Saturday, September 15, 2018

Improve the performance of the Adobe Experience Manager(AEM) websites

Improve the performance of the Adobe Experience Manager(AEM) websites


This post explains my experience on improving the Adobe Experience Manager(AEM) website performance

"Cache as much as possible" - CDN layer:


The caching is the important thing to be considered for improving the performance, in AEM setup the dispatcher will be used for caching the static content.
The CDN can be added on top of dispatcher to distributed caching to support the caching in different region to provide better performance. As the CDN is distributed at least by region the user will be served from nearby region to improve the performance. in this setup publishers will be only receive the initial request and subsequent request will be served by CDN and dispatcher.

There are multiple CDN options like Akamai and AWS Cloud Front. The request flow diagram below

network_flow_aem

Cache-Control max-age header:


Specify the cache control header with required max-age value to control the amount of time the files are cached by browser.

Add higher max-age values for static resources so that the browser caching can be used optimaly for bettwr performance.

The max-age can be be added as part of the virtual host configuration. e.g

<filesMatch ".(css|js|)$">
Header set Cache-Control "max-age=2628000"
</filesMatch>

<filesMatch ".(jpg|jpeg|png|gif|html|ico)$">
Header set Cache-Control "max-age=900"
</filesMatch>


Versioning of CSS and JS files:


The performance gain is achieved through browser caching static files for specified time(max-age). The browser cache busting is important to update the modified static files in browser, say the browser has the CSS file cached for one month and you want to change the CSS. You need a strategy for breaking the cache and forcing the browser to download a new copy of the CSS.

Change the version number of the static files upon modification so that the browser cache will be updated with new file irrespective of the max-age configuration. 

The versioning of static resources can be enabled in AEM through "ACS Commons Versioned Clientlibs" - https://adobe-consulting-services.github.io/acs-aem-commons/features/versioned-clientlibs/index.html


Read more »

Posted by Tech Forum at 9/15/2018 12:25:00 AM 1 comments edit_icon

Labels:

Wednesday, September 12, 2018

java.lang.UnsupportedOperationException: Deserialization not allowed for class [Ljava.lang.Object; - Adobe Experience Manager(AEM)

java.lang.UnsupportedOperationException: Deserialization not allowed for class [Ljava.lang.Object; - Adobe Experience Manager(AEM)

We were receiving the following exception while deserializing the objects in AEM

java.lang.UnsupportedOperationException: Deserialization not allowed for class com.test.Test; (on Wed Sep 12 16:32:50 CDT 2018)
        at org.kantega.notsoserial.DefaultNotSoSerial.preventDeserialization(DefaultNotSoSerial.java:256)
        at org.kantega.notsoserial.DefaultNotSoSerial.onBeforeResolveClass(DefaultNotSoSerial.java:248)
        at org.kantega.notsoserial.ObjectInputStreamClassVisitor.onBeforeResolveClass(ObjectInputStreamClassVisitor.java:48)
        at java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1819)
        at java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1713)
        at java.io.ObjectInputStream.readArray(ObjectInputStream.java:1874)
        at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1529)
        at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:2231)
        at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:2155)
        at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:2013)
        at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1535)
        at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:2231)
        at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:2155)
        at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:2013)
        at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1535)
        at java.io.ObjectInputStream.readObject(ObjectInputStream.java:422)

The issue is due to the class name was not white listed in "Deserialization Firewall Configuration",Deserialization Firewall  help as to mitigation the deserialization attacks in Java
It gives you complete control over which classes your application should be allowed to deserialize.

deserialization_firewall_aem
The error got changed to the below one after white listing the custom package name in "Deserialization Firewall Configuration".

java.lang.UnsupportedOperationException: Deserialization not allowed for class [Ljava.lang.Object; (on Wed Sep 12 16:32:50 CDT 2018)
        at org.kantega.notsoserial.DefaultNotSoSerial.preventDeserialization(DefaultNotSoSerial.java:256)
        at org.kantega.notsoserial.DefaultNotSoSerial.onBeforeResolveClass(DefaultNotSoSerial.java:248)
        at org.kantega.notsoserial.ObjectInputStreamClassVisitor.onBeforeResolveClass(ObjectInputStreamClassVisitor.java:48)
        at java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1819)
        at java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1713)
        at java.io.ObjectInputStream.readArray(ObjectInputStream.java:1874)
        at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1529)
        at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:2231)
        at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:2155)
        at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:2013)
        at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1535)
        at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:2231)
        at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:2155)
        at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:2013)
        at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1535)
        at java.io.ObjectInputStream.readObject(ObjectInputStream.java:422)

The class name "[Ljava.lang.Object" should be white listed as the deserialization type is array of custom objects, the "Deserialization Firewall Configuration" already enabled with default value "[" so that all the arrray type should be white listed.

