stackoom
  简体   繁体   中英

Prevent Encryption (Krypto) Of Url Paramaters in IBM Commerce Server 6

 原文  2009-08-19 16:08:09       java/ commerceserver

Question

Hi we are using IBM Commerce Sever Moving from one view to another using via code like below. 

protected void prepareResponse(){
...
String returnUrl = "www.example.com/aNewPage.jsp?aUrlParameter=123&anotherParameter=654"
...
StringBuffer sb = new StringBuffer(returnUrl);
sb.append("&storeId=").append(commandContext.getStoreId());
sb.append("&langId=-1");
responseProperties.put(ECConstants.EC_REDIRECTURL, sb.toString());
responseProperties.put(ECConstants.EC_VIEWTASKNAME, ECConstants.EC_GENERIC_REDIRECTVIEW);
}

The url we are ending up at is www.example.com/aNewPage.jsp?krypto=ABCDF0LotsOfRandomCharacters unfortunitly due to 3rd party intergration we have javascript looking for the unencryptped form of the url parameters and of couse it cannot decrypt the krypto parameter.

This behavour is as per the documentation : 

\nFlattening input parameters into a query string for HttpRedirectView \n\nAll input parameters that are passed to a redirect view command are flattened \ninto a query string for URL redirection.  For example, suppose that the input \nto the redirect view command contains the following properties: \nURL = "MyView?p1=v1&p2=v2"; \nip1 = "iv1";  // input to orginal controller command \nip2 = "iv2" ;  // input to original controller command \nop1 = "ov1"; \nop2 = "ov2"; \nBased upon the preceding input parameters, the final URL is \nMyView?p1=v1&p2=v2&ip1=iv1&ip2=iv2&op1=ov1&op2=ov2 \nNote that if the command is to use SSL, then the parameters are encrypted \nand the final URL appears as \nMyView?krypto=encrypted_value_of“p1=v1&p2=v2&ip1=iv1&ip2=iv2&op1=ov1&op2=ov2” \n

Now the question: How do I prevent these url parameters being encrypted?

1 answers

solution1
 0 ACCPTED  2009-08-20 09:00:18

The parameters that are encryted are controled by the NonEncryptedParameters node in wc-server.xml. Adding the url parameters you want to stay in clear text to that node mean they don't get encrypted. 

<NonEncryptedParameters display="false">
    <Parameter name="storeId"/>
    <Parameter name="langId"/>
    <Parameter name="catalogId"/>
    <Parameter name="categoryId"/>
    <Parameter name="productId"/>
</NonEncryptedParameters>

I found the answer on IBM's Forum and a link detaling the use of the NonEncryptedParameters Node which talks about doing this for cache purposes.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Decode AES encryption in web application in IBM Liberty server Does doPost encrypts URL and its externally appended paramaters HttpServletRequest - Quick way to encode url and hidden field paramaters is there a maximum number of items a user can have in an order in ibm commerce Encryption algorithm for URL Identifiers How to remove url properties in SAP Commerce / Hybris? how to get Object URL and Server-side encryption while returning S3ObjectSummary Server to Server communication with IBM SBT How to get Url Parameter in websphere commerce bean? Url Encryption in java(Struts2)
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM