SlideShare a Scribd company logo
1 of 35
Download to read offline
EUROPE'S LEADING AEM DEVELOPER CONFERENCE
28th - 30th SEPTEMBER 2020
Escape the defaults
Configuring Sling to behave like AEM as a Cloud Service
Robert Munteanu, Adobe
Slides revision: 20200827-b88ebd4
1
About me
2
Outline
Why change the defaults?
Separation of content and apps
Principal-based authentication
Pre-authenticating system users
Removing the OSGi installer
Demo
3
Why change the defaults?
4
One size does not fit allOne size does not fit allOne size does not fit allOne size does not fit allOne size does not fit all
Sling does not prescribe how to deploySling does not prescribe how to deploySling does not prescribe how to deploySling does not prescribe how to deploySling does not prescribe how to deploy
configurationsconfigurationsconfigurationsconfigurationsconfigurations
Sling does not prescribe how to deploy codeSling does not prescribe how to deploy codeSling does not prescribe how to deploy codeSling does not prescribe how to deploy codeSling does not prescribe how to deploy code
Sling does not enforce separation of content andSling does not enforce separation of content andSling does not enforce separation of content andSling does not enforce separation of content andSling does not enforce separation of content and
codecodecodecodecode
Sling does not choose a persistence mechansimSling does not choose a persistence mechansimSling does not choose a persistence mechansimSling does not choose a persistence mechansimSling does not choose a persistence mechansim
for youfor youfor youfor youfor you
5
CRX DE Lite is a development toolCRX DE Lite is a development toolCRX DE Lite is a development toolCRX DE Lite is a development toolCRX DE Lite is a development tool
Ask it...Ask it...Ask it...Ask it...Ask it...
 What ACEs are defined for this node?What ACEs are defined for this node?What ACEs are defined for this node?What ACEs are defined for this node?What ACEs are defined for this node?
 What is content structure of the repository?What is content structure of the repository?What is content structure of the repository?What is content structure of the repository?What is content structure of the repository?
But not...But not...But not...But not...But not...
 What revision of the code am I running?What revision of the code am I running?What revision of the code am I running?What revision of the code am I running?What revision of the code am I running?
 Do I have the same code version on allDo I have the same code version on allDo I have the same code version on allDo I have the same code version on allDo I have the same code version on all
instances?instances?instances?instances?instances?
 How can I deploy a quick fix in production?How can I deploy a quick fix in production?How can I deploy a quick fix in production?How can I deploy a quick fix in production?How can I deploy a quick fix in production?
6
Better ways of asking ...
$ kubectl describe deployment sling-starter
Containers:
main:
Image: apache/sling-starter:1.0-cafebafe
$ kubectl apply -f deployments/sling-starter.yaml
$ rpm -q sling-starter
sling-starter-1.0_cafebabe-1.noarch
$ rpm -Uvh sling-start-1.1_sodadude-1.noarch
$ curl http://sling-starter.example.org/version
1.0-cafebabe
7
Prevent mistakes
8
Separation of content and apps
9
The composite node store
Clear separation of code from
content
Enforces read-only status of
code and (mostly) configuration
Allows swapping in a separate
node store (with restart)
10
Generating /libs and /apps
Must be a NodeStore
Must reflect the state of the deployment:
Nodes
Principals
Indexes
Access Control entries
Coming from:
Repoinit
Content Packages
Sling Content Loader
Java code - Bundle Activator, Install Hooks, ... 11
Generating /libs and /appsGenerating /libs and /appsGenerating /libs and /appsGenerating /libs and /appsGenerating /libs and /apps
Start SlingStart SlingStart SlingStart SlingStart Sling
Wait for it to be (System) ReadyWait for it to be (System) ReadyWait for it to be (System) ReadyWait for it to be (System) ReadyWait for it to be (System) Ready
Stop SlingStop SlingStop SlingStop SlingStop Sling
Save the repositorySave the repositorySave the repositorySave the repositorySave the repository
12
Principal-based authentication
13
Resource-based authentication
14
Principal-based authentication
15
Benefits
Easy to inspect access control entries for a given
principal
Access control entries independent of the
existence of their target
Much simpler packaging story in content
packages
16
Usage
FileVault
rep:PrincipalBasedMixin
rep:PrincipalPolicy
rep:PrincipalEntry
Repoinit
create service user sling-readall with path system/sling
set principal ACL for sling-readall
allow jcr:read on /
end
17
Pre-authenticating system users
18
Reminder: loginAdministrative
19
Reminder: service user mappings
// uses bundle name, no subservice, default workspace
slingRepository.loginService(null, null);
// uses bundle name, 'scripts' subservice, default workspace
slingRepository.loginService("scripts", null);
"o.a.s.....ServiceUserMapperImpl.amended~i18n":{
"user.mapping":[
"org.apache.sling.i18n=sling-i18n"
]
},
"o.a.s.....ServiceUserMapperImpl.amended~servletsresolver":{
"user.mapping":[
"o.a.s.servlets.resolver:console=sling-readall",
"o.a.s.servlets.resolver:scripts=sling-scripting"
]
}
20
Duplicated system user privileges
set ACL for sling-mapping
allow jcr:read on /
end
set ACL for sling-i18n
allow jcr:read on /
end
set ACL for sling-jcr-install
allow jcr:read on /
allow rep:write on /apps/sling/install
end
21
Pre-authenticated loginPre-authenticated loginPre-authenticated loginPre-authenticated loginPre-authenticated login
Supply all principals at login in timeSupply all principals at login in timeSupply all principals at login in timeSupply all principals at login in timeSupply all principals at login in time
Faster by skipping authenticationFaster by skipping authenticationFaster by skipping authenticationFaster by skipping authenticationFaster by skipping authentication
Allows mapping a service to multiple usersAllows mapping a service to multiple usersAllows mapping a service to multiple usersAllows mapping a service to multiple usersAllows mapping a service to multiple users
22
Pre-authenticated system users
create service user sling-readall
set ACL for sling-readall
allow jcr:read on /
end
create service user sling-jcr-install
set ACL for sling-jcr-install
allow rep:write on /apps/sling/install
end
"o.a.s.....ServiceUserMapperImpl.amended~i18n":{
"user.mapping":[
"org.apache.sling.i18n=[sling-readall]"
]
}, "o.a.s.....ServiceUserMapperImpl.amended~~jcr-install":{
"user.mapping":[
"o.a.s.installer.provider.jcr=[sling-jcr-install,⏎
sling-readall]"
]
}
23
Removing the OSGi installer
24
The OSGi installer...The OSGi installer...The OSGi installer...The OSGi installer...The OSGi installer...
installsinstallsinstallsinstallsinstalls
bundlesbundlesbundlesbundlesbundles
configurationsconfigurationsconfigurationsconfigurationsconfigurations
content packagescontent packagescontent packagescontent packagescontent packages
fromfromfromfromfrom
filesystemfilesystemfilesystemfilesystemfilesystem
launchpadlaunchpadlaunchpadlaunchpadlaunchpad
JCR repositoryJCR repositoryJCR repositoryJCR repositoryJCR repository
25
The OSGi installer...
is a dynamic component
reconciles application state from multiple
sources
is not needed in a statically defined/immutable
application
... we are buiding immutable applications
26
FM: Installing bundles
{
"bundles":[
{
"id":"org.apache.aries:org.apache.aries.util:1.1.3",
"start-order":"1"
}
]
}
27
FM: Installing configurations
{
"configurations": {
"o.a.s.jcr.davex.impl.servlets.SlingDavExServlet":{
"alias":"/server"
}
}
}
28
FM: Installing content packages
 content packages are by default
forwarded to the OSGi installer
{
"content-packages:ARTIFACTS|true": [
"o.a.s:sling-slingshot-apps-pkg:zip:1.0-SNAPSHOT",
"o.a.s:sling-slingshot-content-pkg:zip:1.0-SNAPSHOT"
]
}
<workspaceFilter version="1.0">
<filter root="/libs/slingshot/config"/>
<filter root="/apps/bundles/install/bundle.jar"/>
</workspaceFilter>
29
Content Package to Feature Model
Handles nested artifacts inside content
packages
OSGi bundles
OSGi configurations
Other content packages
Converts access control configurations
System Users
Access control entries (resource-based)
No support for principal-based access control
entries 30
Conversion result
{
"id":"o.a.s:sling-slingshot-apps-pkg:slingosgifeature:1.0",
"bundles":[
"o.a.s:o.a.s.sample.slingshot:0.9.1"
], "configurations": {
"o.a.s....ServiceUserMapperImpl.amended~slingshot": {
"o.a.s.sample.slingshot=[slingshot-service]"
}
}, "content-packages:ARTIFACTS|true":[
"o.a.s:sling-slingshot-apps-pkg:zip:cp2fm-converted:1.0"
], "repoinit:TEXT|true":[
"create service user slingshot-service"
]
}
31
Alternative Package Registry
o.a.j.vault....FSPackageRegistry
Stores packages in the filesystem
Can be assembled without a JCR repository
Relies on an existing execution plan
Plan prepared by the Sling Content Deployment
Extension
32
Demo
33
Demo recap
Sling Docker image using
the feature model
the composite node store
Docker updates
done with a simple restart
preserving the 'content' part of the repository
Removing the OSGi installer using the content-
package converter
34
Resources
(Sling) Content Package to Feature Model
Converter
(Sling) Content Deployment Extension
(Oak) Composite Node Store
(Oak) Principal-Based Authentication
(Oak) Pre-Authenticated Login
35

