Specification lead is held by Adobe Research (Switzerland) AG.
The JCR API 2.0 package, javax.jcr.* is used for the direct access and manipulation of repository content.
Experience Server (CRX) and Jackrabbit
The Experience Server provides the Experience Services which WEM is built on, and which can be leveraged to build custom applications, and it embeds the Content Repository based on Jackrabbit.
Apache Jackrabbit is an open source, fully conforming, implementation of the JCR API 2.0.
Sling Request Processing
Introduction to Sling
AEM is built using Sling, a Web application framework based on REST principles that provides easy development of content-oriented applications. Sling uses a JCR repository, such as Apache Jackrabbit, or in the case of AEM, the CRX Content Repository, as its data store. Sling has been contributed to the Apache Software Foundation - further information can be found at Apache.
Using Sling, the type of content to be rendered is not the first processing consideration. Instead the main consideration is whether the URL resolves to a content object for which a script can then be found to perform the rendering. This provides excellent support for web content authors to build pages which are easily customized to their requirements.
The advantages of this flexibility are apparent in applications with a wide range of different content elements, or when you need pages that can be easily customized. In particular, when implementing a Web Content Management system such as the WCM in the WEM solution.
The following diagram explains Sling script resolution: it shows how to get from HTTP request to content node, from content node to resource type, from resource type to script and what scripting variables are available.
The following diagram explains all the hidden, but powerful, request parameters you can use when dealing with the SlingPostServlet, the default handler for all POST requests that gives you endless options for creating, modifying, deleting, copying and moving nodes in the repository.
Sling is Content Centric
Sling is content-centric. This means that processing is focused on the content as each (HTTP) request is mapped onto content in the form of a JCR resource (a repository node):
the first target is the resource (JCR node) holding the content
secondly, the representation, or script, is located from the resource properties in combination with certain parts of the request (e.g. selectors and/or the extension)
Due to the content-centric philosophy, Sling implements a REST-oriented server and thus features a new concept in web application frameworks. The advantages are:
very RESTful, not just on the surface; resources and representations are correctly modelled inside the server
removes one or more data models
previously the following were needed: URL structure, business objects, DB schema;
this is now reduced to: URL = resource = JCR structure
In Sling, processing is driven by the URL of the user request. This defines the content to be displayed by the appropriate scripts. To do this, information is extracted from the URL.
Path specifying the content to be rendered. Is used in combination with the extension; in this example they translate to tools/spy.html.
Used for alternative methods of rendering the content; in this example a printer-friendly version in A4 format.
Content format; also specifies the script to be used for rendering.
Can be used to specify additional information.
Any parameters required for dynamic content.
From URL to Content and Scripts
Using these principles:
the mapping uses the content path extracted from the request to locate the resource
when the appropriate resource is located, the sling resource type is extracted, and used to locate the script to be used for rendering the content
The figure below illustrates the mechanism used, which will be discussed in more detail in the following sections.
With Sling, you specify which script renders a certain entity (by setting the sling:resourceType property in the JCR node). This mechanism offers more freedom than one in which the script accesses the data entities (as an SQL statement in a PHP script would do) as a resource can have several renditions.
Mapping requests to resources
The request is broken down and the necessary information extracted. The repository is searched for the requested resource (content node):
first Sling checks whether a node exists at the location specified in the request; e.g. ../content/corporate/jobs/developer.html
if no node is found, the extension is dropped and the search repeated; e.g. ../content/corporate/jobs/developer
if no node is found then Sling will return the http code 404 (Not Found).
Sling also allows things other than JCR nodes to be resources, but this is an advanced feature.
Locating the script
When the appropriate resource (content node) is located, the sling resource type is extracted. This is a path, which locates the script to be used for rendering the content.
The path specified by the sling:resourceType can be either:
relative, to a configuration parameter
Relative paths are recommended by Adobe as they increase portability.
The list of script engines supported by the given instance of CQ are listed on the Felix Management Console (http://localhost:4502/system/console/config/slingscripting.txt).
Additionally, Apache Sling supports integration with other popular scripting engines (e.g., Groovy, JRuby, Freemarker), and provides a way of integrating new scripting engines.
Using the above example, if the sling:resourceType is hr/jobs then for:
GET/HEAD requests, and URLs ending in .html (default request types, default format)
The script will be /apps/hr/jobs/jobs.esp; the last section of the sling:resourceType forms the file name.
POST requests (all request types excluding GET/HEAD, the method name must be uppercase)
POST will be used in the script name.
The script will be /apps/hr/jobs/jobs.POST.esp.
URLs in other formats, not ending with .html
For example ../content/corporate/jobs/developer.pdf
The script will be /apps/hr/jobs/jobs.pdf.esp; the suffix is added to the script name.
URLs with selectors
Selectors can be used to display the same content in an alternative format. For example a printer friendly version, an rss feed or a summary.
