ExerciseBookCQ 5.3SystemAdministratorTrainingOdd

November 15, 2017 | Author: Mihir Mange | Category: World Wide Web, Technology, Websites, Web Server, Apache Http Server
Share Embed Donate


Short Description

Download ExerciseBookCQ 5.3SystemAdministratorTrainingOdd...

Description

/~\

L~ V.

~~\

Technical Training

II

I CQ 5.3 System Administrator Training

World Standard Softare to Unif Your Business ww.day.com Copyright 2010, Day Software AG, Switzerland Day Company Confidential RevL.2 20101005

Preface

5

Formatting Conventions

6

EXERCISE 1 - Install & Start an Author Instance EXERCISE 2 - Edit a Page

7 13

EXERCISE 3 - Browse Related Application/Server Ititenaces 17

EXERCISE 4 - Change Default Passwords 23 EXERCISE 5 - Configure Version Manager OSGi BlI ndle 33

Instances 38 EXERCISE 7 - Activate Tree 47 EXERCISE 6 - Set up Replication Agents for two Pli blish

EXERCISE 8 - Add the Dispatcher to the 115 WebSe"ver 49 EXERCISE 9 - Add the Dispatcher to the Apache WebServer 52

EXERCISE 10 - Configure the Dispatcher 55 EXERCISE 11 - Optimize Tar PM on Author Instance 69

EXERCISE 12 - Backup Author Instance 71 EXERCISE 13 - Using cURL for Automated Backup 74 EXERCISE 14 - Cluster Two CO Instances 76

EXERCISE 15 - Create & Download a CO Package 81 EXERCISE 16 - Automating Package Manager with cURL 86 EXERCISE 17 - Creating Custom Log Files 91 EXERCISE 18 - User Administration and Security 95

EXERCISE 19 - Integrate with LDAP for Users and Groups 111

EXERCISE 20 - Find Slow Responses 120 World Standard Softare to Unify Your Business. ~ww.d~.CQm 3 Copyright 2010, Day Software AG, Switzerland Day Company Confidential RevL.220101005

The current training material is indented as a introduction to administer CQ 5.x in a working environment. The latest available release is 5.3. Training material will be accordingly adapted to further product releases. Except Exercise 1, all other exercises have as a prerequisite a running CQ 5.x Author instance. Exercise 1 will lead you through the steps needed to install such an instance. Additional requirements are listed in the corresponding exercises.

The current exercise book contains some exercises which will be covered during training reinforcing the topics discussed during class. In the Appendix, you may find additional exercises which can help you with different installation platforms.

World Standard Softare to Unify Your Business ww.day.com 5 Copyright 2010, Day Software AG, Switzerland Day Company Confidential RevL.220101005

Goal The following instructions explain how to install and start an Author instance. This is important because you will use this Author instance throughout this training to perform typical development tasks. To successfully complete and understand these instructions, you will need: · A CQ5 quickstart JAR · A valid CQ5 license key

· A JDK ;;= 1.5 · Approximately 800 MBs of free space

· Approximately 1 GB of RAM

What is an Author instance? An Author instance is the CQ5 installation content authors will login to and manage pages. This includes: 1) creating, 2) editing, 3) deleting, 4) moving, 5) etc. In addition, it is the installation you will be developing against as you can easily observe both Author and Publish views.

How to install atl Author instance: 1. Create a folder structure on your file system where you will store, install, and start CQ5 (e.g. C:/day/cq5/author). WARNING

MS Windows users, please do not use spaces in your newly created folder structure (e.g. C:/this is bad/cq5/author). This will cause CQ5 to error.

2. Copy the CQ5 quickstart JAR and license.

properties file from .iUSB'?/distribution/

cq5_wcm into the newly created folder structure.

World Standard Softare to Unify Your Business ww.day.com 7 Copyright 2010, Day Software AG, Switzerland Day Company Confidential RevL.220101005

Preface

5

Formatting Conventions

6

EXERCISE 1 - Install & Start an Author Instance

7

EXERCISE 2 - Edit a Page

13

EXERCISE 3 - Browse Related Application/Server Intenaces 17

EXERCISE 4 - Change Default Passwords 23 EXERCISE 5 - Configure Version Manager OSGi Bundle 33 EXERCISE 6 - Set up Replication Agents for two Publish

Instances

38

EXERCISE 7 - Activate Tree

47

EXERCISE 8 - Add the Dispatcher to the liS WebServer

49

EXERCISE 9 - Add the Dispatcher to the Apache WebServer

52

EXERCISE 10 - Configure the Dispatcher

55

EXERCISE 11 - Optimize Tar PM on Author Instance

69

EXERCISE 12 - Backup Author Instance

71

EXERCISE 13 - Using cURL for Automated Backup

74

EXERCISE 14 - Cluster Two CQ Instances

76

EXERCISE 15 - Create & Download a CQ Package

81

EXERCISE 16 - Automating Package Manager with cURL

86

EXERCISE 17 - Creating Custom Log Files

91

EXERCISE 18 - User Administration and Security

95

EXERCISE 19 - Integrate with LDAP for Users and Groups EXERCISE 20 - Find Slow Responses World Standard Softare to Unify Your Business WW.day.com

111

120

Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

3

CQ5 installstartup dialog

Continue reading the section Server is started. COlllland Line start :

First of all, you may want to know which parameters are available to the server prior to installation. Therefore, enter following command to investigate a complete list of optional

parameters:

java -jar cq-author-4502.jar -h CQ shows all command line options without starting the server.

You can now install/start CQ5 from the command line while increasing the Java heap size, which will improve performance. Please see image below for an example of the command line.

CQ5 command line start

If using the command line, for a 32bit VM enter:

java -Xmx512M -jar cq5-author-4502.jar

World Standard Softare to Unify Your Business www.day.com 9 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

In the appearing Login screen, enter the default administrator's credentials (admin/ admin) then click OK.

CQ5 login dialog

The Welcome screen appears, displaying you the different possibilities to continue. For the next exercise, we'll access the Websites console.

CRXDE Ute

Rc.plìt:ation

do-s.day,£om d~ri.'j:ay"com

CQ5 Welcome Screen Start and stop CQ5 using scripts:

World Standard Softare to Unify Your Business www.day.com 11 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

Goal The following instructions explain how to navigate to and edit a page. This is important because you will use the the Websites Administrator Console to create and publish

content throughout the course. In addition, you should understand the interfaces used by your author community.

To successfully complete and understand these instructions, you will need: · A running CQ5 author instance

What are the available Author consoles ? CQ uses a web-based graphical user interface, so you need a web browser to access CQ. The graphical user interface is divided into various web-based consoles where you can access all of the CQ functionality:

Console

Description

Websites

Access all the pages in your website; create, edit, and delete pages; start a workflow; activate and deactivate pages; restore pages; check external

links; and access your user inbox.

Assets

Manage digital assets.

Manage packages, designs,importers, workflow templates and scripts, repUcatIon agents and upgrades.

US0l Adrr;in,:;tratiort

Manage users and permissions.

and Manage pages that are

Workflow:;

AdrmnÎstration

an easy to use

graphical

in a workflow, create new workflow models using user interface.

Manage your tags and taxonomies.

To Edit a page:

World Standard Softare to Unify Your Business ww.dav.com13 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

.

After you open the page, you can start to add content. You do this by adding new or editing existing paragraphs (also called components).

To insert a new paragraph, double-click the area labeled Prag cOllponents or assets here... or drag a component from the floating toolbar (called sidekick) to insert a new paragraph.

This area appears wherever new content can be added, such as at the end of the list if other paragraphs exist or at the end of a column.

4. Drag the Text & i mage icon from the sidekick to the center of the dotted rectangle and

drop it in. The green check mark will tell you that the drag-and-drop is allowed.

5. Double-click the thumbnail placeholder for the component to open the dialog box.

'Nrn.~,,,,,,-.,-et:C;'i2L;m, El..,.. ~¡iaLimpolmlilÆ ¡"tci",rtirxìc;!i ær_l~is cmm

A£r.,mPlddn:~I~it "..¡~

~,;)n~,

6. Click the Illage tab to open the Image pane of the dialog box. Drag-and-drop an image from the Content Finder to the dialog box.

World Standard Softare to Unify Your Business www.day.com15 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

Goal The following instructions explain how to browse the application/server interfaces associated with a CQ5 installation. This will enable you to use their administrative/ configuration capabilities. To successfully complete and understand these instructions, you will need: II A running CQ5 Author instance

What interfaces exist? A typical CQ5 installation consists of a Java servlet engine (CQSE), a Java Content Repository (CRX), and a Launchpad (Felix/Sling) application. They each have their own Web interface allowing you to perform expected administrative/configuration tasks. How to browse the CQSE interface:

1. Enter the URL http://localhost:4502/admin in your favorite Web browser's address bar.

2. Enter the default administrators credentials (admin/admin) in the dialog - then click OK. The CQSE main console appears. http:rllocalhost:45Q2/admìri

CQSE login dialog

World Standard Softare to Unify Your Business ww.day.cQm 17 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

jcr:created )cr:createdBy

String

)cr:content management

cq:PageContent

bod

cq:Page cq:Page

CRX content explorer viewing node /content/geometrixx/en/company

Cot1gratulatio"s! You have successfully logged into the CRX application and have browsed

a portion of the node (Web site) structure. To be a successful system administrator in CQ5, you need to be able to easily explore/edit nodes and properties at the CRX leveL.

How to browse the Felix interface:

1. Enter the URL http://localhost:4502/system/console in your favorite Web browser's address bar.

2. Enter the default administrators credentials (admin/admin) in the dialog - then click OK. The Apache Felix Web Management Console appears, showing you the Bundles application.

