You are on page 1of 80

L~ V.

Technical Training

/ ~\
~~\

II

I CQ 5.3 System Administrator Training

World Standard Softare to Unif Your Business ww.day.com


Copyright 2010, Day Software AG, Switzerland Day Company Confidential RevL.2 20101005

Preface
Formatting Conventions
5

6 7
13

EXERCISE 1 - Install & Start an Author Instance


EXERCISE 2 - Edit a Page

EXERCISE 3 - Browse Related Application/Server Ititenaces 17

EXERCISE 4 - Change Default Passwords 23


EXERCISE 5 - Configure Version Manager OSGi BlI ndle 33

InstancesTree 47 38 EXERCISE 7 - Activate


EXERCISE 6 - Set up Replication Agents for two Pli blish

EXERCISE 8 - Add the Dispatcher to the 115 WebSe"ver 49


EXERCISE 9 - Add the Dispatcher to the Apache WebServer 52

EXERCISE 10 - Configure the Dispatcher 55


EXERCISE 11 - Optimize Tar PM on Author Instance 69

EXERCISE 12 - Backup Author Instance 71


EXERCISE 13 - Using cURL for Automated Backup 74
EXERCISE 14 - Cluster Two CO Instances 76

EXERCISE 15 - Create & Download a CO Package 81


EXERCISE 16 - Automating Package Manager with cURL 86
EXERCISE 17 - Creating Custom Log Files 91
EXERCISE 18 - User Administration and Security 95

EXERCISE 19 - Integrate with LDAP for Users and Groups 111

EXERCISE 20 - Find Slow Responses 120


World Standard Softare to Unify Your Business. ~ww.d~.CQm 3
Copyright 2010, Day Software AG, Switzerland Day Company Confidential RevL.220101005

The current training material is indented as a introduction to administer CQ 5.x in a working environment. The latest available release is 5.3. Training material will be accordingly adapted to further product releases. Except Exercise 1, all other exercises have as a prerequisite a running CQ 5.x Author instance. Exercise 1 will lead you through the steps needed to install such an instance. Additional requirements are listed in the corresponding exercises.

The current exercise book contains some exercises which will be covered during training
reinforcing the topics discussed during class. In the Appendix, you may find additional exercises which can help you with different installation platforms.

World Standard Softare to Unify Your Business ww.day.com 5


Copyright 2010, Day Software AG, Switzerland Day Company Confidential RevL.220101005

Goal
The following instructions explain how to install and start an Author instance. This is important because you will use this Author instance throughout this training to perform typical development tasks. To successfully complete and understand these instructions, you will need:
A CQ5 quickstart JAR
A valid CQ5 license key

A JDK ;;= 1.5


Approximately 800 MBs of free space

Approximately 1 GB of RAM

What is an Author instance?


An Author instance is the CQ5 installation content authors will login to and manage pages. This includes: 1) creating, 2) editing, 3) deleting, 4) moving, 5) etc. In addition,
it is the installation you will be developing against as you can easily observe both Author
and Publish views.

How to install atl Author instance:


1. Create a folder structure on your file system where you will store, install, and start
CQ5 (e.g. C:/day/cq5/author).
WARNING

MS Windows users, please do not use spaces in your newly created folder structure (e.g. C:/this
is bad/cq5/author). This will cause CQ5 to error.

2. Copy the CQ5 quickstart JAR and license.

properties file from .iUSB'?/distribution/

cq5_wcm into the newly created folder structure.

World Standard Softare to Unify Your Business ww.day.com 7


Copyright 2010, Day Software AG, Switzerland Day Company Confidential RevL.220101005

Preface
Formatting Conventions
EXERCISE 1 - Install & Start an Author Instance
EXERCISE 2 - Edit a Page
5

6 7
13

EXERCISE 3 - Browse Related Application/Server Intenaces 17

EXERCISE 4 - Change Default Passwords 23


EXERCISE 5 - Configure Version Manager OSGi Bundle 33
EXERCISE 6 - Set up Replication Agents for two Publish

Instances
EXERCISE 7 - Activate Tree

38 47
49

EXERCISE 8 - Add the Dispatcher to the liS WebServer


EXERCISE 9 - Add the Dispatcher to the Apache WebServer

52 55
69
71

EXERCISE 10 - Configure the Dispatcher


EXERCISE 11 - Optimize Tar PM on Author Instance

EXERCISE 12 - Backup Author Instance

EXERCISE 13 - Using cURL for Automated Backup


EXERCISE 14 - Cluster Two CQ Instances
EXERCISE 15 - Create & Download a CQ Package

74
76
81

EXERCISE 16 - Automating Package Manager with cURL EXERCISE 17 - Creating Custom Log Files

86
91

EXERCISE 18 - User Administration and Security


EXERCISE 19 - Integrate with LDAP for Users and Groups
EXERCISE 20 - Find Slow Responses World Standard Softare to Unify Your Business WW.day.com

95
111

120

Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

CQ5 installstartup dialog

Continue reading the section Server is started.


COlllland Line start :

First of all, you may want to know which parameters are available to the server prior to
installation. Therefore, enter following command to investigate a complete list of optional

parameters:

java -jar cq-author-4502.jar -h


CQ shows all command line options without starting the server.

You can now install/start CQ5 from the command line while increasing the Java heap size, which will improve performance. Please see image below for an example of the
command line.

CQ5 command line start

If using the command line, for a 32bit VM enter:

java -Xmx512M -jar cq5-author-4502.jar

World Standard Softare to Unify Your Business www.day.com 9


Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

In the appearing Login screen, enter the default administrator's credentials (admin/
admin) then click OK.

CQ5 login dialog

The Welcome screen appears, displaying you the different possibilities to continue. For the next exercise, we'll access the Websites console.

CRXDE Ute

Rc.plt:ation

do-s.day,om
d~ri.'j:ay"com

CQ5 Welcome Screen


Start and stop CQ5 using scripts:

World Standard Softare to Unify Your Business www.day.com 11


Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

Goal
The following instructions explain how to navigate to and edit a page. This is important
because you will use the the Websites Administrator Console to create and publish

content throughout the course. In addition, you should understand the interfaces used by
your author community.

To successfully complete and understand these instructions, you will need:


A running CQ5 author instance

What are the available Author consoles ?


CQ uses a web-based graphical user interface, so you need a web browser to access CQ. The graphical user interface is divided into various web-based consoles where you can
access all of the CQ functionality:

Console
Websites

Description
Access all the pages in your website; create, edit, and delete pages; start
a workflow; activate and deactivate pages; restore pages; check external

links; and access your user inbox.

Assets

Manage digital assets.

Manage packages, designs,importers, workflow templates and scripts,


repUcatIon agents and upgrades.

US0l Adrr;in,:;tratiort

Manage users and permissions.

and
Manage pages that are

Workflow:;

an easy to use

graphical

in a workflow, create new workflow models using user interface.

Adrmnstration

Manage your tags and taxonomies.

To Edit a page:

World Standard Softare to Unify Your Business ww.dav.com13


Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

After you open the page, you can start to add content. You do this by adding new or editing existing paragraphs (also called components).

To insert a new paragraph, double-click the area labeled Prag cOllponents or assets here... or drag a component from the floating toolbar (called sidekick) to insert a new paragraph.

This area appears wherever new content can be added, such as at the end of the list if
other paragraphs exist or at the end of a column.

4. Drag the Text & i mage icon from the sidekick to the center of the dotted rectangle and

drop it in. The green check mark will tell you that the drag-and-drop is allowed.

5. Double-click the thumbnail placeholder for the component to open the dialog box.

Ar.,mPlddn:~I~it
"..~

'Nrn.~,,,,,,-.,-et:C;'i2L;m, El..,.. ~iaLimpolmlil "tci",rtirxc;!i r_l~is cmm

~,;)n~,

6. Click the Illage tab to open the Image pane of the dialog box. Drag-and-drop an image from the Content Finder to the dialog box.

World Standard Softare to Unify Your Business www.day.com15


Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

Goal
The following instructions explain how to browse the application/server interfaces
associated with a CQ5 installation. This will enable you to use their administrative/
configuration capabilities. To successfully complete and understand these instructions, you will need:
II A running CQ5 Author instance

What interfaces exist?


A typical CQ5 installation consists of a Java servlet engine (CQSE), a Java Content
Repository (CRX), and a Launchpad (Felix/Sling) application. They each have their own Web interface allowing you to perform expected administrative/configuration tasks.
How to browse the CQSE interface:

1. Enter the URL http://localhost:4502/admin in your favorite Web browser's address bar.

2. Enter the default administrators credentials (admin/admin) in the dialog - then click
OK. The CQSE main console appears.
http:rllocalhost:45Q2/admri

CQSE login dialog

World Standard Softare to Unify Your Business ww.day.cQm 17


Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

jcr:created
)cr:createdBy
String

)cr:content management
bod

cq:PageContent
cq:Page cq:Page

CRX content explorer viewing node /content/geometrixx/en/company

Cot1gratulatio"s! You have successfully logged into the CRX application and have browsed

a portion of the node (Web site) structure. To be a successful system administrator in


CQ5, you need to be able to easily explore/edit nodes and properties at the CRX leveL.

How to browse the Felix interface:

1. Enter the URL http://localhost:4502/system/console in your favorite Web browser's


address bar.

2. Enter the default administrators credentials (admin/admin) in the dialog - then click OK. The Apache Felix Web Management Console appears, showing you the Bundles application.

Felix login dialog

3. Follow the link lece"trequests - then click on the Clear link to remove recent requests

from the displayed list.

World Standard Softare to Unify Your Business ww.day.com19


Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

How to use CRXP lite:

1. Enter the URL in your favorite Web browser's address bar.


Or select the CRXDE Lite console from the Welcome screen.

