Tuesday, December 15, 2020

Input validation of number in JSP

 As per one security flaw in security scan Input Validation : We have to validate input is number or not .

Use below code for same


<jsp:forward page="AccessError.jsp">

<jsp:param name="storeId" value="${WCParam.storeId}" />

<jsp:param name="langId" value="${WCParam.langId}" />

<jsp:param name="catalogId" value="${WCParam.catalogId}" />

</jsp:forward>


Solution used was: 

<c:set var="storeId">
		<c:if test="${WCParam.storeId.matches('[0-9]+')}">
<c:out value="${WCParam.storeId}"/>
</c:if></c:set>

Thursday, August 20, 2020

RestTemplate to POST with UTF-8 encoding

Sometime we see extra character in rest response like Â, â. To overcome this issue We need to add StringHttpMessageConverter to rest template's message converter with charset UTF-8. Like below


RestTemplate restTemplate = new RestTemplate();
restTemplate.getMessageConverters()
        .add(0, new StringHttpMessageConverter(StandardCharsets.UTF_8));


Refer : UTF encoding from rest response

Saturday, July 18, 2020

msgtypes related tables in WCS

select * from msgtypes
select * from profile
select * from iseditatt
select * from cseditatt 

Friday, May 1, 2020

WCS Useful loggers



Struts
com.ibm.websphere.commerce.WC_SERVER=all: org.apache.struts.*=all

REST


com.ibm.commerce.foundation.rest.providers.*=all:com.ibm.commerce.store.taglibs.RESTTag=all:com.ibm.commerce.foundation.internal.client.taglib.HeaderTag=all:com.ibm.commerce.component.internal.client.util.RESTInvoker=all:com.ibm.commerce.component.internal.client.util.RESTHandler=all

Search in WAS


com.ibm.commerce.catalog.*=all:com.ibm.commerce.foundation.*=all:com.ibm.commerce.search.*=all

Search in solr:


com.ibm.commerce.foundation.*=all: com.ibm.commerce.rest.*=all: org.apache.solr.*=all: org.apache.wink.*=all: com.ibm.commerce.solr.*=all

Price index:


com.ibm.commerce.foundation.dataimport.priceindex.*=finest
com.ibm.commerce.price.*=finest
com.ibm.websphere.commerce.WC_ORDER

JPA

*=info:JPA=all:openjpa.*=finer:openjpa.kernel=finest

SQL


com.ibm.ws.rsadapter.jdbc.WSJdbcCallableStatement=finer:
com.ibm.ws.rsadapter.jdbc.WSJdbcStatement=finer:
com.ibm.ws.rsadapter.jdbc.WSJdbcPreparedStatement=finer:
com.ibm.ws.rsadapter.jdbc.WSJccCallableStatement=finer:
com.ibm.ws.rsadapter.jdbc.WSJccStatement=finer:
com.ibm.ws.rsadapter.jdbc.WSJccPreparedStatement=finer

ACPOLICY

com.ibm.websphere.commerce.WC_SERVER=all:com.ibm.websphere.commerce.WC_USER=all:com.ibm.websphere.commerce.WC_ACCESSCONTROL=all:

com.ibm.commerce.component.helper.*=all:com.ibm.commerce.component.registry.*=all:com.ibm.commerce.foundation.logging.*=all

To Get xml in log:  
com.ibm.commerce.foundation.server.command.bod.BusinessObjectDocumentProcessor

In ts-app enable log :
 
 
 run set-dynamic-trace-specification "*=info:com.ibm.websphere.commerce.WC_ORDER=all:com.ibm.commerce.foundation.logging.*=all:com.ibm.commerce.order.facade.server.commands.ComposeOrderDetailsCmdImpl=all:com.ibm.commerce.order.*=all:com.ibm.commerce.foundation.server.command.bod.*=all:com.ibm.commerce.order.event.*=all"

crs-app
run set-trace-specification "*=warning:org.apache.commons.httpclient.*=all:java.net.*=all"


xc-app
run set-trace-specification "*=warning:com.ibm.commerce.order.ue.rest.*=all"





Thursday, April 9, 2020

Decrypt AES encrypted Password in WCS

                   How to Decrypt AES encrypted Password in WCS 

package com.xyz.commerce.me.datatype;

import com.ibm.commerce.ejb.helpers.nc_crypt;
import com.ibm.commerce.util.wrapper.AES128Cryptx;

public class test {
        public static void main(String[] args) throws Exception {

                System.out.println("merchantKey         ");
               
                String key = "PxrEn69MEqvE4rGLFnQoxZl6VAbbxVvQp2bPrDKxAYX=";
                System.out.println("str length         " + key.length());

//TO decrypt merchent key in CustomKeys.xml

                String keyFileValue = "HuRIPYJ92f5mf1iMUDqTLivbros95jcCNTWSjcgDh/dCbdAn9LR+JEEn7X3PsHkhUk+zl6XhSU2rH0RtwKBgwg=="; //value present in keyFile file.
                String KeyEncryptionFileValue= "1234567890abcdef1234567890abcdef"; //Value present in keyEncryptionFile file.


