Home
User Guide
The information contained in this section applies to WebSphere Commerce Version 8. The documentation also applies to all subsequent releases and modifications until otherwise indicated in a newer section.WebSphere Commerce is a single, unified e-commerce platform that offers the ability to do business directly with consumers (B2C), directly with businesses (B2B), and indirectly through channel partners (indirect business models). WebSphere Commerce is designed to be a customizable, scalable, and high availability solution that is built to leverage open standards. It provides easy-to-use tools for business users to centrally manage a cross-channel strategy. Business users can create and manage precision marketing campaigns, promotions, catalog, and merchandising across all sales channels.
Developing
The topics in the Developing section describe tasks performed by an application developer.
Web services and WebSphere Commerce
A web service is an interface that describes a collection of operations that are accessible through the network by using standardized XML messaging.
WebSphere Commerce foundation tag library
The WebSphere Commerce foundation JSTL tag library is a collection of custom tags that are provided to you to support the authoring of WebSphere Commerce JSP files. WebSphere Commerce stater stores use the JavaServer Pages Standard Tag Library (JSTL) to perform logic, instead of Java code. At the same time, business logic is moved into data beans. The combination of these steps allows for less Java code in a JSP page.
Tag: out
The wcf:out tag is used to display the output to the user. This tag provides an option to use an encoding library to encode the output value, protecting against possible cross-site scripting attacks.

User Guide
The information contained in this section applies to WebSphere Commerce Version 8. The documentation also applies to all subsequent releases and modifications until otherwise indicated in a newer section.WebSphere Commerce is a single, unified e-commerce platform that offers the ability to do business directly with consumers (B2C), directly with businesses (B2B), and indirectly through channel partners (indirect business models). WebSphere Commerce is designed to be a customizable, scalable, and high availability solution that is built to leverage open standards. It provides easy-to-use tools for business users to centrally manage a cross-channel strategy. Business users can create and manage precision marketing campaigns, promotions, catalog, and merchandising across all sales channels.
- Planning
  Creating a custom implementation of a WebSphere Commerce store requires a significant amount of planning. From gathering client needs, to deploying the live solution, much work is needed to successfully deploy a custom client store. Use the resources in here to help you plan every phase of store creation.
- Installing
  Review the following sections for information about installing the WebSphere Commerce product, associated maintenance, and WebSphere Commerce enhancements.
- Migrating
  Before you migrate to WebSphere Commerce Version 8.0, review this information to help plan and execute your migration.
- Deploying
  The topics in this section describe how to publish stores to either a test or production environment, and how to deploy customized code.
- Operating
- Integrating
  Topics in the Integrating category highlight the tasks that are commonly performed for using WebSphere Commerce in combination with other products.
- Administering
- Tutorials
  WebSphere Commerce provides many tutorials to help you customize and understand your WebSphere Commerce instance and stores.
- Samples
- Developing
  The topics in the Developing section describe tasks performed by an application developer.
  - Functional architecture
    Functional architecture provides both the set of patterns used to implement the business functionality and the frameworks in which these business functions execute.
  - Persistent object model
    WebSphere Commerce deals with a large amount of persistent data. There are numerous tables defined in the current database schema. Even with this extensive schema, however, you might need to extend or customize the database schema for your particular business needs.
  - Presentation layer
    WebSphere Commerce uses Java Server Pages (JSP) to implement the view layer of the Model-View-Controller (MVC) design pattern. The view layer is in charge of retrieving data from the database through the use of data beans and formatting it to meet the display requirements. The view layers determines whether the request is sent to a browser or streamed out as XML. JSP files present a clean separation between data content and presentation.
  - Controller layer
    The Controller layer is the conductor of operations for a request. It controls the transaction scope and manages the session related information for the request. The controller first dispatches to a command and then calls the appropriate view processing logic to render the response.
  - Business logic layer
    The business logic layer is the business components that provide OAGIS services to return data or start business processes. The presentation layer uses these OAGIS services to display data, or to invoke a business process. The business logic provides data required by the presentation layer. The business logic layer exists because more than just fetching and updating data is required by an application; there is also additional business logic independent of the presentation layer.
  - Persistence layer
    The interaction between the business objects and persistence layer is isolated in an object called the Business Object Mediator. Business object document (BOD) commands interact with the Business Object Mediator to handle the interaction with the logical objects and how they are persisted.
  - Business model information model
    A business model, a representation of the business processes used throughout the site, provides a sample commerce solution which includes an organization structure, default user roles and access control policies, one or more starter stores, administration tools, and business processes that demonstrate best practices. A business model can be customized to support business requirements and scenarios. WebSphere Commerce provides sample business models that show some common commerce solutions. These business models are created by setting up an organization hierarchy structure, access control policies, stores, and contracts that help satisfy the necessary business requirements.
  - Business models
    Before starting to develop your site with WebSphere Commerce, you need to determine the business model supported by WebSphere Commerce that best represents the purpose of your site. Usually sites created with WebSphere Commerce will be implemented based on of one of these business models.
  - Store data information model
    Store data is the information that is loaded into the WebSphere Commerce Server database, which allows your store to function. The URL Registry Entries and View Registry Entries packages are included in the diagram, but they are not database assets. These entries are presentation configuration (that is, struts actions and forwards) that must be deployed. URL registry entries are shown in the diagram to illustrate the entire store data information model. To operate properly, a store must have the data in place to support all customer activities. For example, in order for a customer to make a purchase, your store must contain a catalog of goods for sale (catalog data), the data associated with processing orders (tax and shipping data), and the inventory to fulfill the request (inventory and fulfillment data).
  - Customizing WebSphere Commerce
    You can extend the WebSphere Commerce product to fit your business needs. This topic describes the prerequisite skills and required knowledge that you need to customize business logic. After you have the required knowledge, use WebSphere Commerce Developer to take tutorials that guide you step-by-step through various customization scenarios.
  - WebSphere Commerce development environment
    WebSphere Commerce Developer is the development toolkit for customizing a WebSphere Commerce application.
  - Web services and WebSphere Commerce
    A web service is an interface that describes a collection of operations that are accessible through the network by using standardized XML messaging.
    - Working with WebSphere Commerce SOI services
      Working with WebSphere Commerce services involves developing client libraries, new commands, and business logic. The Java Emitter Template (JET) is documented to assist you with these tasks.
    - Creating WebSphere Commerce services
      Creating WebSphere Commerce services involves setting up the development environment, creating and extending client libraries, and setting an EMF genmodel. The Java Emitter Template (JET) is provided and documented to assist you with these tasks.
    - WebSphere Commerce BOD command framework
      Starting in WebSphere Commerce Version 6 Feature Pack 3.0.1, WebSphere Commerce introduces the Business Object Document (BOD) command framework. The BOD command framework is a command framework for the business logic layer, used in WebSphere Commerce Version 6 Feature Pack 3.0.1 and WebSphere Commerce Version 7. The concept of a BOD has been used in prior versions of WebSphere Commerce, but in WebSphere Commerce Version 6 Feature Pack 3.0.1, WebSphere Commerce Version 7, and WebSphere Commerce Version 8, the entire command framework is tailored to using BODs.
    - Developing the business logic layer using the BOD command framework
      Business layer can be designed and programmed using the BOD programming model introduced in WebSphere Commerce Version 6 Feature Pack 3.0.1. This command framework revolves around using Business Object Documents, and the Java representation of those objects, logical service data objects.
    - WebSphere Commerce BOD command framework
      Starting in WebSphere Commerce Version 6 Feature Pack 3.0.1, WebSphere Commerce introduces the Business Object Document (BOD) command framework. The BOD command framework is a command framework for the business logic layer, used in WebSphere Commerce Version 6 Feature Pack 3.0.1 and WebSphere Commerce Version 7. The concept of a BOD has been used in prior versions of WebSphere Commerce, but in WebSphere Commerce Version 6 Feature Pack 3.0.1, WebSphere Commerce Version 7, and WebSphere Commerce Version 8, the entire command framework is tailored to using BODs.
    - Data service layer
      The data service layer (DSL) provides an abstraction layer for data access that is independent of the physical schema.
    - Using the data service layer
      You can customize the data service layer to create and modify schemas and queries.
    - WebSphere Commerce use of Open Applications Group (OAGIS) messaging
      WebSphere Commerce service interfaces are defined using the OAGIS message structure, from The Open Applications Group.
    - WebSphere Commerce Web services with JSP pages
      A Web service is an interface that describes a collection of operations that are accessible through the network by using standardized XML messaging. A Web service is described using a standard, formal XML notation, called a service description. The service description includes all the details necessary to interact with the service, including its message formats (that detail the operations), transport protocols, and location. The interface hides the implementation details of the service, allowing it to be used independently of the hardware or software platform on which it is implemented and also independently of the programming language in which it is written. The foundation for Web services are standards such as simple object access protocol (SOAP), the Web Services Description Language (WSDL), and the Universal Description, Discovery, and Integration (UDDI) registry.
    - WebSphere Commerce foundation tag library
      The WebSphere Commerce foundation JSTL tag library is a collection of custom tags that are provided to you to support the authoring of WebSphere Commerce JSP files. WebSphere Commerce stater stores use the JavaServer Pages Standard Tag Library (JSTL) to perform logic, instead of Java code. At the same time, business logic is moved into data beans. The combination of these steps allows for less Java code in a JSP page.
      - Tag: cdata
        The wcf:cdata tag sets the specified data in XML format within a CDATA section and encodes the string that ends a CDATA section to avoid nested CDATA sections.
      - Tag: contextData
        The wcf:contextData tag sets a business context data value for a WebSphere Commerce service request. The business context data values specified with the wcf:contextData tag are appended to any business context values that are associated with the current session. The new business context values are in effect only for the current WebSphere Commerce service request. The values do not persist into the session. Use this tag only as a subtag of the wcf:getData tag.
      - Deprecated feature: Tag: declareService
        The wcf:declareService tag adds client-side support for invoking a service request. The ID is used to register the specified service so it can be invoked with the wc.service.invoke(serviceId, parameters) function. The parameters parameter is an object map that is passed as parameters to the service URL.
      - Deprecated feature: Tag: declareRenderContext
        The wcf:declareRenderContext tag adds the client-side render context support to the current page. The ID passed to this tag is used to identify the render context. If this tag is already called for this request and ID, then no further call is made.
      - Deprecated feature: Tag: declareRefreshController
        The wcf:declareRefreshController tag declares a refresh area controller. The refresh area controller provides the JavaScript logic that listens to changes in the render context and the model. It refreshes the refresh areas that are registered to the controller. Refresh areas are declared using the wc.widget.RefreshArea widget and by specifying the ID of a declared refresh controller for the controllerId attribute.
      - Tag: defineObjects
        The wcf:defineObjects tag defines the renderContext and businessContext objects in a JSP page. The renderContext object maps render context name and values to single value render context string values. The businessContext object maps business context data names to the current value for the names.
      - Tag: eMarketingSpotCache
        You can include the wcf:eMarketingSpotCache tag within an e-Marketing Spot JSP fragment to indicate that the JSP fragment is to be dynamically cached. This tag dynamically sets dependency IDs for e-Marketing Spot cache entries.
      - Tag: getData
        The wcf:getData tag retrieves data objects from a WebSphere Commerce service. The wcf:param tag and the wcf:contextData tags are subtags of the wcf:getData tag.
      - Tag: json
        The wcf:json tag converts a specified Java object to JavaScript Object Notation (JSON).
      - Tag: metadata
        The wcf:metadata tag retrieves metadata information that can be returned in response to a Get BOD request that is used for authoring. For example, workspaces in Management Center.
      - Tag: param
        The wcf:param tag adds a named parameter value to the parent tag. The wcf:param tag can be specified as a subtag of the wcf:getData tag.
      - Tag: rest
        The wcf:rest tag sends REST requests.
      - Tag: set
        The wcf:set tag adds values into an object, such as Collections or Maps, that is created with the wcf:useBean tag.
      - Tag: out
        The wcf:out tag is used to display the output to the user. This tag provides an option to use an encoding library to encode the output value, protecting against possible cross-site scripting attacks.
      - Tag: url
        The wcf:url tag builds a URL and applies the appropriate WebSphere Commerce supported rewriting rules.
      - Tag: useBean
        The wcf:useBean tag creates a list or map object.
    - Workspaces support for BOD service modules
      There are two user interfaces that use workspaces in WebSphere Commerce, WebSphere Commerce Accelerator, and Management Center. The Management Center uses Get services from BOD service modules to retrieve many of its business objects, and along with the business objects, change control metadata is also included in the response. The change control metadata is returned to the Management Center, where it is used to determine whether the object can be modified by the current user.
    - Representational State Transfer (REST) services
      WebSphere Commerce uses Representational State Transfer (REST) services to provide a framework that can be used to develop RESTful applications on several platforms. These platforms can include web, mobile, kiosks, and social applications.
    - Location-based services
      WebSphere Commerce uses location-based services to target customers using Global Positioning System (GPS)-enabled mobile devices.
  - WebSphere Commerce Search
    WebSphere Commerce comes with a powerful and fully integrated search function. The search functions in WebSphere Commerce provide an enriched customer experience, with features such as automatic search term suggestions and spelling correction. Since it is built on open standards, WebSphere Commerce Search is highly flexible and extensible. Starter stores can use the search engine's most sophisticated features without requiring extra customization. A key feature of Search is that sales personnel can create and manage search term associations, and search-based merchandising rules, from within the Management Center and Store view.
- Compliance
  The following section describes how you can leverage WebSphere Commerce features and functionality to help your site be compliant with different privacy and security standards.
- Securing
  These topics describe the security features of WebSphere Commerce and how to configure these features.
- Performance
- Troubleshooting

