Program Adapter
The Program Adapter allows external systems to communicate with WebSphere Commerce by passing XML requests over the HTTP protocol. The Program Adapter provides external systems such as procurement systems with a common way to communicate with WebSphere Commerce through HTTP, allowing WebSphere Commerce to act as a supplier to these systems, for buyer/supplier transactions. The Program Adapter handles incoming XML requests by performing the following actions:
- Recognizing the request and verifying if it is an XML request. If the following three attributes of the request are supported, it can be distinguished it as an XML request.
- content-type
- method
- character encoding
The supported request attributes are specified in the adapter configuration.
- Extracting the input stream of the request.
- Calling the message mapper and passing the content of the input stream.
- Receiving the CommandProperty object representing a WebSphere Commerce command returned by the message mapper.
- Determine the proper device format in which to generate the response.
- Executing the command.
- Sending an XML response message, created by a JSP file and based on the viewname specified by the command executed and the device format of the received request.
Each request is treated as a separate session. The credentials of the message are specified in the control area of the message. By default, the Program Adapter checks the user ID and password parameters to determine the authenticity of a request. The Program Adapter does not support legacy messages because legacy messages do not support the specification of credentials.
The lifecycle of the Program Adapter exists throughout the WebSphere Commerce instance. It is initialized when an instance is started unless its configuration parameters are removed or the adapter is not enabled, and it resides as long as the instance runs.
Program Adapter security for HTTP requests
This level of security requires that a request sent to WebSphere Commerce contains a user ID and password. If the password does not match the specified user ID, a security exception is thrown and the request is rejected. If the user ID and password are not specified in the request, the request is processed as a guest customer. This means that commands that need authorization before executing must have the credentials specified in the request. This form of security behaves in a similar manner to HTTP requests made from a browser client.
The class that implements this security level is messaging.programadapter.security.CredentialsSpecifiedProgramAdapterSessionContextImpl.
The validation of credentials uses the same technique used when customers interact with WebSphere Commerce through a browser. This takes into consideration whether the user registration is handled by WebSphere Commerce or vendor software.
All of the WebSphere Commerce supported XML integration messages support this level of security, although credential specification is not mandatory. Legacy messages are not supported by this implementation of security.
Program Adapter security for WebSphere MQ
To change the level of security, change the value of the class attribute in the SessionContext element of the WebSphere MQ adapter configuration.
Before the request is executed by the WebController, the WebController determines the credentials the request must execute under. This is determined by the specified class, which uses the CommandProperty object to determine the credentials of the request.
There are two levels of security available:
- Level 1
- Limited security.
This level of security is enabled by default at installation. It assumes that all requests are to be processed by a default user ID unless otherwise specified. If the request is to be processed by another user ID, this user ID is specified in the request. The password of the specified user ID is not required and the request is processed by WebSphere Commerce using the credentials of the specified user.
The class that implements this security level is messaging.programadapter.security.DefaultCredentialsProgramAdapterSessionContextImpl.
- Level 2
- User ID and password required for every request.
This level of security requires that a request sent to WebSphere Commerce contains a user ID and password. If the password does not match the specified user ID, a security exception is thrown and the request is rejected. If the user ID and password are not specified in the request, the request is processed as a guest customer. This means that commands that need authorization before executing must have the credentials specified in the request.
The class that implements this security level is messaging.programadapter.security.CredentialsSpecifiedProgramAdapterSessionContextImpl.
The validation of credentials uses the same technique used when customers interact with WebSphere Commerce through a browser. This takes into consideration whether the user registration is handled by WebSphere Commerce or vendor software.
All of the WebSphere Commerce supported XML integration messages support this level of security, although credential specification is not mandatory.
You can also create your own customized security class. The only restriction is that it must implement the ProgramAdapterSessionContext interface.
(C) Copyright IBM Corporation 1996, 2006. All Rights Reserved.