More Related Content

What's hot

The internet of (lego) trains
The internet of (lego) trainsThe internet of (lego) trains
The internet of (lego) trainsGrzegorz Duda
 
invokedynamic for Mere Mortals [Code One 2019]
invokedynamic for Mere Mortals [Code One 2019]invokedynamic for Mere Mortals [Code One 2019]
invokedynamic for Mere Mortals [Code One 2019]David Buck
 
Python + GDB = Javaデバッガ
Python + GDB = JavaデバッガPython + GDB = Javaデバッガ
Python + GDB = JavaデバッガKenji Kazumura
 
Dockerize it! @ Codemotion 2016 in Rome
Dockerize it! @ Codemotion 2016 in RomeDockerize it! @ Codemotion 2016 in Rome
Dockerize it! @ Codemotion 2016 in RomeAlessandro Nadalin
 
Zend Framework 2 - Basic Components
Zend Framework 2  - Basic ComponentsZend Framework 2  - Basic Components
Zend Framework 2 - Basic ComponentsMateusz Tymek
 
Building Fast, Modern Web Applications with Node.js and CoffeeScript
Building Fast, Modern Web Applications with Node.js and CoffeeScriptBuilding Fast, Modern Web Applications with Node.js and CoffeeScript
Building Fast, Modern Web Applications with Node.js and CoffeeScriptroyaldark
 
How Can PVS-Studio Help in the Detection of Vulnerabilities?
How Can PVS-Studio Help in the Detection of Vulnerabilities?How Can PVS-Studio Help in the Detection of Vulnerabilities?
How Can PVS-Studio Help in the Detection of Vulnerabilities?PVS-Studio
 
Ane for 9ria_cn
Ane for 9ria_cnAne for 9ria_cn
Ane for 9ria_cnsonicxs
 
vert.x 소개 및 개발 실습
vert.x 소개 및 개발 실습vert.x 소개 및 개발 실습
vert.x 소개 및 개발 실습John Kim
 
Building your first Node app with Connect & Express
Building your first Node app with Connect & ExpressBuilding your first Node app with Connect & Express
Building your first Node app with Connect & ExpressChristian Joudrey
 
Improving app performance with Kotlin Coroutines
Improving app performance with Kotlin CoroutinesImproving app performance with Kotlin Coroutines
Improving app performance with Kotlin CoroutinesHassan Abid
 
JDK Mission Control: Where We Are, Where We Are Going [Code One 2019]
JDK Mission Control: Where We Are, Where We Are Going [Code One 2019]JDK Mission Control: Where We Are, Where We Are Going [Code One 2019]
JDK Mission Control: Where We Are, Where We Are Going [Code One 2019]David Buck
 
Nashorn : JavaScript Running on Java VM (Japanese)
Nashorn : JavaScript Running on Java VM (Japanese)Nashorn : JavaScript Running on Java VM (Japanese)
Nashorn : JavaScript Running on Java VM (Japanese)Logico
 
