堆栈内存溢出
  简体   繁体   English

防止IBM Commerce Server 6中的URL参数加密(加密)

[英]Prevent Encryption (Krypto) Of Url Paramaters in IBM Commerce Server 6

 原文  2009-08-19 16:08:09       java/ commerceserver

问题描述

Hi we are using IBM Commerce Sever Moving from one view to another using via code like below. 嗨,我们正在使用IBM Commerce Sever通过如下代码通过一个视图移动到另一个视图。 

protected void prepareResponse(){
...
String returnUrl = "www.example.com/aNewPage.jsp?aUrlParameter=123&anotherParameter=654"
...
StringBuffer sb = new StringBuffer(returnUrl);
sb.append("&storeId=").append(commandContext.getStoreId());
sb.append("&langId=-1");
responseProperties.put(ECConstants.EC_REDIRECTURL, sb.toString());
responseProperties.put(ECConstants.EC_VIEWTASKNAME, ECConstants.EC_GENERIC_REDIRECTVIEW);
}

The url we are ending up at is www.example.com/aNewPage.jsp?krypto=ABCDF0LotsOfRandomCharacters unfortunitly due to 3rd party intergration we have javascript looking for the unencryptped form of the url parameters and of couse it cannot decrypt the krypto parameter. 我们最终到达的url是www.example.com/aNewPage.jsp?krypto=ABCDF0LotsOfRandomCharacters,由于第三者的集成,很遗憾,我们的javascript正在寻找url参数的未加密形式,因此无法解密krypto参数。

This behavour is as per the documentation : 这种行为是根据文档 

\nFlattening input parameters into a query string for HttpRedirectView 将输入参数展平为HttpRedirectView的查询字符串\n\nAll input parameters that are passed to a redirect view command are flattened 展平传递给重定向视图命令的所有输入参数\ninto a query string for URL redirection. 到用于URL重定向的查询字符串中。 For example, suppose that the input 例如,假设输入\nto the redirect view command contains the following properties: 重定向视图命令包含以下属性:\nURL = "MyView?p1=v1&p2=v2"; URL =“ MyView?p1 = v1&p2 = v2”;\nip1 = "iv1"; ip1 =“ iv1”; // input to orginal controller command //输入到原始控制器命令\nip2 = "iv2" ; ip2 =“ iv2”; // input to original controller command //输入原始控制器命令\nop1 = "ov1"; op1 =“ ov1”;\nop2 = "ov2"; op2 =“ ov2”;\nBased upon the preceding input parameters, the final URL is 根据前面的输入参数,最终URL为\nMyView?p1=v1&p2=v2&ip1=iv1&ip2=iv2&op1=ov1&op2=ov2 MyView?p1 = v1&p2 = v2&ip1 = iv1&ip2 = iv2&op1 = ov1&op2 = ov2\nNote that if the command is to use SSL, then the parameters are encrypted 请注意,如果该命令使用SSL,则参数将被加密\nand the final URL appears as 最终网址显示为\nMyView?krypto=encrypted_value_of“p1=v1&p2=v2&ip1=iv1&ip2=iv2&op1=ov1&op2=ov2” MyView?krypto = encrypted_value_of“ p1 = v1&p2 = v2&ip1 = iv1&ip2 = iv2&op1 = ov1&op2 = ov2”\n

Now the question: How do I prevent these url parameters being encrypted? 现在的问题是:如何防止这些url参数被加密?

1 个解决方案

解决方案1
 0 已采纳  2009-08-20 09:00:18

The parameters that are encryted are controled by the NonEncryptedParameters node in wc-server.xml. 加密的参数由wc-server.xml中的NonEncryptedParameters节点控制。 Adding the url parameters you want to stay in clear text to that node mean they don't get encrypted. 将要保留为纯文本格式的url参数添加到该节点意味着它们不会被加密。 

<NonEncryptedParameters display="false">
    <Parameter name="storeId"/>
    <Parameter name="langId"/>
    <Parameter name="catalogId"/>
    <Parameter name="categoryId"/>
    <Parameter name="productId"/>
</NonEncryptedParameters>

I found the answer on IBM's Forum and a link detaling the use of the NonEncryptedParameters Node which talks about doing this for cache purposes. 我在IBM论坛上找到了答案,并详细说明了使用NonEncryptedParameters节点的链接,该节点讨论了出于缓存目的执行此操作。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 在 IBM Liberty 服务器中的 web 应用程序中解码 AES 加密 - Decode AES encryption in web application in IBM Liberty server doPost是否对URL及其外部附加的参数进行加密 - Does doPost encrypts URL and its externally appended paramaters HttpServletRequest-编码URL和隐藏字段参数的快速方法 - HttpServletRequest - Quick way to encode url and hidden field paramaters 在ibm Commerce中,用户可以在订单中拥有的最大商品数是多少 - is there a maximum number of items a user can have in an order in ibm commerce URL 标识符的加密算法 - Encryption algorithm for URL Identifiers 如何删除 SAP Commerce / Hybris 中的 url 属性? - How to remove url properties in SAP Commerce / Hybris? 如何在返回 S3ObjectSummary 的同时获取对象 URL 和服务器端加密 - how to get Object URL and Server-side encryption while returning S3ObjectSummary 服务器到服务器与IBM SBT的通信 - Server to Server communication with IBM SBT 如何在Websphere Commerce bean中获取Url参数? - How to get Url Parameter in websphere commerce bean? Java(Struts2)中的网址加密 - Url Encryption in java(Struts2)
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM