Topic
9 replies Latest Post - ‏2015-01-30T15:12:59Z by jose manuel
rani0107
rani0107
2 Posts
ACCEPTED ANSWER

Pinned topic WCS REST API | WCTOKEN

‏2013-04-17T15:00:01Z |

Is there a way to access WCS REST API calls while the web-session(via browser) is active?

Basically is there a way to extract the WCToken using the web-based cookies other than the LoginIdentityHandler/GuestIdentityHandler.

Kindly help.

Thanks,
Shwetha

  • Raj.S
    Raj.S
    511 Posts
    ACCEPTED ANSWER

    Re: WCS REST API | WCTOKEN

    ‏2013-04-18T03:27:51Z  in response to rani0107

    I think the value of WCToken is the encrypted part of the WC_USERACTIVITY_ID cookieand the value of WCTrustedToken is the encrypted value of WC_AUTHENTICATION_ID cookie.

    Could you please try this and let us know if it works.

     

    Eg: WC_AUTHENTICATION_1234 = -1002,gUv2c/CQNEdulPRjQ/H1nCpi6k8=

              WCToken = gUv2c/CQNEdulPRjQ/H1nCpi6k8=

     

    Rgds, Raj.

     

     

    • rani0107
      rani0107
      2 Posts
      ACCEPTED ANSWER

      Re: WCS REST API | WCTOKEN

      ‏2013-04-18T09:19:24Z  in response to Raj.S

      Thanks for the response.

       

      Findings are as follows:

       

      Activity Token is not WCToken.

       

      WCToken can be generated from the web-based session using the below code-snippet.

       

      Using this WCToken we cannot call any REST based web-service(using REST console), it does give

      "errorMessage": "CMN1039E: An invalid cookie was received for the user, your logonId may be in use by another user." Has anyone faced this issue?

       

       

      CommandContext jstlCommandContext = (CommandContext)request.getAttribute(ECConstants.EC_COMMANDCONTEXT );

              String userId = jstlCommandContext.getUserId().toString();

          

          

              String merchantKey = WCKeyRegistry.getInstance().getKey("SessionKey").getValueAsString();

              WCCookieUserSession cookieUserSession = new WCCookieUserSession(null, null, merchantKey, null, null);

              cookieUserSession.setUserId(new Long(userId));

              cookieUserSession.setConversationToken(jstlCommandContext.getActivityToken());

              String cookieValue = cookieUserSession.serialize();

       

              String encryptedPart = cookieValue.substring(cookieValue.lastIndexOf(44) + 1);

              StringBuffer cookieValueBuffer = new StringBuffer(userId.length() + 1 + encryptedPart.length());

              cookieValueBuffer.append(userId);

              cookieValueBuffer.append(',');

              cookieValueBuffer.append(encryptedPart);

              cookieValue = URLUTF8Encoder.encode(cookieValueBuffer.toString()); //WCToken Generated

              

              WCAuthenticationCookie authenticationCookie = new WCAuthenticationCookie(null, new Long(userId), merchantKey, null, null);a

              String authenCookieValue = authenticationCookie.serialize();

              authenCookieValue = URLUTF8Encoder.encode(authenCookieValue); //WCTrustoken Generated

       

      Thanks,

      Shweth

      • P8MN_sumit_kumar
        P8MN_sumit_kumar
        7 Posts
        ACCEPTED ANSWER

        Re: WCS REST API | WCTOKEN

        ‏2014-01-02T19:32:21Z  in response to rani0107

        shweth,

        i wonder if WCToken retrieved from this code can be used as parameter for passing WCToken for addorderitem and getcart.

        tried ur code to generate WC token but it seems to be little different from token generated from loginhandler and thus failing in finding user and login user.highlighed portion is different between token generated

        Token Generated from cookie:Not working

        259002%2cr%2bWWNp%2bql3wojec%2fvp2WClL0ejJpmPLqA3wUTZJ12gadv9qNend9FZscm6FlpizQvXlMyd54%2bxD2%0d%0ae9ONQ7HxlxVvId00GOXQJLmw1KB6AWeEnjpnp5TVCF5hLEvNnxANINJYZd%2f1d9I%3d

         

        Token Generated from Loginhandler:working

        259002%2cr%2bWWNp%2bql3wojec%2fvp2WClL0ejJpmPLqA3wUTZJ12gadv9qNend9FZscm6FlpizQvXlMyd54%2bxCE%0d%0aZaB2y64wJYZET7dRhdeDjcSXf40TrU0k3uFKeTsrBT8gLWptDka3Qbym0fwID58%3d
    • jose manuel
      jose manuel
      1 Post
      ACCEPTED ANSWER

      Re: WCS REST API | WCTOKEN

      ‏2015-01-30T15:12:59Z  in response to Raj.S

      Long time no see Rajesh.