CSI (Crash Scene Investigation) HotSpot: Common JVM Crash Causes and Solution...
CSI (Crash Scene Investigation) HotSpot: Common JVM Crash Causes and Solution...CSI (Crash Scene Investigation) HotSpot: Common JVM Crash Causes and Solution...
CSI (Crash Scene Investigation) HotSpot: Common JVM Crash Causes and Solution...David Buck
 
Iz Pack
Iz PackIz Pack
Iz PackInria
 

What's hot (19)

The internet of (lego) trains
The internet of (lego) trainsThe internet of (lego) trains
The internet of (lego) trains
 
invokedynamic for Mere Mortals [Code One 2019]
invokedynamic for Mere Mortals [Code One 2019]invokedynamic for Mere Mortals [Code One 2019]
invokedynamic for Mere Mortals [Code One 2019]
 
Commcon 2018
Commcon 2018Commcon 2018
Commcon 2018
 
Python + GDB = Javaデバッガ
Python + GDB = JavaデバッガPython + GDB = Javaデバッガ
Python + GDB = Javaデバッガ
 
Dockerize it! @ Codemotion 2016 in Rome
Dockerize it! @ Codemotion 2016 in RomeDockerize it! @ Codemotion 2016 in Rome
Dockerize it! @ Codemotion 2016 in Rome
 
Zend Framework 2 - Basic Components
Zend Framework 2  - Basic ComponentsZend Framework 2  - Basic Components
Zend Framework 2 - Basic Components
 
Building Fast, Modern Web Applications with Node.js and CoffeeScript
Building Fast, Modern Web Applications with Node.js and CoffeeScriptBuilding Fast, Modern Web Applications with Node.js and CoffeeScript
Building Fast, Modern Web Applications with Node.js and CoffeeScript
 
How Can PVS-Studio Help in the Detection of Vulnerabilities?
How Can PVS-Studio Help in the Detection of Vulnerabilities?How Can PVS-Studio Help in the Detection of Vulnerabilities?
How Can PVS-Studio Help in the Detection of Vulnerabilities?
 
OSGi Blueprint Services
OSGi Blueprint ServicesOSGi Blueprint Services
OSGi Blueprint Services
 
Ane for 9ria_cn
Ane for 9ria_cnAne for 9ria_cn
Ane for 9ria_cn
 
vert.x 소개 및 개발 실습
vert.x 소개 및 개발 실습vert.x 소개 및 개발 실습
vert.x 소개 및 개발 실습
 
ssssss
ssssssssssss
ssssss
 
Building your first Node app with Connect & Express
Building your first Node app with Connect & ExpressBuilding your first Node app with Connect & Express
Building your first Node app with Connect & Express
 
Improving app performance with Kotlin Coroutines
Improving app performance with Kotlin CoroutinesImproving app performance with Kotlin Coroutines
Improving app performance with Kotlin Coroutines
 
OSGi Presentation
OSGi PresentationOSGi Presentation
OSGi Presentation
 
JDK Mission Control: Where We Are, Where We Are Going [Code One 2019]
JDK Mission Control: Where We Are, Where We Are Going [Code One 2019]JDK Mission Control: Where We Are, Where We Are Going [Code One 2019]
JDK Mission Control: Where We Are, Where We Are Going [Code One 2019]
 
Nashorn : JavaScript Running on Java VM (Japanese)
Nashorn : JavaScript Running on Java VM (Japanese)Nashorn : JavaScript Running on Java VM (Japanese)
Nashorn : JavaScript Running on Java VM (Japanese)
 
CSI (Crash Scene Investigation) HotSpot: Common JVM Crash Causes and Solution...
CSI (Crash Scene Investigation) HotSpot: Common JVM Crash Causes and Solution...CSI (Crash Scene Investigation) HotSpot: Common JVM Crash Causes and Solution...
CSI (Crash Scene Investigation) HotSpot: Common JVM Crash Causes and Solution...
 
Iz Pack
Iz PackIz Pack
Iz Pack
 

Similar to Escape the defaults - Configure Sling like AEM as a Cloud Service

Cloud-powered Continuous Integration and Deployment architectures - Jinesh Varia
Cloud-powered Continuous Integration and Deployment architectures - Jinesh VariaCloud-powered Continuous Integration and Deployment architectures - Jinesh Varia
Cloud-powered Continuous Integration and Deployment architectures - Jinesh VariaAmazon Web Services
 
Introduction To Eclipse RCP
Introduction To Eclipse RCPIntroduction To Eclipse RCP
Introduction To Eclipse RCPwhbath
 
Operational Visibiliy and Analytics - BU Seminar
Operational Visibiliy and Analytics - BU SeminarOperational Visibiliy and Analytics - BU Seminar
Operational Visibiliy and Analytics - BU SeminarCanturk Isci
 
Pragmatic Pipeline Security
Pragmatic Pipeline SecurityPragmatic Pipeline Security
Pragmatic Pipeline SecurityJames Wickett
 
20160221 va interconnect_pub
20160221 va interconnect_pub20160221 va interconnect_pub
20160221 va interconnect_pubCanturk Isci
 
Sviluppo di architetture orientate ai servizi con EclipseSOA
Sviluppo di architetture orientate ai servizi con EclipseSOA Sviluppo di architetture orientate ai servizi con EclipseSOA
Sviluppo di architetture orientate ai servizi con EclipseSOA Alberto Lagna
 
The DevOps paradigm - the evolution of IT professionals and opensource toolkit
The DevOps paradigm - the evolution of IT professionals and opensource toolkitThe DevOps paradigm - the evolution of IT professionals and opensource toolkit
The DevOps paradigm - the evolution of IT professionals and opensource toolkitMarco Ferrigno
 
The DevOps Paradigm
The DevOps ParadigmThe DevOps Paradigm
The DevOps ParadigmNaLUG
 
How to put 10lbs of functionality into a 5lb package.
How to put 10lbs of functionality into a 5lb package.How to put 10lbs of functionality into a 5lb package.
How to put 10lbs of functionality into a 5lb package.Marc Karasek
 
Learn you some Ansible for great good!
Learn you some Ansible for great good!Learn you some Ansible for great good!
Learn you some Ansible for great good!David Lapsley
 
