Use the Password Protected Commands node of the Configuration Manager to enable or disable the password protected commands feature. When this feature is enabled, WebSphere Commerce requires registered who are logged onto WebSphere Commerce to enter their password before continuing a request that runs designated WebSphere Commerce commands.
Caution: When you configure password protected commands, some of the commands shown in the command selection list can be executed by generic or guest users. Configuring such commands as password protected will restrict generic and guest users from running them. Therefore, you should exercise caution when you con
To enable this feature:
To use the password protected commands security feature, you need to define the PasswordReEnterErrorView and the PasswordReEnterFormView views for your store as described in Password protected commands.
- Open the Configuration Manager.
- Traverse to the Password Protected Commands node for your instance as follows: WebSphere Commerce> host_name > Instance List > instance_name > Instance Properties > Password Protected Commands
- In the General tab:
- To activate the password protected commands feature, click Enable.
- Enter number of retries in the Retries field. (The default number of retries is 3.)
- In the Advanced tab:
- Select a WebSphere Commerce command you wish to protect from the list in the Password Protected Command List window and click Add. The command you have selected is listed in the Current Password Protected List window.
- If you wish to disable password protection for any WebSphere Commerce command, select the command in the Current Password Protected Command list window and click Remove.
- To apply your changes to Configuration Manager, click Apply.
- Upon successfully updating the configuration for your instance, you will receive a message indicating a successful update.
- From the WebSphere Application Server Administration Console, stop then restart the WebSphere Commerce Server instance.
Note: WebSphere Commerce will only display the commands that are designated as authenticated or set with the https flag in the URLREG table in the list of available commands.