Your SlideShare is downloading. ×
ATG Advanced Profile Management
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

ATG Advanced Profile Management

997

Published on

ATG Advanced Profile Management: …

ATG Advanced Profile Management:
-DAF Servlet Pipeline
-Tracking users
-Security status
-Access control
-Auto login
-Profile markers
-Password management

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
997
On Slideshare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
70
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Kate Soglaeva ADVANCED ATG PROFILE MANAGEMENT
  • 2.  DAF Servlet Pipeline  Tracking users  Security status  Access control  Auto login  Profile markers  Password management AGENDA
  • 3. DAF SERVLET PIPELINE
  • 4.  PageFilter starts the DAF servlet pipeline by calling DynamoHandler PAGEFILTER
  • 5. startRequestServletName
  • 6. TRACKING USERS
  • 7. Users anonymous registered USERS 8
  • 8. •Transient profile •Transient order Session started •Persistent profile •Persistent order Registration USERS 9
  • 9. 1. Store anonymous users # /atg/userprofiling/ProfileRequestServlet persistAfterLogout=true persistentAnonymousProfiles=true 2. Update required properties TRACKING ANONYMOUS USERS 10
  • 10. Set up auto-login CookieManager  sendProfileCookies=true ProfileRequestServlet  verifyBasicAuthentication=false TRACKING REGISTERED USERS 11
  • 11. PROFILEREQUESTSERVLET creates an instance of the atg/userprofiling/Profile create a cookie containing the Profile ID of the current guest user Auto-logs in maintain persistent information: persistentAnonymousProfiles=true
  • 12. 14 SECURITY STATUS
  • 13. Value Login method used 0 Anonymous 1 Auto Login by URL parameter 2 Auto Login by Cookie 3 Login by HTTP basic auth 4 Explicit login or registration by http 5 Explicit login or registration by https 6 Certificate provided Group Explanation 0 The user is unknown 1,2 Auto login. Personalization is fine by restricted access to sensitive pages. 4,5 Explicit login. Full access 3,6 Project specific SECURITY STATUS VALUES
  • 14.  Extract profile by DYN_USER_ID PROFILEREQUEST 16
  • 15. <dsp:droplet name="Compare"> <dsp:param bean="Profile.securityStatus" name="obj1"/> <dsp:param bean="PropertyManager.securityStatusLogin" name="obj2"/> <dsp:oparam name="lessthan"> <!-- send the user to the login form --> <dsp:include page="login_form.jsp"></dsp:include> </dsp:oparam> <dsp:oparam name="default"> <!-- allow the user to proceed to the protected content --> <dsp:include page="protected_content.jsp"></dsp:include> </dsp:oparam> </dsp:droplet> SECURITY STATUS USAGE 17
  • 16.  provides authentication using the Basic HTTP authentication mechanism AUTHENTICATIONSERVLET
  • 17. 19 ACCESS CONTROL
  • 18. 21
  • 19. ACCESSCONTROLLER 22
  • 20. <ruleset> <accepts> <rule op=eq> <valueof target="Gender"> <valueof constant="female"> </rule> </accepts> </ruleset> RULEACCESSCONTROLLER. RULESETSERVICE 23
  • 21. 25 PASSWORD EXPIRATION
  • 22. /atg/userprofiling/ExpiredPasswordService enabled=true passwordValidForNumDays=30 redirectPath=expirePassword.jsp /atg/dynamo/servlet/pipeline/ExpiredPasswordServlet localUrlsToAllow=/style/css/style1.jsp PASSWORD EXPIRATION 27
  • 23. PASSWORD EXPIRATION Confidential 28
  • 24. PASSWORD EXPIRATION Confidential 29
  • 25. INSERTING SERVLETS IN THE PIPELINE
  • 26. STEPS TO CREATE PIPELINE SERVLET Add the servlet to /atg/dynamo/servlet/Initial.initialServices Set the new servlet’s nextServlet property Reset the previous servlet’s nextServlet property Define global scope component Extend atg.servlet.pipeline.PipelineableServletImpl
  • 27. PIPELINEBLESERVLET
  • 28. INSERTABLESERVLET
  • 29. 1. Disable unnecessary servlets 2. Add new servlets if required Ex. Reprice order functionality HOW TO USE?
  • 30. 35Confidential PROFILE MARKERS
  • 31. USER PROFILE MARKERS
  • 32. 37Confidential PASSWORD
  • 33. Confidential 38
  • 34.  ATG 10.0 /atg/userprofiling/PropertyManager/  ATG 10.1 /atg/userprofiling/InternalPropertyManager/ PASSWORD HASHING Confidential 39
  • 35.  SHA-256 algorithm with a random salt, and iteratively rehashes the result. ATG 10.1 OOTB PASSWORD HASHING Confidential 40
  • 36.  MD5 algorithm and then encodes the result using base 16 encoding ATG 10.0 OOTB PASSWORD HASHING Confidential 41
  • 37.  passwords will be stored and compared in clear text DISABLE PASSWORD HASHING Confidential 42
  • 38. PASSWORDRULECHECKER Confidential 43
  • 39. THANK YOU! QUESTIONS?

×