The Order Owner Security Policy extends the Standard Security Policy, which has all the base functionality for interpreting the Access Control Lists (ACL). ACLs grant or deny access to secure objects. The atg.security.StandardSecurityPolicy
class is provided as part of the Oracle ATG Web Commerce platform. For more information on the Standard Security Policy, see the Managing Access Control chapter of the Platform Programming GuidePlatform Programming Guide.
The Order Owner Security Policy appends the ACL returned by Standard Security Policy with additional ACLs that either grant or deny access to specific personas. Personas can be users, roles or organizations. The Order Owner Security Policy appends the ACL with the persona of the order owner. The order object is an incoming method parameter.
The orderParameterNames
property of the /atg/commerce/security/orderOwnerSecurityPolicy
component allows you to configure the parameter names that can represent the order. By default the orderParametNames
is set to look for an order parameter with one of the following names: Order
, Orderobj
, orderId
, or order
(in that order). If the method being secured uses a different name for the parameter that represents the order, you can reconfigure the orderParameterNames
property to include that name.