Oracle Commerce ATG: Advanced Profile Management
-
Upload
kate-soglaeff -
Category
Documents
-
view
57 -
download
6
description
Transcript of Oracle Commerce ATG: Advanced Profile Management
![Page 1: Oracle Commerce ATG: Advanced Profile Management](https://reader034.fdocuments.net/reader034/viewer/2022042504/55cf925a550346f57b95c047/html5/thumbnails/1.jpg)
Kate Soglaeva
ADVANCED ATG PROFILE
MANAGEMENT
![Page 2: Oracle Commerce ATG: Advanced Profile Management](https://reader034.fdocuments.net/reader034/viewer/2022042504/55cf925a550346f57b95c047/html5/thumbnails/2.jpg)
DAF Servlet Pipeline Tracking users Security status Access control Auto login Profile markers Password management
AGENDA
![Page 3: Oracle Commerce ATG: Advanced Profile Management](https://reader034.fdocuments.net/reader034/viewer/2022042504/55cf925a550346f57b95c047/html5/thumbnails/3.jpg)
DAF SERVLET PIPELINE
![Page 4: Oracle Commerce ATG: Advanced Profile Management](https://reader034.fdocuments.net/reader034/viewer/2022042504/55cf925a550346f57b95c047/html5/thumbnails/4.jpg)
![Page 5: Oracle Commerce ATG: Advanced Profile Management](https://reader034.fdocuments.net/reader034/viewer/2022042504/55cf925a550346f57b95c047/html5/thumbnails/5.jpg)
PageFilter starts the DAF servlet pipeline by calling DynamoHandler
PAGEFILTER
![Page 6: Oracle Commerce ATG: Advanced Profile Management](https://reader034.fdocuments.net/reader034/viewer/2022042504/55cf925a550346f57b95c047/html5/thumbnails/6.jpg)
startRequestServletName
![Page 7: Oracle Commerce ATG: Advanced Profile Management](https://reader034.fdocuments.net/reader034/viewer/2022042504/55cf925a550346f57b95c047/html5/thumbnails/7.jpg)
TRACKING USERS
![Page 8: Oracle Commerce ATG: Advanced Profile Management](https://reader034.fdocuments.net/reader034/viewer/2022042504/55cf925a550346f57b95c047/html5/thumbnails/8.jpg)
8
Users
anonymous
registered
USERS
![Page 9: Oracle Commerce ATG: Advanced Profile Management](https://reader034.fdocuments.net/reader034/viewer/2022042504/55cf925a550346f57b95c047/html5/thumbnails/9.jpg)
9
•Transient profile
•Transient order
Session started
•Persistent profile
•Persistent order
Registration
USERS
![Page 10: Oracle Commerce ATG: Advanced Profile Management](https://reader034.fdocuments.net/reader034/viewer/2022042504/55cf925a550346f57b95c047/html5/thumbnails/10.jpg)
10
1. Store anonymous users
# /atg/userprofiling/ProfileRequestServletpersistAft erLogout=truepersistentAnonymousProfiles=true
2. Update required properties
TRACKING ANONYMOUS USERS
![Page 11: Oracle Commerce ATG: Advanced Profile Management](https://reader034.fdocuments.net/reader034/viewer/2022042504/55cf925a550346f57b95c047/html5/thumbnails/11.jpg)
11
Set up auto-login
CookieManager sendProfi leCookies=true
ProfileRequestServlet verifyBasicAuthentication=false
TRACKING REGISTERED USERS
![Page 12: Oracle Commerce ATG: Advanced Profile Management](https://reader034.fdocuments.net/reader034/viewer/2022042504/55cf925a550346f57b95c047/html5/thumbnails/12.jpg)
![Page 13: Oracle Commerce ATG: Advanced Profile Management](https://reader034.fdocuments.net/reader034/viewer/2022042504/55cf925a550346f57b95c047/html5/thumbnails/13.jpg)
PROFILEREQUESTSERVLET
creates an instance of the atg/userprofiling/Profile
create a cookie containing the Profile ID of the current guest user
Auto-logs in
maintain persistent information: persistentAnonymousProfiles=true
![Page 14: Oracle Commerce ATG: Advanced Profile Management](https://reader034.fdocuments.net/reader034/viewer/2022042504/55cf925a550346f57b95c047/html5/thumbnails/14.jpg)
14
SECURITY STATUS
![Page 15: Oracle Commerce ATG: Advanced Profile Management](https://reader034.fdocuments.net/reader034/viewer/2022042504/55cf925a550346f57b95c047/html5/thumbnails/15.jpg)
Value Login method used
0 Anonymous
1 Auto Login by URL parameter
2 Auto Login by Cookie
3 Login by HTTP basic auth
4 Explicit login or registration by http
5 Explicit login or registration by https
6 Certificate provided
Group Explanation
0 The user is unknown
1,2 Auto login. Personalization is fine by restricted access to sensitive pages.