In our case unfortunately the default "[" value was removed from the configuration and due to that the serialization for array types are rejected. The issue got resolved after adding the default value "["

Please make sure the default value "["  is not removed from white list to support array type.

deserialization_firewall_aem

This is for my reference but i am happy if this help someone.


Posted by Tech Forum at 9/12/2018 08:44:00 PM 0 comments edit_icon

Labels:

Thursday, September 6, 2018

Adobe Experience Manager(AEM) On-Premises to Adobe Managed Service(AMS) Cloud Migration

Adobe Experience Manager(AEM) On-Premises to Adobe Managed Service(AMS) Cloud Migration


This post explains the different things that should be considered while migrating On-Premises Adobe Experience Manager(AEM) platform to the AWS cloud managed through AMS.

AMS cloud migration provides lot of benefits -

  • Extend the server capacity based on the demand
  • Quick spinning up of new servers
  • Less management and initial setup cost
  • Better security and monitoring of platform
  • Streamlined process
  • Higher availability

We have to consider this option based on the how much control we require on the production environment - AMS environments will be restricted for client access.

AMS_deployment_model

Below are some of the important items need attention while migrating the On-Premises AEM platform to AMS Cloud.

Deployment options:


 There is different deployment options available based on the SLA

AMS_deployment_by_SLA


Read more »

Posted by Tech Forum at 9/06/2018 10:35:00 PM 0 comments edit_icon

Labels:

Tuesday, September 4, 2018

How to use Luke(Lucene Index Toolbox) to analyze Lucene Index in AEM(Adobe Experience manager)

How to use Luke(Lucene Index Toolbox) to analyze Lucene Index in AEM(Adobe Experience manager)


This post will explain the details on analyzing the created Lucene index in AEM(Adobe Experience Manager)

Retrieve the Lucene Index:


By default in Oak the Lucene Index files are stored in NodeStore and will not be accessible directly but if the following configurations("Enable CopyOnRead" or "Enable CopyOnWrite" ) are enabled in "Apache Jackrabbit Oak LuceneIndexProvider" the Lucene Index will be copied to Local files system path, If the "Local index storage path" not specified then indexes would be stored under 'index' dir under Repository Home (localIndexDir)

Lucene_index_provider

Index_on_local_file_system_aem

Index_on_local_file_system_aem

If the index is copied to loacl file system this can be directly accessed,the index is stored in the file name starts with segments

Index_on_local_file_system_aem
The mapping between local path and the index can be found here - localhost:4502/system/console/jmx/org.apache.jackrabbit.oak%3Aname%3DIndexCopier+support+statistics%2Ctype%3DIndexCopierStats(this URL will available only if the above mentioned properties are enabled)

Index_status_oak_aem


The below steps can be be followed to retrieve the indexing files if the index files are not stored in local.

Download oak-run-x.x.x.jar that corresponds to AEM Oak version, the AEM Oak version can be identified from CRXDE(the oak-run version 1.4.1 was not working and i downloaded 1.8.0 version - https://repository.apache.org/service/local/artifact/maven/redirect?r=releases&g=org.apache.jackrabbit&a=oak-run&v=1.8.0)

Execute java -jar oak-run-1.8.0.jar index <Node Store Path> e.g. java -jar oak-run-1.8.0.jar index C:\Albin\Development\AEM\6.2\crx-quickstart\repository\segmentstore to identify the available indexes, the index stats and index definitions under the folder from where the command is executed

The index is stored in the file name starts with segments


oak_run_available_index

The indexing status and the definitions can be accessed from the following URL also - http://localhost:4502/system/console/jmx/org.apache.jackrabbit.oak%3Aname%3DLucene+Index+statistics%2Ctype%3DLuceneIndex


Read more »

Posted by Tech Forum at 9/04/2018 09:20:00 PM 0 comments edit_icon

Labels:

Friday, August 17, 2018

How to Enable Cross Origin Resource Sharing(CORS) support in AEM(Adobe Experience Manager)

How to Enable Cross Origin Resource Sharing(CORS) support in AEM(Adobe Experience Manager)


Cross-origin resource sharing (CORS) is a mechanism that allows restricted resources on a web page to be requested from another domain outside the domain from which the first resource was served.

