Store server configuration file (wc-store.xml)
<WebModule>
<Module contextPath="/webapp/remote/stores"
name="Stores"
urlMappingPath="/servlet" webAlias="/wcsstore">
<InitParameters SSLPort = "8443" NonSSLPort="8080"/>
<URLRedirectFilter enable="false"/>
<WhiteListProtection enable="true"/>
</Module>
<Module contextPath="/webapp/remote/ibmstores"
name="IBMStores"
urlMappingPath="/servlet" webAlias="/ibmstorealias">
<URLRedirectFilter enable="false"/>
<WhiteListProtection enable="true"/>
</Module>
<Module contextPath="/webapp/remote/preview"
name="Preview"
urlMappingPath="/servlet" webAlias="/webapp/remote/preview"/>
</WebModule>
WebModule
section defines the mapping between the file
system context path and the WebSphere Application Server web path for the Store server. Each definition includes URL redirect filtering and cross-site
scripting protection settings. For more information about URL redirect filtering and
cross-site scripting protection, see the following HCL Commerce Version 9 documentation:<Instance
DefaultLang="-1"
StoreWebModuleName="Stores"
enableHystrix="true"
enableDialogMarketing="false"
EnableDoubleClickHandler="true"/>
Instance
section of
the Store server configuration file defines specific functions that
are applied to the Store server
WebSphere Application Server instance.- enableDialogMarketing is the only customizable configuration option that is unique to HCL Commerce on Cloud. This feature is disabled by default. When enabled, marketing events are triggered through the web channel. This feature enables the marketing system on the Transaction server to evaluate user behavior based on marketing rules.
- For more information about double-click handling, see Double-click handling in the HCL Commerce Version 9 documentation.
<WhiteListProtection enabled="true" name="WhiteListProtection" display="false">
<param name="storeId" regex="[-]?[0-9]*"/>
<param name="langId" regex="[-]?[0-9]*"/>
<param name="catalogId" regex="[-]?[0-9]*"/>
...
</WhiteListProtection>
The WhiteListProtection
section
defines the acceptable values for parameters that are passed to the Store server through URLs.
For more information about white list data validation, see Enabling WhiteList data validation in the HCL Commerce Version 9 documentation.
<XSiteScriptingProtection display="false" enabled="true" name="Cross Site Scripting Protection">
<ProhibitedAttrs display="false">
<Attribute display="false" regex=".*((%(25)+)|%)*((3C)|<)[\s]*+script.*"/>
</ProhibitedAttrs>
<ProhibitedChars display="false">
<Character display="false" name="<SCRIPT"/>
<Character display="false" name="<%"/>
<Character display="false" name="&lt;%"/>
...
</ProhibitedChars>
<ProhibCharEncoding display="false"/>
</XSiteScriptingProtection>
The cross-site scripting protection section defines the global Store server rule-based filter that rejects user requests that do not
conform to it. The filter is applied to each web module that has the
WhiteListProtection
enable flag set to true.
For more information about cross-site scripting protection, see Double-click handling in the HCL Commerce Version 9 documentation.
<Components>
<component
compClassName="com.ibm.commerce.component.datatype.UrlMapperConfig"
enable="true" name="UrlMapperConfig">
<property UrlMapperFile="mapper/SEOUrlMapper.xml" display="false"/>
</component>
<component
compClassName="com.ibm.commerce.dynacache.filter.StoreCacheFilterAttributeMapHelper"
enable="true" name="DynaCacheFilterMappings">
<property display="false" refreshInterval="300000">
<map
className="com.ibm.commerce.store.context.CommandContext"
display="false" dynacacheAttributeName="DC_storeId"
methodName="getStoreId" name="getStoreId"/>
<map
className="com.ibm.commerce.store.context.CommandContext"
display="false" dynacacheAttributeName="DC_userId"
methodName="getCallerId" name="getCallerId"/>
<map
className="com.ibm.commerce.store.context.CommandContext"
display="false" dynacacheAttributeName="DC_lang"
methodName="getLanguageId" name="getLanguageId"/>
...
</property>
</component>
<component
compClassName="com.ibm.commerce.dynacache.filter.StoreEdgeCacheCookieHelper"
enable="false" name="DynaCacheCookie">
<property CookieDomain="" CookiePath="/"
MutipleStores="true" Timeout="3600" display="false">
<ec name="currencyId" value="true"/>
<ec name="languageId" value="true"/>
<ec name="parentOrg" value="true"/>
...
</property>
</component>
</Components>
The components section defines the WebSphere Application Server DynaCache settings for the Store server. Custom component classes are not supported. However, existing components can be modified.
- For information about edge caching, see Edge caching.
- For information about creating custom request attributes for servlet caching, see Custom request attributes for servlet caching in the HCL Commerce Version 9 documentation.
<NonEncryptedParameters display="false">
<Parameter name="storeId"/>
<Parameter name="langId"/>
<Parameter name="catalogId"/>
...
</NonEncryptedParameters>
The NonEncryptedParameters
section defines the URL parameters
that are left decrypted for caching purposes. For more information about allowing access to
parameters, see Allowing access to encrypted parameters in the HCL Commerce Version 9
documentation.
<SEOConfiguration defaultUrl="" dynamicUrl="true" enable="true">
<mapper-class-name value="com.ibm.commerce.component.seo.SEOURLMapperImpl"/>
</SEOConfiguration>
The SEOConfiguration
section defines the SEO configuration
settings for the Store server. A custom mapper class is not
supported.
For more information about how store universal resource links (URLs) are constructed, see Tag: url in the HCL Commerce Version 9 documentation.
<DoubleClickMonitoredCommands display="false">
<excludeCommands>
<command name="StoreCatalogDisplay"/>
<command name="TopCategoriesDisplay"/>
<command name="CategoryDisplay"/>
...
</excludeCommands>
</DoubleClickMonitoredCommands>
The DoubleClickMonitoredCommands
section defines which URL
requests are subject or not subject to double-click handling. For more information about
configuring double-click handling, see Configuring double-click handling in the
HCL Commerce Version 9
documentation.
<SessionManagement>
<cookie httponly="true",
secure="true" />
</SessionManagement>
The SessionManagement
section defines
how user sessions are managed. Session cookies are set to secure by default. If the secure
attribute is not specified, then the default value of true is
assumed.