- Developing User Guide overview
- Introduction for Developers
- Getting Started Developing AEM Sites - WKND Tutorial
- AEM Core Concepts
- Structure of the AEM Touch-Enabled UI
- Concepts of the AEM Touch-Enabled UI
- AEM Development - Guidelines and Best Practices
- Using Client-Side Libraries
- Developing and Page Diff
- Editor Limitations
- The CSRF Protection Framework
- Data Modeling - David Nuescheler’s Model
- Contributing to AEM
- Security
- Reference Materials
- Create a Fully Featured Website (Classic UI)
- Designs and the Designer (Classic UI)
- Migration to the Touch UI
- Platform
- Sling Cheatsheet
- Using Sling Adapters
- Tag Libraries
- Templates
- Using the Sling Resource Merger in AEM
- Overlays
- Naming Conventions
- Creating a New Granite UI Field Component
- Query Builder
- Tagging
- Customizing Pages shown by the Error Handler
- Custom Node Types
- Adding Fonts for Graphic-Rendering
- Connecting to SQL Databases
- Externalizing URLs
- Creating and Consuming Jobs for Offloading
- Configuring Cookie Usage
- How to programmatically access the AEM JCR
- Integrating Services with the JMX Console
- Developing the Bulk Editor
- Developing Reports
- Components
- Core Components
- Style System
- Components Overview
- AEM Components - The Basics
- Developing AEM Components
- Developing AEM Components - Code Samples
- JSON Exporter for Content Services
- Enabling JSON Export for a Component
- Image Editor
- Decoration Tag
- Using Hide Conditions
- Configuring Multiple In-Place Editors
- Developer Mode
- Testing Your UI
- Components for Content Fragments
- Obtaining Page Information in JSON Format
- Internationalization
- Classic UI Components
- Headful and Headless in AEM
- Headless Experience Management
- Headless and AEM
- Headless Journeys
- Headless Developer Journey
- Understand Headless in AEM
- Learn about CMS Headless Development
- Getting Started with AEM Headless as a Cloud Service
- Path to your first experience using AEM Headless
- How to model your content as AEM Content Models
- How to access your content via AEM delivery APIs
- How to update your content via AEM Assets APIs
- How to put it all together
- How to go live with your headless application
- Optional - How to create single page applications with AEM
- Headless Content Architect Journey
- Headless Developer Journey
- Getting Started Guides
- Content Fragments
- Headless Delivery with Content Fragments and GraphQL
- Working with Content Fragments
- Enable Content Fragment Functionality for your Instance
- Content Fragment Models
- Managing Content Fragments
- Variations - Authoring Fragment Content
- Markdown
- Using Associated Content
- Metadata - Fragment Properties
- Structure Tree
- Preview - JSON Representation
- Delivery API
- Assets HTTP API
- Content Fragments REST API
- Content Fragments GraphQL API
- Managing GraphQL Endpoints
- Using the GraphiQL IDE
- Persisted Queries
- Optimizing GraphQL Queries
- Updating your Content Fragments for optimized GraphQL Filtering
- Authentication for Remote AEM GraphQL Queries on Content Fragments
- AEM GraphQL API with Content Fragments - Sample Content and Queries
- Hybrid and SPA AEM Development
- Hybrid and SPA with AEM
- SPA Introduction and Walkthrough
- SPA WKND Tutorial
- Getting Started using React
- Implementing a React Component for SPA
- Getting Started using Angular
- SPA Deep Dives
- Developing SPAs for AEM
- SPA Editor Overview
- SPA Blueprint
- SPA Page Component
- Dynamic Model to Component Mapping for SPAs
- SPA Model Routing
- The RemotePage Component
- Editing an External SPA within AEM
- Composite Components in SPAs
- SPA and Server-Side Rendering
- Enabling JSON Export for a Component
- Launch Integration
- SPA Reference Materials
- Development Tools
- Development Tools
- AEM Modernization Tools
- Dialog Editor
- Dialog Conversion Tool
- Developing with CRXDE Lite
- Managing Packages Using Maven
- How to Develop AEM Projects Using Eclipse
- How to Build AEM Projects using Apache Maven
- How to Develop AEM Projects using IntelliJ IDEA
- How to use the VLT Tool
- How to use the Proxy Server Tool
- AEM Brackets Extension
- AEM Developer Tools for Eclipse
- AEM Repo Tool
- Personalization
- Extending AEM
- Extending AEM using Adobe Developer App Builder
- Customizing Page Authoring
- Customizing the Consoles
- Customizing Views of Page Properties
- Configuring your Page for Bulk Editing of Page Properties
- Customizing and Extending Content Fragments
- Content Fragments Configuring Components for Rendering
- Experience Fragments
- Extending Workflows
- Extending the Multi Site Manager
- Tracking and Analytics
- Cloud Services
- Creating Custom Extensions
- Forms
- Integrating Services with the JMX Console
- Developing the Bulk Editor
- Extending Classic UI
- Testing
- Best Practices
- Best Practices Overview
- AEM Development Guidelines and Best Practices
- Development Best Practices
- Content Architecture
- Software Architecture
- We.Retail Reference Implementation
- We.Retail Reference Implementation
- Trying out Content Fragments in We.Retail
- Trying out Core Components in We.Retail
- Trying out Editable Templates in We.Retail
- Trying out Responsive Layout in We.Retail
- Trying out the Globalized Site Structure in We.Retail
- Trying out Experience Fragments in We.Retail
- Coding Tips
- Code pitfalls
- OSGI Bundles
- JCR Integration
- Code Samples
- Troubleshooting Slow Queries
- Mobile Web
AEM Development - Guidelines and Best Practices
Guidelines for Using Templates and Components
Adobe Experience Manager (AEM) components and templates comprise a powerful toolkit. They can be used by developers to provide website business users, editors, and administrators with the functionality to adapt their websites to changing business needs (content agility). All this while retaining the uniform layout of the sites (brand protection).