Maxim Salnikov - Service Worker: taking the best from the past experience for...
Maxim Salnikov - Service Worker: taking the best from the past experience for...Maxim Salnikov - Service Worker: taking the best from the past experience for...
Maxim Salnikov - Service Worker: taking the best from the past experience for...Codemotion
 
System Hardening Using Ansible
System Hardening Using AnsibleSystem Hardening Using Ansible
System Hardening Using AnsibleSonatype
 
Serverless in production (O'Reilly Software Architecture)
Serverless in production (O'Reilly Software Architecture)Serverless in production (O'Reilly Software Architecture)
Serverless in production (O'Reilly Software Architecture)Yan Cui
 
Linux Assignment 3
Linux Assignment 3Linux Assignment 3
Linux Assignment 3Diane Allen
 
The Ember.js Framework - Everything You Need To Know
The Ember.js Framework - Everything You Need To KnowThe Ember.js Framework - Everything You Need To Know
The Ember.js Framework - Everything You Need To KnowAll Things Open
 
Agentless System Crawler - InterConnect 2016
Agentless System Crawler - InterConnect 2016Agentless System Crawler - InterConnect 2016
Agentless System Crawler - InterConnect 2016Canturk Isci
 

Similar to Escape the defaults - Configure Sling like AEM as a Cloud Service (20)

Cloud-powered Continuous Integration and Deployment architectures - Jinesh Varia
Cloud-powered Continuous Integration and Deployment architectures - Jinesh VariaCloud-powered Continuous Integration and Deployment architectures - Jinesh Varia
Cloud-powered Continuous Integration and Deployment architectures - Jinesh Varia
 
Introduction To Eclipse RCP
Introduction To Eclipse RCPIntroduction To Eclipse RCP
Introduction To Eclipse RCP
 
Operational Visibiliy and Analytics - BU Seminar
Operational Visibiliy and Analytics - BU SeminarOperational Visibiliy and Analytics - BU Seminar
Operational Visibiliy and Analytics - BU Seminar
 
Pragmatic Pipeline Security
Pragmatic Pipeline SecurityPragmatic Pipeline Security
Pragmatic Pipeline Security
 
20160221 va interconnect_pub
20160221 va interconnect_pub20160221 va interconnect_pub
20160221 va interconnect_pub
 
Sviluppo di architetture orientate ai servizi con EclipseSOA
Sviluppo di architetture orientate ai servizi con EclipseSOA Sviluppo di architetture orientate ai servizi con EclipseSOA
Sviluppo di architetture orientate ai servizi con EclipseSOA
 
The DevOps paradigm - the evolution of IT professionals and opensource toolkit
The DevOps paradigm - the evolution of IT professionals and opensource toolkitThe DevOps paradigm - the evolution of IT professionals and opensource toolkit
The DevOps paradigm - the evolution of IT professionals and opensource toolkit
 
The DevOps Paradigm
The DevOps ParadigmThe DevOps Paradigm
The DevOps Paradigm
 
How to put 10lbs of functionality into a 5lb package.
How to put 10lbs of functionality into a 5lb package.How to put 10lbs of functionality into a 5lb package.
How to put 10lbs of functionality into a 5lb package.
 
Learn you some Ansible for great good!
Learn you some Ansible for great good!Learn you some Ansible for great good!
Learn you some Ansible for great good!
 
Pentesting iOS Apps
Pentesting iOS AppsPentesting iOS Apps
Pentesting iOS Apps
 
Maxim Salnikov - Service Worker: taking the best from the past experience for...
Maxim Salnikov - Service Worker: taking the best from the past experience for...Maxim Salnikov - Service Worker: taking the best from the past experience for...
Maxim Salnikov - Service Worker: taking the best from the past experience for...
 
System Hardening Using Ansible
System Hardening Using AnsibleSystem Hardening Using Ansible
System Hardening Using Ansible
 
PHP Con09: SVN Advanced
PHP Con09: SVN AdvancedPHP Con09: SVN Advanced
PHP Con09: SVN Advanced
 
Serverless in production (O'Reilly Software Architecture)
Serverless in production (O'Reilly Software Architecture)Serverless in production (O'Reilly Software Architecture)
Serverless in production (O'Reilly Software Architecture)
 
Azure from scratch part 4
Azure from scratch part 4Azure from scratch part 4
Azure from scratch part 4
 
Marcin Szałowicz - MySQL Workbench
Marcin Szałowicz - MySQL WorkbenchMarcin Szałowicz - MySQL Workbench
Marcin Szałowicz - MySQL Workbench
 
Linux Assignment 3
Linux Assignment 3Linux Assignment 3
Linux Assignment 3
 
The Ember.js Framework - Everything You Need To Know
The Ember.js Framework - Everything You Need To KnowThe Ember.js Framework - Everything You Need To Know
The Ember.js Framework - Everything You Need To Know
 
Agentless System Crawler - InterConnect 2016
Agentless System Crawler - InterConnect 2016Agentless System Crawler - InterConnect 2016
Agentless System Crawler - InterConnect 2016
 

More from Robert Munteanu

Secure by Default Web Applications
Secure by Default Web ApplicationsSecure by Default Web Applications
Secure by Default Web ApplicationsRobert Munteanu
 
Sling Applications - A DevOps perspective
Sling Applications - A DevOps perspectiveSling Applications - A DevOps perspective
Sling Applications - A DevOps perspectiveRobert Munteanu
 
Will it blend? Java agents and OSGi
Will it blend? Java agents and OSGiWill it blend? Java agents and OSGi
Will it blend? Java agents and OSGiRobert Munteanu
 
Crash course in Kubernetes monitoring
Crash course in Kubernetes monitoringCrash course in Kubernetes monitoring
Crash course in Kubernetes monitoringRobert Munteanu
 
Java agents for fun and (not so much) profit
Java agents for fun and (not so much) profitJava agents for fun and (not so much) profit
Java agents for fun and (not so much) profitRobert Munteanu
 
Will it blend? Java agents and OSGi
Will it blend? Java agents and OSGiWill it blend? Java agents and OSGi
Will it blend? Java agents and OSGiRobert Munteanu
 
Cloud-native legacy applications
Cloud-native legacy applicationsCloud-native legacy applications
Cloud-native legacy applicationsRobert Munteanu
 
