Hybris/ SAP CX OCC (Omni Commerce Connect)
Updated: Jan 2
Interview Question and Answer
What are the major changes in V1 and V2?
V2 is the default version after hybris 5.4.
Calls in V2 are stateless whereas in V1 calls are stateful.
In V1, Customer and cart data is stored in the session, and are preserved between subsequent request . Where as in V2 session scope is per request and session is set using service layer Session filter.
In V2 data mapper (level mapper) are used which maps data in WsDto.
Both V1 and V2 have different servlet defined in web.xml.
What is token? How do you register your own client in the token store?
Token- In the traditional client-server authentication model, the client requests an access-restricted resource (in other words, protected resource) on the server by authenticating with the server using the resource owner’s credentials. In order to provide third-party applications access to the restricted resources, the resource owner shares its credentials with the third-party application. This creates several issues and limitations:
Third-party applications are required to store the resource owner’s credentials for future use, typically a password in clear text form.
Servers are required to support password authentication, despite the security weaknesses inherent in passwords.
Third-party applications gain overly broad access to the owner’s protected resources, leaving resource owners without any ability to restrict duration or access to a limited subset of resources.
Resource owners cannot revoke access to an individual third-party without revoking access to all third-parties, and must do so by changing their password.
Compromise of any third-party application results in compromise of the end-user’s password and all of the data protected by it. OAuth 2.0 addresses these issues by introducing an authorization layer and separating the role of the client from that layer. The OAuth 2.0 authorization framework is the default authorization framework for the commerce driven OCC (Omni Commerce Connect) Web Services under the ycommercewebservices extension. The key benefit of using OAuth 2.0 (compared to basic authentication, even over HTTPS) is that the API client does not have to save or, in some cases, even obtain the user’s credentials. Instead, access token s are returned to the client that can use refresh tokens to obtain new access token s once they have expired.
Registering in the security spring file your need to register your own client as below
Explain session in terms of OCC?
In V1 session is maintained. Customer and cart data is stored in the session. This way V1 request are stateful. This session work similar to that of storefront session. As a assumption JSESSION id is stored.
In V2 there is a session per request which is set using the service layer Session filter. For every request new session is created. Cart,user and other information are kept stored in this session. Hence we can say that in V2 scope of session is per request.
You are getting huge amount of response which is not optimized. Due to which your API is taking too long to respond and processing large amount of data is also crashing your app. How will you optimize the data returned by OCC V2.
Limit Data — Sometime we don’t require the whole amount of data responded by API. We should get only the required amount of data. We can achieve that by Field Set level mappings and we can request required data by specifying that in URL as fields=User(BASIC),cart(name,code). The response will return BASIC level data from User and only name , code for cart.
Compression- We can compress response over network. To achieve this you can define compressing servlet filter in web.xml.
Network Calls- Limiting network calls also improves apps performance. Caching and Config file- Using caching for data that changes rarely like images/banner. Also some background call can be made at regular interval to fetch data which has changed in the background as CMS data.
Your App is live with V2 but you wants to create Another service endpoint similar to V2 but and both should work simultaneously. What is the process to achieve this?
1. Create new servlet for newer version V2_1 in web.xml and different servlet mapping.
2. For V2_1 define contextConfigLocation which specifies the location where your configuration files are located. The HybrisContextLoaderListener extends the usual SpringContextLoaderListener (which loads the context from specified location) by adding the global application context of the platform as parent context. With having the global context set as parent you can access or override beans of the global context and get the ‘tenant’ scope.
3. Create separate error-config, filter-config, validator, security and mvc servlet xml in WEB_INF/config/V2_1.
How do you validate fields received in Request Body and request Parameter in OCC?
To validate we uses validators defined in validator spring xml file. For validating number, string, null, regex use single validator or composite validator (collection of validators) in the xml file. Also error message can be configured from xml itself.
What is the data carrier in OCC layer returned as response?
In V1 Data is returned as response to any request whereas in case of V2 WSDTO is returned as response. Data mapper is used to map data to WSDTO.
What are the filters a new V2 request passes through?
Site Matching Filter
Spring security filter chain
User matching Filter
Cart matching Filter
What is Field Set Level Mapping. What are the major level mapping? Can we have our own level mapping?
Field Set Level mapping is the bean consisting of two properties dtoClass and level mapping for that dtoClass. Level mapping is the map of entries. Key is the field identifier and value is the comma separated fields of dtoClass. By this we can limit entries in the response.
< entry key=”BASIC” value=”membersCount,subGroups,uid,name,cart(code,guid)” />
Major Level Mapping- There are 3 major level mapping defined by hybris
Custom Level Mapping- in order to create your own level mapping you need to give unique key to it. And while referring give the key name in the field parameter of request.
< entry key=”MY_KEY” value =”user(name,uid),cart(code,guid)” />