IBM Websphere commerce: January 2016

Friday, January 22, 2016

Rule based sales categories in ibm wcs

You can create and use rule-based sales categories in a sales catalog to help you create sales categories quickly and more efficiently. Rule-based sales categories are a type of sales category that uses a search-based, user-defined rule with WebSphere Commerce search to find and automatically assign catalog entries to the category. By using rule-based sales categories, such as for large categories or frequently changing categories, you can reduce the time that is needed to assign or update the catalog entries for the category.
Enabling rule-based sales categories

Procedure

1. Go to the following directory and open your custom wc-admin-component.xml catalog component configuration file for editing:

WCDE_installdir\xml\config\com.ibm.commerce.catalog-ext

Note: If the custom com.ibm.commerce.catalog-ext directory and wc-admin-component.xml file does not exist for your site, you must create the directory and file

2. Go to the following directory and open the default wc-admin-component.xml catalog features component configuration file:

WCDE_installdir\xml\config\com.ibm.commerce.catalog-fep

The wc-admin-component.xml file in this directory includes configuration properties that you set to change the behavior of catalog-related features. The RuleBasedCategoryConfiguration configuration grouping in this file includes the configurable properties that are specific to rule-based sales categories.

3. Copy the following RuleBasedCategoryConfiguration configuration grouping from the default wc-admin-component.xml configuration file into the corresponding location in your custom wc-admin-component.xml configuration file.

<_config:configgrouping name="RuleBasedCategoryConfiguration">
<_config:property name="evaluationEnabled" value="false"/>

<_config:property name="evaluationHostname" value="" />

<_config:property name="evaluationTimeInterval" value="-1" />

</_config:configgrouping>

4. In your custom wc-admin-component.xml configuration file, enable the evaluationEnabled configurable property by setting the value for the property to "true". This property indicates whether the rules for rule-based categories can be applied to the categories. This setting applies for all rule-based sales categories in the system. When the rule is applied to a category, WebSphere Commerce search uses the rule to find catalog entries that match the search filters in the rule. The catalog services then assign the catalog entries to the category. The resulting relationships between the catalog entries and the category are stored in the CATGPENREL database table.

Note: You can reset the enablement configuration setting and other rule-based sales category configuration settings by changing the values for the properties and refreshing the RuleBasedCategoryConfiguration registry in the WebSphere Commerce administration console.

If your custom wc-admin-component.xml file includes only the RuleBasedCategoryConfiguration grouping, the contents of your file can look like the following file:

<_config:DeploymentConfiguration xmlns:_config=http://www.ibm.com/xmlns/prod/commerce/foundation/config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.ibm.com/xmlns/prod/commerce/foundation/config ../xsd/wc-admin-component.xsd">
<_config:extendedconfiguration>

<_config:configgrouping name="RuleBasedCategoryConfiguration">

<_config:property name="evaluationEnabled" value="true" />

<_config:property name="evaluationHostname" value="" />

<_config:property name="evaluationTimeInterval" value="-1" />

</_config:configgrouping>
</_config:extendedconfiguration>
</_config:DeploymentConfiguration>

Optional: Configure the properties that control the use of a EvaluateRuleBasedCategories job for automatically reapplying rule-based sales category rules. By configuring these properties, the rule evaluation and application job can run automatically after a configured amount of time elapses from the last time that the rule was evaluated.In your custom wc-admin-component.xml configuration file, set a value for the evaluationHostname configurable property. This property ensures that the EvaluateRuleBasedCategories job runs on only a single node. Consider setting a value for this property to isolate the process for finding and assigning catalog entries to rule-based sales categories from other processes.

Set the value for this evaluationHostname property to be the hostname for the server that you want the EvaluateRuleBasedCategories job to run on.

Set a value for the evaluationTimeInterval configurable property to be a positive value. This value is the time interval in seconds that elapses before the job runs to reapply the rule for a category. The default value for this property is "-1", which indicates that the evaluation job is to never run.

When the time interval elapses, the EvaluateRuleBasedCategories job runs to reapply the rule to a category. This interval is measured independently for each rule-based category from the time that the rule was last applied.

Save and close the file.

