IBM WCS - IBM WEBSPHERE COMMERCE

  authenticate :  specifies whether the view requires that the user is authenticated, i.e. that the user has to be a registered user (not guest or generic user). <action path="/RequisitionListDisplayView" type="com.ibm.commerce.struts.BaseAction"> <set-property property=" authenticate " value="10001:1"/> </action> credentialsAccepted:   is used when you have partially authenticed users, i.e. users that have been remembered via the Remember Me function. If a user has not specifically authenticated (i.e. logged on via the Logon command), but has been remembered via the Remember Me persistent cookie, that user is considered partially authenticated my Commerce. <action path="/LogonCmd" parameter="com.ibm.commerce.catalog.commands.LogonCmd" type="com.ibm.commerce.struts.BaseAction"> set-property property="credentialsAccepted" value="0:P" /> </action&

responseProperties.put(ECConstants.EC_VIEWTASKNAME, ECConstants.EC_GENERIC_REDIRECTVIEW); responseProperties.put(ECConstants.EC_REDIRECTURL, "WCSHintsandTipsView");

When we define a view or command as secured page using https in struts-config file then that will add a krypto parameter as shown in the below URL while redirecting. Krypto will have all  the parameters encrypted  as shown below. https://localhost/webapp/wcs/stores/servlet/OrderItemDisplayView?catalogId=10051&langId=-1&storeId=10151&krypto=aLt1shhBswovwONoDZJPI8liwcvzrdPaOx1EbnlkrQ3VPLOhpVtYeHFelH5HQ42q9hFv9GQY%2BQPV614V9IOvBtPrRYsDxyPw5BXJXgRz%2F2DsikPE0TLzXyYIzhkv6MTvGcLs8k1B0eNeiwUNT%2BbkNKyiNIs%3D If we want to prevent certain parameters to be exempted from being encrypted and added in the Krypto then we need to make an entry for those parameters in    the wc-server.xml in the NonEncryptedParameters  section.     <NonEncryptedParameters display="false"> <Parameter name="storeId"/> <Parameter name="langId"/> <Parameter name="catalogId"/> <Parameter name="categoryId"/> <

Cross-site request forgery (CSRF) is a type of malicious attack that tricks a user into sending unintended requests. For example, an attacker can trick an authenticated user into clicking a link to update their personal information. Web Sphere Commerce accepts this request as valid, as proper session cookies exist as part of the request. When cross-site request forgery protection is enabled, a designated URL parameter that is called authToken is required to be included as part of the request. The parameter value is generated by WebSphere Commerce and passed to the page in a request attribute with the same name. The authToken parameter is available only on SSL protected pages because this token must not be apparent. Only sensitive URLs that use SSL should require this protection. Identify the action to protect. For example, UserRegistrationAdd. Open the Struts configuration file where the action is defined. Add a property to the action. Name the property, csrfProtect

ECApplicationException : This exception is thrown if the error is related to user input and will always fail. For example, when a user enters an invalid parameter, an ECApplicationException is thrown. When this exception is thrown, the solution controller does not retry the command, even if it is specified as a retriable command. ECSystemException: This exception is thrown if a runtime exception or a Websphere Commerce configuration error is detected. Examples of this type of exception include create exceptions, remote exceptions, and other EJB exceptions. When this type of exception is thrown, the solution controller retries the command if the command is retriable and the exception was caused by either a database deadlock or database rollback. Both of the exception types are classes that extend from the ECException class, which is found in the com.ibm.commerce.exception package. In order to throw one of these exceptions, the following information must be specified

Management Centre vs Commerce Accelerator 1.For promotions and espot configurations, which is a better approach - management center or accelerator? Considering the management center's design, its complex structure takes more time in implementing new modifications as compared to accelerator modifications. 2.We can view the status what change's we did in Management Center, If we did any wrong it shows an error, but in Accelerator the error is not shown. 3.Management center provides a rich UI with features like drag and drop. There is a possibility that in some future releases Commerce Accelerator may be removed. With current release it is not possible as it is tightly coupled with the framework. 4.For an end user perspective Management Center will be the preferred tool. Being a flash based tool it is slow but very user friendly. 5.Management Center, It's sometimes slow but it provides more usability such as drag and drop,etc which makes it a favorite tool for the

Description about Controller Command. The abstract class and interface are both found in the com.ibm.commerce.command package. A new controller command should extend the abstract controller command class ( com.ibm.commerce.command.ControllerCommandImpl). When writing a new controller command, you should override the following methods from the abstract class: isGeneric(): In the standard WebSphere Commerce implementation there are multiple types of users. These include generic, guest, and registered users. Within the grouping of registered users there are customers and administrators. The generic user has a common user ID that is used across the entire system. This common user ID supports general browsing on the site in a manner that minimizes system resource usage. It is more efficient to use this common user ID for general browsing, since the Web controller does not need to retrieve a user object for commands that can be invoked by the generic user. The isGeneric