ATG Advanced Profile Management
Upcoming SlideShare
Loading in...5
×
 

ATG Advanced Profile Management

on

  • 290 views

ATG Advanced Profile Management: ...

ATG Advanced Profile Management:
-DAF Servlet Pipeline
-Tracking users
-Security status
-Access control
-Auto login
-Profile markers
-Password management

Statistics

Views

Total Views
290
Views on SlideShare
275
Embed Views
15

Actions

Likes
0
Downloads
8
Comments
0

3 Embeds 15

http://www.slideee.com 13
https://www.linkedin.com 1
http://www.linkedin.com 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

ATG Advanced Profile Management ATG Advanced Profile Management Presentation Transcript

  • Kate Soglaeva ADVANCED ATG PROFILE MANAGEMENT
  •  DAF Servlet Pipeline  Tracking users  Security status  Access control  Auto login  Profile markers  Password management AGENDA
  • DAF SERVLET PIPELINE
  •  PageFilter starts the DAF servlet pipeline by calling DynamoHandler PAGEFILTER
  • startRequestServletName
  • TRACKING USERS
  • Users anonymous registered USERS 8
  • •Transient profile •Transient order Session started •Persistent profile •Persistent order Registration USERS 9
  • 1. Store anonymous users # /atg/userprofiling/ProfileRequestServlet persistAfterLogout=true persistentAnonymousProfiles=true 2. Update required properties TRACKING ANONYMOUS USERS 10
  • Set up auto-login CookieManager  sendProfileCookies=true ProfileRequestServlet  verifyBasicAuthentication=false TRACKING REGISTERED USERS 11
  • PROFILEREQUESTSERVLET creates an instance of the atg/userprofiling/Profile create a cookie containing the Profile ID of the current guest user Auto-logs in maintain persistent information: persistentAnonymousProfiles=true
  • 14 SECURITY STATUS
  • Value Login method used 0 Anonymous 1 Auto Login by URL parameter 2 Auto Login by Cookie 3 Login by HTTP basic auth 4 Explicit login or registration by http 5 Explicit login or registration by https 6 Certificate provided Group Explanation 0 The user is unknown 1,2 Auto login. Personalization is fine by restricted access to sensitive pages. 4,5 Explicit login. Full access 3,6 Project specific SECURITY STATUS VALUES
  •  Extract profile by DYN_USER_ID PROFILEREQUEST 16
  • <dsp:droplet name="Compare"> <dsp:param bean="Profile.securityStatus" name="obj1"/> <dsp:param bean="PropertyManager.securityStatusLogin" name="obj2"/> <dsp:oparam name="lessthan"> <!-- send the user to the login form --> <dsp:include page="login_form.jsp"></dsp:include> </dsp:oparam> <dsp:oparam name="default"> <!-- allow the user to proceed to the protected content --> <dsp:include page="protected_content.jsp"></dsp:include> </dsp:oparam> </dsp:droplet> SECURITY STATUS USAGE 17
  •  provides authentication using the Basic HTTP authentication mechanism AUTHENTICATIONSERVLET
  • 19 ACCESS CONTROL
  • 21
  • ACCESSCONTROLLER 22
  • <ruleset> <accepts> <rule op=eq> <valueof target="Gender"> <valueof constant="female"> </rule> </accepts> </ruleset> RULEACCESSCONTROLLER. RULESETSERVICE 23
  • 25 PASSWORD EXPIRATION
  • /atg/userprofiling/ExpiredPasswordService enabled=true passwordValidForNumDays=30 redirectPath=expirePassword.jsp /atg/dynamo/servlet/pipeline/ExpiredPasswordServlet localUrlsToAllow=/style/css/style1.jsp PASSWORD EXPIRATION 27
  • PASSWORD EXPIRATION Confidential 28
  • PASSWORD EXPIRATION Confidential 29
  • INSERTING SERVLETS IN THE PIPELINE
  • STEPS TO CREATE PIPELINE SERVLET Add the servlet to /atg/dynamo/servlet/Initial.initialServices Set the new servlet’s nextServlet property Reset the previous servlet’s nextServlet property Define global scope component Extend atg.servlet.pipeline.PipelineableServletImpl
  • PIPELINEBLESERVLET
  • INSERTABLESERVLET
  • 1. Disable unnecessary servlets 2. Add new servlets if required Ex. Reprice order functionality HOW TO USE?
  • 35Confidential PROFILE MARKERS
  • USER PROFILE MARKERS
  • 37Confidential PASSWORD
  • Confidential 38
  •  ATG 10.0 /atg/userprofiling/PropertyManager/  ATG 10.1 /atg/userprofiling/InternalPropertyManager/ PASSWORD HASHING Confidential 39
  •  SHA-256 algorithm with a random salt, and iteratively rehashes the result. ATG 10.1 OOTB PASSWORD HASHING Confidential 40
  •  MD5 algorithm and then encodes the result using base 16 encoding ATG 10.0 OOTB PASSWORD HASHING Confidential 41
  •  passwords will be stored and compared in clear text DISABLE PASSWORD HASHING Confidential 42
  • PASSWORDRULECHECKER Confidential 43
  • THANK YOU! QUESTIONS?