ExerciseBookCQ 5.3SystemAdministratorTrainingOdd
Short Description
Download ExerciseBookCQ 5.3SystemAdministratorTrainingOdd...
Description
/~\
L~ V.
~~\
Technical Training
II
I CQ 5.3 System Administrator Training
World Standard Softare to Unif Your Business ww.day.com Copyright 2010, Day Software AG, Switzerland Day Company Confidential RevL.2 20101005
Preface
5
Formatting Conventions
6
EXERCISE 1 - Install & Start an Author Instance EXERCISE 2 - Edit a Page
7 13
EXERCISE 3 - Browse Related Application/Server Ititenaces 17
EXERCISE 4 - Change Default Passwords 23 EXERCISE 5 - Configure Version Manager OSGi BlI ndle 33
Instances 38 EXERCISE 7 - Activate Tree 47 EXERCISE 6 - Set up Replication Agents for two Pli blish
EXERCISE 8 - Add the Dispatcher to the 115 WebSe"ver 49 EXERCISE 9 - Add the Dispatcher to the Apache WebServer 52
EXERCISE 10 - Configure the Dispatcher 55 EXERCISE 11 - Optimize Tar PM on Author Instance 69
EXERCISE 12 - Backup Author Instance 71 EXERCISE 13 - Using cURL for Automated Backup 74 EXERCISE 14 - Cluster Two CO Instances 76
EXERCISE 15 - Create & Download a CO Package 81 EXERCISE 16 - Automating Package Manager with cURL 86 EXERCISE 17 - Creating Custom Log Files 91 EXERCISE 18 - User Administration and Security 95
EXERCISE 19 - Integrate with LDAP for Users and Groups 111
EXERCISE 20 - Find Slow Responses 120 World Standard Softare to Unify Your Business. ~ww.d~.CQm 3 Copyright 2010, Day Software AG, Switzerland Day Company Confidential RevL.220101005
The current training material is indented as a introduction to administer CQ 5.x in a working environment. The latest available release is 5.3. Training material will be accordingly adapted to further product releases. Except Exercise 1, all other exercises have as a prerequisite a running CQ 5.x Author instance. Exercise 1 will lead you through the steps needed to install such an instance. Additional requirements are listed in the corresponding exercises.
The current exercise book contains some exercises which will be covered during training reinforcing the topics discussed during class. In the Appendix, you may find additional exercises which can help you with different installation platforms.
World Standard Softare to Unify Your Business ww.day.com 5 Copyright 2010, Day Software AG, Switzerland Day Company Confidential RevL.220101005
Goal The following instructions explain how to install and start an Author instance. This is important because you will use this Author instance throughout this training to perform typical development tasks. To successfully complete and understand these instructions, you will need: · A CQ5 quickstart JAR · A valid CQ5 license key
· A JDK ;;= 1.5 · Approximately 800 MBs of free space
· Approximately 1 GB of RAM
What is an Author instance? An Author instance is the CQ5 installation content authors will login to and manage pages. This includes: 1) creating, 2) editing, 3) deleting, 4) moving, 5) etc. In addition, it is the installation you will be developing against as you can easily observe both Author and Publish views.
How to install atl Author instance: 1. Create a folder structure on your file system where you will store, install, and start CQ5 (e.g. C:/day/cq5/author). WARNING
MS Windows users, please do not use spaces in your newly created folder structure (e.g. C:/this is bad/cq5/author). This will cause CQ5 to error.
2. Copy the CQ5 quickstart JAR and license.
properties file from .iUSB'?/distribution/
cq5_wcm into the newly created folder structure.
World Standard Softare to Unify Your Business ww.day.com 7 Copyright 2010, Day Software AG, Switzerland Day Company Confidential RevL.220101005
Preface
5
Formatting Conventions
6
EXERCISE 1 - Install & Start an Author Instance
7
EXERCISE 2 - Edit a Page
13
EXERCISE 3 - Browse Related Application/Server Intenaces 17
EXERCISE 4 - Change Default Passwords 23 EXERCISE 5 - Configure Version Manager OSGi Bundle 33 EXERCISE 6 - Set up Replication Agents for two Publish
Instances
38
EXERCISE 7 - Activate Tree
47
EXERCISE 8 - Add the Dispatcher to the liS WebServer
49
EXERCISE 9 - Add the Dispatcher to the Apache WebServer
52
EXERCISE 10 - Configure the Dispatcher
55
EXERCISE 11 - Optimize Tar PM on Author Instance
69
EXERCISE 12 - Backup Author Instance
71
EXERCISE 13 - Using cURL for Automated Backup
74
EXERCISE 14 - Cluster Two CQ Instances
76
EXERCISE 15 - Create & Download a CQ Package
81
EXERCISE 16 - Automating Package Manager with cURL
86
EXERCISE 17 - Creating Custom Log Files
91
EXERCISE 18 - User Administration and Security
95
EXERCISE 19 - Integrate with LDAP for Users and Groups EXERCISE 20 - Find Slow Responses World Standard Softare to Unify Your Business WW.day.com
111
120
Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005
3
CQ5 installstartup dialog
Continue reading the section Server is started. COlllland Line start :
First of all, you may want to know which parameters are available to the server prior to installation. Therefore, enter following command to investigate a complete list of optional
parameters:
java -jar cq-author-4502.jar -h CQ shows all command line options without starting the server.
You can now install/start CQ5 from the command line while increasing the Java heap size, which will improve performance. Please see image below for an example of the command line.
CQ5 command line start
If using the command line, for a 32bit VM enter:
java -Xmx512M -jar cq5-author-4502.jar
World Standard Softare to Unify Your Business www.day.com 9 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005
In the appearing Login screen, enter the default administrator's credentials (admin/ admin) then click OK.
CQ5 login dialog
The Welcome screen appears, displaying you the different possibilities to continue. For the next exercise, we'll access the Websites console.
CRXDE Ute
Rc.plìt:ation
do-s.day,£om d~ri.'j:ay"com
CQ5 Welcome Screen Start and stop CQ5 using scripts:
World Standard Softare to Unify Your Business www.day.com 11 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005
Goal The following instructions explain how to navigate to and edit a page. This is important because you will use the the Websites Administrator Console to create and publish
content throughout the course. In addition, you should understand the interfaces used by your author community.
To successfully complete and understand these instructions, you will need: · A running CQ5 author instance
What are the available Author consoles ? CQ uses a web-based graphical user interface, so you need a web browser to access CQ. The graphical user interface is divided into various web-based consoles where you can access all of the CQ functionality:
Console
Description
Websites
Access all the pages in your website; create, edit, and delete pages; start a workflow; activate and deactivate pages; restore pages; check external
links; and access your user inbox.
Assets
Manage digital assets.
Manage packages, designs,importers, workflow templates and scripts, repUcatIon agents and upgrades.
US0l Adrr;in,:;tratiort
Manage users and permissions.
and Manage pages that are
Workflow:;
AdrmnÎstration
an easy to use
graphical
in a workflow, create new workflow models using user interface.
Manage your tags and taxonomies.
To Edit a page:
World Standard Softare to Unify Your Business ww.dav.com13 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005
.
After you open the page, you can start to add content. You do this by adding new or editing existing paragraphs (also called components).
To insert a new paragraph, double-click the area labeled Prag cOllponents or assets here... or drag a component from the floating toolbar (called sidekick) to insert a new paragraph.
This area appears wherever new content can be added, such as at the end of the list if other paragraphs exist or at the end of a column.
4. Drag the Text & i mage icon from the sidekick to the center of the dotted rectangle and
drop it in. The green check mark will tell you that the drag-and-drop is allowed.
5. Double-click the thumbnail placeholder for the component to open the dialog box.
'Nrn.~,,,,,,-.,-et:C;'i2L;m, El..,.. ~¡iaLimpolmlilÆ ¡"tci",rtirxìc;!i ær_l~is cmm
A£r.,mPlddn:~I~it "..¡~
~,;)n~,
6. Click the Illage tab to open the Image pane of the dialog box. Drag-and-drop an image from the Content Finder to the dialog box.
World Standard Softare to Unify Your Business www.day.com15 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005
Goal The following instructions explain how to browse the application/server interfaces associated with a CQ5 installation. This will enable you to use their administrative/ configuration capabilities. To successfully complete and understand these instructions, you will need: II A running CQ5 Author instance
What interfaces exist? A typical CQ5 installation consists of a Java servlet engine (CQSE), a Java Content Repository (CRX), and a Launchpad (Felix/Sling) application. They each have their own Web interface allowing you to perform expected administrative/configuration tasks. How to browse the CQSE interface:
1. Enter the URL http://localhost:4502/admin in your favorite Web browser's address bar.
2. Enter the default administrators credentials (admin/admin) in the dialog - then click OK. The CQSE main console appears. http:rllocalhost:45Q2/admìri
CQSE login dialog
World Standard Softare to Unify Your Business ww.day.cQm 17 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005
jcr:created )cr:createdBy
String
)cr:content management
cq:PageContent
bod
cq:Page cq:Page
CRX content explorer viewing node /content/geometrixx/en/company
Cot1gratulatio"s! You have successfully logged into the CRX application and have browsed
a portion of the node (Web site) structure. To be a successful system administrator in CQ5, you need to be able to easily explore/edit nodes and properties at the CRX leveL.
How to browse the Felix interface:
1. Enter the URL http://localhost:4502/system/console in your favorite Web browser's address bar.
2. Enter the default administrators credentials (admin/admin) in the dialog - then click OK. The Apache Felix Web Management Console appears, showing you the Bundles application.
Felix login dialog
3. Follow the link lece"trequests - then click on the Clear link to remove recent requests
from the displayed list.
World Standard Softare to Unify Your Business ww.day.com19 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005
How to use CRXP£ lite:
1. Enter the URL in your favorite Web browser's address bar. Or select the CRXDE Lite console from the Welcome screen.
2. In the upper right corner, click on the drop-down box displaying your user name (admin), then select Login_ Enter the default administrators credentials (admin/admin) in the appearing dialog, while continuing to use the crx.default workspace - then select OK.
This will take you to CRXDE Lite with appropriate privileges and permissions.
3. Navigate to the folder /apps/geometrixxlcomponents to view the custom components created for the Geometrixx Web site/project.
World Standard Softare to Unify Your Business ww.day.com 21 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005
Goal As you may already observed, all interfaces in CQ are sharing the same credentials for
the admin user. The following instructions explain how to change the default passwords of CQ. This is important because it is part of the security checklist that will ensure your
installation cannot be easily infiltrated by hackers. To successfully complete and understand these instructions, you will need: II A running CQ5 Author instance
What to do about security? Most security tasks are handled by a system administrator. It is a good idea for you, the administrator to have a basic understanding of web application security concerns. The
primary security concern you will focus on in this exercise is the simple changing of passwords, so that you may setup a team development environment as soon as the class is over.
When considering a standard CQ installation, there are three password changes and one configuration you need to alter. If you consider a standard installation, and the elements involved, it actually becomes quite clear. Reflect on the image below: COSE
launcl'ad lFelixlSling)
coiifig '\
CRX
"'
World Standard Softare to Unif Your Business ww.day.com 23 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005
Change Password: Old PEi55V)ord:
Nl''-V'1 P assv'Jord:
Confirrn:
~~~~~ '0)
Note: '¡'our brO'i'iSer 'Nii! ask \IOU re'.,wthenticôte after the change.
CQSE change password confirm
Congratulations! You have successfully changed the CQSE default administrative password. Now focus on changing the content repository's (CRX) default administrative password. fo change the content repository! CCRX) default adllinistrative password:
1. Navigate to the content repository (CRX) application.
· e.g. http://ocalhost:4502/crx 2. Follow the Log In link.
World Standard Softare to Unif Your Business ww.day.com 25 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005
Nodi!'-T'Tpe ¿.\dvnFï~:;_tr-,_'Stnn
CRX user administration
5. Navigate to and select the admin user.
ad~n anbíSvmou$ aparker¡geometrixx. cClm
author
CRX admin user
6. Click the link Change Password.
World Standard Softare to Unify Your Business ww.day.com 27 Copyright 2010, Day Software AG, Switzerland Day Company Confidential RevL.220101005
-1. Navigate to the Launchpad (Felix/Sling) application.
· e.g. http://local 2. Enter the default administrator credentials - then select OK.
Ausername and password are being requested bV http://localhost:4502. The site ri1anagelYient Console"
User Name:
Password:
Launchpad login dialog
3. Select Configuration.
Console
Launchpad configuration
4. From the Configurations drop-down box, select the entry named Apache Felix OSc-i
Managellent Console - then cl ick the button Configure. 5. In the field labeled Password, enter the new password (training_osg¡) - then click Save.
World Standard Softare to Unify Your Business WW.day.cpm 29 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005
1. Select CRX Sling Client Repository (second entry, with the long ID) from Configuration
in the Launchpad application - then click Configure.
2. Enter the new password in the field labeled Adllin Password (training_crx) - then click the Save button.
acc€sses JNDI UR:.
J\lDI
I\ame
Na:-ne of the
to access,
DëatJ':
Us€rld
Password Admin
Userld Admin
Password
Sling client repository admin password 3. Validate changes have persisted properly by requesting the CQ application and login.
· Access CQ via http://localhost:4502/ · Username = admin · Password = training_crx
NOTE It may take a minute or two for the changes to the CRX Sling Client Repository configuration to populate thoroughly.
World Standard Softare to Unify Your Business ww.day.com 31 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005
Goal aSCi is a fundamental element in the technology stack of CQ5. It is used to control the composite bundles of CQ and their configuration.
aSCi provides the standardized primitives that allow applications to be constructed from small, reusable and collaborative components. These
components can be composed into an application and deployed.
This allows easy management of bundles as they can be stopped, installed, started individually. The interdependencies are handled automatically. Each
aSCi Component (see the aSCi Specification) is contained in one of the various bundles.
The following instructions explain how to manage aSCi configuration settings. To successfully complete and understand these instructions, you will need: · A running CQS author instance
By default, versions are never purged from the repository.
How are Versions Purged? To control if, and how, versions are managed in your system: 1. Select CRXP£ Lite from the Welcome Screen.
World Standard Softare to Unify Your Business ww_dav_com 33 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005
ti 5. Fill in the dialog box: .. Name: conftg Ii Type: slíng:Folder
Pleas ~rite~ rtooe flame an; sei;
Name:. ~
l'f:
~;ø
.
OJ(
Create Node dialog
6. Right-click the config node you just created. 7. Choose Create --) Create Node
8. Fill in the dialog box: .. Name: com.day.cq.wcm.core.impI.VersionManagerlmpl · Value: sling:OsgiConftg
Now you must add properties to the com.day.cq.wcm.core.impI.VersionManagerlmpl node. You add properties by
filling in the input boxes at the bottom of the properties pane. 9. Set the following three properties on the com.day .cq .wcm .core. impl. VersionManagerl mpl node: · Nal1e: versionmanager.purgingEnabled
· fype: Boolean .. Value: checked (true)
World Standard Softare to Unify Your Business ww.day.com 35 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005
Mixir,
Deelop Re$Øtc
Stppo
I?roe-rteo
T""
Vall.e
fal5e fa&! 1a~52 fi&1
'~,maroge.miloc Smng
veoom.a~;i:.rçP¡l-~5::ingU
~n
"mt Ma'lil r'1ultì-ie Auto Oæte
,:conlcri,Ieti:
ir.
fil~
raise- fiJ~ fitio ril\s
Configured Version Manager
Congratulations! You have successfully configured an aSCi bundle! Now go back to the CQ5 Author interface and use the sidekick to create more than 5 versions
of any page. Notice what happens to the list of versions once you have more than 5 versions.
World Standard Softare to Unify Your Business ww.day.com 37 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.2 20101005
-
· Return user input (for example, form input from the publish environment to the author environment (under control of the author environment).
Replication, to a publish instance takes place in several steps: · The author requests that certain content be published (activated) This can be initiated by
a manual request, or by automatic triggers which have
been preconfigured.
· The request is passed to the appropriate default replication agent An environment can have several default agents which will always be selected
for such actions.
· The replication agent "packages" the content and places it in the replication queue. · The colored status indicator is set for the individual pages in the SiteAdmin console (Websites tab)
· The content is lifted from the queue and transported to the publish environment using the configured protocol Normally, the configured protocol is HlTP.
· A servlet in the publish environment receives the request and publishes the received content.
How do I access and configure Replication Agents? 1. Access the Tools tab in CQ5.
2. Click Replication (left pane to open the folder).
3. Double-click Agents on author (either the left or the right pane). 4. Click the appropriate agent name (which is a link) to show detailed
information on that agent. 5. Click Edit to open the configuration dialog:
World Standard Softare to Unify Your Business www.day.com 39 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005
· Use for Reverse Replicatio.-: Indicates whether this agent will be used for reverse replication; returns user input from the publish to author environment
6. Choose the rransport Tab
7. Make sure that the server and port specified in the URI are correct for the first Publish instance.
8. Verify that the specified User and Password are correct to access the first Publish instance. 9. Click OK to save the settings.
Transport Tab Configuration Parameters: · URI: This specifies the receiving servlet at the target location In particular, you can specify the host
name (or alias) and context path to the target instance here.
For example: · A Default Agent may replicate to http://localhost:4505/bin/receive?
s I ì ng :auth Req uestlog i n = i · A Dispatcher Flush agent may replicate to http://localhost:8000l
dispatcher /inval ¡date.cache The protocol specified here (HTIP or HTIPS) will determine the transport
method.
World Standard Softare to Unify Your Business www.day.com 41 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005
15. Select the Transport Tab and set the URI to the correct values for the second
Publish instance. Also make sure that the User and Password are correct for the second Publish instance. 16. Click OK to save the settings.
Proxy Tab Configuration Parameters:
The following settings are only needed if a proxy is configured in the network. · Proxy Host: Hostname of the proxy used for transport.
· Proxy Port: Port of the proxy. · Proxy User: User name of the account to be used. · Proxy Password: Password of the account to be used.
· Proxy NfLM l1olMah,: The proxy NTLM domain.
· Proxy NfLM Host: The proxy NTLM host.
Extended Tab Configuration Parameters:
Interface Socket interface to bind to: · Hrrp Method: HTIP method to use. · Hrrp Headers: These are used for Dispatcher Flush agents and specify elements that must be flushed.
factionl indicates a replication action; fpathl indicates a path. · ConnectTllMeout: Timeout (in milliseconds) to be applied when trying to establish a
connection. · Socket TllMeout: Timeout (in milliseconds) to be applied when waiting for traffc after a connection has been established. · Protocol Version: Version of the protocol; for example "1.0" for HTIP /1.0.
Triggers Tab Configuration Parameters: These settings are used to define triggers for automated replication:
World Standard Softare to Unify Your Business ww.day.com 43 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005
-
fo 1l0nitor a replicatio~ agent:
1. Access the fools tab in CQ.
2. Select ~eplication folder in the left pane to expand.
3. Double-click the link to agents for the appropriate environment (either the left or the right pane); for example, Agents on author. The resulting window shows an overview of all your replication agents for the author environment, including
their target and status:
;;lI
4. Click the appropriate agent name (which is a link) to show detailed information on that agent:
World Standard Softare to Unify Your Business www.day.com 45 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.2 20101005
Goal From the Websites tab you can activate the individual pages. When you have entered, or updated, a considerable number of content pages - all of which are resident under the same root page - it can be easier to activate the entire tree in one action. You can also perform a Dry Run to emulate an activation and
highlight which pages would be activated. The following instructions explain how to browse the application/server interfaces associated with a CQ5 installation. This will enable you to use their
administrative/ configuration capabilities. To successfully complete and understand these instructions, you will need: · A running CQ5 Author instance
To activate a cOllplete tree of your website:
1. Access the Tools tab in CQ.
2. Click on Replication - the folder will expand. 3. Then double-click on Activate Tree.
4. A dialog screen, similar to that below, will open.
5. Enter /content/geometrixx/en/company (or something similar) into the Start
Path. The Start Path specifies the path to the root of the section you want to activate (publish). This page, and all pages underneath, will be considered for
activation (or used in the emulation if a Dry Run is selected).
World Standard Softare to Unify Your Business ww.day.com 47 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.2 20101005
Goal The Dispatcher is Day's caching and/or load balancing tool. Using the Dispatcher also helps protect your application server from attack. Therefore, you can increase protection of your CQ instance by using the Dispatcher in
conjunction with an industry-strength web server. The process for deploying the Dispatcher is independent of the web server and as platform chosen: II Install the supported web server of your choice according to their own
documentation. II Install the Dispatcher module appropriate to the chosen web server and
configure the web server accordingly. II Configure the Dispatcher. II Integrate with CQ to update the cache when the content in CQ changes. In this exercise we will install the Dispatcher into an 115 web server.
To successfully complete and understand these instructions, you will need: II A running CQ5 Author instance II A running CQ5 Publish instance
How does the Dispatcher plug into LIS? 1. Unzip the latest Dispatcher build, appropriate for your operating system, to a
temporary directory. The Dispatcher files are located on the memory stick under /distribution/dispatcher. 2. Add the Dispatcher to the list of available ISAPI filters (by adding the DLL to
the liS) use the following steps: · Extract dispJis.dll into the executable directory of the selected website under 115. Le. -(IISJNSTALLDIR;; /scripts
World Standard Softare to Unify Your Business www.day.com 49 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005
4. To ensure access you have to:
· Inside the Internet Service Manager, right click the root node of the appropriate website, then open its Properties dialog.
· Select the Directory Security tab. · Activate Anonymous access.
· To activate the changes you have to restart liS. Either from the liS control window or from a command window:
· net stop w3svc - will stop the liS web publishing service
· net start w3svc - will start it again NOTE Before you can start using the Dispatcher, you must configure the Dispatcher.
Congratulations! You have successfully integrated the Dispatcher with the liS web
server.
World Standard Softare to Unify Your Business ww.day.com 51 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005
-
· LoadModule to load the module 011 start up. · Dispatcher-specific configuration entries, including DispatcherConfig,DispatcherLog and DispatcherLogLevel.
· SetHandler to activate the Dispatcher. LoadModule.
4. Register the Dispatcher module by adapting Apache's configuration file (apache_hotMe)/conf/htlpd.conf. The Dispatcher-specific configuration entries are
placed after the LoadModule entry. 5. Add the following text to the htlpd.conf file at the end of the Load Module section: # LoadModule foo_module libexec/mod_foo.so # Add to the end of the LoadModule section LoadModule dispatcher_module modules/disp_apache2.2.dll
# # configure the minimal setting for the dispatcher
# the main configuration is read from the 'DispatcherConf ig' file. #
~IfModule disp_apache2 .c~ # location of the configuration file. eg: 'conf / dispatcher. any' DispatcherConfig conf/dispatcher. any
# location of the dispatcher log file. eg: 'logs / dispatcher. log' DispatcherLog logs/dispatcher. log
# log level for the dispatcher log # 0 Errors # i Warnings # 2 Infos # 3 Debug DispatcherLogLevel 3
# Def ines the Server Header to be used: # undefined or 0 - the HTTP server header contains the CQ version. # if turned to i, Apache server header is used DispatcherNoServerHeader 0
# if turned to i, request to / are not handled by the dispatcher # use the mod alias then for the correct mapping DispatcherDeclineRoot 0 # Defines whether to use pre-processed URLs: # 0 - use the original URL passed to the web server. # i - the dispatcher uses the URL already processed by the handlers # that precede the dispatcher # (i.e. mod_rewrite) instead of the original URL passed to the web
server.
World Standard Softare to Unify Your Business ww.day.com 53 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005
Goal Now that we have integrated the CQ5 Dispatcher with the web server, we must
configure the Dispatcher so that it can find its associated Publish instances, knows which pages to cache and where to cache them. In this exercise we will configure the Dispatcher with appropriate settings to
cache pages as desired, and define a Dispatcher Flush agent to invalidate the cache in response to content update. To successfully complete and understand these instructions, you will need: · A running CQS Author instance · A running CQS Publish instance
Configuring the dispatcher .any file By default the Dispatcher configuration is stored in dispatcher.any, though you
can change the name and location of this file during installation. The dispatcher.any file is independent of web server and operating system, so the
following instructions are appropriate to both liS and Apache. The only difference between the two configurations is the usage of the property / homepage, which is used only by liS. fo configure the Pispatcher:
1. Open the dispatcher.any file with the text editor of your choice.
2. Make sure the /farms section matches your infrastructure. The /farms section defines a list of farms or websites. Each /farms section defines: · A set of load-balanced renderers. · The IP addresses and ports of the publish instances to serve and cache content from.
· Further characteristics including where to cache files, what to cache. For each farm you can specify separate caching and rendering parameters,
some of which have sub-parameters:
World Standard Softare to Unif Your Business ww.day.cgm 55 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005
II 3. Verify the list of client headers in the dientheaders section.
# each farm configures a set off (loadbalanced) renders
/farms t # first farm entry (label is not important, just for you
convenience)
/website t # client headers which should be passed through to the render
instances
/clientheaders t
"referer"
"user-agent" "authorization" "from"
"content-type" "content-length" "accept-charset"
"accept-encoding" "accept-language" "accept" "host" "if-match" "if-none-match" " if-range" "if-unmodif ied-since" "max-forwards"
"proxy-authorization" "proxy-connection" "range" "cookie"
"cq-action" "cq-handle" "handle" "action"
"cqstats" ~
4. (lIS-only!) Adapt the homepage property. /farms t
World Standard Softare to Unify Your Business ww.day.com 57 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005
-
dispatcher configuration). You can define several renders within a farm for load balancing. /farms t # first farm entry (label is not important, just for you
convenience)
/website t # the load will be balanced among these render instances
/renders t
/publish1 t # hostname or IP of the render
/hostname "127.0.0.1" # port of the render /port "4503" L
/publish2 t # hostname or IP of the render
/hostname "127.0.0.1" # port of the render
/ port "4504" l l
Using filters, you can specify which requests are accepted by the Dispatcher
module. All other requests are sent back to the server, where they are offered to the other modules that run on the web server. 7. Adapt the filter properties to allow or deny access to certain paths.
NOTE
Day Software best practices suggest that you deny access to Ilibs, letc, Icrx, ladmin, Ivar, I tmp, Ihome, lapps and any other URis that should not be accessible from outside. Please see the Security Checklist for further considerations when restricting access using the Dispatcher.
/farms t
/website t
World Standard Softare to Unify Your Business www.day.com 59 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.2 20101005
/docroot: This link points to the document root of the web server.
/statfile and /statfileslevel define which parts of the website tree are invalidated when pages are activated.
/allowAuthorized: Specifies whether requests (pages) that carry an
authentication header are cached. /rules: List of cachable documents determines which documents are cached /invalidate: Defines a list of all documents that are automatically rendered invalid after a content update.
The docroot link points to the document root of the web server. This is where the Dispatcher stores the cached documents, and this is where the web server
looks for them. If you use multiple render farms, you have to define a different document root on the web server for each farm, and specify the corresponding
link here. 8. Define the location of the web server cache to the Dispatcher.
/farms t
/website t
/cache t # the cacheroot must be equal to the document root of the webserver
# /docroot "C:/lnetpub/wwroot" /docroot "":Apache_document_root:;"
9. Configuration of the Dispatcher is not yet complete, but at this point we can test the configuration of the Dispatcher with the web server. Save your changes to the dispatcher.any file.
10. Restart the web server 11. Access the Geometrixx website using the following URLs:
Author instance: http://localhost:4502/content/geometrixx.html Publish instance: http://localhost:4503/contentlgeometrixx.html
World Standard Softare to Unify Your Business www.day.com 61 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005
-
necessary rights. However, in some setups it can be permissible to cache
authenticated documents.
14. Set the /allowAuthorized property. Icache t /docroot "C:/apache/htdocs" /statfileslevel "2"
/allowAuthorized "0"
The ¡rules property defines which documents are cached, though the Dispatcher never caches a document in the following circumstances: · If the HTIP method is not GET.
Other common methods are POST for form data and HEAD for the HTIP header.
· If the request URI contains a question mark ("7"). This usually indicates a dynamic page, such as a search result that does not need to be cached.
. The file extension is missing.
The web server needs the extension to determine the document type (the MIMEtype).
· The authentication header is set (this can be configured) If you do not have dynamic pages (beyond those already excluded by the above rules), you can let the Dispatcher cache everything.
15. Define the list of cachable documents: /cache t /docroot "C: lapache/htdocs"
/statfileslevel "2"
/ allowAuthorized "0"
/rules t
/0000 t
/glob "*" /type "allow" ¡
10001 t i glob "i en/news I *"
/type "deny"
World Standard Softare to Unify Your Business ww.dav_com 63 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005
-
10003
t
I glob "*. pdf" Itype "allow" ~ ~
i 7. Save dispatcher.any changes.
Configuring the Dispatcher Flush Agent In cases where there are multiple Publish instances, the dispatcher flush is controlled by a replication agent operating on the publish instance. However, the configuration is made on the authoring environment and then transferred by activating the agent: i. Open the CQ Tools console. 2. Open the required replication agent; for example the Uispatcher Flush agent under Agel'ls on Publish that is included in a standard installation.
3. In the Settings tab ensure that Enabled is active.
World Standard Softare to Unify Your Business ww.day.com 65 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005
-
5. Open the friggers tab. Make sure only the On Modification parameter is checked.
World Standard Softare to Unify Your Business ww.day.com 67 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005
Goal As data is never overwritten in a tar file, the disk usage increases even when only updating existing data. When optimizing, the Tar Persistence Manager copies data that is still used from old tar files into new tar files and deletes the old tar fi les that contain only old or redundant data.
This exercise will show you multiple ways to optimize the Tar PM. To successfully complete and understand these instructions, you will need: · A running CQS Author instance
Manually optimizing tar files using CRX Console To optilliie tar files using the CRX console:
1. In the CRX Console, log in as administrator. 2. Click Repository Configuration.
3. Se lect Tar Persistence Manager Optilliiation and ci ick Start Optilliiation,
U",r,¡":¡ü, .ï,~~i;.~¡.h ;i4ÜI'.;j.i)(l(~.~ (i"~.,*~L,:':øH: l TIJ$'- ll1" HJ1~im,i:',,~lflrH1
Since our repository has only i tar file (we haven't made enough changes to the repository), the optimization will have no effect.
World Standard Softare to Unify Your Business ww.day.com 69 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005
It Goal Online repository backup lets you create, download and remove backup files. It is a "hot" or "online" backup feature and therefore can be executed while the repository is being used normally in the read-write mode. Backup files are saved in the ZI P compression
format.
In this exercise, you will create a "hot" backup of your Author repository. To successfully complete and understand these instructions, you will need: II A running CQ5 Author instance
Creating an online backup This backup method creates a backup of the entire repository, including CQ5 or other applications deployed into it. This method lets you create and later restore the entire
repository and applications running on it, including content, version history, configuration, software, hotfixes, custom applications, log files, search indexes, and so on.
This method works as a hot or online backup, so you can perform this backup while the
repository is running. The repository is usable while the backup is running, however performance of the repository will decrease. This method works for the default, TarPMbased CRX instances.
Backup files are saved in the Zi P compression format. By default, they are saved in the
parent folder of the folder where the quickstart .jar is running. You can change the location where CRX saves backup files. fo create a backup:
3. Go to the following URL: http://localhost:4502/crx.This will take you to the CRX Main Console. 4. Log in as the administrator. 5. Click Repository Configuration
World Standard Softare to Unify Your Business ww.day.com 71 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005
The online documentation provides deeper information regarding this crucial topic, including different scenarios like backing up an clustered node, etc. Check it out under http://dev.day.com/content/docs/en/crx/2-0/administering/backup_and_restore.html. Congratulations! You have successfully created a full backup of your Author repository without taking the instance down.
World Standard Softare to Unify Your Business ww.dav.com 73 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005
The restore procedure is identical to the one described in previous exercise. COl1gratulatiotls! You have successfully created an automated backup script.
World Standard Softare to Unify Your Business www.dav.com 75 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005
-
The first thing we need to do is decide on the central, network-accessible location where we will put the shared journal. In general you would have the shared path pointing to a mounted networks drive (via NFSjSAN), but for our purposes, any central location will do. For example, we can choose C\cq
\shared. 1. Make sure that the node that will become the llaster, the node running on port 4502 is not running.
2. Navigate to -clnstaIlDir::jrepository. Copy the shared folder and paste it into
C\cq.
3. We will tell the llaster node where to find its shared journal. Navigate to
-clnstaIlDir::jrepository. 4. Open repository.xlll with a text editor. 5. Find the Cluster elelle"t and make the following changes:
.iCluster'? .iJournal class="com. day. crx. core. journal. FileJournal ",?
"param name="sharedPath" value="C:/cq/shared" I'? "param name=lmaximumSize" value="104857600" I'?
World Standard Softare to Unify Your Business ww.dav.com 77 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005
5. Notice that this instance believes that it is the master of its own cluster. Notice the shared path points to its own repository.
User-m: admin I Workspace: uK.default I ,Ul.f.-LH!,I! I ;~i~~'.i.t;.b...W.QJ.-.k:,p'.g.i;.t;, I !n:,p'.tx.~.!u;.ell, ?oiiJ:!t.et"~
ldi:,itit'i
df9bZ55a~'~~..()5.4 b d9- 3ó :;f"-f,:~62 ~.",6,jl.",,8
os
'of,rido,/,:$ ;..p 5,1
Host
IOCêllhost:45G..
P,:opositorv Horne
c: \cq\'-J uthür2\cn;. QUI..:.,:t.: ,i\xe p ositor\(
Sh¿,red path
C: \cq\a uth;)t:'\crx -QIJickstartVe p o,,;;oi-y \,,,Íl ared
No siai/es conri-:çted
Shared p.,rth
6. Enter the shared path of our new cluster into the shared path input field.
UserID: admìn I Work~pace: cF"lo.default I Log Out I Switch Wo!"kspar:e I Imof.t'!woate
Naster" Ide¡¡tit1'
df9b255 a - 9':05-4 b d9- 665e-636B5e tid leeS
os
',ALir:do\~!s ;~:p 5.1
Host
loc,:ilhost:4504
Repositor~f Horn!?
C :\cq\author2\crx -qui ck ;;taii:\repos ¡tory
shared path
C :\cq\a uthor2\crx .qui CK $td~"t\repo$¡t:rV\$hared
No ,¡¿:iiies connected (;b,.t~~~-
Shaled inith
!c/cq/shared
7. CI ick Join.
The join will take a few minutes as the Slave repository is being rewritten with the information from the Shared Journal.
World Standard Softare to Unify Your Business ww.day.com 79 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.2 20101005
. Goal The following instructions explain how to create a CQ package that will combine all elements of the Training project, minus all jpegs. This is a good example of packaging application content, which you could then distribute to team members for review. To successfully complete and understand these instructions, you will need:
· A running CQ5 Author instance · A completed Training project with appropriate extents
ions
Why do I need CQ packages? Packages can include content and project-related data. A package is a zip fi Ie that contains the content in the form of a file-system serialization (called "vault" serialization) that represents the content from the repository as an easyto-use-and-edit representation of fi les and folders.
Additionally, it contains vault meta information, including a filter definition, and import configuration information. Additional content properties can be included
in the package, such as a description, a visual image, or an icon. These properties are for the content package consumer for informational purposes only.
You can perform the following actions with packages: · Create new packages · Modify existing packages
· Build packages
· Upload packages
· Install packages · Download packages from the package share library · Download packages from CQ to a local machine · Apply package filters
· View package information
fo create, build, and download a CQ package, in the -fools- section of CQ5:
World Standard Softare to Unify Your Business ww_dav_com 81 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.2 20101005
-
5. Enter the package "Group Name" (training) and "Package Name" (trainingproject).
traíníng
traínlng-proJ8ct
CQ new package dialog 6. Select the training-project package.
7. Add the Component Filter Definition to the paragraph system Component then open (e.g. double-click).
Page view of component addition
8. Enter the "Root Path" (lapps/training) and a "Rule" that excludes all jpegs
(Exclude =:: .+\.jpg) - then select OK.
World Standard Softare to Unify Your Business www.day.com 83 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005
JSP
.l /apps./training/'components/con tent, logo,/design_dialog, xml A /apps/training/'component.s/content complex
A /apps/ti-airiing/componen ts/content coilLplex./, content. Eml .l /apps/tra.ining,/components/content /comple:.:/complex, JSP A /apps/training/'components/content,/comple::.::/dialog, XJnl .l /apps,..ti-aining/components/content./complex/design_dialog, xml .l /apps/training/components/content/cOJlLplex/_c~edi tConf ig. xrri! A /apps/training/components/con ten t/search .l /apps/training/components/content/search/, content. xml .l ,/apps/training/components/content/search/seai'ch. JSP
A /apps/training/src A ./apps/training/install A /apps/ training/docroot
.À /apps/training/training-widgets J s
.À /apps/training/training-widgets J S/. coritent XII!
.À /apps/training/training-widgets j s/f iles .À /apps/training/training-widgets J s/f i les/. content xml
.À /apps/trainiug/training-widgets J s/f iles/training, JS .À /apps/training/global .À /apps/training/global/ini t jsp
.À METÀ-INF/vaul t/det ini t ion/. content xml Package created in 782ms.
Package build output
Package build information
10. Download the package by entering the URL of the package's ZiP in your Web browser's address bar.
· e.g. http://localhost:4502 /etc/packages/training/training-project.zip Congratulations! You have successfully created a package, added a rule to the
filter definition, built the package, and have downloaded the package, which you can now share with your CQ development team.
