Enable Run-Mode Specific Servlets in AEM
Servlets are one of the important building blocks of the AEM system to enable the AEM system interacts with external applications, servlets can expose data with external applications also data to be consumed by the Font-End layer.
Some of the time, we may have the use case to enable the servlets based on the run mode(author, publish, etc)of the AEM server, for example, the servlet should be enabled only in the servers with run mode publish or should be enabled only in servers with run mode dev.
In this tutorial, let us see the details on enabling the Servlets in AEM based on the run mode. …
Register Servlets Dynamically in AEM
Most of the time while working on the project we will have scenarios to dynamically register the servlets with different resource types, selector and extension, etc — registering the same servlet with different resource types, selector, extensions, etc.
Let's assume we have a servlet that is registered with a specific resource type but later we have a requirement to enable the same servlet for a different resource type, one of the common options is modifying the source code to enable the additional resource types. The code change might not be the optimal solution in most cases.
In this tutorial, let us see the simple approach to register the servlets dynamically with different resource types, selectors, and extensions. …
Deserialization vulnerability protection in Java
Serialization/Deserialization
Serialization is a mechanism of converting the state of an in-memory object into a byte stream — e.g. storing the object into a file
Employee emp= new Employee();
String filename = "employee.ser";FileOutputStream file = new FileOutputStream(filename);
ObjectOutputStream out = new ObjectOutputStream(file);out.writeObject(emp);out.close();
file.close();
Deserialization is the reverse process where the byte stream is used to recreate the actual Java object in memory.
String filename = "employee.ser";FileInputStream file = new FileInputStream(filename);
ObjectInputStream in = new ObjectInputStream(file);Employee emp= (Employee)in.readObject();in.close();
file.close();
A Java object is serializable if its class or any of its superclasses implements either the java.io.Serializable interface or the java.io.Externalizable …
Expose a Local Server to the Internet Without any Additional Tools
Most of the time Developers will have the scenario to access the servers running on local machines externally through the internet.
In this tutorial, let us see how to expose the local server to the Internet without using any additional tools in the windows system.
I am running an Apache Server on a Local machine on port number 8085 and the machine is connected to the internet through a WIFI router(Motorola)
Configure Router
By default the routers restruconfigure the router to allow the internet traffic to the specific internal port(8085).
The Router management UI can be used to define the forwarding rules to forward the traffic from external IP’s to internal IP’s on a specific port. …
Enable XSS protection for Java
Cross-site scripting (XSS) allows attackers to inject code into web pages viewed by other users. This security vulnerability can be exploited by malicious web users to bypass access controls.
The actual attack occurs when the victim visits the web page or web application that executes the malicious code. The web page or web application becomes a vehicle to deliver the malicious script to the user’s browser.
Most of the time the malicious scripts are injected through
- URL Parameters
- FORM Parameters (GET and POST parameters)
- Cookies
- HTTP Headers
To mitigate the XSS scripting issue, the input and output data should be escaped and filtered, mainly the output. Escaping and filtering are critical, escape any output data sent to the browser. Preventing XSS is the highest priority during both development and testing. …
Aspect-Oriented Programming(AspectJ) with Adobe Experience Manager(AEM)
What is AOP?
Aspect-oriented programming (AOP) is a programming paradigm that aims to increase modularity by allowing the separation of cross-cutting concerns. It does so by adding additional behavior to the existing code (an advice) without modifying the code itself, instead separately specifying which code is modified via a “pointcut” specification, such as “log all function calls when the function’s name begins with ‘set’”. This allows behaviors that are not central to the business logic (such as logging) to be added to a program without cluttering the code, core to the functionality.
Aspect-Oriented Programming provides a solution to implement Cross-Cutting Concerns.
- Implement the cross-cutting concern as an aspect. …
Enable user-friendly URLs for websites through Apache HTTPD Server.
A user-friendly URL is a Web address that is easy to read and includes words that describe the content of the webpage.
Defining the user-friendly URL is the best practice also the recommendation for SEO, the user-friendly URL’s helps to hide the complex internal URL’s from the end-users and search engines. These URLs help visitors to remember web addresses, which they can easily type to access the page.
For example, the long URL /test/en/pdp/book.html?id=123 should be changed to the user-friendly URL /en/book/123
The Apache URL Rewriting (mod_rewrite) along with PT(PassThrough) flag helps to define the user-friendly URL’s in Apache by hiding the complex and lengthy URL’s from end-users. …
In this tutorial let us discuss how to include content from different websites into the main website through Reverse Proxy
Reverse Proxy
A proxy server is an intermediary server that forwards requests for content from multiple clients to different servers across the Internet.
A reverse proxy server is a type of proxy server that typically sits behind the firewall in a private network and directs client requests to the appropriate backend server. A reverse proxy provides an additional level of abstraction and control to ensure the smooth flow of network traffic between clients and servers.
Common uses for a reverse proxy server…
Different approaches to tune the relevancy of the search results in Adobe Search and Promote
In this tutorial let us discuss the details on Search Relevance tuning in Adobe Search & Promote.
What is Search Relevance?
Relevance is the process of ranking the search result for a search based on content significance to the users. The Search engine applies the Ranking rules and Business rules to order the search result before sending back the result to the website users.
The search engines calculate the relevancy score for each of the matching documents and order the result based on the relevance score.
The relevancy of the search data can be modified following a different approach in Adobe Search & Promote, let us discuss different options. …
Set up local test domains and enable a trusted, self-signed certificate for quick, local testing
Most of the time, we’ll have domains other than the localhost to test the applications locally, and we’ll also need trusted self-signed SSL certificates.
Self-Signed Certificate
A self-signed certificate is a certificate that’s signed by the person creating it rather than a trusted certificate authority. The development servers can be enabled with self-signed certificates that’ll help us reduce the certificate cost and also the management overheads.
By default, the self-signed certificate throws a certificate-validation error when accessing the websites in browsers but will allow us to proceed to the actual pages by accepting the risk. In some cases, the self-signed certificates won’t help us test some of the browser functionalities that only work through valid SSL — e.g., …
About
