SlideShare a Scribd company logo
EUROPE'S LEADING AEM DEVELOPER CONFERENCE
28th - 30th SEPTEMBER 2020
Escape the defaults
Configuring Sling to behave like AEM as a Cloud Service
Robert Munteanu, Adobe
Slides revision: 20200827-b88ebd4
1
About me
2
Outline
Why change the defaults?
Separation of content and apps
Principal-based authentication
Pre-authenticating system users
Removing the OSGi installer
Demo
3
Why change the defaults?
4
One size does not fit allOne size does not fit allOne size does not fit allOne size does not fit allOne size does not fit all
Sling does not prescribe how to deploySling does not prescribe how to deploySling does not prescribe how to deploySling does not prescribe how to deploySling does not prescribe how to deploy
configurationsconfigurationsconfigurationsconfigurationsconfigurations
Sling does not prescribe how to deploy codeSling does not prescribe how to deploy codeSling does not prescribe how to deploy codeSling does not prescribe how to deploy codeSling does not prescribe how to deploy code
Sling does not enforce separation of content andSling does not enforce separation of content andSling does not enforce separation of content andSling does not enforce separation of content andSling does not enforce separation of content and
codecodecodecodecode
Sling does not choose a persistence mechansimSling does not choose a persistence mechansimSling does not choose a persistence mechansimSling does not choose a persistence mechansimSling does not choose a persistence mechansim
for youfor youfor youfor youfor you
5
CRX DE Lite is a development toolCRX DE Lite is a development toolCRX DE Lite is a development toolCRX DE Lite is a development toolCRX DE Lite is a development tool
Ask it...Ask it...Ask it...Ask it...Ask it...
 What ACEs are defined for this node?What ACEs are defined for this node?What ACEs are defined for this node?What ACEs are defined for this node?What ACEs are defined for this node?
 What is content structure of the repository?What is content structure of the repository?What is content structure of the repository?What is content structure of the repository?What is content structure of the repository?
But not...But not...But not...But not...But not...
 What revision of the code am I running?What revision of the code am I running?What revision of the code am I running?What revision of the code am I running?What revision of the code am I running?
 Do I have the same code version on allDo I have the same code version on allDo I have the same code version on allDo I have the same code version on allDo I have the same code version on all
instances?instances?instances?instances?instances?
 How can I deploy a quick fix in production?How can I deploy a quick fix in production?How can I deploy a quick fix in production?How can I deploy a quick fix in production?How can I deploy a quick fix in production?
6
Better ways of asking ...
$ kubectl describe deployment sling-starter
Containers:
main:
Image: apache/sling-starter:1.0-cafebafe
$ kubectl apply -f deployments/sling-starter.yaml
$ rpm -q sling-starter
sling-starter-1.0_cafebabe-1.noarch
$ rpm -Uvh sling-start-1.1_sodadude-1.noarch
$ curl http://sling-starter.example.org/version
1.0-cafebabe
7
Prevent mistakes
8
Separation of content and apps
9
The composite node store
Clear separation of code from
content
Enforces read-only status of
code and (mostly) configuration
Allows swapping in a separate
node store (with restart)
10
Generating /libs and /apps
Must be a NodeStore
Must reflect the state of the deployment:
Nodes
Principals
Indexes
Access Control entries
Coming from:
Repoinit
Content Packages
Sling Content Loader
Java code - Bundle Activator, Install Hooks, ... 11
Generating /libs and /appsGenerating /libs and /appsGenerating /libs and /appsGenerating /libs and /appsGenerating /libs and /apps
Start SlingStart SlingStart SlingStart SlingStart Sling
Wait for it to be (System) ReadyWait for it to be (System) ReadyWait for it to be (System) ReadyWait for it to be (System) ReadyWait for it to be (System) Ready
Stop SlingStop SlingStop SlingStop SlingStop Sling
Save the repositorySave the repositorySave the repositorySave the repositorySave the repository
12
Principal-based authentication
13
Resource-based authentication
14
Principal-based authentication
15
Benefits
Easy to inspect access control entries for a given
principal
Access control entries independent of the
existence of their target
Much simpler packaging story in content
packages
16
Usage
FileVault
rep:PrincipalBasedMixin
rep:PrincipalPolicy
rep:PrincipalEntry
Repoinit
create service user sling-readall with path system/sling
set principal ACL for sling-readall
allow jcr:read on /
end
17
Pre-authenticating system users
18
Reminder: loginAdministrative
19
Reminder: service user mappings
// uses bundle name, no subservice, default workspace
slingRepository.loginService(null, null);
// uses bundle name, 'scripts' subservice, default workspace
slingRepository.loginService("scripts", null);
"o.a.s.....ServiceUserMapperImpl.amended~i18n":{
"user.mapping":[
"org.apache.sling.i18n=sling-i18n"
]
},
"o.a.s.....ServiceUserMapperImpl.amended~servletsresolver":{
"user.mapping":[
"o.a.s.servlets.resolver:console=sling-readall",
"o.a.s.servlets.resolver:scripts=sling-scripting"
]
}
20
Duplicated system user privileges
set ACL for sling-mapping
allow jcr:read on /
end
set ACL for sling-i18n
allow jcr:read on /
end
set ACL for sling-jcr-install
allow jcr:read on /
allow rep:write on /apps/sling/install
end
21
Pre-authenticated loginPre-authenticated loginPre-authenticated loginPre-authenticated loginPre-authenticated login
Supply all principals at login in timeSupply all principals at login in timeSupply all principals at login in timeSupply all principals at login in timeSupply all principals at login in time
Faster by skipping authenticationFaster by skipping authenticationFaster by skipping authenticationFaster by skipping authenticationFaster by skipping authentication
Allows mapping a service to multiple usersAllows mapping a service to multiple usersAllows mapping a service to multiple usersAllows mapping a service to multiple usersAllows mapping a service to multiple users
22
Pre-authenticated system users
create service user sling-readall
set ACL for sling-readall
allow jcr:read on /
end
create service user sling-jcr-install
set ACL for sling-jcr-install
allow rep:write on /apps/sling/install
end
"o.a.s.....ServiceUserMapperImpl.amended~i18n":{
"user.mapping":[
"org.apache.sling.i18n=[sling-readall]"
]
}, "o.a.s.....ServiceUserMapperImpl.amended~~jcr-install":{
"user.mapping":[
"o.a.s.installer.provider.jcr=[sling-jcr-install,⏎
sling-readall]"
]
}
23
Removing the OSGi installer
24
The OSGi installer...The OSGi installer...The OSGi installer...The OSGi installer...The OSGi installer...
installsinstallsinstallsinstallsinstalls
bundlesbundlesbundlesbundlesbundles
configurationsconfigurationsconfigurationsconfigurationsconfigurations
content packagescontent packagescontent packagescontent packagescontent packages
fromfromfromfromfrom
filesystemfilesystemfilesystemfilesystemfilesystem
launchpadlaunchpadlaunchpadlaunchpadlaunchpad
JCR repositoryJCR repositoryJCR repositoryJCR repositoryJCR repository
25
The OSGi installer...
is a dynamic component
reconciles application state from multiple
sources
is not needed in a statically defined/immutable
application
... we are buiding immutable applications
26
FM: Installing bundles
{
"bundles":[
{
"id":"org.apache.aries:org.apache.aries.util:1.1.3",
"start-order":"1"
}
]
}
27
FM: Installing configurations
{
"configurations": {
"o.a.s.jcr.davex.impl.servlets.SlingDavExServlet":{
"alias":"/server"
}
}
}
28
FM: Installing content packages
 content packages are by default
forwarded to the OSGi installer
{
"content-packages:ARTIFACTS|true": [
"o.a.s:sling-slingshot-apps-pkg:zip:1.0-SNAPSHOT",
"o.a.s:sling-slingshot-content-pkg:zip:1.0-SNAPSHOT"
]
}
<workspaceFilter version="1.0">
<filter root="/libs/slingshot/config"/>
<filter root="/apps/bundles/install/bundle.jar"/>
</workspaceFilter>
29
Content Package to Feature Model
Handles nested artifacts inside content
packages
OSGi bundles
OSGi configurations
Other content packages
Converts access control configurations
System Users
Access control entries (resource-based)
No support for principal-based access control
entries 30
Conversion result
{
"id":"o.a.s:sling-slingshot-apps-pkg:slingosgifeature:1.0",
"bundles":[
"o.a.s:o.a.s.sample.slingshot:0.9.1"
], "configurations": {
"o.a.s....ServiceUserMapperImpl.amended~slingshot": {
"o.a.s.sample.slingshot=[slingshot-service]"
}
}, "content-packages:ARTIFACTS|true":[
"o.a.s:sling-slingshot-apps-pkg:zip:cp2fm-converted:1.0"
], "repoinit:TEXT|true":[
"create service user slingshot-service"
]
}
31
Alternative Package Registry
o.a.j.vault....FSPackageRegistry
Stores packages in the filesystem
Can be assembled without a JCR repository
Relies on an existing execution plan
Plan prepared by the Sling Content Deployment
Extension
32
Demo
33
Demo recap
Sling Docker image using
the feature model
the composite node store
Docker updates
done with a simple restart
preserving the 'content' part of the repository
Removing the OSGi installer using the content-
package converter
34
Resources
(Sling) Content Package to Feature Model
Converter
(Sling) Content Deployment Extension
(Oak) Composite Node Store
(Oak) Principal-Based Authentication
(Oak) Pre-Authenticated Login
35

