364 WebSphere Commerce Portal V5.4 Solutions
Table B-4 AD04: Store WebSphere Commerce logon password in a property file
Modifications to Commerce Enhancement Pack code
The RemoteServletInvokerPortlet.java was modified to invoke the WCS Logon
command if SSO is disabled. The modified code will use the current portal user
ID to log on to WebSphere Commerce. Since in a development environment
(WebSphere Application Server Advanced Single Server Edition) Java
Authentication and Authorization Service (JAAS) functionality is limited, it is not
possible to get the PasswordCredential object for the current user. To minimize
code modifications, we decided that for development environment it is
acceptable to have the same password for all WebSphere Commerce users. The
password and WebSphere Commerce logon URL are stored in the
WCSLogon.properties file located in
C:\WebSphere\AppServer\lib\app\config\services\WCSLogon.properties.
Decision The first alternative was chosen because the second
scenario requires adding a configuration parameter for
every commerce portlet.
Architectural Decision
ID
AD04
Architectural Decision Store WebSphere Commerce logon password in a
property file together with other WebSphere Portal
property files.
Problem Statement A pasword is needed to call logon command in
WebSphere Commerce machine.
Assumptions All users defined in WebSphere Commerce test system
must have the same password.
Motivation
Alternatives 1. Store WebSphere Commerce password in property
file.
2. Store WebSphere Commerce password in
WebSphere Portal credential vault.
Decision The first alternative was chosen to minimize
development effort. To use a similar logon mechanism
in production environment, WebSphere Portal
credential vault must be used.
Architectural Decision
ID
AD03
Appendix B. Logon for commerce portlets without single sign-on 365
When a new HttpClient object is created and the SSOEnabled flag is set to false,
WebSphere Commerce logon command is called with the current portal user ID
and the password read from WCSLogon.properties file. The HTTP response
from the logon command contains WebSphere Commerce session cookies. The
cookies are automatically stored in the HttpClient CookieTable object and
included in subsequent requests to WebSphere Commerce. In this case, the
WebSphere Commerce session is managed like a regular user browser session
without the need for single sign-on capabilities.
Example: B-1 Modified RemoteServletInvokerPortlet.java code
private synchronized HttpClient
getHttpClientForThisApplicationSession(PortletRequest portletrequest) {
com.ibm.commerce.portal.wpsapiextensions.ApplicationSession
applicationsession =
ApplicationPortlet.getApplicationSession(portletrequest, true);
Object obj = applicationsession.get("httpclientobjectkey");
if (obj == null) {
obj = new HttpClient();
applicationsession.put("httpclientobjectkey", obj);
if (!isSSOEnabled(portletrequest)) {
try {
PortletContext context = getPortletConfig().getContext();
//Get the Logon URL and password from properties file
String password =
context.getText(
"app.config.WCSLogon",
"WCSPassword",
portletrequest.getLocale());
String logonURLTemplate =
context.getText(
"app.config.WCSLogon",
"WCSLogonURL",
portletrequest.getLocale());
String userID = portletrequest.getUser().getUserID();
StringBuffer logonURL = new StringBuffer(logonURLTemplate);
logonURL = logonURL.append("&logonId=").append(userID);
logonURL = logonURL.append("&logonPassword=").append(password);
((HttpClient) obj).getThisURLContents(
logonURL.toString(),
Note: The getHttpClientForthisApplicationSession() method was static in the
original code. It was modified to be nonstatic to be able to access
PortletContext object.
Get WebSphere Commerce Portal V5.4 Solutions now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
