Security You can review the concepts underlying the security of the Sterling Store Engagement application. AuthenticationAuthentication identifies users who have access to the application. AuthorizationAuthorization enables you to grant permissions to a user for different resources. It occurs after you are authenticated in an application.Adding login pagesThe underlying UI framework enables you to set up more than one login page.Supporting multiple guest usersWith the underlying UI framework, your authentication process can include the authentication of one or more guest users for a particular URL of the application. Adding request validatorsThe underlying UI framework allows you to set up more than one validation for a request.Cross site request forgeryThe underlying framework provides protection for the application against cross-site request forgery (CSRF), which maliciously exploits a web site where unauthorized commands are transmitted from a user that the web site trusts. Protecting against CSRF attacksYou can protect against CSRF attacks. Enabling cross-frame protectionYou can implement cross-frame protection for your application.Authorization - resource and resource permissionAny request from application must be authorized to ensure that the current user has appropriate permissions to make the request.Mashup securityAPI Security is turned off for Sterling Store Engagement. Instead, a similar feature is implemented in the mashup layer.
