Security in extension points
Java™ API extension points can be started in secure or insecure mode.
If an extension point is started in secure mode, a check is performed to make sure every Product Master Server object that is exposed through the argument
bean is accessible, and a PIMAuthorizationException error is thrown if the user
does not have required privileges. If extension points are started in insecure mode, the
authorization check is not performed for every object.
You can configure the security with the
javaapi_security flag in the
common.properties file. By default, the javaapi_security flag
is set to true. You can disable the security by setting
javaapi_security to false.Important: The
javaapi_security flag affects both API and UI.- Starting an extension point in a secure environment
- Set the
javaapi_securityflag totrue, and use thejapis://URL instead of thejapi://URL.Example
//script_execution_mode=java_api="japis: ///uploaded_java_classes:wpc.javaapi.test.extensionpoints.CatalogPreviewTestImpl.class" - Starting an extension point in an insecure environment
-
- If the
javaapi_securityflag is set tofalse- Bothjapi://andjapis://URLs run in the insecure mode where no permission authorization is performed. - If the
javaapi_securityflag is set totrue- You can run the extension point in an insecure mode by using thejapi://URL instead of thejapis://URL.
- If the