Load balancing configurations for SAP Hybris

As mentioned in one of my previous post if not setup correctly clustered environment can be a nightmare. Below are some of the configurations worth noting beforehand:

Server Affinity: a lost session

An HTTP (s) session should always be served by only one SAP Hybris application server otherwise session will be lost and user would need to re-login, even worse anonymous user will lose his cart and all other settings. To avoid this embarrassing experience, enable Sticky Session at application load balancing layer which will stick one session to one SAP hybris server.

Redirect rules: 

Very often redirect rules are defined at load balancing layer to redirect complete URL (base + context )-e.g. http://doodle.com/fun to base URL  e.g. http://doodle.com.

Here one exception should be medias because their urls are appended with /medias at end of base URL and redirecting these URLs to base URL wont load medias:

eg. a call to medias URL –  e.g. http://doodle.com/medias/abc/456789.jpg will be replace with http://doodle.com which will fail loading of medias into SAP Hybris applications.

 

 

Production Infrastructure for SAP Hybris

What is an ideal production server setup? How many servers, cores or nodes do you or customer need?

A production system should not be “it works” but it should be a full-fledged performance setup.

The production setup really varies from customer to customer but in general: one BackOffice server with couple of storefront servers along with webservers, solr servers and a load balancer is very standard infrastructure.

prod-setup

Measurement Metric:

Hybris gauges its performance with page impressions/ second/ core. Standard hybris accelerator comes with a ballpark 10-15 page impressions/second/core. Here fun part is – most of projects start with 1-2 pi/s/core and there can be seriously optimized applications where >50 pi/s/core can be found.

So it’s advised to analyse customer’s requirements with representative data rather than proposing a typically standard infrastructure setup.

 

 

 

Relative URLs in Hybris Cockpits

Very often in several business scenarios it is required to share direct Urls of order, cart or product with internal teams, e.g.:

After order is placed:

  • Send confirmation email to customer.

And

  • Also send email to a team of internal staff with direct URL of that order so that staff can directly go to that specific order just by clicking on URL rather than logging into cockpit and searching for that order.

Considering different nature of cockpit framework it’s not straight to create direct URL of an item as compared to storefront which is MVC.

Here is solution:

https://<hostname>:<port>/cscockpit/index.zul?persp=cscockpitPerspective&events=activation&act-item=8796093055021

Understanding URL:

A request event handler parses request parameters and dispatches a Cockpit business event. Different components are then notified of this dispatched event.

According to above URL, Activation request events is triggered for order item with pk – 8796093055021

Hook Interfaces and Strategies in Hybris

Customizing ordering processes could not be easier. Those were days when we used to override facades, services and strategies to inject a line of code just before or after a specific event in an ordering process. E.g. Before and After:

  • payment Authorization
  • adding product to cart
  • cart calculation lifecycle
  • cloning a saved cart
  • flagging a cart for deletion
  • Placing order
  • saving a cart
  • restoring a cart
  • updating cart entry

  Since version 5.4 onward (if I am not wrong) SAP Hybris has introduced a number of hook interfaces which can be implemented to inject your code at a specific time without hassle of overriding a chain of classes. Below is a list of few of them:

  • AuthorizePaymentMethodHook
  • CommerceAddToCartMethodHook
  • CommerceCartCalculationMethodHook
  • CommerceCloneSavedCartMethodHook
  • CommerceFlagForDeletionMethodHook
  • CommercePlaceOrderMethodHook
  • CommerceSaveCartMethodHook
  • CommerceSaveCartRestorationMethodHook
  • CommerceUpdateCartEntryHook

Usage: Implement required interface and corresponding method. And define below bean and add entry in directive: <bean id=yourCustomAddToCartMethodHook class=”xx.yy.zz”/> <bean id=“commerceAddToCartMethodHooksListMergeDirective” depends-on=“commerceAddToCartMethodHooks” parent=“listMergeDirective”> <property name=“add” ref=yourCustomAddToCartMethodHook /> </bean>    

B2B with B2C – a perfect blend of accelerators (storefronts)

One Hybris – One Accelerator – B2B and B2C – a vision few years ago has been implemented and is at its best now.

There was always need of a blend of B2B and B2C where a B2C customer might have requirement of small organisations concept(B2B units) or a B2B customer might expect a little more from promotions.

