Jump to main content
HCL Logo Product Documentation
Customer Support Software Academy Community Forums
IBM WebSphere Commerce V7
  • Product overview
  • WebSphere Commerce search
  • Precision marketing
  • What's new
  • User Guide
  • Reference
  • Other versions
  1. Home
  2. User Guide

    The information contained in this section applies to IBM WebSphere Commerce Version 7.0.0.9 and Feautre Pack 8. The documentation also applies to all subsequent releases and modifications until otherwise indicated in new editions.

  3. Securing

    These topics describe the security features of WebSphere Commerce and how to configure these features.

  4. Enabling WebSphere Application Server security

    You can enable WebSphere Application Server security, which includes two orthogonal components: WebSphere global security and Java 2 security.

  5. Enabling WebSphere global security

    Global security represents the security configuration that is effective for the entire security domain. It includes the configuration of the common user registry, authentication mechanism, Java 2 Platform, Enterprise Edition (J2EE) role-based authorization, the Common Secure Interoperability Version 2 (CSIv2) authentication protocol, and the Secure Sockets Layer (SSL) configuration. In particular, J2EE role-based authorization guards access to Web resources such as servlets, JavaServer Pages (JSP) files, and Enterprise JavaBeans (EJB) methods.

  6. Enabling WebSphere Administrative Security for WebSphere Commerce Developer

    Enabling WebSphere Administrative Security for WebSphere Commerce Developer assures an effective security domain for your WebSphere Commerce Developer environment. You can set up security using the local operating system as the user registry, or with a file-based user registry.

  • User Guide

    The information contained in this section applies to IBM WebSphere Commerce Version 7.0.0.9 and Feautre Pack 8. The documentation also applies to all subsequent releases and modifications until otherwise indicated in new editions.

    • Planning

      Creating a custom implementation of a WebSphere Commerce store requires a significant amount of planning. From gathering client needs, to deploying the live solution, much work is needed to successfully deploy a custom client store. Use the resources in here to help you plan every phase of store creation.

    • Installing

      Review this section for information about installing the WebSphere Commerce product, associated maintenance, and WebSphere Commerce enhancements.

    • Migrating

      Before you migrate WebSphere Commerce, review this information for an overview of the migration process.

    • Operating
    • Administering
    • Tutorials

      WebSphere Commerce provides many tutorials.

    • Samples
    • Developing

      The topics in the Developing section describe tasks performed by an application developer.

    • Compliance

      The following section describes how you can leverage WebSphere Commerce features and functionality to help your site be compliant with different privacy and security standards.

    • Securing

      These topics describe the security features of WebSphere Commerce and how to configure these features.

      • WebSphere Commerce security model

        Authentication is the process of verifying that users or applications are who they claim to be. In a WebSphere Commerce system, authentication is required for all users and applications that access the system, except for guest customers.

      • WebSphere Commerce authentication model

        The WebSphere Commerce authentication model is based on the following concepts: challenge mechanisms, authentication mechanisms and user registries.

      • Authorization

        WebSphere Commerce views access control or authorization as the process of verifying that users or applications have sufficient authority to access a resource. This section describes the details of several aspects of WebSphere Commerce access control.

      • Security Standards

      • WebSphere Commerce Security Bulletin List

        The following table is provided to help you locate WebSphere Commerce security bulletins.

      • Hardening site security checklist

      • Site security considerations

        To enhance the security of your WebSphere Commerce site, you can enable various features in Configuration Manager and the Administration Console.

      • Session management

        Browsers and e-commerce sites use HTTP to communicate. HTTP is a stateless protocol, which means that each command is run independently without any knowledge of the commands that came before it. Because it is a stateless protocol, there must be a way to manage sessions between the browser side and the server side.

      • Quick reference to user IDs, passwords, and Web addresses

        Administration in the WebSphere Commerce environment requires a variety of user IDs. These user IDs along with their requisite authorities are described in the following list. For the WebSphere Commerce user IDs, the default passwords are identified.

      • Enabling WebSphere Application Server security

        You can enable WebSphere Application Server security, which includes two orthogonal components: WebSphere global security and Java 2 security.

        • Updating the WebSphere Commerce configuration with your WebSphere Application Server administrative security credentials

          WebSphere Commerce must know your WebSphere Application Server administrative security (global security) user ID and password in order to successfully complete automated configuration and deployment tasks. When you change your WebSphere Application Server administrative security (global security) user ID or password, you must store the updates in the WebSphere Commerce configuration.

        • Enabling WebSphere global security

          Global security represents the security configuration that is effective for the entire security domain. It includes the configuration of the common user registry, authentication mechanism, Java 2 Platform, Enterprise Edition (J2EE) role-based authorization, the Common Secure Interoperability Version 2 (CSIv2) authentication protocol, and the Secure Sockets Layer (SSL) configuration. In particular, J2EE role-based authorization guards access to Web resources such as servlets, JavaServer Pages (JSP) files, and Enterprise JavaBeans (EJB) methods.

          • Enabling security with federated repositories

            To use WebSphere Commerce with LDAP, you must configure WebSphere Application Server Administrative Security with Federated Repositories. The WebSphere Commerce Integration Wizard does the configuration for you. The federated repositories consist of one or more LDAP servers and a built-in, file-based repository.

          • ... WebSphere file-based user registry only

            You can enable WebSphere global security by using only the WebSphere Application Server file based user registry.

          • ... with an operating system user registry

            WebSphere Application Server global security can be configured to use the operating system user registry as its user registry.

          • Enabling WebSphere Administrative Security for WebSphere Commerce Developer

            Enabling WebSphere Administrative Security for WebSphere Commerce Developer assures an effective security domain for your WebSphere Commerce Developer environment. You can set up security using the local operating system as the user registry, or with a file-based user registry.

        • Enabling Java 2 security

          WebSphere Commerce supports Java 2 security. It is disabled by default, but enabled automatically when you enable WebSphere global security. You can, however, choose to disable Java 2 security when you enable WebSphere global security and generally configure Java 2 security and WebSphere global security independently of one another.

        • Disabling WebSphere Application Server security

          You can disable WebSphere Application Server global security and application security.

        • Disabling WebSphere Application Server application security

          You can disable WebSphere Application Server application security.

        • Configuring security for the Dynamic Cache Monitor
        • Disabling WebSphere Application Server global security

          You can disable WebSphere Application Server global security.

    • Performance
    • Troubleshooting

Enabling WebSphere Administrative Security for WebSphere Commerce Developer

Enabling WebSphere Administrative Security for WebSphere Commerce Developer assures an effective security domain for your WebSphere Commerce Developer environment. You can set up security using the local operating system as the user registry, or with a file-based user registry.

Procedure

  • Enabling security with an operating system user registry.
  • Enabling security with a WebSphere file-based user registry only.
  • Share: Email
  • Twitter
  • Disclaimer
  • Privacy
  • Terms of use
  • Cookie Preferences