Felix login dialog

3. Follow the link lece"trequests - then click on the Clear link to remove recent requests

from the displayed list.

World Standard Softare to Unify Your Business ww.day.com19 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

How to use CRXP£ lite:

1. Enter the URL in your favorite Web browser's address bar. Or select the CRXDE Lite console from the Welcome screen.

2. In the upper right corner, click on the drop-down box displaying your user name (admin), then select Login_ Enter the default administrators credentials (admin/admin) in the appearing dialog, while continuing to use the crx.default workspace - then select OK.

This will take you to CRXDE Lite with appropriate privileges and permissions.

3. Navigate to the folder /apps/geometrixxlcomponents to view the custom components created for the Geometrixx Web site/project.

World Standard Softare to Unify Your Business ww.day.com 21 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

Goal As you may already observed, all interfaces in CQ are sharing the same credentials for

the admin user. The following instructions explain how to change the default passwords of CQ. This is important because it is part of the security checklist that will ensure your

installation cannot be easily infiltrated by hackers. To successfully complete and understand these instructions, you will need: II A running CQ5 Author instance

What to do about security? Most security tasks are handled by a system administrator. It is a good idea for you, the administrator to have a basic understanding of web application security concerns. The

primary security concern you will focus on in this exercise is the simple changing of passwords, so that you may setup a team development environment as soon as the class is over.

When considering a standard CQ installation, there are three password changes and one configuration you need to alter. If you consider a standard installation, and the elements involved, it actually becomes quite clear. Reflect on the image below: COSE

launcl'ad lFelixlSling)

coiifig '\

CRX

"'

World Standard Softare to Unif Your Business ww.day.com 23 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

Change Password: Old PEi55V)ord:

Nl''-V'1 P assv'Jord:

