Add access control to an existing WebSphere Commerce entity bean that is not already protected

If we are using an existing WebSphere Commerce entity bean and your application requires that the bean be protected by access control, we can add this protection.


Task info

The following list provides the high-level steps protect an existing WebSphere Commerce entity bean under the WebSphere Commerce access control system:


Procedure

  1. Open the BeanName.java class. This is the remote interface. Modify this so that it extends the com.ibm.commerce.security.Protectable interface.

  2. If a resource is going to be grouped by an attribute other than its Java class name for the purpose of applying access control policies, the remote interface of the bean must also extend the com.ibm.commerce.grouping.Groupable interface.

  3. Save our changes to the remote interface.

  4. Open the BeanNameBean.java class, where BeanName is the name of the entity bean to which we are adding access control protection.

  5. The enterprise bean class inherits default implementations for the following methods from com.ibm.commerce.base.objects.ECEntityBean:

    • getOwner

    • fulfills

    • getGroupingAttributeValue

    Override any methods that you need. At a minimum, we must override the getOwner method. Refer to Implementing access control in enterprise beans for more information about these methods.

  6. Save our changes. Regenerate the deployed and RMIC code for the bean, as well as the corresponding access bean.


Related concepts
Access control implications when a controller command is extended