2. In the upper right corner, click on the drop-down box displaying your user name
(admin), then select Login_ Enter the default administrators credentials (admin/admin) in
the appearing dialog, while continuing to use the crx.default workspace - then select OK.

This will take you to CRXDE Lite with appropriate privileges and permissions.

3. Navigate to the folder /apps/geometrixxlcomponents to view the custom components


created for the Geometrixx Web site/project.

World Standard Softare to Unify Your Business ww.day.com 21


Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

Goal
As you may already observed, all interfaces in CQ are sharing the same credentials for

the admin user. The following instructions explain how to change the default passwords of CQ. This is important because it is part of the security checklist that will ensure your

installation cannot be easily infiltrated by hackers. To successfully complete and


understand these instructions, you will need:
II A running CQ5 Author instance

What to do about security?


Most security tasks are handled by a system administrator. It is a good idea for you, the administrator to have a basic understanding of web application security concerns. The

primary security concern you will focus on in this exercise is the simple changing of passwords, so that you may setup a team development environment as soon as the class
is over.

When considering a standard CQ installation, there are three password changes and one
configuration you need to alter. If you consider a standard installation, and the elements involved, it actually becomes quite clear. Reflect on the image below:
COSE

launcl'ad
lFelixlSling)

coiifig
'\

CRX

"'

World Standard Softare to Unif Your Business ww.day.com 23


Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

Change Password:
Old PEi55V)ord:

Nl''-V'1 P assv'Jord:

Confirrn:

~~~~~
'0)

Note: ''our brO'i'iSer 'Nii! ask \IOU re'.,wthenticte after the change.

CQSE change password confirm

Congratulations! You have successfully changed the CQSE default administrative


password. Now focus on changing the content repository's (CRX) default administrative password.
fo change the content repository! CCRX) default adllinistrative password:

1. Navigate to the content repository (CRX) application.

e.g. http://ocalhost:4502/crx
2. Follow the Log In link.

World Standard Softare to Unif Your Business ww.day.com 25


Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

Nodi!'-T'Tpe .\dvnF~:;_tr-,_'Stnn

CRX user administration

5. Navigate to and select the admin user.

ad~n
anbSvmou$
aparkergeometrixx. cClm

author

CRX admin user

6. Click the link Change Password.

World Standard Softare to Unify Your Business ww.day.com 27


Copyright 2010, Day Software AG, Switzerland Day Company Confidential RevL.220101005

-1. Navigate to the Launchpad (Felix/Sling) application.

e.g. http://local
2. Enter the default administrator credentials - then select OK.

Ausername and password are being requested bV http://localhost:4502. The site


ri1anagelYient Console"

User Name:

Password:

Launchpad login dialog

3. Select Configuration.

Console

Launchpad configuration

4. From the Configurations drop-down box, select the entry named Apache Felix OSc-i

Managellent Console - then cl ick the button Configure.


5. In the field labeled Password, enter the new password (training_osg) - then click Save.

World Standard Softare to Unify Your Business WW.day.cpm 29


Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

1. Select CRX Sling Client Repository (second entry, with the long ID) from Configuration

in the Launchpad application - then click Configure.

2. Enter the new password in the field labeled Adllin Password (training_crx) - then click
the Save button.

accsses
JNDI
UR:.

J\lDI

I\ame
DatJ':

Na:-ne of the

to access,

Usrld

Password
Admin

Userld
Admin

Password

Sling client repository admin password


3. Validate changes have persisted properly by requesting the CQ application and login.

Access CQ via http://localhost:4502/


Username = admin
Password = training_crx

NOTE
It may take a minute or two for the changes to the CRX Sling Client Repository configuration to populate thoroughly.

World Standard Softare to Unify Your Business ww.day.com 31


Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

Goal
aSCi is a fundamental element in the technology stack of CQ5. It is used to
control the composite bundles of CQ and their configuration.

aSCi provides the standardized primitives that allow applications to be


constructed from small, reusable and collaborative components. These

components can be composed into an application and deployed.

This allows easy management of bundles as they can be stopped, installed, started individually. The interdependencies are handled automatically. Each

aSCi Component (see the aSCi Specification) is contained in one of the various bundles.

The following instructions explain how to manage aSCi configuration settings.


To successfully complete and understand these instructions, you will need:
A running CQS author instance

By default, versions are never purged from the repository.

How are Versions Purged?


To control if, and how, versions are managed in your system:
1. Select CRXP Lite from the Welcome Screen.

World Standard Softare to Unify Your Business ww_dav_com 33


Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

ti
5. Fill in the dialog box:
.. Name: conftg
Ii Type: slng:Folder

Pleas ~rite~ rtooe flame an; sei;

Name:.
~

l'f:

~;

OJ(

Create Node dialog

6. Right-click the config node you just created.


7. Choose Create --) Create Node

8. Fill in the dialog box:


.. Name: com.day.cq.wcm.core.impI.VersionManagerlmpl
Value: sling:OsgiConftg

Now you must add properties to the com.day.cq.wcm.core.impI.VersionManagerlmpl node. You add properties by

filling in the input boxes at the bottom of the properties pane.


9. Set the following three properties on the com.day .cq .wcm .core. impl. VersionManagerl mpl node:
Nal1e: versionmanager.purgingEnabled

fype: Boolean
.. Value: checked (true)

World Standard Softare to Unify Your Business ww.day.com 35


Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

Mixir,

Deelop Re$tc

Stppo

I?roe-rteo

T""
'~,maroge.miloc Smng

Vall.e

"mt Ma'lil r'1ult-ie Auto Ote

fal5e fa&! 1a~52 fi&1


,:conlcri,Ieti:

veoom.a~;i:.rPl-~5::ingU

~n

ir.

raise- fiJ~ fitio ril\s

fil~

Configured Version Manager

Congratulations! You have successfully configured an aSCi bundle! Now go back to the CQ5 Author interface and use the sidekick to create more than 5 versions

of any page. Notice what happens to the list of versions once you have more
than 5 versions.

World Standard Softare to Unify Your Business ww.day.com 37


Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.2 20101005

Return user input (for example, form input from the publish environment to the
author environment (under control of the author environment).

Replication, to a publish instance takes place in several steps:


The author requests that certain content be published (activated)
This can be initiated by

a manual request, or by automatic triggers which have

been preconfigured.

The request is passed to the appropriate default replication agent


An environment can have several default agents which will always be selected

for such actions.

The replication agent "packages" the content and places it in the replication queue.
The colored status indicator is set for the individual pages in the SiteAdmin
console (Websites tab)

The content is lifted from the queue and transported to the publish environment
using the configured protocol
Normally, the configured protocol is HlTP.

A servlet in the publish environment receives the request and publishes the
received content.

How do I access and configure Replication Agents?


1. Access the Tools tab in CQ5.

2. Click Replication (left pane to open the folder).

3. Double-click Agents on author (either the left or the right pane).


4. Click the appropriate agent name (which is a link) to show detailed

information on that agent.


5. Click Edit to open the configuration dialog:

World Standard Softare to Unify Your Business www.day.com 39


Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

Use for Reverse Replicatio.-: Indicates whether this agent will be used for reverse replication; returns user input from the publish to author environment
6. Choose the rransport Tab

7. Make sure that the server and port specified in the URI are correct for the first Publish instance.

8. Verify that the specified User and Password are correct to access the first
Publish instance.
9. Click OK to save the settings.

Transport Tab Configuration Parameters:


URI: This specifies the receiving servlet at the target location In particular, you
can specify the host

name (or alias) and context path to the target instance here.

For example:
A Default Agent may replicate to http://localhost:4505/bin/receive?

s I ng :auth Req uestlog i n = i


A Dispatcher Flush agent may replicate to http://localhost:8000l

dispatcher /inval date.cache


The protocol specified here (HTIP or HTIPS) will determine the transport

method.

World Standard Softare to Unify Your Business www.day.com 41


Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

15. Select the Transport Tab and set the URI to the correct values for the second

Publish instance. Also make sure that the User and Password are correct for the
second Publish instance.
16. Click OK to save the settings.

Proxy Tab Configuration Parameters:

The following settings are only needed if a proxy is configured in the network.
Proxy Host: Hostname of the proxy used for transport.

Proxy Port: Port of the proxy.


Proxy User: User name of the account to be used.
Proxy Password: Password of the account to be used.

Proxy NfLM l1olMah,: The proxy NTLM domain.

Proxy NfLM Host: The proxy NTLM host.

Extended Tab Configuration Parameters:

Interface Socket interface to bind to:


Hrrp Method: HTIP method to use.
Hrrp Headers: These are used for Dispatcher Flush agents and specify elements
that must be flushed.

factionl indicates a replication action; fpathl indicates a path.


ConnectTllMeout: Timeout (in milliseconds) to be applied when trying to establish a

connection. Socket TllMeout: Timeout (in milliseconds) to be applied when waiting for traffc after a connection has been established. Protocol Version: Version of the protocol; for example "1.0" for HTIP /1.0.

Triggers Tab Configuration Parameters:


These settings are used to define triggers for automated replication:

World Standard Softare to Unify Your Business ww.day.com 43


Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

fo 1l0nitor a replicatio~ agent:

1. Access the fools tab in CQ.

2. Select ~eplication folder in the left pane to expand.

3. Double-click the link to agents for the appropriate environment (either the
left or the right pane); for example, Agents on author. The resulting window shows an overview of all your replication agents for the author environment, including

their target and status:

;;lI

4. Click the appropriate agent name (which is a link) to show detailed


information on that agent:

World Standard Softare to Unify Your Business www.day.com 45


Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.2 20101005

Goal
From the Websites tab you can activate the individual pages. When you have
entered, or updated, a considerable number of content pages - all of which are resident under the same root page - it can be easier to activate the entire tree in one action. You can also perform a Dry Run to emulate an activation and

highlight which pages would be activated.


The following instructions explain how to browse the application/server interfaces associated with a CQ5 installation. This will enable you to use their

administrative/ configuration capabilities. To successfully complete and


understand these instructions, you will need:
A running CQ5 Author instance

To activate a cOllplete tree of your website:

1. Access the Tools tab in CQ.

2. Click on Replication - the folder will expand.


3. Then double-click on Activate Tree.

4. A dialog screen, similar to that below, will open.

5. Enter /content/geometrixx/en/company (or something similar) into the Start

Path. The Start Path specifies the path to the root of the section you want to
activate (publish). This page, and all pages underneath, will be considered for

activation (or used in the emulation if a Dry Run is selected).

World Standard Softare to Unify Your Business ww.day.com 47


Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.2 20101005

Goal
The Dispatcher is Day's caching and/or load balancing tool. Using the Dispatcher also helps protect your application server from attack. Therefore,
you can increase protection of your CQ instance by using the Dispatcher in

conjunction with an industry-strength web server.


The process for deploying the Dispatcher is independent of the web server and
as platform chosen:
II Install the supported web server of your choice according to their own

documentation.
II Install the Dispatcher module appropriate to the chosen web server and

configure the web server accordingly.


II Configure the Dispatcher.
II Integrate with CQ to update the cache when the content in CQ changes.
In this exercise we will install the Dispatcher into an 115 web server.

To successfully complete and understand these instructions, you will need:


II A running CQ5 Author instance
II A running CQ5 Publish instance

How does the Dispatcher plug into LIS?


1. Unzip the latest Dispatcher build, appropriate for your operating system, to a

temporary directory. The Dispatcher files are located on the memory stick under /distribution/dispatcher.
2. Add the Dispatcher to the list of available ISAPI filters (by adding the DLL to

the liS) use the following steps:


Extract dispJis.dll into the executable directory of the selected website under 115.
Le. -(IISJNSTALLDIR;; /scripts

World Standard Softare to Unify Your Business www.day.com 49


Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

4. To ensure access you have to:

Inside the Internet Service Manager, right click the root node of the appropriate
website, then open its Properties dialog.

Select the Directory Security tab.


Activate Anonymous access.

To activate the changes you have to restart liS. Either from the liS control
window or from a command window:

net stop w3svc - will stop the liS web publishing service

net start w3svc - will start it again


NOTE
Before you can start using the Dispatcher, you must configure the Dispatcher.

Congratulations! You have successfully integrated the Dispatcher with the liS web

server.

World Standard Softare to Unify Your Business ww.day.com 51


Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

LoadModule to load the module 011 start up. Dispatcher-specific configuration entries, including
DispatcherConfig,DispatcherLog and DispatcherLogLevel.

SetHandler to activate the Dispatcher. LoadModule.

4. Register the Dispatcher module by adapting Apache's configuration file


(apache_hotMe)/conf/htlpd.conf. The Dispatcher-specific configuration entries are

placed after the LoadModule entry.


5. Add the following text to the htlpd.conf file at the end of the Load Module section:
# LoadModule foo_module libexec/mod_foo.so # Add to the end of the LoadModule section LoadModule dispatcher_module modules/disp_apache2.2.dll

#
# configure the minimal setting for the dispatcher

# the main configuration is read from the 'DispatcherConf ig' file.


#

~IfModule disp_apache2 .c~


# location of the configuration file. eg: 'conf / dispatcher. any' DispatcherConfig conf/dispatcher. any

# location of the dispatcher log file. eg: 'logs / dispatcher. log'


DispatcherLog logs/dispatcher. log
# log level for the dispatcher log # 0 Errors # i Warnings # 2 Infos # 3 Debug DispatcherLogLevel 3

# Def ines the Server Header to be used:


# undefined or 0 - the HTTP server header contains the CQ version. # if turned to i, Apache server header is used DispatcherNoServerHeader 0

# if turned to i, request to / are not handled by the dispatcher # use the mod alias then for the correct mapping DispatcherDeclineRoot 0
# Defines whether to use pre-processed URLs: # 0 - use the original URL passed to the web server. # i - the dispatcher uses the URL already processed by the handlers # that precede the dispatcher # (i.e. mod_rewrite) instead of the original URL passed to the web

server.

World Standard Softare to Unify Your Business ww.day.com 53


Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

Goal
Now that we have integrated the CQ5 Dispatcher with the web server, we must

configure the Dispatcher so that it can find its associated Publish instances, knows which pages to cache and where to cache them.
In this exercise we will configure the Dispatcher with appropriate settings to

cache pages as desired, and define a Dispatcher Flush agent to invalidate the
cache in response to content update. To successfully complete and understand these instructions, you will need:
A running CQS Author instance
A running CQS Publish instance

Configuring the dispatcher .any file


By default the Dispatcher configuration is stored in dispatcher.any, though you

can change the name and location of this file during installation. The
dispatcher.any file is independent of web server and operating system, so the

following instructions are appropriate to both liS and Apache. The only difference between the two configurations is the usage of the property /
homepage, which is used only by liS.
fo configure the Pispatcher:

1. Open the dispatcher.any file with the text editor of your choice.

2. Make sure the /farms section matches your infrastructure. The /farms section defines a list of farms or websites. Each /farms section defines:
A set of load-balanced renderers. The IP addresses and ports of the publish instances to serve and cache content
from.

Further characteristics including where to cache files, what to cache.


For each farm you can specify separate caching and rendering parameters,

some of which have sub-parameters:

World Standard Softare to Unif Your Business ww.day.cgm 55


Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

II
3. Verify the list of client headers in the dientheaders section.

# each farm configures a set off (loadbalanced) renders

/farms
t
# first farm entry (label is not important, just for you

convenience)

/website
t
# client headers which should be passed through to the render

instances

/clientheaders
t

"user-agent" "authorization"

"referer"

"accept-encoding" "accept-language" "accept" "host" "if-match" "if-none-match" " if-range" "if-unmodif ied-since"
"max-forwards"

"content-type" "content-length" "accept-charset"

"from"

"proxy-authorization" "proxy-connection"
"cq-action" "cq-handle" "handle" "action"
"range" "cookie"

"cqstats"
~

4. (lIS-only!) Adapt the homepage property.


/farms
t

World Standard Softare to Unify Your Business ww.day.com 57


Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

dispatcher configuration). You can define several renders within a farm for load balancing.
/farms
t
# first farm entry (label is not important, just for you

convenience)

/website
t
# the load will be balanced among these render instances

/renders
t

/publish1
t
# hostname or IP of the render

/hostname "127.0.0.1"
# port of the render /port "4503"
L

/publish2
t
# hostname or IP of the render

/hostname "127.0.0.1"
# port of the render

/ port "4504"
l l

Using filters, you can specify which requests are accepted by the Dispatcher

module. All other requests are sent back to the server, where they are offered to the other modules that run on the web server.
7. Adapt the filter properties to allow or deny access to certain paths.

NOTE

Day Software best practices suggest that you deny access to Ilibs, letc, Icrx, ladmin, Ivar, I tmp, Ihome, lapps and any other URis that should not be accessible from outside. Please see the Security Checklist for further considerations when restricting access using the Dispatcher.

/farms
t

/website
t

World Standard Softare to Unify Your Business www.day.com 59


Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.2 20101005

/docroot: This link points to the document root of the web server.

/statfile and /statfileslevel define which parts of the website tree are
invalidated when pages are activated.

/allowAuthorized: Specifies whether requests (pages) that carry an

authentication header are cached.


/rules: List of cachable documents determines which documents are cached
/invalidate: Defines a list of all documents that are automatically rendered invalid after a content update.

The docroot link points to the document root of the web server. This is where
the Dispatcher stores the cached documents, and this is where the web server

looks for them. If you use multiple render farms, you have to define a different
document root on the web server for each farm, and specify the corresponding

link here.
8. Define the location of the web server cache to the Dispatcher.

/farms
t

/website
t

/cache
t
# the cacheroot must be equal to the document root of
the webserver

# /docroot "C:/lnetpub/wwroot"
/docroot "":Apache_document_root:;"

9. Configuration of the Dispatcher is not yet complete, but at this point we can test the configuration of the Dispatcher with the web server. Save your changes
to the dispatcher.any file.

10. Restart the web server


11. Access the Geometrixx website using the following URLs:

Author instance: http://localhost:4502/content/geometrixx.html


Publish instance: http://localhost:4503/contentlgeometrixx.html

World Standard Softare to Unify Your Business www.day.com 61


Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

necessary rights. However, in some setups it can be permissible to cache

authenticated documents.

14. Set the /allowAuthorized property.


Icache
t
/docroot "C:/apache/htdocs" /statfileslevel "2"

/allowAuthorized "0"

The rules property defines which documents are cached, though the Dispatcher never caches a document in the following circumstances:
If the HTIP method is not GET.

Other common methods are POST for form data and HEAD for the HTIP header.

If the request URI contains a question mark ("7").


This usually indicates a dynamic page, such as a search result that does not
need to be cached.

. The file extension is missing.

The web server needs the extension to determine the document type (the MIMEtype).

The authentication header is set (this can be configured)


If you do not have dynamic pages (beyond those already excluded by the above rules), you can let the Dispatcher cache everything.

15. Define the list of cachable documents:


/cache
t
/docroot "C: lapache/htdocs"

/statfileslevel "2"

/ allowAuthorized "0"

/rules
t t

/0000

/glob "*"
/type "allow"

10001 t
i glob "i en/news I *"

/type "deny"

World Standard Softare to Unify Your Business ww.dav_com 63


Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

10003

I glob "*. pdf"


Itype "allow"
~

i 7. Save dispatcher.any changes.

Configuring the Dispatcher Flush Agent


In cases where there are multiple Publish instances, the dispatcher flush is controlled by a replication agent operating on the publish instance. However, the configuration is made on the authoring environment and then transferred by activating the agent:
i. Open the CQ Tools console.
2. Open the required replication agent; for example the Uispatcher Flush agent
under Agel'ls on Publish that is included in a standard installation.

3. In the Settings tab ensure that Enabled is active.

World Standard Softare to Unify Your Business ww.day.com 65


Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

5. Open the friggers tab. Make sure only the On Modification parameter is checked.

World Standard Softare to Unify Your Business ww.day.com 67


Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

Goal
As data is never overwritten in a tar file, the disk usage increases even when only updating existing data. When optimizing, the Tar Persistence Manager copies data that is still used from old tar files into new tar files and deletes the
old tar fi les that contain only old or redundant data.

This exercise will show you multiple ways to optimize the Tar PM. To successfully complete and understand these instructions, you will need:
A running CQS Author instance

Manually optimizing tar files using CRX Console


To optilliie tar files using the CRX console:

1. In the CRX Console, log in as administrator.


2. Click Repository Configuration.

3. Se lect Tar Persistence Manager Optilliiation and ci ick Start Optilliiation,

U",r,":, .,~~i;.~.h ;i4I'.;j.i)(l(~.~ (i"~.,*~L,:':H: l TIJ$'- ll1" HJ1~im,i:',,~lflrH1

Since our repository has only i tar file (we haven't made enough changes to the repository), the optimization will have no effect.

World Standard Softare to Unify Your Business ww.day.com 69


Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

It
Goal
Online repository backup lets you create, download and remove backup files. It is a "hot" or "online" backup feature and therefore can be executed while the repository is being
used normally in the read-write mode. Backup files are saved in the ZI P compression

format.

In this exercise, you will create a "hot" backup of your Author repository. To successfully
complete and understand these instructions, you will need:
II A running CQ5 Author instance

Creating an online backup


This backup method creates a backup of the entire repository, including CQ5 or other applications deployed into it. This method lets you create and later restore the entire

repository and applications running on it, including content, version history,


configuration, software, hotfixes, custom applications, log files, search indexes, and so
on.

This method works as a hot or online backup, so you can perform this backup while the

repository is running. The repository is usable while the backup is running, however
performance of the repository will decrease. This method works for the default, TarPMbased CRX instances.

Backup files are saved in the Zi P compression format. By default, they are saved in the

parent folder of the folder where the quickstart .jar is running. You can change the
location where CRX saves backup files.
fo create a backup:

3. Go to the following URL: http://localhost:4502/crx.This will take you to the CRX Main Console.
4. Log in as the administrator.
5. Click Repository Configuration

World Standard Softare to Unify Your Business ww.day.com 71


Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

The online documentation provides deeper information regarding this crucial topic, including different scenarios like backing up an clustered node, etc. Check it out under http://dev.day.com/content/docs/en/crx/2-0/administering/backup_and_restore.html.
Congratulations! You have successfully created a full backup of your Author repository without taking the instance down.

World Standard Softare to Unify Your Business ww.dav.com 73


Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

The restore procedure is identical to the one described in previous exercise.


COl1gratulatiotls! You have successfully created an automated backup script.

World Standard Softare to Unify Your Business www.dav.com 75


Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

The first thing we need to do is decide on the central, network-accessible location where we will put the shared journal. In general you would have the
shared path pointing to a mounted networks drive (via NFSjSAN), but for our purposes, any central location will do. For example, we can choose C\cq

\shared.
1. Make sure that the node that will become the llaster, the node running on
port 4502 is not running.

2. Navigate to -clnstaIlDir::jrepository. Copy the shared folder and paste it into

C\cq.

3. We will tell the llaster node where to find its shared journal. Navigate to

-clnstaIlDir::jrepository.
4. Open repository.xlll with a text editor.
5. Find the Cluster elelle"t and make the following changes:

.iCluster'? .iJournal class="com. day. crx. core. journal. FileJournal ",?

"param name="sharedPath" value="C:/cq/shared" I'?


"param name=lmaximumSize" value="104857600" I'?

World Standard Softare to Unify Your Business ww.dav.com 77


Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

5. Notice that this instance believes that it is the master of its own cluster. Notice the shared path points to its own repository.
User-m: admin I Workspace: uK.default I ,Ul.f.-LH!,I! I ;~i~~'.i.t;.b...W.QJ.-.k:,p'.g.i;.t;, I !n:,p'.tx.~.!u;.ell, ?oiiJ:!t.et"~

ldi:,itit'i

df9bZ55a~'~~..()5.4 b d9- 3 :;f"-f,:~62 ~.",6,jl.",,8 'of,rido,/,:$ ;..p 5,1 IOCllhost:45G.. c: \cq\'-J uthr2\cn;. QUI..:.,:t.: ,i\xe p ositor\( C: \cq\a uth;)t:'\crx -QIJickstartVe p o,,;;oi-y \,,,l ared

os
Host

P,:opositorv Horne

Sh,red path
No siai/es conri-:ted

Shared p.,rth

6. Enter the shared path of our new cluster into the shared path input field.

UserID: admn I Work~pace: cF"lo.default I Log Out I Switch Wo!"kspar:e I Imof.t'!woate

Naster"
Idetit1'

df9b255 a - 9':05-4 b d9- 665e-636B5e tid leeS


',ALir:do\~!s ;~:p 5.1

os
Host
Repositor~f Horn!?

loc,:ilhost:4504
C :\cq\author2\crx -qui ck ;;taii:\repos tory

shared path
No ,:iiies connected (;b,.t~~~-

C :\cq\a uthor2\crx .qui CK $td~"t\repo$t:rV\$hared

Shaled inith

!c/cq/shared

7. CI ick Join.

The join will take a few minutes as the Slave repository is being rewritten with
the information from the Shared Journal.

World Standard Softare to Unify Your Business ww.day.com 79


Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.2 20101005

.
Goal
The following instructions explain how to create a CQ package that will combine all elements of the Training project, minus all jpegs. This is a good
example of packaging application content, which you could then distribute to team members for review. To successfully complete and understand these
instructions, you will need:

A running CQ5 Author instance


A completed Training project with appropriate extents

ions

Why do I need CQ packages?


Packages can include content and project-related data. A package is a zip fi Ie that contains the content in the form of a file-system serialization (called "vault" serialization) that represents the content from the repository as an easyto-use-and-edit representation of fi les and folders.

Additionally, it contains vault meta information, including a filter definition, and


import configuration information. Additional content properties can be included

in the package, such as a description, a visual image, or an icon. These properties are for the content package consumer for informational purposes
only.

You can perform the following actions with packages:


Create new packages
Modify existing packages

Build packages

Upload packages

Install packages
Download packages from the package share library Download packages from CQ to a local machine
Apply package filters

View package information

fo create, build, and download a CQ package, in the -fools- section of CQ5:

World Standard Softare to Unify Your Business ww_dav_com 81


Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.2 20101005

5. Enter the package "Group Name" (training) and "Package Name" (trainingproject).

tranng

tranlng-proJ8ct

CQ new package dialog


6. Select the training-project package.

7. Add the Component Filter Definition to the paragraph system Component then open (e.g. double-click).

Page view of component addition

8. Enter the "Root Path" (lapps/training) and a "Rule" that excludes all jpegs

(Exclude =:: .+\.jpg) - then select OK.

World Standard Softare to Unify Your Business www.day.com 83


Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

.l /apps./training/'components/con tent, logo,/design_dialog, xml


A /apps/training/'component.s/content complex

JSP

A /apps/ti-airiing/componen ts/content coilLplex./, content. Eml .l /apps/tra.ining,/components/content /comple:.:/complex, JSP A /apps/training/'components/content,/comple::.::/dialog, XJnl .l /apps,..ti-aining/components/content./complex/design_dialog, xml .l /apps/training/components/content/cOJlLplex/_c~edi tConf ig. xrri! A /apps/training/components/con ten t/search
.l /apps/training/components/content/search/, content. xml .l ,/apps/training/components/content/search/seai'ch. JSP

A /apps/training/src A ./apps/training/install A /apps/ training/docroot

. /apps/training/training-widgets J s

. /apps/training/training-widgets J S/. coritent XII!

. /apps/training/training-widgets j s/f iles . /apps/training/training-widgets J s/f i les/. content xml

. /apps/trainiug/training-widgets J s/f iles/training, JS


. /apps/training/global . /apps/training/global/ini t jsp
Package created in 782ms.

. MET-INF/vaul t/det ini t ion/. content xml

Package build output

Package build information

10. Download the package by entering the URL of the package's ZiP in your Web browser's address bar.

e.g. http://localhost:4502 /etc/packages/training/training-project.zip


Congratulations! You have successfully created a package, added a rule to the

filter definition, built the package, and have downloaded the package, which you can now share with your CQ development team.

World Standard Softare to Unify Your Business WW.day.com


Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

85

~response/ ~data/

+ -- - - - - - - - - - -+ - - - - - - - - - - -- - - - - - - - - -- - - - - - - - - - - - - - -- - - --+

+- -- - - - - - - - - -+- - - - - - - - - - - - - - - - - - - - - - - - -- - -- - - - -- - - - - - --+

I Arguments I Comment I
I cmd=help I print this help I
cmd=rm I remove a package

+-- - - - --- - - - -+- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -- - - -- - - - - --+

+-- - - - - - - - - - -+- -- - - - - - - -- - - - - - - - - - --- - - - - -- - - - - - --- - -- - +

I cmd=ls I print a list of all packages I


name I package name I (group) I group name (optional) I
cmd=build I build a package

+- - - - - -- - -- - -+- - - - --- - - - - - -- - - - - - - - - - - - - - - - -- - - -- - - -- --+

name I package name I (group) I group name (optional) I +- - - -- - - - - - - -+- - -- - - - -- - -- - - -- - - - - -- - ---- -- - - - - - - -- - ---+ I cmd=ins I installs a package I name I package name I (group) I group name (optional) I
cmd=unins I uninstalls a package

+-- - - - - - - -- - -+- -- - -- - - - - - - -- - -- - - - - - - - - - - - - -- - -- - - - -- --+

name I package name I (group) I group name (optional) I + --- --- - - - - --+- - -- - - - ----- - - - - - - - - -- - - - -- ---- - - -- -- - - --+ I GET I downloads a package.
I I ( content-disposition header contains

I I the correct filename)


I (cmd=get) I optional

I name I package name

+ -- - --- - - - - - -+- - - - -- - -- -- - - - - - - - - - - -- - - - - - - -- - - - - - - -- --+

I (group) I group name (optional) I I POST I upload a new package


I file I pacakge to upload
I (name) I optional name

~/data/ ~status code="200"/ok~/status/ ~/response/ ~/crx/


2. List

+--- - -- -- - - - -+- - --- - - -- - -- - --- - - ---- - - --- - -- - - - -- -- -- --+

I (install) I automatically install package if 'true' I

the packages currently available on this CQ instance:

curl -u admin:admin http:/ jlocalhost:4502/crx/packmgr/service.jsp?cmd=ls


You should get a response similar to the following:

~crx version="2. 0" user="admin" workspace="crx.default"/ ~request/


~param name="cmd" value="ls" //

World Standard Softare to Unify Your Business www.day.com 87


Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

~/data?
~status code=" 200"?ok~/status?

~/response? ~/crx?
4. Install a package. Enter the following command to install the package you just

uploaded.

curl -u admin:admin -F name=training_import http://localhost:4502/crx/packmgr/


service.jsp?cmd= inst
You should get a response similar to the following:

~crx version="2. 0" user="admin" workspace="crx.default"? ~request?


~param name=" cmd" value=" inst" /? ~param name=" inst" value="training import. zip" /?

~/request?

~param name="name" value="training import. zip" /?

~response? ~data? ~log?


Installing content... 1-- Collecting import information... 1-- Installing node types...

1-- - nt -? http://www . j cp. org/j cr /nt/1. 0


1-- - jcr -? http://www.jcp.org/jcr/1.0 1-- - sling -? http://sling.apache.org/jcr/sling/1.0

1-- A / content/dam/photos/ img4. jpg /j er: content/renditions/


cq5dam. thumnail. 48.48 .png

1-- A / content/dam/photos/img4. jpg /j er: content/renditions/


cq5dam. thumbnail .140 .100. png / j cr: content

1-- A / content/dam/photos/img4. jpg /j er: content/renditions/ cq5dam. thumnail. 48.48. png / j cr: content
j cr: content
1-- A /eontent/dam/photos/img4. jpg/jer: content/renditions/original 1-- A /content/dam/photos/img4. jpg/jer: content/renditions/original/

1-- saving approx 42 nodes....


1-- Package imported. Package installed in 294ms.

~/log? ~/data?

~status code="200"?ok~/status?

~/response? ~/crx?

World Standard Softare to Unify Your Business www.day.com 89


Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.2 20101005

Goal
Various CQS log files provide detailed information about the current system

state. In addition to the default system log files you can also create and customize your own log files. They can help you better track messaged
produced by your own applications and to separate them from the default log

entries.

In this example, we will generate a new log file and monitor only messages
produced by a specific set of CQS modules. To successfully complete and

understand these instructions, you will need:


. A running CQS Author instance

fo create a custOll log file with a specified log level:

1. Open CRXDE Lite so that you can define a new configuration for the custom log file. You can also use CRXDE or CRX Content Explorer to achieve the same

results.
Create the Loggit'g Logger

2. If it doesn't already exist, create a new folder named "config" in /apps/


geometrixx. Right-click on the geometrixx folder. Select New... Folder.

3. Under /apps/geometrixx/config, create a node for the new Apache Sling Logging Logger Configuration. Right-click on the new config node and Select
New... Node.

Nal1e:

org .apache.sl ing .commons.log. LogManager. factory .config- TRAINING

fype:

sling:OsgiConfig

World Standard Softare to Unify Your Business www.dav.com 91


Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

orQ,apoche,sliii
l'iri:i." ,mom. liio'

IX_

org,apacne,felix
com,

da

Do Up Do

Cm
Pr~~_"

:N"

~""g.~,'if.q.m~.Io.tic

S 'i,~,~,~.~.~.~1
5 Qi\l.~'i,'S~.~~.ln,rima St'iIiJ "",,~,l;QI~~-re,,,wr,Oo fals faIr; trY\

;: Ctg.~,~ir.i.m~.Ic,pMt,. St,~ (O,J:.;JMM,yvn f1:='r'ns,S5:;~ "(01)' ;(2 t/lls( fI~ ~abi

Create the Logging Writer

A logging writer is only necessary when a configuration that is different to the default. The default writer will select a default size of 10MB and 5 as the default
number of files.
5. Under /apps/geometrixx/config, create a node for the new Apache Sling
Logging Writer Configuration. Right-click on the config node. Select New... Node.

. .

Name:

