Enable password-protected commands
When the password-protected commands feature is enabled, WebSphere Commerce requires registered users who are logged onto WebSphere Commerce to enter their password before continuing a request that runs designated WebSphere Commerce commands. When you configure password-protected commands, be aware of the consequences of specifying a command that can be run by generic and guest users. Configuring such commands as password-protected will prevent generic and guest customers from running them.
Procedure
- Open the WebSphere Commerce configuration file.
- Edit the following block:
<PasswordProtectedCmds enabled="true" name="Password Protected Commands" retries="3"> <Command display="false" name="Command1" /> <Command display="false" name="Command2" /> <Command display="false" name="Command3" /> </PasswordProtectedCmds>where:
- PasswordProtectedCmds.enabled
- Specifies whether password-protection is enabled. Possible values are true or false.
- PasswordProtectedCmds.retries
- The number of times an authenticated user is prompted to login before the user is logged off.
- PasswordProtectedCmds.Command.name
- The action path (defined in Struts configuration files) of the controller command that is to be password-protected.
For example, if we wanted to password-protect com.ibm.commerce.usermanagement.commands.UserRegistrationUpdateCmd, then you would specify its path, UserRegistrationUpdate, as the value of this attribute: Struts configuration filesFor Version 9.0.0.x:
<action parameter="com.ibm.commerce.usermanagement.commands.UserRegistrationUpdateCmd" path="/UserRegistrationUpdate" type="com.ibm.commerce.struts.BaseAction"> <set-property property="authenticate" value="0:0"/> <set-property property="https" value="0:1"/> </action>
For Version 9.0.1+:
<action class="com.ibm.commerce.struts.v2.BaseAction" name="UserRegistrationUpdate"> <param name="authenticate">0:0</param> <param name="https">0:1</param> <param name="parameter">com.ibm.commerce.usermanagement.commands.UserRegistrationUpdateCmd</param> </action>WebSphere Commerce configuration file
<PasswordProtectedCmds enabled="true" name="Password Protected Commands" retries="3" > <Command display="false" name="UserRegistrationUpdate" /> </PasswordProtectedCmds>