World Standard Softare to Unify Your Business WW.day.com Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005
85
-
~response/ ~data/
I Arguments I Comment I
+ -- - - - - - - - - - -+ - - - - - - - - - - -- - - - - - - - - -- - - - - - - - - - - - - - -- - - --+
+- -- - - - - - - - - -+- - - - - - - - - - - - - - - - - - - - - - - - -- - -- - - - -- - - - - - --+
I cmd=help I print this help I
+-- - - - --- - - - -+- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -- - - -- - - - - --+
I cmd=ls I print a list of all packages I
+-- - - - - - - - - - -+- -- - - - - - - -- - - - - - - - - - --- - - - - -- - - - - - --- - -- - +
cmd=rm I remove a package
name I package name I (group) I group name (optional) I
+- - - - - -- - -- - -+- - - - --- - - - - - -- - - - - - - - - - - - - - - - -- - - -- - - -- --+ cmd=build I build a package
name I package name I (group) I group name (optional) I +- - - -- - - - - - - -+- - -- - - - -- - -- - - -- - - - - -- - ---- -- - - - - - - -- - ---+ I cmd=ins I installs a package I name I package name I (group) I group name (optional) I
+-- - - - - - - -- - -+- -- - -- - - - - - - -- - -- - - - - - - - - - - - - -- - -- - - - -- --+ cmd=unins I uninstalls a package
name I package name I (group) I group name (optional) I + --- --- - - - - --+- - -- - - - ----- - - - - - - - - -- - - - -- ---- - - -- -- - - --+ I GET I downloads a package. I I ( content-disposition header contains
I I the correct filename) I (cmd=get) I optional
I name I package name
I (group) I group name (optional) I I POST I upload a new package
+ -- - --- - - - - - -+- - - - -- - -- -- - - - - - - - - - - -- - - - - - - -- - - - - - - -- --+
I file I pacakge to upload I (name) I optional name
I (install) I automatically install package if 'true' I
+--- - -- -- - - - -+- - --- - - -- - -- - --- - - ---- - - --- - -- - - - -- -- -- --+
~/data/ ~status code="200"/ok~/status/ ~/response/ ~/crx/ 2. List
the packages currently available on this CQ instance:
curl -u admin:admin http:/ jlocalhost:4502/crx/packmgr/service.jsp?cmd=ls You should get a response similar to the following:
~crx version="2. 0" user="admin" workspace="crx.default"/ ~request/ ~param name="cmd" value="ls" //
World Standard Softare to Unify Your Business www.day.com 87 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005
-
~/data? ~status code=" 200"?ok~/status?
~/response? ~/crx? 4. Install a package. Enter the following command to install the package you just
uploaded.
curl -u admin:admin -F name=training_import http://localhost:4502/crx/packmgr/ service.jsp?cmd= inst You should get a response similar to the following:
~crx version="2. 0" user="admin" workspace="crx.default"? ~request? ~param name=" cmd" value=" inst" /? ~param name=" inst" value="training import. zip" /?
~param name="name" value="training import. zip" /?
~/request?
~response? ~data? ~log? Installing content... 1-- Collecting import information... 1-- Installing node types...
1-- - nt -? http://www . j cp. org/j cr /nt/1. 0 1-- - jcr -? http://www.jcp.org/jcr/1.0 1-- - sling -? http://sling.apache.org/jcr/sling/1.0
1-- A / content/dam/photos/ img4. jpg /j er: content/renditions/ cq5dam. thumnail. 48.48 .png
1-- A / content/dam/photos/img4. jpg /j er: content/renditions/ cq5dam. thumbnail .140 .100. png / j cr: content
1-- A / content/dam/photos/img4. jpg /j er: content/renditions/ cq5dam. thumnail. 48.48. png / j cr: content 1-- A /eontent/dam/photos/img4. jpg/jer: content/renditions/original 1-- A /content/dam/photos/img4. jpg/jer: content/renditions/original/
j cr: content
1-- saving approx 42 nodes.... 1-- Package imported. Package installed in 294ms.
~/log? ~/data?
~status code="200"?ok~/status?
~/response? ~/crx?
World Standard Softare to Unify Your Business www.day.com 89 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.2 20101005
Goal Various CQS log files provide detailed information about the current system
state. In addition to the default system log files you can also create and customize your own log files. They can help you better track messaged produced by your own applications and to separate them from the default log
entries.
In this example, we will generate a new log file and monitor only messages produced by a specific set of CQS modules. To successfully complete and
understand these instructions, you will need: . A running CQS Author instance
fo create a custOll log file with a specified log level:
1. Open CRXDE Lite so that you can define a new configuration for the custom log file. You can also use CRXDE or CRX Content Explorer to achieve the same
results. Create the Loggit'g Logger
2. If it doesn't already exist, create a new folder named "config" in /apps/ geometrixx. Right-click on the geometrixx folder. Select New... Folder.
3. Under /apps/geometrixx/config, create a node for the new Apache Sling Logging Logger Configuration. Right-click on the new config node and Select New... Node.
.
Nal1e:
.
fype:
org .apache.sl ing .commons.log. LogManager. factory .config- TRAINING
sling:OsgiConfig
World Standard Softare to Unify Your Business www.dav.com 91 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005
l'iri:i." ,mom. liioÚ'
orQ,apoche,sliii
IX_
org,apacne,felix
Do Up Do
com,
da
Cm Pr~~_"
:N"
~""g.~,'¡if.q.m~.Io.tic
S ¡¡'i,~,~,~.ç¡~.~.~1 5 Qi\l.~'i,'S~.~~.ln,rima St'iIiJ "",,¡~,¡l;QI~~-re,,,wr,Oo fals faIr; trY\
;: Ctg.~,~ir.i.m~.Ic,pMt,. St¡,~ (O,J:¥.;JMM,yvn f¡¡1:='r'ns,S5:;~ "(01)' ;(2 t/lls( fßI~ ~abi
Create the Logging Writer
A logging writer is only necessary when a configuration that is different to the default. The default writer will select a default size of 10MB and 5 as the default number of files. 5. Under /apps/geometrixx/config, create a node for the new Apache Sling Logging Writer Configuration. Right-click on the config node. Select New... Node.
. .
Name:
org .apache.sl i ng .commons .Iog .LogManager. factory. writer- TRAIN ING
fype:
sling:OsgiConfig
6. Set the following properties on the new org .apache. sling .commons.log .LogManager. factory .writer-trai ning node:
. .
fype:
.
Value:
../Iogs/training.log
Name:
org .apache.sl i ng .commons.log. fi Ie .size
. . .
Name:
fype: Value:
org .apache.sl i ng .commons .Iog. fi Ie
String
String 1mb
· Name: org.apache.sling.commons.log.file.number
World Standard Softare to Unify Your Business ww.dav_com 93 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.2 20101005
Goal This exercise describes how to configure and manage user authentication and authorization within the CQ5 scope. To successfully complete and understand these instructions, you will need:
II A running CQ5 author instance
Users and Groups Users
Users: A user models either a human user or an external system connected to the system.
The user account holds the details needed for accessing CQ. A key purpose of an account is to provide the information for the authentication and login processes -
allowing a user to log in. Each user account is unique and holds the basic account details, together with the privileges assigned. Users are often members of Groups, which simplify the allocation of these permissions and/or privileges. G-roups: Groups are collections of users and/or other groups; these are all called Members
of a group. Their primary purpose is to simplify the maintenance process by reducing the number of entities to be updated, as a change made to a group is applied to all members of the group. Both users and groups can be configured using the Security Console. You can manage all users, groups, and associated permissions using the Security Console. All the procedures described in this section are performed in this window.
World Standard Softare to Unify Your Business ww_dav_com 95 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.2 20101005
Hide
L. m
r~1'
admit'
admir
admil'Îstrators
adiriristratol$
a rlOnvrrOl.$
arorvrrOt:$
Edit y
v PUD.
f"lcxì,
l Sort
So m
A!ìsor Parker
author
aLtbo,
oortribl.tor
ContribLtors
~'Crjl
e,,'C!Ì''C~
l'11'e
Jo1'l' l:
First, we will create 2 user accounts. After that, we create a group and assign some project specific restrictions to it. Finally, we add the new users to this group.
Creating Users and Groups To create a new user:
1. In the Security window tree list, click Edit) Create) Create User.
Create U;r a
administratois
adrri 11 istrawr:;
anonymous
arlOnyil)
Create Activate
Deactivate Alisol1 Parkr 31.trlor
aiArlor
2. The Create User dialog box appears. Enter the required details and click Create:
World Standard Softare to Unify Your Business ww.day.com 97 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005
7. ci ick the Page Perllissions tab. You wi" notice that John has no access to any part of
the website. The default permissions policy in CQ5 is "deny all". In CQ5, permissions grant or deny access to content objects. Privileges are used to assign access to the functionality within the application.
8. Click the Replication Privilege tab. You will note the same. John has no rights to
replicate/activate pages. 9. Click the Privileges tab. You will note that he does not have privileges to modify the
hierarchy. 10. No users are specified as potential impersonators of John.
a aparkerljgeometrixx,com Alison Parker
S ~uthor author is contributor Contributors
~'...v,)var ijo".''-Jetc ';;::::icontent G)',',~:CamDaigns
is everyone everyone
a ¡brown John Brow a ¡doe(ggeometrixx,com John Doe S jsmith Jane
'Ð:'JEnglish (t _::Fran~ais
Smith
m tag-admnistrators tag-administrators in user-administrators user-administrators æ workflow-editors workflow-editors tß workflow-users workflow-users
0J-',:::'Italiari
:ZyJB:iiti "''' ::i;~!User Generated Content ,.t ,''-'-'-'-:Wiki Content
Qtmp );'':ihome
We want now create a group with some access rights you could use in future projects, then put the created user(s) into this group. The requirement list for this group members
looks like: . Provide access only to the consoles Websites and Iligital Assets. That means, denied access to the other ones (fools, Users, Workfow, fagging).
. Members of this group are allowed to modify content of already existing pages located under Geometrixx ~ English, add new paragraphs and delete them. . Pages located under Geometrixx ~ French (Français) should be accessed in read-only mode.
. Page Geometrixx ~ German (Deutsch) is not accessible at all (not visible) to members
of the group.
World Standard Softare to Unify Your Business www.day.cgm 99 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005
2. Click the Page Pen-Missions tab. The tree map will open.
3. it's a good idea to provide read-access to entire repository. Project-specific restrictions can be easily added at a later time point. Select the node CQ. Per default, users have all access rights denied. To provide read access to the root node (CQ), double-click under
the column Itead and select "allow" from the appearing drop-down box. Since access rights are automatically inherited to child nodes, all members of the legal group have now read access to all nodes in the CRX repository. 4. Click Save.
Manage Access f:ights for different Websites:
5. Navigate in the tree map to the page you want to add permissions. In our case: CO/ content/Geometrixx Demo Site/English. 6. Click the page in the tree. Notice the permissions specified on the right.
7. Double-click under the column Modify and select "allow" from the drop down list.
8. Do the same for the columns Create and Pelete. The red corner indicates that the item listed has not yet been saved. 9. Save.
10. Navigate to CQ/content/Geometrixx Demo Site/Deutsch and select "denyN in the f:ead
column. 11. Save.
Manage Access f:ights for Pesign:
12. Set Modify rights to "denyN on node CQ/etc/Designs to restrict general usage of all designs or select the appropriate design you want to constrain. Make sure, Read access to designs is still granted, otherwise, page content cannot be correctly rendered. 13. Click Save to persists your modifications into the CRX repository.
World Standard Softare to Unify Your Business ww.dav.com101 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005
6. Now let's modify the replication privileges for the French branch. Click Add and select the page CQlcontent/Geometrixx Demo Site/Français. Veny replication privi leges to it. 7. Repeating previous step, Allow replication to CQ/content/Geometrixx Demo Site/
Français/products. 8. Click Save.
m. admin Adminjstratot tp. administrators administrators
a anonymous anonymous ff aparker~geornetrixx,CDm Alison Parker
£. author author at contributor Contributors
ø. everyone everyone
S jbrown John Brown ;S- jdoe(ggeometri::x,com John Doe -S jsmith Jane
Smith
¡n tag-administreitors tag-administrators ~ user-administrators user-administrators ti workflow-editors worklow-editors
fl workflow-users workflow-users
As you can see, you can provide fine-grained replication privileges not only for an entire tree branch, but even on page leveL.
Users without replication privilege granted still have access to the Activate!eactivate
buttons. Clicking on them will not have the desired effect immediately. Instead, a workflow is started which puts the requested action in the inbox of a privileged user requesting him to approve and finish the action. Setting standard privileges:
Standard privileges included in the installation of CQ WCM are for modifying the hierarchy; in other words, creating or deleting pages. The list of privileges available may be extended for your project. 1. Select the Legal group from the list, double-click to open, and click Privileges. 2. The Hierarchy ModHication privileges will be shown. Make sure Veny is selected. 3. If necessarily, click Save. l7eny access rights to consoles:
World Standard Softare to Unif Your Business ww.day.cQm 103 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005
6. Follow the link New ACE. The section Local Access Control Policies changes its appearance.
Sclei-L,
AppHæble Accss Control Po!ís 1;0 ilCditlonal policies to apply I.l Access Control Polics
re,,:write jcr.illl jC. rerr.oveChldNoóes
Effecthie Aa:ssCoiirol Po4icies
7. Click the Srowse button. A new window labeled Principal Srowser appears, displaying all available users and groups. 8. Select the Legal group and click the Select button. The window Principal Srowser
closes and the selected group Legal is shown in the column PrincipaL.
World Standard Softare to Unify Your Business www.dav_com 105 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005
Applicable Accss Control Policies
Lol Access Control Policies
Effectiv Access Control Policies
I1.Click OK to close the Aecess Control Editor.
12.Repeat steps 3 - 10 to modify the access rights to the other console buttons. The console buttons are represented in CRX by following nodes:
Site Admin (Websites) DAM
Admin
lIibs/wcm/core/content/siteadmi n
/Iibs/wcm/core/content/damadmin
Tools
/Iibs/wcm/core/content/misc
Security (Users)
/Iibs/cq/secu rity /content/adm in
Workflow
II ibs/cq/workflow /content/console
Tagging
/Iibs/cq/tagging/content/tagadmi n
Adding a User and a ~roup to a ~roup
World Standard Softare to Unify Your Business www.dav.com107 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005
3. I n the lllpersonate as: box, choose jbrow.,.
The current user is changed to John 8rown.
After you browsed some pages, you can finish impersonation by clicking the im personated user's name and select Revert to self.
Peleting Users or troups To delete a user:
1. In the Security window, select Jane Smith (jsmith). If you want to delete multiple
items, Shift+click or Control+click to select them. 2. Click Edit or right-click the user to bring up the context menu. Select Pelete. CQ WCM asks if you are sure. 3. Click OK to confirm.
World Standard Softare to Unif Your Business www.day.com109 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.2 20101005
Goal You can configure LDAP authentication as a JAAS Uava Authentication and
Authorization Service) module. For this, you need to specify the JAAS configuration file to the virtual machine. This exercise will show you how to integrate with an LDAP server and import users from the LDAP server to the CQ5 instance. To successfully complete and understand these instructions, you will need: II A running CQ5 author instance
II An LDAP server
Setting up a local l,DAP server 1. In the directory distribution/ldap of the training memory stick, you find a zip archive named openldap-2.2.19-ssl-win32.zip. It contains a pre-configured OpenLDAP server already containing a set of test users and groups, ready to be used with CRX.
Extract the zip archive to the C:\ drive. As a result, you'll have the LDAP server
installed in C:\openldap. Open a command shell (Start # Run..., type in cmd, hit enter. In the command shell, change directory to the OpenLDAP folder by
issuing the command cd c:\openldap :
2. Then enter the command slapd -d 1 which starts the LDAP server. The LOAP
server has fully started when you see the following line at the end of the command shell window:
World Standard Softare to Unify Your Business ww.dav.com 111 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005
-
5. The LDAPbrowser is pre-configured with the correct login information to access the local directory server. Select the Quick Connect tab.
Anonymous bínd
User Info ON:
Password:
6. Fill in the host name and the port number.
. .
Host: Port:
localhost 389
7. Click fetch l1Ns button to access the Distinguished Name tree. 8. Click Connect.
9. You will see the defined users and groups that will be imported into CQ5.
World Standard Softare to Unify Your Business ww.day.com 113 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005
-
class="org. apache. jackrabbi t. core. securi ty. simple. SimpleWorkspac eAccessManager" I'?
.iUserManager class="com. day. crx. core. CRxuserManagerlmpl "'? .iparam name="usersPath" value=" /home/users" I'? .iparam name="groupsPath" value=" /home/groups" I;:
.iparam name="defaultDepth" value=" i" I'? .i /UserManager'? ~/Securi tyManager'?
JAAS works on the basis of "LoginModules". In a JAAS configuration file you can define a sequence of login modules.
An incoming request will be accepted by the first defined login module for authentication. If the login module cannot authenticate, the request will be passed on to the next login module in the list of definitions.
In this configuration, the first login module configured is the native CRXLoginModule, which tries to authenticate using CRX's local users:
com.day.crx.core.CRXloginModule suffcient; Only if the user of the request cannot be found among the local CRX users, the request will be handed over to the next login module, which is the LDAP login
module:
World Standard Softare to Unif Your Business ww.day.com 115 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005
-
autocreate. group. cn=" rep: cn" autocreate. group. localadrin=" adrin"
autocreate . group. uniquernember = "uniquernember"
autocreate . group. description = "description" autocreate. path=" splitdn" cache .expiration=" 600"
cache.rnaxsize=" 100" ; J;
NOTE
The IdapJogin.conf configuration information used for this exercise is specific to the LDAP server provided for this exercise. You configuration information will be different and specific to your directory server.
7. Restart CQ5 for the changes to take effect. From the command line start CQ5 with the following option: java - Djava.security.auth.login.config=crx-quickstartl server l etcl Idap_login.conf -jar cq-author-4502Jar
CRX logs a message (default logging config) confirming which authentication configuration will be used: · default Repository Login-configuration · external JAAS login-configuration
*INFO*DefaultSecurityManager: init: use Repository Login-Configuration for
corn. day. crx *INFO*DefaultSecurityManager: init: use JAAS login-configuration for com. day. crx
Importing Users from LDAP to CQ5 The LDAP example configuration file contains 5 groups: Authors, Marketing,
Human Resources, Products and Management. All groups are member of the Authors group. The users themselves are distributed over the department-specific groups;
none of them is explicitly in the Authors group, but implicitly, since their specific groups themselves are members of the Authors group.
World Standard Softare to Unify Your Business ww.day.com 117 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.2 20101005
II 5. Examine the Idap.log and error-log files from CRX to debug for errors. The online documentation provides you comprehensive information regarding LDAP
connectivity to CRX. Check out some of the pages under day.com/content/docsl
urrent/admin ng/ldap....authentication.html . Congratulations! You have successfully integrated CQ5 with an LDAP server and
imported a set of users and groups from that server.
World Standard Softare to Unify Your Business ww.dav.com11 9 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.2 20101005
-
Performance Optimization Methodology A performance optimization methodology for CQ projects can be summed up to five very simple rules that can be followed to avoid performance issues from the get go. These rules, to a large degree, apply to Web projects in general, and are
relevant to project managers and system administrators to ensure that their projects will not face performance challenges when launch time comes.
Planning for Optimization Around 10% of the project effort should be planned for the performance
optimization phase. Of course, the actual performance optimization requirements will depend on the level of complexity of a project and the
experience of the development team. While your project may ultimately not
require all of the allocated time, it is good practice to always plan for performance optimization in that suggested range. Whenever possible, a project should first be soft-launched to a limited audience in order to gather real-life experience and perform further optimizations,
without the additional pressure that follows a full announcement.
