Jump to main content
HCL Logo Product Documentation
Customer Support Software Academy Community Forums
WebSphere Commerce Version 8
  • Overview
  • What's new
  • User Guide
  • Reference
  • Other versions
  1. Home
  2. User Guide

    The information contained in this section applies to WebSphere Commerce Version 8. The documentation also applies to all subsequent releases and modifications until otherwise indicated in a newer section.WebSphere Commerce is a single, unified e-commerce platform that offers the ability to do business directly with consumers (B2C), directly with businesses (B2B), and indirectly through channel partners (indirect business models). WebSphere Commerce is designed to be a customizable, scalable, and high availability solution that is built to leverage open standards. It provides easy-to-use tools for business users to centrally manage a cross-channel strategy. Business users can create and manage precision marketing campaigns, promotions, catalog, and merchandising across all sales channels.

  3. Securing

    These topics describe the security features of WebSphere Commerce and how to configure these features.

  4. Enabling WebSphere Application Server security

    You can enable WebSphere Application Server security, which includes two orthogonal components: WebSphere global security and Java 2 security.

  5. Enabling WebSphere global security

    Global security represents the security configuration that is effective for the entire security domain. It includes the configuration of the common user registry, authentication mechanism, Java 2 Platform, Enterprise Edition (J2EE) role-based authorization, the Common Secure Interoperability Version 2 (CSIv2) authentication protocol, and the Secure Sockets Layer (SSL) configuration. In particular, J2EE role-based authorization guards access to Web resources such as servlets, JavaServer Pages (JSP) files, and Enterprise JavaBeans (EJB) methods.

  6. Enabling WebSphere Administrative Security for WebSphere Commerce Developer

    Enabling WebSphere Administrative Security for WebSphere Commerce Developer assures an effective security domain for your WebSphere Commerce Developer environment. You can set up security using the local operating system as the user registry, or with a file-based user registry.

  • User Guide

    The information contained in this section applies to WebSphere Commerce Version 8. The documentation also applies to all subsequent releases and modifications until otherwise indicated in a newer section.WebSphere Commerce is a single, unified e-commerce platform that offers the ability to do business directly with consumers (B2C), directly with businesses (B2B), and indirectly through channel partners (indirect business models). WebSphere Commerce is designed to be a customizable, scalable, and high availability solution that is built to leverage open standards. It provides easy-to-use tools for business users to centrally manage a cross-channel strategy. Business users can create and manage precision marketing campaigns, promotions, catalog, and merchandising across all sales channels.

    • Planning

      Creating a custom implementation of a WebSphere Commerce store requires a significant amount of planning. From gathering client needs, to deploying the live solution, much work is needed to successfully deploy a custom client store. Use the resources in here to help you plan every phase of store creation.

    • Installing

      Review the following sections for information about installing the WebSphere Commerce product, associated maintenance, and WebSphere Commerce enhancements.

    • Migrating

      Before you migrate to WebSphere Commerce Version 8.0, review this information to help plan and execute your migration.

    • Deploying

      The topics in this section describe how to publish stores to either a test or production environment, and how to deploy customized code.

    • Operating
    • Integrating

      Topics in the Integrating category highlight the tasks that are commonly performed for using WebSphere Commerce in combination with other products.

    • Administering
    • Tutorials

      WebSphere Commerce provides many tutorials to help you customize and understand your WebSphere Commerce instance and stores.

    • Samples
    • Developing

      The topics in the Developing section describe tasks performed by an application developer.

    • Compliance

      The following section describes how you can leverage WebSphere Commerce features and functionality to help your site be compliant with different privacy and security standards.

    • Securing

      These topics describe the security features of WebSphere Commerce and how to configure these features.

      • WebSphere Commerce security model

        Authentication is the process of verifying that users or applications are who they claim to be. In a WebSphere Commerce system, authentication is required for all users and applications that access the system, except for guest customers.

      • WebSphere Commerce authentication model

        The WebSphere Commerce authentication model is based on the following concepts: challenge mechanisms, authentication mechanisms and user registries.

      • Authorization

        WebSphere Commerce views access control or authorization as the process of verifying that users or applications have sufficient authority to access a resource. This section describes the details of several aspects of WebSphere Commerce access control.

