Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 8 Next »

Security improvements

WXM-16519

See

WXM-16519 - Getting issue details... STATUS

WXM-16505 - Getting issue details... STATUS

We strongly recommend to update your .wediaportalrc file in order to add 2 new keys :

{
"default_user_object": "restapiapp", // represents the object that should be used for the REST application while user is not connected
"default_user_id": "1" // represents the id of that object that should be used for the REST application while user is not connected
}

Having those 2 keys allows us to initiate a server session directly in the JSP if the current one is not suitable. It becomes therefore useless to send the credentials in the rendered HTML.

Note that providing the app name, key and secret is still required when you are working in development mode (localhsot:9000)

Due to security restriction, all users that need to have access to the back-office MUST have a rule for BO access set up in the security domain “Applications”, like this example :

image-20240612-150410.png

Analytics events

For events logged by the /api/wedia/analytics/log/event, /api/wedia/analytics/log/objectdata, /api/wedia/analytics/log/evp/objectdata APIs, it is now necessary to register the session type (passed in sessionType parameter) in the sessionTypesAuthorized parameter of the WXM_BO_Options plugin.

Translations by DeepL

Translation by DeepL is now enabled by default in the Starter Kit.

If you need to disable it, go to the WXM_BO_Options plugin and set the translateUseDeepl parameter to false.
The WXM_BO_Options plugin must of course be activated. If it is not, we recommend that you activate it. If it is not, the entire configuration is the basic one. To activate DeepL, go to the engine's system parameters (DeepL Translation section).

WXM_RESTAPI and dependencies to API business services

An important change has been made in the component supporting custom sections: for the purposes of optimizing property loading, it is necessary to know which properties to load for the evaluation of custom section information.

  1. If you don't need to load any particular object properties, simply rebuild your plugin with the new version. The best way to do this is to use the graddle dependency (as shown here).
    (warning) It is not possible to guarantee effective loading of the custom sections components if the plugin is not rebuilt with the correct version of the restapibs library.

  2. If you need to load properties, specify by implementing the method getFieldnames(ObjectCustomSectionContext context, String pathProps, String objectName, IObjectStructureReadOnly structure).

  3. If the current implementation already involves reloading the object to have the necessary properties available, it is recommended to use the method getFieldnames to avoid having to do this for performance reasons.

  • No labels