Monday, April 7, 2014

Encryption key based algorithms in Commerce | Error Invalid Key Size

I have encountered this since older versions of commerce, all the way to V7 and this could happen with any type of key based encrypted algorithms. In this scenario, I was testing AESCipher using AES encryption but can happen working on multiple algorithms with larger key size.

This error is caused by restrictions in some countries with key size and hence the default Java spec does not provide unlimited key strength as a default configuration and it requires the policy jars to be updated.

Back up the following files from C:\IBM\SDP\runtimes\base_v7\java\jre\lib\security and get the latest files for IBM JDK and replace with these existing files and restart. Do not get these files below from as IBM uses it's own SDK.

Steps to download the IBM JDK security files:

This step would be required on all the server environments similarly to update the policy files.

Thursday, April 3, 2014

Freaky toolkit | Error | Loose archive URI

When adding a new custom payment plugin project or any new EJB project.  One of the options that is selected is added project to EAR (WC) and one of the configurations is to add the Module dependency in WC project. From my experience, it is important to generate a localized version of new module in the file and then perform WC publish.

  W org.eclipse.jst.j2ee.commonarchivecore.internal.strategy.LoadStrategyImpl collectFilesFromLooseArchives Archive URI [ C:\IBM\WCDE_ENT70\workspace\WC ]: Loose archive URI [ CustomPaymentPlugin.jar ] Loose Archive [ org.eclipse.jst.j2ee.commonarchivecore.looseconfig.internal.impl.LooseLibraryImpl@4b1e4b1e (uri: CustomPaymentPlugin.jar, binariesPath: C:\IBM\WCDE_ENT70\workspace\CustomPaymentPlugin\ejbModule, resourcesPath: C:\IBM\WCDE_ENT70\workspace\CustomPaymentPlugin\ejbModule) ]: Already mapped to [ (URI: CustomPaymentPlugin.jar, lastModified: 0, size: 0, directoryEntry: , originalURI: CustomPaymentPlugin.jar) (types: null) ]


        <dependent-module archiveName="CustomPaymentPlugin.jar" deploy-path="/" handle="module:/resource/CustomPaymentPlugin/CustomPaymentPlugin">

As a practice if org.eclipse.wst.common.component is getting checked into repository by developers.
Some times it may break your sever start with the above error and for the developer who works on the module, it may work as the module number is a generated on a local toolkit but for others, they need to go into the above dialog by WC-->right click->properties and goto Java EE module dependencies and uncheck and click ok and go back in there and check the corresponding module and click ok so the localized version is generated and publish WC project

Tuesday, March 25, 2014

Access Control Policies overview !!

There are 2 levels of access controls provided for WebSphere Commerce.
1. WAS protects EJB's and Servlets.
2. WebSphere Commerce provides low level fine grained access control  framework based on access control policies to various types of users (registered/guest/customer service rep/sales managers).
3. It is always recommended to guard a WebSphere Commerce Server is always by a Firewall that will help internet clients from not being able to directly access resource in WebSphere Commerce.

WebSphere Application Server layer security and access control: 

1. Servlets and EJB's are configured to be invoked only by a chosen identity through declarative security and hence during EJB creation, we select use identity of EJB server and using identity of EJB server field ensures that all EJB beans run under the same identity for security.
2. WAS provides multiple security features such as 1. Global Security. 2. security domains can be configured with different scope 3. WAS utilizes SSL for secure connection between client and server and hence any third party integration's requires certificates to be installed. 4. In cases where standard authentication is not sufficient, WAS supports JAAS for higher level of security.

WebSphere Commerce Access Control Framework: Authorization model

Info center provides a good read on users/actions/resources//relationships but i am going to start with the practical case. There are always cases when we need to implement a custom access policy but most of the times, when adding access control in *ACP.xml. There are 2 levels of access control
  •    Command Level access control
  •    Resource Level access control
"Access control policies are enforced by the access control Policy Manager. 
In general, when a user attempts to access a protected resource, the access control policy manager first determines what access control policies are applicable for that user 
and then, based upon the applicable access control policies, it determines if the user is allowed to perform the requested operation on the given resource".

