Technote: Pages with the 'authenticate Struts' flag turned on will lose the catalog ID parameter

Technote
(FAQ)

Pages with the 'authenticate Struts' flag turned on will lose the catalog ID parameter

Problem
When a customer tries to check out, a generic system error page is displayed. This error is displayed because the CatalogDataBean fails on the LogonForm page.

The URL in the browser does not have a catalogId parameter, just storeId and krypto. When the
catalogId=10001 is added back, the page works.

Observe that the HttpBrowserAdapter moves all of the parameters into the URL parameter when it constructs the redirect (this trace is for a TrackOrderStatus page):

[2/21/07 17:25:18:769 EST] 00000032 WC_SERVER < oJXFpno1kPP0l45XYU4wuGLoGaE%3d%0d%0a
com.ibm.commerce.browseradapter.HttpBrowserAdapter.isCallerAuthenticat ed Exit authenticated? false
[2/21/07 17:25:18:769 EST] 00000032 WC_SERVER > oJXFpno1kPP0l45XYU4wuGLoGaE%3d%0d%0a
com.ibm.commerce.browseradapter.HttpBrowserAdapter.generateLogonRedirectResponseProperties Entry
[2/21/07 17:25:18:769 EST] 00000032 WC_SERVER 3 oJXFpno1kPP0l45XYU4wuGLoGaE%3d%0d%0a
com.ibm.commerce.browseradapter.HttpBrowserAdapter.generateLogonRedirectResponseProperties reqName= TrackOrderStatus
[2/21/07 17:25:18:769 EST] 00000032 WC_SERVER 3 oJXFpno1kPP0l45XYU4wuGLoGaE%3d%0d%0a
ServletHelper.buildHttpRedirectUrl3 inUrl=TrackOrderStatus encoding=UTF-8
[2/21/07 17:25:18:769 EST] 00000032 WC_SERVER 3 oJXFpno1kPP0l45XYU4wuGLoGaE%3d%0d%0a
ServletHelper.buildHttpRedirectUrl3 Final redirect url=TrackOrderStatus?langId=-1&storeId=10551&catalogId=10001
[2/21/07 17:25:18:769 EST] 00000032 WC_SERVER 3 oJXFpno1kPP0l45XYU4wuGLoGaE%3d%0d%0a
com.ibm.commerce.browseradapter.HttpBrowserAdapter.generateLogonRedirectResponseProperties redirectURL= TrackOrderStatus?langId=-1&storeId=10551&catalogId=10001
[2/21/07 17:25:18:769 EST] 00000032 WC_SERVER < oJXFpno1kPP0l45XYU4wuGLoGaE%3d%0d%0a
com.ibm.commerce.browseradapter.HttpBrowserAdapter.generateLogonRedirectResponseProperties Exit
oMap=WcUseHttps=truestoreId=10551URL=TrackOrderStatus?langId=-1&storeId=10551&catalogId=10001 redirecturl=LogonForm viewTaskName=RedirectView

The following example shows the output URL:

[2/21/07 17:25:18:799 EST] 00000032 WC_SERVER 3 oJXFpno1kPP0l45XYU4wuGLoGaE%3d%0d%0a
ECActionForwardInstance.savePropAsUrlParameters base URL=LogonForm
[2/21/07 17:25:18:799 EST] 00000032 WC_SERVER 3 oJXFpno1kPP0l45XYU4wuGLoGaE%3d%0d%0a
ECActionForwardInstance.encryptParameters encrypt=true
[2/21/07 17:25:18:799 EST] 00000032 WC_SERVER 3 oJXFpno1kPP0l45XYU4wuGLoGaE%3d%0d%0a
ServletHelper.buildHttpRedirectUrl3 inUrl=LogonForm encoding=UTF-8
[2/21/07 17:25:18:799 EST] 00000032 WC_SERVER 3 oJXFpno1kPP0l45XYU4wuGLoGaE%3d%0d%0a
ServletHelper.buildHttpRedirectUrl3 query string before encryption=WcUseHttps=true&URL=TrackOrderStatus%3FlangId%3D-1%26storeId%3D10551%26catalogId%3D10001
[2/21/07 17:25:18:799 EST] 00000032 WC_SERVER > oJXFpno1kPP0l45XYU4wuGLoGaE%3d%0d%0a
com.ibm.commerce.security.keys.WCKeyRegistry.getKey(strKeyName, strProvider) Entry MerchantKey <null>
[2/21/07 17:25:18:799 EST] 00000032 WC_SERVER > oJXFpno1kPP0l45XYU4wuGLoGaE%3d%0d%0a
com.ibm.commerce.security.keys.WCKeyRegistry.findKey(strKeyName, strProvider, strStatus) Entry
MerchantKey <null> current
[2/21/07 17:25:18:799 EST] 00000032 WC_SERVER < oJXFpno1kPP0l45XYU4wuGLoGaE%3d%0d%0a
com.ibm.commerce.security.keys.WCKeyRegistry.findKey(strKeyName, strProvider, strStatus) Exit WC
[2/21/07 17:25:18:799 EST] 00000032 WC_SERVER < oJXFpno1kPP0l45XYU4wuGLoGaE%3d%0d%0a
com.ibm.commerce.security.keys.WCKeyRegistry.getKey(strKeyName, strProvider) Exit WC
[2/21/07 17:25:18:799 EST] 00000032 WC_SERVER 3 oJXFpno1kPP0l45XYU4wuGLoGaE%3d%0d%0a
ServletHelper.buildHttpRedirectUrl3 Final redirect url=LogonForm?storeId=10551&krypto=r%2Bct9ONFoig%2FRfaUrs5JdQXhkzEgN5410D
upfTEfIv5v9RzCfjAPkV2arZosf%2BHJvYiToLpyXjgr%0D%0AQY2QddE6aio8GYjpZ5QR
U8wiNeX8NYMeFF4%2FrsqvhqGR3COxGTEm

Cause
WebSphere Commerce runtime authentication redirects the user to the LogonForm URL using only the storeId and URL parameter (containing the URL to execute after a successful logon). In this scenario, the LogonForm will be executed without the catalogId parameter. The catalogId parameter is required on all starter store pages because it is used to show the current catalog's top categories.
Therefore, the LogonForm JSP page should be coded in a way that, if the authenticated feature is used, it should retrieve the catalogId from the next URL rather than from the request properties.
Solution
This is a known problem. Contact WebSphere Commerce Support for APAR JR26047.

Document Information

Current web document: http://www.ibm.com/support/docview.wss?uid=swg21261173