Once you are "live", performance optimization is not over. This is the point in time when you experience the "real" load on your system. It is important to plan for additional adjustments after the launch.
Since your system load changes and the performance profiles of your system shifts over time, a performance "tune-up" or "health-check" should be
scheduled at 6-12 months intervals.
Simulate Reality If you go live with a Web site and you find out after the launch that you run into performance issues there is only one reason for that: Your load and
performance tests did not simulate reality close enough.
Simulating reality is diffcult and how much effort you will reasonably want to invest into getting "real" depends on the nature of your project. "Real" means not just "real code" and "real traffc", but also "real content", especially
regarding content size and structure. Keep in mind that your templates may behave completely different depending on the size and structure of the
repository. Establish Solid Goals
World Standard Softare to Unify Your Business ww.day.com121 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005
The above numbers assume the following conditions: .. measured on publish (no authoring environment and/or CFC overhead) .. measured on the server (no network overhead) .. not cached (no CQ-output cache, no Dispatcher cache) .. only for complex items with many dependencies (HTML, JS, PDF, ...)
.. no other load on the system
There are a certain number of issues that frequently contribute to performance issues which mainly revolve around (a) dispatcher caching ineffciency and (b) the use of queries in normal display templates. JVM and as level tuning usually
do not lead to big leaps in performance and should therefore be performed at the very tail end of the optimization cycle.
Your best friends during a usual performance optimization exercise are the request.log, component based timing, and last but not least - a
Java profiler.
How to monitor Page response times: To monitor Page response times: 1. Navigate to and open the file request.log located at -(cq-install-dir:: jcrxquickstartjlogs. 2. Request a Page in author that utillizes your Training Template and
Components. .. e.g. /content/training/en/company
3. Review the response times directly related to the previous step's request. · A Page request of /content/training/en/company
World Standard Softare to Unify Your Business ww.day.com123 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005
fo lfonitor COllponent based tilling: 1. Request a Page in author that utilizes your Training Template and
Components. II e.g. /content/training/en/company
2. View the HTML source of the Page requested in step 1. 3. Navigate to and se lect the "filling chart URL" located in the HTM L sou rce. II You wìl find this URL most likely near the bottom of the HTML source, as it is
generated by the foundation timing Component
~~(!iv claS5="toolbar")-~;sc.ril)t type="te:-tr javascr ipt ,,)co. ùrCM. edit (( "path": "/content/traìning/en/company/ jcr: content/toolbar" r "type -(I sc.ript)-
-(/div:; -(àiv class="disc lairner":;dìsc laimer.(/ (h.".;" -z/div).
HTML source timing chart urI 4. Copy the "Tilfing chart URL" - then paste it in the address bar of your favorite
Web browser.
5. Investigate the visual output to identify any Component that may be causing a slow response time.
World Standard Softare to Unify Your Business www.day.com125 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005
To find long lasting requests/responses:
1. Navigate to the helper tool rlog.jar located in .:cq-install-dir;: /crxquickstart/opt/helpers using your command line.
DOS location of rlogJar
2. Enter the command java -jar rlog.jar in your command line to get help concerning possible arguments.
DOS rlog.jar help
World Standard Softare to Unif Your Business www.dav.com127 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005
2. Select Ctrl-Shift-U to view the timing statistics for that Page. ¿ge lo¿d $~.eic$eic$: I 635 m$ $~¿rt huilding edieing= 676 I 676 m$ Compl ete document lo.ded
I 6SO m5 5~¿rt render ing rollover i I 68i m5 Compl eted render ing rollover
I 687 m5 St.re render ing rollover i --i ---
I I I I
688 692 693 698
m$ Compl eted render m5 St.r~ render ing m5 Compl eted render rn5 St.rt render ing
ing rollover rollover ing rollover rollover i I 699 m5 Completed rendering rollover --- I 737 rn5 St.rt rendering rollover i I 73S m5 Completed rendering rollover
I 743 m$ St.rt render ing rollover o I 743 rns Completed rendering rollover
I 748 ms St.rt render ing rollover i I 749 ms Co~.leted rendering rollover
I 754 m5 St.rt rendering rollover i I 7SS m5 Completed rendering rollover
I 810 m$ St.re rendering rollover o I S10 rns Compl eted render ing rollover
I 821 rns finished huil ding edit ings 3ii I 987 ms 5t.rt render ing s idek iek i47 I ii34 ms - Coi~leted rendering $idekiek
Page timing statistics Congratulations! You have successfully viewed the timing statistics for a Page.
Again, this is to aid you in reviewing the performance of specific Pages, so that you may meet your project's performance goals.
fo investigate a systell where sOlle processes are really sloYl but not blocking:
A simple CPU profiling tool is included with CRX 2.0.x. To start it, open: http://localhost:4502/crx/diagnostic/prof. jsp
1. Set the sample interval and stack depth (or use the default)
2. Click "Start Collecting" and wait to collect data while your slow process executes 3. Click "Stop" to stop data collection
4. Examine the results Additional External fools:
World Standard Softare to Unify Your Business ww.day.com129 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005
Goal If an application opens JCR sessions explicitly, it is the responsibility of the developer to ensure the proper closure of these sessions. If not, such sessions will not be subject of garbage collection and thus will stay in memory, causing above listed symptoms. Each JCR session (CRXSession) creates and maintains its
own set of caches which adds to the overall resource consumption. In this exercise, we will generate stack traces for the CQ5 instance and analyze those traces with session_analyzer.jar. To successfully complete and understand these instructions, you will need: · A running CQ5 Author instance · session_analyzer.jar from the USB stick
Finding Unclosed Sessions
1. Discover the process id for the CQ5 process by issuing the following
command in a command line window: jps-I
2. Run following command to determine the overall number of current CRXSessions held in memory:
jmap -histo .-pid'? I grep CRXSessionlmpl
World Standard Softare to Unify Your Business ww.day.com131 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.2 20101005
-
This will generate a new file output.txt that contains the stack trace of unclosed sessions, sorted by stack trace content. Each stack trace is one line, and 'compressed' a bit (repeated prefixes are removed). The session id is at the end of the line. corn. day. crx. j 2ee. JCRExplorerServlet. login (JCRExplorerServlet. java: 521) ResourceServlet. spoolResource (ResourceServlet. java: 148) java.lang.Thread.run(Thread.java:595): session# 10023
This example means session #10023 was not closed, and the stack trace included the given lines when the session was opened. Based on this output you should be able to find the defect code location and fix the problem. Congratulations! You have successfully found and analyzed unclosed JCR
sessions.
World Standard Softare to Unify Your Business www.dav.com133 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005
CRXDE Lite Console
2. If the /apps/geometrixx/config folder does not exist:
a. Navigate to /apps/geometrixx. b. Right-click on the geometrixx node. c. Select Create and follow the arrow to Create Node.
Ji~..." r~
d. Fill in the dialog box: Name: Type:
config sling:Folder p~ enter !"rx ii~ aM ~ i'1l. i..me:
typ:
CNce
Create Node dialog
World Standard Softare to Unify Your Business ww.day.com135 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005
Goal Sometimes it makes sense to analyze the network traffc between the client (web browser) and the server (CQ5) to detect possible bottlenecks. For this purpose we use a tool provided out-of-the-box by CQ5 : proxy.jar.
This tool redirects all HTIP requests to/from the server. This utility, which logs the complete HTTP conversation, is installed as a proxy between a client and a server.
Proxy.jar is not aware of the underlying application protocol. It simply dumps the complete communication stream including content and headers. This means, you can use the application to analyze traffc of any protocol e.g., SMTP, LDAP, HTTPS, etc. Proxy.jar can also be used as a simple port forwarding proxy
if you need to go through a different port to test a CQ5 instance. Note: Proxy.jar can be used to:
· Check for cookies and their values · Check for HTTP request and response headers and their values · Check if "Keep-Alive" works
· Find lost requests · Find hanging requests
In this example, we will install proxy.jar between the browser client and CQ5. To successfully complete and understand these instructions, you will need: · A running CQS Author instance
· proxy.jar from -(lnstalIDir /crx-quickstart/opt/helpers · proxytext.zip content package containing a sample template for use with proxy.jar
Install the Proxy Test Template 1. Open the CRX Content Explorer Console of your instance
http://localhost:4502/crx 2. Login as admin.
World Standard Softare to Unify Your Business ww.day.com137 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005
-
The available parameters are: Parameter
Description
host
Host of running C05 instance,
remote port
The port used by CQ5 instance on which proxy. jar wil forward all
e.g.
"Iocalhost'
requests.. e.g. "4502". local port
on which proxy. jar is listening.
e.g. "44",
The available options are: Option
Decription
~q
Quiet Mode Use it if you don't want proxy.jar to
send its output to the console (since
outputtng to the console slows down the connection), you can redirect the output to a log file with this option. Binary Mode
~b
This
option helps you look for specìfic byte combrnations in the traffic. The contain hexadecimal and cnaraceroutput.
output wil
log entries
-t
option adds a timestamps to each log entry. The time resolution is in checking single requests. Use the Timestamps option if you run proxy .j ar over a longer time period.
seconds. This may not be suitable for
-Iogfîle dlename;:
Write to a log file
Dumps the conversation into a log file, even if in "Quiet Mode -q".
-I c:umlndention~
Add Indention For better readabilty, each active connecion gets. indented. If the default 16 levels do not suit you fine, you can change the amount by adding the ..umlndentions;: you want.