                String decryptedMerchantKey = AES128Cryptx.decrypt(keyFileValue,KeyEncryptionFileValue, false) ;

//Printing decrypted merchant Key
                System.out.println("Decrypted Merchant Key : " +  decryptedMerchantKey);
                String stringToDecrypt = "PxrEn69MEqvE4rGLFnQoxZl6VAbbxVvQp2bPrDKxANM=";//String to decrypt

//printing decrypted password using merchant key

                System.out.println("Decrypted String : " + AES128Cryptx.decrypt(stringToDecrypt,decryptedMerchantKey,false));

        }
}

Wednesday, April 8, 2020

ADMA5014E - The installation of application WC failed



Sometime while doing server clean we are getting below exception :

[4/6/20 13:22:32:576 EDT] 00000099 UninstallSche I   ADMA5017I: Uninstallation of WC started.
[4/6/20 13:23:04:849 EDT] 00000099 UninstallSche I   ADMA5106I: Application WC uninstalled successfully.
[4/6/20 13:25:06:174 EDT] 000000ac InstallSchedu I   ADMA5016I: Installation of WC started.
[4/6/20 13:26:03:189 EDT] 000000ac FfdcProvider  W com.ibm.ws.ffdc.impl.FfdcProvider logIncident FFDC1003I: FFDC Incident emitted on C:\IBM\WCDE_V9\wasprofile\logs\ffdc\server1_a33aa440_20.04.06_13.26.02.9397908970630759559988.txt com.ibm.ws.management.application.task.ConfigureTask.performTask 481
[4/6/20 13:26:03:283 EDT] 000000ac FfdcProvider  W com.ibm.ws.ffdc.impl.FfdcProvider logIncident FFDC1003I: FFDC Incident emitted on C:\IBM\WCDE_V9\wasprofile\logs\ffdc\server1_a33aa440_20.04.06_13.26.03.2214555710547160290204.txt com.ibm.ws.management.application.task.ConfigureTask.performTask 494
[4/6/20 13:26:03:408 EDT] 000000ac InstallSchedu I   ADMA5014E: The installation of application WC failed.
[4/6/20 13:26:03:299 EDT] 000000ac SystemErr     R org.eclipse.jst.j2ee.commonarchivecore.internal.exception.ArchiveWrappedException
Stack trace of nested exception:
org.eclipse.jst.j2ee.commonarchivecore.internal.exception.NoModuleFileException: A file does not exist for module element having uri: Stores.war
at org.eclipse.jst.j2ee.commonarchivecore.internal.impl.ModuleRefImpl.checkType(ModuleRefImpl.java:591)
at org.eclipse.jst.j2ee.commonarchivecore.internal.impl.ModuleRefImpl.initModuleFileFromEAR(ModuleRefImpl.java:167)
at org.eclipse.jst.j2ee.commonarchivecore.internal.impl.ModuleRefImpl.getModuleFile(ModuleRefImpl.java:120)
at org.eclipse.jst.j2ee.commonarchivecore.internal.impl.EARFileImpl.getModuleFile(EARFileImpl.java:175)
at org.eclipse.jst.j2ee.commonarchivecore.internal.impl.EARFileImpl.getDeploymentDescriptor(EARFileImpl.java:851)
at org.eclipse.jst.j2ee.commonarchivecore.internal.impl.ModuleRefImpl.getDeploymentDescriptor(ModuleRefImpl.java:230)
at org.eclipse.jst.j2ee.commonarchivecore.internal.impl.ModuleRefImpl.getDeploymentDescriptor(ModuleRefImpl.java:223)
at com.ibm.ws.management.application.task.ConfigureTask.getModuleNameFromModuleRef(ConfigureTask.java:2056)
at com.ibm.ws.management.application.task.ConfigureTask.createMDsForModuleRefs(ConfigureTask.java:1258)
at com.ibm.ws.management.application.task.ConfigureTask.createMDsIfNeeded(ConfigureTask.java:1095)
at com.ibm.ws.management.application.task.ConfigureTask.reconcileModuleDeployment(ConfigureTask.java:994)
at com.ibm.ws.management.application.task.ConfigureTask.performTask(ConfigureTask.java:375)
at com.ibm.ws.management.application.SchedulerImpl.run(SchedulerImpl.java:315)
at java.lang.Thread.run(Thread.java:812)

