Masking a text field on Hybris Backoffice
Scenario
In Hybris backoffice, within the order data, a paymentinfo is shown. We can click this field and check it out what’s inside of it. When we do that, the information for the Credit Card is shown and can be edited.
As we already know, saving the credit card number which was used for an order is not safe and, to enhance security, payment gateways provide a token strategy. However, for some reasons, companies may want to have the credit card number to be registered into the database. This can happen, perhaps, because of a temporary need of this data for some customized-big-different-solution for payment handling.
While Hybris Backoffice does not mask the credit card number of a payment info in backoffice, a employee of a company that is using backoffice may have access to this sensitive data and it would be nice to avoid it.
Here, then, is the problem:
– there’s a need to mask the credit card number in backoffice so an employee won’t have easy access to it.
Abstract of the possible solution
As for the solution, here’s an idea:
- Create a new configuration in myextension-backoffice-config.xml, that will tell Hybris to force the label of the CreditCardPaymentInfo to behave accordingly to a new bean
- Create a new bean to link the class to Hybris, so he will know what behavior to perform
- Create a new class – i.e. the label provider – which will have the behavior itself
Coding
1. Create a new configuration in myextension-backoffice-config.xml
1 2 3 4 5 6 | <!-- Label for creditcardpayment: hide credit card numbers --> <context type="CreditCardPaymentInfo" component="base" parent="GenericItem" merge-by="type"> <y:base> <y:labels beanId="myExtensionCreditCardLabelProvider" /> </y:base> </context> |
As we can see, this configuration tells Hybris that for now on, the CreditCardPaymentInfo configuration will be merged with this one and will be applied to the type itself – notice the ‘merge-by=”type”‘ attribute. Additionally, we tell Hybris that the new behavior for the labels of this type will be defined in the bean myExtensionCreditCardLabelProvider.
2. Create a new bean to link the class to Hybris, so he will know what behavior to perform
1 2 3 | <alias name="myExtensionCreditCardLabelProvider" alias="myExtensionCreditCardLabelProvider" /> <bean id="myExtensionCreditCardLabelProvider" class="com.cg.myExtension.backoffice.labels.providers.MyExtensionCreditCardLabelProvider"> </bean> |
Here, a new bean is created to inform Hybris about the new behavior. The alias is provided if, in the future, this one shall be overwritten.
3. Create a new class – i.e. the label provider
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 | package com.cg.myextension.backoffice.labels.providers; import de.hybris.platform.core.model.order.payment.CreditCardPaymentInfoModel; import de.hybris.platform.core.model.order.payment.PaymentInfoModel; import java.util.ArrayList; import org.apache.commons.lang.StringUtils; import org.apache.log4j.Logger; import com.hybris.cockpitng.labels.LabelProvider; import com.cg.myextension.services.model.MyExtensionCreditCardPaymentInfoModel; /** * @author Gregoreki * */ public class MyExtensionCreditCardLabelProvider implements LabelProvider<PaymentInfoModel> { private static String maskCardNumber(String value) { if (value == null) { return new String(); } return StringUtils.overlay(value, StringUtils.repeat("*", value.length()-4), 0, value.length()-4); } protected String getItemLabel(PaymentInfoModel paymentInfo) { ArrayList parts = new ArrayList(); if (paymentInfo instanceof CreditCardPaymentInfoModel || paymentInfo instanceof MyExtensionCreditCardPaymentInfoModel) { CreditCardPaymentInfoModel creditCardModel = (CreditCardPaymentInfoModel) paymentInfo; if (creditCardModel.getType() != null) { parts.add(creditCardModel.getType().getCode()); } parts.add(maskCardNumber(creditCardModel.getNumber())); parts.add(creditCardModel.getCcOwner()); } return StringUtils.join(parts, " - "); } @Override public String getLabel(PaymentInfoModel object) { return getItemLabel(object); } @Override public String getDescription(PaymentInfoModel object) { return getLabel(object); } @Override public String getIconPath(PaymentInfoModel object) { return ""; } } |
As said before, this class gives a new behavior to the label of the CreditCardPaymentInfo component on backoffice. It implements LabelProvider
The private method maskCardNumber(String value) returns the masked credit card number. And it’s used inside the overwritten method from the interface getItemLabel(PaymentInfoModel paymentInfo), returning a joined string that contains other information, such as the type code and the owner of the card. This will be the string that is shown to the user.
Note that we have a custom model: MyExtensionCreditCardPaymentInfoModel. This model was created inheriting from CreditCardPaymentInfoModel because of new attributes that the business logic required. As this is not the focus of this article, the details of what’s inside this model is not important and won’t be described here.
Conclusion
In this article we built a new behavior – a new string – to give to Hybris backoffice to show in the CreditCardPaymentInfo field with a masked credit card number, instead of the standard one.