More Related Content

What's hot

The internet of (lego) trains
The internet of (lego) trainsThe internet of (lego) trains
The internet of (lego) trains
Grzegorz Duda
 
invokedynamic for Mere Mortals [Code One 2019]
invokedynamic for Mere Mortals [Code One 2019]invokedynamic for Mere Mortals [Code One 2019]
invokedynamic for Mere Mortals [Code One 2019]
David Buck
 
Commcon 2018
Commcon 2018Commcon 2018
Commcon 2018
Jöran Vinzens
 
Python + GDB = Javaデバッガ
Python + GDB = JavaデバッガPython + GDB = Javaデバッガ
Python + GDB = Javaデバッガ
Kenji Kazumura
 
Dockerize it! @ Codemotion 2016 in Rome
Dockerize it! @ Codemotion 2016 in RomeDockerize it! @ Codemotion 2016 in Rome
Dockerize it! @ Codemotion 2016 in Rome
Alessandro Nadalin
 
Zend Framework 2 - Basic Components
Zend Framework 2  - Basic ComponentsZend Framework 2  - Basic Components
Zend Framework 2 - Basic Components
Mateusz Tymek
 
Building Fast, Modern Web Applications with Node.js and CoffeeScript
Building Fast, Modern Web Applications with Node.js and CoffeeScriptBuilding Fast, Modern Web Applications with Node.js and CoffeeScript
Building Fast, Modern Web Applications with Node.js and CoffeeScript
royaldark
 
How Can PVS-Studio Help in the Detection of Vulnerabilities?
How Can PVS-Studio Help in the Detection of Vulnerabilities?How Can PVS-Studio Help in the Detection of Vulnerabilities?
How Can PVS-Studio Help in the Detection of Vulnerabilities?
PVS-Studio
 
OSGi Blueprint Services
OSGi Blueprint ServicesOSGi Blueprint Services
OSGi Blueprint Services
Guillaume Nodet
 
Ane for 9ria_cn
Ane for 9ria_cnAne for 9ria_cn
Ane for 9ria_cn
sonicxs
 
vert.x 소개 및 개발 실습
vert.x 소개 및 개발 실습vert.x 소개 및 개발 실습
vert.x 소개 및 개발 실습
John Kim
 
ssssss
ssssssssssss
ssssss
coderguy
 
Building your first Node app with Connect & Express
Building your first Node app with Connect & ExpressBuilding your first Node app with Connect & Express
Building your first Node app with Connect & Express
Christian Joudrey
 
Improving app performance with Kotlin Coroutines
Improving app performance with Kotlin CoroutinesImproving app performance with Kotlin Coroutines
Improving app performance with Kotlin Coroutines
Hassan Abid
 
OSGi Presentation
OSGi PresentationOSGi Presentation
OSGi Presentation
Michal Malohlava
 
JDK Mission Control: Where We Are, Where We Are Going [Code One 2019]
JDK Mission Control: Where We Are, Where We Are Going [Code One 2019]JDK Mission Control: Where We Are, Where We Are Going [Code One 2019]
JDK Mission Control: Where We Are, Where We Are Going [Code One 2019]
David Buck
 
Nashorn : JavaScript Running on Java VM (Japanese)
Nashorn : JavaScript Running on Java VM (Japanese)Nashorn : JavaScript Running on Java VM (Japanese)
Nashorn : JavaScript Running on Java VM (Japanese)
Logico
 
CSI (Crash Scene Investigation) HotSpot: Common JVM Crash Causes and Solution...
CSI (Crash Scene Investigation) HotSpot: Common JVM Crash Causes and Solution...CSI (Crash Scene Investigation) HotSpot: Common JVM Crash Causes and Solution...
CSI (Crash Scene Investigation) HotSpot: Common JVM Crash Causes and Solution...
David Buck
 
Iz Pack
Iz PackIz Pack
Iz Pack
Inria
 

What's hot (19)

The internet of (lego) trains
The internet of (lego) trainsThe internet of (lego) trains
The internet of (lego) trains
 
invokedynamic for Mere Mortals [Code One 2019]
invokedynamic for Mere Mortals [Code One 2019]invokedynamic for Mere Mortals [Code One 2019]
invokedynamic for Mere Mortals [Code One 2019]
 
Commcon 2018
Commcon 2018Commcon 2018
Commcon 2018
 
Python + GDB = Javaデバッガ
Python + GDB = JavaデバッガPython + GDB = Javaデバッガ
Python + GDB = Javaデバッガ
 
Dockerize it! @ Codemotion 2016 in Rome
Dockerize it! @ Codemotion 2016 in RomeDockerize it! @ Codemotion 2016 in Rome
Dockerize it! @ Codemotion 2016 in Rome
 
Zend Framework 2 - Basic Components
Zend Framework 2  - Basic ComponentsZend Framework 2  - Basic Components
Zend Framework 2 - Basic Components
 
Building Fast, Modern Web Applications with Node.js and CoffeeScript
Building Fast, Modern Web Applications with Node.js and CoffeeScriptBuilding Fast, Modern Web Applications with Node.js and CoffeeScript
Building Fast, Modern Web Applications with Node.js and CoffeeScript
 
How Can PVS-Studio Help in the Detection of Vulnerabilities?
How Can PVS-Studio Help in the Detection of Vulnerabilities?How Can PVS-Studio Help in the Detection of Vulnerabilities?
How Can PVS-Studio Help in the Detection of Vulnerabilities?
 
OSGi Blueprint Services
OSGi Blueprint ServicesOSGi Blueprint Services
OSGi Blueprint Services
 
Ane for 9ria_cn
Ane for 9ria_cnAne for 9ria_cn
Ane for 9ria_cn
 
vert.x 소개 및 개발 실습
vert.x 소개 및 개발 실습vert.x 소개 및 개발 실습
vert.x 소개 및 개발 실습
 
ssssss
ssssssssssss
ssssss
 
Building your first Node app with Connect & Express
Building your first Node app with Connect & ExpressBuilding your first Node app with Connect & Express
Building your first Node app with Connect & Express
 
Improving app performance with Kotlin Coroutines
Improving app performance with Kotlin CoroutinesImproving app performance with Kotlin Coroutines
Improving app performance with Kotlin Coroutines
 
OSGi Presentation
OSGi PresentationOSGi Presentation
OSGi Presentation
 
JDK Mission Control: Where We Are, Where We Are Going [Code One 2019]
JDK Mission Control: Where We Are, Where We Are Going [Code One 2019]JDK Mission Control: Where We Are, Where We Are Going [Code One 2019]
JDK Mission Control: Where We Are, Where We Are Going [Code One 2019]
 
Nashorn : JavaScript Running on Java VM (Japanese)
Nashorn : JavaScript Running on Java VM (Japanese)Nashorn : JavaScript Running on Java VM (Japanese)
Nashorn : JavaScript Running on Java VM (Japanese)
 
CSI (Crash Scene Investigation) HotSpot: Common JVM Crash Causes and Solution...
CSI (Crash Scene Investigation) HotSpot: Common JVM Crash Causes and Solution...CSI (Crash Scene Investigation) HotSpot: Common JVM Crash Causes and Solution...
CSI (Crash Scene Investigation) HotSpot: Common JVM Crash Causes and Solution...
 
Iz Pack
Iz PackIz Pack
Iz Pack
 

Similar to Escape the defaults - Configure Sling like AEM as a Cloud Service

Cloud-powered Continuous Integration and Deployment architectures - Jinesh Varia
Cloud-powered Continuous Integration and Deployment architectures - Jinesh VariaCloud-powered Continuous Integration and Deployment architectures - Jinesh Varia
Cloud-powered Continuous Integration and Deployment architectures - Jinesh Varia
Amazon Web Services
 
Introduction To Eclipse RCP
Introduction To Eclipse RCPIntroduction To Eclipse RCP
Introduction To Eclipse RCP
whbath
 
Operational Visibiliy and Analytics - BU Seminar
Operational Visibiliy and Analytics - BU SeminarOperational Visibiliy and Analytics - BU Seminar
Operational Visibiliy and Analytics - BU Seminar
Canturk Isci
 
Pragmatic Pipeline Security
Pragmatic Pipeline SecurityPragmatic Pipeline Security
Pragmatic Pipeline Security
James Wickett
 
20160221 va interconnect_pub
20160221 va interconnect_pub20160221 va interconnect_pub
20160221 va interconnect_pub
Canturk Isci
 
Sviluppo di architetture orientate ai servizi con EclipseSOA
Sviluppo di architetture orientate ai servizi con EclipseSOA Sviluppo di architetture orientate ai servizi con EclipseSOA
Sviluppo di architetture orientate ai servizi con EclipseSOA
Alberto Lagna
 
The DevOps paradigm - the evolution of IT professionals and opensource toolkit
The DevOps paradigm - the evolution of IT professionals and opensource toolkitThe DevOps paradigm - the evolution of IT professionals and opensource toolkit
The DevOps paradigm - the evolution of IT professionals and opensource toolkit
Marco Ferrigno
 
The DevOps Paradigm
The DevOps ParadigmThe DevOps Paradigm
The DevOps Paradigm
NaLUG
 
How to put 10lbs of functionality into a 5lb package.
How to put 10lbs of functionality into a 5lb package.How to put 10lbs of functionality into a 5lb package.
How to put 10lbs of functionality into a 5lb package.
Marc Karasek
 
Learn you some Ansible for great good!
Learn you some Ansible for great good!Learn you some Ansible for great good!
Learn you some Ansible for great good!
David Lapsley
 
Pentesting iOS Apps
Pentesting iOS AppsPentesting iOS Apps
Pentesting iOS Apps
Herman Duarte
 
Maxim Salnikov - Service Worker: taking the best from the past experience for...
Maxim Salnikov - Service Worker: taking the best from the past experience for...Maxim Salnikov - Service Worker: taking the best from the past experience for...
Maxim Salnikov - Service Worker: taking the best from the past experience for...
Codemotion
 
System Hardening Using Ansible
System Hardening Using AnsibleSystem Hardening Using Ansible
System Hardening Using Ansible
Sonatype
 
PHP Con09: SVN Advanced
PHP Con09: SVN AdvancedPHP Con09: SVN Advanced
PHP Con09: SVN Advanced
Emiliano Gabrielli
 
Serverless in production (O'Reilly Software Architecture)
Serverless in production (O'Reilly Software Architecture)Serverless in production (O'Reilly Software Architecture)
Serverless in production (O'Reilly Software Architecture)
Yan Cui
 
Azure from scratch part 4
Azure from scratch part 4Azure from scratch part 4
Azure from scratch part 4
Girish Kalamati
 
Marcin Szałowicz - MySQL Workbench
Marcin Szałowicz - MySQL WorkbenchMarcin Szałowicz - MySQL Workbench
Marcin Szałowicz - MySQL Workbench
Women in Technology Poland
 
Linux Assignment 3
Linux Assignment 3Linux Assignment 3
Linux Assignment 3
Diane Allen
 
The Ember.js Framework - Everything You Need To Know
The Ember.js Framework - Everything You Need To KnowThe Ember.js Framework - Everything You Need To Know
The Ember.js Framework - Everything You Need To Know
All Things Open
 
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...
Anthony Dahanne
 

Similar to Escape the defaults - Configure Sling like AEM as a Cloud Service (20)

Cloud-powered Continuous Integration and Deployment architectures - Jinesh Varia
Cloud-powered Continuous Integration and Deployment architectures - Jinesh VariaCloud-powered Continuous Integration and Deployment architectures - Jinesh Varia
Cloud-powered Continuous Integration and Deployment architectures - Jinesh Varia
 
Introduction To Eclipse RCP
Introduction To Eclipse RCPIntroduction To Eclipse RCP
Introduction To Eclipse RCP
 
Operational Visibiliy and Analytics - BU Seminar
Operational Visibiliy and Analytics - BU SeminarOperational Visibiliy and Analytics - BU Seminar
Operational Visibiliy and Analytics - BU Seminar
 
Pragmatic Pipeline Security
Pragmatic Pipeline SecurityPragmatic Pipeline Security
Pragmatic Pipeline Security
 
20160221 va interconnect_pub
20160221 va interconnect_pub20160221 va interconnect_pub
20160221 va interconnect_pub
 
Sviluppo di architetture orientate ai servizi con EclipseSOA
Sviluppo di architetture orientate ai servizi con EclipseSOA Sviluppo di architetture orientate ai servizi con EclipseSOA
Sviluppo di architetture orientate ai servizi con EclipseSOA
 
The DevOps paradigm - the evolution of IT professionals and opensource toolkit
The DevOps paradigm - the evolution of IT professionals and opensource toolkitThe DevOps paradigm - the evolution of IT professionals and opensource toolkit
The DevOps paradigm - the evolution of IT professionals and opensource toolkit
 
The DevOps Paradigm
The DevOps ParadigmThe DevOps Paradigm
The DevOps Paradigm
 
How to put 10lbs of functionality into a 5lb package.
How to put 10lbs of functionality into a 5lb package.How to put 10lbs of functionality into a 5lb package.
How to put 10lbs of functionality into a 5lb package.
 
Learn you some Ansible for great good!
Learn you some Ansible for great good!Learn you some Ansible for great good!
Learn you some Ansible for great good!
 
Pentesting iOS Apps
Pentesting iOS AppsPentesting iOS Apps
Pentesting iOS Apps
 
Maxim Salnikov - Service Worker: taking the best from the past experience for...
Maxim Salnikov - Service Worker: taking the best from the past experience for...Maxim Salnikov - Service Worker: taking the best from the past experience for...
Maxim Salnikov - Service Worker: taking the best from the past experience for...
 
System Hardening Using Ansible
System Hardening Using AnsibleSystem Hardening Using Ansible
System Hardening Using Ansible
 
PHP Con09: SVN Advanced
PHP Con09: SVN AdvancedPHP Con09: SVN Advanced
PHP Con09: SVN Advanced
 
Serverless in production (O'Reilly Software Architecture)
Serverless in production (O'Reilly Software Architecture)Serverless in production (O'Reilly Software Architecture)
Serverless in production (O'Reilly Software Architecture)
 
Azure from scratch part 4
Azure from scratch part 4Azure from scratch part 4
Azure from scratch part 4
 
Marcin Szałowicz - MySQL Workbench
Marcin Szałowicz - MySQL WorkbenchMarcin Szałowicz - MySQL Workbench
Marcin Szałowicz - MySQL Workbench
 
Linux Assignment 3
Linux Assignment 3Linux Assignment 3
Linux Assignment 3
 
The Ember.js Framework - Everything You Need To Know
The Ember.js Framework - Everything You Need To KnowThe Ember.js Framework - Everything You Need To Know
The Ember.js Framework - Everything You Need To Know
 
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...
 

More from Robert Munteanu

Secure by Default Web Applications
Secure by Default Web ApplicationsSecure by Default Web Applications
Secure by Default Web Applications
Robert Munteanu
 
Sling Applications - A DevOps perspective
Sling Applications - A DevOps perspectiveSling Applications - A DevOps perspective
Sling Applications - A DevOps perspective
Robert Munteanu
 
Will it blend? Java agents and OSGi
Will it blend? Java agents and OSGiWill it blend? Java agents and OSGi
Will it blend? Java agents and OSGi
Robert Munteanu
 
Crash course in Kubernetes monitoring
Crash course in Kubernetes monitoringCrash course in Kubernetes monitoring
Crash course in Kubernetes monitoring
Robert Munteanu
 
Java agents for fun and (not so much) profit
Java agents for fun and (not so much) profitJava agents for fun and (not so much) profit
Java agents for fun and (not so much) profit
Robert Munteanu
 
Will it blend? Java agents and OSGi
Will it blend? Java agents and OSGiWill it blend? Java agents and OSGi
Will it blend? Java agents and OSGi
Robert Munteanu
 
Cloud-native legacy applications
Cloud-native legacy applicationsCloud-native legacy applications
Cloud-native legacy applications
Robert Munteanu
 
Cloud-Native Sling
Cloud-Native SlingCloud-Native Sling
Cloud-Native Sling
Robert Munteanu
 
From Monolith to Modules - breaking apart a one size fits all product into mo...
From Monolith to Modules - breaking apart a one size fits all product into mo...From Monolith to Modules - breaking apart a one size fits all product into mo...
From Monolith to Modules - breaking apart a one size fits all product into mo...
Robert Munteanu
 