[4/6/20 13:26:03:299 EDT] 000000ac SystemErr     R Stack trace of nested exception:
[4/6/20 13:26:03:299 EDT] 000000ac SystemErr     R org.eclipse.jst.j2ee.commonarchivecore.internal.exception.NoModuleFileException: A file does not exist for module element having uri: Stores.war
[4/6/20 13:26:03:299 EDT] 000000ac SystemErr     R at org.eclipse.jst.j2ee.commonarchivecore.internal.impl.ModuleRefImpl.checkType(ModuleRefImpl.java:591)
[4/6/20 13:26:03:299 EDT] 000000ac SystemErr     R at org.eclipse.jst.j2ee.commonarchivecore.internal.impl.ModuleRefImpl.initModuleFileFromEAR(ModuleRefImpl.java:167)
[4/6/20 13:26:03:299 EDT] 000000ac SystemErr     R at org.eclipse.jst.j2ee.commonarchivecore.internal.impl.ModuleRefImpl.getModuleFile(ModuleRefImpl.java:120)
[4/6/20 13:26:03:299 EDT] 000000ac SystemErr     R at org.eclipse.jst.j2ee.commonarchivecore.internal.impl.EARFileImpl.getModuleFile(EARFileImpl.java:175)
[4/6/20 13:26:03:314 EDT] 000000ac SystemErr     R at org.eclipse.jst.j2ee.commonarchivecore.internal.impl.EARFileImpl.getDeploymentDescriptor(EARFileImpl.java:851)
[4/6/20 13:26:03:314 EDT] 000000ac SystemErr     R at org.eclipse.jst.j2ee.commonarchivecore.internal.impl.ModuleRefImpl.getDeploymentDescriptor(ModuleRefImpl.java:230)
[4/6/20 13:26:03:314 EDT] 000000ac SystemErr     R at org.eclipse.jst.j2ee.commonarchivecore.internal.impl.ModuleRefImpl.getDeploymentDescriptor(ModuleRefImpl.java:223)
[4/6/20 13:26:03:314 EDT] 000000ac SystemErr     R at com.ibm.ws.management.application.task.ConfigureTask.getModuleNameFromModuleRef(ConfigureTask.java:2056)
[4/6/20 13:26:03:314 EDT] 000000ac SystemErr     R at com.ibm.ws.management.application.task.ConfigureTask.createMDsForModuleRefs(ConfigureTask.java:1258)
[4/6/20 13:26:03:314 EDT] 000000ac SystemErr     R at com.ibm.ws.management.application.task.ConfigureTask.createMDsIfNeeded(ConfigureTask.java:1095)
[4/6/20 13:26:03:314 EDT] 000000ac SystemErr     R at com.ibm.ws.management.application.task.ConfigureTask.reconcileModuleDeployment(ConfigureTask.java:994)
[4/6/20 13:26:03:314 EDT] 000000ac SystemErr     R at com.ibm.ws.management.application.task.ConfigureTask.performTask(ConfigureTask.java:375)
[4/6/20 13:26:03:314 EDT] 000000ac SystemErr     R at com.ibm.ws.management.application.SchedulerImpl.run(SchedulerImpl.java:315)
[4/6/20 13:26:03:314 EDT] 000000ac SystemErr     R at java.lang.Thread.run(Thread.java:812)
[4/6/20 13:26:37:750 EDT] 00000089 AppBinaryProc I   ADMA7021I: Distribution of application WC completed successfully.

Solution :
1. Right click on WC project and select properties --> Select Deployment Assembly

2. You may see Store is not there or may be there in both case remove Stores and re-add that
3.Select project

 4. select stores in project and finish.



Decrypt IBM WCS encrypted key

Decrypt IBM WCS encrypted key


package com.xyz.commerce.tools.devtools.flexflow.taglibs;

import com.ibm.commerce.ejb.helpers.nc_crypt;

public class TEST {
public static void main(String[] args) {

String merchantKey = nc_crypt.decrypt(
"ldbrNlajddp8od+xZpJDiK/DbuVqOEE+", null);

System.out.println("merchantKey         " + merchantKey);

String keyToDecrypt = "gpJMgIorXCz/1yTeFHiEcDPWJYv7NmRQ";
System.out.println("Decrypted String : "
+ nc_crypt.decrypt(keyToDecrypt , merchantKey ));

}
}

Wednesday, March 11, 2020

DB2 connection problem in WebSphere

DB2 connection problem in WebSphere

I am getting below issue while server startup.

DSConfigHelpe W   DSRA8200W: DataSource Configuration: DSRA8020E: Warning: The property 'connectionAttribute' does not exist on the DataSource class com.ibm.db2.jcc.DB2ConnectionPoolDataSource.

com.ibm.commerce.wc.appmanagement.exception.WCAppManagementException: com.ibm.websphere.ce.cm.StaleConnectionException: [jcc][t4][10380][11951][4.19.66] Required property "mydbhost.com" is unknown host. ERRORCODE=-4222, SQLSTATE=08001 DSRA0010E: SQL State = 08001, Error Code = -4,222



Solution : Please check hostname used in resources.xml and wc-server.xml files are correct. 
WCDE_V9\workspace\WC\META-INF\ibmconfig\cells\defaultCell\applications\defaultApp\deployments\defaultApp\resources.xml

<resourceProperties description="The name of the server, used with thin driver setup" name="serverName" required="false" type="java.lang.String" value="mydbhost.com" xmi:id="J2EEResourceProperty_1123801797694"/>

After updating value, Please restart server.