Store server configuration file (wc-store.xml)

The main Store server configuration file is wc-store.xml, located within the crs.ear/xml/config/ directory. Extend this configuration to modify the default behavior of the Store server.To extend this file, place a copy of it within the crs-web.war/WEB-INF/xml/config/ directory, and change its file name to use to -ext file naming convention.
The following code samples are the default sample sections from the wc-store.xml file. Only customizable sections are described. Each sample includes details about the section and provides context for how to update them.
<WebModule>
	<Module contextPath="/webapp/remote/stores"
		name="Stores"
		urlMappingPath="/servlet" webAlias="/wcsstore"> 
                    <InitParameters SSLPort = "8443" NonSSLPort="8080"/>
			<URLRedirectFilter enable="false"/>
			<WhiteListProtection enable="true"/>
	</Module>
	<Module contextPath="/webapp/remote/ibmstores"
		name="IBMStores"
		urlMappingPath="/servlet" webAlias="/ibmstorealias">
			<URLRedirectFilter enable="false"/>
			<WhiteListProtection enable="true"/>
	</Module>
	<Module contextPath="/webapp/remote/preview"
		name="Preview" 
		urlMappingPath="/servlet" webAlias="/webapp/remote/preview"/>
</WebModule>
The WebModule section defines the mapping between the file system context path and the WebSphere Application Server web path for the Store server. Each definition includes URL redirect filtering and cross-site scripting protection settings. For more information about URL redirect filtering and cross-site scripting protection, see the following HCL Commerce Version 9 documentation:
<Instance
  DefaultLang="-1"
  StoreWebModuleName="Stores"
  enableHystrix="true" 
  enableDialogMarketing="false"
  EnableDoubleClickHandler="true"/>
The Instance section of the Store server configuration file defines specific functions that are applied to the Store server WebSphere Application Server instance.
  • enableDialogMarketing is the only customizable configuration option that is unique to HCL Commerce on Cloud. This feature is disabled by default. When enabled, marketing events are triggered through the web channel. This feature enables the marketing system on the Transaction server to evaluate user behavior based on marketing rules.
  • For more information about double-click handling, see Double-click handling in the HCL Commerce Version 9 documentation.
<WhiteListProtection enabled="true" name="WhiteListProtection" display="false">
	<param name="storeId" regex="[-]?[0-9]*"/>
	<param name="langId" regex="[-]?[0-9]*"/>
	<param name="catalogId" regex="[-]?[0-9]*"/>
	...
</WhiteListProtection>

The WhiteListProtection section defines the acceptable values for parameters that are passed to the Store server through URLs.

For more information about white list data validation, see Enabling WhiteList data validation in the HCL Commerce Version 9 documentation.

<XSiteScriptingProtection display="false" enabled="true" name="Cross Site Scripting Protection">
		<ProhibitedAttrs display="false">
			<Attribute display="false" regex=".*((%(25)+)|%)*((3C)|&lt;)[\s]*+script.*"/>
		</ProhibitedAttrs>
		<ProhibitedChars display="false">
			<Character display="false" name="&lt;SCRIPT"/>
			<Character display="false" name="&lt;%"/>
			<Character display="false" name="&amp;lt;%"/>
			...
		</ProhibitedChars>
		<ProhibCharEncoding display="false"/>
</XSiteScriptingProtection>

The cross-site scripting protection section defines the global Store server rule-based filter that rejects user requests that do not conform to it. The filter is applied to each web module that has the WhiteListProtection enable flag set to true.

For more information about cross-site scripting protection, see Double-click handling in the HCL Commerce Version 9 documentation.

<Components>
	<component
		compClassName="com.ibm.commerce.component.datatype.UrlMapperConfig"
		enable="true" name="UrlMapperConfig">
		<property UrlMapperFile="mapper/SEOUrlMapper.xml" display="false"/>
	</component>
	<component
		compClassName="com.ibm.commerce.dynacache.filter.StoreCacheFilterAttributeMapHelper"
		enable="true" name="DynaCacheFilterMappings">
			<property display="false" refreshInterval="300000">
				<map
					className="com.ibm.commerce.store.context.CommandContext"
					display="false" dynacacheAttributeName="DC_storeId"
					methodName="getStoreId" name="getStoreId"/>
				<map
					className="com.ibm.commerce.store.context.CommandContext"
					display="false" dynacacheAttributeName="DC_userId"
					methodName="getCallerId" name="getCallerId"/>
				<map
					className="com.ibm.commerce.store.context.CommandContext"
					display="false" dynacacheAttributeName="DC_lang"
					methodName="getLanguageId" name="getLanguageId"/>
				...
			</property>
	</component>
	<component
		compClassName="com.ibm.commerce.dynacache.filter.StoreEdgeCacheCookieHelper"
		enable="false" name="DynaCacheCookie">
			<property CookieDomain="" CookiePath="/"
				MutipleStores="true" Timeout="3600" display="false">
				<ec name="currencyId" value="true"/>
				<ec name="languageId" value="true"/>
				<ec name="parentOrg" value="true"/>
				...
			</property>
	</component>
</Components>

The components section defines the WebSphere Application Server DynaCache settings for the Store server. Custom component classes are not supported. However, existing components can be modified.

<NonEncryptedParameters display="false">
	<Parameter name="storeId"/>
	<Parameter name="langId"/>
	<Parameter name="catalogId"/>
	...
</NonEncryptedParameters>

The NonEncryptedParameters section defines the URL parameters that are left decrypted for caching purposes. For more information about allowing access to parameters, see Allowing access to encrypted parameters in the HCL Commerce Version 9 documentation.

<SEOConfiguration defaultUrl="" dynamicUrl="true" enable="true">
	<mapper-class-name value="com.ibm.commerce.component.seo.SEOURLMapperImpl"/>
</SEOConfiguration>

The SEOConfiguration section defines the SEO configuration settings for the Store server. A custom mapper class is not supported.

For more information about how store universal resource links (URLs) are constructed, see Tag: url in the HCL Commerce Version 9 documentation.

<DoubleClickMonitoredCommands display="false">
	<excludeCommands>
		<command name="StoreCatalogDisplay"/>
		<command name="TopCategoriesDisplay"/>
		<command name="CategoryDisplay"/>
		...
	</excludeCommands>
</DoubleClickMonitoredCommands>

The DoubleClickMonitoredCommands section defines which URL requests are subject or not subject to double-click handling. For more information about configuring double-click handling, see Configuring double-click handling in the HCL Commerce Version 9 documentation.

<SessionManagement>
<cookie httponly="true",
secure="true" />
</SessionManagement>

The SessionManagement section defines how user sessions are managed. Session cookies are set to secure by default. If the secure attribute is not specified, then the default value of true is assumed.