A typical challenge for a person responsible for a website, or set of websites (for example, in a branch office of a global enterprise), is to introduce a new type of content presentation on their websites.
Let us assume there is a need to add a newslist page to the websites, which lists extracts from other articles already published. The page should have the same design and structure as the rest of the website.
The recommended way to approach such a challenge would be to:
- Reuse an existing template so you can create a type of page. The template roughly defines page structure (navigation elements, panels, and so on), which is further fine-tuned by its design (CSS, graphics).
- Use the paragraph system (parsys/iparsys) on the new pages.
- Define access right to the Design mode of the paragraph systems, so that only authorized people (usually the administrator) can change them.
- Define the components allowed in the given paragraph system so that editors can then place the required components on the page. In this case, it could be a list component, which can traverse a subtree of pages and extract the information according to predefined rules.
- Editors add and configure the allowed components on the pages they are responsible for, to deliver the requested functionality (information) to the business.
This illustrates how this approach empowers the contributing users and administrators of the website to respond to business needs quickly, without requiring the involvement of development teams. Alternative methods, such as creating a template, are usually a costly exercise, requiring a change management process and involvement of the development team. This makes the whole process longer and costly.
The developers of AEM-based systems should therefore use:
- templates and access control to paragraph system design for uniformity and brand protection
- paragraph system including its configuration options for flexibility.
The following general rules for developers make sense in most usual projects:
- Keep the number of templates low - as low as the number of fundamentally different page structures on the web sites.
- Provide the necessary flexibility and configuration capabilities to your custom components.
- Maximize use of the power and flexibility of the AEM paragraph system - the parsys & iparsys components.
Customizing Components and Other Elements
When creating your own components or customizing an existing component, it is often easiest (and safest) to reuse existing definitions. The same principles also apply to other elements within AEM, for example, the error handler.
This can be done by copying and overlaying the existing definition. In other words, copying the definition from /libs to /apps/<your-project>. This new definition, in /apps, can be updated according to your requirements.
See Using Overlays for more details.
For example:
-
This involved overlaying a component definition:
-
Create a component folder in
/apps/<website-name>/components/<MyComponent>by copying an existing component:-
For example, to customize the Text component copy:
- from
/libs/foundation/components/text - to
/apps/myProject/components/text
- from
-
-
-
Customizing pages shown by the Error Handler
This case involves overlaying a servlet:
-
In the repository, copy one or more default scripts:
- from
/libs/sling/servlet/errorhandler/ - to
/apps/sling/servlet/errorhandler/
- from
-
Do not change anything in the /libs path.
The reason is because the content of /libs is overwritten the next time you upgrade your instance (and may well be overwritten when you apply either a hotfix or feature pack).
For configuration and other changes:
- copy the item in
/libsto/apps - make any changes within
/apps
When to use JCR Queries and when not to use them
JCR Queries are a powerful tool when employed correctly. They are appropriate for:
-
real end-user queries, such as fulltext searches on content.
-
occasions where structured content must be found across the entire repository.
In such cases, make sure that queries only run when required. For example, on component activation or cache invalidation (as opposed to, for example, Workflows Steps, Event Handlers that trigger on content modifications, and Filters).
Never use JCR Queries for pure rendering requests. For example, JCR Queries are not appropriate for the following:
- rendering navigation
- creating a “top 10 latest news items” overview
- showing counts of content items
For rendering content, use navigational access to the content tree instead of performing a JCR Query.
If you use the Query Builder, you use JCR Queries, as the Query Builder generates JCR Queries under the hood.
Security Considerations
It is also worthwhile to reference the security checklist.
JCR (Repository) Sessions
Use the user session, not the administrative session. This means you should use:
slingRequest.getResourceResolver().adaptTo(Session.class);
Protect against Cross-Site Scripting (XSS)
Cross-site scripting (XSS) allows attackers to inject code into web pages viewed by other users. This security vulnerability can be exploited by malicious web users to bypass access controls.
AEM applies the principle of filtering all user-supplied content upon output. Preventing XSS is given the highest priority during both development and testing.
Also, a web application firewall, such as mod_security for Apache, can provide reliable, central control over the security of the deployment environment and protect against previously undetected cross-site scripting attacks.
Example code provided with AEM may not itself protect against such attacks and generally relies on request filtering by a web application firewall.
The XSS API cheat sheet contains information that you must know to use the XSS API and make an AEM app more secure. You can download it here:
The XSSAPI cheat sheet.
Securing Communication for Confidential Information
As for any internet application, make sure that when transporting confidential information
- traffic is secured through SSL
- HTTP POST is used if applicable
This applies to information that is confidential to the system (like configuration or administrative access) and information confidential to its users (like their personal details)
Distinct Development Tasks
Customizing Error Pages
Error pages can be customized for AEM. This is advisable so that the instance does not reveal sling traces on internal server errors.
See Customizing Error Pages shown by the Error Handler for full details.
Open Files in the Java™ Process
Because AEM can access many files, it is recommended that the number of open files for a Java™ process be explicitly configured for AEM.
To minimize this issue, development should ensure that any file opened is correctly closed when (meaningfully) possible.
Resources
Adobe Account
