Filter
Top Products
6320ch_sum_of_changes.fm Draft Document for Review July 28, 2004 7:33 pm
18 Keeping Commerce Applications Updated WebSphere Commerce 5.1 to 5.6 Migration Guide
An access control policy authorizes a group of users to perform particular
actions on a group of WebSphere Commerce resources. Unless
authorized through one or more access control policies, users have no
access to any functions. Access control policies grant authorization to a
specific group of users to perform particular actions on resources in a
specified resource group.
An access control policy consists of four parts:
• Access group: The group of users to which the policy applies.
• Action group: A group of actions.
• Resource group: The resources controlled by the policy. A resource
group may include business objects such as
contract or order, or a set
of related commands.
• Relationship (optional): Each resource type can have a set of
relationships associated with it. Each resource can have a set of users
that fulfill each relationship.
– Policy groups
Different organizations in an e-commerce site require different sets of
access control policies. For example, a seller organization would require
shopping-related policies, while a buyer organization would not need
them. In order to accomplish this type of requirement, in WebSphere
Commerce, access control policies are partitioned into access control
policy groups. In order for an access control policy to be applied in the site,
it must belong to an access control policy group. Then, based on their
business and access control requirements, organizations subscribe to the
appropriate access control policy groups.
Session control
WebSphere Commerce is a WebSphere application that is based on the
J2EE specification. For this reason, WebSphere Commerce follows the
servlet specification for session management.
– Session manager: You can configure WebSphere Commerce session
manager from the Session Management tab via the Configuration
Manager to use either WebSphere Commerce or WebSphere Application
Server.
The WebSphere Commerce session manager offers better performance,
but does not allow extra information to be added to the session and the
WebSphere Application Server does.
– Session types: WebSphere Commerce supports two types of session
management: cookie based and URL rewriting. For security reasons,
cookie-based session management uses two types of cookies: