Few months ago I was working for a troubleshooting investigation regarding an ACL not expected behavior. My client was on iSeries with WCS 7 and B2B stores. I found the issue was deriving because of a base cache default configuration set by InitializationServlet.
The following brief article describe the issue and the solution adopted.
WebSphere Commerce developers
The client was experiencing a not expecting behavior on user HP redirection after login for guests and special-guests (which have specific roles). In particular, digging the Dynacache, we found the CommandLevelAuthorizationCacheCmdImpl cache entry was the same for guest and special guests.
The Cache Monitor was reporting the following data
com.ibm.commerce.accesscontrol.policymanager.CommandLevelAuthorizationCacheCmdImpl: getUserTag=TAG_GUEST_USER: getAction=Execute: getStoreId=10201: getResourceInterfaceName=<customer implementation>
The confirmation the root cause of the issue was above object we've made some test deleting this specific object and everything was working.
The command CommandLevelAuthorizationCacheCmdImpl is cached in the data cache WCUserDistributedMapCache and configured in the CrossTransactionCache included in the wc-server.xml:
<com.ibm.commerce.membergroup.commands.ListMemberGroupsForUserCmdImpl enabled="true"/> <com.ibm.commerce.user.objsrc.DemographicsCache enabled="true"/> <com.ibm.commerce.dynacache.commands.MemberGroupsCache enabled="true"/> <com.ibm.commerce.user.objsrc.MemberGroupMemberCache enabled="true"/> <com.ibm.commerce.user.objsrc.MemberRelationshipsCache enabled="true"/> <com.ibm.commerce.user.beansrc.MemberRelationshipsExtendedCache enabled="true"/> <com.ibm.commerce.user.objsrc.MemberRoleCache enabled="true"/> <com.ibm.commerce.user.objsrc.MemberCache enabled="true"/> <com.ibm.commerce.user.objsrc.UserCache enabled="true"/> <com.ibm.commerce.user.objsrc.UserRegistryCache enabled="true"/>
By default the CommandLevelAuthorizationCache is enabled (in wc-server.xml) and so the WCUserDistributedMapCache
However, disabling the WCUserDistributedMapCache the entries CommandLevelAuthorizationCache were anyway stored in the cache under the baseCache.
A possible workaround
The baseCache entries were configured because of the OOTB cachespec.xml stored in the JAR related to the web module InitializationServlet.
I think above cachespec was something not really respecting the configuration of the CrossTransactionCache; in my opinion, if you switch off (from server.xml) the CrossTransactionCache the related and eventual commands (like CommandLevelAuthorizationCacheCmdImpl) should not be cached.
In any case, we had to update the InitializationServlet/cachespec.xml and disable the definition of CommandLevelAuthorizationCacheCmdImpl cache entry.