Your SlideShare is downloading. ×
0
ATG Advanced Profile Management
ATG Advanced Profile Management
ATG Advanced Profile Management
ATG Advanced Profile Management
ATG Advanced Profile Management
ATG Advanced Profile Management
ATG Advanced Profile Management
ATG Advanced Profile Management
ATG Advanced Profile Management
ATG Advanced Profile Management
ATG Advanced Profile Management
ATG Advanced Profile Management
ATG Advanced Profile Management
ATG Advanced Profile Management
ATG Advanced Profile Management
ATG Advanced Profile Management
ATG Advanced Profile Management
ATG Advanced Profile Management
ATG Advanced Profile Management
ATG Advanced Profile Management
ATG Advanced Profile Management
ATG Advanced Profile Management
ATG Advanced Profile Management
ATG Advanced Profile Management
ATG Advanced Profile Management
ATG Advanced Profile Management
ATG Advanced Profile Management
ATG Advanced Profile Management
ATG Advanced Profile Management
ATG Advanced Profile Management
ATG Advanced Profile Management
ATG Advanced Profile Management
ATG Advanced Profile Management
ATG Advanced Profile Management
ATG Advanced Profile Management
ATG Advanced Profile Management
ATG Advanced Profile Management
ATG Advanced Profile Management
ATG Advanced Profile Management
ATG Advanced Profile Management
ATG Advanced Profile Management
ATG Advanced Profile Management
ATG Advanced Profile Management
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

ATG Advanced Profile Management

1,370

Published on

ATG Advanced Profile Management: …

ATG Advanced Profile Management:
-DAF Servlet Pipeline
-Tracking users
-Security status
-Access control
-Auto login
-Profile markers
-Password management

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,370
On Slideshare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
82
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  1. Kate Soglaeva ADVANCED ATG PROFILE MANAGEMENT
  2.  DAF Servlet Pipeline  Tracking users  Security status  Access control  Auto login  Profile markers  Password management AGENDA
  3. DAF SERVLET PIPELINE
  4.  PageFilter starts the DAF servlet pipeline by calling DynamoHandler PAGEFILTER
  5. startRequestServletName
  6. TRACKING USERS
  7. Users anonymous registered USERS 8
  8. •Transient profile •Transient order Session started •Persistent profile •Persistent order Registration USERS 9
  9. 1. Store anonymous users # /atg/userprofiling/ProfileRequestServlet persistAfterLogout=true persistentAnonymousProfiles=true 2. Update required properties TRACKING ANONYMOUS USERS 10
  10. Set up auto-login CookieManager  sendProfileCookies=true ProfileRequestServlet  verifyBasicAuthentication=false TRACKING REGISTERED USERS 11
  11. PROFILEREQUESTSERVLET creates an instance of the atg/userprofiling/Profile create a cookie containing the Profile ID of the current guest user Auto-logs in maintain persistent information: persistentAnonymousProfiles=true
  12. 14 SECURITY STATUS
  13. Value Login method used 0 Anonymous 1 Auto Login by URL parameter 2 Auto Login by Cookie 3 Login by HTTP basic auth 4 Explicit login or registration by http 5 Explicit login or registration by https 6 Certificate provided Group Explanation 0 The user is unknown 1,2 Auto login. Personalization is fine by restricted access to sensitive pages. 4,5 Explicit login. Full access 3,6 Project specific SECURITY STATUS VALUES
  14.  Extract profile by DYN_USER_ID PROFILEREQUEST 16
  15. <dsp:droplet name="Compare"> <dsp:param bean="Profile.securityStatus" name="obj1"/> <dsp:param bean="PropertyManager.securityStatusLogin" name="obj2"/> <dsp:oparam name="lessthan"> <!-- send the user to the login form --> <dsp:include page="login_form.jsp"></dsp:include> </dsp:oparam> <dsp:oparam name="default"> <!-- allow the user to proceed to the protected content --> <dsp:include page="protected_content.jsp"></dsp:include> </dsp:oparam> </dsp:droplet> SECURITY STATUS USAGE 17
  16.  provides authentication using the Basic HTTP authentication mechanism AUTHENTICATIONSERVLET
  17. 19 ACCESS CONTROL
  18. 21
  19. ACCESSCONTROLLER 22
  20. <ruleset> <accepts> <rule op=eq> <valueof target="Gender"> <valueof constant="female"> </rule> </accepts> </ruleset> RULEACCESSCONTROLLER. RULESETSERVICE 23
  21. 25 PASSWORD EXPIRATION
  22. /atg/userprofiling/ExpiredPasswordService enabled=true passwordValidForNumDays=30 redirectPath=expirePassword.jsp /atg/dynamo/servlet/pipeline/ExpiredPasswordServlet localUrlsToAllow=/style/css/style1.jsp PASSWORD EXPIRATION 27
  23. PASSWORD EXPIRATION Confidential 28
  24. PASSWORD EXPIRATION Confidential 29
  25. INSERTING SERVLETS IN THE PIPELINE
  26. STEPS TO CREATE PIPELINE SERVLET Add the servlet to /atg/dynamo/servlet/Initial.initialServices Set the new servlet’s nextServlet property Reset the previous servlet’s nextServlet property Define global scope component Extend atg.servlet.pipeline.PipelineableServletImpl
  27. PIPELINEBLESERVLET
  28. INSERTABLESERVLET
  29. 1. Disable unnecessary servlets 2. Add new servlets if required Ex. Reprice order functionality HOW TO USE?
  30. 35Confidential PROFILE MARKERS
  31. USER PROFILE MARKERS
  32. 37Confidential PASSWORD
  33. Confidential 38
  34.  ATG 10.0 /atg/userprofiling/PropertyManager/  ATG 10.1 /atg/userprofiling/InternalPropertyManager/ PASSWORD HASHING Confidential 39
  35.  SHA-256 algorithm with a random salt, and iteratively rehashes the result. ATG 10.1 OOTB PASSWORD HASHING Confidential 40
  36.  MD5 algorithm and then encodes the result using base 16 encoding ATG 10.0 OOTB PASSWORD HASHING Confidential 41
  37.  passwords will be stored and compared in clear text DISABLE PASSWORD HASHING Confidential 42
  38. PASSWORDRULECHECKER Confidential 43
  39. THANK YOU! QUESTIONS?

×