Chapter 2. WebSphere Commerce Portal architecture 57
WebSphere Commerce Portal
– Chapter 5, “Implement the runtime environment” on page 165
– Commerce Enabled Portal Integration Guide, IBM Commerce
Enhancement Pack April 2003 Edition
2.5 Access control
Access control refers to management of permissions of a user that has been
authenticated on the Web site. This may include limiting the way in which the
user or organization interacts with the site.
There are several access control types implemented for WebSphere,
WebSphere Commerce, WebSphere Portal, and WebSphere Commerce Portal.
The WebSphere Application Server relies on a combination of the Tivoli Access
Manager (TAM) and IBM Directory Server (LDAP) for access control and
authentication services. Both WebSphere Commerce and WebSphere Portal
have their own product-specific implementations for access control. When
implementing a commerce enabled portal site, it is possible that the Web site
may include all three methods of access control.
WebSphere Portal access control
Access control within IBM WebSphere Portal V4.2.1 is managed from the Portal
Administration available from the pull-down found on the WebSphere Portal
home page. This allows the administrator to set the access permissions (none,
view, edit, manage, delegate) for users and groups for a given object type
(portlets, portlet application, portal, places, etc.).
WebSphere Commerce access control
Once the organizations and users that will participate with the WebSphere
Commerce site have been defined, the activities performed can be restricted as
desired by a set of access control policies. The activities that access control
policies operate can range from registration, managing auctions, updating the
product catalog, granting approvals on orders, as well as hundreds of other
activities required to manage an e-commerce Web site. In a nutshell, the access
control policies are the permissions that grant access to various features of your
e-commerce Web site.
From a programming perspective, some common functions of access control
regarding a WebSphere Commerce site are the access controls for protecting
views, commands, and data bean execution.
58 WebSphere Commerce Portal V5.4 Solutions
The following is a summary of the access control methods included in
WebSphere Commerce:
User interface
In addition to the policy editing pages accessible from the Access
Management menu of the Administration Console, WebSphere Commerce
provides view pages for viewing policies, and their related action groups,
access groups, and resource groups. The policy viewing pages are
seamlessly integrated into the Administration Console user interface and can
be accessed using the buttons added to the existing policy editing pages.
Coarse and fine-grained access control
WebSphere Commerce V5.4 provides the ability for coarse-grained and
fine-grained access control.
WebSphere Commerce coarse-grained access control can be used, for
example, to permit buyers to cancel orders by invoking the cancel order
function.
WebSphere Commerce provides the ability for fine-grained access control by
defining who can invoke what functions against which business object
instances (also referred to as resources). In the same example, you are not
only able to permit buyers to cancel orders, but limit buyers to invoke the
cancel order function only against their own orders, not the orders of other
users.
The added power of fine-grained access control combined with
coarse-grained access control allows you a greater range of access
management and the ability to fine-tune the activities that users are permitted
to do on your site.
Both coarse-grained and fine-grained access control can be implemented
using XML-based access control policies, which can be modified from the
Policy Viewer of the WebSphere Commerce Administration Console.
WebSphere Commerce Portal
The access control permissions for a WebSphere Commerce Portal solution
include both WebSphere Portal permissions and WebSphere Commerce access
controls. The commerce enabled portal store developed will need to incorporate
the access control methods of both WebSphere Commerce and WebSphere
Portal.
Where to find more information
Additional information on access control can be found as follows:
WebSphere Commerce
– Access Control Guide, IBM WebSphere Commerce V5.4 product guide
Get WebSphere Commerce Portal V5.4 Solutions now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
