Interview Questions for Architect Level
What is sling distribution? Or how will you replicate different user groups and permissions across different publishers?
- Used for user synchronization
- User data is stored at oak core, lower later to jcr
- This ensures users, user group and user profiles created on publisher are not replicated to author
- data is sent only to non-originating publishers
- ACLs are included in the distribution
- Locate apache sling distribution agent factory and find out socialpubsync and enable it.
What are the different application security provided in AEM?
- XSS protection
* cross site scripting. It allows to inject code into webpages by passing the access control.
* AEM uses antisamy java liberary to protect from it. /libs/cq//xssprotection/config.xml
- CSRF protection
*Uses tokens to authenticate the request /etc/keys/hmac
- Dos attack protection
*Making computer resource unavailable for intended users with flood of request or with a request for more information than the application can return.
*Restrict the selectors
*Sling Get servlet configuration
*User fire wall filters
- Configure https
- Always have upto date security hotfixes
- change default passwords of default users
- Custom error handler
- Dispatcher check list to be followed
*configure white-list of websites those can interact with your site
*configure filters
*restrict selectors
*allow csrf token json path
*prevent clickjacking by providing X-FRAME-OPTIONS to SAMEORIGIN
What is csrf attack and how to prevent it?
-Referrer filter or CSRF protection framework.
-AEM provides CSRF framework. Which uses tokens to identify the legitimate client requests.
-Any component dependent upon granite.jquery will benefit from this framework.
-granite.csrf.standalone should be your component dependency to make use of the framework.
-to use tokens you need to replicate /etc/keys/hmac to all deployed instances.
One example of solution you've provided in current project?
- Client wanted to remove and recreate solr index for the assets those are activated again.
- Configure solr in AEM
- Make it index asset details like name, tag etc by changing crawContent method
- Create a deleteSolrAssetService and implement method deleteById
- Implement custom transport handler and custom content builder
- Implement canHandle and deliver methods of custom transport handler
- In deliver method handle when it is transport action is replicate and resourceType = dam:assetcontent
- invoke delete Solr asset Service = deleteById method and delete the asset ids exracted from transportContext
Solr implementation?
- Select and download solr zip file from the download site
- start solr with solr start -e cloud - noprompt
- Create and configure solr configuration service. Which should have host, port and other required details for the solr indexing and searching
- Ensure your project as solr dependencies added in pom.xml
- Use HttpSolrClient to send request to solr server from aem
- Define servlets for handling delete/create index commands from front end pages
- Define indexer page using js (usually copied from the solr code given on AEM 6.3 help site)
Multisite management? - How to create blueprint and then how to send the pages for translation. Learn about Smartling.
- Create a source site (most of the times it is in English)
- Determine roll-out configuration
- Determine where roll-out configuration is required and configure it
- create a live copy
- Roll-out the blueprint and synchronize live copy when needed
- For translation configure translation cloud services to connect to the translation service
- Download and install connector package
- Configure page for translation
- Set cloud services in the page that need to be translated
Different types of translation connectors in AEM?
- Download and install translation connector from packageshare
- Configure the translation connector by going to tools>cloud services>legacy cloud services
- Configure translation provider at tools>cloud services>translation cloud services
- Configure properties on site, communities and asset tabs and save
- On page, go to properties and go to cloud services tab and configure translation integration
- go to language master and create a language copy/live copy
- create a translation project and give it a name and provide source and destination languages. Also provide manual or machine translation service to be used.
- Go to translation job and add pages and assets to be translated
- Start the translation process
- Preview and approve the translation
- View the page
Can you please explain about SDI?
- Used for replacing dynamic generated components like price component, current foreign rate component etc
- Used to make whole page cached except the dynamic component
- Use nocache selector to ensure the component is not cached
- Download and install sling dynamic includes bundle
- Configure it via osgi configuration
- Add include module in apache httpd
- Change vhost file for includes
- Allow nocache selector in dispatcher
- Enable ttl in dispatcher
- Include component like --- <!--#include virtual="/content/geometrixx/en/jcr:content/carousel.nocache.html" -->
What is permission sensitive caching?
- Before serving a cached page, dispatcher can determine if the content can be served to the user or not.
- Implement a servlet that authorizes a user
- Configure auth_checker in dispatcher.any
- Dispatcher using this configuration sends request to servlet for authorization with all the header received in the request
- Servlet responds to the dispatcher indicating if the user is authorized or not
Caching in AEM
- Browser caching : cache-control: max-age=
- CDN caching :
- AEM dispatcher caching :
How to ensure client libs are not loaded more than once when they're defined at component level?
- This is taken care by HTL
- The HTL processor at runtime keeps a map of categories that have already been included and does not include them again.
Please view
here
Why more than one Publish servers are required on production?
- Redundancy
- Scalability
Please view
here
Explain resource bundle hierarchy.
The dictionary entries for one JcrResourceBundle are always ordered like the resource resolver search paths, so usually
dictionary entries below /apps
dictionary entries below /libs
dictionary entries anywhere else (outside the search path)
That means that the message for the same key in /apps overwrites the one in /libs (if both are for the same locale and base name). Within those categories the order is non-deterministic, so if there is more than one entry for the same key in /apps/... (for the same locale and base name), any of those entries may be used.
The resource bundles of the same base name with different locales also form a hierarchy. Each key is looked up recursively first in the current resource bundle and then in its parent resource bundle. The parent resource bundle is the one having the same base name but the parent locale.
The locale hierarchy is ordered like this:
<Language> <Country> <Variant>
<Language> <Country>
<Language>
<Default Locale>, usually en
So for the locale de-DE-MAC the fallback order would be
de-DE-MAC
de-DE
de
en
In case there is a resource bundle requested for a locale without country or variant, there is only 1 fallback (i.e. the default locale). The last resort (root resource bundle in all hierarchies) is always the bundle which returns the requested key as the value.