If we look at a printer friendly version where the selector could be print; as in ../content/corporate/jobs/developer.print.html
The script will be /apps/hr/jobs/jobs.print.esp; the selector is added to the script name.
If no sling:resourceType has been defined then:
the content path will be used to search for an appropriate script (if the path based ResourceTypeProvider is active).
For example, the script for ../content/corporate/jobs/developer.html would generate a search in /apps/content/corporate/jobs/.
the primary node type will be used.
If no script is found at all then the default script will be used.
The default rendition is currently supported as plain text (.txt), HTML (.html) and JSON (.json), all of which will list the node's properties (suitably formatted). The default rendition for the extension .res, or requests without a request extension, is to spool the resource (where possible).
For http error handling (codes 403 or 404) Sling will look for a script at either:
or the location of the standard scripts /libs/sling/servlet/errorhandler/403.esp, or 404.esp respectively.
If multiple scripts apply for a given request, the script with the best match is selected. The more specific a match is, the better it is; in other words, the more selector matches the better, regardless of any request extension or method name match.
For example, consider a request to access the resource /content/corporate/jobs/developer.print.a4.html
of type sling:resourceType="hr/jobs"
Assuming we have the following list of scripts in the correct location:
Then the order of preference would be (8) - (7) - (6) - (5) - (4) - (3) - (2) - (1).
In addition to the resource types (primarily defined by the sling:resourceType property) there is also the resource super type. This is generally indicated by the sling:resourceSuperType property. These super types are also considered when trying to find a script. The advantage of resource super types is that they may form a hierarchy of resources where the default resource type sling/servlet/default (used by the default servlets) is effectively the root.
The resource super type of a resource may be defined in two ways:
by the sling:resourceSuperType property of the resource.
by the sling:resourceSuperType property of the node to which the sling:resourceType points.
sling:resourceSuperType = a
sling:resourceSuperType = b
sling:resourceType = c
sling:resourceType = c
sling:resourceSuperType = a
The type hierarchy of /x is [ c, b, a, <default>] while for /y the hierarchy is [ c, a, <default>] because /y has the sling:resourceSuperType property whereas /x does not and therefore its supertype is taken from its resource type.
Sling Scripts cannot be called directly
Within Sling, scripts cannot be called directly as this would break the strict concept of a REST server; you would mix resources and representations.
If you call the representation (the script) directly you hide the resource inside your script, so the framework (Sling) no longer knows about it. Thus you lose certain features:
automatic handling of http methods other than GET, including:
POST, PUT, DELETE which are handled with a sling default implementation
the POST.jsp script in your sling:resourceType location
your code architecture is no longer as clean nor as clearly structured as it should be; of prime importance for large-scale development
This uses the Sling API package, org.apache.sling.*, and tag libraries.
Referencing existing elements using sling:include
A final consideration is the need to reference existing elements within the scripts.
More complex scripts (aggregating scripts) might need to access multiple resources (for example navigation, sidebar, footer, elements of a list) and do so by including the resource.
To do this you can use the sling:include("/<path>/<resource>") command. This will effectively include the definition of the referenced resource, as in the following statement which references an existing definition for rendering images:
OSGi defines an architecture for developing and deploying modular applications and libraries (it is also known as the Dynamic Module System for Java). OSGi containers allow you to break your application into individual modules (are jar files with additional meta information and called bundles in OSGi terminology) and manage the cross-dependencies between them with:
services implemented within the container
a contract between the container and your application
These services and contracts provide an architecture which enables individual elements to dynamically discover each other for collaboration.
An OSGi framework then offers you dynamic loading/unloading, configuration and control of these bundles - without requiring restarts.
In particular, their Basic Education page holds a collection of presentations and tutorials.
This architecture allows you to extend Sling with application specific modules. Sling, and therefore CQ5, uses the Apache Felix implementation of OSGI (Open Services Gateway initiative) and is based on the OSGi Service Platform Release 4 Version 4.2 Specifications. They are both collections of OSGi bundles running within an OSGi framework.
This enables you to perform the following actions on any of the packages within your installation:
see the current status
access more detailed information (e.g. symbolic name, version, location, etc) about the specific bundles
For more information on manipulating Node objects, refer to the Javadocs.
In WEM all user input is managed by widgets. These are often used to control the editing of a piece of content.
Dialogs are built by combining Widgets.
WEM has been developed using the ExtJS library of widgets.
A dialog is a special type of widget.
To edit content, WEM uses dialogs defined by the application developer. These combine a series of widgets to present the user with all fields and actions necessary to edit the related content.
Dialogs are also used for editing metadata, and by various administrative tools.
A software component is a system element offering a predefined service or event, and able to communicate with other components.
Within WEM a component is often used to render the content of a resource. When the resource is a page, the component rendering it is called a Top-Level Component or a Pagecomponent. However, a component does not have to render content, nor be linked to a specific resource; for example, a navigation component will display information about multiple resources.
