Protecting data beans

Data beans contain information about business objects and are used to display object information about a Web page. Dynamic Web pages are usually mapped to views within WebSphere Commerce, and these views are protected by role-based policies. It is sometimes necessary to further protect the content of the Web page by protecting its data beans, if they exist.


Task info

When data beans are populated using the DataBeanManager.activate(..) method, the data bean managers enforce access control on them. Data beans can be protected directly or indirectly, using the Delegator interface. Directly protected data beans also implement the com.ibm.commerce.security.Protectable interface. If an indirectly protected data bean does not implement the Delegator interface, or returns a null value for the getDelegate() method, it is not protected and can be displayed by anyone.The following is an example of a resource-level policy for a data bean:

The ActionGroupName, DisplayDatabeanActionGroup, indicates that this policy is a policy for data beans. This action group includes one Display action. where:

The OrderDataBeanResourceGroup is defined as follows:

The OrderDataBeanResourceGroup consists of two resources. The following is a sample resource definition for a data bean:

where: