Sample: Access control policies for development purposes

The following access control policy samples show you how some basic access control policies can be used in the development environment, so that we can quickly test new resources. They are not designed to be used as-is on a WebSphere Commerce production environment, as they do not provide adequate resource protection.

The following samples are provided:

• Sample: Access control policy for new views
  If we create a new view, we can use the following access control policy so that you will be able to test the new view in the development environment (modify the policy for the environment and load it using the acpload utility).

• Sample: Command-level access control policy for new controller commands
  Controller commands require access control policies in order to meet the requirements of the access control framework. If we create a new controller command, the name of the command's interface is specified as a resource. The following XML snip can be modified for our new command and loaded using the acpload command:

• Sample: Resource-level access control policy for a new entity bean
  The following XML file can act as a template for access control requirements when creating new entity beans. In the case of the following file, the new entity bean is called the Bonus bean, it corresponds to the XBONUS database table, and it gets used by the MyNewControllerCmd controller command. In this access control policy, only the creator of a bonus bean object can perform the MyNewControllerCmd action upon that object.

Related concepts
Understanding access control

Related tasks
Implementing access control
Creating an access control policy
Defining access control policy elements using XML

Related reference
Sample: Command-level access control policy for new controller commands
Sample: Access control policy for new views
Sample: Resource-level access control policy for a new entity bean