Secure > Enhance site security

Enable password-protected commands

When the password-protected commands feature is enabled, WebSphere Commerce requires registered users who are logged onto WebSphere Commerce to enter their password before continuing a request that runs designated WebSphere Commerce commands. When you configure password-protected commands, be aware of the consequences of specifying a command that can be run by generic and guest users. Configuring such commands as password-protected will prevent generic and guest customers from running them.

Procedure

1. Open the WebSphere Commerce configuration file.

2. Edit the following block:

   <PasswordProtectedCmds 
           enabled="true"
           name="Password Protected Commands"
           retries="3"> 
          
   <Command display="false" name="Command1" />        
   <Command display="false" name="Command2" />        
   <Command display="false" name="Command3" /> 
   </PasswordProtectedCmds> 
   

   Where:

   PasswordProtectedCmds.enabled

   Specifies whether password-protection is enabled. Possible values are true or false.

   PasswordProtectedCmds.retries

   The number of times an authenticated user is prompted to login before the user is logged off.

   PasswordProtectedCmds.Command.name

   The action path (defined in Struts configuration files) of the controller command that is to be password-protected.

   For example, if you wanted to password-protect com.ibm.commerce.usermanagement.commands.UserRegistrationUpdateCmd, then you would specify its path, UserRegistrationUpdate, as the value of this attribute:

   Struts configuration files

   <action parameter="com.ibm.commerce.usermanagement.commands.UserRegistrationUpdateCmd" 
       path="/UserRegistrationUpdate" type="com.ibm.commerce.struts.BaseAction"> 
      
   <set-property property="authenticate" value="0:0"/>    
   <set-property property="https" value="0:1"/>
   </action>
   

   WebSphere Commerce configuration file

   <PasswordProtectedCmds 
       enabled="true"
       name="Password Protected Commands"
       retries="3" >    
   <Command display="false" name="UserRegistrationUpdate" />
   </PasswordProtectedCmds>
   

3. Start the WebSphere Commerce instance if it is not already started.
   

4. Run the following command:

   • WC_INSTALL/bin/config_ant.sh -DinstanceName=instance UpdateEAR

   • WC_INSTALL/bin/config_ant.bat -DinstanceName=instance UpdateEAR

5. Restart the WebSphere Commerce instance.
   

• Views for password protected commands
  To use the password protected commands security feature, you need to define the PasswordReEnterErrorView and the PasswordReEnterFormView views for the store.

+

Search Tips   |   Advanced Search