This document discusses various aspects of profile management in ATG including:
- The DAF servlet pipeline and how it handles requests
- Tracking both anonymous and registered users through profiles and sessions
- Security status values and how they control access
- Password management features like expiration, hashing, and rules
11. Set up auto-login
CookieManager
sendProfileCookies=true
ProfileRequestServlet
verifyBasicAuthentication=false
TRACKING REGISTERED USERS
11
12.
13. PROFILEREQUESTSERVLET
creates an instance of the atg/userprofiling/Profile
create a cookie containing the Profile ID of the current guest
user
Auto-logs in
maintain persistent
information: persistentAnonymousProfiles=true
15. Value Login method used
0 Anonymous
1 Auto Login by URL parameter
2 Auto Login by Cookie
3 Login by HTTP basic auth
4 Explicit login or registration by http
5 Explicit login or registration by https
6 Certificate provided
Group Explanation
0 The user is unknown
1,2 Auto login. Personalization is fine by restricted access to sensitive pages.
4,5 Explicit login. Full access
3,6 Project specific
SECURITY STATUS VALUES
17. <dsp:droplet name="Compare">
<dsp:param bean="Profile.securityStatus" name="obj1"/>
<dsp:param bean="PropertyManager.securityStatusLogin"
name="obj2"/>
<dsp:oparam name="lessthan">
<!-- send the user to the login form -->
<dsp:include page="login_form.jsp"></dsp:include>
</dsp:oparam>
<dsp:oparam name="default">
<!-- allow the user to proceed to the protected content -->
<dsp:include page="protected_content.jsp"></dsp:include>
</dsp:oparam>
</dsp:droplet>
SECURITY STATUS USAGE
17
30. STEPS TO CREATE PIPELINE SERVLET
Add the servlet to /atg/dynamo/servlet/Initial.initialServices
Set the new servlet’s nextServlet property
Reset the previous servlet’s nextServlet property
Define global scope component
Extend atg.servlet.pipeline.PipelineableServletImpl