The definition of a component includes:,
the code used to render the content
a dialog for the user input and the configuration of the resulting content.
A template is the base for a specific type of page. When creating a page in the Websites tab the user has to select a template. The new page is then created by copying this template.
A template is a hierarchy of nodes that has the same structure as the page to be created, but without any actual content.
It defines the page component used to render the page and the default content (primary top-level content). The content defines how it is rendered as WEM is content-centric.
Page Component (Top-Level Component)
The component to be used to render the page.
A page is an 'instance' of a template.
A page has a hierarchy node of type cq:Page and a content node of type cq:PageContent. The property sling:resourceType of the content node points to the Page Component used for rendering the page.
For example, to get the name of the current page, you can use following code in your script:
String pageName = currentPage.getName();
With currentPage being the current page object. For more information on manipulating Page objects, refer to the Javadocs.
The page manager is an Interface that provides methods for page level operations.
For example, to get the containing page of a resource, you can use following code in your script:
With pageManager being the page manager object and myResource a resource object. For more information on the methods provided by the page manager, refer to the Javadocs.
Structure within the Repository
The following list gives an overview of the structure you will see within the repository.
Changes to this structure, or the files within it, should be made with care.
Changes are needed when you are developing, but you should take care that you fully understand the implications of any changes you make.
You must not change anything in the /libs path. For configuration and other changes copy the item from /libs to /apps and make any changes within /apps.
Application related; includes component definitions specific to your website. The components that you develop can be based on the out of the box components available at /libs/foundation/components.
Libraries and definitions that belong to the core of WEM. The sub-folders in /libs represent the out of the box WEM features as for example search or replication. The content in /libs should not be modified as it affects the way WEM works. Features specific to your website should be developed under /apps (see Customizing Components and Other Elements).
Temporary working area.
Files that change and are updated by the system; such as audit logs, statistics, event-handling. The sub-folder /var/classes contains the java servlets in source and compiled forms that have been generated from the components scripts.
Authentication and Authorization
Authentication is the process of identifying, and verifying, a user.
The process of authentication and login can be broken down as follows:
Authentication information is extracted from the request. In Adobe Experience Manager (AEM), this is done by an authentication handler.
The authentication information is then checked to determine whether it is sufficient and/or correct. In AEM, this is performed by the login modules.
The appropriate response is initiated.
Adobe Experience Manager performs initial authentication using a standard HTML-login form in conjunction with the HTTP Header Authentication Handler. The HTML form must contain fields for the user name and password (the same field names must then be used by the HTTP Header Authentication Handler).
You can also use a similar form for controlled access to various areas of your website.
LDAP, Single Sign On and Portals
The various authentication methods can be realized by using different login modules.
For example, AEM can interact with an LDAP server that stores user information centrally, eliminating the need for duplication. This central server is then used to verify login information which can be used to realize Single Sign On, both with other in-house applications and external Portals.
Authorization determines whether a user is allowed to take action on specific areas within the system. For example, a user can be authorized to read or update a specific page.
Authorization is managed using a series of entities:
Users access a system using their user accounts. A user models either a human user or an external system connected to the system. The user account holds the details needed for accessing AEM; a key purpose of an account is to provide the information for the authentication and login processes - allowing a user to log in.
A group is a collection of users and/or other groups. A change in the permissions/privileges assigned to a group is automatically applied to all users in that group. All users are members of the Everyone group. In addition, users can belong to several other groups. (Even if the group Everyone is deleted, all users remain part of the group because of the indirect relationship between users/groups and authorization. See Privileges for more info.)
Privileges allow access to functionality available within the application; for example, replication of a specific path, or the ability to update the page hierarchy (including creating new pages). Privileges are always granted or denied to principals rather than to users or groups. The link between users and groups and the authorization is indirect; there is always a principal associated with a user or group.
The Dispatcher is Adobe's tool for both caching and/or load balancing. Further information can be found under the Dispatcher.
FileVault (source revision system)
FileVault provides your JCR repository with file system mapping and version control. It can be used to manage WEM development projects with full support for storing and versioning project code, content, configurations and so on, in standard version control systems (for example, Subversion).
The Workflow Engine is used to manage the implementation of your workflows, and their subsequent application to your content.
Multi Site Manager (MSM) enables you to easily manage multiple web sites that share common content. MSM lets you define relations between the sites so that content changes in one site are automatically replicated in other sites.
For example, web sites are often provided in multiple languages for international audiences. When the number of sites in the same language is low (three to five), a manual process for syncronizing content across sites is possible. However, as soon as the number of sites grows or when multiple languages are involved, it becomes more efficient to automate the process.
MSM reduces the time it takes to manage your websites and increases the re-use of common content:
Efficiently manage different language versions of a website.
Automatically update one or more sites based on a source site:
Enforce a common base structure and use common content across multiple sites.
Maximize the use of available resources.
Maintain a common look and feel.
Focus efforts on managing the content that differs between the sites.