Spring MVC and store controller customization
The model-view-controller (MVC) framework that is used for the store is Spring. Spring is popular, supported, and easy to adopt by developers with previous Struts and HCL Commerce experience. The following information details the store Spring MVC implementation, and details on how to customize actions and views. After customizations are made, respective modifications need to be made to the REST template configurations.
For more information about the Spring framework and its API, see:
- RESTActionController
- This component is the core framework controller, which manages the core functions of loading the services and framework configuration, validation of requests and mapping the requests with configured REST actions and runs the actions. Handles traditional page requests. In the store separated environment, it calls the backend REST service to interact with the transaction server to run business logic.
- AjaxRESTActionController
- Handles Ajax requests. In the store separation environment, it also calls the backend REST service.
- ViewController
- The controller for the page view. It does not run REST actions according to the REST templates.
Store MVC customization
Since most business logic is handled by the transaction server through REST, extension of methods within the RESTActionController class allows for information to be properly handled and passed on by the store server.
- Resolves the input parameter which includes decryption of the krypto parameter, and parameter validations.
- Converts the input parameter into the REST URL and the JSON string by using the REST template.
- Calls the REST API with that REST URL and JSON string.
- Processes the response of the REST API, and return to the appropriate view.
Action controllers
Each default action controller is of class RESTActionController or its extension (such as LogonController), and each action calls one REST service for processing business logic.
- https
- Specifies whether the request needs HTTPS redirection when it is sent in HTTP. The value of
1
indicates that the request was expected to be received on a secure channel (HTTPS) and a redirect to the SSL port is issued if it is received on an insecure channel (HTTP). - credentialsAcceped
- Specifies whether the request allows partial credential. A value of
P
indicates that partially authenticated users are entitled to access this resource. Partially authenticated users are those users that are logged off, but in a remembered user state. That is, when rememberMe is set totrue
for the Logoff command. - generic
- Specifies whether the request allows generic users to call it. A value of
1
indicates that the request allows generic execution and a guest user does not get created. - authenticate
- Specifies whether the request can only be called by registered users. A value of
1
indicates that user logon is required for this URI. Only non-guest, non-generic users are allowed to access pages with this property set to1
. - csrfProtected
- Specifies whether the request is CSRF protected. A value of
1
indicates enabling cross-site request forgery protection for this request. - parameter
- The name of the REST service to call. The corresponding REST services are defined in the REST templates, located in workspace_dir/crs-web/WebContent/WEB-INF/xml/config/com.ibm.commerce.component_name/rest-template-config.xml.
View controllers
- https
- Whether the request needs HTTPS redirection when it is sent in HTTP. The value of
1
indicates that the request was expected to be received on a secure channel (HTTPS) and a redirect to the SSL port is issued if it is received on an insecure channel (HTTP). - credentialsAcceped
- Specifies whether the request allows partial credential. A value of
P
indicates that partially authenticated users are entitled to access this resource. Partially authenticated users are those users that are logged off, but in a remembered user state. That is, when rememberMe is set totrue
for the Logoff command. - generic
- Specifies whether the request allows generic users to call it. A value of
0
indicates that the request does not allow generic execution and a guest user is created automatically when the request is sent in generic. - authenticate
- Specifies whether the request can only be called by registered users. A value of
1
indicates that user logon is required for this URI. Only non-guest, non-generic users are allowed to access pages with this property set to1
. - csrfProtected
- Specifies whether the request is CSRF protected. A value of
1
indicates enabling cross-site request forgery protection for this request. - storeDir
- Specifies whether the forward location should be appended after the store-specific directory.
The value
no
indicates that this URL is relative to the store directory. All other values, or if left unspecified, means that the URL path is relative to the root JavaServer Page file (JSP file) directory. - skipAccessControlCheck
- Specifies whether this view is checked against the view access control policies that are
configured in the database. A value of
1
means that access control is not checked for this view. This option is provided by customers for adding new views. By default, views are checked for their access control. To load access control policies into the database for new views, see Loading access control policy data. - targetServletName
- The target servlet name for the JavaServer Page (JSP). This property is used for locating views across different web archives (WAR).