Evolve13 – Provisionning & Authoring on CQ

1

PROVISIONING & AUTHORING

@GabrielWalt – Product Manager – Web Experience Management

2

PROVISIONING & AUTHORINGPresentation Topics

§1 Authentication• Best Practices• Authentication Handler• Login Module

§2 Resource Provisioning• Best Practices• Blueprints• From Actions & Workflows

§3 Author Scalability• Vertical• Horizontal

3

PROVISIONING & AUTHORING§1 Authentication

• Best Practices• Authentication Handler• Login Module

4


Best Practices

Keep it Simple• Don’t micro-manage access rights for individual users or on individual pages• Use groups to assign access rights• Structure content around groups• Use Allow statements to specify group access rights

5


Authentication HandlerImplements the method by which visitors provide credentials.

It must implement:• Request Credentials• Extract Credentials• Drop Credentials

Example of implementations:• HTTP Basic• Form based• Token based• OpenID• SAML 2.0

6


Login ModuleImplements the method by which the server verifies the credentials.

Steps to add Login Modules:• OSGi fragment bundle (since 5.5)• Edit repository.xml file & jaas.conf file• Update your startup script• Restart CQ

Example Login Modules:• CRX• LDAP

7


LDAP Login Module

Useful Features• Creates the users in the repository• Can assign users to groups from LDAP• Has a cache (with timeout and size settings)• Can sync all users or a list of them at once• Callbacks can be registered on user and group creation

8


Restful user & group management

Create a usercurl -u admin:admin -FcreateUser=

-FauthorizableId=myUserName-Frep:password=myPassword-Fmembership=myGroupName-Fprofile/myPropertyName=myPropertyValuehttp://localhost:4502/libs/granite/security/post/authorizables

Create a groupcurl -u admin:admin –FcreateGroup=

-FauthorizableId=myGroupNamehttp://localhost:4502/libs/granite/security/post/authorizables

9



Edit an existing user$ curl -u admin:admin -Fprofile/myPropertyName=myPropertyValue

http://localhost:4502/home/users/m/myUserName.rw.html

Set a user’s group memberships (overwriting existing group memberships)$ curl -u admin:admin -Fmembership=myGroupName1 -Fmembership=myGroupName2

http://localhost:4502/home/users/m/myUserName.rw.html

Add/Remove users to/from a group (not impacting other memberships)$ curl -u admin:admin

-FaddMembers=myUserName1 -FaddMembers=myUserName2-FremoveMembers=myUserName3 -FremoveMembers=myUserName4http://localhost:4502/home/groups/m/myGroupName.rw.html

10



Get current user’s information$ curl -u admin:admin http://localhost:4502/libs/granite/security/currentuser.json

Delete a user or group$ curl -u admin:admin –FdeleteAuthorizable=

http://localhost:4502/home/users/m/myUserName

11

PROVISIONING & AUTHORING§2 Resource Provisioning

• Best Practice• Blueprints• From Actions & Workflows

12


Best Practice

Keep it simple• Keep number of templates low• Keep number of components low• Leverage CSS

• Build CSS-friendly markup• Set smart classes on the pages

13


Blueprints• Page structure ready to be provisioned• Page structure can be customized (to some extent)• A site owner can be defined (typically a group)• Simple copy or LiveCopy is possible (for keeping pages in sync)• A RolloutConfig can be added (to configure the components used for rendering)

14


From Actions & WorkflowsUseful when resouces needs to be provisioned on demand.

Looking at the CQ 5.6+ New Community feature:• Form for creating a new community• Workflow for creating the content and setting ACL

15


New Community – deconstructing how it works:

1. New Community Form:• Custom form component• Configurable properties (livecopy & blueprint paths)• Form action => forward.jsp

2. Forward.jsp• Verifies values of submitted form• Opens an admin session• Creates a workflow node (below /etc/social/groups/)• Adds to the workflow payload:

• form payload• form properties• current user id

16



3. Workflow launcher• Has a workflow listening to node creations under /etc/social/groups/

4. “Create Community Live Copy” Workflow• Creates a Live Copy from the master Community pages• Activates the pages (which is probably not what you would do)• Moves the workflow payload to the created parent page

17


6. “New Social Community Group” Workflow• Creates admin group• Adds original user to the admin group• Sets ACL to the content for the admin group


5. Workflow launcher• Has a workflow listening to page creation that has a payload

18

PROVISIONING & AUTHORING§3 Author Scalability

• Vertical• Horizontal

19


Vertical Scalability• Setup an Author Dispatcher• Optimize Hardware

• Increase CPU, RAM & Disk speed• Server load is affected by

• Image rendering & digital asset processing• MSM Rollout• Workflows• Simple Editing

Sufficient for at least 50 editors editing content concurrently.Approximation of # of logged-in users (of which only a fraction is editing concurrently!):$ grep access.log

20


Horizontal ScalabilitySharding 1: Split different sites (or parts of sites) into separate author instances.Publish instances are shared.

Asite 1

Asite 2

Asite 3

editing

editing

editing

P

P

P

replication

21


Horizontal ScalabilitySharding 2: Split different sites into separate author instances, but replicate to one main author, e.g. for shared workflow processes.

Asite 1

Asite 2

Asite 3

editing

editing

editing

Areplication

Preplication

22

PROVISIONING & AUTHORINGThank you!

@GabrielWalt – Product Manager – Web Experience Management

Technology

Evolve13 – Provisionning & Authoring on CQ