From Monolith to Modules - breaking apart a one size fits all product into mo...
From Monolith to Modules - breaking apart a one size fits all product into mo...From Monolith to Modules - breaking apart a one size fits all product into mo...
From Monolith to Modules - breaking apart a one size fits all product into mo...Robert Munteanu
 
What's new in the Sling developer tooling?
What's new in the Sling developer tooling?What's new in the Sling developer tooling?
What's new in the Sling developer tooling?Robert Munteanu
 
Scaling up development of a modular code base
Scaling up development of a modular code baseScaling up development of a modular code base
Scaling up development of a modular code baseRobert Munteanu
 
Scaling up development of a modular code base
Scaling up development of a modular code baseScaling up development of a modular code base
Scaling up development of a modular code baseRobert Munteanu
 
Scaling up development of a modular code base
Scaling up development of a modular code baseScaling up development of a modular code base
Scaling up development of a modular code baseRobert Munteanu
 
Zero downtime deployments for Sling application using Docker
Zero downtime deployments for Sling application using DockerZero downtime deployments for Sling application using Docker
Zero downtime deployments for Sling application using DockerRobert Munteanu
 
Scaling up development of a modular code base
Scaling up development of a modular code baseScaling up development of a modular code base
Scaling up development of a modular code baseRobert Munteanu
 
Do you really want to go fully micro?
Do you really want to go fully micro?Do you really want to go fully micro?
Do you really want to go fully micro?Robert Munteanu
 
Effective web application development with Apache Sling
Effective web application development with Apache SlingEffective web application development with Apache Sling
Effective web application development with Apache SlingRobert Munteanu
 
Of microservices and microservices
Of microservices and microservicesOf microservices and microservices
Of microservices and microservicesRobert Munteanu
 
Slide IDE Tooling (adaptTo 2016)
Slide IDE Tooling (adaptTo 2016)Slide IDE Tooling (adaptTo 2016)
Slide IDE Tooling (adaptTo 2016)Robert Munteanu
 
Secure by Default Web Applications with Apache Sling
Secure by Default Web Applications with Apache SlingSecure by Default Web Applications with Apache Sling
Secure by Default Web Applications with Apache SlingRobert Munteanu
 

More from Robert Munteanu (20)

Secure by Default Web Applications
Secure by Default Web ApplicationsSecure by Default Web Applications
Secure by Default Web Applications
 
Sling Applications - A DevOps perspective
Sling Applications - A DevOps perspectiveSling Applications - A DevOps perspective
Sling Applications - A DevOps perspective
 
Will it blend? Java agents and OSGi
Will it blend? Java agents and OSGiWill it blend? Java agents and OSGi
Will it blend? Java agents and OSGi
 
Crash course in Kubernetes monitoring
Crash course in Kubernetes monitoringCrash course in Kubernetes monitoring
Crash course in Kubernetes monitoring
 
Java agents for fun and (not so much) profit
Java agents for fun and (not so much) profitJava agents for fun and (not so much) profit
Java agents for fun and (not so much) profit
 
Will it blend? Java agents and OSGi
Will it blend? Java agents and OSGiWill it blend? Java agents and OSGi
Will it blend? Java agents and OSGi
 
Cloud-native legacy applications
Cloud-native legacy applicationsCloud-native legacy applications
Cloud-native legacy applications
 
Cloud-Native Sling
Cloud-Native SlingCloud-Native Sling
Cloud-Native Sling
 
From Monolith to Modules - breaking apart a one size fits all product into mo...
From Monolith to Modules - breaking apart a one size fits all product into mo...From Monolith to Modules - breaking apart a one size fits all product into mo...
From Monolith to Modules - breaking apart a one size fits all product into mo...
 
What's new in the Sling developer tooling?
What's new in the Sling developer tooling?What's new in the Sling developer tooling?
What's new in the Sling developer tooling?
 
Scaling up development of a modular code base
Scaling up development of a modular code baseScaling up development of a modular code base
Scaling up development of a modular code base
 
Scaling up development of a modular code base
Scaling up development of a modular code baseScaling up development of a modular code base
Scaling up development of a modular code base
 
Scaling up development of a modular code base
Scaling up development of a modular code baseScaling up development of a modular code base
Scaling up development of a modular code base
 
Zero downtime deployments for Sling application using Docker
Zero downtime deployments for Sling application using DockerZero downtime deployments for Sling application using Docker
Zero downtime deployments for Sling application using Docker
 
Scaling up development of a modular code base
Scaling up development of a modular code baseScaling up development of a modular code base
Scaling up development of a modular code base
 
Do you really want to go fully micro?
Do you really want to go fully micro?Do you really want to go fully micro?
Do you really want to go fully micro?
 
Effective web application development with Apache Sling
Effective web application development with Apache SlingEffective web application development with Apache Sling
Effective web application development with Apache Sling
 
Of microservices and microservices
Of microservices and microservicesOf microservices and microservices
Of microservices and microservices
 
Slide IDE Tooling (adaptTo 2016)
Slide IDE Tooling (adaptTo 2016)Slide IDE Tooling (adaptTo 2016)
Slide IDE Tooling (adaptTo 2016)
 
Secure by Default Web Applications with Apache Sling
Secure by Default Web Applications with Apache SlingSecure by Default Web Applications with Apache Sling
Secure by Default Web Applications with Apache Sling
 

Recently uploaded

Rapidoform for Modern Form Building and Insights
Rapidoform for Modern Form Building and InsightsRapidoform for Modern Form Building and Insights
Rapidoform for Modern Form Building and Insightsrapidoform
 
The mythical technical debt. (Brooke, please, forgive me)
The mythical technical debt. (Brooke, please, forgive me)The mythical technical debt. (Brooke, please, forgive me)
The mythical technical debt. (Brooke, please, forgive me)Roberto Bettazzoni
 
The Strategic Impact of Buying vs Building in Test Automation
The Strategic Impact of Buying vs Building in Test AutomationThe Strategic Impact of Buying vs Building in Test Automation
The Strategic Impact of Buying vs Building in Test AutomationElement34
 
