Some more AEM 6 Interview Questions for Architects
1. Consider you have a workflow with two steps. One step is to transfer the asset from source to target. And in second step you require source folder url. How would you get this detail?
-> this can be achieved using MetaDataMap that can be retrieved using WorkflowItem object passed in execute method of process step.
2. AEM site security checklist.
3. How is the solutioning process goes in your organization.
-> First a solution architect determines the requirements. Then SME's (AEM, Front end, devops etc) are involved and a questionnaire is prepared around the requirements for the prospect client. Once the response is received, either further clarification is sought by a call or email conversation or first level/ROM estimations are prepared. All these estimations are stored in company's estimator tool. These estimations go through reviews with solution architects, SMEs and other stake holders. Solution architect compiles a detailed presentation mentioning resource plans, estimations, tentative timelines, cost calculations, assumptions, pros and cons of technologies etc. 2A/Final review is done with a team of MD and if approved, it is then presented to the prospect client. Several rounds of discussions happen there after.
4. How to cache pages those are only accessible after login?
Permission sensitive caching can be used here. AuthChecker module is configured in the dispatcher to check if the page should be served/cached for the particular user. The dispatcher calls a servlet in AEM in order to do so.
5. What is sticky connection?
When there are multiple publishers/dispatchers and the requests are being served using load balancer, it is load balancer's responsibility to determine which dispatcher/publisher will server a particular request. However, in case of auth pages (for example user account pages after the login) or specific client requirements, it may become mandatory to serve the pages through the same dispatcher/publisher. This is done via sticky connection.
In dispatcher sticky connections can be configured using /StickyConnectionFor.
For example
/StickyConnectionsFor "/content/folder"
6. What is the difference between csrf and xss.
XSS is cross site scripting means, injecting and executing script on the targeted site/application. While cross site request forgery is malicious request being sent to the targeted site without having knowledge of the attack.
In AEM XSS is mitigated using anti samy java liberary provided by owasp.
IN AEM sling referrer filter and dispatcher configurations are used in order to avoid csrf attacks. In dispatcher you can configure /clientheaders - CSRF-Token and /filters as well as /cache /rules in order to protect from csrf attacks. Sling referrer filter is specifically configured to allow only white listed hosts and only required http methods.
7. What is ReferrerFilter and how it works?
ReferrerFilter in AEM is used as the defense mechanism against csrf attack. By default referrer filter blocks all hosts and requests those are made to AEM instance. Referrer filter can be configured to allow hosts, methods, empty request etc.
8. Best approach to migrate pages from a CMS to AEM.
ETL cycles can be used to migrate the pages/contents from a CMS to AEM. E stands for extraction - i.e. extracting the data from source CMS into files like csv, excel sheets etc. T stands for transformation - i.e. transforming the contents into AEM understandable structures. L stands for load - i.e. loading the transformed contents into AEM either in batches or in one go depending upon the size of the contents.
AEM's content transfer tool can be useful when the contents are to be transferred from AEM 6.3+ to AEM cloud environment.
The tool has two phases - Extraction and Ingestion.
9. Brand Portal and it's features.
AEM Brand portal is mainly developed to help marketers with providing secure environment to asset creators and distributors to work collaboratively on various types of assets across the different physical locations. Asset contribution enables the Brand Portal users with the ability to upload assets to Brand Portal and publish to Experience Manager Assets, without needing access to the author environment.
- Asset Sourcing
- AEM integration
- On demand Asset distribution
- Configurable search fields
- Branding
- Image presets
- Metadata schema
- Assets Reports
- Dynamic Media integration
- Assets Contributions
- Assets Downloading
10. How to allow only limited set of users to access certain pages on your site. (Closed user groups and SAML 2)
Closed user groups is the best way to provide restrict the users from accessing certain pages.
Say you have two pages in /content/siteA/autpages namely /content/siteA/authpages/pageA and /content/siteA/authpages/pageB and some users are allowed to access pageA and some users are allowed to access pageB. Then you can define two CUG with appropriate permissions to see pageA or pageB.
When the user logs in (mostly using SAML) the user will be assigned appropriate user group as per the login response received. Based on that user group the user will get access to pageA or pageB.
11. Large assets best practices (jvm parameters, indexing etc)
12. Dispatcher module code. (enabled farms, allowed farms, enabled vhosts, allowed vhosts, conf.d folder, conf folder, conf.dispatcher.d folder, conf.modules.d folder)
/conf
/conf.d
--- /available_vhosts (available but not enabled vhosts)
--- /enabled_vhosts (enabled/currently in use vhosts)
--- /rewrites (contains rewrite rules for the sites and content paths)
--- /variables (site specific variables to be used)
--- /whitelists
other apache conf files
/conf.dispatcher.d
--- /available_farms
--- /enabled_farms
--- /vhosts
--- /clientheaders
--- /filters
--- /renders
--- /cache
/conf.modules.d
13. Rewrite rules
mod_rewrite is the module responsible for the execution of rewrite rules in apache server. It enables one to rewrite urls based on the conditions/patterns.
Following in vhost enables rewriting of urls in apache server.
ReWriteEngine on
A rewrite rule can be configured using pattern as follows.
RewriteRule ^test$ /content/test.html [NC]
Which means if the url has test in it, redirect to /content/test.html.
Here [NC] is the flag that indicates the rule is case insensitive.
There are more flags and patterns those could be used. Also, RewriteCond can be used to specify what all conditions should be satisfied before the rule can be applied to the url.
14. Architecture of your current project
15. Non-prod pipeline set up (In ams or jenkins)