Retrieving WCToken and WCTrustedToken from user activity in Controller Command

Code to retrieve WCToken and WCTrustedToken from user activity id of user

 ActivityToken token = commandContext.getActivityToken();
             String identitySignature = token.getSignature();
             String identityId = token.getActivityGUID().getGUID().toString();
       
             // generate the WCToken
             Map<String, Object> identityTokenInfo = new HashMap();
             identityTokenInfo.put(MemberFacadeConstants.EC_USERID, new String[] { userId.toString() } );
             identityTokenInfo.put(MemberFacadeConstants.ACTIVITY_TOKEN_ID, new String[] { identityId } );
             identityTokenInfo.put(MemberFacadeConstants.ACTIVITY_TOKEN_SIGNATURE, new String[] { identitySignature } );
             Map<String, String> commerceTokens = CommerceTokenHelper.generateCommerceTokens(identityTokenInfo);
           
             String wcToken = commerceTokens.get(CommerceTokenHelper.WC_TOKEN);
             String wcTrustedToken = commerceTokens.get(CommerceTokenHelper.WC_TRUSTED_TOKEN);
       
             LOGGER.info("wcToken : "+wcToken);
             LOGGER.info("wcTrustedToken :"+wcTrustedToken);
        

The user does not have the authority to run this command "com.ibm.commerce.order.beans.OrderDataBean" during cart merge

Problem Statement:

After successful user login, MigrateUserEntriesCmd will be called for user and cart migration. During this process, we encounter below exception in the logs

Caused by: com.ibm.commerce.exception.ECApplicationException: The user does not have the authority to run this command "com.ibm.commerce.order.beans.OrderDataBean".

               at com.ibm.commerce.beans.DataBeanManager.directActivate(DataBeanManager.java:732)

               at com.ibm.commerce.beans.DataBeanManager.activate(DataBeanManager.java:290)

               at com.ibm.commerce.beans.DataBeanManager.activate(DataBeanManager.java:188)

               at com.ibm.commerce.order.facade.server.commands.AbstractFetchOrdersSOICmdImpl.performExecute(AbstractFetchOrdersSOICmdImpl.java:416)

               at com.ibm.commerce.foundation.internal.server.command.impl.CommandTarget.executeCommand(CommandTarget.java:66)

               at com.ibm.ws.cache.command.CommandCache.executeCommand(CommandCache.java:332)

               at com.ibm.websphere.command.CacheableCommandImpl.execute(CacheableCommandImpl.java:166)

               at com.ibm.commerce.order.facade.server.commands.GetOrderCmdImpl.performExpression(GetOrderCmdImpl.java:89)

               at com.ibm.commerce.foundation.server.command.bod.AbstractGetBusinessObjectDocumentCmdImpl.performExecute(AbstractGetBusinessObjectDocumentCmdImpl.java:158)

               at com.ibm.commerce.foundation.server.command.bod.BusinessObjectCommandTargetImpl.executeCommand(BusinessObjectCommandTargetImpl.java:112)

Root cause of the issue:

When MigrateUserEntriesCmd calling OrderItemMoveCmd->OrderCopyCmd->OrderItemUpdateCmd->DoInventoryCmd, it cloned a command context with the new user(registered user) and pass this cloned context to the commands. It works for the commands(controller or task cmd), but  it current case, AbstractOrderFacadeClient is called to invoke component service.