Software Engineering - Introduction + Process Models + Requirements Engineering
Software Engineering - Introduction + Process Models + Requirements EngineeringSoftware Engineering - Introduction + Process Models + Requirements Engineering
Software Engineering - Introduction + Process Models + Requirements EngineeringPrakhyath Rai
 
Weeding your micro service landscape.pdf
Weeding your micro service landscape.pdfWeeding your micro service landscape.pdf
Weeding your micro service landscape.pdftimtebeek1
 
architecting-ai-in-the-enterprise-apis-and-applications.pdf
architecting-ai-in-the-enterprise-apis-and-applications.pdfarchitecting-ai-in-the-enterprise-apis-and-applications.pdf
architecting-ai-in-the-enterprise-apis-and-applications.pdfWSO2
 
GraphSummit Milan - Visione e roadmap del prodotto Neo4j
GraphSummit Milan - Visione e roadmap del prodotto Neo4jGraphSummit Milan - Visione e roadmap del prodotto Neo4j
GraphSummit Milan - Visione e roadmap del prodotto Neo4jNeo4j
 
A Deep Dive into Secure Product Development Frameworks.pdf
A Deep Dive into Secure Product Development Frameworks.pdfA Deep Dive into Secure Product Development Frameworks.pdf
A Deep Dive into Secure Product Development Frameworks.pdfICS
 
Automate your OpenSIPS config tests - OpenSIPS Summit 2024
Automate your OpenSIPS config tests - OpenSIPS Summit 2024Automate your OpenSIPS config tests - OpenSIPS Summit 2024
Automate your OpenSIPS config tests - OpenSIPS Summit 2024Andreas Granig
 
Microsoft365_Dev_Security_2024_05_16.pdf
Microsoft365_Dev_Security_2024_05_16.pdfMicrosoft365_Dev_Security_2024_05_16.pdf
Microsoft365_Dev_Security_2024_05_16.pdfMarkus Moeller
 
From Knowledge Graphs via Lego Bricks to scientific conversations.pptx
From Knowledge Graphs via Lego Bricks to scientific conversations.pptxFrom Knowledge Graphs via Lego Bricks to scientific conversations.pptx
From Knowledge Graphs via Lego Bricks to scientific conversations.pptxNeo4j
 
BusinessGPT - Security and Governance for Generative AI
BusinessGPT  - Security and Governance for Generative AIBusinessGPT  - Security and Governance for Generative AI
BusinessGPT - Security and Governance for Generative AIAGATSoftware
 
GraphSummit Milan - Neo4j: The Art of the Possible with Graph
GraphSummit Milan - Neo4j: The Art of the Possible with GraphGraphSummit Milan - Neo4j: The Art of the Possible with Graph
GraphSummit Milan - Neo4j: The Art of the Possible with GraphNeo4j
 
[GeeCON2024] How I learned to stop worrying and love the dark silicon apocalypse
[GeeCON2024] How I learned to stop worrying and love the dark silicon apocalypse[GeeCON2024] How I learned to stop worrying and love the dark silicon apocalypse
[GeeCON2024] How I learned to stop worrying and love the dark silicon apocalypseTomasz Kowalczewski
 
Your Ultimate Web Studio for Streaming Anywhere | Evmux
Your Ultimate Web Studio for Streaming Anywhere | EvmuxYour Ultimate Web Studio for Streaming Anywhere | Evmux
Your Ultimate Web Studio for Streaming Anywhere | Evmuxevmux96
 
Effective Strategies for Wix's Scaling challenges - GeeCon
Effective Strategies for Wix's Scaling challenges - GeeConEffective Strategies for Wix's Scaling challenges - GeeCon
Effective Strategies for Wix's Scaling challenges - GeeConNatan Silnitsky
 

Recently uploaded (20)

Rapidoform for Modern Form Building and Insights
Rapidoform for Modern Form Building and InsightsRapidoform for Modern Form Building and Insights
Rapidoform for Modern Form Building and Insights
 
Abortion Clinic In Johannesburg ](+27832195400*)[ 🏥 Safe Abortion Pills in Jo...
Abortion Clinic In Johannesburg ](+27832195400*)[ 🏥 Safe Abortion Pills in Jo...Abortion Clinic In Johannesburg ](+27832195400*)[ 🏥 Safe Abortion Pills in Jo...
Abortion Clinic In Johannesburg ](+27832195400*)[ 🏥 Safe Abortion Pills in Jo...
 
The mythical technical debt. (Brooke, please, forgive me)
The mythical technical debt. (Brooke, please, forgive me)The mythical technical debt. (Brooke, please, forgive me)
The mythical technical debt. (Brooke, please, forgive me)
 
The Strategic Impact of Buying vs Building in Test Automation
The Strategic Impact of Buying vs Building in Test AutomationThe Strategic Impact of Buying vs Building in Test Automation
The Strategic Impact of Buying vs Building in Test Automation
 
Software Engineering - Introduction + Process Models + Requirements Engineering
Software Engineering - Introduction + Process Models + Requirements EngineeringSoftware Engineering - Introduction + Process Models + Requirements Engineering
Software Engineering - Introduction + Process Models + Requirements Engineering
 
Weeding your micro service landscape.pdf
Weeding your micro service landscape.pdfWeeding your micro service landscape.pdf
Weeding your micro service landscape.pdf
 
architecting-ai-in-the-enterprise-apis-and-applications.pdf
architecting-ai-in-the-enterprise-apis-and-applications.pdfarchitecting-ai-in-the-enterprise-apis-and-applications.pdf
architecting-ai-in-the-enterprise-apis-and-applications.pdf
 
GraphSummit Milan - Visione e roadmap del prodotto Neo4j
GraphSummit Milan - Visione e roadmap del prodotto Neo4jGraphSummit Milan - Visione e roadmap del prodotto Neo4j
GraphSummit Milan - Visione e roadmap del prodotto Neo4j
 
Abortion Pill Prices Turfloop ](+27832195400*)[ 🏥 Women's Abortion Clinic in ...
Abortion Pill Prices Turfloop ](+27832195400*)[ 🏥 Women's Abortion Clinic in ...Abortion Pill Prices Turfloop ](+27832195400*)[ 🏥 Women's Abortion Clinic in ...
Abortion Pill Prices Turfloop ](+27832195400*)[ 🏥 Women's Abortion Clinic in ...
 