2. Start up proxy.jar with the following command: java -jar proxy.jar local
host 4502 4444 -Iogfile proxytest.log
World Standard Softare to Unify Your Business ww.dav.com139 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.2 20101005
3. Open the log file proxytest.log and analyze a section of log entries. Keep in
mind that we used a simple script displaying some text and a .png image. So we should see two connections for this related request. Any other connections
are the result of the welcome page and authentication mechanism. Startup Info: Starting proxy for localhost: 4502 on port 4444 using logfile: /cq5/author/crx-quickstart/opt/helpers/proxytest. log
The start of the first connection (0) requesting the main HTML page. The HTTP header fields are listed: C-O-#OOOOOO -~ (GET /proxytest.html HTTP/I.l ) C-0-#000030 -~ (Host: localhost:4444 ) C-0-#000052 -~ (USer-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5;
en-US; rv:I.9.lb3) Gecko/20090305 Firefox/3.lb3 )
C-0-#00016I -~ (ACcept: text/html, application/xhtml+xml, application/ xml; q=O. 9 , * / * ; q=O . 8 ) C-0-#000234 -~ (Accept-Language: en-us,en;q=0.7,fr;q=0.3 ) C-0-#000276 -~ (ACcept-Encoding: gzip,deflate ) C-0-#000307 -~ (ACcept-Charset: ISO-8859-I,utf-8;q=0.7,*;q=0.7
The client requests a "Keep Alive" connection (wants to send multiple requests over the same connection): C-0-#000355 -~ (Keep-Alive: 300 ) C-0-#000372 -~ (Connection: keep-alive
This proxy tool is also useful to verify if cookies are properly set or not. Here we see a generated cookie named JSESSIONID. This cookie is automatically
created if not explicitly denied in the JSP script using o(%(Q page session="false" ?:
C-0-#000396 -~ (Cookie: clickstreamcloud=marketing: interest/product=l3, marketing: interest/ business=63, marketing: interest/ investor=58 , marketing: interest/servic)
C-0-#000537 -~ (es=46 ,marketing: interest/employment=6; ys-cq-cf -c lipboard=o% 3Acollapsed % 3Db%2 53AI; ys-cq-cf-east=o% 3Acollapsed% 3Db
%253AI;
ys-cq-cf-tabpanel=o) C-0-#00067 8 -~ (%3AactiveTab%3Ds%253AcfTab-Images;
World Standard Softare to Unify Your Business ww.day.com141 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005
S-1-Finished: 22899 bytes (1.0 kb/s)
C-1-Finished: 6271 bytes (0.0 kb/s) S-O-Finished: 138895 bytes (6.0 kb/s) C-O-Finished: 7398 bytes (0.0 kb/s)
The above exercise is simple and the log entries should be easy to analyze, since the two connections occur one after the other (first HTML request, then
the browser realizes that it has an image to request and opens a second connection). Generally, a normal page generates many parallel requests for images, css, javascript files, etc., each of which are referenced within the HTML
stream. So the log entries will overlap on parallel open connections. In that case, it's recommended to start the proxy with option "-i", (add indentions) to get better readability. Congratulations! You have successfully analyzed a conversation between a CQ5
browser client and the CQ5 server.
World Standard Softare to Unify Your Business ww.dav.com143 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005
-
As with any upgrade, you should carefully consider value versus risk for your deployment. This includes testing the planned upgrade to ensure it passes your acceptance tests.
What will be Upgraded The repository upgrade, as recommended here, has the following effect on the system. The following are upgraded: · Infrastructure: CRX Repository with all repository management and
development tools · CQS Platform: CRXDE support package for CRXDE Lite and CRXDE
The following are not upgraded: · Apache Sling and Apache Felix framework
· None of the CQ5 application components (bundles); with the exception of the CRXDE support package
The recommendation not to upgrade the Apache Sling and Felix frameworks, or any other application components, ensures that the stability of the CQ5
application as a whole is retained by minimizing the changes. The following are removed:
· CRXDE Lite was a separate web application in CQ 5.3 (CRX 2.0). It is now integrated into the main CRX web application.
World Standard Softare to Unify Your Business ww.day.com145 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005
-
~..~~ ~1;:IIOtl~AG. "'~.."" 12. Using the CQSE admin console, Stop the CRX Launchpad application
13. Stop and Remove both: · Icrxde (the CRXDE application) · Icrx (the CRX application) 14. Add a new:
· Icrx referencing the following file from the unpacked CRX 2.1: crx-quickstart/ server /webapps / crx-explorer _crx.war
World Standard Softare to Unify Your Business www.day.com147 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005
-
5. Restart CQ to ensure that all OSCi bundles have been started. NOTE In case of problems with CQ startup, please open the Apache Felix Web Management
Console (http://-:host:; :-:port:; /system/console) and check if all the bundles have been started. If a restart does not help, please start the bundles manually.
15. Confirm the upgrade of CRX by
accessing:
· CRX for example, http://localhost:4502 /crx /index.jsp The version details on the welcome screen will now show 2.1. · CRXDE Lite
for example, http://localhost:4502 /crxdel The version details on the welcome screen will now show 2.1.
· CQ use CQ to access your content, check everything is operating as expected. CAUTION You must test the operation of the upgraded instance; highly customized
items may need to be upgraded separately. NOTE CRXDE Lite is now bundled with CRX (and not a separate webapp), access
using /crxde; for example, http://localhost:4502/crxdel).
World Standard Softare to Unify Your Business ww.day.com149 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005
sudo In -s dispatcher-apache2.2-4.0.6.so mod_dispatcher.so
After doing so you will be able to see in the finder the file mod_dispatcher.so in the /usr/libexec/apache2/ folder
indude !ib Hbexec II airportd
apache2 dispat cher-apadie2, 2 -4,0,6.50
hupd.exp
Apr 20, 20lD 9:02 AM Mar 19, 2010 4:09 I'M Apr 20, 20lD 9:02 AM Apr 20, 2010 9:07 AM Feb 11,2010 3:34 AM Today, 1:44PM Today, 136 PM Oct 16,2009 5:11 AM
II mod_actionsso
Feb 11, 20lO 5:32 AM Dec 9, 20097:25 I'M
II mod_aHauo
Dec 9. 2009 7:25 PM
II mod_así,so
II mcd_aUlhIUIMll,SO
Dec 9,20097:25 I'M Dec 9, 2009 725 PM Dec 9, 2009 725 PM Dec 9, 2009 725 PM
II mod_auth,ullx:Lso
Dec 9, 2009 7:25 PM
II mod_authn_dbm"o
Dec 9. 2009 7:25 PM
II mO(Cauthn_defaulLSo
Dec 9.20097:25 PM
II mod_aulhn_f¡e,so
Dec 9, 2009 7:25 PM
II m()tauthz_dbm,so
Dec 9. 2009 7:25PM
II mod_aulhz_defauILSO
Dec 9. 2009 7:25PM
II Ubphp5,so
II mod_auth_basic50 II mod3lUlh_digesi.SO
18.Next, in the finder window of /private navigate to /private/etc/apache2
and copy the dispatcher.any file from the unpacked dispatcher archive to this location.
Configuring httpd.conf Tell Apache about the Dispatcher. In the folder /private/etc/apache2 you will
find the httpd.conf file (we are using the default apache server that comes with MacOS X). You can also use the httpd.conf file attached that comes with the
dispatcher archive from the USB memory stick.
Follow the instructions in Exercise - Add the Dispatcher to the Apache WebServer with the following exceptions:
World Standard Softare to Unify Your Business www.day.com151 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.2 20101005
-
The http server process has to have read/write access to that folder in order to write the cache files. You can of course choose another folder but then you have to be sure that the httpd server daemon has read and write access to it (chown, chgrp).
1. You must create this folder using a terminal window. Enter the following
commands: cd / Library /WebServer /
then this mkdir cache
2. Change the owner and the group of the cache folder sudo chown _www cache sudo chgrp _www cache
Restart Apache 1. Launch your system preferences
2. Then click sharing in the internet and wireless group of preferences 3. Then launch the webserver by clicking Web sharing. Your apache webserver will be running then on the port 80.
If you see Web Sharing already running, stop it and relaunch it so that your Apache server can get the new configuration loaded
World Standard Softare to Unify Your Business ww.day.com153 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005
DO'Taín Name d.iy.com
Search Base
Admín Usef~1D adf~iif1
Password p.iS5
Contall
Importing Initial Users and Groups We need a tool to help us import our initial groups and users into the LDAP
server so that we can test our CQ5 configuration. For that we will use the Apache Directory Studio. We could use probably the LDAP Enabler application but then we would have to
enter everything by hand. The Apache Directory Studio lets us import Idif files. NOTE
Actually, you can use any other application that allow you to import Idif files. CAUTION Don't close the LDAP Enabler application though, cause then you'll be shutting down the
LDAP server.
1. Copy the ApacheDirectoryStudio-macosx-..version;: .dmg file from ..USB;: /
distribution/MaclDAP to your Applications folder. Or you can download it from http://directory.apache.org/studiol . 2. Install the Directory Studio.
3. After launching Apache Directory Studio, configure the connection to the LDAP server. Click on the yellow icon (Idap) in the left bottom corner of the appl ¡cation.
World Standard Softare to Unify Your Business ww.dav_com 155 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.2 20101005
Bind password: pass
Authentîcation Please select In oluthel1ti71eiltío11 method and ínput authertifìcJtior (Jat,L
8. Click on "Check Authenlication" in order to see if our parameters are defined
correctly. If the test is successful, a message should appear saying that "the authentication was successful". 9. If the was successful, click on Finish, all the other parameters used are defaults. 10. Our connection is verified and we can check the LDAP browser. The LDAP browser is will be partially hidden by the LDAP connection window so minimize the LDAP window or just click on the window that is underneath. See figure below:
; Opel'Ciirinean
World Standard Softare to Unif Your Business ww.day.com157 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.2 20101005
View more...
Comments