      I am actually trying to emulate the "login" as you said.

      I first make a request via REST with  https://mydomain/wcs/resources/store/10001/loginidentity with my "logonId" and "logonPassword" with my App. I succesfully get my response with

      {WCToken: "555504%2cdNTteFLM5fTGXlcUKxCry3PquKTnNW2BYwtVIRbBIKWWBPAL3tCYQsgxsqv%2bZ9CcC6JwwNYiBCHU%0a0zzifbz6uNx6ZUZeBlteeSaBcyoagmC7HhML2rPkuqTR%2fJZ5eR2nzwFwxokErHI%3d"

      WCTrustedToken: "555504%2c7x%2fOQmEEFbvsRi0KnXjpBdwDxlI%3d"
      personalizationID: "1412694676477-1"
      userId: "555504"}

       

       

       

      Then I use these values to create both cookies  WC_USERACTIVITY_ID  & WC_AUTHENTICATION_ID with the values I copied before and insert them in my browser. But for some reason. Commerce tells me :

       

       "CommerceSrvr  E WCAuthenticationCookie getUserId CMN1039E: An invalid cookie was received for the user, your logonId may be in use by another user."
       

      I want to stay on the same "login session" and it's not really multichannel. I launch my REST call from my app and in this same app I want to be able to navigate in the store front pages with those credentials.  Before venturing with the APAR I want to make sure if it is possible to develop this solution without the apar. I am currently developing in FEP5.

       

      Or maybe I'm just mistaken :) Can you throw some light?

       

       

          

       

       

  • Yashbir_Sachdev
    Yashbir_Sachdev
    19 Posts
    ACCEPTED ANSWER

    Re: WCS REST API | WCTOKEN

    ‏2014-01-03T17:03:05Z  in response to rani0107

    You can generate tokens for REST calls using the activity token from command context ...

    Here is the code snippet -->

     

            try{
                //get activity token id and signature
                ActivityToken token = commandContext.getActivityToken();
                String identitySignature = token.getSignature();
                String identityId = token.getActivityGUID().getGUID().toString();
                
                //generate commerce tokens from activity token
                Map<String, Object> identityTokenInfo = new HashMap();
                identityTokenInfo.put(MemberFacadeConstants.ACTIVITY_TOKEN_ID, new String[] { identityId } );
                identityTokenInfo.put(MemberFacadeConstants.ACTIVITY_TOKEN_SIGNATURE, new String[] { identitySignature } );
                Map<String, String> commerceTokens = CommerceTokenHelper.generateCommerceTokens(identityTokenInfo);
                
                String wcToken = commerceTokens.get(CommerceTokenHelper.WC_TOKEN);
                String wcTrustedToken = commerceTokens.get(CommerceTokenHelper.WC_TRUSTED_TOKEN);
                
            }
            catch(ECException e){
                //do some exception handling
            }

     

    • P8MN_sumit_kumar
      P8MN_sumit_kumar
      7 Posts
      ACCEPTED ANSWER

      Re: WCS REST API | WCTOKEN

      ‏2014-01-03T20:42:35Z  in response to Yashbir_Sachdev

      yashbir,tried same but its ending with exception.and token is different.

      • Yashbir_Sachdev
        Yashbir_Sachdev
        19 Posts
        ACCEPTED ANSWER

        Re: WCS REST API | WCTOKEN

        ‏2014-01-04T04:03:26Z  in response to P8MN_sumit_kumar

        @Shweta --> I got the same error you were getting ... but that is because you are using same browser for traditional log-in & rest calls via same browser plugin. I used IE for Aurora Store front AND firefox for rest call plugin ... i got different error. 

        @Sumit --> 

         

        MY ABOVE SOLUTION DOES NOT WORKS AS EXPECTED !!! 
        Please do not refer to it. I tried to test the flow myself. Here are the results. 
         
        Modified Code (Even this does not works as per your requirement ) --> 
        try{
        //get activity token id and signature 
        ActivityToken token = getCommandContext().getActivityToken();
        String identitySignature = token.getSignature();
        String identityId = token.getActivityGUID().getGUID().toString();
         
        System.out.println("user id = " + getCommandContext().getUserId().toString());
        System.out.println("identitySignature = " + identitySignature);
        System.out.println("identityId = " + identityId);
         
        //populate token map 
        Map<String, Object> identityTokenInfo = new HashMap();
        identityTokenInfo.put(MemberFacadeConstants.ACTIVITY_TOKEN_ID, new String[] { identityId } );
        identityTokenInfo.put(MemberFacadeConstants.ACTIVITY_TOKEN_SIGNATURE, new String[] { identitySignature } );
        identityTokenInfo.put(MemberFacadeConstants.EC_USERID, new String[] { getCommandContext().getUserId().toString() } );
         