org .apache.sl i ng .commons .Iog .LogManager. factory. writer- TRAIN ING

fype:

sling:OsgiConfig

6. Set the following properties on the new


org .apache. sling .commons.log .LogManager. factory .writer-trai ning node:

. .
.

Name:

org .apache.sl i ng .commons .Iog. fi Ie

fype:
Value:

String

../Iogs/training.log
org .apache.sl i ng .commons.log. fi Ie .size

. . .

Name:

fype:
Value:

String 1mb

Name: org.apache.sling.commons.log.file.number

World Standard Softare to Unify Your Business ww.dav_com 93


Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.2 20101005

Goal
This exercise describes how to configure and manage user authentication and
authorization within the CQ5 scope. To successfully complete and understand these
instructions, you will need:

II A running CQ5 author instance

Users and Groups


Users

Users: A user models either a human user or an external system connected to the system.

The user account holds the details needed for accessing CQ. A key purpose of an
account is to provide the information for the authentication and login processes -

allowing a user to log in. Each user account is unique and holds the basic account
details, together with the privileges assigned. Users are often members of Groups, which simplify the allocation of these permissions and/or privileges.
G-roups: Groups are collections of users and/or other groups; these are all called Members

of a group. Their primary purpose is to simplify the maintenance process by reducing the number of entities to be updated, as a change made to a group is applied to all members of the group.
Both users and groups can be configured using the Security Console. You can manage all users, groups, and associated permissions using the Security Console. All the procedures described in this section are performed in this window.

World Standard Softare to Unify Your Business ww_dav_com 95


Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.2 20101005

Hide
Edit y

L. m
admit'

r~1'
admir

v PUD.
l Sort

f"lcx,

admil'strators
a rlOnvrrOl.$

adiriristratol$
arorvrrOt:$

So
m

A!sor Parker

author
oortribl.tor

aLtbo,
ContribLtors
e,,'C!''C~
Jo1'l' l:

l'11'e

~'Crjl

First, we will create 2 user accounts. After that, we create a group and assign some
project specific restrictions to it. Finally, we add the new users to this group.

Creating Users and Groups


To create a new user:

1. In the Security window tree list, click Edit) Create) Create User.

Create U;r
a

Create
Activate

administratois
anonymous

adrri 11 istrawr:;

arlOnyil)
Alisol1 Parkr
aiArlor

Deactivate
31.trlor

2. The Create User dialog box appears. Enter the required details and click Create:

World Standard Softare to Unify Your Business ww.day.com 97


Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

7. ci ick the Page Perllissions tab. You wi" notice that John has no access to any part of

the website. The default permissions policy in CQ5 is "deny all".


In CQ5, permissions grant or deny access to content objects. Privileges are used to
assign access to the functionality within the application.

8. Click the Replication Privilege tab. You will note the same. John has no rights to

replicate/activate pages.
9. Click the Privileges tab. You will note that he does not have privileges to modify the

hierarchy.
10. No users are specified as potential impersonators of John.

a aparkerljgeometrixx,com Alison Parker

S ~uthor author
is contributor Contributors

~'...v,)var ijo".''-Jetc ';;::::icontent G)',',~:CamDaigns

is everyone everyone

a brown John Brow


a doe(ggeometrixx,com John Doe
S jsmith Jane Smith m tag-admnistrators tag-administrators in user-administrators user-administrators workflow-editors workflow-editors t workflow-users workflow-users

':'JEnglish (t _::Fran~ais

0J-',:::'Italiari

:ZyJB:iiti
"''' ::i;~!User Generated Content ,.t ,''-'-'-'-:Wiki Content

Qtmp
);'':ihome

We want now create a group with some access rights you could use in future projects, then put the created user(s) into this group. The requirement list for this group members

looks like:
. Provide access only to the consoles Websites and Iligital Assets. That means, denied
access to the other ones (fools, Users, Workfow, fagging).

. Members of this group are allowed to modify content of already existing pages located under Geometrixx ~ English, add new paragraphs and delete them.
. Pages located under Geometrixx ~ French (Franais) should be accessed in read-only mode.

. Page Geometrixx ~ German (Deutsch) is not accessible at all (not visible) to members

of the group.

World Standard Softare to Unify Your Business www.day.cgm 99


Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

2. Click the Page Pen-Missions tab. The tree map will open.

3. it's a good idea to provide read-access to entire repository. Project-specific restrictions can be easily added at a later time point. Select the node CQ. Per default, users have all
access rights denied. To provide read access to the root node (CQ), double-click under

the column Itead and select "allow" from the appearing drop-down box. Since access rights are automatically inherited to child nodes, all members of the legal group have
now read access to all nodes in the CRX repository.
4. Click Save.

Manage Access f:ights for different Websites:

5. Navigate in the tree map to the page you want to add permissions. In our case: CO/
content/Geometrixx Demo Site/English.
6. Click the page in the tree. Notice the permissions specified on the right.

7. Double-click under the column Modify and select "allow" from the drop down list.

8. Do the same for the columns Create and Pelete. The red corner indicates that the item listed has not yet been saved.
9. Save.

10. Navigate to CQ/content/Geometrixx Demo Site/Deutsch and select "denyN in the f:ead

column.
11. Save.

Manage Access f:ights for Pesign:

12. Set Modify rights to "denyN on node CQ/etc/Designs to restrict general usage of all designs or select the appropriate design you want to constrain. Make sure, Read access to designs is still granted, otherwise, page content cannot be correctly rendered.
13. Click Save to persists your modifications into the CRX repository.

World Standard Softare to Unify Your Business ww.dav.com101


Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

6. Now let's modify the replication privileges for the French branch. Click Add and select
the page CQlcontent/Geometrixx Demo Site/Franais. Veny replication privi leges to it.
7. Repeating previous step, Allow replication to CQ/content/Geometrixx Demo Site/

Franais/products.
8. Click Save.

m. admin Adminjstratot
tp. administrators administrators

a anonymous anonymous
ff aparker~geornetrixx,CDm Alison Parker

. author author
at contributor Contributors

. everyone everyone

S jbrown John Brown


;S- jdoe(ggeometri::x,com John Doe
-S jsmith Jane Smith n tag-administreitors tag-administrators ~ user-administrators user-administrators ti workflow-editors worklow-editors

fl workflow-users workflow-users

As you can see, you can provide fine-grained replication privileges not only for an entire tree branch, but even on page leveL.

Users without replication privilege granted still have access to the Activate!eactivate

buttons. Clicking on them will not have the desired effect immediately. Instead, a
workflow is started which puts the requested action in the inbox of a privileged user requesting him to approve and finish the action.
Setting standard privileges:

Standard privileges included in the installation of CQ WCM are for modifying the
hierarchy; in other words, creating or deleting pages. The list of privileges available may be extended for your project.
1. Select the Legal group from the list, double-click to open, and click Privileges.
2. The Hierarchy ModHication privileges will be shown. Make sure Veny is selected.
3. If necessarily, click Save.
l7eny access rights to consoles:

World Standard Softare to Unif Your Business ww.day.cQm 103


Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

6. Follow the link New ACE. The section Local Access Control Policies changes its
appearance.
Sclei-L,

AppHble Accss Control Po!s


1;0 ilCditlonal policies to apply
I.l Access Control Polics

re,,:write
jcr.illl jC. rerr.oveChldNoes

Effecthie Aa:ssCoiirol Po4icies

7. Click the Srowse button. A new window labeled Principal Srowser appears, displaying all available users and groups.
8. Select the Legal group and click the Select button. The window Principal Srowser

closes and the selected group Legal is shown in the column PrincipaL.

World Standard Softare to Unify Your Business www.dav_com 105


Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

Applicable Accss Control Policies

Lol Access Control Policies

Effectiv Access Control Policies

I1.Click OK to close the Aecess Control Editor.

12.Repeat steps 3 - 10 to modify the access rights to the other console buttons. The
console buttons are represented in CRX by following nodes:

Site Admin (Websites)


DAM

lIibs/wcm/core/content/siteadmi n

Admin

/Iibs/wcm/core/content/damadmin
/Iibs/wcm/core/content/misc
/Iibs/cq/secu rity /content/adm in

Tools

Security (Users)
Workflow

II ibs/cq/workflow /content/console
/Iibs/cq/tagging/content/tagadmi n

Tagging

Adding a User and a ~roup to a ~roup

World Standard Softare to Unify Your Business www.dav.com107


Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

3. I n the lllpersonate as: box, choose jbrow.,.

The current user is changed to John 8rown.

After you browsed some pages, you can finish impersonation by clicking the
im personated user's name and select Revert to self.

Peleting Users or troups


To delete a user:

1. In the Security window, select Jane Smith (jsmith). If you want to delete multiple

items, Shift+click or Control+click to select them.


2. Click Edit or right-click the user to bring up the context menu. Select Pelete. CQ WCM asks if you are sure.
3. Click OK to confirm.

World Standard Softare to Unif Your Business www.day.com109


Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.2 20101005

Goal
You can configure LDAP authentication as a JAAS Uava Authentication and

Authorization Service) module. For this, you need to specify the JAAS
configuration file to the virtual machine.
This exercise will show you how to integrate with an LDAP server and import users from the LDAP server to the CQ5 instance. To successfully complete and understand these instructions, you will need:
II A running CQ5 author instance

II An LDAP server

Setting up a local l,DAP server


1. In the directory distribution/ldap of the training memory stick, you find a zip archive named openldap-2.2.19-ssl-win32.zip. It contains a pre-configured
OpenLDAP server already containing a set of test users and groups, ready to be
used with CRX.

Extract the zip archive to the C:\ drive. As a result, you'll have the LDAP server

installed in C:\openldap. Open a command shell (Start # Run..., type in cmd, hit
enter. In the command shell, change directory to the OpenLDAP folder by

issuing the command cd c:\openldap :

2. Then enter the command slapd -d 1 which starts the LDAP server. The LOAP

server has fully started when you see the following line at the end of the command shell window:

World Standard Softare to Unify Your Business ww.dav.com 111


Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

5. The LDAPbrowser is pre-configured with the correct login information to


access the local directory server. Select the Quick Connect tab.

Anonymous bnd

User Info
ON:

Password:

6. Fill in the host name and the port number.

. .

Host: Port:

localhost 389

7. Click fetch l1Ns button to access the Distinguished Name tree.


8. Click Connect.

9. You will see the defined users and groups that will be imported into CQ5.

World Standard Softare to Unify Your Business ww.day.com 113


Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

class="org. apache. jackrabbi t. core. securi ty. simple. SimpleWorkspac


eAccessManager" I'?

.iUserManager class="com. day. crx. core. CRxuserManagerlmpl "'? .iparam name="usersPath" value=" /home/users" I'? .iparam name="groupsPath" value=" /home/groups" I;:

.iparam name="defaultDepth" value=" i" I'?


.i /UserManager'?
~/Securi tyManager'?

JAAS works on the basis of "LoginModules". In a JAAS configuration file you can
define a sequence of login modules.

An incoming request will be accepted by the first defined login module for
