Introduction to Access Control in Cortex

Cortex uses authentication tokens and Apache Shiro to manage access to Cortex resources.

Authentication

After a customer logs in, the client application uses the end-user credentials to request an authentication token from Cortex. The authentication token allows access to different resources depending on the user’s role.

For information on how the Cortex uses authentication tokens to allow customers to access its resources, see Cortex Authentication.

Authorization

Handling roles and permissions on Cortex’s side is Apache Shiro, a RBAC (Role Based Access Control) framework. Shiro provides a dynamic security model where roles and permissions can be configured at run time. Each of your Cortex API resources has a set of permissions assigned that controls what resource operations a given user is authorized to perform.

For information on how the Cortex utilizes Apache Shiro to manage roles and permissions, see Cortex Authorization.

Commerce

7.5.x

Introduction

Configuring Cortex

Development Guide

Caching

API Basics

How to Manage Accounts

How to Implement Catalog Searches

How to Implement Carts

How to Implement Promotions

Checkout

Customer

Catalog

Search

Introduction to Access Control in Cortex

Authentication

Authorization