Enabling password-protected commands
When the password-protected commands feature is enabled, HCL Commerce requires registered users who are logged onto HCL Commerce to enter their password before continuing a request that runs designated HCL Commerce commands. When you configure password-protected commands, be aware of the consequences of specifying a command that can be run by generic and guest users. Configuring such commands as password-protected will prevent generic and guest customers from running them.
Procedure
- Open the configuration file.
-
Edit the following block:
<PasswordProtectedCmds enabled="true" name="Password Protected Commands" retries="3"> <Command display="false" name="Command1" /> <Command display="false" name="Command2" /> <Command display="false" name="Command3" /> </PasswordProtectedCmds>
where:- PasswordProtectedCmds.enabled
- Specifies whether password-protection is enabled. Possible values are
true
orfalse
. - PasswordProtectedCmds.retries
- The number of times an authenticated user is prompted to login before the user is logged off.
- PasswordProtectedCmds.Command.name
- The action path (defined in Struts configuration files) of the controller command that is to be
password-protected.
For example, if you wanted to password-protect com.ibm.commerce.usermanagement.commands.UserRegistrationUpdateCmd, then you would specify its path, UserRegistrationUpdate, as the value of this attribute: