Scribd Logo
Upload

Welcome to Scribd!

  • Advanced ATG Profile Management

    Uploaded by

    Kate Soglaeff
    266 views43 pages
    This document provides an overview of advanced ATG profile management features including: tracking anonymous and registered users; managing security status and access control; enabling auto-login; using profile markers; and configuring password expiration and hashing. Key points covered include setting properties to store anonymous profiles persistently, comparing security status to control access, inserting custom servlets into the pipeline, and customizing password hashing algorithms and expiration rules.

    Original Description:

    Advanced Profile Management for ATG Developers

    Original Title

    Oracle Commerce ATG: Advanced Profile Management

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document provides an overview of advanced ATG profile management features including: tracking anonymous and registered users; managing security status and access control; enabling auto-login; using profile markers; and configuring password expiration and hashing. Key points covered include setting properties to store anonymous profiles persistently, comparing security status to control access, inserting custom servlets into the pipeline, and customizing password hashing algorithms and expiration rules.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    266 views43 pages

    Advanced ATG Profile Management

    Uploaded by

    Kate Soglaeff
    This document provides an overview of advanced ATG profile management features including: tracking anonymous and registered users; managing security status and access control; enabling auto-login; using profile markers; and configuring password expiration and hashing. Key points covered include setting properties to store anonymous profiles persistently, comparing security status to control access, inserting custom servlets into the pipeline, and customizing password hashing algorithms and expiration rules.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 43

    ADVANCED

    ATG PROFILE
    MANAGEMENT

    Kate
    Soglaeva

    AGENDA

    DAF Servlet Pipeline


    Tracking users
    Security status
    Access control
    Auto login
    Profi le markers
    Password management

    DAF SERVLET
    PIPELINE

    PAGEFILTER
    PageFilter starts the DAF servlet pipeline by calling
    DynamoHandler

    startRequestServletNam
    e

    TRACKING USERS

    USERS

    Users
    anonymo
    us

    registere
    d
    8

    USERS

    Session
    started

    Transient profile
    Transient order

    Registratio
    n

    Persistent profile
    Persistent order
    9

    TRACKING ANONYMOUS USERS

    1.

    Store anonymous users

    # /atg/userprofi ling/Profi leRequestServlet


    persistAfterLogout=true
    persistentAnonymousProfi les=true
    2. Update required properties

    10

    TRACKING REGISTERED USERS


    Set up auto-login

    CookieManager
    sendProfi leCookies=true

    Profi leRequestServlet
    verifyBasicAuthentication=false

    11

    PROFILEREQUESTSERVLET
    creates an instance of
    theatg/userprofiling/Profile
    create a cookie containing theProfileID of the
    current guest user
    Auto-logs in
    maintain persistent
    information:persistentAnonymousProfiles=true

    SECURITY STATUS

    14

    SECURITY STATUS VALUES


    Value Login method used
    0

    Anonymous

    Auto Login by URL parameter

    Auto Login by Cookie

    Login by HTTP basic auth

    Explicit login or registration by http

    Explicit login or registration by https

    Certificate provided

    Group Explanation
    0

    The user is unknown

    1,2

    Auto login. Personalization is fine by restricted access to


    sensitive pages.

    4,5

    Explicit login. Full access

    3,6

    Project specific

    PROFILEREQUEST
    Extract profi le by DYN_USER_ID

    16

    SECURITY STATUS USAGE


    <dsp:droplet name="Compare">
    <dsp:param bean="Profi le.securityStatus" name="obj1"/>
    <dsp:param bean="PropertyManager.securityStatusLogin"
    name="obj2"/>
    <dsp:oparam name="lessthan">
    <!-- send the user to the login form -->
    <dsp:include page="login_form.jsp"></dsp:include>
    </dsp:oparam>
    <dsp:oparam name="default">
    <!-- allow the user to proceed to the protected content
    -->
    <dsp:include
    page="protected_content.jsp" ></dsp:include>
    </dsp:oparam>
    </dsp:droplet>

    17

    AUTHENTICATIONSERVLET
    provides authentication using the Basic HTTP
    authentication mechanism

    ACCESS CONTROL

    19

    21

    ACCESSCONTROLLER

    22

    RULEACCESSCONTROLLER.
    RULESETSERVICE
    <ruleset>
    <accepts>
    <rule op=eq>
    <valueof target="Gender">
    <valueof constant="female">
    </rule>
    </accepts>
    </ruleset>

    23

    PASSWORD
    EXPIRATION

    25

    PASSWORD EXPIRATION
    /atg/userprofi ling/ExpiredPasswordService

    enabled=true
    passwordValidForNumDays=30
    redirectPath=expirePassword.jsp
    /atg/dynamo/servlet/pipeline/ExpiredPasswordServlet

    localUrlsToAllow=/style/css/style1.jsp

    27

    PASSWORD EXPIRATION

    Confidential

    28

    PASSWORD EXPIRATION

    Confidential

    29

    INSERTING SERVLETS
    IN THE PIPELINE

    STEPS TO CREATE PIPELINE SERVLET

    Extendatg.servlet.pipeline.PipelineableServletImpl
    Define global scope component
    Reset the previous servletsnextServletproperty
    Set the new servletsnextServletproperty
    Add the servlet
    to/atg/dynamo/servlet/Initial.initialServices

    PIPELINEBLESERVLET

    INSERTABLESERVLET

    HOW TO USE?
    1. Disable unnecessary servlets
    2. Add new servlets if required
    Ex. Reprice order functionality

    PROFILE MARKERS

    Confidential

    35

    USER PROFILE MARKERS

    PASSWORD

    Confidential

    37

    Confidential

    38

    PASSWORD HASHING
    ATG 10.0
    /atg/userprofi ling/PropertyManager/
    ATG 10.1 /atg/userprofi ling/InternalPropertyManager/

    Confidential

    39

    ATG 10.1 OOTB PASSWORD HASHING


    SHA-256
    algorithm with a random salt, and iteratively rehashes
    the result.

    Confidential

    40

    ATG 10.0 OOTB PASSWORD HASHING


    MD5
    algorithm and then encodes the result using base 16
    encoding

    Confidential

    41

    DISABLE PASSWORD HASHING


    passwords will be stored and compared in clear text

    Confidential

    42

    PASSWORDRULECHECKER

    Confidential

    43

    THANK YOU!
    QUESTIONS?

    You might also like