Tag: out

The wcf:out tag is used to display the output to the user. This tag provides an option to use an encoding library to encode the output value, protecting against possible cross-site scripting attacks.

The implementation of the wcf:out tag checks for the <XSiteScriptingProtection enable="true"/> attribute in the wc-server.xml file. If the enable attribute is set to true, wcf:out checks whether an encoding library can be used for encoding the output value.

The wcf:out tag reads an XSiteEncoding.properties file to decide on the following properties:

The encoder class to use.
The encoder instance method to use.
The encoder methods for each of the escape formats.

Beginning in Fix Pack 6, the XSiteEncoding.properties file is provided in the WC_eardir/properties directory. By default, the file uses the following encoding class that handles JavaScript encoding: com.ibm.commerce.foundation.internal.client.taglib.util.XSiteEncoder. To see how the encoding class can be changed by using the OWASP ESAPI library, see the example in the Example section.

Tag information
Tag information
Body Content	empty

Attributes

Attributes
Attribute	Required	Request-time	Type	Description
`value`	`true`	`true`	`java.lang.String`	That value that displays to the user.
`escape`	`false`	`true`	`java.lang.String`	A flag that indicates whether the value is to be escaped or not.
`escapeFormat`	`false`	`true`	`java.lang.String`	The escape format to use. The default value is `xml`. Other possible values are `html`, `js`, and `url`.

Variables

No variables are defined for the wcf:out tag.

Example

The following example is a snippet of a XSiteEncoding.properties file that uses the OWASP ESAPI library for encoding:

#Begin XSiteEncoding.properties
#This file sets the encoder properties defined corresponding to OWASP library.

#The encoder class 
EncoderClass=org.owasp.esapi.ESAPI

#The static instance method which returns the instance of the Encoder.
EncoderInstanceMethod=encoder

#The escape formats and their corresponding method in the Encoder instance.
js=encodeForJavaScript
html=encodeForHTML
xml=encodeForXML
url=encodeForURL

#End XSiteEncoding.properties