Most developers need to get the basic view and command level entries right, which is explained below and only on few times, would get an opportunity to implement custom access policy.

1. We create actions for views and commands
<Action Name="ABCItemExtView" CommandName="ABCItemExtView" />
<Action Name="ABCSyncPersonControllerCmd" CommandName="ABCSyncPersonControllerCmd" />
<Action Name="com.custom.soi.member.commands.ABCSyncPersonControllerCmd" CommandName="com.custom.soi.member.commands.ABCSyncPersonControllerCmd"></Action>
2. Assign actions to action groups as ActionGroupAction for views 
E.g. action groups
<ActionGroup Name="ProductManagersViews" OwnerID="RootOrganization">
<ActionGroup Name="AllSiteUsersViews" OwnerID="RootOrganization">
<ActionGroup Name="RegisteredUserViews" OwnerID="RootOrganization">
<ActionGroup Name="CustomerServiceRepresentativeViews" OwnerID="RootOrganization">
Assignment example:
<ActionGroup Name="ProductManagersViews" OwnerID="RootOrganization">
      <ActionGroupAction Name="ABCItemExtView"/>

<ActionGroup Name="RegisteredUserViews" OwnerID="RootOrganization">
       <ActionGroupAction Name="ABCSyncPersonControllerCmd" />

3. Creating resource categories for commands

4. Assigning resource category to resource groups for commands as ResourceGroupResource

e.g. Resource groups
<ResourceGroup Name="AllSiteUserCmdResourceGroup" OwnerID="RootOrganization">
<ResourceGroup Name="CustomerServiceRepCmdResourceGroup" OwnerID="RootOrganization">
<ResourceGroup Name="RegisteredUserCmdResourceGroup" OwnerID="RootOrganization">

<ResourceGroup Name="BecomeUserCmdsResourceGroup" OwnerID="RootOrganization">
Assignment example:
<ResourceGroup Name="AllSiteUserCmdResourceGroup" OwnerID="RootOrganization">
<ResourceGroupResource Name="com.custom.soi.member.commands.ABCSyncPersonControllerCmdResourceCategory" />

Run acpload or in V7, dataloader will take care of it as it would internally run the ACPLoad
select * from acresgrp where acresgrp_id in
select acresgrp_id from acresgpres where acrescgry_id =
(select acrescgry_id from acrescgry where resclassname like '%ABCSyncPersonControllerCmd%')

select * from acpolicy where acactgrp_id in (select acactgrp_id
from acactactgp where acaction_id
in (select ACACTION_ID from ACACTION where ACTION = 'ABCItemExtView'))

select groupname from ACACTACTGP a, ACACTGRP b where acaction_id = (select acaction_id from ACACTION where action like '%ABCItemExtView%')
and a.acactgrp_id = b.acactgrp_id


WAS: WebSphere Application Server
SSL : Secure Socket Layer
JAAS: Java Authenticating and Authorization services

Friday, February 28, 2014

Struts actions AjaxComponentServiceAction !!

This is not your usual forward mapping to a JSP or an action mapping to a command
 This is an example of calling a component service from an ajax style request and this must be define a struts action in struts-config-ext.xml. Plese find below a snippet.

   <action parameter="member.updateAddressForPerson" path="/AjaxPersonChangeServiceAddressUpdate" type="">
            <set-property property="authenticate" value="0:0"/>
            <set-property property="https" value="0:0"/>
            <set-property property="csrfProtected" value="0:0"/>

e.g. Service actions above can be used in refresh areas example below. After completion of the command, the struts action forwards the JSP file  that generates a JSON , with response property containing success or failure details.

        id: "AjaxUpdateAddressForPerson",
        actionId: "AjaxUpdateAddressForPerson",
        url: getAbsoluteURL() + "AjaxPersonChangeServiceAddressUpdate",
        formId: ""

     * hides all the messages and the progress bar
     * @param (object) serviceResponse The service response object, which is the
     * JSON object returned by the service invocation
        ,successHandler: function(serviceResponse) {
     * display an error message
     * @param (object) serviceResponse The service response object, which is the
     * JSON object returned by the service invocation
        ,failureHandler: function(serviceResponse) {

            if (serviceResponse.errorMessage) {
            else {
                 if (serviceResponse.errorMessageKey) {


Reference: For more information on checkout controls, please review IBM infocenter.