Now create rule based category from MC
1. Create a rule-based sales category as follow:
To create a category in a sales catalog: On the explorer view, right-click a sales catalog or sales category. Click New Rule-Based Sales Category

2. Defining the rule for assigning catalog entries to a rule-based sales category : Now go to rule

tab, Following options are available

Expand the Search conditions for finding catalog entries to automatically assign to this category section. Specify one or more of the following search conditions for the rule to use to find and assign catalog entries to the category. These catalog entries are combined with any specific catalog entries that you assign to the category.

a. Catalog entry properties: You can use any of the following types of properties:

· Code
· Manufacturer Name
· Manufacturer Part Number
· Name
· Short Description
To use other catalog entry properties, an IT developer must customize the target to include the properties as search filters.

b. Categories
You can use master categories and sales categories. When you include a category, the category and all of its child categories are searched for catalog entries that match the search filter conditions.

c. Attribute dictionary attributes
If you want to use an attribute dictionary attribute, the attribute must be enabled for use in merchandising.
In below example we are using Attribute

3. Make Sure “Use in the merchandising is checked for using this feature

4.Under reference section you can see all product having particular attribute.

5. Under rule tabyou can create short criteria aswell.

Wednesday, January 20, 2016

Integrate WebSphere Commerce and Pinterest

Why integrate IBM WebSphere Commerce and Pinterest

IBM WebSphere Commerce

IBM WebSphere Commerce (WC) provides an e-commerce platform that delivers seamless and consistent omni-channel shopping experiences, including mobile, social, and in-store shopping experiences. WebSphere Commerce engages your customers with immersive brand experiences through contextually relevant content, marketing. and promotions while extending your brand across customer touch points.

Pinterest has introduced Buyable Pins to their mobile application. When a pinned item in the Pinterest app shows a blue price, you will also see a blue Buy It button, indicating that the item can be purchased from the retailer, directly via the Pinterest app – no need to pause your pinning activities to bounce out to the retailer’s web site!

Business Value

Your marketing team recognizes the power of social media, and knows that many of the people browsing Pinterest have the intention of shopping for the items they see and love. If you are using WC as your eCommerce platform, you can use this asset to accelerate the integration of Pinterest Buyable Pins with your own WC environment.

Very good article : integrate IBM WebSphere Commerce and Pinterest

Monday, January 18, 2016

jQuery Selector

#No Syntax Description

---------------------------------------------------------------------------------------

1. $(this) Current HTML element

2. $(".intro") All elements with class="intro"

3. $("#intro") The first element with id="intro"

4. $("p") All <p> elements

5. $("p.intro") All <p> elements with class="intro"

6. $("p#intro") All <p> elements with id="intro"

7. $("p#intro:first-child") The first <p> element with id="intro"

8. $("ul li:first-child") The first <li> element of each <ul>

9. $("ul li:last-child") The last <li> element of each <ul>

10. $("ul li:nth-child(4)") The fourth <li> element of each <ul>

11. $("div#intro .head") All elements with class="head" and id="intro" of DIV

12. $("[href*='User']") All elements with href contains "User"

13. $("[href^='User']") All elements with href start with "User"

14. $("[href$='.html']") All elements with an href attribute

that ends with ".html"

15. $("[href*='User'] div") AND condition for Getting all element

which have href contains "User" and inner element div

16. $("[href*='User'],div") OR condition for Getting all element

which have href contains "User" or div element

17. $("[href!='UserInfo.html']") NOT condition for Getting all element

which have href not equle to "UserInfo.html"

18. $("div > input#User") Getting all element which have a parent element is

DIV and next element is INPUT have a id User

19. $("div").find("input#User") Getting all element of parent element is

DIV and child element is INPUT have a id User

20. $("div").not(".UserInfo, #UserId") Getting all div element which not have a

class USERINFO or id is USERID

Thursday, January 14, 2016

Duplicate Emails issue in IBM WCS

Getting Duplicate Emails

Configuring your store to avoid sending multiple marketing e-mails to the same e-mail address

Procedure

1. Open the WebSphere Commerce configuration file.

2. Locate the section of the file that starts with the <Instance element.

3. Within the <Instance element, add the attribute filterDuplicateEmails="true", as shown in the following example:

<Instance BootstrapMulti="wcs.bootstrap_multi_en_US.xml,"

. . . . . . . . .

InstanceName="demo"

filterDuplicateEmails="true"

InstanceType="local"

. . . . . . . . . . .

WCSInstallDir="D:\WebSphere\CommerceServer70"

WorkspacePath="" />

4. Save and close the file.

5. Propagate the changes to the WebSphere Commerce configuration file.

Enhancing security in IBm WCS

Enhancing security in IBm WCS

1. Protecting against Cross-site Scripting (XSS) Attacks

What a Cross Site Scripting vulnerability?

Cross-site Scripting allows an attacker to alter the behavior of your site in many ways, such as inserting HTML, running JavaScript or displaying images.