Confirrn:

~~~~~ '0)

Note: '¡'our brO'i'iSer 'Nii! ask \IOU re'.,wthenticôte after the change.

CQSE change password confirm

Congratulations! You have successfully changed the CQSE default administrative password. Now focus on changing the content repository's (CRX) default administrative password. fo change the content repository! CCRX) default adllinistrative password:

1. Navigate to the content repository (CRX) application.

· e.g. http://ocalhost:4502/crx 2. Follow the Log In link.

World Standard Softare to Unif Your Business ww.day.com 25 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

Nodi!'-T'Tpe ¿.\dvnFï~:;_tr-,_'Stnn

CRX user administration

5. Navigate to and select the admin user.

ad~n anbíSvmou$ aparker¡geometrixx. cClm

author

CRX admin user

6. Click the link Change Password.

World Standard Softare to Unify Your Business ww.day.com 27 Copyright 2010, Day Software AG, Switzerland Day Company Confidential RevL.220101005

-1. Navigate to the Launchpad (Felix/Sling) application.

· e.g. http://local 2. Enter the default administrator credentials - then select OK.

Ausername and password are being requested bV http://localhost:4502. The site ri1anagelYient Console"

User Name:

Password:

Launchpad login dialog

3. Select Configuration.

Console

Launchpad configuration

4. From the Configurations drop-down box, select the entry named Apache Felix OSc-i

Managellent Console - then cl ick the button Configure. 5. In the field labeled Password, enter the new password (training_osg¡) - then click Save.

World Standard Softare to Unify Your Business WW.day.cpm 29 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

1. Select CRX Sling Client Repository (second entry, with the long ID) from Configuration

in the Launchpad application - then click Configure.

2. Enter the new password in the field labeled Adllin Password (training_crx) - then click the Save button.

acc€sses JNDI UR:.

J\lDI

I\ame

Na:-ne of the

to access,

DëatJ':

Us€rld

Password Admin

Userld Admin

Password

Sling client repository admin password 3. Validate changes have persisted properly by requesting the CQ application and login.

· Access CQ via http://localhost:4502/ · Username = admin · Password = training_crx

NOTE It may take a minute or two for the changes to the CRX Sling Client Repository configuration to populate thoroughly.

World Standard Softare to Unify Your Business ww.day.com 31 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

Goal aSCi is a fundamental element in the technology stack of CQ5. It is used to control the composite bundles of CQ and their configuration.

aSCi provides the standardized primitives that allow applications to be constructed from small, reusable and collaborative components. These

components can be composed into an application and deployed.

This allows easy management of bundles as they can be stopped, installed, started individually. The interdependencies are handled automatically. Each

aSCi Component (see the aSCi Specification) is contained in one of the various bundles.

The following instructions explain how to manage aSCi configuration settings. To successfully complete and understand these instructions, you will need: · A running CQS author instance

By default, versions are never purged from the repository.

How are Versions Purged? To control if, and how, versions are managed in your system: 1. Select CRXP£ Lite from the Welcome Screen.

World Standard Softare to Unify Your Business ww_dav_com 33 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

ti 5. Fill in the dialog box: .. Name: conftg Ii Type: slíng:Folder

Pleas ~rite~ rtooe flame an; sei;

Name:. ~

l'f:

~;ø

.

OJ(

Create Node dialog

6. Right-click the config node you just created. 7. Choose Create --) Create Node

8. Fill in the dialog box: .. Name: com.day.cq.wcm.core.impI.VersionManagerlmpl · Value: sling:OsgiConftg

Now you must add properties to the com.day.cq.wcm.core.impI.VersionManagerlmpl node. You add properties by

filling in the input boxes at the bottom of the properties pane. 9. Set the following three properties on the com.day .cq .wcm .core. impl. VersionManagerl mpl node: · Nal1e: versionmanager.purgingEnabled

· fype: Boolean .. Value: checked (true)

World Standard Softare to Unify Your Business ww.day.com 35 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

Mixir,

Deelop Re$Øtc

Stppo

I?roe-rteo

T""

Vall.e

fal5e fa&! 1a~52 fi&1

'~,maroge.miloc Smng

veoom.a~;i:.rçP¡l-~5::ingU

~n

"mt Ma'lil r'1ultì-ie Auto Oæte

,:conlcri,Ieti:

ir.

fil~

raise- fiJ~ fitio ril\s

Configured Version Manager

Congratulations! You have successfully configured an aSCi bundle! Now go back to the CQ5 Author interface and use the sidekick to create more than 5 versions

of any page. Notice what happens to the list of versions once you have more than 5 versions.

World Standard Softare to Unify Your Business ww.day.com 37 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.2 20101005

-

· Return user input (for example, form input from the publish environment to the author environment (under control of the author environment).

Replication, to a publish instance takes place in several steps: · The author requests that certain content be published (activated) This can be initiated by

a manual request, or by automatic triggers which have

been preconfigured.

· The request is passed to the appropriate default replication agent An environment can have several default agents which will always be selected

for such actions.

· The replication agent "packages" the content and places it in the replication queue. · The colored status indicator is set for the individual pages in the SiteAdmin console (Websites tab)

· The content is lifted from the queue and transported to the publish environment using the configured protocol Normally, the configured protocol is HlTP.

· A servlet in the publish environment receives the request and publishes the received content.

How do I access and configure Replication Agents? 1. Access the Tools tab in CQ5.

2. Click Replication (left pane to open the folder).

3. Double-click Agents on author (either the left or the right pane). 4. Click the appropriate agent name (which is a link) to show detailed

information on that agent. 5. Click Edit to open the configuration dialog:

World Standard Softare to Unify Your Business www.day.com 39 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

· Use for Reverse Replicatio.-: Indicates whether this agent will be used for reverse replication; returns user input from the publish to author environment

6. Choose the rransport Tab

7. Make sure that the server and port specified in the URI are correct for the first Publish instance.

8. Verify that the specified User and Password are correct to access the first Publish instance. 9. Click OK to save the settings.

Transport Tab Configuration Parameters: · URI: This specifies the receiving servlet at the target location In particular, you can specify the host

name (or alias) and context path to the target instance here.

For example: · A Default Agent may replicate to http://localhost:4505/bin/receive?

s I ì ng :auth Req uestlog i n = i · A Dispatcher Flush agent may replicate to http://localhost:8000l

dispatcher /inval ¡date.cache The protocol specified here (HTIP or HTIPS) will determine the transport

method.

World Standard Softare to Unify Your Business www.day.com 41 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

15. Select the Transport Tab and set the URI to the correct values for the second

Publish instance. Also make sure that the User and Password are correct for the second Publish instance. 16. Click OK to save the settings.

Proxy Tab Configuration Parameters:

The following settings are only needed if a proxy is configured in the network. · Proxy Host: Hostname of the proxy used for transport.

· Proxy Port: Port of the proxy. · Proxy User: User name of the account to be used. · Proxy Password: Password of the account to be used.

· Proxy NfLM l1olMah,: The proxy NTLM domain.

· Proxy NfLM Host: The proxy NTLM host.

Extended Tab Configuration Parameters:

Interface Socket interface to bind to: · Hrrp Method: HTIP method to use. · Hrrp Headers: These are used for Dispatcher Flush agents and specify elements that must be flushed.

factionl indicates a replication action; fpathl indicates a path. · ConnectTllMeout: Timeout (in milliseconds) to be applied when trying to establish a

connection. · Socket TllMeout: Timeout (in milliseconds) to be applied when waiting for traffc after a connection has been established. · Protocol Version: Version of the protocol; for example "1.0" for HTIP /1.0.

Triggers Tab Configuration Parameters: These settings are used to define triggers for automated replication:

World Standard Softare to Unify Your Business ww.day.com 43 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

-

fo 1l0nitor a replicatio~ agent:

1. Access the fools tab in CQ.

2. Select ~eplication folder in the left pane to expand.

3. Double-click the link to agents for the appropriate environment (either the left or the right pane); for example, Agents on author. The resulting window shows an overview of all your replication agents for the author environment, including

their target and status:

;;lI

4. Click the appropriate agent name (which is a link) to show detailed information on that agent:

World Standard Softare to Unify Your Business www.day.com 45 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.2 20101005

Goal From the Websites tab you can activate the individual pages. When you have entered, or updated, a considerable number of content pages - all of which are resident under the same root page - it can be easier to activate the entire tree in one action. You can also perform a Dry Run to emulate an activation and

highlight which pages would be activated. The following instructions explain how to browse the application/server interfaces associated with a CQ5 installation. This will enable you to use their

administrative/ configuration capabilities. To successfully complete and understand these instructions, you will need: · A running CQ5 Author instance

To activate a cOllplete tree of your website:

1. Access the Tools tab in CQ.

2. Click on Replication - the folder will expand. 3. Then double-click on Activate Tree.

4. A dialog screen, similar to that below, will open.

5. Enter /content/geometrixx/en/company (or something similar) into the Start

Path. The Start Path specifies the path to the root of the section you want to activate (publish). This page, and all pages underneath, will be considered for

activation (or used in the emulation if a Dry Run is selected).

World Standard Softare to Unify Your Business ww.day.com 47 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.2 20101005

Goal The Dispatcher is Day's caching and/or load balancing tool. Using the Dispatcher also helps protect your application server from attack. Therefore, you can increase protection of your CQ instance by using the Dispatcher in

conjunction with an industry-strength web server. The process for deploying the Dispatcher is independent of the web server and as platform chosen: II Install the supported web server of your choice according to their own

documentation. II Install the Dispatcher module appropriate to the chosen web server and

configure the web server accordingly. II Configure the Dispatcher. II Integrate with CQ to update the cache when the content in CQ changes. In this exercise we will install the Dispatcher into an 115 web server.

To successfully complete and understand these instructions, you will need: II A running CQ5 Author instance II A running CQ5 Publish instance

How does the Dispatcher plug into LIS? 1. Unzip the latest Dispatcher build, appropriate for your operating system, to a

temporary directory. The Dispatcher files are located on the memory stick under /distribution/dispatcher. 2. Add the Dispatcher to the list of available ISAPI filters (by adding the DLL to

the liS) use the following steps: · Extract dispJis.dll into the executable directory of the selected website under 115. Le. -(IISJNSTALLDIR;; /scripts

World Standard Softare to Unify Your Business www.day.com 49 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

4. To ensure access you have to:

· Inside the Internet Service Manager, right click the root node of the appropriate website, then open its Properties dialog.

