Platform Explorer / Nuxeo Platform LTS 2017 9.10

Extension point bindings

Documentation

Rest security bindings on operations

Contribution Descriptors

  • Class: org.nuxeo.ecm.automation.server.RestBinding

Existing Contributions

Contributions are presented in the same order as the registration order on this extension point. This order is displayed before the contribution name, in brackets.

  • nuxeo-drive-operations-9.10.jar /OSGI-INF/nuxeodrive-automation-bindings-contrib.xml
    <extension point="bindings" target="org.nuxeo.ecm.automation.server.AutomationServer">
        <!-- Protect Nuxeo Drive integration test operations -->
        <binding name="NuxeoDrive.SetupIntegrationTests">
          <administrator>true</administrator>
        </binding>
        <binding name="NuxeoDrive.TearDownIntegrationTests">
          <administrator>true</administrator>
        </binding>
        <binding name="NuxeoDrive.WaitForAsyncCompletion">
          <administrator>true</administrator>
        </binding>
        <binding name="NuxeoDrive.SetVersioningOptions">
          <administrator>true</administrator>
        </binding>
        <binding name="NuxeoDrive.CreateTestDocuments">
          <administrator>true</administrator>
        </binding>
        <binding name="NuxeoDrive.SetActiveFactories">
          <administrator>true</administrator>
        </binding>
      </extension>
  • nuxeo-drive-elasticsearch-9.10.jar /OSGI-INF/nuxeodrive-elasticsearch-automation-bindings-contrib.xml
    <extension point="bindings" target="org.nuxeo.ecm.automation.server.AutomationServer">
        <!-- Protect Nuxeo Drive integration test operations -->
        <binding name="NuxeoDrive.WaitForElasticsearchCompletion">
          <administrator>true</administrator>
        </binding>
      </extension>
  • nuxeo-automation-server-9.10.jar /OSGI-INF/binding-contrib.xml
    <extension point="bindings" target="org.nuxeo.ecm.automation.server.AutomationServer">
        <!-- don't allow GET of arbitrary URLs on the server -->
        <binding name="Blob.CreateFromURL">
          <administrator>true</administrator>
        </binding>
        <!-- don't allow POST of arbitrary URLs on the server -->
        <binding name="Blob.Post">
          <administrator>true</administrator>
        </binding>
        <!-- don't allow write of arbitrary files on the server -->
        <binding name="Blob.ExportToFS">
          <administrator>true</administrator>
        </binding>
        <!-- don't allow arbitrary email sending on the server -->
        <binding name="Document.Mail">
          <administrator>true</administrator>
        </binding>
    
        <!-- protect access to directories -->
        <binding name="Directory.Entries">
          <administrator>true</administrator>
        </binding>
        <!-- protect arbitrary script execution -->
        <binding name="RunInputScript">
          <administrator>true</administrator>
        </binding>
        <binding name="RunScript">
          <administrator>true</administrator>
        </binding>
        <!-- protect counter access -->
        <binding name="Counters.GET">
          <administrator>true</administrator>
        </binding>
      </extension>
  • nuxeo-elasticsearch-automation-9.10.jar /OSGI-INF/operations-contrib.xml
    <extension point="bindings" target="org.nuxeo.ecm.automation.server.AutomationServer">
        <binding name="Elasticsearch.Index">
          <administrator>true</administrator>
        </binding>
        <binding name="Elasticsearch.WaitForIndexing">
          <administrator>true</administrator>
        </binding>
      </extension>
  • nuxeo-automation-features-9.10.jar /OSGI-INF/bindings-contrib.xml
    <extension point="bindings" target="org.nuxeo.ecm.automation.server.AutomationServer">
        <!-- don't allow direct access to Audit log -->
        <binding name="Audit.Query">
          <administrator>true</administrator>
        </binding>
        <binding name="Audit.QueryWithPageProvider">
          <administrator>true</administrator>
        </binding>
        <!-- don't allow direct access to user operations -->
        <binding name="User.CreateOrUpdate">
          <administrator>true</administrator>
        </binding>
        <binding name="Group.CreateOrUpdate">
          <administrator>true</administrator>
        </binding>
      </extension>