How it occur :

Lets take below line of code :

<li class=”current”>${searchTerm}</li>

http://<servername>/webapp/wcs/stores/servlet/SearchDisplay?categoryId=&storeId=10001&catalogId=10001&langId=-1&sType=SimpleSearch&resultCatEntryType=2&showResultsPage=true&searchSource=Q&pageView=&beginIndex=0&pageSize=12&searchTerm=boys+shirts

If someone were to modify this to something malicious, similar to the following:

It will produce unwanted result.

To control it :

This code By converting to HTML Entities, the browser will display the text as entered instead of running it as though it was a script (HTML, JavaScript, ect.).

Using the above example, the input was encoded into HTML entities similar to the following:

</div><img src=http://<servername>/<someimage>.jpg><div>

Although the XSiteScriptingProtection is enabled in wc-server.xml for the Store by default, it didn't stop this particular case. The OOTB prohibitedChar rules are defined to stop script tags. Adding all possible HTML tags could impact both performance and store functionality.

Refer : Protectingagainst Cross-site Scripting (XSS) Attacks

2. Enabling WhiteList data validation

When enabled, WhiteList data validation ensures that when a URL command or view is run, the parameter values conform to a specified regular expression. For example, you can configure it so that the storeId must be an integer. When a WhiteList violation is detected, the request is changed to the ProhibCharEncodingErrorView view. WhiteList data validation is disabled by default.

Procedure

1. Open the WebSphere Commerce configuration file.

2. Search for the following element outside of the <Module> element:

<XSiteScriptingProtection display="false" enabled="true" name="Cross Site Scripting Protection">

3. Insert the following sample WhiteList configuration before the preceding element, and modify it to suit your business needs:

<WhiteListProtection enabled="true" name="WhiteListProtection" display="false">

<param name="storeId" regex="[-]?[0-9]*"/>

<param name="langId" regex="[-]?[0-9]*"/>

<param name="catalogId" regex="[-]?[0-9]*"/>

<param name="categoryId" regex="[-]?[0-9]*"/>

<param name="productId" regex="[-]?[0-9]*"/>

<param name="parent_category_rn" regex="[-]?[0-9]*"/>

<param name="physicalStoreId" regex="[-]?[0-9]*"/>

<param name="geoNodeId" regex="[-]?[0-9]*"/>

</WhiteListProtection>

<XSiteScriptingProtection display="false" enabled="true" name="Cross Site Scripting Protection">

Where:

WhiteListProtection.enabled

Global flag to enable or disable WhiteList data validation. Valid values are true or false.

WhiteListProtection.param.name

The name of the parameter to be validated.

WhiteListProtection.param.regex

The regular expression that defines the allowed values. The regular expression syntax is based on the standard that is used by Java.

For the regular expression syntax, see the Sun Class Pattern Java API documentation.

WhiteListProtection.param.maxLength

The maximum number of characters allowed.

4. In each web module that requires WhiteList data validation, search for the corresponding Module element. For example, the Stores web module element:

<Module contextPath="/webapp/wcs/stores" fileServletEnabled="false" name="Stores"

urlMappingPath="/servlet" webAlias="/wcsstore">

<InitParameters adapters="XML/HTTP, BrowserAdapter" contextSetName="Store" handleDoubleClick="true"/>

<URLRedirectFilter enable="true"/>

</Module>

5. Insert a WhiteListProtection element to enable this feature for that web module:

For instance, to enable WhiteList data validation in the Stores web module, the WhiteListProtection element is added in the following snippet in bold:

<Module contextPath="/webapp/wcs/stores" fileServletEnabled="false" name="Stores"

urlMappingPath="/servlet" webAlias="/wcsstore">

<InitParameters adapters="XML/HTTP, BrowserAdapter" contextSetName="Store" handleDoubleClick="true"/>

<URLRedirectFilter enable="true"/>

<WhiteListProtection enable="true"/>

</Module>

Note: If the WhiteListProtection element is not specified for a web module, the default WhiteListProtection value is false (WhiteList data validation disabled).

6. Start your WebSphere Commerce instance if it is not already started.

Tuesday, January 12, 2016

Encrypting data using EncryptionFactory in IBM WCS

The following are the encryption providers that you can use for encrypting / decrypting data:

ActiveProvider: This provider is responsible for encrypting and decrypting sensitive data to be stored in the database, for example credit card numbers. The encryption key is the merchant key.

SessionProvider: This provider is responsible for encrypting and decrypting external facing data such as values in a cookie. The encryption key is the session key.

