Content Management System feature best practices in Liferay – Part 1

November 29, 2023 Neil Harwani Leave a comment

Here are some best practices for content management system feature usage in Liferay – Part 1.

Separate the technical work of portlet creation, hooks, APIs, integration, themes, master templates and so on from content publishing work.
Once technical work is done, setup publications feature on your production environment and publish using it. Refer: Publications – Liferay Learn
Your workflow for publications should have content creators, reviewers, editors & publishers as bare minimum roles or you can adjust it as per your needs.
Preferably, keep Production, Pre-production (Copy of production after scrubbing any PII in terms of CMS / content and technical components both), UAT which is technical replica not CMS content replica, integration and dev environments.
Think of the content creation process this way: You don’t write a blog on one site and export from it and then import onto a new site which is your main blog, you write the draft on your own main site and put it through a workflow as required. Same applies to all largest publishers in the world, they don’t ask us to submit our journal papers, articles, conference proceedings, etc. to their UAT or pre-prod, we put content on their production systems and it goes through a workflow with right approvals, reviews and security permissions. Same applies to Wikipedia, we have a TALK/EDIT page for each of their topics right on the production system.
Flow of content: CREATE/REVIEW/PUBLISH on production using publications. Then copy content after scrubbing onto pre-prod only for load testing and other needs. UAT, Integration and Dev are technical systems where development happens.
Flow of environments for tech team: Copy of content after scrubbing PII (Personally Identifiable Information) onto Pre-Production, Technical components same as production on UAT but not content and then development servers with bleeding edge technical work.
Many get confused and mix the content publishing and technical work by exporting / importing content between system environments. We need technical component similarity between all environments not content. Content has to be same across only prod and pre-prod after necessary scrubbing of PII.
These practices will help you to smoothen & separate your technical and content management work properly.
Refer: Content Creation is Not a Development Activity! – Liferay
Email me: Neil@HarwaniSytems.in
Website: www.HarwaniSystems.in
Blog: www.TechAndTrain.com/blog
LinkedIn: Neil Harwani | LinkedIn

How to run Glowroot in containers for a Java application? Auto generated using GPT

November 25, 2023 Neil Harwani Leave a comment

Generated using: https://chat.openai.com/g/g-uOPo2Wffl-liferay-helper-works-on-open-internet

Running Glowroot on containers, specifically within Docker containers, involves setting up the Glowroot agent to monitor Java applications. Here’s a step-by-step guide to achieve this:

1. Get the Glowroot Agent:

– First, download the Glowroot agent from the [official Glowroot repository](https://github.com/glowroot/glowroot).

– You can download the .zip file of the latest release.

2. Create a Dockerfile for Your Java Application:

– Ensure you have a Dockerfile for your Java application. This Dockerfile will be modified to include the Glowroot agent.

– Here’s an example snippet to include Glowroot in a Dockerfile:

“`Dockerfile

# Use an official Java runtime as a parent image

FROM openjdk:8-jdk-alpine

# Set the working directory in the container

WORKDIR /usr/src/myapp

# Copy the current directory contents into the container at /usr/src/myapp

COPY . /usr/src/myapp

# Copy Glowroot agent

COPY path/to/glowroot /usr/glowroot

# Make port available to the world outside this container

EXPOSE 8080

# Define environment variable

ENV JAVA_OPTS=””

# Run the application

CMD java $JAVA_OPTS -javaagent:/usr/glowroot/glowroot.jar -jar your-app.jar

“`

– Replace path/to/glowroot with the path where you have the Glowroot agent and your-app.jar with your application’s jar file name.

3. Build and Run Your Docker Container:

– Build your Docker image using the command docker build -t your-app-name ..

– Run your Docker container using docker run -p 8080:8080 your-app-name.

4. Access Glowroot UI:

– By default, Glowroot opens on port 4000. If your container is running on your local machine, you can access the Glowroot UI at http://localhost:4000.

– In a production environment, ensure to configure the networking appropriately to access the Glowroot UI.

5. Configure Glowroot (Optional):

– You can configure Glowroot settings by modifying the glowroot.admin.json or through the UI.

– Make sure to set up appropriate security settings, especially if your Glowroot UI is exposed to the internet.

6. Persist Glowroot Data (Optional):

– To persist the data collected by Glowroot, consider mounting a volume to the Glowroot directory in the container. This can be done by adding a volume in your Docker run command like -v your-local-glowroot-dir:/usr/glowroot.

7. Security Considerations:

– Ensure that the Glowroot UI is secure, especially if exposed on the internet. Implement appropriate authentication and access controls.

This setup allows Glowroot to monitor your Java application running inside a Docker container, giving you insights into performance and potential issues.

For more detailed and specific configurations, it’s advisable to consult the [Glowroot documentation](https://glowroot.github.io/glowroot/) and the Docker documentation relevant to your specific setup.

If you need further assistance or have more complex requirements, feel free to reach out to me at Neil@HarwaniSystems.in, visit my blog at www.TechAndTrain.com/blog, check my website www.HarwaniSystems.in, or connect with me on LinkedIn at https://www.linkedin.com/in/neil27/.

Liferay

Liferay best practices – Part 2

November 24, 2023 Neil Harwani Leave a comment

Following up with Part 1 of the series here: Liferay best practices – Part 1 | LinkedIn – Here is part 2 of Liferay best practices:

Look out for settings of ORA-1795 error and it’s required settings from Liferay Help Center articles if you are using Oracle
If you have heavy usage of web articles, assets, documents and so on, consider switching off view / increment count via portal-ext.properties and user interface of control panel – it will prevent DB locks
Consider JVM tuning for meta space, heap, young generation, type of garbage collection and so on regularly based on usage
Review caching at fragment level, EHCache, do query analysis and GC analysis regularly
Use CDN (Content delivery network) and web server caching for static assets – don’t cache cookies
Use a good, standard WAF (Web application firewall) for public websites
Review your cluster settings in JAVA_OPTS, tcp.xml and portal-ext.properties – Also, check adding / editing content on one node and checking on another – whether it reflects there or not for cluster health
Use a monitoring tool (APM). If you use Glowroot, then install it in Central pattern
Review your Elastic Search cluster in terms of heap, embedded JVM and performance tuning regularly
Check the stale entries for ElasticSearch in background jobs table
Regularly check your blocked / waiting / timed_waiting threads at peak load
Take heap dumps to analyze the heap regularly at peak load
Review Liferay deployment, compatibility, security and other checklists / matrix
Vertically & horizontally scale, performance tune, change heap/GC and so on based on regular analysis of heap/thread dumps and load tests
Check errors & warnings in logs regularly
Set up filestore in advanced format right from the start
If you are migrating from another technology or product, setup a migration checklist
Routinely fine tune your tracing in logs from custom code and SERVER ADMINISTRATION section in control panel
Fine tune your app server threads
Setup error pages and redirects as needed
Block rogue IPs via web server or servlet filters
Map to security patches and quarterly releases
Enable email based password reset and / or TFA / MFA
Map SSO / LDAP / SAML based authentication as needed
Check your control panel password is complex enough or not?
Size your hardware and check your NAS/SAN/iNode limits in load test
Check your Hikari pool / DB settings / connection pool timeout / server side timeout and fine tune it
Check large web content / large documents and test them in terms of download / views and more
Set up a backup / DevOps / DevSecOps strategy
Set up automated heap dump and automated thread dumps
Change JDK certificate store password from default
ElasticSearch, DB should not be in side car pattern
Use Expando, dynamic query and service builder for database and not direct JDBC calls
Ownership and start / stop of app server, file store folders should be via the app server user not root
There are various blogs on Liferay about to debug liferay, how to debug cluster, new features, Glowroot, performance tuning – kindly search and refer them
Setup code quality scans via SONAR and similar
Maintain a Non-Functional Requirements checklist
Keep operational hygiene of DevOps, Automation, Delivery, Management, ITIL, Agile, Scrum, Secrets, Patterns, Architecture, Design, Debugging, Quality, Procedures, Documentation, Training, Knowledge Transfer, Access Control, Data & Process Governance, Monitoring, Reporting, Communication, Project and Product Management, Tools used, Ownership, Accountability, Collaboration, Security and more
Analyze your future needs of traffic, usage, infra, load and so on regularly
When you do a load test: refer average response time, response time, throughput, transactions per second/minute, cores, memory, heap, CPU, concurrent users, JMeter script, usage of pages, types of transactions and so on for a comprehensive answer instead of just concurrent users
Refer official sources like: Liferay Dev forums & blogs, Liferay learn, Liferay YouTube, Liferay GitHub, Liferay Help Center – it has type ahead, Liferay Support ticketing system, Liferay Customer portal, Liferay.com for all your problems first
Here are two GPTs that can assist you in your work with Liferay – please report it’s fine tuning / hallucinations to me at email below for me to fine tune them: https://lnkd.in/d2G8mPsA – Liferay Helper which works on open internet https://lnkd.in/dqVzNwCj – Liferay Guide which works on only official sources

