This level of security requires that a request sent to WebSphere Commerce contains a user ID and password. If the password does not match the specified user ID, a security exception is thrown and the request is rejected. If the user ID and password are not specified in the request, the request is processed as a guest user. This means that commands that need authorization before executing must have the credentials specified in the request. This form of security behaves in a similar manner to HTTP requests made from a browser client.
The class that implements this security level is:
messaging.programadapter.security.CredentialsSpecifiedProgramAdapterSessionContextImpl.
The validation of credentials uses the same technique used when customers interact with WebSphere Commerce through a browser. This takes into consideration whether the user registration is handled by WebSphere Commerce or a third party software.
All of the WebSphere Commerce supported XML integration messages support this level of security,although credential specification is not mandatory. Legacy messages are not supported by this implementation of security.