Sling Models are annotation-driven Java "POJO's" (Plain Old Java Objects) that facilitate the mapping of data from the JCR to Java variables and provide several other niceties when developing in the context of AEM. When you adapt to a sling model, the model factory returns the specific model implementation; the returned model implementation is selected through the model pickers.
In this post, let us dive deep into how this model picking works internally.
The Sling Model Framework has the Implementation Picker to select the specific model implementation.
The Implementation Picker interface can be referred to here — ImplementationPicker (Apache Sling 8 API); the picker interface is enabled with a picker method responsible for selecting a specific model implementation.
The Sling Framework, by default, has the below picker implementations.
First Implementation Picker:
This is the default picker implementation; it picks the first implementation from the list alphabetically ordered by class name. If there are multiple implementations of the specific models, this one selects the first one and returns it to the requestor. First Implementation Picker will be used if no other implementations support picking the model implementation.
The service ranking is set to the highest (Integer.MAX_VALUE) to support more custom picker implementations.
All the core components reference the model interface directly — com.adobe.cq.wcm.core.components.models.Carousel; the model implementations are always enabled with a specific version, so the Resource Type Based Resource Picker will not pick any model implementation, and the picking is delegated to the Latest VersionImplementation Picker, and this always returns the latest model implementation based on the version number — e.g.,com.adobe.cq.wcm.core.components.internal.models.v1.CarouselImpl).
The External models that implement Core Component interfaces have precedence over internal models, allowing us to enable model delegation for the core components.
The custom picker implementation can be enabled by implementing the org.apache.sling.models.spi.ImplementationPicker interface and picker method with your custom model picker logic; the ranking should be enabled accordingly to ensure the default implementations are not impacted.
Most of the time, web developers need help understanding the basics of SSL certificate management, the SSL management may be taken care of by separate admin teams but understanding the basics helps them to manage the SSL process quickly. In this post, I will discuss the SSL certificate management basics that help Web Developers understand the SSL management process and help them in their work.
What is an SSL certificate?
An SSL (Secure Sockets Layer) certificate is a digital certificate that authenticates the identity of a website and encrypts information sent to the server using SSL technology. When a user attempts to send confidential information to a Web server, the user’s browser accesses the server’s digital certificate and establishes a secure connection. This is mandatory to enable an SSL certificate (HTTPS) when the website collects sensitive information from the users.
If the SSL certificate is enabled for a website, the website can be accessed through HTTPS (i.e., https://ww.albinsblog.com). The browsers help you determine if a website has an SSL certificate by displaying a small image of a lock by the URL.
SSL providers (CA):
SSL certificates are issued by Certificate Authorities (CAs), organizations that are trusted to verify the identity and legitimacy of any entity requesting a certificate. Before issuing a certificate, a certificate authority will examine the credentials of the person or organization that has asked for the certificate.
Multiple CAs issue SSL certificates, Digi Cert, Comodo, etc.; most are paid, but some free CAs (e.g., Lets Encrypt) are available.
There are three different types of SSL certificates based on the validation levels: domain validated (DV), organization validation (OV), and extended validation (EV). The one best suited for you will depend on your website and how much security you need.
DV SSL is best for personal project websites and is the least expensive option. It requires the website owner to verify that the domain is registered to the domain owner.
Validates control of a domain
Enables https and the padlock icon in browsers
Issued quickly
Security — Firefox
The Organization (O) and Organization Unit (OU) fields both display “” The Certificate Policies field shows an Object Identifier (OID) value of OID.2.23.140.1.2.1. Refer to Extensions -> validation Type → Certificate Polices from Certificate-Profiles.pdf (digicert.com) to identify the policies for different validation types. The Subject field only contains a Common Name (CN) value with the domain, for example: CN=albinsblog.com.
OV SSL is best for business or nonprofit websites and requires a higher verification level, making it more secure. The SSL certificate issuer verifies the address and location of the owner.
