Upload
gabriel-walt
View
2.014
Download
3
Embed Size (px)
DESCRIPTION
Adobe Experience Manager (CQ) Provisionning & Authoring §1 Authentication - Best Practices - Authentication Handler - Login Module §2 Resource Provisioning - Best Practices - Blueprints - From Actions & Workflows §3 Author Scalability - Vertical - Horizontal
Citation preview
1
PROVISIONING & AUTHORING
@GabrielWalt – Product Manager – Web Experience Management
2
PROVISIONING & AUTHORINGPresentation Topics
§1 Authentication• Best Practices• Authentication Handler• Login Module
§2 Resource Provisioning• Best Practices• Blueprints• From Actions & Workflows
§3 Author Scalability• Vertical• Horizontal
3
PROVISIONING & AUTHORING§1 Authentication
• Best Practices• Authentication Handler• Login Module
4
PROVISIONING & AUTHORING§1 Authentication
Best Practices
Keep it Simple• Don’t micro-manage access rights for individual users or on individual pages• Use groups to assign access rights• Structure content around groups• Use Allow statements to specify group access rights
5
PROVISIONING & AUTHORING§1 Authentication
Authentication HandlerImplements the method by which visitors provide credentials.
It must implement:• Request Credentials• Extract Credentials• Drop Credentials
Example of implementations:• HTTP Basic• Form based• Token based• OpenID• SAML 2.0
6
PROVISIONING & AUTHORING§1 Authentication
Login ModuleImplements the method by which the server verifies the credentials.
Steps to add Login Modules:• OSGi fragment bundle (since 5.5)• Edit repository.xml file & jaas.conf file• Update your startup script• Restart CQ
Example Login Modules:• CRX• LDAP
7
PROVISIONING & AUTHORING§1 Authentication
LDAP Login Module
Useful Features• Creates the users in the repository• Can assign users to groups from LDAP• Has a cache (with timeout and size settings)• Can sync all users or a list of them at once• Callbacks can be registered on user and group creation
8
PROVISIONING & AUTHORING§1 Authentication
Restful user & group management
Create a usercurl -u admin:admin -FcreateUser=
-FauthorizableId=myUserName-Frep:password=myPassword-Fmembership=myGroupName-Fprofile/myPropertyName=myPropertyValuehttp://localhost:4502/libs/granite/security/post/authorizables
Create a groupcurl -u admin:admin –FcreateGroup=
-FauthorizableId=myGroupNamehttp://localhost:4502/libs/granite/security/post/authorizables
9
PROVISIONING & AUTHORING§1 Authentication
Restful user & group management
Edit an existing user$ curl -u admin:admin -Fprofile/myPropertyName=myPropertyValue
http://localhost:4502/home/users/m/myUserName.rw.html
Set a user’s group memberships (overwriting existing group memberships)$ curl -u admin:admin -Fmembership=myGroupName1 -Fmembership=myGroupName2
http://localhost:4502/home/users/m/myUserName.rw.html
Add/Remove users to/from a group (not impacting other memberships)$ curl -u admin:admin
-FaddMembers=myUserName1 -FaddMembers=myUserName2-FremoveMembers=myUserName3 -FremoveMembers=myUserName4http://localhost:4502/home/groups/m/myGroupName.rw.html
10
PROVISIONING & AUTHORING§1 Authentication
Restful user & group management
Get current user’s information$ curl -u admin:admin http://localhost:4502/libs/granite/security/currentuser.json
Delete a user or group$ curl -u admin:admin –FdeleteAuthorizable=
http://localhost:4502/home/users/m/myUserName
11
PROVISIONING & AUTHORING§2 Resource Provisioning
• Best Practice• Blueprints• From Actions & Workflows
12
PROVISIONING & AUTHORING§2 Resource Provisioning
Best Practice
Keep it simple• Keep number of templates low• Keep number of components low• Leverage CSS
• Build CSS-friendly markup• Set smart classes on the pages
13
PROVISIONING & AUTHORING§2 Resource Provisioning
Blueprints• Page structure ready to be provisioned• Page structure can be customized (to some extent)• A site owner can be defined (typically a group)• Simple copy or LiveCopy is possible (for keeping pages in sync)• A RolloutConfig can be added (to configure the components used for rendering)
14
PROVISIONING & AUTHORING§2 Resource Provisioning
From Actions & WorkflowsUseful when resouces needs to be provisioned on demand.
Looking at the CQ 5.6+ New Community feature:• Form for creating a new community• Workflow for creating the content and setting ACL
15
PROVISIONING & AUTHORING§2 Resource Provisioning
New Community – deconstructing how it works:
1. New Community Form:• Custom form component• Configurable properties (livecopy & blueprint paths)• Form action => forward.jsp
2. Forward.jsp• Verifies values of submitted form• Opens an admin session• Creates a workflow node (below /etc/social/groups/)• Adds to the workflow payload:
• form payload• form properties• current user id
16
PROVISIONING & AUTHORING§2 Resource Provisioning
New Community – deconstructing how it works:
3. Workflow launcher• Has a workflow listening to node creations under /etc/social/groups/
4. “Create Community Live Copy” Workflow• Creates a Live Copy from the master Community pages• Activates the pages (which is probably not what you would do)• Moves the workflow payload to the created parent page
17
PROVISIONING & AUTHORING§2 Resource Provisioning
6. “New Social Community Group” Workflow• Creates admin group• Adds original user to the admin group• Sets ACL to the content for the admin group
New Community – deconstructing how it works:
5. Workflow launcher• Has a workflow listening to page creation that has a payload
18
PROVISIONING & AUTHORING§3 Author Scalability
• Vertical• Horizontal
19
PROVISIONING & AUTHORING§3 Author Scalability
Vertical Scalability• Setup an Author Dispatcher• Optimize Hardware
• Increase CPU, RAM & Disk speed• Server load is affected by
• Image rendering & digital asset processing• MSM Rollout• Workflows• Simple Editing
Sufficient for at least 50 editors editing content concurrently.Approximation of # of logged-in users (of which only a fraction is editing concurrently!):$ grep access.log
20
PROVISIONING & AUTHORING§3 Author Scalability
Horizontal ScalabilitySharding 1: Split different sites (or parts of sites) into separate author instances.Publish instances are shared.
Asite 1
Asite 2
Asite 3
editing
editing
editing
P
P
P
replication
21
PROVISIONING & AUTHORING§3 Author Scalability
Horizontal ScalabilitySharding 2: Split different sites into separate author instances, but replicate to one main author, e.g. for shared workflow processes.
Asite 1
Asite 2
Asite 3
editing
editing
editing
Areplication
Preplication
22
PROVISIONING & AUTHORINGThank you!
@GabrielWalt – Product Manager – Web Experience Management