What's new in the Sling developer tooling?
What's new in the Sling developer tooling?What's new in the Sling developer tooling?
What's new in the Sling developer tooling?
Robert Munteanu
 
Scaling up development of a modular code base
Scaling up development of a modular code baseScaling up development of a modular code base
Scaling up development of a modular code base
Robert Munteanu
 
Scaling up development of a modular code base
Scaling up development of a modular code baseScaling up development of a modular code base
Scaling up development of a modular code base
Robert Munteanu
 
Scaling up development of a modular code base
Scaling up development of a modular code baseScaling up development of a modular code base
Scaling up development of a modular code base
Robert Munteanu
 
Zero downtime deployments for Sling application using Docker
Zero downtime deployments for Sling application using DockerZero downtime deployments for Sling application using Docker
Zero downtime deployments for Sling application using Docker
Robert Munteanu
 
Scaling up development of a modular code base
Scaling up development of a modular code baseScaling up development of a modular code base
Scaling up development of a modular code base
Robert Munteanu
 
Do you really want to go fully micro?
Do you really want to go fully micro?Do you really want to go fully micro?
Do you really want to go fully micro?
Robert Munteanu
 
Effective web application development with Apache Sling
Effective web application development with Apache SlingEffective web application development with Apache Sling
Effective web application development with Apache Sling
Robert Munteanu
 
Of microservices and microservices
Of microservices and microservicesOf microservices and microservices
Of microservices and microservices
Robert Munteanu
 
Slide IDE Tooling (adaptTo 2016)
Slide IDE Tooling (adaptTo 2016)Slide IDE Tooling (adaptTo 2016)
Slide IDE Tooling (adaptTo 2016)
Robert Munteanu
 
Secure by Default Web Applications with Apache Sling
Secure by Default Web Applications with Apache SlingSecure by Default Web Applications with Apache Sling
Secure by Default Web Applications with Apache Sling
Robert Munteanu
 

More from Robert Munteanu (20)

Secure by Default Web Applications
Secure by Default Web ApplicationsSecure by Default Web Applications
Secure by Default Web Applications
 
Sling Applications - A DevOps perspective
Sling Applications - A DevOps perspectiveSling Applications - A DevOps perspective
Sling Applications - A DevOps perspective
 
Will it blend? Java agents and OSGi
Will it blend? Java agents and OSGiWill it blend? Java agents and OSGi
Will it blend? Java agents and OSGi
 
Crash course in Kubernetes monitoring
Crash course in Kubernetes monitoringCrash course in Kubernetes monitoring
Crash course in Kubernetes monitoring
 
Java agents for fun and (not so much) profit
Java agents for fun and (not so much) profitJava agents for fun and (not so much) profit
Java agents for fun and (not so much) profit
 
Will it blend? Java agents and OSGi
Will it blend? Java agents and OSGiWill it blend? Java agents and OSGi
Will it blend? Java agents and OSGi
 
Cloud-native legacy applications
Cloud-native legacy applicationsCloud-native legacy applications
Cloud-native legacy applications
 
Cloud-Native Sling
Cloud-Native SlingCloud-Native Sling
Cloud-Native Sling
 
From Monolith to Modules - breaking apart a one size fits all product into mo...
From Monolith to Modules - breaking apart a one size fits all product into mo...From Monolith to Modules - breaking apart a one size fits all product into mo...
From Monolith to Modules - breaking apart a one size fits all product into mo...
 
What's new in the Sling developer tooling?
What's new in the Sling developer tooling?What's new in the Sling developer tooling?
What's new in the Sling developer tooling?
 
Scaling up development of a modular code base
Scaling up development of a modular code baseScaling up development of a modular code base
Scaling up development of a modular code base
 
Scaling up development of a modular code base
Scaling up development of a modular code baseScaling up development of a modular code base
Scaling up development of a modular code base
 
Scaling up development of a modular code base
Scaling up development of a modular code baseScaling up development of a modular code base
Scaling up development of a modular code base
 
Zero downtime deployments for Sling application using Docker
Zero downtime deployments for Sling application using DockerZero downtime deployments for Sling application using Docker
Zero downtime deployments for Sling application using Docker
 
Scaling up development of a modular code base
Scaling up development of a modular code baseScaling up development of a modular code base
Scaling up development of a modular code base
 
Do you really want to go fully micro?
Do you really want to go fully micro?Do you really want to go fully micro?
Do you really want to go fully micro?
 
Effective web application development with Apache Sling
Effective web application development with Apache SlingEffective web application development with Apache Sling
Effective web application development with Apache Sling
 
Of microservices and microservices
Of microservices and microservicesOf microservices and microservices
Of microservices and microservices
 
Slide IDE Tooling (adaptTo 2016)
Slide IDE Tooling (adaptTo 2016)Slide IDE Tooling (adaptTo 2016)
Slide IDE Tooling (adaptTo 2016)
 
Secure by Default Web Applications with Apache Sling
Secure by Default Web Applications with Apache SlingSecure by Default Web Applications with Apache Sling
Secure by Default Web Applications with Apache Sling
 

Recently uploaded

Building API data products on top of your real-time data infrastructure
Building API data products on top of your real-time data infrastructureBuilding API data products on top of your real-time data infrastructure
Building API data products on top of your real-time data infrastructure
confluent
 
Going AOT: Everything you need to know about GraalVM for Java applications
Going AOT: Everything you need to know about GraalVM for Java applicationsGoing AOT: Everything you need to know about GraalVM for Java applications
Going AOT: Everything you need to know about GraalVM for Java applications
Alina Yurenko
 
一比一原版(sdsu毕业证书)圣地亚哥州立大学毕业证如何办理
一比一原版(sdsu毕业证书)圣地亚哥州立大学毕业证如何办理一比一原版(sdsu毕业证书)圣地亚哥州立大学毕业证如何办理
一比一原版(sdsu毕业证书)圣地亚哥州立大学毕业证如何办理
kgyxske
 
The Power of Visual Regression Testing_ Why It Is Critical for Enterprise App...
The Power of Visual Regression Testing_ Why It Is Critical for Enterprise App...The Power of Visual Regression Testing_ Why It Is Critical for Enterprise App...
The Power of Visual Regression Testing_ Why It Is Critical for Enterprise App...
kalichargn70th171
 
Alluxio Webinar | 10x Faster Trino Queries on Your Data Platform
Alluxio Webinar | 10x Faster Trino Queries on Your Data PlatformAlluxio Webinar | 10x Faster Trino Queries on Your Data Platform
Alluxio Webinar | 10x Faster Trino Queries on Your Data Platform
Alluxio, Inc.
 