Abortion Pill Prices Mthatha (@](+27832195400*)[ 🏥 Women's Abortion Clinic In...
Abortion Pill Prices Mthatha (@](+27832195400*)[ 🏥 Women's Abortion Clinic In...Abortion Pill Prices Mthatha (@](+27832195400*)[ 🏥 Women's Abortion Clinic In...
Abortion Pill Prices Mthatha (@](+27832195400*)[ 🏥 Women's Abortion Clinic In...
 
A Deep Dive into Secure Product Development Frameworks.pdf
A Deep Dive into Secure Product Development Frameworks.pdfA Deep Dive into Secure Product Development Frameworks.pdf
A Deep Dive into Secure Product Development Frameworks.pdf
 
Automate your OpenSIPS config tests - OpenSIPS Summit 2024
Automate your OpenSIPS config tests - OpenSIPS Summit 2024Automate your OpenSIPS config tests - OpenSIPS Summit 2024
Automate your OpenSIPS config tests - OpenSIPS Summit 2024
 
Microsoft365_Dev_Security_2024_05_16.pdf
Microsoft365_Dev_Security_2024_05_16.pdfMicrosoft365_Dev_Security_2024_05_16.pdf
Microsoft365_Dev_Security_2024_05_16.pdf
 
From Knowledge Graphs via Lego Bricks to scientific conversations.pptx
From Knowledge Graphs via Lego Bricks to scientific conversations.pptxFrom Knowledge Graphs via Lego Bricks to scientific conversations.pptx
From Knowledge Graphs via Lego Bricks to scientific conversations.pptx
 
BusinessGPT - Security and Governance for Generative AI
BusinessGPT  - Security and Governance for Generative AIBusinessGPT  - Security and Governance for Generative AI
BusinessGPT - Security and Governance for Generative AI
 
Abortion Clinic In Springs ](+27832195400*)[ 🏥 Safe Abortion Pills in Springs...
Abortion Clinic In Springs ](+27832195400*)[ 🏥 Safe Abortion Pills in Springs...Abortion Clinic In Springs ](+27832195400*)[ 🏥 Safe Abortion Pills in Springs...
Abortion Clinic In Springs ](+27832195400*)[ 🏥 Safe Abortion Pills in Springs...
 
GraphSummit Milan - Neo4j: The Art of the Possible with Graph
GraphSummit Milan - Neo4j: The Art of the Possible with GraphGraphSummit Milan - Neo4j: The Art of the Possible with Graph
GraphSummit Milan - Neo4j: The Art of the Possible with Graph
 
[GeeCON2024] How I learned to stop worrying and love the dark silicon apocalypse
[GeeCON2024] How I learned to stop worrying and love the dark silicon apocalypse[GeeCON2024] How I learned to stop worrying and love the dark silicon apocalypse
[GeeCON2024] How I learned to stop worrying and love the dark silicon apocalypse
 
Your Ultimate Web Studio for Streaming Anywhere | Evmux
Your Ultimate Web Studio for Streaming Anywhere | EvmuxYour Ultimate Web Studio for Streaming Anywhere | Evmux
Your Ultimate Web Studio for Streaming Anywhere | Evmux
 
Effective Strategies for Wix's Scaling challenges - GeeCon
Effective Strategies for Wix's Scaling challenges - GeeConEffective Strategies for Wix's Scaling challenges - GeeCon
Effective Strategies for Wix's Scaling challenges - GeeCon
 