Component service doesn't respect cloned command context, and it retrieves user Id from active session, in which the user is still old user(guest user), so there is the access control issue

Resolving this problem:

APAR JR56905 has been created to address the issue.  Install the APAR to resolve the issue. Available as a part of Fix pax 9

Invalid contractId: 400158002 was specified: Exception in Search Server

Problem Statement:

Error Description:

Caused by: java.lang.RuntimeException: Invalid contractId: 400158002 was specified.

        at com.ibm.commerce.foundation.internal.server.services.search.util.StoreHelper.getUsableContractAsList(StoreHelper.java:1856)

        at com.ibm.commerce.foundation.internal.server.services.search.util.StoreHelper.getUsableContractAsString(StoreHelper.java:1726)

        at com.ibm.commerce.foundation.internal.server.services.search.util.EntitlementHelper.getContractFromRemoteOrLocal(EntitlementHelper.java:559)

        at com.ibm.commerce.foundation.internal.server.services.search.util.EntitlementHelper.getFinalUsableContract(EntitlementHelper.java:529)

Root Cause:

Two reasons for the occurrence of the issue

(a)    Search Server does not recognize multiple organizations for the user.

(b)   Mismatch in session key between wc-server.xml and namespace binding variable configured in WAS console.

Resolving the issue:

(a)    Search Server does not recognize multiple organizations:

  User having affiliation (organization participant role) to multiple organization will get affected. Search sever could only recognize one organization.  Find below URL for information to resolve it

http://www-01.ibm.com/support/docview.wss?uid=swg1JR53170

(b)   Mismatch in session key between wc-server.xml and namespace binding variable

(i)                  Verify the namespace binding variable

com.ibm.commerce.foundation.server.services.commerce.integration.sessionkey value

configured in WAS console

matches with the value configured in wc-server.xml

<Instance BootstrapMulti="wcs.bootstrap_multi_en_US.xml,wcs.bootstrap_multi_fr_FR.xml,wcs.bootstrap_multi_de_DE.xml,wcs.bootstrap_multi_it_IT.xml,wcs.bootstrap_multi_es_ES.xml,wcs.bootstrap_multi_pt_BR.xml,wcs.bootstrap_multi_zh_CN.xml,wcs.bootstrap_multi_zh_TW.xml,wcs.bootstrap_multi_ko_KR.xml,wcs.bootstrap_multi_ja_JP.xml,wcs.bootstrap_multi_ru_RU.xml,wcs.bootstrap_multi_ro_RO.xml,wcs.bootstrap_multi_pl_PL.xml,wcs.bootstrap_multi_en_US.xml," ChannelOrgDN="ou=Channel Organization,o=Manufacturer Organization,o=Root Organization" ConfigFilePath="/opt/ibm/wcs70/instances/emdi" DefaultLang="-1" DefaultStoreAlias="wcsstore" DistributorProxyOrgDN="ou=distributor proxy organization,o=demand chain management organization,o=root organization" EnableDoubleClickHandler="true" FrameSupported="true" InstanceName="emdi " InstanceType="local" MerchantKey="GHjhjkkjki9gtybsgsyahsysjsu" PDIEncrypt="on" PVCHeader="false" ParentResellerOrgDN="o=reseller organization,o=root organization" SessionKey=" erqnGdwspRHNCwroW9KbvsHhhzzjKbNpLNBZxUOLDIejsBzfHwEU6V3Q ==" SiteAdminID="wcsadmin" SiteAdminPassword="TG/pdVG3OJV42j8Sgc8/Ww==" StoreWebModuleName="Stores" SupportedLanguages="-1, -2, -3, -4, -5, -6, -7, -8, -9, -10, -20, -21, -22, -23" UseGlobalInstance="false" WCSInstallDir="/opt/ibm/wcs70" WorkspacePath=""/>

(ii)                If both values are different  then we will see the exception specified above

JVM argument in WAS to control the Scheduler jobs to run in particular JVM

In typical Websphere commerce application, we have numerous scheduler job that needs to run.
In a clustered environment we may not know in which JVM job is running. We can control in which JVM a WCS Scheduler job to run. To achieve this we have 2 step process.

