Adding access control to extensions

You can associate an extension point with an access control action. You can configure HCL Commerce to check whether the current user can perform the action before the extension code is invoked, and pass the result to the extension code through the access control context.

The following procedure provides an example for associating an extension point with the action "CSRAction" to check whether the current user is a customer service representative.

Before you begin

  • Register the xC extension code for the stores that need to use the extension.


  1. In your development environment, use the Data Load utility to load the data for updating the registration of an extension to include access control changes.
    1. Save the following CSV file into the WCDE_installdir/samples/DataLoad/xC directory.
      The file adds access control for an extension that validates order quantity. In the file,
      • Notice that the Properties column contains the name-value pair AccessControlActions=CSRAction. By defining the AccessControlActions property, you associate the validate_quantity extension point with the CSRAction access control action.
      • Ensure that you specify a unique integer for the UEConfigId column in the CSV file. The sample uses 1.
    2. Load the data to the database. For more information, see Assigning extension code to extension points.
  2. In your externalized customization implementation code, use the following method to get the resulting Boolean value of the access control check for CSRAction.:
    boolean csrAction = Boolean.parseBoolean(ueRequest.getContextData().getAccessControlContext().get("CSRAction"));
  3. Using the resulting Boolean value, define your logic implementation by using the access control value.
    For example,
    if(csrAction) {
    // CSR-specific logic
    // Non-CSR logic