Sometimes we may have scenarios to expose the AEM services to be invoked from cross origins, this post explains the different approaches to enable the Cross Origin Resource Sharing Supports.

The CORS support is introduced OOB in AEM 6.3 version, refer https://helpx.adobe.com/experience-manager/kt/platform-repository/using/cors-security-article-understand.html for more details.


Enabling CORS for older AEM versions(<6.3)


The request is failed with below exception in browser console while trying to invoke cross origin(service hosted in different domains) services through Ajax.

"Failed to load http://localhost:4503/bin/sampleJSONPService: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access".

There are two approaches to enable the Cross Origin Requests

  • JSONP
  • CORS Headers

JSONP


JSONP stands for JSON with Padding, JSONP is a method for sending JSON data without worrying about cross-domain issues.
JSONP supports only the GET request method, JSONP works on legacy browsers.

Enable the service to rerun the JSON response with Padding


@SuppressWarnings("serial")
@SlingServlet(
   selectors = "json",
   paths = "/bin/sampleJSONPService",
   methods = "GET")
public class SimpleServlet extends SlingSafeMethodsServlet {

    @Override
    protected void doGet(final SlingHttpServletRequest req,
            final SlingHttpServletResponse resp) throws ServletException, IOException {
    resp.setHeader("Content-Type", "application/json");
    resp.setHeader("X-Content-Type-Options", "");
    String callback=req.getParameter("callback");
       
    JSONObject response = new JSONObject();
    try {
response.put("test1", "testvalue1");
response.put("test2", "testvalue2");
response.put("test3", "testvalue3");
response.put("test4", "testvalue4");
} catch (JSONException e) {
e.printStackTrace();
}
   
    if(callback!=null && !callback.trim().equals("")) {
    resp.getWriter().write( callback + "("+response.toString()+ ")");
    }else
    {
    resp.getWriter().write(response.toString());
    }   
   
    }
}

The above service return the JSON response with padding

Invoke the JSONP service from Ajax


<html>
<head>
<script
  src="https://code.jquery.com/jquery-3.3.1.min.js"  integrity="sha256-FgpCb/KJQlLNfOu91ta32o/NMZxltwRo8QtmkMRdAu8="  crossorigin="anonymous">
</script>
</head>
<body>

Test Data (<span class="testData">Default</span>)

<script>
var dataUrl = 'http://localhost:4503/bin/sampleJSONPService.json?callback=?';

$.ajax({
url: dataUrl,
dataType: 'jsonp',
success: function(data) {
jQuery('.testData').html('').text(data.test1)
}});
</script>
</body>
</html>


This will provide the response without any issue

test({"test1":"testvalue1","test2":"testvalue2","test3":"testvalue3","test4":"testvalue4"})


CORS Headers


Cross-Origin Resource Sharing (CORS) is a mechanism that uses additional HTTP headers to tell a browser to let a web application running at one origin (domain) have permission to access selected resources from a server at a different origin. CORS also supports other types(other than GET) of HTTP requests, CORS is supported by most modern web browsers.

The Access-Control-Allow-Origin response header indicates whether the response can be shared with resources with the given origin.

e.g.
Access-Control-Allow-Origin "*"   supports the Cross Origin requests from all domains
Access-Control-Allow-Origin "https://example.com" supports Cross Origin requests only from https://example.com

Enabling Access-Control-Allow-Origin header


The header can be enabled directly in the service response or thorough apache configuration

Though Service response - Add Access-Control-Allow-Origin header with required value in the service response


@SuppressWarnings("serial")
@SlingServlet(
   selectors = "json",
   paths = "/bin/sampleJSONPService",
   methods = "GET")
public class SimpleServlet extends SlingSafeMethodsServlet {
    @Override
    protected void doGet(final SlingHttpServletRequest req,
            final SlingHttpServletResponse resp) throws ServletException, IOException {

Read more »

Posted by Tech Forum at 8/17/2018 10:30:00 AM 2 comments edit_icon

Labels:
Subscribe to: Posts (Atom)