To retrieve a particular encryption provider, call this method:

EncryptionFactory.getInstance().getProvider("name of provider")

To encrypt data that uses an encryption provider, call the encrypt() method. For example, to encrypt data to be stored in the database, use the ActiveProvider (merchant key):

com.ibm.commerce.foundation.common.util.encryption.EncryptionFactory.getInstance()

.getProvider("com.ibm.commerce.server.ECConstants.EC_ENCRYPTION_ACTIVEPROVIDER")

.encrypt("myDataToEncrypt");

Similarly, to decrypt data that uses an encryption provider, call the decrypt() method. For example, to decrypt data from the database, use the ActiveProvider (merchant key):

com.ibm.commerce.foundation.common.util.encryption.EncryptionFactory.getInstance()

.getProvicer("com.ibm.commerce.server.ECConstants.EC_ENCRYPTION_ACTIVEPROVIDER")

.decrpypt("myEncryptedData");

Immediately send password reset notification e-mails

Configure WebSphere Commerce to immediately send password reset notification e-mails

When a user resets their password, by default the request is queued in the MSGSTORE table and the temporary password is not e-mailed to the customer until the SendTransactedMsg scheduled job is run.

To modify the behavior of the reset password notification logic, select one of the following solutions:

1. Increase the frequency of the SendTransactedMsg scheduled job, which sends out the temporary password notification e-mail. This might not be ideal as you might still experience some delay based on the frequency of the scheduled job.

You can modify the scheduled job's frequency by updating the Schedule interval value in the WebSphere Commerce Administration Console.

2. Recommended: Leverage the sendImmediate () method within SendPasswordNotificationCmdImpl.performExecute() as SendPasswordNotificationCmdImpl makes use of the sendTransacted() method, which stores the reset password notification in the MSGSTORE table. For more information on the default behavior of SendPasswordNotificationCmdImpl,

SendMsgCmd sendMsgCmd = (SendMsgCmd)CommandFactory.createCommand(

"com.ibm.commerce.messaging.commands.SendMsgCmd", getStoreId());

sendMsgCmd.setMsgType("PasswordNotify");

sendMsgCmd.setStoreID(getStoreId());

TypedProperty tp = new TypedProperty();

tp.put("resetPasswordUrl", passwordNotifyMsg);

tp.put("LANGUAGE_ID", getCommandContext().getLanguageId());

sendMsgCmd.compose("NDFPasswordNotify", getCommandContext(), tp);

sendMsgCmd.sendImmediate();

sendMsgCmd.setCommandContext(getCommandContext());

sendMsgCmd.execute();

If you want the password reset notification e-mails to be sent to customers immediately after the request is made, you must extend and replace SendPasswordNotificationCmdImpl.performExecute() to use sendImmediate() rather than sendTransacted(). This sends the message directly to the customer instead of queuing it in the MSGSTORE table and waiting for the SendTransactedMsg job to run.

public void sendImmediate()

This method sends the message immediately to recipients. The caller is blocked until the message has been sent.

public void sendTransacted()

This method stores the message in the MSGSTORE database table. At a predetermined time, the WebSphere Commerce scheduler invokes a job that sends all messages stored in batch mode. Using this method ensures that a send occurs only after the caller has committed or terminated successfully. This method should be used if blocking a call using the sendImmediate() method cannot be tolerated.

Configure the X-Frame-Options header settings

Configure the X-Frame-Options header settings to help you protect your site against Clickjacking. Clickjacking is a technique that tricks a web user into clicking a malicious site, thinking that it is your site. This malicious site can then reveal confidential information or take control of the user's computer.

Procedure

Include the X-Frame-Options header with a response. The Feature Pack 8 Aurora store has the X-Frame-Options header enabled in Stores.war/Aurora/Common/EnvironmentSetup.jspf. You can include this X-Frame-Options header by using one of the following options:

• Use the IBM HTTP Server (IHS)

Enabling the header with IHS is the more popular technique and this technique ensures that the header is included with all responses. To include the X-Frame-Options header, use a command that is similar to the following command, which appends the X-Frame-Options header SAMEORIGIN to responses:

Header always append X-Frame-Options SAMEORIGIN

• Use the WebSphere Commerce application.

1. Go to the following directory:

Store_archivedir/Aurora/common

2. Open the EnvironmentSetup.jspf for editing and add the following line of code:

response.setHeader("X-Frame-Options","SAMEORIGIN");

3. Save and close the file.

Refer : Configure the X-Frame-Options header settings

IBM Websphere commerce