(i) The configuration  WebSphere Application Server.
(ii)  WCS schedule job parameter configuration

The configuration in WebSphere Application Server:

Assume that we have 3 nodes (newyork1, newyork2 and newyork3) and each node has 3 JVMS.

newyork1  ---- WC_dsmi01a,WC_dsmi02a,WC_dsmi03a
newyork2  ---- WC_dsmi01b,WC_dsmi02b,WC_dsmi03b
newyork3  ---- WC_dsmi01c,WC_dsmi02c,WC_dsmi03c

1)    Log onto the WebSphere Administrative Console.

2)    Select Servers > Application Servers.

3)    Select WebSphere Commerce Server name. For example, WC_dsmi01.

4)    On the Application Servers panel, under the Server Infrastructure heading, select Java and Process Management > Process Definition.

5)    On the Process Definition panel, under the Additional Properties heading, select Java Virtual Machine.

6)    In the middle window, on the right-hand side under the Additional Properties heading, select Custom Properties.

7)    Click New. A new page opens for you to add additional JVM properties.

8)    In the Name field, enter com.ibm.commerce.scheduler.SchedulerHostName.

9)    In the Value field, enter the unique identifier of the scheduler instance on this Java process. A recommended value would be: node name.server name. This will be unique across WebSphere Cell.

10)    Add JVM this argument in each WC JVM

For example,

For node newyork1 and cluster WC_dsmio1a, the value can be newyork1node.WC_dsmi01a

For node newyork2 and cluster WC_dsmio1b, the value can be newyork2node.WC_emdi01b

For node  newyork1 and cluster WC_dsmio2a, the value can be newyork1node.WC_dsmi02a

11)    Save and Sync

12)    Restart the WC application servers

(ii) WCS schedule job parameter configuration

If we want to run the SendEmailActivity job on the particular node (newyork1) and JVM WC_dsmi02a, add the value newyork1node.WC_dsmi02a  in Allowed host parameter as shown below

(b) You can verify this in table SCHCONFIG table where allowed host value stored in SCCHOST field.

For more detail please refer to below URL:

https://www.ibm.com/support/knowledgecenter/SSZLC2_7.0.0/com.ibm.commerce.admin.doc/tasks/tjsinstschjob.htm

Reload SOLR Schema and delete records from SOLR core

Reload the SOLR schema without restarting the server

http://<host>:<port>/solr/admin/cores?action=RELOAD&core=<core_name>

Where:

host : SOLR host
port: port number in which service is running
core_name- Name of the core which needs to be reloaded

Delete the entire records from the core.

http://<host>:<port>/solr/<core_name>/update?commit=true&stream.body=<delete><query>*:*</query></delete>

where

host : SOLR host

port: port number in which service is running

core_name- Name of the core from where records need to be cleared.

ERR_PARTIAL_AUTHENTICATION_NOT_ALLOWED: Partial authentication not allowed for the current request. Login with your user name and password and try again.

Issue: ERR_PARTIAL_AUTHENTICATION_NOT_ALLOWED:

When accessing the REST API the, user getting below JSON response

{"errors":[{"errorParameters":"","errorCode":"CWXFR0222E","errorKey":"ERR_PARTIAL_AUTHENTICATION_NOT_ALLOWED","errorMessage":"CWXFR0222E: Partial authentication not allowed for the current request. Login with your user name and password and try again."}]}

Resolving the issue:

For the custom REST API that is accessible to all user types (Guest, Generic and Registered)

(a)    Go to the folder Rest/WebContent/WEB-INF/config/com.ibm.commerce.rest-ext

(b)   Create a new file wc-rest-security.xml under this folder.