Upturn India Technologies - Web development company in Nashik
Upturn India Technologies - Web development company in NashikUpturn India Technologies - Web development company in Nashik
Upturn India Technologies - Web development company in Nashik
Upturn India Technologies
 
Unlock the Secrets to Effortless Video Creation with Invideo: Your Ultimate G...
Unlock the Secrets to Effortless Video Creation with Invideo: Your Ultimate G...Unlock the Secrets to Effortless Video Creation with Invideo: Your Ultimate G...
Unlock the Secrets to Effortless Video Creation with Invideo: Your Ultimate G...
The Third Creative Media
 
WWDC 2024 Keynote Review: For CocoaCoders Austin
WWDC 2024 Keynote Review: For CocoaCoders AustinWWDC 2024 Keynote Review: For CocoaCoders Austin
WWDC 2024 Keynote Review: For CocoaCoders Austin
Patrick Weigel
 
How Can Hiring A Mobile App Development Company Help Your Business Grow?
How Can Hiring A Mobile App Development Company Help Your Business Grow?How Can Hiring A Mobile App Development Company Help Your Business Grow?
How Can Hiring A Mobile App Development Company Help Your Business Grow?
ToXSL Technologies
 
Operational ease MuleSoft and Salesforce Service Cloud Solution v1.0.pptx
Operational ease MuleSoft and Salesforce Service Cloud Solution v1.0.pptxOperational ease MuleSoft and Salesforce Service Cloud Solution v1.0.pptx
Operational ease MuleSoft and Salesforce Service Cloud Solution v1.0.pptx
sandeepmenon62
 
A Comprehensive Guide on Implementing Real-World Mobile Testing Strategies fo...
A Comprehensive Guide on Implementing Real-World Mobile Testing Strategies fo...A Comprehensive Guide on Implementing Real-World Mobile Testing Strategies fo...
A Comprehensive Guide on Implementing Real-World Mobile Testing Strategies fo...
kalichargn70th171
 
WMF 2024 - Unlocking the Future of Data Powering Next-Gen AI with Vector Data...
WMF 2024 - Unlocking the Future of Data Powering Next-Gen AI with Vector Data...WMF 2024 - Unlocking the Future of Data Powering Next-Gen AI with Vector Data...
WMF 2024 - Unlocking the Future of Data Powering Next-Gen AI with Vector Data...
Luigi Fugaro
 
The Comprehensive Guide to Validating Audio-Visual Performances.pdf
The Comprehensive Guide to Validating Audio-Visual Performances.pdfThe Comprehensive Guide to Validating Audio-Visual Performances.pdf
The Comprehensive Guide to Validating Audio-Visual Performances.pdf
kalichargn70th171
 
J-Spring 2024 - Going serverless with Quarkus, GraalVM native images and AWS ...
J-Spring 2024 - Going serverless with Quarkus, GraalVM native images and AWS ...J-Spring 2024 - Going serverless with Quarkus, GraalVM native images and AWS ...
J-Spring 2024 - Going serverless with Quarkus, GraalVM native images and AWS ...
Bert Jan Schrijver
 
How GenAI Can Improve Supplier Performance Management.pdf
How GenAI Can Improve Supplier Performance Management.pdfHow GenAI Can Improve Supplier Performance Management.pdf
How GenAI Can Improve Supplier Performance Management.pdf
Zycus
 
14 th Edition of International conference on computer vision
14 th Edition of International conference on computer vision14 th Edition of International conference on computer vision
14 th Edition of International conference on computer vision
ShulagnaSarkar2
 
Manyata Tech Park Bangalore_ Infrastructure, Facilities and More
Manyata Tech Park Bangalore_ Infrastructure, Facilities and MoreManyata Tech Park Bangalore_ Infrastructure, Facilities and More
Manyata Tech Park Bangalore_ Infrastructure, Facilities and More
narinav14
 
All you need to know about Spring Boot and GraalVM
All you need to know about Spring Boot and GraalVMAll you need to know about Spring Boot and GraalVM
All you need to know about Spring Boot and GraalVM
Alina Yurenko
 
Migration From CH 1.0 to CH 2.0 and Mule 4.6 & Java 17 Upgrade.pptx
Migration From CH 1.0 to CH 2.0 and  Mule 4.6 & Java 17 Upgrade.pptxMigration From CH 1.0 to CH 2.0 and  Mule 4.6 & Java 17 Upgrade.pptx
Migration From CH 1.0 to CH 2.0 and Mule 4.6 & Java 17 Upgrade.pptx
ervikas4
 
TMU毕业证书精仿办理
TMU毕业证书精仿办理TMU毕业证书精仿办理
TMU毕业证书精仿办理
aeeva
 

Recently uploaded (20)

Building API data products on top of your real-time data infrastructure
Building API data products on top of your real-time data infrastructureBuilding API data products on top of your real-time data infrastructure
Building API data products on top of your real-time data infrastructure
 
Going AOT: Everything you need to know about GraalVM for Java applications
Going AOT: Everything you need to know about GraalVM for Java applicationsGoing AOT: Everything you need to know about GraalVM for Java applications
Going AOT: Everything you need to know about GraalVM for Java applications
 
一比一原版(sdsu毕业证书)圣地亚哥州立大学毕业证如何办理
一比一原版(sdsu毕业证书)圣地亚哥州立大学毕业证如何办理一比一原版(sdsu毕业证书)圣地亚哥州立大学毕业证如何办理
一比一原版(sdsu毕业证书)圣地亚哥州立大学毕业证如何办理
 
The Power of Visual Regression Testing_ Why It Is Critical for Enterprise App...
The Power of Visual Regression Testing_ Why It Is Critical for Enterprise App...The Power of Visual Regression Testing_ Why It Is Critical for Enterprise App...
The Power of Visual Regression Testing_ Why It Is Critical for Enterprise App...
 
Alluxio Webinar | 10x Faster Trino Queries on Your Data Platform
Alluxio Webinar | 10x Faster Trino Queries on Your Data PlatformAlluxio Webinar | 10x Faster Trino Queries on Your Data Platform
Alluxio Webinar | 10x Faster Trino Queries on Your Data Platform
 
Upturn India Technologies - Web development company in Nashik
Upturn India Technologies - Web development company in NashikUpturn India Technologies - Web development company in Nashik
Upturn India Technologies - Web development company in Nashik
 
Unlock the Secrets to Effortless Video Creation with Invideo: Your Ultimate G...
Unlock the Secrets to Effortless Video Creation with Invideo: Your Ultimate G...Unlock the Secrets to Effortless Video Creation with Invideo: Your Ultimate G...
Unlock the Secrets to Effortless Video Creation with Invideo: Your Ultimate G...
 