· Select the Directory Security tab. · Activate Anonymous access.

· To activate the changes you have to restart liS. Either from the liS control window or from a command window:

· net stop w3svc - will stop the liS web publishing service

· net start w3svc - will start it again NOTE Before you can start using the Dispatcher, you must configure the Dispatcher.

Congratulations! You have successfully integrated the Dispatcher with the liS web

server.

World Standard Softare to Unify Your Business ww.day.com 51 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

-

· LoadModule to load the module 011 start up. · Dispatcher-specific configuration entries, including DispatcherConfig,DispatcherLog and DispatcherLogLevel.

· SetHandler to activate the Dispatcher. LoadModule.

4. Register the Dispatcher module by adapting Apache's configuration file (apache_hotMe)/conf/htlpd.conf. The Dispatcher-specific configuration entries are

placed after the LoadModule entry. 5. Add the following text to the htlpd.conf file at the end of the Load Module section: # LoadModule foo_module libexec/mod_foo.so # Add to the end of the LoadModule section LoadModule dispatcher_module modules/disp_apache2.2.dll

# # configure the minimal setting for the dispatcher

# the main configuration is read from the 'DispatcherConf ig' file. #

~IfModule disp_apache2 .c~ # location of the configuration file. eg: 'conf / dispatcher. any' DispatcherConfig conf/dispatcher. any

# location of the dispatcher log file. eg: 'logs / dispatcher. log' DispatcherLog logs/dispatcher. log

# log level for the dispatcher log # 0 Errors # i Warnings # 2 Infos # 3 Debug DispatcherLogLevel 3

# Def ines the Server Header to be used: # undefined or 0 - the HTTP server header contains the CQ version. # if turned to i, Apache server header is used DispatcherNoServerHeader 0

# if turned to i, request to / are not handled by the dispatcher # use the mod alias then for the correct mapping DispatcherDeclineRoot 0 # Defines whether to use pre-processed URLs: # 0 - use the original URL passed to the web server. # i - the dispatcher uses the URL already processed by the handlers # that precede the dispatcher # (i.e. mod_rewrite) instead of the original URL passed to the web

server.

World Standard Softare to Unify Your Business ww.day.com 53 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

Goal Now that we have integrated the CQ5 Dispatcher with the web server, we must

configure the Dispatcher so that it can find its associated Publish instances, knows which pages to cache and where to cache them. In this exercise we will configure the Dispatcher with appropriate settings to

cache pages as desired, and define a Dispatcher Flush agent to invalidate the cache in response to content update. To successfully complete and understand these instructions, you will need: · A running CQS Author instance · A running CQS Publish instance

Configuring the dispatcher .any file By default the Dispatcher configuration is stored in dispatcher.any, though you

can change the name and location of this file during installation. The dispatcher.any file is independent of web server and operating system, so the

following instructions are appropriate to both liS and Apache. The only difference between the two configurations is the usage of the property / homepage, which is used only by liS. fo configure the Pispatcher:

1. Open the dispatcher.any file with the text editor of your choice.

2. Make sure the /farms section matches your infrastructure. The /farms section defines a list of farms or websites. Each /farms section defines: · A set of load-balanced renderers. · The IP addresses and ports of the publish instances to serve and cache content from.

· Further characteristics including where to cache files, what to cache. For each farm you can specify separate caching and rendering parameters,

some of which have sub-parameters:

World Standard Softare to Unif Your Business ww.day.cgm 55 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

II 3. Verify the list of client headers in the dientheaders section.

# each farm configures a set off (loadbalanced) renders

/farms t # first farm entry (label is not important, just for you

convenience)

/website t # client headers which should be passed through to the render

instances

/clientheaders t

"referer"

"user-agent" "authorization" "from"

"content-type" "content-length" "accept-charset"

"accept-encoding" "accept-language" "accept" "host" "if-match" "if-none-match" " if-range" "if-unmodif ied-since" "max-forwards"

"proxy-authorization" "proxy-connection" "range" "cookie"

"cq-action" "cq-handle" "handle" "action"

"cqstats" ~

4. (lIS-only!) Adapt the homepage property. /farms t

World Standard Softare to Unify Your Business ww.day.com 57 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

-

dispatcher configuration). You can define several renders within a farm for load balancing. /farms t # first farm entry (label is not important, just for you

convenience)

/website t # the load will be balanced among these render instances

/renders t

/publish1 t # hostname or IP of the render

/hostname "127.0.0.1" # port of the render /port "4503" L

/publish2 t # hostname or IP of the render

/hostname "127.0.0.1" # port of the render

/ port "4504" l l

Using filters, you can specify which requests are accepted by the Dispatcher

module. All other requests are sent back to the server, where they are offered to the other modules that run on the web server. 7. Adapt the filter properties to allow or deny access to certain paths.

NOTE

Day Software best practices suggest that you deny access to Ilibs, letc, Icrx, ladmin, Ivar, I tmp, Ihome, lapps and any other URis that should not be accessible from outside. Please see the Security Checklist for further considerations when restricting access using the Dispatcher.

/farms t

/website t

World Standard Softare to Unify Your Business www.day.com 59 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.2 20101005

/docroot: This link points to the document root of the web server.

/statfile and /statfileslevel define which parts of the website tree are invalidated when pages are activated.

/allowAuthorized: Specifies whether requests (pages) that carry an

authentication header are cached. /rules: List of cachable documents determines which documents are cached /invalidate: Defines a list of all documents that are automatically rendered invalid after a content update.

The docroot link points to the document root of the web server. This is where the Dispatcher stores the cached documents, and this is where the web server

looks for them. If you use multiple render farms, you have to define a different document root on the web server for each farm, and specify the corresponding

link here. 8. Define the location of the web server cache to the Dispatcher.

/farms t

/website t

/cache t # the cacheroot must be equal to the document root of the webserver

# /docroot "C:/lnetpub/wwroot" /docroot "":Apache_document_root:;"

9. Configuration of the Dispatcher is not yet complete, but at this point we can test the configuration of the Dispatcher with the web server. Save your changes to the dispatcher.any file.

10. Restart the web server 11. Access the Geometrixx website using the following URLs:

Author instance: http://localhost:4502/content/geometrixx.html Publish instance: http://localhost:4503/contentlgeometrixx.html

World Standard Softare to Unify Your Business www.day.com 61 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

-

necessary rights. However, in some setups it can be permissible to cache

authenticated documents.

14. Set the /allowAuthorized property. Icache t /docroot "C:/apache/htdocs" /statfileslevel "2"

/allowAuthorized "0"

The ¡rules property defines which documents are cached, though the Dispatcher never caches a document in the following circumstances: · If the HTIP method is not GET.

Other common methods are POST for form data and HEAD for the HTIP header.

· If the request URI contains a question mark ("7"). This usually indicates a dynamic page, such as a search result that does not need to be cached.

. The file extension is missing.

The web server needs the extension to determine the document type (the MIMEtype).

· The authentication header is set (this can be configured) If you do not have dynamic pages (beyond those already excluded by the above rules), you can let the Dispatcher cache everything.

15. Define the list of cachable documents: /cache t /docroot "C: lapache/htdocs"

/statfileslevel "2"

/ allowAuthorized "0"

/rules t

/0000 t

/glob "*" /type "allow" ¡

10001 t i glob "i en/news I *"

/type "deny"

World Standard Softare to Unify Your Business ww.dav_com 63 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

-

10003

t

I glob "*. pdf" Itype "allow" ~ ~

i 7. Save dispatcher.any changes.

Configuring the Dispatcher Flush Agent In cases where there are multiple Publish instances, the dispatcher flush is controlled by a replication agent operating on the publish instance. However, the configuration is made on the authoring environment and then transferred by activating the agent: i. Open the CQ Tools console. 2. Open the required replication agent; for example the Uispatcher Flush agent under Agel'ls on Publish that is included in a standard installation.

3. In the Settings tab ensure that Enabled is active.

World Standard Softare to Unify Your Business ww.day.com 65 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

-

5. Open the friggers tab. Make sure only the On Modification parameter is checked.

World Standard Softare to Unify Your Business ww.day.com 67 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

Goal As data is never overwritten in a tar file, the disk usage increases even when only updating existing data. When optimizing, the Tar Persistence Manager copies data that is still used from old tar files into new tar files and deletes the old tar fi les that contain only old or redundant data.

This exercise will show you multiple ways to optimize the Tar PM. To successfully complete and understand these instructions, you will need: · A running CQS Author instance

Manually optimizing tar files using CRX Console To optilliie tar files using the CRX console:

1. In the CRX Console, log in as administrator. 2. Click Repository Configuration.

3. Se lect Tar Persistence Manager Optilliiation and ci ick Start Optilliiation,

U",r,¡":¡ü, .ï,~~i;.~¡.h ;i4ÜI'.;j.i)(l(~.~ (i"~.,*~L,:':øH: l TIJ$'- ll1" HJ1~im,i:',,~lflrH1

Since our repository has only i tar file (we haven't made enough changes to the repository), the optimization will have no effect.

World Standard Softare to Unify Your Business ww.day.com 69 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

It Goal Online repository backup lets you create, download and remove backup files. It is a "hot" or "online" backup feature and therefore can be executed while the repository is being used normally in the read-write mode. Backup files are saved in the ZI P compression

format.

In this exercise, you will create a "hot" backup of your Author repository. To successfully complete and understand these instructions, you will need: II A running CQ5 Author instance

Creating an online backup This backup method creates a backup of the entire repository, including CQ5 or other applications deployed into it. This method lets you create and later restore the entire

repository and applications running on it, including content, version history, configuration, software, hotfixes, custom applications, log files, search indexes, and so on.

This method works as a hot or online backup, so you can perform this backup while the

repository is running. The repository is usable while the backup is running, however performance of the repository will decrease. This method works for the default, TarPMbased CRX instances.

Backup files are saved in the Zi P compression format. By default, they are saved in the

parent folder of the folder where the quickstart .jar is running. You can change the location where CRX saves backup files. fo create a backup:

3. Go to the following URL: http://localhost:4502/crx.This will take you to the CRX Main Console. 4. Log in as the administrator. 5. Click Repository Configuration

World Standard Softare to Unify Your Business ww.day.com 71 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

