Add access control to an existing WebSphere Commerce entity bean that is not already protected

If you are using an existing WebSphere Commerce entity bean and the application requires that the bean be protected by access control, you can add this protection.

The following list provides the high-level steps protect an existing WebSphere Commerce entity bean under the WebSphere Commerce access control system:

1. Open the BeanName.java class. This is the remote interface. Modify this so that it extends the com.ibm.commerce.security.Protectable interface.

2. If a resource is going to be grouped by an attribute other than its Java class name for the purpose of applying access control policies, the remote interface of the bean must also extend the com.ibm.commerce.grouping.Groupable interface.

3. Save your changes to the remote interface.

4. Open the BeanNameBean.java class, where BeanName is the name of the entity bean to which you are adding access control protection.

5. The enterprise bean class inherits default implementations for the following methods from com.ibm.commerce.base.objects.ECEntityBean:

   • getOwner

   • fulfills

   • getGroupingAttributeValue

   Override any methods that you need. At a minimum, override the getOwner method. Refer to Implementing access control in enterprise beans for more information about these methods.

6. Save your changes. Regenerate the deployed and RMIC code for the bean, as well as the corresponding access bean.