Topic
  • 2 replies
  • Latest Post - ‏2013-08-15T18:36:46Z by CQ3A_helen_chen
CQ3A_helen_chen
CQ3A_helen_chen
9 Posts

Pinned topic action defined in ACP policy

‏2013-07-15T21:37:37Z |

Hi there,

when I create a jsp in commerce, I usally define it as VIEW in struts config file, and then this VIEW will be defined as action in access control policy file.

when I create a command class, I usually define it as resourceCategory in access control policy. And I thought that is how we use it.

But I found one oob class RequisitionListCreateCmd is defined as both action and resourceCategory in ACP.  I get confused about action.  why command can be defined as action in ACP? what does action in ACP mean? and can jsp be defined as resourceCategory also?

Can someone explain it to me? I looked at wcs infocenter, still don't understand.

Thanks, Helen

 

  • Yi Xu
    Yi Xu
    15 Posts

    Re: action defined in ACP policy

    ‏2013-08-14T08:15:37Z  

    When a command is executed, firstly, we will do Command-level access control to check if the current user has the authority to execute this command.

    Now the command is treated as "resource".

     

    Secondly, resource level access control is checked, this will check whether this command(controller command) can have authority to access resources such as the OrderDataBean returned by the getResources method of the controller command.  Now, the command is treated as "action" instead of "resource". Refer to the following link.

    http://pic.dhe.ibm.com/infocenter/wchelp/v7r0m0/topic/com.ibm.commerce.developer.doc/tasks/taximpacccont.htm?resultof=%22%67%65%74%52%45%73%6f%75%72%63%65%73%22%20%22%67%65%74%72%65%73%6f%75%72%63%22%20

  • CQ3A_helen_chen
    CQ3A_helen_chen
    9 Posts

    Re: action defined in ACP policy

    ‏2013-08-15T18:36:46Z  
    • Yi Xu
    • ‏2013-08-14T08:15:37Z

    When a command is executed, firstly, we will do Command-level access control to check if the current user has the authority to execute this command.

    Now the command is treated as "resource".

     

    Secondly, resource level access control is checked, this will check whether this command(controller command) can have authority to access resources such as the OrderDataBean returned by the getResources method of the controller command.  Now, the command is treated as "action" instead of "resource". Refer to the following link.

    http://pic.dhe.ibm.com/infocenter/wchelp/v7r0m0/topic/com.ibm.commerce.developer.doc/tasks/taximpacccont.htm?resultof=%22%67%65%74%52%45%73%6f%75%72%63%65%73%22%20%22%67%65%74%72%65%73%6f%75%72%63%22%20

    Thanks Yi Xu, now I understand better.

    Helen