Platform Explorer / Nuxeo Platform 6.0

Extension point bindings

Documentation

Rest security bindings on operations

Contribution Descriptors

  • Class: org.nuxeo.ecm.automation.server.RestBinding

Existing Contributions

Contributions are presented in the same order as the registration order on this extension point. This order is displayed before the contribution name, in brackets.

  • nuxeo-drive-operations-6.0.jar
    <extension point="bindings" target="org.nuxeo.ecm.automation.server.AutomationServer">
        <!-- Protect Nuxeo Drive integration test operations -->
        <binding name="NuxeoDrive.SetupIntegrationTests">
          <administrator>true</administrator>
        </binding>
        <binding name="NuxeoDrive.TearDownIntegrationTests">
          <administrator>true</administrator>
        </binding>
        <binding name="NuxeoDrive.WaitForAsyncCompletion">
          <administrator>true</administrator>
        </binding>
        <binding name="NuxeoDrive.SetVersioningOptions">
          <administrator>true</administrator>
        </binding>
        <binding name="NuxeoDrive.CreateTestDocuments">
          <administrator>true</administrator>
        </binding>
        <binding name="NuxeoDrive.SetActiveFactories">
          <administrator>true</administrator>
        </binding>
      </extension>
  • nuxeo-automation-features-6.0.jar
    <extension point="bindings" target="org.nuxeo.ecm.automation.server.AutomationServer">
        <!-- don't allow direct access to Audit log -->
        <binding name="Audit.Query">
          <administrator>true</administrator>
        </binding>
        <binding name="Audit.PageProvider">
          <administrator>true</administrator>
        </binding>
      </extension>
  • nuxeo-automation-server-6.0.jar
    <extension point="bindings" target="org.nuxeo.ecm.automation.server.AutomationServer">
        <!-- don't allow GET of arbitrary URLs on the server -->
        <binding name="Blob.Create">
          <administrator>true</administrator>
        </binding>
        <!-- don't allow POST of arbitrary URLs on the server -->
        <binding name="Blob.Post">
          <administrator>true</administrator>
        </binding>
        <!-- don't allow write of arbitrary files on the server -->
        <binding name="Blob.ToFile">
          <administrator>true</administrator>
        </binding>
        <!-- don't allow arbitrary email sending on the server -->
        <binding name="Notification.SendMail">
          <administrator>true</administrator>
        </binding>
    
        <!-- protect access to directories -->
        <binding name="Directory.Entries">
          <administrator>true</administrator>
        </binding>
        <!-- protect arbitrary script execution -->
        <binding name="Context.RunInputScript">
          <administrator>true</administrator>
        </binding>
        <binding name="Context.RunScript">
          <administrator>true</administrator>
        </binding>
        <!-- protect counter access -->
        <binding name="Counters.GET">
          <administrator>true</administrator>
        </binding>
      </extension>