TMG Security Framework for SAP Hybris
The TMG Security Framework for SAP Hybris solves complex security requirements for rule based front-end UI restrictions and backend object data access of modern commerce applications
As organizations begin to mature their commerce presence, they look at platforms such as SAP Hybris to replace disparate applications supporting different channels of business, such as internal employees, external partners and vendors. The goal is to create a single application/portal for all areas of business to transact seamlessly. To achieve this, one common requirement is the ability to restrict a user's view of page elements (text fields, inputs, buttons, lists, sections, links, etc...) based on a defined set of rules. Most of the time, if not always, these rules extend beyond simple user groups. For example, in a B2B quoting application we may want to take the quote's status into account, along with product details, total price, several user attributes, etc... before we display the quoting screens. The exact rule sets can be complex and will be different across projects.
There really isn't a standard solution for this problem. One direction could be to code complex if statements, but this would lead to unreadable code that is difficult to test and extend. The WCMS and content slots could be another approach, but security really isn't the intention this tool. Add in the potential of 100's of fields and/or elements to secure, it would become terribly inefficient to evaluate a page. Bottom line, these approaches would result in complex custom coding which is hard to maintain - especially when it comes to future platform upgrades / enhancements.
This is the gap the TMG Security Framework fills. The framework allows developers to control UI visibility on the frontend and secure objects of any type in the backend in a manner that is consistent and supports a configuration based approach. The framework is a set of Hybris Extensions that can be used in any SAP Hybris project scenario, B2B or B2C, a new project or an existing one. Both SAP Hybris 5 and 6 are supported.
The framework supports the ability to secure any combination of OOTB and/or custom objects as well as use any object for security rule criteria. These objects can be of any type, e.g. Models, Beans and DTOs. We also support any page element including values with in those elements, e.g. values with in drop down lists.
Frontend & Backend Security
Not only do we provide the ability to hide, disable or restrict elements on the frontend, we've built in backend logic to ensure the solution is 'secure'. For example, if a savy user hacks a value of a read only field on the frontend, our framework will use the security rules in our services layer to 'wipe clean' any attributes the user doesn't have permissions to change.
We also clean attributes of data being sent to the client. If you are using ajax where a user can view traffic over the network or a web service that needs to send data that is 'secured', the client will never see attributes and values they aren't intended to since the framework will remove them.
Intuitive Implementation (Impex Based)
The framework was designed to be easily integrated into your project with minimal affect on the existing implementation. The security rules are defined in SAP Hybris Impex format. This provides the ability for rules to be changed at runtime without builds or restarts.
In some scenarios where complex data mining is required for rules, we provide interfaces for coding hooks to get data.
We utilize caching layers to provide the most efficient experience for your users. We also provide the ability to group secured attributes together with the same rule criteria so they are all evaluated together, reducing the page load time greatly in many cases.
Realtime debugging tools are built into the front-end application, providing the following:
These debugging tools are turned on and off globally by Hybris system properties that can be changed at runtime. Once turned on, the tool is accessible on a per user session basis by setting a URL parameter. This provides the ability to debug a single user session without having to affect other users in the application. The debugging tool also supports mobile devices smaller screens.
BackOffice & HMC Support
We have also built in support for Hybris 6 BackOffice and also for the HMC. You can view rules, settings and make changes at runtime via these tools.
These tools contain configured List View, Advanced Search Area and Editor Area for each Security Framework related object type.
If you would like to find out more about the framework and if it could benefit your project, please contact us at firstname.lastname@example.org.