The online documentation provides deeper information regarding this crucial topic, including different scenarios like backing up an clustered node, etc. Check it out under http://dev.day.com/content/docs/en/crx/2-0/administering/backup_and_restore.html. Congratulations! You have successfully created a full backup of your Author repository without taking the instance down.

World Standard Softare to Unify Your Business ww.dav.com 73 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

The restore procedure is identical to the one described in previous exercise. COl1gratulatiotls! You have successfully created an automated backup script.

World Standard Softare to Unify Your Business www.dav.com 75 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

-

The first thing we need to do is decide on the central, network-accessible location where we will put the shared journal. In general you would have the shared path pointing to a mounted networks drive (via NFSjSAN), but for our purposes, any central location will do. For example, we can choose C\cq

\shared. 1. Make sure that the node that will become the llaster, the node running on port 4502 is not running.

2. Navigate to -clnstaIlDir::jrepository. Copy the shared folder and paste it into

C\cq.

3. We will tell the llaster node where to find its shared journal. Navigate to

-clnstaIlDir::jrepository. 4. Open repository.xlll with a text editor. 5. Find the Cluster elelle"t and make the following changes:

.iCluster'? .iJournal class="com. day. crx. core. journal. FileJournal ",?

"param name="sharedPath" value="C:/cq/shared" I'? "param name=lmaximumSize" value="104857600" I'?

World Standard Softare to Unify Your Business ww.dav.com 77 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

5. Notice that this instance believes that it is the master of its own cluster. Notice the shared path points to its own repository.

User-m: admin I Workspace: uK.default I ,Ul.f.-LH!,I! I ;~i~~'.i.t;.b...W.QJ.-.k:,p'.g.i;.t;, I !n:,p'.tx.~.!u;.ell, ?oiiJ:!t.et"~

ldi:,itit'i

df9bZ55a~'~~..()5.4 b d9- 3ó :;f"-f,:~62 ~.",6,jl.",,8

os

'of,rido,/,:$ ;..p 5,1

Host

IOCêllhost:45G..

P,:opositorv Horne

c: \cq\'-J uthür2\cn;. QUI..:.,:t.: ,i\xe p ositor\(

Sh¿,red path

C: \cq\a uth;)t:'\crx -QIJickstartVe p o,,;;oi-y \,,,Íl ared

No siai/es conri-:çted

Shared p.,rth

6. Enter the shared path of our new cluster into the shared path input field.

UserID: admìn I Work~pace: cF"lo.default I Log Out I Switch Wo!"kspar:e I Imof.t'!woate

Naster" Ide¡¡tit1'

df9b255 a - 9':05-4 b d9- 665e-636B5e tid leeS

os

',ALir:do\~!s ;~:p 5.1

Host

loc,:ilhost:4504

Repositor~f Horn!?

C :\cq\author2\crx -qui ck ;;taii:\repos ¡tory

shared path

C :\cq\a uthor2\crx .qui CK $td~"t\repo$¡t:rV\$hared

No ,¡¿:iiies connected (;b,.t~~~-

Shaled inith

!c/cq/shared

7. CI ick Join.

The join will take a few minutes as the Slave repository is being rewritten with the information from the Shared Journal.

World Standard Softare to Unify Your Business ww.day.com 79 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.2 20101005

. Goal The following instructions explain how to create a CQ package that will combine all elements of the Training project, minus all jpegs. This is a good example of packaging application content, which you could then distribute to team members for review. To successfully complete and understand these instructions, you will need:

· A running CQ5 Author instance · A completed Training project with appropriate extents

ions

Why do I need CQ packages? Packages can include content and project-related data. A package is a zip fi Ie that contains the content in the form of a file-system serialization (called "vault" serialization) that represents the content from the repository as an easyto-use-and-edit representation of fi les and folders.

Additionally, it contains vault meta information, including a filter definition, and import configuration information. Additional content properties can be included

in the package, such as a description, a visual image, or an icon. These properties are for the content package consumer for informational purposes only.

You can perform the following actions with packages: · Create new packages · Modify existing packages

· Build packages

· Upload packages

· Install packages · Download packages from the package share library · Download packages from CQ to a local machine · Apply package filters

· View package information

fo create, build, and download a CQ package, in the -fools- section of CQ5:

World Standard Softare to Unify Your Business ww_dav_com 81 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.2 20101005

-

5. Enter the package "Group Name" (training) and "Package Name" (trainingproject).

traíníng

traínlng-proJ8ct

CQ new package dialog 6. Select the training-project package.

7. Add the Component Filter Definition to the paragraph system Component then open (e.g. double-click).

Page view of component addition

8. Enter the "Root Path" (lapps/training) and a "Rule" that excludes all jpegs

(Exclude =:: .+\.jpg) - then select OK.

World Standard Softare to Unify Your Business www.day.com 83 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

JSP

.l /apps./training/'components/con tent, logo,/design_dialog, xml A /apps/training/'component.s/content complex

A /apps/ti-airiing/componen ts/content coilLplex./, content. Eml .l /apps/tra.ining,/components/content /comple:.:/complex, JSP A /apps/training/'components/content,/comple::.::/dialog, XJnl .l /apps,..ti-aining/components/content./complex/design_dialog, xml .l /apps/training/components/content/cOJlLplex/_c~edi tConf ig. xrri! A /apps/training/components/con ten t/search .l /apps/training/components/content/search/, content. xml .l ,/apps/training/components/content/search/seai'ch. JSP

A /apps/training/src A ./apps/training/install A /apps/ training/docroot

.À /apps/training/training-widgets J s

.À /apps/training/training-widgets J S/. coritent XII!

.À /apps/training/training-widgets j s/f iles .À /apps/training/training-widgets J s/f i les/. content xml

.À /apps/trainiug/training-widgets J s/f iles/training, JS .À /apps/training/global .À /apps/training/global/ini t jsp

.À METÀ-INF/vaul t/det ini t ion/. content xml Package created in 782ms.

Package build output

Package build information

10. Download the package by entering the URL of the package's ZiP in your Web browser's address bar.

· e.g. http://localhost:4502 /etc/packages/training/training-project.zip Congratulations! You have successfully created a package, added a rule to the

filter definition, built the package, and have downloaded the package, which you can now share with your CQ development team.

World Standard Softare to Unify Your Business WW.day.com Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

85

-

~response/ ~data/

I Arguments I Comment I

+ -- - - - - - - - - - -+ - - - - - - - - - - -- - - - - - - - - -- - - - - - - - - - - - - - -- - - --+

+- -- - - - - - - - - -+- - - - - - - - - - - - - - - - - - - - - - - - -- - -- - - - -- - - - - - --+

I cmd=help I print this help I

+-- - - - --- - - - -+- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -- - - -- - - - - --+

I cmd=ls I print a list of all packages I

+-- - - - - - - - - - -+- -- - - - - - - -- - - - - - - - - - --- - - - - -- - - - - - --- - -- - +

cmd=rm I remove a package

name I package name I (group) I group name (optional) I

+- - - - - -- - -- - -+- - - - --- - - - - - -- - - - - - - - - - - - - - - - -- - - -- - - -- --+ cmd=build I build a package

name I package name I (group) I group name (optional) I +- - - -- - - - - - - -+- - -- - - - -- - -- - - -- - - - - -- - ---- -- - - - - - - -- - ---+ I cmd=ins I installs a package I name I package name I (group) I group name (optional) I

+-- - - - - - - -- - -+- -- - -- - - - - - - -- - -- - - - - - - - - - - - - -- - -- - - - -- --+ cmd=unins I uninstalls a package

name I package name I (group) I group name (optional) I + --- --- - - - - --+- - -- - - - ----- - - - - - - - - -- - - - -- ---- - - -- -- - - --+ I GET I downloads a package. I I ( content-disposition header contains

I I the correct filename) I (cmd=get) I optional

I name I package name

I (group) I group name (optional) I I POST I upload a new package

+ -- - --- - - - - - -+- - - - -- - -- -- - - - - - - - - - - -- - - - - - - -- - - - - - - -- --+

I file I pacakge to upload I (name) I optional name

I (install) I automatically install package if 'true' I

+--- - -- -- - - - -+- - --- - - -- - -- - --- - - ---- - - --- - -- - - - -- -- -- --+

~/data/ ~status code="200"/ok~/status/ ~/response/ ~/crx/ 2. List

the packages currently available on this CQ instance:

curl -u admin:admin http:/ jlocalhost:4502/crx/packmgr/service.jsp?cmd=ls You should get a response similar to the following:

~crx version="2. 0" user="admin" workspace="crx.default"/ ~request/ ~param name="cmd" value="ls" //

World Standard Softare to Unify Your Business www.day.com 87 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

-

~/data? ~status code=" 200"?ok~/status?

~/response? ~/crx? 4. Install a package. Enter the following command to install the package you just

uploaded.

curl -u admin:admin -F name=training_import http://localhost:4502/crx/packmgr/ service.jsp?cmd= inst You should get a response similar to the following:

~crx version="2. 0" user="admin" workspace="crx.default"? ~request? ~param name=" cmd" value=" inst" /? ~param name=" inst" value="training import. zip" /?

~param name="name" value="training import. zip" /?

~/request?

~response? ~data? ~log? Installing content... 1-- Collecting import information... 1-- Installing node types...

1-- - nt -? http://www . j cp. org/j cr /nt/1. 0 1-- - jcr -? http://www.jcp.org/jcr/1.0 1-- - sling -? http://sling.apache.org/jcr/sling/1.0

1-- A / content/dam/photos/ img4. jpg /j er: content/renditions/ cq5dam. thumnail. 48.48 .png

1-- A / content/dam/photos/img4. jpg /j er: content/renditions/ cq5dam. thumbnail .140 .100. png / j cr: content

1-- A / content/dam/photos/img4. jpg /j er: content/renditions/ cq5dam. thumnail. 48.48. png / j cr: content 1-- A /eontent/dam/photos/img4. jpg/jer: content/renditions/original 1-- A /content/dam/photos/img4. jpg/jer: content/renditions/original/

j cr: content

1-- saving approx 42 nodes.... 1-- Package imported. Package installed in 294ms.

~/log? ~/data?

~status code="200"?ok~/status?

~/response? ~/crx?

World Standard Softare to Unify Your Business www.day.com 89 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.2 20101005

Goal Various CQS log files provide detailed information about the current system

state. In addition to the default system log files you can also create and customize your own log files. They can help you better track messaged produced by your own applications and to separate them from the default log

entries.

In this example, we will generate a new log file and monitor only messages produced by a specific set of CQS modules. To successfully complete and

understand these instructions, you will need: . A running CQS Author instance

fo create a custOll log file with a specified log level:

1. Open CRXDE Lite so that you can define a new configuration for the custom log file. You can also use CRXDE or CRX Content Explorer to achieve the same

results. Create the Loggit'g Logger

2. If it doesn't already exist, create a new folder named "config" in /apps/ geometrixx. Right-click on the geometrixx folder. Select New... Folder.

3. Under /apps/geometrixx/config, create a node for the new Apache Sling Logging Logger Configuration. Right-click on the new config node and Select New... Node.

.

Nal1e:

.

fype:

org .apache.sl ing .commons.log. LogManager. factory .config- TRAINING

sling:OsgiConfig

World Standard Softare to Unify Your Business www.dav.com 91 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

l'iri:i." ,mom. liioÚ'

orQ,apoche,sliii

IX_

org,apacne,felix

Do Up Do

com,

da

Cm Pr~~_"

:N"

~""g.~,'¡if.q.m~.Io.tic

S ¡¡'i,~,~,~.ç¡~.~.~1 5 Qi\l.~'i,'S~.~~.ln,rima St'iIiJ "",,¡~,¡l;QI~~-re,,,wr,Oo fals faIr; trY\

;: Ctg.~,~ir.i.m~.Ic,pMt,. St¡,~ (O,J:¥.;JMM,yvn f¡¡1:='r'ns,S5:;~ "(01)' ;(2 t/lls( fßI~ ~abi

Create the Logging Writer

A logging writer is only necessary when a configuration that is different to the default. The default writer will select a default size of 10MB and 5 as the default number of files. 5. Under /apps/geometrixx/config, create a node for the new Apache Sling Logging Writer Configuration. Right-click on the config node. Select New... Node.

