Protectable interface
For control policies resources must implement the com.ibm.commerce.security.Protectable interface, which is used with beans that require protection.
With the Protectable interface, a resource must provide two key methods:
- getOwner()
- fulfills(Long member, String relationship)
The getOwner method returns the memberId of the owner of the protectable resource. The owner of the resource is used to determine which policies to apply to the resource. This owner can be a user or an organization. If the owner happens to be a user, the access control policy manager will use that user's parent organization as the basis for determining which policies to apply. If the organization that owns the resource subscribes to one or more policy groups, only the policies in those policy groups will apply to the resource. If the resource is owned by an organization that does not subscribe to any policy groups, the access control policy manager will search up the organization hierarchy until it encounters the closest ancestor organization that subscribes to at least one policy group; once found, the policy manager will apply the policies belonging to those policy groups.
The fulfills(Long member, String relationship) method only returns true if the given member satisfies the required relationship with respect to the resource. Typically the member is a single user, however it can also be an organization. It would be an organization if we are using a relationship group in the access control policy.
By default, the fulfills method on a particular resource can simply return false. A nontrivial implementation of the fulfills method is needed when there are policies for the resource that involve a relationship other than "owner" or when the policies involve a relationship group. For relationship groups, only the last <parameter name="Relationship" value="aValue"/> element in each relationship chain must be handled by the resource's fulfills method. The rest of the relationship chain parameter elements are handled internally by the access control policy manager.
Related concepts
Access control interactions
Groupable interface
WebSphere Commerce access control policies
Authorization
Access control implications when a controller command is extended
Understand access control
Resource protection in WebSphere Application Server
Related tasks
Implement access control
Modify access control on exist WebSphere Commerce resources
Implement access control in enterprise beans
Implement access control in controller commands
Implement access control in data beans
Implement access control policies in views