adobe / aem-dispatcher-optimizer-tool Goto Github PK

View Code? Open in Web Editor NEW

13.0 8.0 9.0 382 KB

Analyze an AEM dispatcher module for misconfigurations.

Home Page: https://implementationdetails.dev/blog/2021/03/08/meet-the-aem-dispatcher-optimizer-tool/

License: Apache License 2.0

Dockerfile 0.03% Java 99.46% Shell 0.51%

aem adobe-experience-manager dispatcher apache-httpd

aem-dispatcher-optimizer-tool's Introduction

AEM Dispatcher Optimizer Tool

Analyze an AEM dispatcher module for violations of best practices, and report a list of actionable optimizations.

Goals

The dispatcher is a critical component of a secure, stable, and lightning fast AEM implementation. Unfortunately it is often an afterthought, and its large array of configurations can be overwhelming and easily misconfigured.

This repository offers a tool (implemented as both a Maven Plugin and standalone app) which performs static analysis of the dispatcher module of an AEM archetype based project. It can identify:

Syntax issues such as misplaced tokens, unmatched quotes, or missing files referenced from Include directives
Violations of best practices including checks for /filter deny rules, /statfileslevel, /gracePeriod and more

Don't agree with one of the rules? Wish there was a check for /propertyX? Use the extensible rules engine to augment (or completely replace) the core set of rules to meet your exact needs.

Non-Goals

This repository does not attempt to suggest or prescribe a one-size-fits-all configuration for the dispatcher. Due to the myriad use cases that AEM supports, it would be impossible to do so. Instead, we attempt to identify syntax issues and known violations of best practices that can, when corrected, make your AEM environment more resilient and performant.

Modules

core - Core code shared between the Plugin and App
app - Spring Boot app implementation and Dockerfile
plugin - Maven plugin implementation
plugin-it - Maven plugin integration tests

Build

mvn clean install

Use the Maven plugin

Refer to the Plugin README.

Use the standalone app

Refer to the App README.

Reading the code

Rules

The "core rules" can be found here: core-rules.json
The spec of the Rules file can be found here: Rules

Plugin

Entry point for the Maven plugin implementation: AnalyzerMojo

App

Entry point for the Spring Boot app implementation: DispatcherOptimizerApplication

Core

DispatcherConfiguration model class: DispatcherConfiguration
Test cases which exercise the core Parser code: ConfigurationParserTest
Test cases which exercise the core Rule Processor code: com/adobe/aem/dot/common/analyzer/rules

IDE Support

Install the Lombok plugin for your IDE

Releasing with Maven

Releasing only the parent pom

From the project root:

mvn -N -Darguments=-N release:prepare
mvn -N -Darguments=-N release:perform

Contributing

Contributions are welcomed! Read the Contributing Guide for more information.

Licensing

This project is licensed under the Apache V2 License. See LICENSE for more information.

aem-dispatcher-optimizer-tool's People

Contributors

Stargazers

Watchers

Forkers

avitripathy01 mkovacek mgoszczynski pollenshukla ashiq-ali mariusmocanu19 srinivasm13 ghas-results ckkovac

aem-dispatcher-optimizer-tool's Issues

Number of violations reported for a project built from latest AEM archetype

Expected Behaviour

Project built from latest AEM archetype doesn't report any issues.

Actual Behaviour

12 violations are reported

Steps to Reproduce

Generate AEM project using archetype with following arguments

mvn -B archetype:generate
-D archetypeGroupId=com.adobe.aem
-D archetypeArtifactId=aem-project-archetype
-D archetypeVersion=32
-D appTitle="My Site"
-D appId="mysite"
-D groupId="com.mysite"
-D aemVersion=6.5.7

Add dispatcher-optimizer-tool to dispatcher/pom.xml as per instructions in this repository
Set verbosity to FULL
Run mvn dispatcher-optimizer:analyze in dispatcher folder

Platform and Version

Apache Maven 3.8.3 (ff8e977a158738155dc465c6a97ffaf31982d739)
Maven home: /Applications/apache-maven-3.8.3
Java version: 1.8.0_301, vendor: Oracle Corporation, runtime: /Library/Java/JavaVirtualMachines/jdk1.8.0_301.jdk/Contents/Home/jre
Default locale: en_GB, platform encoding: UTF-8
OS name: "mac os x", version: "10.16", arch: "x86_64", family: "mac"

Logs taken while reproducing problem

[INFO] [Dispatcher Optimizer] Violations detected: 12
[INFO] [Dispatcher Optimizer] Details:
[INFO] Violation { severity=MAJOR, description='Include directive must include existing files. Check path, or use IncludeOptional.', context='Include directive must include existing files. Check path, or use IncludeOptional.' }
[INFO] Violation { severity=MAJOR, description='Include directive must include existing files. Check path, or use IncludeOptional.', context='Include directive must include existing files. Check path, or use IncludeOptional.' }
[INFO] Violation { severity=MAJOR, description='The Dispatcher publish farm cache should have its ignoreUrlParams rules configured in an allow list manner.', context='Farm "publishfarm" has its farm.cache.ignoreUrlParams misconfigured.' }
[INFO] Violation { severity=MAJOR, description='The Dispatcher publish farm gracePeriod property should be >= 2.', context='Farm "publishfarm" has its farm.cache.gracePeriod misconfigured.' }
[INFO] Violation { severity=MAJOR, description='The Dispatcher publish farm filters should specify the allowed Sling suffix patterns in an allow list manner.', context='Farm "publishfarm" has its farm.filter misconfigured.' }
[INFO] Violation { severity=MAJOR, description='The Dispatcher publish farm filters should specify the allowed Sling selectors in an allow list manner.', context='Farm "publishfarm" has its farm.filter misconfigured.' }
[INFO] Violation { severity=MAJOR, description='Include directive must include existing files. Check path, or use IncludeOptional.', context='Include directive must include existing files. Check path, or use IncludeOptional.' }
[INFO] Violation { severity=MAJOR, description='Include directive must include existing files. Check path, or use IncludeOptional.', context='Include directive must include existing files. Check path, or use IncludeOptional.' }
[INFO] Violation { severity=MAJOR, description='The Dispatcher publish farm cache should have its ignoreUrlParams rules configured in an allow list manner.', context='Farm "publishfarm" has its farm.cache.ignoreUrlParams misconfigured.' }
[INFO] Violation { severity=MAJOR, description='The Dispatcher publish farm gracePeriod property should be >= 2.', context='Farm "publishfarm" has its farm.cache.gracePeriod misconfigured.' }
[INFO] Violation { severity=MAJOR, description='The Dispatcher publish farm filters should specify the allowed Sling suffix patterns in an allow list manner.', context='Farm "publishfarm" has its farm.filter misconfigured.' }
[INFO] Violation { severity=MAJOR, description='The Dispatcher publish farm filters should specify the allowed Sling selectors in an allow list manner.', context='Farm "publishfarm" has its farm.filter misconfigured.' }

Optionally break the build if a certain quality gate is missed

Please allow to configure a quality gate in the Maven plugin. The quality gate should consist out of one or more severities (https://github.com/adobe/aem-dispatcher-optimizer-tool/blob/main/core/src/main/java/com/adobe/aem/dot/common/analyzer/Severity.java) connected with a threshold (number of issues in that severity which are still acceptable).
That allows to enforce some best practices without someone manually looking at the report. Particularly useful for CI builds.