Business Object thresholds
Applying limits on business operations reduces the risk of system attacks where unbound conditions might result in system failures.
Business Object thresholds can be reached by internal users, business users, and customers. The
threshold conditions can occur in:
- Storefront operational data, such as order items and search criteria.
- Internal tools that access operational data.
The most unpredictable and uncontrollable type of system access are the actions of storefront customers. Therefore, most detection scenarios involve targeting customer interactions within the storefront.
WebSphere Commerce uses the following methodology to detect and handle a storefront threshold scenario:
- Each service component can have one or more business thresholds defined in a component configuration file, accessed using the ConfigurationFactory API.
- Before executing the actual business logic for the identified service, the responsible component
must first detect if executing the requested command results in exceeding the component's threshold.
- If the requested command satisfies the validation, it proceeds to be executed.
- Otherwise, the responsible component must determine the appropriate method to handle this situation for the customer. For example, a customer tries to add one more item to the shopping cart that is already at the threshold limit. The OrderItemAdd command, or the Order add to cart service request fails and prompts customer that the maximum shopping cart size has been reached. The shopper can proceed with the checkout flow of the order. However, any additional items must be purchased using a separate order. For example, if the customer is over the threshold limit by one item, the second order simply contains the one item left out of the first order.
- When a condition is detected, the responsible component logs the event to the console, for example, SystemOut.log. It is logged as a warning message and contains enough information for support to further diagnose and trace the problem.
Depending on each component's business requirements, different business thresholds can be introduced. The values of these thresholds are contained in a component registry configuration file. Each service module can have as many business thresholds as necessary. A system administrator can modify the threshold values after deployment when business requirements change.