. .

Name:

org .apache.sl i ng .commons .Iog .LogManager. factory. writer- TRAIN ING

fype:

sling:OsgiConfig

6. Set the following properties on the new org .apache. sling .commons.log .LogManager. factory .writer-trai ning node:

. .

fype:

.

Value:

../Iogs/training.log

Name:

org .apache.sl i ng .commons.log. fi Ie .size

. . .

Name:

fype: Value:

org .apache.sl i ng .commons .Iog. fi Ie

String

String 1mb

· Name: org.apache.sling.commons.log.file.number

World Standard Softare to Unify Your Business ww.dav_com 93 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.2 20101005

Goal This exercise describes how to configure and manage user authentication and authorization within the CQ5 scope. To successfully complete and understand these instructions, you will need:

II A running CQ5 author instance

Users and Groups Users

Users: A user models either a human user or an external system connected to the system.

The user account holds the details needed for accessing CQ. A key purpose of an account is to provide the information for the authentication and login processes -

allowing a user to log in. Each user account is unique and holds the basic account details, together with the privileges assigned. Users are often members of Groups, which simplify the allocation of these permissions and/or privileges. G-roups: Groups are collections of users and/or other groups; these are all called Members

of a group. Their primary purpose is to simplify the maintenance process by reducing the number of entities to be updated, as a change made to a group is applied to all members of the group. Both users and groups can be configured using the Security Console. You can manage all users, groups, and associated permissions using the Security Console. All the procedures described in this section are performed in this window.

World Standard Softare to Unify Your Business ww_dav_com 95 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.2 20101005

Hide

L. m

r~1'

admit'

admir

admil'Îstrators

adiriristratol$

a rlOnvrrOl.$

arorvrrOt:$

Edit y

v PUD.

f"lcxì,

l Sort

So m

A!ìsor Parker

author

aLtbo,

oortribl.tor

ContribLtors

~'Crjl

e,,'C!Ì''C~

l'11'e

Jo1'l' l:

First, we will create 2 user accounts. After that, we create a group and assign some project specific restrictions to it. Finally, we add the new users to this group.

Creating Users and Groups To create a new user:

1. In the Security window tree list, click Edit) Create) Create User.

Create U;r a

administratois

adrri 11 istrawr:;

anonymous

arlOnyil)

Create Activate

Deactivate Alisol1 Parkr 31.trlor

aiArlor

2. The Create User dialog box appears. Enter the required details and click Create:

World Standard Softare to Unify Your Business ww.day.com 97 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

7. ci ick the Page Perllissions tab. You wi" notice that John has no access to any part of

the website. The default permissions policy in CQ5 is "deny all". In CQ5, permissions grant or deny access to content objects. Privileges are used to assign access to the functionality within the application.

8. Click the Replication Privilege tab. You will note the same. John has no rights to

replicate/activate pages. 9. Click the Privileges tab. You will note that he does not have privileges to modify the

hierarchy. 10. No users are specified as potential impersonators of John.

a aparkerljgeometrixx,com Alison Parker

S ~uthor author is contributor Contributors

~'...v,)var ijo".''-Jetc ';;::::icontent G)',',~:CamDaigns

is everyone everyone

a ¡brown John Brow a ¡doe(ggeometrixx,com John Doe S jsmith Jane

'Ð:'JEnglish (t _::Fran~ais

Smith

m tag-admnistrators tag-administrators in user-administrators user-administrators æ workflow-editors workflow-editors tß workflow-users workflow-users

0J-',:::'Italiari

:ZyJB:iiti "''' ::i;~!User Generated Content ,.t ,''-'-'-'-:Wiki Content

Qtmp );'':ihome

We want now create a group with some access rights you could use in future projects, then put the created user(s) into this group. The requirement list for this group members

looks like: . Provide access only to the consoles Websites and Iligital Assets. That means, denied access to the other ones (fools, Users, Workfow, fagging).

. Members of this group are allowed to modify content of already existing pages located under Geometrixx ~ English, add new paragraphs and delete them. . Pages located under Geometrixx ~ French (Français) should be accessed in read-only mode.

. Page Geometrixx ~ German (Deutsch) is not accessible at all (not visible) to members

of the group.

World Standard Softare to Unify Your Business www.day.cgm 99 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

2. Click the Page Pen-Missions tab. The tree map will open.

3. it's a good idea to provide read-access to entire repository. Project-specific restrictions can be easily added at a later time point. Select the node CQ. Per default, users have all access rights denied. To provide read access to the root node (CQ), double-click under

the column Itead and select "allow" from the appearing drop-down box. Since access rights are automatically inherited to child nodes, all members of the legal group have now read access to all nodes in the CRX repository. 4. Click Save.

Manage Access f:ights for different Websites:

5. Navigate in the tree map to the page you want to add permissions. In our case: CO/ content/Geometrixx Demo Site/English. 6. Click the page in the tree. Notice the permissions specified on the right.

7. Double-click under the column Modify and select "allow" from the drop down list.

8. Do the same for the columns Create and Pelete. The red corner indicates that the item listed has not yet been saved. 9. Save.

10. Navigate to CQ/content/Geometrixx Demo Site/Deutsch and select "denyN in the f:ead

column. 11. Save.

Manage Access f:ights for Pesign:

12. Set Modify rights to "denyN on node CQ/etc/Designs to restrict general usage of all designs or select the appropriate design you want to constrain. Make sure, Read access to designs is still granted, otherwise, page content cannot be correctly rendered. 13. Click Save to persists your modifications into the CRX repository.

World Standard Softare to Unify Your Business ww.dav.com101 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

6. Now let's modify the replication privileges for the French branch. Click Add and select the page CQlcontent/Geometrixx Demo Site/Français. Veny replication privi leges to it. 7. Repeating previous step, Allow replication to CQ/content/Geometrixx Demo Site/

Français/products. 8. Click Save.

m. admin Adminjstratot tp. administrators administrators

a anonymous anonymous ff aparker~geornetrixx,CDm Alison Parker

£. author author at contributor Contributors

ø. everyone everyone

S jbrown John Brown ;S- jdoe(ggeometri::x,com John Doe -S jsmith Jane

Smith

¡n tag-administreitors tag-administrators ~ user-administrators user-administrators ti workflow-editors worklow-editors

fl workflow-users workflow-users

As you can see, you can provide fine-grained replication privileges not only for an entire tree branch, but even on page leveL.

Users without replication privilege granted still have access to the Activate!eactivate

buttons. Clicking on them will not have the desired effect immediately. Instead, a workflow is started which puts the requested action in the inbox of a privileged user requesting him to approve and finish the action. Setting standard privileges:

Standard privileges included in the installation of CQ WCM are for modifying the hierarchy; in other words, creating or deleting pages. The list of privileges available may be extended for your project. 1. Select the Legal group from the list, double-click to open, and click Privileges. 2. The Hierarchy ModHication privileges will be shown. Make sure Veny is selected. 3. If necessarily, click Save. l7eny access rights to consoles:

World Standard Softare to Unif Your Business ww.day.cQm 103 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

6. Follow the link New ACE. The section Local Access Control Policies changes its appearance.

Sclei-L,

AppHæble Accss Control Po!ís 1;0 ilCditlonal policies to apply I.l Access Control Polics

re,,:write jcr.illl jC. rerr.oveChldNoóes

Effecthie Aa:ssCoiirol Po4icies

7. Click the Srowse button. A new window labeled Principal Srowser appears, displaying all available users and groups. 8. Select the Legal group and click the Select button. The window Principal Srowser

closes and the selected group Legal is shown in the column PrincipaL.

World Standard Softare to Unify Your Business www.dav_com 105 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

Applicable Accss Control Policies

Lol Access Control Policies

Effectiv Access Control Policies

I1.Click OK to close the Aecess Control Editor.

12.Repeat steps 3 - 10 to modify the access rights to the other console buttons. The console buttons are represented in CRX by following nodes:

Site Admin (Websites) DAM

Admin

lIibs/wcm/core/content/siteadmi n

/Iibs/wcm/core/content/damadmin

Tools

/Iibs/wcm/core/content/misc

Security (Users)

/Iibs/cq/secu rity /content/adm in

Workflow

II ibs/cq/workflow /content/console

Tagging

/Iibs/cq/tagging/content/tagadmi n

Adding a User and a ~roup to a ~roup

World Standard Softare to Unify Your Business www.dav.com107 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

3. I n the lllpersonate as: box, choose jbrow.,.

The current user is changed to John 8rown.

After you browsed some pages, you can finish impersonation by clicking the im personated user's name and select Revert to self.

Peleting Users or troups To delete a user:

1. In the Security window, select Jane Smith (jsmith). If you want to delete multiple

items, Shift+click or Control+click to select them. 2. Click Edit or right-click the user to bring up the context menu. Select Pelete. CQ WCM asks if you are sure. 3. Click OK to confirm.

World Standard Softare to Unif Your Business www.day.com109 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.2 20101005

Goal You can configure LDAP authentication as a JAAS Uava Authentication and

Authorization Service) module. For this, you need to specify the JAAS configuration file to the virtual machine. This exercise will show you how to integrate with an LDAP server and import users from the LDAP server to the CQ5 instance. To successfully complete and understand these instructions, you will need: II A running CQ5 author instance

II An LDAP server

Setting up a local l,DAP server 1. In the directory distribution/ldap of the training memory stick, you find a zip archive named openldap-2.2.19-ssl-win32.zip. It contains a pre-configured OpenLDAP server already containing a set of test users and groups, ready to be used with CRX.

Extract the zip archive to the C:\ drive. As a result, you'll have the LDAP server

installed in C:\openldap. Open a command shell (Start # Run..., type in cmd, hit enter. In the command shell, change directory to the OpenLDAP folder by

issuing the command cd c:\openldap :

2. Then enter the command slapd -d 1 which starts the LDAP server. The LOAP

server has fully started when you see the following line at the end of the command shell window:

World Standard Softare to Unify Your Business ww.dav.com 111 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

-

5. The LDAPbrowser is pre-configured with the correct login information to access the local directory server. Select the Quick Connect tab.

Anonymous bínd

User Info ON:

Password:

6. Fill in the host name and the port number.

. .

Host: Port:

localhost 389

7. Click fetch l1Ns button to access the Distinguished Name tree. 8. Click Connect.

9. You will see the defined users and groups that will be imported into CQ5.

World Standard Softare to Unify Your Business ww.day.com 113 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

-

class="org. apache. jackrabbi t. core. securi ty. simple. SimpleWorkspac eAccessManager" I'?

.iUserManager class="com. day. crx. core. CRxuserManagerlmpl "'? .iparam name="usersPath" value=" /home/users" I'? .iparam name="groupsPath" value=" /home/groups" I;:

.iparam name="defaultDepth" value=" i" I'? .i /UserManager'? ~/Securi tyManager'?

JAAS works on the basis of "LoginModules". In a JAAS configuration file you can define a sequence of login modules.