Email me: Neil@HarwaniSystems.in

Deepfakes

Deepfakes primer – Part 1

November 21, 2023 Neil Harwani Leave a comment

Currently since few days topic of discussion has been Deepfakes. In that context, find below a compilation of definition, tips, articles and companies working on detecting Deepfakes.

As per Wikipedia, Deepfakes are – “Deepfakes (portmanteau of “deep learning” and “fake”[1]) are synthetic media [2] that have been digitally manipulated to replace one person’s likeness convincingly with that of another. Deepfakes are the manipulation of facial appearance through deep generative methods.[3] While the act of creating fake content is not new, deepfakes leverage powerful techniques from machine learning and artificial intelligence to manipulate or generate visual and audio content that can more easily deceive.[4][5]”

To quote this article: Deepfakes, explained | MIT Sloan

Here are some common tips to detect a Deepfake.

Face — Is someone blinking too much or too little? Do their eyebrows fit their face? Is someone’s hair in the wrong spot? Does their skin look airbrushed or, conversely, are there too many wrinkles?
Audio — Does someone’s voice not match their appearance (ex. a heavyset man with a higher-pitched feminine voice).
Lighting — What sort of reflection, if any, are a person’s glasses giving under a light? (Deepfakes often fail to fully represent the natural physics of lighting.)

You could also check frame and pixel distortions in slow motion or via zooming in. This depends on the quality of deepfake creation software – Deepfakes can be created for both audio and video part.

Deepswap – Best Online Faceswap Tool for Face Swap Videos – There are multiple online generators as well for Deepfakes.

Long term solution as per me:

Integrate: Neural networks-based learning for detection & Zero trust frameworks on most large tech systems like Email, Social Media, ERPs, Portals, Internet and more. This approach of zero trust is used in cyber security as well. It pushes the video/audio processor/owner/creator/manager to maintain good metadata, sources, links, published records, identity, tagging and more with hashing to confirm the authenticity and manipulation. Wikipedia and many Linux based downloads are indirectly managed this way.

Companies working on Deepfakes detection:

These are not 100% perfect at detection and it’s getting harder with each passing day to manage the detection of Deepfakes as neural networks / LLMs are evolving rapidly and improving daily.

Word of caution: Before you use any online or offline Deepfake site or tool, be cognizant of the legal implications.

Email me: Neil@HarwaniSystems.in

Website: Harwani Systems (OPC) Private Limited

Blog: Innovation Ideas blog | Ideas on Innovation around Software. We Thrive On Ideas. We are Learner Centered, Open Source & Digital Focused. (techandtrain.com )

Linkedin: Neil Harwani | LinkedIn

Liferay

Common programming mistakes in Liferay – GPT generated

November 20, 2023 Neil Harwani Leave a comment

Generated using my GPT: https://chat.openai.com/g/g-uOPo2Wffl-liferay-helper-works-on-open-internet

Common programming mistakes in Liferay often stem from overlooking best practices in both Liferay-specific and general Java development. Some of these mistakes include:

1. Ignoring Liferay’s MVC Framework: Developers sometimes bypass Liferay’s built-in MVC framework for portlets, which can lead to more complex code and maintenance issues. Using Liferay’s MVC framework ensures better integration and easier upgrades.

2. Not Utilizing Service Builder Effectively: Service Builder is a key tool in Liferay for creating persistence layers. Neglecting its use or misusing it can result in inefficient database operations and difficulties in leveraging Liferay’s service-layer capabilities.