Validates control of the domain
Enables https and the padlock image
Authenticates the legitimacy of an organization, adding a level of trust
Shows organization details in the certificate information
Issued in 1–3 days
The Organization (O) field displays your organization’s name. The Subject field includes information about the organization’s location (L), state (ST), and country(C), in addition to the organization (O) and common name (CN). The Certificate Policies field shows an OID value of OID.2.23.140.1.2.2.
EV SSL is best for e-commerce businesses and businesses exchanging financial data as it offers the most protection. In addition, these certificates provide the highest monetary warranties to any website viewers affected by an SSL failure.
Validates control of the domain
Enables https and the padlock image
Authenticates the legitimacy of an organization, adding a level of trust
Verifies the applicant has the right to request an EV SSL and is in good standing with the organization.
Shows organization details in the certificate information
Issued in 1–5 days
Security — Firefox
The Organization (O) field displays your organization’s name. The Subject field includes details about the organization’s location (L), state (ST), and country(C), the organization (O) and common name (CN), additionally serialNumber, jurisdictionStateOrProvinceName and jurisdictionCountryName The Certificate Policies field shows an OID value of OID.2.23.140.1.1.
The green bar that used to be activated for EV certificates has now been removed from most web browsers; the EV certificate will display the Organization details (as displayed for OV certificates), but no green bar is activated, but still, the EV certificate provides the additional trust.
Validates control of a domain:
Before the certificate authority can issue an SSL certificate, the certificate applicant needs to confirm their domain ownership rights. To give the SSL certificate as a first step, the Domain should be validated by following the methods defined by the Certificate authority. There are multiple validation methods; you should follow the appropriate way to prove the Domain ownership.
Verification Email — receive the verifying email to the email contact specified on the WHOIS record.
DNS CNAME Record — Add a specific CNAME record generated by the CA to the domain zone.
DNS TXT Record — Add a specific TXT record generated by the CA to the domain zone.
HTTP Practical Demonstration — upload the validation file to your host
Type of SSL Certificates:
There are different types of SSL certificates issued
Single Domain — As the name suggests, the single domain SSL certificate is an SSL/TLS certificate that secures only one fully qualified domain name (FQDN) per certificate.
Wildcard SSL Certificates — the Wildcard SSL certificate secures a single domain and corresponding subdomains. The wildcard certificates are specified as *.albinsblog.com, covering albinsblog.com and all its subdomains (e.g., www.albinsblog.com).
Multi-Domain Certificates — Multi-domain SSL certificates are for safeguarding multiple domains. These multi-domain SSL certificates are also commonly known as Subject Alternative Names or SAN. If you have an environment with multiple domains/subdomains, you must buy multi-domain SSL certificates covering all the individual domains/subdomains. Even future domains can be added to the existing multi-domain certificate.
Multi-Domain Wildcard — The multi-domain Wildcard SSL certificate combines the features of both the multi-domain and the Wildcard SSL certificates. In other words, with a single certificate, you can secure multiple domains and all their related subdomains.
CSR (Certificate Signing Request)/Private Key:
A certificate signing request (CSR) is an encoded file containing information about your website, service, organization, and domain name. This information is used by a Certificate Authority (CA) to create an SSL/TLS certificate for your website to encrypt traffic to your site. A certificate CSR also contains your public key and signature, which helps to verify your identity and secure communications to your site.
All TLS certificates require a private key to work. The private key is a separate file used in the encryption/decryption of data sent between your server and the connecting clients. The certificate owner creates a private key when requesting the certificate with a Certificate Signing Request (CSR). The certificate authority (CA) providing your certificate (such as DigiCert) does not create or have your private key. No one outside your administrators should ever be given access to this material. The private key and the generated SSL certificate are configurated on the server to support secure communication.
Generate Private Key/CSR — there are multiple approaches to creating the private key and CSR request; a straightforward way is through OpenSSL.
Create a new OpenSSL configuration file server.csr.cnf so the configuration details can be used while generating the certificate.
This will generate server.csr and server.key (private key) files, request an SSL certificate from CA by sending(using) the CSR file generated.
After receiving the SSL certificate, configure the SSL certificate (need to configure the CAs intermediate and root certificate) along with the private key generated in the earlier steps — the configuration steps vary based on the SSL certificate’s location is installed.