(c)    Place the below entry into the file

<security>

<partialAuthentication enabled="true" resource=<REST URL> method="GET"/>

</security>

For e.g, if your custom REST API is as below

   http://<hostname>/wcs/resources/store/{storeId}/get_tax?taxid=1000

<security>

<partialAuthentication enabled="true" resource=”store/{storeId}/get_tax” method="GET"/>

</security>

Resolving Message Selector issue with Websphere commerce server

Problem Statement:

In an omnichannel system, orders will be placed to OMS through multiple channels. Order response from OMS (order management system) will be placed in the web methods topic to which multiple systems can subscribe to it. WCS is one of the systems to subscribe. If we do not put filters then all the messages placed in the topic will be consumed by WCS. This puts an unnecessary overhead on the system resource. Message selector will come in handy which filters out the message that is not intended for the system.
Sample message selector configuration in ejb-jar.xml of message driven bean is given below

<activation-config-property>

     <activation-config-propert-name>messageSelector</activation-config-propert-name>

      <activation-config-propert-value>ResponderProcessId=’WCSSTORE’</activation-config-propert-value>

</activation-config-property>

This means that message with responderprocessId =’WCSSTORE’ will reach WCS.

After deployment, ejb-jar.xml will look like below in the server

<activation-config-property>

     <activation-config-propert-name>messageSelector</activation-config-propert-name>

      <activation-config-propert-value>ResponderProcessId=&apos;WCSSTORE&apos;</activation-config-propert-value>

</activation-config-property>

On starting the server, Listener will fail to start with below exception

0000000a MDBListenerIm W   WMSG0019E: Unable to start MDB Listener OrderResponse, JMSDestination jms/poResponseTopic : javax.jms.InvalidSelectorException: [BRM.10.1100] JMS: Selector syntax error: Lexical error at line 1, column 20.  Encountered: "&" (38), after : ""

at com.webmethods.jms.selector.JmsSelector.JmsSelectorToBrokerFilter(JmsSelector.java:122)

at com.webmethods.jms.selector.JmsSelector.JmsSelectorToBrokerFilter(JmsSelector.java:74)

at com.webmethods.jms.impl.WmMessageConsumerImpl.createFilter(WmMessageConsumerImpl.java:1468)

at com.webmethods.jms.impl.WmMessageConsumerImpl.<init>(WmMessageConsumerImpl.java:91)

at com.webmethods.jms.impl.WmTopicSubscriberImpl.<init>(WmTopicSubscriberImpl.java:28)

at com.webmethods.jms.impl.WmSessionImpl.createDurableSubscriber(WmSessionImpl.java:1226)

at com.webmethods.jms.loadbalance.connection.WmClusterMessageConsumerImpl.createConsumer(WmClusterMessageConsumerImpl.java:178)

at com.webmethods.jms.loadbalance.connection.WmClusterMessageConsumerImpl.<init>(WmClusterMessageConsumerImpl.java:106)

at com.webmethods.jms.loadbalance.connection.WmClusterTopicSubscriberImpl.<init>(WmClusterTopicSubscriberImpl.java:41)

Reason for this issue

 (a) The problem is that the application server ALWAYS rewrites the ejb-jar.xml file during deployment.  IBM fixed this in newer versions of WAS a few years ago, and now WAS only writes the ejb-jar.xml file if it needs to add new information.
(b)   WebMethods broker cannot unescape the escaped characters. It cannot convert &apos: to ‘ as it does not have any specific settings to do this on the broker.  Since Web methods broker could not able to recognize the &apos; server failing to start.
(c)    This issue will not happen in WAS version 7.0.0.31 and it happens in WAS version 7.0.0.37.

Resolving the issue:

(a)    An iFix PI63953 needs to be applied.( 7.0.0.37-WS-WAS-IFPI63953.pak)

(b)   Even with the fix, the application server will still rewrite the ejb-jar.xml during deployment if the ejb-jar.xml does not have complete information.  The app server scans the EJB class files and   
might find information about the business methods that needs to be written to the ejb-jar.xml file to make it complete. 

(c)      To avoid this rewrite of the file, you need to make sure the ejb-jar.xml file is complete before you deploy it.  i.e Deploy the application. Take the ejb-jar.xml from server and compare it with the original. If any tags are missing then add those tags and do full build and deployment.

(d)   With this change the ejb-jar.xml will not be rewritten by WAS.