WWDC 2024 Keynote Review: For CocoaCoders Austin
WWDC 2024 Keynote Review: For CocoaCoders AustinWWDC 2024 Keynote Review: For CocoaCoders Austin
WWDC 2024 Keynote Review: For CocoaCoders Austin
 
How Can Hiring A Mobile App Development Company Help Your Business Grow?
How Can Hiring A Mobile App Development Company Help Your Business Grow?How Can Hiring A Mobile App Development Company Help Your Business Grow?
How Can Hiring A Mobile App Development Company Help Your Business Grow?
 
Operational ease MuleSoft and Salesforce Service Cloud Solution v1.0.pptx
Operational ease MuleSoft and Salesforce Service Cloud Solution v1.0.pptxOperational ease MuleSoft and Salesforce Service Cloud Solution v1.0.pptx
Operational ease MuleSoft and Salesforce Service Cloud Solution v1.0.pptx
 
A Comprehensive Guide on Implementing Real-World Mobile Testing Strategies fo...
A Comprehensive Guide on Implementing Real-World Mobile Testing Strategies fo...A Comprehensive Guide on Implementing Real-World Mobile Testing Strategies fo...
A Comprehensive Guide on Implementing Real-World Mobile Testing Strategies fo...
 
WMF 2024 - Unlocking the Future of Data Powering Next-Gen AI with Vector Data...
WMF 2024 - Unlocking the Future of Data Powering Next-Gen AI with Vector Data...WMF 2024 - Unlocking the Future of Data Powering Next-Gen AI with Vector Data...
WMF 2024 - Unlocking the Future of Data Powering Next-Gen AI with Vector Data...
 
The Comprehensive Guide to Validating Audio-Visual Performances.pdf
The Comprehensive Guide to Validating Audio-Visual Performances.pdfThe Comprehensive Guide to Validating Audio-Visual Performances.pdf
The Comprehensive Guide to Validating Audio-Visual Performances.pdf
 
J-Spring 2024 - Going serverless with Quarkus, GraalVM native images and AWS ...
J-Spring 2024 - Going serverless with Quarkus, GraalVM native images and AWS ...J-Spring 2024 - Going serverless with Quarkus, GraalVM native images and AWS ...
J-Spring 2024 - Going serverless with Quarkus, GraalVM native images and AWS ...
 
How GenAI Can Improve Supplier Performance Management.pdf
How GenAI Can Improve Supplier Performance Management.pdfHow GenAI Can Improve Supplier Performance Management.pdf
How GenAI Can Improve Supplier Performance Management.pdf
 
14 th Edition of International conference on computer vision
14 th Edition of International conference on computer vision14 th Edition of International conference on computer vision
14 th Edition of International conference on computer vision
 
Manyata Tech Park Bangalore_ Infrastructure, Facilities and More
Manyata Tech Park Bangalore_ Infrastructure, Facilities and MoreManyata Tech Park Bangalore_ Infrastructure, Facilities and More
Manyata Tech Park Bangalore_ Infrastructure, Facilities and More
 
All you need to know about Spring Boot and GraalVM
All you need to know about Spring Boot and GraalVMAll you need to know about Spring Boot and GraalVM
All you need to know about Spring Boot and GraalVM
 
Migration From CH 1.0 to CH 2.0 and Mule 4.6 & Java 17 Upgrade.pptx
Migration From CH 1.0 to CH 2.0 and  Mule 4.6 & Java 17 Upgrade.pptxMigration From CH 1.0 to CH 2.0 and  Mule 4.6 & Java 17 Upgrade.pptx
Migration From CH 1.0 to CH 2.0 and Mule 4.6 & Java 17 Upgrade.pptx
 