Escape the defaults - Configure Sling like AEM as a Cloud Service

  • 1. EUROPE'S LEADING AEM DEVELOPER CONFERENCE 28th - 30th SEPTEMBER 2020 Escape the defaults Configuring Sling to behave like AEM as a Cloud Service Robert Munteanu, Adobe Slides revision: 20200827-b88ebd4 1
  • 3. Outline Why change the defaults? Separation of content and apps Principal-based authentication Pre-authenticating system users Removing the OSGi installer Demo 3
  • 4. Why change the defaults? 4
  • 5. One size does not fit allOne size does not fit allOne size does not fit allOne size does not fit allOne size does not fit all Sling does not prescribe how to deploySling does not prescribe how to deploySling does not prescribe how to deploySling does not prescribe how to deploySling does not prescribe how to deploy configurationsconfigurationsconfigurationsconfigurationsconfigurations Sling does not prescribe how to deploy codeSling does not prescribe how to deploy codeSling does not prescribe how to deploy codeSling does not prescribe how to deploy codeSling does not prescribe how to deploy code Sling does not enforce separation of content andSling does not enforce separation of content andSling does not enforce separation of content andSling does not enforce separation of content andSling does not enforce separation of content and codecodecodecodecode Sling does not choose a persistence mechansimSling does not choose a persistence mechansimSling does not choose a persistence mechansimSling does not choose a persistence mechansimSling does not choose a persistence mechansim for youfor youfor youfor youfor you 5
  • 6. CRX DE Lite is a development toolCRX DE Lite is a development toolCRX DE Lite is a development toolCRX DE Lite is a development toolCRX DE Lite is a development tool Ask it...Ask it...Ask it...Ask it...Ask it...  What ACEs are defined for this node?What ACEs are defined for this node?What ACEs are defined for this node?What ACEs are defined for this node?What ACEs are defined for this node?  What is content structure of the repository?What is content structure of the repository?What is content structure of the repository?What is content structure of the repository?What is content structure of the repository? But not...But not...But not...But not...But not...  What revision of the code am I running?What revision of the code am I running?What revision of the code am I running?What revision of the code am I running?What revision of the code am I running?  Do I have the same code version on allDo I have the same code version on allDo I have the same code version on allDo I have the same code version on allDo I have the same code version on all instances?instances?instances?instances?instances?  How can I deploy a quick fix in production?How can I deploy a quick fix in production?How can I deploy a quick fix in production?How can I deploy a quick fix in production?How can I deploy a quick fix in production? 6
  • 7. Better ways of asking ... $ kubectl describe deployment sling-starter Containers: main: Image: apache/sling-starter:1.0-cafebafe $ kubectl apply -f deployments/sling-starter.yaml $ rpm -q sling-starter sling-starter-1.0_cafebabe-1.noarch $ rpm -Uvh sling-start-1.1_sodadude-1.noarch $ curl http://sling-starter.example.org/version 1.0-cafebabe 7
  • 10. The composite node store Clear separation of code from content Enforces read-only status of code and (mostly) configuration Allows swapping in a separate node store (with restart) 10
  • 11. Generating /libs and /apps Must be a NodeStore Must reflect the state of the deployment: Nodes Principals Indexes Access Control entries Coming from: Repoinit Content Packages Sling Content Loader Java code - Bundle Activator, Install Hooks, ... 11
  • 12. Generating /libs and /appsGenerating /libs and /appsGenerating /libs and /appsGenerating /libs and /appsGenerating /libs and /apps Start SlingStart SlingStart SlingStart SlingStart Sling Wait for it to be (System) ReadyWait for it to be (System) ReadyWait for it to be (System) ReadyWait for it to be (System) ReadyWait for it to be (System) Ready Stop SlingStop SlingStop SlingStop SlingStop Sling Save the repositorySave the repositorySave the repositorySave the repositorySave the repository 12
  • 16. Benefits Easy to inspect access control entries for a given principal Access control entries independent of the existence of their target Much simpler packaging story in content packages 16
  • 17. Usage FileVault rep:PrincipalBasedMixin rep:PrincipalPolicy rep:PrincipalEntry Repoinit create service user sling-readall with path system/sling set principal ACL for sling-readall allow jcr:read on / end 17
  • 20. Reminder: service user mappings // uses bundle name, no subservice, default workspace slingRepository.loginService(null, null); // uses bundle name, 'scripts' subservice, default workspace slingRepository.loginService("scripts", null); "o.a.s.....ServiceUserMapperImpl.amended~i18n":{ "user.mapping":[ "org.apache.sling.i18n=sling-i18n" ] }, "o.a.s.....ServiceUserMapperImpl.amended~servletsresolver":{ "user.mapping":[ "o.a.s.servlets.resolver:console=sling-readall", "o.a.s.servlets.resolver:scripts=sling-scripting" ] } 20
  • 21. Duplicated system user privileges set ACL for sling-mapping allow jcr:read on / end set ACL for sling-i18n allow jcr:read on / end set ACL for sling-jcr-install allow jcr:read on / allow rep:write on /apps/sling/install end 21
  • 22. Pre-authenticated loginPre-authenticated loginPre-authenticated loginPre-authenticated loginPre-authenticated login Supply all principals at login in timeSupply all principals at login in timeSupply all principals at login in timeSupply all principals at login in timeSupply all principals at login in time Faster by skipping authenticationFaster by skipping authenticationFaster by skipping authenticationFaster by skipping authenticationFaster by skipping authentication Allows mapping a service to multiple usersAllows mapping a service to multiple usersAllows mapping a service to multiple usersAllows mapping a service to multiple usersAllows mapping a service to multiple users 22
  • 23. Pre-authenticated system users create service user sling-readall set ACL for sling-readall allow jcr:read on / end create service user sling-jcr-install set ACL for sling-jcr-install allow rep:write on /apps/sling/install end "o.a.s.....ServiceUserMapperImpl.amended~i18n":{ "user.mapping":[ "org.apache.sling.i18n=[sling-readall]" ] }, "o.a.s.....ServiceUserMapperImpl.amended~~jcr-install":{ "user.mapping":[ "o.a.s.installer.provider.jcr=[sling-jcr-install,⏎ sling-readall]" ] } 23
  • 24. Removing the OSGi installer 24
  • 25. The OSGi installer...The OSGi installer...The OSGi installer...The OSGi installer...The OSGi installer... installsinstallsinstallsinstallsinstalls bundlesbundlesbundlesbundlesbundles configurationsconfigurationsconfigurationsconfigurationsconfigurations content packagescontent packagescontent packagescontent packagescontent packages fromfromfromfromfrom filesystemfilesystemfilesystemfilesystemfilesystem launchpadlaunchpadlaunchpadlaunchpadlaunchpad JCR repositoryJCR repositoryJCR repositoryJCR repositoryJCR repository 25
  • 26. The OSGi installer... is a dynamic component reconciles application state from multiple sources is not needed in a statically defined/immutable application ... we are buiding immutable applications 26
  • 28. FM: Installing configurations { "configurations": { "o.a.s.jcr.davex.impl.servlets.SlingDavExServlet":{ "alias":"/server" } } } 28
  • 29. FM: Installing content packages  content packages are by default forwarded to the OSGi installer { "content-packages:ARTIFACTS|true": [ "o.a.s:sling-slingshot-apps-pkg:zip:1.0-SNAPSHOT", "o.a.s:sling-slingshot-content-pkg:zip:1.0-SNAPSHOT" ] } <workspaceFilter version="1.0"> <filter root="/libs/slingshot/config"/> <filter root="/apps/bundles/install/bundle.jar"/> </workspaceFilter> 29
  • 30. Content Package to Feature Model Handles nested artifacts inside content packages OSGi bundles OSGi configurations Other content packages Converts access control configurations System Users Access control entries (resource-based) No support for principal-based access control entries 30
  • 31. Conversion result { "id":"o.a.s:sling-slingshot-apps-pkg:slingosgifeature:1.0", "bundles":[ "o.a.s:o.a.s.sample.slingshot:0.9.1" ], "configurations": { "o.a.s....ServiceUserMapperImpl.amended~slingshot": { "o.a.s.sample.slingshot=[slingshot-service]" } }, "content-packages:ARTIFACTS|true":[ "o.a.s:sling-slingshot-apps-pkg:zip:cp2fm-converted:1.0" ], "repoinit:TEXT|true":[ "create service user slingshot-service" ] } 31
  • 32. Alternative Package Registry o.a.j.vault....FSPackageRegistry Stores packages in the filesystem Can be assembled without a JCR repository Relies on an existing execution plan Plan prepared by the Sling Content Deployment Extension 32
  • 34. Demo recap Sling Docker image using the feature model the composite node store Docker updates done with a simple restart preserving the 'content' part of the repository Removing the OSGi installer using the content- package converter 34
  • 35. Resources (Sling) Content Package to Feature Model Converter (Sling) Content Deployment Extension (Oak) Composite Node Store (Oak) Principal-Based Authentication (Oak) Pre-Authenticated Login 35