An incoming request will be accepted by the first defined login module for authentication. If the login module cannot authenticate, the request will be passed on to the next login module in the list of definitions.

In this configuration, the first login module configured is the native CRXLoginModule, which tries to authenticate using CRX's local users:

com.day.crx.core.CRXloginModule suffcient; Only if the user of the request cannot be found among the local CRX users, the request will be handed over to the next login module, which is the LDAP login

module:

World Standard Softare to Unif Your Business ww.day.com 115 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

-

autocreate. group. cn=" rep: cn" autocreate. group. localadrin=" adrin"

autocreate . group. uniquernember = "uniquernember"

autocreate . group. description = "description" autocreate. path=" splitdn" cache .expiration=" 600"

cache.rnaxsize=" 100" ; J;

NOTE

The IdapJogin.conf configuration information used for this exercise is specific to the LDAP server provided for this exercise. You configuration information will be different and specific to your directory server.

7. Restart CQ5 for the changes to take effect. From the command line start CQ5 with the following option: java - Djava.security.auth.login.config=crx-quickstartl server l etcl Idap_login.conf -jar cq-author-4502Jar

CRX logs a message (default logging config) confirming which authentication configuration will be used: · default Repository Login-configuration · external JAAS login-configuration

*INFO*DefaultSecurityManager: init: use Repository Login-Configuration for

corn. day. crx *INFO*DefaultSecurityManager: init: use JAAS login-configuration for com. day. crx

Importing Users from LDAP to CQ5 The LDAP example configuration file contains 5 groups: Authors, Marketing,

Human Resources, Products and Management. All groups are member of the Authors group. The users themselves are distributed over the department-specific groups;

none of them is explicitly in the Authors group, but implicitly, since their specific groups themselves are members of the Authors group.

World Standard Softare to Unify Your Business ww.day.com 117 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.2 20101005

II 5. Examine the Idap.log and error-log files from CRX to debug for errors. The online documentation provides you comprehensive information regarding LDAP

connectivity to CRX. Check out some of the pages under day.com/content/docsl

urrent/admin ng/ldap....authentication.html . Congratulations! You have successfully integrated CQ5 with an LDAP server and

imported a set of users and groups from that server.

World Standard Softare to Unify Your Business ww.dav.com11 9 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.2 20101005

-

Performance Optimization Methodology A performance optimization methodology for CQ projects can be summed up to five very simple rules that can be followed to avoid performance issues from the get go. These rules, to a large degree, apply to Web projects in general, and are

relevant to project managers and system administrators to ensure that their projects will not face performance challenges when launch time comes.

Planning for Optimization Around 10% of the project effort should be planned for the performance

optimization phase. Of course, the actual performance optimization requirements will depend on the level of complexity of a project and the

experience of the development team. While your project may ultimately not

require all of the allocated time, it is good practice to always plan for performance optimization in that suggested range. Whenever possible, a project should first be soft-launched to a limited audience in order to gather real-life experience and perform further optimizations,

without the additional pressure that follows a full announcement.

Once you are "live", performance optimization is not over. This is the point in time when you experience the "real" load on your system. It is important to plan for additional adjustments after the launch.

Since your system load changes and the performance profiles of your system shifts over time, a performance "tune-up" or "health-check" should be

scheduled at 6-12 months intervals.

Simulate Reality If you go live with a Web site and you find out after the launch that you run into performance issues there is only one reason for that: Your load and

performance tests did not simulate reality close enough.

Simulating reality is diffcult and how much effort you will reasonably want to invest into getting "real" depends on the nature of your project. "Real" means not just "real code" and "real traffc", but also "real content", especially

regarding content size and structure. Keep in mind that your templates may behave completely different depending on the size and structure of the

repository. Establish Solid Goals

World Standard Softare to Unify Your Business ww.day.com121 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

The above numbers assume the following conditions: .. measured on publish (no authoring environment and/or CFC overhead) .. measured on the server (no network overhead) .. not cached (no CQ-output cache, no Dispatcher cache) .. only for complex items with many dependencies (HTML, JS, PDF, ...)

.. no other load on the system

There are a certain number of issues that frequently contribute to performance issues which mainly revolve around (a) dispatcher caching ineffciency and (b) the use of queries in normal display templates. JVM and as level tuning usually

do not lead to big leaps in performance and should therefore be performed at the very tail end of the optimization cycle.

Your best friends during a usual performance optimization exercise are the request.log, component based timing, and last but not least - a

Java profiler.

How to monitor Page response times: To monitor Page response times: 1. Navigate to and open the file request.log located at -(cq-install-dir:: jcrxquickstartjlogs. 2. Request a Page in author that utillizes your Training Template and

Components. .. e.g. /content/training/en/company

3. Review the response times directly related to the previous step's request. · A Page request of /content/training/en/company

World Standard Softare to Unify Your Business ww.day.com123 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

fo lfonitor COllponent based tilling: 1. Request a Page in author that utilizes your Training Template and

Components. II e.g. /content/training/en/company

2. View the HTML source of the Page requested in step 1. 3. Navigate to and se lect the "filling chart URL" located in the HTM L sou rce. II You wìl find this URL most likely near the bottom of the HTML source, as it is

generated by the foundation timing Component

~~(!iv claS5="toolbar")-~;sc.ril)t type="te:-tr javascr ipt ,,)co. ùrCM. edit (( "path": "/content/traìning/en/company/ jcr: content/toolbar" r "type -(I sc.ript)-

-(/div:; -(àiv class="disc lairner":;dìsc laimer.(/ (h.".;" -z/div).

HTML source timing chart urI 4. Copy the "Tilfing chart URL" - then paste it in the address bar of your favorite

Web browser.

5. Investigate the visual output to identify any Component that may be causing a slow response time.

World Standard Softare to Unify Your Business www.day.com125 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

To find long lasting requests/responses:

1. Navigate to the helper tool rlog.jar located in .:cq-install-dir;: /crxquickstart/opt/helpers using your command line.

DOS location of rlogJar

2. Enter the command java -jar rlog.jar in your command line to get help concerning possible arguments.

DOS rlog.jar help

World Standard Softare to Unif Your Business www.dav.com127 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

2. Select Ctrl-Shift-U to view the timing statistics for that Page. ¿ge lo¿d $~.eic$eic$: I 635 m$ $~¿rt huilding edieing= 676 I 676 m$ Compl ete document lo.ded

I 6SO m5 5~¿rt render ing rollover i I 68i m5 Compl eted render ing rollover

I 687 m5 St.re render ing rollover i --i ---

I I I I

688 692 693 698

m$ Compl eted render m5 St.r~ render ing m5 Compl eted render rn5 St.rt render ing

ing rollover rollover ing rollover rollover i I 699 m5 Completed rendering rollover --- I 737 rn5 St.rt rendering rollover i I 73S m5 Completed rendering rollover

I 743 m$ St.rt render ing rollover o I 743 rns Completed rendering rollover

I 748 ms St.rt render ing rollover i I 749 ms Co~.leted rendering rollover

I 754 m5 St.rt rendering rollover i I 7SS m5 Completed rendering rollover

I 810 m$ St.re rendering rollover o I S10 rns Compl eted render ing rollover

I 821 rns finished huil ding edit ings 3ii I 987 ms 5t.rt render ing s idek iek i47 I ii34 ms - Coi~leted rendering $idekiek

Page timing statistics Congratulations! You have successfully viewed the timing statistics for a Page.

Again, this is to aid you in reviewing the performance of specific Pages, so that you may meet your project's performance goals.

fo investigate a systell where sOlle processes are really sloYl but not blocking:

A simple CPU profiling tool is included with CRX 2.0.x. To start it, open: http://localhost:4502/crx/diagnostic/prof. jsp

1. Set the sample interval and stack depth (or use the default)

2. Click "Start Collecting" and wait to collect data while your slow process executes 3. Click "Stop" to stop data collection

4. Examine the results Additional External fools:

World Standard Softare to Unify Your Business ww.day.com129 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

Goal If an application opens JCR sessions explicitly, it is the responsibility of the developer to ensure the proper closure of these sessions. If not, such sessions will not be subject of garbage collection and thus will stay in memory, causing above listed symptoms. Each JCR session (CRXSession) creates and maintains its

own set of caches which adds to the overall resource consumption. In this exercise, we will generate stack traces for the CQ5 instance and analyze those traces with session_analyzer.jar. To successfully complete and understand these instructions, you will need: · A running CQ5 Author instance · session_analyzer.jar from the USB stick

Finding Unclosed Sessions

1. Discover the process id for the CQ5 process by issuing the following

command in a command line window: jps-I

2. Run following command to determine the overall number of current CRXSessions held in memory:

jmap -histo .-pid'? I grep CRXSessionlmpl

World Standard Softare to Unify Your Business ww.day.com131 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.2 20101005

-

This will generate a new file output.txt that contains the stack trace of unclosed sessions, sorted by stack trace content. Each stack trace is one line, and 'compressed' a bit (repeated prefixes are removed). The session id is at the end of the line. corn. day. crx. j 2ee. JCRExplorerServlet. login (JCRExplorerServlet. java: 521) ResourceServlet. spoolResource (ResourceServlet. java: 148) java.lang.Thread.run(Thread.java:595): session# 10023

This example means session #10023 was not closed, and the stack trace included the given lines when the session was opened. Based on this output you should be able to find the defect code location and fix the problem. Congratulations! You have successfully found and analyzed unclosed JCR

sessions.

World Standard Softare to Unify Your Business www.dav.com133 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

CRXDE Lite Console

2. If the /apps/geometrixx/config folder does not exist:

a. Navigate to /apps/geometrixx. b. Right-click on the geometrixx node. c. Select Create and follow the arrow to Create Node.

Ji~..." r~

d. Fill in the dialog box: Name: Type:

config sling:Folder p~ enter !"rx ii~ aM ~ i'1l. i..me:

typ:

CNce

Create Node dialog

World Standard Softare to Unify Your Business ww.day.com135 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

Goal Sometimes it makes sense to analyze the network traffc between the client (web browser) and the server (CQ5) to detect possible bottlenecks. For this purpose we use a tool provided out-of-the-box by CQ5 : proxy.jar.

This tool redirects all HTIP requests to/from the server. This utility, which logs the complete HTTP conversation, is installed as a proxy between a client and a server.

Proxy.jar is not aware of the underlying application protocol. It simply dumps the complete communication stream including content and headers. This means, you can use the application to analyze traffc of any protocol e.g., SMTP, LDAP, HTTPS, etc. Proxy.jar can also be used as a simple port forwarding proxy

