Sunday 29 September 2019

Create Product sitemap in AEM

Creating Sitemap for an eCommerce website helps in indexing all the product pages by search engine crawlers.

Let's see how to create sitemap from an product index file.

Create a service config file
Create a scheduler
Create sitemap read and write service interface and implementation
Create models for parsing the index xml file

Sample XML file hosted on a server, we will be configuring this XML hosted URL in Scheduler 
xmlns:xs="" version="2.0">
<![CDATA[ AEM Quickstart by Kishore ]]>
<pubDate>02/28/2017 00:00:00.000000</pubDate>
<![CDATA[ Lorel Ipsum ]]>
<pubDate>02/28/2019 00:00:00.000000</pubDate>
<![CDATA[ Create Sitemap in AEM ]]>
<pubDate>03/28/2019 00:00:00.000000</pubDate>


Tuesday 24 September 2019

Access AEM servlet in postman

When you make a POST request to your local AEM author instance, the request will be filtered and restricted by "Apache Sling Referrer Filter" and "Adobe Granite CSRF Filter". Incoming POST requests without the CSRF-Token in the header will be blocked by "Apache Sling Referrer Filter" and "Adobe Granite CSRF Filter".

Steps to configure:

  • Navigate to ConfigMgr
  • Search for 'Apache Sling Referrer Filter'
  • Remove POST method from the filter.
  • Check "Allow Empty" checkbox and click on Save.

  • Search for "Adobe Granite CSRF Filter"
  • Remove POST method from the filter.
  • click on Save.

Click here to download postman and install.

Open Postman app and do the following steps.
  • Select method as POST
  • Enter AEM servlet URL.
  • Navigate to "Authorization" tab and enter username and password.
  • Enter required "Headers"

  • Enter request in the body tab and hit Send button.

XSS Protection for AEM Servlets:

Add XSS protection in AEM servlets using Apache Sling XSSAPI to avoid any scripts tag injected into request. This avoid any penetration issues.


XSSAPI xssapi = slingHttpServletRequestObj.adaptTo(XSSAPI.class); 
  String encodedAttr = xssapi.encodeForHTMLAttr(someUnsafeValue);

Default XSS configuration in AEM is available at /libs/cq/xssprotection/config.xml

Saturday 14 September 2019

Apache Sling's Request Processing Analyzer

AEM provides a console to check recent requests, by default only 20 requests can be seen which is a troublesome in production environment as we get millions of requests. We can update the default value, but it will be difficult when we get some millions of requests in production.

Recent requests in AEM:

Apache Sling provides a tool to analyze all the recent requests using "Request Processing Analyzer". To install this tool download the code from GitHub and run mvn clean install. Once build is success, we can see jar files in target folder. Install to AEM instance.

A log file requesttracker.txt is created in ${sling.home}/logs folder. To analyze this log file we need to run below command, which opens a graphical window
java -jar D:\CQ5\CQ5\AEM6.4\crx-quickstart\logs\requesttracker.txt

We can see below info in the window
  • Start time stamp in milliseconds
  • Request processing time in milliseconds
  • Request method
  • Request URL
  • Response content type
  • Response status
To analyze a specific request, click on it then we can see new window with more info.

We can see below info
  • Timestamp - shows the timestamp of each step that the request
  • Delta - time between each step
  • Message - shows info about which step is processed

Wednesday 4 September 2019

Creating Configuration Factory Service

This post talks about creating Configuration Factory service using OSGI R6 annotations. In order to create this service we need to create a Service Interface and Implementation class.

Let's create a interface to define the configurations

package com.aemquickstart.core.interfaces;

import org.osgi.service.metatype.annotations.AttributeDefinition;
import org.osgi.service.metatype.annotations.ObjectClassDefinition;

@ObjectClassDefinition(name = "AEM Quickstart Site Configs")
public @interface SiteConfigs {
  @AttributeDefinition(name="Site Id", description="Site ID")
     String getSiteId() default "aemquickstart";
  @AttributeDefinition(name="Site Name", description="Site Name")
     String getSiteName() default "AEM Quickstart";