Sunday, February 9, 2014

IP address change | could cause staleConnectionException wiith remote DB

If you guys have worked with DB2 from VM. This could happen from periodically. Just be vary to uncatalog and catalog with the new IP address.

[12:44:55:179 EDT] 0000000c SystemOut     O WC.TOOLKIT: Enterprise /
[12:44:55:170 EDT] 0000000c SystemErr     R [jcc][t4][2055][11259][4.13.80] The database manager is not able to accept new requests, has terminated all requests in progress,
or has terminated this particular request due to unexpected error conditions detected at the target system.
ERRORCODE=-4499, SQLSTATE=58009DSRA0010E: SQL State = 58009, Error Code = -4,499
[12:44:55:171 EDT] 0000000c SystemErr     R     at
[12:44:55:171 EDT] 0000000c SystemErr     R     at
[12:44:55:171 EDT] 0000000c SystemErr     R     at
[12:44:55:171 EDT] 0000000c SystemErr     R     at
[12:44:55:171 EDT] 0000000c SystemErr     R     at
[12:44:55:171 EDT] 0000000c SystemErr     R     at
[12:44:55:172 EDT] 0000000c SystemErr     R     at

Commands to uncatalog and catalog in DB2:

db2 catalog tcpip node remote 144.149.XX.X server 50000
db2 catalog database as at node
db2 terminate

EJB adding a resource reference in toolkit | JDE Integration

Adding a resource reference is required for multiple purposes and one example would for JDE Integration.
When you need to connect to a third party or external resource. Click the deployment descriptor the EJB project and goto the references tab and click add reference.

A resource is created ejb-jar.xml block and a resource is created ibm-ejb-jar-bnd.xmi:

Monday, November 18, 2013

Bing Integration with Jquery

Bing provides an interesting to alternative to Google maps for integration and if you want to integrate using Jquery. Please copy paste the example in a .html file and test it with a zip-code or city.

The key that I have in the example below will expire in 90 days so please use the below link to create a new key:

Copy the below section after this line in a .html  file:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "">
<html xmlns="">
    <title>Use Bing Maps REST Services with jQuery to build an autocomplete box and find a location dynamically</title>
    <script src="" type="text/javascript"></script>
    <script src="" type="text/javascript"></script>
    <link href="" rel="stylesheet" type="text/css" />
    <style type="text/css">
            background: white url('images/ui-anim_basic_16x16.gif') right center no-repeat;
            width: 25em;

    <script type="text/javascript">
        $(document).ready(function () {
                source: function (request, response) {
                        url: "",
                        dataType: "jsonp",
                        data: {
                            key: "AlJKmxkiJg2u0CIDEyaTM6CWC9jQ_q1pf4_xzxPdEJoaT_KsgKRy73ksHyl24oe5",
                            q: request.term
                        jsonp: "jsonp",
                        success: function (data) {
                            var result = data.resourceSets[0];
                            if (result) {
                                if (result.estimatedTotal > 0) {
                                    response($.map(result.resources, function (item) {
                                        return {
                                            data: item,
                                            label: + ' (' + item.address.countryRegion + ')',
                minLength: 1,
                change: function (event, ui) {
                    if (!ui.item)
                select: function (event, ui) {

        function displaySelectedItem(item) {
            $("#searchResult").empty().append('Result: ' +' (Latitude: ' + item.point.coordinates[0] + ' Longitude: ' + item.point.coordinates[1] + ')');
        <div class="ui-widget">
            <label for="searchBox">
            <input id="searchBox" />
        <div id="searchResult" class="ui-widget" style="margin-top: 1em;">