4,5 Explicit login. Full access
3,6 Project specific
SECURITY STATUS VALUES
![Page 16: Oracle Commerce ATG: Advanced Profile Management](https://reader034.fdocuments.net/reader034/viewer/2022042504/55cf925a550346f57b95c047/html5/thumbnails/16.jpg)
16
Extract profi le by DYN_USER_ID
PROFILEREQUEST
![Page 17: Oracle Commerce ATG: Advanced Profile Management](https://reader034.fdocuments.net/reader034/viewer/2022042504/55cf925a550346f57b95c047/html5/thumbnails/17.jpg)
17
<dsp:droplet name="Compare">
<dsp:param bean="Profi le.securityStatus" name="obj1"/>
<dsp:param bean="PropertyManager.securityStatusLogin" name="obj2"/>
<dsp:oparam name="lessthan">
<!-- send the user to the login form -->
<dsp:include page="login_form.jsp"></dsp:include>
</dsp:oparam>
<dsp:oparam name="default">
<!-- allow the user to proceed to the protected content -->
<dsp:include page="protected_content.jsp"></dsp:include>
</dsp:oparam>
</dsp:droplet>
SECURITY STATUS USAGE
![Page 18: Oracle Commerce ATG: Advanced Profile Management](https://reader034.fdocuments.net/reader034/viewer/2022042504/55cf925a550346f57b95c047/html5/thumbnails/18.jpg)
provides authentication using the Basic HTTP authentication mechanism
AUTHENTICATIONSERVLET
![Page 19: Oracle Commerce ATG: Advanced Profile Management](https://reader034.fdocuments.net/reader034/viewer/2022042504/55cf925a550346f57b95c047/html5/thumbnails/19.jpg)
19
ACCESS CONTROL
![Page 20: Oracle Commerce ATG: Advanced Profile Management](https://reader034.fdocuments.net/reader034/viewer/2022042504/55cf925a550346f57b95c047/html5/thumbnails/20.jpg)
![Page 21: Oracle Commerce ATG: Advanced Profile Management](https://reader034.fdocuments.net/reader034/viewer/2022042504/55cf925a550346f57b95c047/html5/thumbnails/21.jpg)
21
![Page 22: Oracle Commerce ATG: Advanced Profile Management](https://reader034.fdocuments.net/reader034/viewer/2022042504/55cf925a550346f57b95c047/html5/thumbnails/22.jpg)
22
ACCESSCONTROLLER
![Page 23: Oracle Commerce ATG: Advanced Profile Management](https://reader034.fdocuments.net/reader034/viewer/2022042504/55cf925a550346f57b95c047/html5/thumbnails/23.jpg)
23
<ruleset> <accepts> <rule op=eq> <valueof target="Gender"> <valueof constant="female"> </rule> </accepts></ruleset>
RULEACCESSCONTROLLER. RULESETSERVICE
![Page 24: Oracle Commerce ATG: Advanced Profile Management](https://reader034.fdocuments.net/reader034/viewer/2022042504/55cf925a550346f57b95c047/html5/thumbnails/24.jpg)
25
PASSWORD EXPIRATION
![Page 25: Oracle Commerce ATG: Advanced Profile Management](https://reader034.fdocuments.net/reader034/viewer/2022042504/55cf925a550346f57b95c047/html5/thumbnails/25.jpg)
![Page 26: Oracle Commerce ATG: Advanced Profile Management](https://reader034.fdocuments.net/reader034/viewer/2022042504/55cf925a550346f57b95c047/html5/thumbnails/26.jpg)
27
/atg/userprofi ling/ExpiredPasswordService
enabled=true
passwordValidForNumDays=30
redirectPath=expirePassword.jsp
/atg/dynamo/servlet/pipeline/ExpiredPasswordServlet
localUrlsToAllow=/style/css/style1.jsp
PASSWORD EXPIRATION
![Page 27: Oracle Commerce ATG: Advanced Profile Management](https://reader034.fdocuments.net/reader034/viewer/2022042504/55cf925a550346f57b95c047/html5/thumbnails/27.jpg)
Confidential 28
PASSWORD EXPIRATION
![Page 28: Oracle Commerce ATG: Advanced Profile Management](https://reader034.fdocuments.net/reader034/viewer/2022042504/55cf925a550346f57b95c047/html5/thumbnails/28.jpg)
Confidential 29
PASSWORD EXPIRATION
![Page 29: Oracle Commerce ATG: Advanced Profile Management](https://reader034.fdocuments.net/reader034/viewer/2022042504/55cf925a550346f57b95c047/html5/thumbnails/29.jpg)