        //generate commerce tokens from activity token
        Map<String, String> commerceTokens = CommerceTokenHelper.generateCommerceTokens(identityTokenInfo);
        String wcToken = commerceTokens.get(CommerceTokenHelper.WC_TOKEN);
        String wcTrustedToken = commerceTokens.get(CommerceTokenHelper.WC_TRUSTED_TOKEN);
         
        System.out.println("wcToken = " + wcToken);
        System.out.println("wcTrustedToken = " + wcTrustedToken);
         
        }
        catch(ECException e){
        e.printStackTrace(); 
        }
         
         
        Test Steps --> 
        1) open aurora store in IE browser 
        2) sign in with registered user account .. check in logs for following sop's
          user id = 28502
          identitySignature = gGVfkZDMv0Ks3o41FCt2r8/NUb4=
          identityId = 5974551
          wcToken = 28502%2cNV1jpDaIDkaoW7vFDHEeVD4rgMC1pmADCQgzWn2%2frykBFGfM0R6DmPkv%2f%2bUE4NCWnZk8ixSlHmO8%0d%0ap7BWXQZq4P3%2bVYmOInGAzXa9yZs3h7CR688QFqiWc3okjdM4wchmfjc%2bKLIMvYI%3d
          wcTrustedToken = 28502%2cnhd73DxDXeU6URPWHMpKbx%2f%2fpgQ%3d
         
        3) Add an item to cart from the aurora store front itself in IE browser
        4) Use the above values of wctoken and wctrusted token in REST plugin of firefox browser to get cart details 
        {
        "errors": [
        {
        "errorCode": "1010",
        "errorKey": "CWXBB1010E",
        "errorMessage": "Invalid activity token \"5974551\".",
        "errorParameters": "5974551"
        }
        ]
        }
         
        PS : the importance of using different browsers is that ... you will not get an error saying your logon id is already in use. This is misleading because rest calls would be made by java code and not by REST browser plugin. 
         
        Reason for this error --> 
        When WCS is trying to verify the activity token generated using WCToken and WCTrustedToken that we are sending, it is sensing that tokens have not been initialized correctly. Hence, it throws an InvalidActivityTokenException. 
         
        Suggested Solution --> Open a PMR .. check with those guys what is the appropriate way of achieving your requirement. Please share here once you have the working solution.
        • P8MN_sumit_kumar
          P8MN_sumit_kumar
          7 Posts
          ACCEPTED ANSWER

          Re: WCS REST API | WCTOKEN

          ‏2014-01-04T05:37:53Z  in response to Yashbir_Sachdev

          sure yashbir.will post once we get result 

        • sumit_srivastava
          sumit_srivastava
          13 Posts
          ACCEPTED ANSWER

          Re: WCS REST API | WCTOKEN

          ‏2014-01-17T12:45:38Z  in response to Yashbir_Sachdev

          steps to achieve: 
          Install apar#JR45670 and extend SimultaneousLogonHelperCmdImpl to set isReusingActivityTokenAllowed() method  to return true. 
          1.login to store and use following snippet to get token and use WCToken to call order item add 
          String wctoken=""; 
          try{ 

          BaseContext baseContext = (BaseContext)ContextServiceFactory.getContextService().findContext("com.ibm.commerce.context.base.BaseContext"); 
          baseContext.getActivityToken().setTemporaryLock(false); 
          baseContext.getActivityToken().setTemporary(false); 





          //generate commerce tokens from activity token 
          Map<String, Object> identityTokenInfo = new HashMap(); 
          identityTokenInfo.put(MemberFacadeConstants.ACTIVITY_TOKEN_ID, new String[] { baseContext.getActivityToken().getActivityGUID().toString() } ); 
          identityTokenInfo.put(MemberFacadeConstants.ACTIVITY_TOKEN_SIGNATURE, new String[] { baseContext.getActivityToken().getSignature() } ); 
          identityTokenInfo.put(MemberFacadeConstants.EC_USERID, new String[] { getUserId().toString() } ); 
          Map<String, String> commerceTokens = CommerceTokenHelper.generateCommerceTokens(identityTokenInfo); 

          wctoken = commerceTokens.get(CommerceTokenHelper.WC_TOKEN); 
          String wcTrustedToken = commerceTokens.get(CommerceTokenHelper.WC_TRUSTED_TOKEN);


          catch(ECException e){ 
          //do some exception handling 
          }

  • This reply was deleted by sumit_srivastava 2014-01-16T18:31:03Z.