authentication. If the login module cannot authenticate, the request will be passed on to the next login module in the list of definitions.

In this configuration, the first login module configured is the native


CRXLoginModule, which tries to authenticate using CRX's local users:

com.day.crx.core.CRXloginModule suffcient;
Only if the user of the request cannot be found among the local CRX users, the request will be handed over to the next login module, which is the LDAP login

module:

World Standard Softare to Unif Your Business ww.day.com 115


Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

J;

autocreate. group. cn=" rep: cn"


autocreate. group. localadrin=" adrin"

autocreate . group. uniquernember = "uniquernember"

autocreate . group. description = "description"


autocreate. path=" splitdn" cache .expiration=" 600"

cache.rnaxsize=" 100" ;

NOTE

The IdapJogin.conf configuration information used for this exercise is specific to the LDAP server provided for this exercise. You configuration information will be different and specific to your directory server.

7. Restart CQ5 for the changes to take effect. From the command line start CQ5 with the following option:
java - Djava.security.auth.login.config=crx-quickstartl server l etcl Idap_login.conf -jar cq-author-4502Jar

CRX logs a message (default logging config) confirming which authentication configuration will be used:
default Repository Login-configuration
external JAAS login-configuration

*INFO*DefaultSecurityManager: init: use Repository Login-Configuration for

corn. day. crx


*INFO*DefaultSecurityManager: init: use JAAS login-configuration for
com. day. crx

Importing Users from LDAP to CQ5


The LDAP example configuration file contains 5 groups: Authors, Marketing,

Human Resources, Products and Management. All groups are member of the Authors group.
The users themselves are distributed over the department-specific groups;

none of them is explicitly in the Authors group, but implicitly, since their specific groups themselves are members of the Authors group.

World Standard Softare to Unify Your Business ww.day.com 117


Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.2 20101005

II
5. Examine the Idap.log and error-log files from CRX to debug for errors.
The online documentation provides you comprehensive information regarding LDAP

connectivity to CRX. Check out some of the pages under day.com/content/docsl

urrent/admin ng/ldap....authentication.html .
Congratulations! You have successfully integrated CQ5 with an LDAP server and

imported a set of users and groups from that server.

World Standard Softare to Unify Your Business ww.dav.com11 9


Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.2 20101005

Performance Optimization Methodology


A performance optimization methodology for CQ projects can be summed up to
five very simple rules that can be followed to avoid performance issues from the get go. These rules, to a large degree, apply to Web projects in general, and are

relevant to project managers and system administrators to ensure that their projects will not face performance challenges when launch time comes.

Planning for Optimization


Around 10% of the project effort should be planned for the performance

optimization phase. Of course, the actual performance optimization


requirements will depend on the level of complexity of a project and the

experience of the development team. While your project may ultimately not

require all of the allocated time, it is good practice to always plan for
performance optimization in that suggested range.
Whenever possible, a project should first be soft-launched to a limited audience
in order to gather real-life experience and perform further optimizations,

without the additional pressure that follows a full announcement.

Once you are "live", performance optimization is not over. This is the point in time when you experience the "real" load on your system. It is important to plan for additional adjustments after the launch.

Since your system load changes and the performance profiles of your system
shifts over time, a performance "tune-up" or "health-check" should be

scheduled at 6-12 months intervals.

Simulate Reality
If you go live with a Web site and you find out after the launch that you run into
performance issues there is only one reason for that: Your load and

performance tests did not simulate reality close enough.

Simulating reality is diffcult and how much effort you will reasonably want to invest into getting "real" depends on the nature of your project. "Real" means
not just "real code" and "real traffc", but also "real content", especially

regarding content size and structure. Keep in mind that your templates may
behave completely different depending on the size and structure of the

repository.
Establish Solid Goals

World Standard Softare to Unify Your Business ww.day.com121


Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

The above numbers assume the following conditions:


.. measured on publish (no authoring environment and/or CFC overhead)
.. measured on the server (no network overhead)
.. not cached (no CQ-output cache, no Dispatcher cache)
.. only for complex items with many dependencies (HTML, JS, PDF, ...)

.. no other load on the system

There are a certain number of issues that frequently contribute to performance issues which mainly revolve around (a) dispatcher caching ineffciency and (b) the use of queries in normal display templates. JVM and as level tuning usually

do not lead to big leaps in performance and should therefore be performed at


the very tail end of the optimization cycle.

Your best friends during a usual performance optimization exercise are the
request.log, component based timing, and last but not least - a

Java profiler.

How to monitor Page response times: To monitor Page response times:


1. Navigate to and open the file request.log located at -(cq-install-dir:: jcrxquickstartjlogs.
2. Request a Page in author that utillizes your Training Template and

Components.
.. e.g. /content/training/en/company

3. Review the response times directly related to the previous step's request.
A Page request of /content/training/en/company

World Standard Softare to Unify Your Business ww.day.com123


Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

fo lfonitor COllponent based tilling:


1. Request a Page in author that utilizes your Training Template and

Components.
II e.g. /content/training/en/company

2. View the HTML source of the Page requested in step 1.


3. Navigate to and se lect the "filling chart URL" located in the HTM L sou rce.
II You wl find this URL most likely near the bottom of the HTML source, as it is

generated by the foundation timing Component

~~(!iv claS5="toolbar")-~;sc.ril)t type="te:-tr javascr ipt ,,)co. rCM. edit (( "path": "/content/traning/en/company/ jcr: content/toolbar" r "type
-(I sc.ript)-

-(/div:;
-(iv class="disc lairner":;dsc laimer.(/ (h.".;" -z/div).

HTML source timing chart urI


4. Copy the "Tilfing chart URL" - then paste it in the address bar of your favorite

Web browser.

5. Investigate the visual output to identify any Component that may be causing
a slow response time.

World Standard Softare to Unify Your Business www.day.com125


Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

To find long lasting requests/responses:

1. Navigate to the helper tool rlog.jar located in .:cq-install-dir;: /crxquickstart/opt/helpers using your command line.

DOS location of rlogJar

2. Enter the command java -jar rlog.jar in your command line to get help concerning possible arguments.

DOS rlog.jar help

World Standard Softare to Unif Your Business www.dav.com127


Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

2. Select Ctrl-Shift-U to view the timing statistics for that Page.


ge lod $~.eic$eic$: I 635 m$ $~rt huilding edieing=
676 I 676 m$ Compl ete document lo.ded

I 6SO m5 5~rt render ing rollover


i I 68i m5 Compl eted render ing rollover

I 687 m5 St.re render ing rollover


i --i --ing rollover rollover ing rollover rollover i I 699 m5 Completed rendering rollover --- I 737 rn5 St.rt rendering rollover i I 73S m5 Completed rendering rollover I I I I 688 692 693 698 m$ Compl eted render m5 St.r~ render ing m5 Compl eted render rn5 St.rt render ing

I 743 m$ St.rt render ing rollover


o I 743 rns Completed rendering rollover

I 748 ms St.rt render ing rollover


i I 749 ms Co~.leted rendering rollover

I 754 m5 St.rt rendering rollover


i I 7SS m5 Completed rendering rollover

I 810 m$ St.re rendering rollover


o I S10 rns Compl eted render ing rollover

I 821 rns finished huil ding edit ings


3ii I 987 ms 5t.rt render ing s idek iek i47 I ii34 ms - Coi~leted rendering $idekiek

Page timing statistics


Congratulations! You have successfully viewed the timing statistics for a Page.

Again, this is to aid you in reviewing the performance of specific Pages, so that you may meet your project's performance goals.

fo investigate a systell where sOlle processes are really sloYl but not blocking:

A simple CPU profiling tool is included with CRX 2.0.x. To start it, open:
http://localhost:4502/crx/diagnostic/prof. jsp

1. Set the sample interval and stack depth (or use the default)

2. Click "Start Collecting" and wait to collect data while your slow process executes
3. Click "Stop" to stop data collection

4. Examine the results


Additional External fools:

World Standard Softare to Unify Your Business ww.day.com129


Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

Goal
If an application opens JCR sessions explicitly, it is the responsibility of the developer to ensure the proper closure of these sessions. If not, such sessions will not be subject of garbage collection and thus will stay in memory, causing
above listed symptoms. Each JCR session (CRXSession) creates and maintains its

own set of caches which adds to the overall resource consumption.


In this exercise, we will generate stack traces for the CQ5 instance and analyze those traces with session_analyzer.jar. To successfully complete and understand these instructions, you will need:
A running CQ5 Author instance
session_analyzer.jar from the USB stick

Finding Unclosed Sessions

1. Discover the process id for the CQ5 process by issuing the following

command in a command line window: jps-I

2. Run following command to determine the overall number of current CRXSessions held in memory:

jmap -histo .-pid'? I grep CRXSessionlmpl

World Standard Softare to Unify Your Business ww.day.com131


Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.2 20101005

This will generate a new file output.txt that contains the stack trace of unclosed
sessions, sorted by stack trace content. Each stack trace is one line, and 'compressed' a bit (repeated prefixes are removed). The session id is at the end of the line.
corn. day. crx. j 2ee. JCRExplorerServlet. login (JCRExplorerServlet. java: 521)
ResourceServlet. spoolResource (ResourceServlet. java: 148)
java.lang.Thread.run(Thread.java:595): session# 10023

This example means session #10023 was not closed, and the stack trace
included the given lines when the session was opened. Based on this output you should be able to find the defect code location and fix the problem.
Congratulations! You have successfully found and analyzed unclosed JCR

sessions.

World Standard Softare to Unify Your Business www.dav.com133


Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

CRXDE Lite Console

2. If the /apps/geometrixx/config folder does not exist:

a. Navigate to /apps/geometrixx.
b. Right-click on the geometrixx node.
c. Select Create and follow the arrow to Create Node.

Ji~..."
r~

d. Fill in the dialog box:


Name: Type:

config sling:Folder
p~ enter !"rx ii~ aM ~ i'1l.
i..me:

typ:

CNce

Create Node dialog

World Standard Softare to Unify Your Business ww.day.com135


Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

Goal
Sometimes it makes sense to analyze the network traffc between the client
(web browser) and the server (CQ5) to detect possible bottlenecks. For this purpose we use a tool provided out-of-the-box by CQ5 : proxy.jar.

This tool redirects all HTIP requests to/from the server. This utility, which logs the complete HTTP conversation, is installed as a proxy between a client and a server.

Proxy.jar is not aware of the underlying application protocol. It simply dumps the complete communication stream including content and headers. This