if you need to go through a different port to test a CQ5 instance. Note: Proxy.jar can be used to:

· Check for cookies and their values · Check for HTTP request and response headers and their values · Check if "Keep-Alive" works

· Find lost requests · Find hanging requests

In this example, we will install proxy.jar between the browser client and CQ5. To successfully complete and understand these instructions, you will need: · A running CQS Author instance

· proxy.jar from -(lnstalIDir /crx-quickstart/opt/helpers · proxytext.zip content package containing a sample template for use with proxy.jar

Install the Proxy Test Template 1. Open the CRX Content Explorer Console of your instance

http://localhost:4502/crx 2. Login as admin.

World Standard Softare to Unify Your Business ww.day.com137 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

-

The available parameters are: Parameter

Description

host

Host of running C05 instance,

remote port

The port used by CQ5 instance on which proxy. jar wil forward all

e.g.

"Iocalhost'

requests.. e.g. "4502". local port

on which proxy. jar is listening.

e.g. "44",

The available options are: Option

Decription

~q

Quiet Mode Use it if you don't want proxy.jar to

send its output to the console (since

outputtng to the console slows down the connection), you can redirect the output to a log file with this option. Binary Mode

~b

This

option helps you look for specìfic byte combrnations in the traffic. The contain hexadecimal and cnaraceroutput.

output wil

log entries

-t

option adds a timestamps to each log entry. The time resolution is in checking single requests. Use the Timestamps option if you run proxy .j ar over a longer time period.

seconds. This may not be suitable for

-Iogfîle dlename;:

Write to a log file

Dumps the conversation into a log file, even if in "Quiet Mode -q".

-I c:umlndention~

Add Indention For better readabilty, each active connecion gets. indented. If the default 16 levels do not suit you fine, you can change the amount by adding the ..umlndentions;: you want.

2. Start up proxy.jar with the following command: java -jar proxy.jar local

host 4502 4444 -Iogfile proxytest.log

World Standard Softare to Unify Your Business ww.dav.com139 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.2 20101005

3. Open the log file proxytest.log and analyze a section of log entries. Keep in

mind that we used a simple script displaying some text and a .png image. So we should see two connections for this related request. Any other connections

are the result of the welcome page and authentication mechanism. Startup Info: Starting proxy for localhost: 4502 on port 4444 using logfile: /cq5/author/crx-quickstart/opt/helpers/proxytest. log

The start of the first connection (0) requesting the main HTML page. The HTTP header fields are listed: C-O-#OOOOOO -~ (GET /proxytest.html HTTP/I.l ) C-0-#000030 -~ (Host: localhost:4444 ) C-0-#000052 -~ (USer-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5;

en-US; rv:I.9.lb3) Gecko/20090305 Firefox/3.lb3 )

C-0-#00016I -~ (ACcept: text/html, application/xhtml+xml, application/ xml; q=O. 9 , * / * ; q=O . 8 ) C-0-#000234 -~ (Accept-Language: en-us,en;q=0.7,fr;q=0.3 ) C-0-#000276 -~ (ACcept-Encoding: gzip,deflate ) C-0-#000307 -~ (ACcept-Charset: ISO-8859-I,utf-8;q=0.7,*;q=0.7

The client requests a "Keep Alive" connection (wants to send multiple requests over the same connection): C-0-#000355 -~ (Keep-Alive: 300 ) C-0-#000372 -~ (Connection: keep-alive

This proxy tool is also useful to verify if cookies are properly set or not. Here we see a generated cookie named JSESSIONID. This cookie is automatically

created if not explicitly denied in the JSP script using o(%(Q page session="false" ?:

C-0-#000396 -~ (Cookie: clickstreamcloud=marketing: interest/product=l3, marketing: interest/ business=63, marketing: interest/ investor=58 , marketing: interest/servic)

C-0-#000537 -~ (es=46 ,marketing: interest/employment=6; ys-cq-cf -c lipboard=o% 3Acollapsed % 3Db%2 53AI; ys-cq-cf-east=o% 3Acollapsed% 3Db

%253AI;

ys-cq-cf-tabpanel=o) C-0-#00067 8 -~ (%3AactiveTab%3Ds%253AcfTab-Images;

World Standard Softare to Unify Your Business ww.day.com141 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

S-1-Finished: 22899 bytes (1.0 kb/s)

C-1-Finished: 6271 bytes (0.0 kb/s) S-O-Finished: 138895 bytes (6.0 kb/s) C-O-Finished: 7398 bytes (0.0 kb/s)

The above exercise is simple and the log entries should be easy to analyze, since the two connections occur one after the other (first HTML request, then

the browser realizes that it has an image to request and opens a second connection). Generally, a normal page generates many parallel requests for images, css, javascript files, etc., each of which are referenced within the HTML

stream. So the log entries will overlap on parallel open connections. In that case, it's recommended to start the proxy with option "-i", (add indentions) to get better readability. Congratulations! You have successfully analyzed a conversation between a CQ5

browser client and the CQ5 server.

World Standard Softare to Unify Your Business ww.dav.com143 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

-

As with any upgrade, you should carefully consider value versus risk for your deployment. This includes testing the planned upgrade to ensure it passes your acceptance tests.

What will be Upgraded The repository upgrade, as recommended here, has the following effect on the system. The following are upgraded: · Infrastructure: CRX Repository with all repository management and

development tools · CQS Platform: CRXDE support package for CRXDE Lite and CRXDE

The following are not upgraded: · Apache Sling and Apache Felix framework

· None of the CQ5 application components (bundles); with the exception of the CRXDE support package

The recommendation not to upgrade the Apache Sling and Felix frameworks, or any other application components, ensures that the stability of the CQ5

application as a whole is retained by minimizing the changes. The following are removed:

· CRXDE Lite was a separate web application in CQ 5.3 (CRX 2.0). It is now integrated into the main CRX web application.

World Standard Softare to Unify Your Business ww.day.com145 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

-

~..~~ ~1;:IIOtl~AG. "'~.."" 12. Using the CQSE admin console, Stop the CRX Launchpad application

13. Stop and Remove both: · Icrxde (the CRXDE application) · Icrx (the CRX application) 14. Add a new:

· Icrx referencing the following file from the unpacked CRX 2.1: crx-quickstart/ server /webapps / crx-explorer _crx.war

World Standard Softare to Unify Your Business www.day.com147 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

-

5. Restart CQ to ensure that all OSCi bundles have been started. NOTE In case of problems with CQ startup, please open the Apache Felix Web Management

Console (http://-:host:; :-:port:; /system/console) and check if all the bundles have been started. If a restart does not help, please start the bundles manually.

15. Confirm the upgrade of CRX by

accessing:

· CRX for example, http://localhost:4502 /crx /index.jsp The version details on the welcome screen will now show 2.1. · CRXDE Lite

for example, http://localhost:4502 /crxdel The version details on the welcome screen will now show 2.1.

· CQ use CQ to access your content, check everything is operating as expected. CAUTION You must test the operation of the upgraded instance; highly customized

items may need to be upgraded separately. NOTE CRXDE Lite is now bundled with CRX (and not a separate webapp), access

using /crxde; for example, http://localhost:4502/crxdel).

World Standard Softare to Unify Your Business ww.day.com149 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

sudo In -s dispatcher-apache2.2-4.0.6.so mod_dispatcher.so

After doing so you will be able to see in the finder the file mod_dispatcher.so in the /usr/libexec/apache2/ folder

indude !ib Hbexec II airportd

apache2 dispat cher-apadie2, 2 -4,0,6.50

hupd.exp

Apr 20, 20lD 9:02 AM Mar 19, 2010 4:09 I'M Apr 20, 20lD 9:02 AM Apr 20, 2010 9:07 AM Feb 11,2010 3:34 AM Today, 1:44PM Today, 136 PM Oct 16,2009 5:11 AM

II mod_actionsso

Feb 11, 20lO 5:32 AM Dec 9, 20097:25 I'M

II mod_aHauo

Dec 9. 2009 7:25 PM

II mod_así,so

II mcd_aUlhIUIMll,SO

Dec 9,20097:25 I'M Dec 9, 2009 725 PM Dec 9, 2009 725 PM Dec 9, 2009 725 PM

II mod_auth,ullx:Lso

Dec 9, 2009 7:25 PM

II mod_authn_dbm"o

Dec 9. 2009 7:25 PM

II mO(Cauthn_defaulLSo

Dec 9.20097:25 PM

II mod_aulhn_f¡e,so

Dec 9, 2009 7:25 PM

II m()tauthz_dbm,so

Dec 9. 2009 7:25PM

II mod_aulhz_defauILSO

Dec 9. 2009 7:25PM

II Ubphp5,so

II mod_auth_basic50 II mod3lUlh_digesi.SO

18.Next, in the finder window of /private navigate to /private/etc/apache2

and copy the dispatcher.any file from the unpacked dispatcher archive to this location.

Configuring httpd.conf Tell Apache about the Dispatcher. In the folder /private/etc/apache2 you will

find the httpd.conf file (we are using the default apache server that comes with MacOS X). You can also use the httpd.conf file attached that comes with the

dispatcher archive from the USB memory stick.

Follow the instructions in Exercise - Add the Dispatcher to the Apache WebServer with the following exceptions:

World Standard Softare to Unify Your Business www.day.com151 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.2 20101005

-

The http server process has to have read/write access to that folder in order to write the cache files. You can of course choose another folder but then you have to be sure that the httpd server daemon has read and write access to it (chown, chgrp).

1. You must create this folder using a terminal window. Enter the following

commands: cd / Library /WebServer /

then this mkdir cache

2. Change the owner and the group of the cache folder sudo chown _www cache sudo chgrp _www cache

Restart Apache 1. Launch your system preferences

2. Then click sharing in the internet and wireless group of preferences 3. Then launch the webserver by clicking Web sharing. Your apache webserver will be running then on the port 80.

If you see Web Sharing already running, stop it and relaunch it so that your Apache server can get the new configuration loaded

World Standard Softare to Unify Your Business ww.day.com153 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

DO'Taín Name d.iy.com

Search Base

Admín Usef~1D adf~iif1

Password p.iS5

Contall

Importing Initial Users and Groups We need a tool to help us import our initial groups and users into the LDAP

server so that we can test our CQ5 configuration. For that we will use the Apache Directory Studio. We could use probably the LDAP Enabler application but then we would have to

enter everything by hand. The Apache Directory Studio lets us import Idif files. NOTE

Actually, you can use any other application that allow you to import Idif files. CAUTION Don't close the LDAP Enabler application though, cause then you'll be shutting down the

LDAP server.

1. Copy the ApacheDirectoryStudio-macosx-..version;: .dmg file from ..USB;: /

distribution/MaclDAP to your Applications folder. Or you can download it from http://directory.apache.org/studiol . 2. Install the Directory Studio.

3. After launching Apache Directory Studio, configure the connection to the LDAP server. Click on the yellow icon (Idap) in the left bottom corner of the appl ¡cation.

World Standard Softare to Unify Your Business ww.dav_com 155 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.2 20101005

Bind password: pass

Authentîcation Please select In oluthel1ti71eiltío11 method and ínput authertifìcJtior (Jat,L

8. Click on "Check Authenlication" in order to see if our parameters are defined

correctly. If the test is successful, a message should appear saying that "the authentication was successful". 9. If the was successful, click on Finish, all the other parameters used are defaults. 10. Our connection is verified and we can check the LDAP browser. The LDAP browser is will be partially hidden by the LDAP connection window so minimize the LDAP window or just click on the window that is underneath. See figure below:

; Opel'Ciirinean

World Standard Softare to Unif Your Business ww.day.com157 Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.2 20101005

View more...

Comments

Copyright ©2017 KUPDF Inc.
SUPPORT KUPDF