Security improvements
WXM-16519
See
- WXM-16519Getting issue details... STATUS
- WXM-16505Getting issue details... STATUS
We strongly recommend to update your .wediaportalrc
file in order to add 2 new keys :
{ "default_user_object": "restapiapp", // represents the object that should be used for the REST application while user is not connected "default_user_id": "1" // represents the id of that object that should be used for the REST application while user is not connected }
Having those 2 keys allows us to initiate a server session directly in the JSP if the current one is not suitable. It becomes therefore useless to send the credentials in the rendered HTML.
Note that providing the app name, key and secret is still required when you are working in development mode (localhsot:9000)
Due to security restriction, all users that need to have access to the back-office MUST have a rule for BO access set up in the security domain “Applications”, like this example :
Analytics events
For events logged by the /api/wedia/analytics/log/event, /api/wedia/analytics/log/objectdata,
/api/wedia/analytics/log/evp/objectdata APIs, it is now necessary to register the session type (passed in sessionType
parameter) in the sessionTypesAuthorized
parameter of the WXM_BO_Options
plugin.
Translations by DeepL
Translation by DeepL is now enabled by default in the Starter Kit.
If you need to disable it, go to the WXM_BO_Options plugin and set the translateUseDeepl
parameter to false
.
The WXM_BO_Options plugin must of course be activated. If it is not, we recommend that you activate it. If it is not, the entire configuration is the basic one. To activate DeepL, go to the engine's system parameters (DeepL Translation section).
WXM_RESTAPI and dependencies to API business services
An important change has been made in the component supporting custom sections: for the purposes of optimizing property loading, it is necessary to know which properties to load for the evaluation of custom section information.
If you don't need to load any particular object properties, simply rebuild your plugin with the new version. The best way to do this is to use the graddle dependency (as shown here).
It is not possible to guarantee effective loading of the custom sections components if the plugin is not rebuilt with the correct version of the restapibs library.If you need to load properties, specify by implementing the method getFieldnames(ObjectCustomSectionContext context, String pathProps, String objectName, IObjectStructureReadOnly structure).
If the current implementation already involves reloading the object to have the necessary properties available, it is recommended to use the method getFieldnames to avoid having to do this for performance reasons.