
Deleting all visitor data
Note: Deleting visitor data is done usually upon a request coming from a consent confirmation link (sent via email).
Getting consent source
The source can be a URL, an email address or a phone number where the last consent update came from.
Checking consent status
Consent status may be given, denied or withdrawn.
The following example changes the previous consent status to
given with an expiration of one month:
To use the Cookie manager API make sure that your project depends on the Cookie manager module:
To handle cookies on the server side, Magnolia provides CookieManager. The Cookie manager knows about a website visitor's consent that is related to cookies.
Instead of utilizing the java core cookie API, we recommend using the Cookie manager since the manager only adds cookies upon consent given by a website visitor.
The Cookie manager implementation is a singleton. To get an instance, inject it in the public constructor of the class where you want to use it.Line 7: Assign the injected cookieManager to private final class member variable.
Getting a cookie from a request
The method returns the cookie object or
null by a given cookie id.
Adding a cookie
Adding a cookie with the Cookie manager requires a CookieDefinition. You can get a cookie definition as defined in the Cookies app with the Cookie manager, see getting and adapting a cookie definition.
The cookie is only added if the website visitor has given consent for the cookie.
Line 4: You can override properties of the definition coming from the Cookies app.
Checking consent for a cookie
The method checks whether the website visitor has given consent for a potential cookie. You need a CookieDefinition to check for consent. Also, read Understanding the decision whether a cookie is set or not, which explains the check consent mechanism for a specific cookie.
Getting a cookie definition
The method returns a CookieDefinition by a given cookie id.
Returned cookie definitions are those managed with the Cookies app. The Cookie manager always returns a clone of the definition as configured in the Cookies app. This means that you also can override properties of the cookie definition as set in the Cookies app.