means, you can use the application to analyze traffc of any protocol e.g., SMTP,
LDAP, HTTPS, etc. Proxy.jar can also be used as a simple port forwarding proxy

if you need to go through a different port to test a CQ5 instance.


Note: Proxy.jar can be used to:

Check for cookies and their values Check for HTTP request and response headers and their values
Check if "Keep-Alive" works

Find lost requests


Find hanging requests

In this example, we will install proxy.jar between the browser client and CQ5.
To successfully complete and understand these instructions, you will need:
A running CQS Author instance

proxy.jar from -(lnstalIDir /crx-quickstart/opt/helpers proxytext.zip content package containing a sample template for use with
proxy.jar

Install the Proxy Test Template


1. Open the CRX Content Explorer Console of your instance

http://localhost:4502/crx
2. Login as admin.

World Standard Softare to Unify Your Business ww.day.com137


Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

The available parameters are:


Parameter
host
remote port
local port

Description
Host of running C05 instance, e.g. "Iocalhost'

The port used by CQ5 instance on which proxy. jar wil forward all
requests.. e.g. "4502".
on which proxy. jar is listening.

e.g. "44",

The available options are:


Option
~q

Decription
Quiet Mode
Use it if you don't want proxy.jar to

send its output to the console (since

outputtng to the console slows down the connection), you can redirect the
output to a log file with this option.
~b

Binary Mode
This

output wil

option helps you look for specfic byte combrnations in the traffic. The contain hexadecimal and cnaraceroutput.

-t

log entries

seconds. This may not be suitable for

option adds a timestamps to each log entry. The time resolution is in checking single requests. Use the Timestamps option if you run proxy .j ar over a longer time period.

-Iogfle dlename;:

Write to a log file

Dumps the conversation into a log file, even if in "Quiet Mode -q".

-I c:umlndention~

Add Indention
For better readabilty, each active connecion gets. indented. If the default 16 levels do not suit you fine, you can change the amount by adding the
..umlndentions;: you want.

2. Start up proxy.jar with the following command:


java -jar proxy.jar local

host 4502 4444 -Iogfile proxytest.log

World Standard Softare to Unify Your Business ww.dav.com139


Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.2 20101005

3. Open the log file proxytest.log and analyze a section of log entries. Keep in

mind that we used a simple script displaying some text and a .png image. So
we should see two connections for this related request. Any other connections

are the result of the welcome page and authentication mechanism.


Startup Info:
Starting proxy for localhost: 4502 on port 4444 using logfile: /cq5/author/crx-quickstart/opt/helpers/proxytest. log

The start of the first connection (0) requesting the main HTML page. The HTTP header fields are listed:
C-O-#OOOOOO -~ (GET /proxytest.html HTTP/I.l ) C-0-#000030 -~ (Host: localhost:4444 ) C-0-#000052 -~ (USer-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5;

en-US;
rv:I.9.lb3) Gecko/20090305 Firefox/3.lb3 )

C-0-#00016I -~ (ACcept: text/html, application/xhtml+xml, application/


xml; q=O. 9 , * / * ; q=O . 8 ) C-0-#000234 -~ (Accept-Language: en-us,en;q=0.7,fr;q=0.3 ) C-0-#000276 -~ (ACcept-Encoding: gzip,deflate ) C-0-#000307 -~ (ACcept-Charset: ISO-8859-I,utf-8;q=0.7,*;q=0.7

The client requests a "Keep Alive" connection (wants to send multiple requests over the same connection):
C-0-#000355 -~ (Keep-Alive: 300 ) C-0-#000372 -~ (Connection: keep-alive

This proxy tool is also useful to verify if cookies are properly set or not. Here
we see a generated cookie named JSESSIONID. This cookie is automatically

created if not explicitly denied in the JSP script using


o(%(Q page session="false" ?:

C-0-#000396 -~ (Cookie: clickstreamcloud=marketing: interest/product=l3,


marketing: interest/ business=63, marketing: interest/ investor=58 , marketing: interest/servic)

C-0-#000537 -~ (es=46 ,marketing: interest/employment=6;


ys-cq-cf -c lipboard=o% 3Acollapsed % 3Db%2 53AI; ys-cq-cf-east=o% 3Acollapsed% 3Db

%253AI;

ys-cq-cf-tabpanel=o)
C-0-#00067 8 -~ (%3AactiveTab%3Ds%253AcfTab-Images;

World Standard Softare to Unify Your Business ww.day.com141


Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

S-1-Finished: 22899 bytes (1.0 kb/s)

C-1-Finished: 6271 bytes (0.0 kb/s)


S-O-Finished: 138895 bytes (6.0 kb/s) C-O-Finished: 7398 bytes (0.0 kb/s)

The above exercise is simple and the log entries should be easy to analyze,
since the two connections occur one after the other (first HTML request, then

the browser realizes that it has an image to request and opens a second connection). Generally, a normal page generates many parallel requests for
images, css, javascript files, etc., each of which are referenced within the HTML

stream. So the log entries will overlap on parallel open connections. In that case, it's recommended to start the proxy with option "-i", (add indentions) to
get better readability.
Congratulations! You have successfully analyzed a conversation between a CQ5

browser client and the CQ5 server.

World Standard Softare to Unify Your Business ww.dav.com143


Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

As with any upgrade, you should carefully consider value versus risk for your
deployment. This includes testing the planned upgrade to ensure it passes your acceptance tests.

What will be Upgraded


The repository upgrade, as recommended here, has the following effect on the
system. The following are upgraded:
Infrastructure: CRX Repository with all repository management and

development tools
CQS Platform: CRXDE support package for CRXDE Lite and CRXDE

The following are not upgraded:


Apache Sling and Apache Felix framework

None of the CQ5 application components (bundles); with the exception of


the CRXDE support package

The recommendation not to upgrade the Apache Sling and Felix frameworks, or any other application components, ensures that the stability of the CQ5

application as a whole is retained by minimizing the changes.


The following are removed:

CRXDE Lite was a separate web application in CQ 5.3 (CRX 2.0). It is now
integrated into the main CRX web application.

World Standard Softare to Unify Your Business ww.day.com145


Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

~..~~ ~1;:IIOtl~AG. "'~..""


12. Using the CQSE admin console, Stop the CRX Launchpad application

13. Stop and Remove both:


Icrxde (the CRXDE application) Icrx (the CRX application)
14. Add a new:

Icrx
referencing the following file from the unpacked CRX 2.1:
crx-quickstart/ server /webapps / crx-explorer _crx.war

World Standard Softare to Unify Your Business www.day.com147


Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

5. Restart CQ to ensure that all OSCi bundles have been started.


NOTE
In case of problems with CQ startup, please open the Apache Felix Web Management

Console (http://-:host:; :-:port:; /system/console) and check if all the bundles have been
started. If a restart does not help, please start the bundles manually.

15. Confirm the upgrade of CRX by

accessing:

CRX
for example, http://localhost:4502 /crx /index.jsp The version details on the welcome screen will now show 2.1.
CRXDE Lite

for example, http://localhost:4502 /crxdel


The version details on the welcome screen will now show 2.1.

CQ
use CQ to access your content, check everything is operating as expected.
CAUTION
You must test the operation of the upgraded instance; highly customized

items may need to be upgraded separately.


NOTE
CRXDE Lite is now bundled with CRX (and not a separate webapp), access

using /crxde; for example, http://localhost:4502/crxdel).

World Standard Softare to Unify Your Business ww.day.com149


Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

sudo In -s dispatcher-apache2.2-4.0.6.so mod_dispatcher.so

After doing so you will be able to see in the finder the file
mod_dispatcher.so in the /usr/libexec/apache2/ folder

indude
!ib Hbexec
II airportd

apache2 dispat cher-apadie2, 2 -4,0,6.50

Apr 20, 20lD 9:02 AM Mar 19, 2010 4:09 I'M Apr 20, 20lD 9:02 AM Apr 20, 2010 9:07 AM Feb 11,2010 3:34 AM Today, 1:44PM
Today, 136 PM
Oct 16,2009 5:11 AM

hupd.exp
II Ubphp5,so

II mod_actionsso

Feb 11, 20lO 5:32 AM Dec 9, 20097:25 I'M


Dec 9. 2009 7:25 PM

II mod_aHauo
II mod_as,so
II mod_auth_basic50
II mod3lUlh_digesi.SO

II mcd_aUlhIUIMll,SO
II mod_auth,ullx:Lso

Dec 9,20097:25 I'M Dec 9, 2009 725 PM Dec 9, 2009 725 PM Dec 9, 2009 725 PM
Dec 9, 2009 7:25 PM
Dec 9. 2009 7:25 PM

II mod_authn_dbm"o
II mO(Cauthn_defaulLSo
II mod_aulhn_fe,so

Dec 9.20097:25 PM
Dec 9, 2009 7:25 PM

II m()tauthz_dbm,so
II mod_aulhz_defauILSO

Dec 9. 2009 7:25PM


Dec 9. 2009 7:25PM

18.Next, in the finder window of /private navigate to /private/etc/apache2

and copy the dispatcher.any file from the unpacked dispatcher archive to
this location.

Configuring httpd.conf
Tell Apache about the Dispatcher. In the folder /private/etc/apache2 you will

find the httpd.conf file (we are using the default apache server that comes with
MacOS X). You can also use the httpd.conf file attached that comes with the

dispatcher archive from the USB memory stick.

Follow the instructions in Exercise - Add the Dispatcher to the Apache WebServer with the following exceptions:

World Standard Softare to Unify Your Business www.day.com151


Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.2 20101005

The http server process has to have read/write access to that folder in order to write the cache files. You can of course choose another folder but then you have to be sure that the httpd server daemon has read and write access to it (chown,
chgrp).

1. You must create this folder using a terminal window. Enter the following

commands:
cd / Library /WebServer /

then this
mkdir cache

2. Change the owner and the group of the cache folder


sudo chown _www cache
sudo chgrp _www cache

Restart Apache
1. Launch your system preferences

2. Then click sharing in the internet and wireless group of preferences


3. Then launch the webserver by clicking Web sharing. Your apache webserver will be running then on the port 80.

If you see Web Sharing already running, stop it and relaunch it so that your
Apache server can get the new configuration loaded

World Standard Softare to Unify Your Business ww.day.com153


Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.220101005

DO'Tan Name d.iy.com


Search Base

Admn Usef~1D adf~iif1

Password p.iS5

Contall

Importing Initial Users and Groups


We need a tool to help us import our initial groups and users into the LDAP

server so that we can test our CQ5 configuration. For that we will use the Apache Directory Studio.
We could use probably the LDAP Enabler application but then we would have to

enter everything by hand. The Apache Directory Studio lets us import Idif files.
NOTE

Actually, you can use any other application that allow you to import Idif files.
CAUTION
Don't close the LDAP Enabler application though, cause then you'll be shutting down the

LDAP server.

1. Copy the ApacheDirectoryStudio-macosx-..version;: .dmg file from ..USB;: /

distribution/MaclDAP to your Applications folder. Or you can download it from http://directory.apache.org/studiol .


2. Install the Directory Studio.

3. After launching Apache Directory Studio, configure the connection to the


LDAP server. Click on the yellow icon (Idap) in the left bottom corner of the appl cation.

World Standard Softare to Unify Your Business ww.dav_com 155


Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.2 20101005

Bind password: pass


Authentcation
Please select In oluthel1ti71eilto11 method and nput
authertifcJtior (Jat,L

8. Click on "Check Authenlication" in order to see if our parameters are defined

correctly. If the test is successful, a message should appear saying that "the authentication was successful".
9. If the was successful, click on Finish, all the other parameters used are defaults.
10. Our connection is verified and we can check the LDAP browser. The LDAP browser is will be partially hidden by the LDAP connection window so minimize the LDAP window or just click on the window that is underneath.
See figure below:

; Opel'Ciirinean

World Standard Softare to Unif Your Business ww.day.com157


Copyright 2010, Day Software AG, Switzerland Day Company Confidential Rev1.2 20101005