Enabling password-protected commands
When the password-protected commands feature is enabled, HCL Commerce requires registered users who are logged onto HCL Commerce to enter their password before continuing a request that runs designated HCL Commerce commands. When you configure password-protected commands, be aware of the consequences of specifying a command that can be run by generic and guest users. Configuring such commands as password-protected will prevent generic and guest customers from running them.
Procedure
- Open the configuration file.
-
Edit the following block:
<PasswordProtectedCmds enabled="true" name="Password Protected Commands" retries="3"> <Command display="false" name="Command1" /> <Command display="false" name="Command2" /> <Command display="false" name="Command3" /> </PasswordProtectedCmds>
where:- PasswordProtectedCmds.enabled
- Specifies whether password-protection is enabled. Possible values are
true
orfalse
. - PasswordProtectedCmds.retries
- The number of times an authenticated user is prompted to login before the user is logged off.
- PasswordProtectedCmds.Command.name
- The action path (defined in Struts configuration files) of the controller command that is to be
password-protected.
For example, if you wanted to password-protect com.ibm.commerce.usermanagement.commands.UserRegistrationUpdateCmd, then you would specify its path, UserRegistrationUpdate, as the value of this attribute:
Struts configuration files For Version 9.0.0.x:<action parameter="com.ibm.commerce.usermanagement.commands.UserRegistrationUpdateCmd" path="/UserRegistrationUpdate" type="com.ibm.commerce.struts.BaseAction"> <set-property property="authenticate" value="0:0"/> <set-property property="https" value="0:1"/> </action>
For Version 9.0.1+:<action class="com.ibm.commerce.struts.v2.BaseAction" name="UserRegistrationUpdate"> <param name="authenticate">0:0</param> <param name="https">0:1</param> <param name="parameter">com.ibm.commerce.usermanagement.commands.UserRegistrationUpdateCmd</param> </action>
HCL Commerce configuration file <PasswordProtectedCmds enabled="true" name="Password Protected Commands" retries="3" > <Command display="false" name="UserRegistrationUpdate" /> </PasswordProtectedCmds>