      • Security standards

        Some main security standards are: NIST SP 800-131A, FIPS 140-2 and PCI.

      • Security bulletins

        WebSphere Commerce releases security bulletins for APARs that address issues that are considered to be security vulnerabilities. These bulletins provide security risk assessment information to help you assess if a particular issue might impact your organization.

      • Security fixes

        The following WebSphere Commerce releases contain security fixes for defects that are considered to be security vulnerabilities. The following details provide security risk assessment information to help you assess if a particular issue might impact your organization.

      • Hardening site security checklist

        To harden the security of your WebSphere Commerce site, you can enable and configure various security features. In addition, site customizations must always be made to comply with best practices as outlined in this document.

      • Site security considerations

        To enhance the security of your WebSphere Commerce site, you can enable various features in Configuration Manager and the Administration Console.

      • Session management

        Browsers and e-commerce sites use HTTP to communicate. HTTP is a stateless protocol, which means that each command is run independently without any knowledge of the commands that came before it. Because it is a stateless protocol, sessions must be managed between the browser side and the server side.

      • Quick reference to user IDs, passwords, and Web addresses

        Administration in the WebSphere Commerce environment requires a variety of user IDs. These user IDs along with their requisite authorities are described in the following list. For the WebSphere Commerce user IDs, the default passwords are identified.

      • Enabling WebSphere Application Server security

        You can enable WebSphere Application Server security, which includes two orthogonal components: WebSphere global security and Java 2 security.

        • Updating the WebSphere Commerce configuration with your WebSphere Application Server administrative security credentials

          WebSphere Commerce must know your WebSphere Application Server administrative security (global security) user ID and password in order to successfully complete automated configuration and deployment tasks. When you change your WebSphere Application Server administrative security (global security) user ID or password, you must store the updates in the WebSphere Commerce configuration.

        • Enabling WebSphere global security

          Global security represents the security configuration that is effective for the entire security domain. It includes the configuration of the common user registry, authentication mechanism, Java 2 Platform, Enterprise Edition (J2EE) role-based authorization, the Common Secure Interoperability Version 2 (CSIv2) authentication protocol, and the Secure Sockets Layer (SSL) configuration. In particular, J2EE role-based authorization guards access to Web resources such as servlets, JavaServer Pages (JSP) files, and Enterprise JavaBeans (EJB) methods.

          • Enabling security with federated repositories

            To use WebSphere Commerce with LDAP, you must configure WebSphere Application Server Administrative Security with Federated Repositories.

          • ... WebSphere file-based user registry only

            You can enable WebSphere global security by using only the WebSphere Application Server file based user registry.

          • ... with an operating system user registry

            WebSphere Application Server global security can be configured to use the operating system user registry as its user registry.

          • Enabling WebSphere Administrative Security for WebSphere Commerce Developer

            Enabling WebSphere Administrative Security for WebSphere Commerce Developer assures an effective security domain for your WebSphere Commerce Developer environment. You can set up security using the local operating system as the user registry, or with a file-based user registry.

        • Enabling Java 2 security

          WebSphere Commerce supports Java 2 security. It is disabled by default, but enabled automatically when you enable WebSphere global security. You can, however, choose to disable Java 2 security when you enable WebSphere global security and generally configure Java 2 security and WebSphere global security independently of one another.

        • Configuring security for the Dynamic Cache Monitor
        • Disabling WebSphere Application Server application security

          You can disable WebSphere Application Server application security.

        • Disabling WebSphere Application Server global security

          You can disable WebSphere Application Server global security.

    • Performance
    • Troubleshooting

Enabling WebSphere Administrative Security for WebSphere Commerce Developer

Enabling WebSphere Administrative Security for WebSphere Commerce Developer assures an effective security domain for your WebSphere Commerce Developer environment. You can set up security using the local operating system as the user registry, or with a file-based user registry.

Procedure

  • Enabling security with an operating system user registry.
  • Enabling security with a WebSphere file-based user registry only.
  • Share: Email
  • Twitter
  • Disclaimer
  • Privacy
  • Terms of use
  • Cookie Preferences