PDF Application Security

Adobe Experience Manager CRX White Paper
Adobe® Experience Manager CRX
A flexible platform promoting technical agility and tight integration
of services
Table of contents
2:OSGi: The ideal
framework for
composite content apps
2:JCR: The ideal
repository technology
for content
3:Give your
programmers a REST
4:Adobe Experience
Manager and CRX
Digital marketing has become a strategic imperative to success in attracting new customers and interacting
with current customers. To stay ahead of the digital marketing curve, businesses need content management
solutions that can meet the requirements of content authors, web designers, developers, and marketers. It’s no
longer enough to patch together a disjointed collection of document-centric and non-document-centric
applications that merely coexist on an app server. Today, it’s essential to have a unified platform that easily
integrates content with applications while leveraging open standards and enabling agile development to create
a diverse array of immersive experiences for customers.
Unlike other vendors, Adobe provides the ability to manage content and applications in an integrated fashion
on one platform, making it possible for applications to be deployed as easily as content. When applications and
content can be treated the same―deployed and managed on a single platform―they work better together.
This philosophy is what makes the Adobe Experience Manager (formally known as CQ) runtime solution, and
CRX, a powerful alternative to conventional patchwork content management systems. The Experience
Manager platform enables content specialists to create, manage, and optimize online experiences with agility
and ease to deliver immersive experiences across all digital channels.
Underpinning Experience Manager and the core components of Adobe Marketing Cloud is a sophisticated,
enterprise-grade content repository that offers unparalleled flexibility in the design and deployment of
Composite Content Applications. In a single cloud-ready package, CRX enables technical agility for faster time
to market and tight integration of services with support for all major web standards. CRX includes a time-tested
Java™ Content Repository (JCR) that supports JSR-283, with a highly modular Open Services Gateway Initiative
(OSGi) runtime environment based on Apache Felix and a representational state transfer (REST) application
development framework based on Apache Sling. Rich security capabilities are available at all levels of the
system to provide fine-grained access control over both content and functionality for users within and outside
your firewall. Authentication can occur via LDAP, native services, or any number of supported single sign-on
(SSO) modules.
Apache Sling
Web Development
Visitor Profile
UX Framework
Execution Runtime
Shared Runtime Deployment/
Content Platform
Big Data
Content Repository, JCR, Shared Cloud,
Transformations (Content Connectors)
Axle, Reporting, Predictive, Visitor Profiles
(Data Connectors)
Shared Cloud Infrastructure
Apache Felix
Major components of CRX
Apache Jackrabbit Oak
Big Data Infrastructure
OSGi: The ideal framework for composite content apps
At the heart of Adobe’s content management platform is the mature, proven OSGi runtime framework based
on Apache Felix. OSGi reduces complexity by providing a highly dynamic, modular architecture for composite
applications. The OSGi programming model realizes the promise of component-based development and
provides the following benefits.
Reduced complexity—With OSGi technology, you develop and deploy code and resources as modular
bundles that hide their internals from each other, communicating through well-defined APIs. The high degree
of encapsulation provided by bundles improves granularity and compositionality and provides robust
dependency resolution, improved control over visibility (superior to Java’s native package system), easier
debugging, and other benefits.
Greater reuse―The OSGi component model is inherently suited for code reuse.
Dynamism―The OSGi framework is highly dynamic. You can start or stop services when and as needed, and
you can hot-deploy new bundles. You can independently install, start, stop, update, and uninstall bundles at
any time, without taking the system down.
Easy deployment and management―OSGi is not just a standard for components. It also specifies how
components are installed and managed. The standardized management API (coupled with Adobe’s
management UI) makes it easy to exercise control over individual services. Also, you can hot-deploy individual
bundles into a live environment with no need to restart a server.
Transparency―Bundles and the services they implement are first-class citizens in the OSGi runtime
environment. You can stop parts of applications to debug a problem, or you can bring in diagnostic bundles.
Flexible versioning support―It’s often been said that OSGi technology solves some JAR issues—the problem
that library A works with library B version 1, but library C can only work with B version 2. With OSGi, all
bundles are explicitly versioned and can be mapped to multiple versions of the same library.
Simple―The core OSGi API comprises only one package with a few dozen classes.
Lightweight―The OSGi framework is small and efficient and allows the Adobe Experience Manager server
core to be relatively small and run in a reasonable amount of memory.
Flexible―Many frameworks take over the entire virtual memory. OSGi, on the other hand, can run standalone
or inside a Java EE application server.
Mature and widely used―OSGi started out in the embedded home automation market, but since 1998, it has
been used in many industries, including automotive, mobile telephony, industrial automation, and gateways.
The highly popular Eclipse IDE has run on OSGi since 2003. Eclipse is not required, however, for developing
bundles to run on the Experience Manager platform.
Widely supported by key industry players―OSGi standards are promulgated by some of the best known
names in the industry, such as Adobe (which has representation on the OSGi Alliance Working Groups), IBM,
Ericsson, Samsung, Motorola, Nokia, Siemens, Hitachi, and Deutsche Telekom.
JCR: The ideal repository technology for content
The growing popularity of content management applications makes it essential to have a common,
standardized API for content repositories. David Nuescheler, Adobe’s VP of enterprise technology, proposed an
open standard for content repositories in 2002, which became JSR-170 (now JSR-283). This widely accepted
standard, known as JCR, is the basis of Adobe’s content management technology.
CRX is based on the Apache Jackrabbit implementation of JCR and leverages Apache Sling under the covers as
an application framework. It also employs the popular Apache Lucene search engine. Thus, major portions of
the Adobe content platform are based on mature, actively developed open source projects. Adobe continues to
support these and other open source projects aggressively, and we invite participation by our customers, as well.
Adobe Experience Manager CRX White Paper
An important characteristic of JCR is that it is agnostic with respect to the types of data that can be stored in
the repository, such as structured versus unstructured, text versus binary, code versus content. Basically, JCR
implements a tree of nodes with associated properties. Data is stored in the properties, which can hold simple
values, such as numbers and strings, or binary data of arbitrary length. Nodes can optionally have one or more
types associated with them, and nodes can point to other nodes via a special reference type property. In this
way, nodes in JCR offer both referential integrity and an object-oriented concept of inheritance.
The repository uses a Persistence Manager to separate the implementation details of data persistence from the
concerns of the repository proper. By default, CRX uses the Tar Persistence Manager, which is transactionaware and highly optimized for JCR, yet agnostic with respect to file systems, operating systems, and hardware
platforms. However, if you prefer to persist data to a conventional database, you can use optional Persistence
Managers available for Oracle, IBM DB2, MySQL, or Microsoft SQL Server. Regardless of the Persistence
Manager you choose, the repository’s Lucene search engine natively supports SQL queries.
By providing an OSGi-based implementation of JCR, sitting under a RESTful application framework, CRX combines:
• The best features of an relational database management system (RDBMS), including referential integrity,
support for transactions, and the ability to run SQL queries against the search engine
• The best features of a file system, including support for binary files, structured and unstructured text, with a
natively hierarchical data model, support for locking, and highly configurable access control
• Easy HTTP access to any resource
• Native support for features not always found in other systems, such as full-text search indexing, versioning,
multivalue attributes, and an observation API for event-driven triggering of custom actions
Give your programmers a REST
Communication with the repository is RESTful, so everything in the repository can be resolved via a URL and
accessed over HTTP. REST is a particular style of software architecture for distributed systems. REST was
introduced and defined in 2000 by Adobe chief scientist Roy Fielding. It has come to be a major architectural
motif in modern web development.
REST is an important concept for the Adobe Experience Manager runtime because it allows sophisticated
content apps to be constructed using simple yet powerful programming techniques that favor the development
of highly dynamic, immersive web apps. The RESTful application framework for the Experience Manager
runtime is based on Apache Sling.
A JavaScript client library allows access to the content repository through Ajax. On the server side, CRX
supports server-side ECMAScript using the open source Mozilla Rhino interpreter, as well as more traditional
JSP development templating. Natively, JSPs are handled at runtime by Adobe’s own high-performance servlet
engine, but it’s possible to deploy the runtime server into popular app servers and servlet containers.
To develop custom web apps for CRX, you can use your preferred IDE or the web-based CRXDE Lite IDE that
ships with the product. CRXDE Lite is fully integrated with the repository, so you can develop and deploy OSGi
bundles, JSP code, HTML pages, or other resources, live directly from the development environment. Like
Experience Manager, CRXDE Lite is implemented as OSGi bundles and other artifacts that are stored in
the repository.
To ease troubleshooting and debugging, the Experience Manager runtime has a comprehensive logging
framework that provides various logging APIs, including SLF4J, Log4F, Apache Commons Logging, and OSGi
Log Service.
Adobe Experience Manager CRX White Paper
The Open-Development Trifecta
Open Architecture
Open Standards
Open Source
Adobe is committed to open architectures, open standards, and open source. Adobe Experience Manager CRX exemplifies our commitment
to this vision.
Adobe Experience Manager and CRX
Adobe Experience Manager runs on the CRX server as a set of composite content applications written as OSGi
bundles, JSPs, and HTML5 pages, with artifacts stored in the JCR. As such, Experience Manager is a good
example of the kinds of rich, highly dynamic and interactive content-based applications that can be supported
by the runtime platform.
Because the underlying platform provides its own web server and servlet container, as well as its own
persistence management, Experience Manager requires neither a Java EE application server nor an RDBMS. In
fact, Experience Manager (with CRX included) ships as a single, compact JAR file that self-unpacks into the
necessary artifacts to support the entire Experience Manager runtime environment—although it’s also easy to
deploy Experience Manager into a Java application server.
With Experience Manager, you typically deploy an authoring instance of the product in the enterprise tier
behind a firewall, and a production or web-facing instance outside the firewall. All instances of the product are
easily scalable using hot-join clustering, which takes just seconds to set up.
Adobe Experience Manager is a prime example of the types of sophisticated applications you can support
using the runtime architecture. This is one platform where the sky truly is the limit!
Unlocking value from content—whether the content is destined to be consumed via an intranet, mobile
platform, ordinary web page, or other application—means having powerful, standards-based tools that allow
you to store, version, analyze, repurpose, optimize, search, and control access to that content. CRX offers the
flexible, sophisticated platform needed to build, deploy, manage, and optimize content of all kinds as well as
the composite content applications that provide dynamic, immersive experiences for users.
Adobe is the industry leader in comprehensive solutions for digital marketing that support initiatives that
change the way organizations engage with their customers. Only Adobe has the rich design heritage required
to support engaging consumer experiences that are empowered by a mature enterprise platform built on
modern web standards. Adobe’s corporate mission is to change the world through rich digital experiences. Our
standards-based web experience management platform brings that mission to life for our enterprise customers.
Adobe Systems Incorporated
345 Park Avenue
San Jose, CA 95110-2704
Adobe and the Adobe logo are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States and/or other countries. Java is a trademark or
registered trademark of Sun Microsystems, Inc. in the United States and other countries. All other trademarks are the property of their respective owners.
© 2013 Adobe Systems Incorporated. All rights reserved. Printed in the USA.