This section describes optional application-specific configurations you may choose to include for the Account
plugin.
Custom Date Formats
Some cartridges, such as the AccountPersonalInformation
cartridge, require date formats. These cartridges reference the /atg/store/i18n/CustomDateFormatter
component to determine the pattern to be used for dates. You can choose to specify custom dates for your application, for example, the B2CStore
application module specifies the following date formats for each locale in CommerceAccelerator/Applications/B2CStore/Base/src/main/config/atg/store/i18n/CustomDateFormatter.properties
:
customDateFormats=\ en=MM/dd/yyyy,\ de=dd.MM.yyyy,\ es=MM/dd/yyyy
If you do not specify any custom date formats, the format defaults to DateFormat.SHORT
as defined by Java for the customer’s locale.
Account Menu Links
The handler for the AccountMenu
cartridge is of type LinkMenu
, and it specifies a list of menu options (links) that should be rendered for the Account menu. Because these links are application-specific, the configuration for them should exist in the application directory. For example, the CommerceAccelerator/Applications/B2CStore/Plugins/Account/src/main/config/atg/endeca/assembler/cartridge/handler/AccountMenu.properties
file configures the account menu to render different links for authenticated shoppers and anonymous shoppers:
menuOptions=\ unauthenticatedMenuOptions=\ login=login,\ authenticatedMenuOptions=\ personalInformation=account:\ orderHistory=account/orders:\ addressBook=account/addressbook:\ paymentInformation=account/billing:\ changePassword=account/changepassword:\ checkoutDefaults=account/defaults
Access Controllers
Access control is used to manage access to a URL or REST service under certain circumstances; for example, authenticated shoppers should be able to access URLs that unauthenticated shoppers cannot. There are two accessor components, included in the Account
module, that allow the application to determine if a shopper is logged in or not:
The
CommerceAccelerator/Plugins/Account/src/main/config/atg/userprofiling/NotLoggedInAccessController
component references the/atg/targeting/NotLoggedInRuleSetService
component that resides in theCommerceAccelerator/Plugins/Account
module. TheNotLoggedInRuleSetService
component contains a rule to determine if the current shopper is not logged in.The
CommerceAccelerator/Plugins/Account/src/main/config/atg/userprofiling/LoggedInAccessController
component references the/atg/targeting/LoggedInRuleSetService
component that resides in theCommerceAccelerator/Plugins/Account
module. TheLoggedInRuleSetService
component contains a rule to determine if the current shopper is logged in.
Determining if a shopper is logged in or not allows the application to restrict access to certain pages or REST services to authenticated users only. To create these restrictions, the Account
module configures access control rules in the /atg/dynamo/servlet/dafpipeline/AccessControlServlet
component. The rules provide mappings between paths and the AccessController objects that control access to those paths. For example, in the rules shown below, the LoggedInAccessController
controls access to the /rest/model/atg/userprofiling/ProfileActor/logout
REST service, meaning that only shoppers who have logged in will be able to access the REST service that logs them out.
accessControllers+=\ /rest/model/atg/userprofiling/ProfileActor/summary=\ /atg/rest/userprofiling/LoggedInAccessController,\ /rest/model/atg/userprofiling/ProfileActor/logout=\ /atg/rest/userprofiling/LoggedInAccessController,\ /rest/model/atg/userprofiling/ProfileActor/logout-success=\ /atg/rest/userprofiling/AllAccessController,\ /rest/model/atg/userprofiling/ProfileActor/logout-error=\ /atg/rest/userprofiling/AllAccessController
Because site URLs and REST services are often application-specific, application modules will likely need to augment the rules provided in the Account
module itself. For example, the B2CStore
module configures the following application-specific overrides in the CommerceAccelerator/Applications/B2CStore/Plugins/Account/src/main/config/atg/dynamo/servlet/dafpipeline/AccessControlServlet.properties
file:
accessControllers+=\ /csa/login=/atg/userprofiling/NotLoggedInAccessController,\ /csa/account/register=/atg/userprofiling/NotLoggedInAccessController,\ /csa/account=/atg/userprofiling/LoggedInAccessController,\ /csa/account/orders/view=/atg/rest/userprofiling/AllAccessController # The URL to redirect to if access is denied. If the AccessController # supplies its own deniedAccessURL, it will overwrite this value. deniedAccessURL=/csa/login
The B2CStore
module also overrides the deniedAccessURL
in both the NotLoggedInAccessController
and the LoggedInAccessController
components. Because the LoggedInAccessController
restricts access to authenticated shoppers, this component redirects the shopper to the /csa/login
page when access is denied, providing the shopper with the ability to log in quickly. The NotLoggedInAccessController
redirects shoppers to the /csa/home
page when access is denied.