TMU毕业证书精仿办理
TMU毕业证书精仿办理TMU毕业证书精仿办理
TMU毕业证书精仿办理
 

Escape the defaults - Configure Sling like AEM as a Cloud Service

  • 1. EUROPE'S LEADING AEM DEVELOPER CONFERENCE 28th - 30th SEPTEMBER 2020 Escape the defaults Configuring Sling to behave like AEM as a Cloud Service Robert Munteanu, Adobe Slides revision: 20200827-b88ebd4 1
  • 3. Outline Why change the defaults? Separation of content and apps Principal-based authentication Pre-authenticating system users Removing the OSGi installer Demo 3
  • 4. Why change the defaults? 4
  • 5. One size does not fit allOne size does not fit allOne size does not fit allOne size does not fit allOne size does not fit all Sling does not prescribe how to deploySling does not prescribe how to deploySling does not prescribe how to deploySling does not prescribe how to deploySling does not prescribe how to deploy configurationsconfigurationsconfigurationsconfigurationsconfigurations Sling does not prescribe how to deploy codeSling does not prescribe how to deploy codeSling does not prescribe how to deploy codeSling does not prescribe how to deploy codeSling does not prescribe how to deploy code Sling does not enforce separation of content andSling does not enforce separation of content andSling does not enforce separation of content andSling does not enforce separation of content andSling does not enforce separation of content and codecodecodecodecode Sling does not choose a persistence mechansimSling does not choose a persistence mechansimSling does not choose a persistence mechansimSling does not choose a persistence mechansimSling does not choose a persistence mechansim for youfor youfor youfor youfor you 5
  • 6. CRX DE Lite is a development toolCRX DE Lite is a development toolCRX DE Lite is a development toolCRX DE Lite is a development toolCRX DE Lite is a development tool Ask it...Ask it...Ask it...Ask it...Ask it...  What ACEs are defined for this node?What ACEs are defined for this node?What ACEs are defined for this node?What ACEs are defined for this node?What ACEs are defined for this node?  What is content structure of the repository?What is content structure of the repository?What is content structure of the repository?What is content structure of the repository?What is content structure of the repository? But not...But not...But not...But not...But not...  What revision of the code am I running?What revision of the code am I running?What revision of the code am I running?What revision of the code am I running?What revision of the code am I running?  Do I have the same code version on allDo I have the same code version on allDo I have the same code version on allDo I have the same code version on allDo I have the same code version on all instances?instances?instances?instances?instances?  How can I deploy a quick fix in production?How can I deploy a quick fix in production?How can I deploy a quick fix in production?How can I deploy a quick fix in production?How can I deploy a quick fix in production? 6
  • 7. Better ways of asking ... $ kubectl describe deployment sling-starter Containers: main: Image: apache/sling-starter:1.0-cafebafe $ kubectl apply -f deployments/sling-starter.yaml $ rpm -q sling-starter sling-starter-1.0_cafebabe-1.noarch $ rpm -Uvh sling-start-1.1_sodadude-1.noarch $ curl http://sling-starter.example.org/version 1.0-cafebabe 7
  • 10. The composite node store Clear separation of code from content Enforces read-only status of code and (mostly) configuration Allows swapping in a separate node store (with restart) 10
  • 11. Generating /libs and /apps Must be a NodeStore Must reflect the state of the deployment: Nodes Principals Indexes Access Control entries Coming from: Repoinit Content Packages Sling Content Loader Java code - Bundle Activator, Install Hooks, ... 11
  • 12. Generating /libs and /appsGenerating /libs and /appsGenerating /libs and /appsGenerating /libs and /appsGenerating /libs and /apps Start SlingStart SlingStart SlingStart SlingStart Sling Wait for it to be (System) ReadyWait for it to be (System) ReadyWait for it to be (System) ReadyWait for it to be (System) ReadyWait for it to be (System) Ready Stop SlingStop SlingStop SlingStop SlingStop Sling Save the repositorySave the repositorySave the repositorySave the repositorySave the repository 12
  • 16. Benefits Easy to inspect access control entries for a given principal Access control entries independent of the existence of their target Much simpler packaging story in content packages 16
  • 17. Usage FileVault rep:PrincipalBasedMixin rep:PrincipalPolicy rep:PrincipalEntry Repoinit create service user sling-readall with path system/sling set principal ACL for sling-readall allow jcr:read on / end 17
  • 20. Reminder: service user mappings // uses bundle name, no subservice, default workspace slingRepository.loginService(null, null); // uses bundle name, 'scripts' subservice, default workspace slingRepository.loginService("scripts", null); "o.a.s.....ServiceUserMapperImpl.amended~i18n":{ "user.mapping":[ "org.apache.sling.i18n=sling-i18n" ] }, "o.a.s.....ServiceUserMapperImpl.amended~servletsresolver":{ "user.mapping":[ "o.a.s.servlets.resolver:console=sling-readall", "o.a.s.servlets.resolver:scripts=sling-scripting" ] } 20
  • 21. Duplicated system user privileges set ACL for sling-mapping allow jcr:read on / end set ACL for sling-i18n allow jcr:read on / end set ACL for sling-jcr-install allow jcr:read on / allow rep:write on /apps/sling/install end 21
  • 22. Pre-authenticated loginPre-authenticated loginPre-authenticated loginPre-authenticated loginPre-authenticated login Supply all principals at login in timeSupply all principals at login in timeSupply all principals at login in timeSupply all principals at login in timeSupply all principals at login in time Faster by skipping authenticationFaster by skipping authenticationFaster by skipping authenticationFaster by skipping authenticationFaster by skipping authentication Allows mapping a service to multiple usersAllows mapping a service to multiple usersAllows mapping a service to multiple usersAllows mapping a service to multiple usersAllows mapping a service to multiple users 22
  • 23. Pre-authenticated system users create service user sling-readall set ACL for sling-readall allow jcr:read on / end create service user sling-jcr-install set ACL for sling-jcr-install allow rep:write on /apps/sling/install end "o.a.s.....ServiceUserMapperImpl.amended~i18n":{ "user.mapping":[ "org.apache.sling.i18n=[sling-readall]" ] }, "o.a.s.....ServiceUserMapperImpl.amended~~jcr-install":{ "user.mapping":[ "o.a.s.installer.provider.jcr=[sling-jcr-install,⏎ sling-readall]" ] } 23
  • 24. Removing the OSGi installer 24
  • 25. The OSGi installer...The OSGi installer...The OSGi installer...The OSGi installer...The OSGi installer... installsinstallsinstallsinstallsinstalls bundlesbundlesbundlesbundlesbundles configurationsconfigurationsconfigurationsconfigurationsconfigurations content packagescontent packagescontent packagescontent packagescontent packages fromfromfromfromfrom filesystemfilesystemfilesystemfilesystemfilesystem launchpadlaunchpadlaunchpadlaunchpadlaunchpad JCR repositoryJCR repositoryJCR repositoryJCR repositoryJCR repository 25
  • 26. The OSGi installer... is a dynamic component reconciles application state from multiple sources is not needed in a statically defined/immutable application ... we are buiding immutable applications 26
  • 28. FM: Installing configurations { "configurations": { "o.a.s.jcr.davex.impl.servlets.SlingDavExServlet":{ "alias":"/server" } } } 28
  • 29. FM: Installing content packages  content packages are by default forwarded to the OSGi installer { "content-packages:ARTIFACTS|true": [ "o.a.s:sling-slingshot-apps-pkg:zip:1.0-SNAPSHOT", "o.a.s:sling-slingshot-content-pkg:zip:1.0-SNAPSHOT" ] } <workspaceFilter version="1.0"> <filter root="/libs/slingshot/config"/> <filter root="/apps/bundles/install/bundle.jar"/> </workspaceFilter> 29
  • 30. Content Package to Feature Model Handles nested artifacts inside content packages OSGi bundles OSGi configurations Other content packages Converts access control configurations System Users Access control entries (resource-based) No support for principal-based access control entries 30
  • 31. Conversion result { "id":"o.a.s:sling-slingshot-apps-pkg:slingosgifeature:1.0", "bundles":[ "o.a.s:o.a.s.sample.slingshot:0.9.1" ], "configurations": { "o.a.s....ServiceUserMapperImpl.amended~slingshot": { "o.a.s.sample.slingshot=[slingshot-service]" } }, "content-packages:ARTIFACTS|true":[ "o.a.s:sling-slingshot-apps-pkg:zip:cp2fm-converted:1.0" ], "repoinit:TEXT|true":[ "create service user slingshot-service" ] } 31
  • 32. Alternative Package Registry o.a.j.vault....FSPackageRegistry Stores packages in the filesystem Can be assembled without a JCR repository Relies on an existing execution plan Plan prepared by the Sling Content Deployment Extension 32
  • 34. Demo recap Sling Docker image using the feature model the composite node store Docker updates done with a simple restart preserving the 'content' part of the repository Removing the OSGi installer using the content- package converter 34
  • 35. Resources (Sling) Content Package to Feature Model Converter (Sling) Content Deployment Extension (Oak) Composite Node Store (Oak) Principal-Based Authentication (Oak) Pre-Authenticated Login 35