Friday, July 29, 2011

Krypto | crazyness !!!

When ever a view or command is defined as HTTPS true in struts-config-ext.xml
commerce while redirecting converts all parameters in the URL querty string to a krypto value.
Krypto = encrypted(querystringParameters,merchantKey).
You can bypass params from this krypto by the configuration mentioned below in wc-server.xml

e.g.
storeId=10151&
catalogId=10101&
langId=-1&
orderId=55011&
myName=y

krypto:=7Agv%2BGyHJCuZcMIjIs%2Fd68CfRxuGbxeKNDAGlIEEXgm....

If there are parameters that are required to be not encrypted, commerce provides a configuration to define in wc-server.xml

<NonEncryptedParameters display="false">
<Parameter name="storeId"/>
<Parameter name="langId"/>
<Parameter name="catalogId"/>
<Parameter name="categoryId"/>
<Parameter name="productId"/>
</NonEncryptedParameters>

Problems associated with krypto:
  • Caching nightmare with Krypto. If the params are encrypted, it would be very difficult to define caching parameters so make sure, to add them in the above block. As a best practise all catalog related params, add them to the blocks
  • krypto keeps getting longer and in the older versions of browser, it was a problem where developers had to remove the params and only keep the required one's in request\response.

Sunday, July 24, 2011

Unraveling the code patches !!

For supporting an existing commerce site, performing a code patch is an important feature for the success of an eCommerce platform.
A complete code deploy is not always an option as it could involve a longer down time and even though commerce offers the feature of deploying code on 1 node at a time through Deployment Manager (DM) without bringing down the complete site. The above step is only possible if you don't have database changes.
Also the regression testing for complete code deploy does not make it very ideal. Performing a java code patch e.g. ExtLogonControllerCmdImpl class in package com/company/user/commands

1. If there are any DB related changes. Make them first.
2.Stop 1 server at a time.
3 CD opt/IBM/WebSphere/AppServer/profiles//installedApps/WC__cell/WC_.ear/Stores.war/WEB-INF/classes/
4. Create the complete directory structure of the package and drop the class file. com/company/user/commands/ExtLogonControllerCmdImpl.class.
5. Restart the server.

If you have only JSP changes, drop the JSP in the appropriate folder and delete the JSP cache in temp folder and refresh DynaCache. Does not require a server restart.

Sunday, July 17, 2011

Character Verification on Registration\Forgot Password | Captcha

Recaptcha is a free solution hosted and owned by Google.
Pros: Widely used in the industry, services based solution really easy to impelemnt
Cons:The biggest minus on this is, if you have a strong firewall policy where the outgoing IP/Ports for app servers are blocked. This solution will not work as the IP addresses will change some times and hence it might not be feasible to dynamically open up the firewalls for the new addresses.
Kaptcha is a free Apache license based java solution works with JDK 1.4.2,
Pros: Really easy to implement and drop the jar files, no external webservices required. if you are using V6 and it also works with later versions of JDK hence this would work for V7. Kaptcha uses pixels and previous versions image libraries to refresh the image.
Cons: Does not support audio.


How to use in commerce?

1. Entry in web.xml for the servlet mapping, make this entry after dynacache and other OOB filters.
<servlet>
<servlet-name>Kaptcha</servlet-name>
<servlet-class>com.google.code.kaptcha.servlet.KaptchaServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Kaptcha</servlet-name>
<url-pattern>/kaptcha</url-pattern>
</servlet-mapping>


2. The default implementation has .jpg but if you are using edge caching such as Akamai, removed tha .jpg.
3. Add the external jar file and making a corresponding entry in META_INF (I have a blog on this for reference http://www.ibmwcs.com/2011/06/adding-external-jar-file-to-wcs.html)
4. The API returns HTML collection, you can access in your javascript as follows:
var kaptchaVariable=document.getElementsByName("kaptcha").item(1).value;
5. If you need to refresh the Kaptcha implement a javascript on click and you can do HTML write attribute.
.writeAttribute('src','/webapp/wcs/stores/kaptcha?' + Math.floor(Math.random()*100) );
6. You can also implement an on the img and use the following method
$(AnchorelementPassed).down().writeAttribute('src', '/webapp/wcs/stores/kaptch?' + Math.floor(Math.random()*100) );
7. You can implement in a ajax call or a command but you can validate in validateParameters.
HttpServletRequest request =
((com.ibm.commerce.webcontroller.HttpControllerRequestObject) this
.getCommandContext()
.getRequest())
.getHttpRequest();

String kaptchaValueExpected = (String)request.getSession().
(com.google.code.kaptcha.Constants.KAPTCHA_SESSION_KEY);

Reference: http://www.google.com/recaptcha
http://code.google.com/p/kaptcha/

Tuesday, July 12, 2011

Multiple fulfillment center | Remove the default override

When designing certain eCommerce applications, some businesses have multiple fulfillment centers to choose from and this choice is some times provided to the customers.

Commerce by default overrides the FFMCENTER_ID (fulfillment center) information with the default STORE.FFMCENTER_ID, during order item add functionality.

If you want this value to be not overridden and manually given into the order tunnel commands.
In the ORDERITEMS.PREPAREFLAGS. 3rd bit needs to set.

By default, the prepared flags value is 2048 (100000000000) Binary. Setting the 3rd bit to 1 becomes
(100000000100) =2048+4=2052

int currentPrepFlag =orderItems[i].getPrepareFlagsInEJBType().intValue();
currentPrepFlag |=OrderConstants.PREPAREFLAGS_FULFILLMENT_CENTER_OVERRIDE;
orderItems[i].setPrice(String.valueOf(finalprice));
orderItems[i].setPrepareFlags(new Integer(currentPrepFlag ));
orderItems[i].commitCopyHelper();


Tuesday, July 5, 2011

Components Services | BOD versus SOI confusion !

Component Services are a set of services that follow the
Service Component Architecture (SCA) paradigm, which is a set of specifications which describe a model for building applications and systems using a Service-Oriented Architecture. SCA extends and complements prior approaches to implementing services, and SCA builds on open standards such as Web services.


Earlier versions of component services were based on SOI and the newer versions of the services are based on BOD framework from IBM.

The BOD is definitely IBM's future direction so if your building a new service you should consider BOD but if you want to use existing IBM services and do some customization, the decision to choose BOD vs SOI, lies on How commerce implemented these services.

Main difference between BOD and SOI, BOD uses pattern matching and DSL to the enter the database VS SOI uses controller commands\data beans \access beans.

E.g.

If your developing something in V7, the decision is purely based on what services are available for the requirements that one has.

BOD: SyncInventoryAvailability uses INVAVL tables and Distribute order management as inventory model.

SOI: SyncProductAvailability uses Inventory table with non-ATP inventory model.

If your store model is using non-ATP, go with SOI and if it's using DOM, the BOD service would be the way to go.

References:
http://www.ibm.com/developerworks/library/specification/ws-sca/