B2B features are now available across all Accelerators: in B2C accelertor  -Business units can be created along with their associated supporting elements, such as cost centers, permissions,budgets, users and user groups.

Additionally, commerceorgaddon and b2bacceleratoraddon are introduced to provide B2B storefront support to default accelerator – empowering single accelerator with all features of B2B and B2C.

Error submitting a form due to Cross Site Request Forgery (CSRF)

Recently I faced a problem when I was trying to simply create a Form and a Controller to accept the values submitted from the form. I was using Hybris 5.7 version.

When I entered and submitted some values in the form (or even submitting an empty form) I was continuously getting the following error in the browser and the program control was not reaching my controller:

http status 403 bad or missing CSRF value

After doing lot of googling I found that the above error was coming while sending a “POST” request from any Form and was due to the interceptor “csrfHandlerInterceptor” configured in spring-mvc-config.xml of my storefront. This interceptor is configured to prevent Cross Site Request Forgery (CSRF).

Now to fix this error, there are 2 options:

  1. either the CSRF token in the request matches the session CSRF token to ascertain the validity of incoming posts requests.
  2. or the requested URL is a trusted path and is allowed to go through without CSRF token validation

For the 1st point you need to configure and send a valid CSRF token in your request. You can find information regarding this at: http://docs.spring.io/spring-security/site/docs/3.2.0.CI-SNAPSHOT/reference/html/csrf.html

For the 2nd point you can add your URL entry to “csrfAllowedUrlPatternsList” in your storefront’s spring-mvc-config.xml file as shown below:

<util:list id=”csrfAllowedUrlPatternsList” value-type=”java.lang.String”>
             <value>/upload/createmedia</value>
</util:list>

Please note that for additional details there is a good article on CSRF in Hybris Wiki at the following URL:

https://wiki.hybris.com/display/accdoc/Spring+Security

 

 

Hybris Mobile and Desktop Site

Most people face problem in understanding the difference between Desktop site and Mobile site in Hybris and how do we setup the Mobile site and what parameters control the switching of Desktop and Mobile site. Also, how does a responsive site differ from both Desktop and Mobile site?

Technical Difference in terms of UI

First of all, the mobile site differs from the desktop site generally in terms of the UI. The back end code mostly remains the same for both the mobile and desktop sites.

The UI change is controlled by CSS, JS and images.

Also, the UI, which is defined using Hybris WCMS, need to define different Page Template, ContentSlot, ContentPage, ProductPage and the relationship between them for Mobile site and Desktop site.

Technical Difference in terms of Java code

For accessing the UI of either the Mobile site or the Desktop site, we need set the UiExperienceLevel to corresponding device type for which we need to first of all detect the device from which request is coming. This is done using an interceptor i.e. DeviceDetectionBeforeControllerHandler using class DefaultDeviceDetectionFacade and more specifically in SpringMobileRequestDeviceDataPopulator.

After device detection, the detected device needs to be mapped to a UiExperienceLevel (i.e whether it is desktop, tablet, mobile), which is done in class DeviceDataUiExperiencePopulator.

After this the detected UiExperienceLevel is compared with the supported UiExperienceLevel and if matched then DetectedUiExperienceLevel is set to this value.

Parameters controling switching of Desktop and Mobile site

UiExperienceLevel is configured in your properties file using the property “uiexperience.level.supported”.

Please note the correct format of specifying the value for “uiexperience.level.supported” is comma separated Camel Case names like Mobile,Desktop or Desktop,Mobile for the functionality to work correctly.

There is one more interceptor SetUiExperienceBeforeControllerHandler called before the request reaches the controller. This interceptor checks for the parameter “uiel” (like ?uiel=Mobile) in the request and if set its value is used to override all previous UiExperienceLevel.

Based on the UiExperienceLevel set, the corresponding CSS, JS and images are set and we see either the Mobile site or the Desktop site.

Responsive

When we have constructed our website for Responsive UI then the UI automatically adjusts itself according to the device type and this is done because of the responsive JS used. Hybris has made the desktop site responsive hence eliminating the need for separate Desktop and Mobile sites.

Different Views for Electronics Site:

MobileSite
Mobile Site – Non Responsive
ResponsiveSite-MobileView
Mobile Site – Responsive

 

 

 

 

 

 

 

 

 

ResponsiveSite-DesktopView

Desktop Site – Responsive

ResponsiveSite-TabView

Tab Site – Responsive