INSERTING SERVLETS IN THE PIPELINE
![Page 30: Oracle Commerce ATG: Advanced Profile Management](https://reader034.fdocuments.net/reader034/viewer/2022042504/55cf925a550346f57b95c047/html5/thumbnails/30.jpg)
STEPS TO CREATE PIPELINE SERVLET
Add the servlet to /atg/dynamo/servlet/Initial.initialServices
Set the new servlet’s nextServlet property
Reset the previous servlet’s nextServlet property
Define global scope component
Extend atg.servlet.pipeline.PipelineableServletImpl
![Page 31: Oracle Commerce ATG: Advanced Profile Management](https://reader034.fdocuments.net/reader034/viewer/2022042504/55cf925a550346f57b95c047/html5/thumbnails/31.jpg)
PIPELINEBLESERVLET
![Page 32: Oracle Commerce ATG: Advanced Profile Management](https://reader034.fdocuments.net/reader034/viewer/2022042504/55cf925a550346f57b95c047/html5/thumbnails/32.jpg)
INSERTABLESERVLET
![Page 33: Oracle Commerce ATG: Advanced Profile Management](https://reader034.fdocuments.net/reader034/viewer/2022042504/55cf925a550346f57b95c047/html5/thumbnails/33.jpg)
1. Disable unnecessary servlets2. Add new servlets if required
Ex. Reprice order functionality
HOW TO USE?
![Page 34: Oracle Commerce ATG: Advanced Profile Management](https://reader034.fdocuments.net/reader034/viewer/2022042504/55cf925a550346f57b95c047/html5/thumbnails/34.jpg)
35Confidential
PROFILE MARKERS
![Page 35: Oracle Commerce ATG: Advanced Profile Management](https://reader034.fdocuments.net/reader034/viewer/2022042504/55cf925a550346f57b95c047/html5/thumbnails/35.jpg)
USER PROFILE MARKERS
![Page 36: Oracle Commerce ATG: Advanced Profile Management](https://reader034.fdocuments.net/reader034/viewer/2022042504/55cf925a550346f57b95c047/html5/thumbnails/36.jpg)
37Confidential
PASSWORD
![Page 37: Oracle Commerce ATG: Advanced Profile Management](https://reader034.fdocuments.net/reader034/viewer/2022042504/55cf925a550346f57b95c047/html5/thumbnails/37.jpg)
Confidential 38
![Page 38: Oracle Commerce ATG: Advanced Profile Management](https://reader034.fdocuments.net/reader034/viewer/2022042504/55cf925a550346f57b95c047/html5/thumbnails/38.jpg)
Confidential 39
ATG 10.0 /atg/userprofi ling/PropertyManager/
ATG 10.1 /atg/userprofi ling/InternalPropertyManager/
PASSWORD HASHING
![Page 39: Oracle Commerce ATG: Advanced Profile Management](https://reader034.fdocuments.net/reader034/viewer/2022042504/55cf925a550346f57b95c047/html5/thumbnails/39.jpg)
Confidential 40
SHA-256 algorithm with a random salt, and iteratively rehashes the result.
ATG 10.1 OOTB PASSWORD HASHING
![Page 40: Oracle Commerce ATG: Advanced Profile Management](https://reader034.fdocuments.net/reader034/viewer/2022042504/55cf925a550346f57b95c047/html5/thumbnails/40.jpg)
Confidential 41
MD5 algorithm and then encodes the result using base 16 encoding
ATG 10.0 OOTB PASSWORD HASHING
![Page 41: Oracle Commerce ATG: Advanced Profile Management](https://reader034.fdocuments.net/reader034/viewer/2022042504/55cf925a550346f57b95c047/html5/thumbnails/41.jpg)
Confidential 42
passwords will be stored and compared in clear text
DISABLE PASSWORD HASHING
![Page 42: Oracle Commerce ATG: Advanced Profile Management](https://reader034.fdocuments.net/reader034/viewer/2022042504/55cf925a550346f57b95c047/html5/thumbnails/42.jpg)
Confidential 43
PASSWORDRULECHECKER
![Page 43: Oracle Commerce ATG: Advanced Profile Management](https://reader034.fdocuments.net/reader034/viewer/2022042504/55cf925a550346f57b95c047/html5/thumbnails/43.jpg)
THANK YOU!QUESTIONS?