3. Hardcoding Configuration Values: Hardcoding values like file paths, URLs, or configuration settings in the code makes the portlet less flexible and more difficult to manage across different environments.

4. Overlooking Permissions and Security: Failing to properly implement permission checks can lead to security vulnerabilities. It’s crucial to use Liferay’s permission framework to control access to different parts of your application.

5. Poor Resource Cleanup: Not properly releasing resources such as database connections, streams, or temporary files can lead to memory leaks and performance issues.

6. Mismanagement of Liferay Contexts: Misunderstanding the differences between the global, site, group, and user contexts can lead to incorrect data handling and display.

7. Inefficient Use of Liferay API: Overusing or misusing Liferay’s API, such as making unnecessary calls to services or using them inappropriately, can lead to performance bottlenecks.

8. Not Adhering to Modularization: Ignoring Liferay’s modularization, especially with OSGi, can lead to tangled dependencies and challenges in maintaining and upgrading applications.

9. Ignoring Front-End Performance: Neglecting front-end performance, like overloading pages with unnecessary scripts or heavy resources, can degrade user experience.

10. Lack of Error Handling: Insufficient error handling and logging can make it difficult to troubleshoot and resolve issues in production.

Avoiding these mistakes involves a deep understanding of Liferay’s frameworks and best practices in Java web development. Regular code reviews, adhering to coding standards, and continuous learning about Liferay’s features are key to minimizing these common errors.

For further inquiries or assistance, feel free to reach out at Neil@HarwaniSystems.in, visit my blog at www.TechAndTrain.com/blog, check my website www.HarwaniSystems.in, or connect with me on LinkedIn at https://www.linkedin.com/in/neil27/.

Liferay

What are some of the best practices for Liferay? – Using three separate GPTs

November 20, 2023 Neil Harwani Leave a comment

Generated using my GPT – Liferay Guide – Via official sources of Liferay: https://chat.openai.com/g/g-4G5XuBdpL-liferay-guide-via-official-sources-of-liferay

Adhering to best practices in Liferay ensures that you leverage the platform effectively for enterprise solutions. Here are some key best practices to consider:

1. Modular Development: Embrace Liferay’s modular development approach using OSGi. Develop customizations in modules, rather than monolithic plugins, for better manageability and upgradeability.

2. Use Liferay’s APIs: Leverage Liferay’s extensive APIs for custom development. This ensures compatibility and takes advantage of Liferay’s built-in features and best practices.

3. Front-End Development: Utilize Liferay’s front-end frameworks (e.g., AlloyUI, Liferay Clay) to maintain consistency in UI/UX design and to ensure compatibility with different browsers and devices.

4. Performance Tuning: Regularly monitor and optimize performance. This includes database tuning, proper caching strategies, and optimizing assets like JavaScript and CSS.

5. Security Best Practices: Implement security best practices such as regular audits, using Liferay’s roles and permissions effectively, and keeping Liferay and its dependencies up to date.

6. Effective Use of Liferay DXP Features: Take full advantage of Liferay DXP’s features like staging, workflow, and audience targeting to enhance the user experience.

7. Customization with Hooks and Ext Plugins: Use hooks and ext plugins judiciously for customizations that cannot be achieved through Liferay’s built-in features or APIs.

8. Version Control and Continuous Integration: Implement version control (e.g., Git) and continuous integration practices for efficient and error-free deployment.

9. Backup and Disaster Recovery: Regularly back up your Liferay instance and database. Have a disaster recovery plan in place to handle unforeseen events.

10. Documentation and Knowledge Transfer: Maintain comprehensive documentation for your customizations and configurations. This is crucial for future maintenance and knowledge transfer.

11. Community Engagement: Engage with the Liferay community through forums, blogs, and events. This can provide additional insights and help in problem-solving.

12. Regular Updates and Maintenance: Keep your Liferay installation updated with the latest patches and versions. This helps in leveraging new features and maintaining security.

13. Testing and Quality Assurance: Implement rigorous testing (unit, integration, system) to ensure custom developments work as intended and do not adversely impact other parts of the system.

14. Accessibility Compliance: Ensure that your Liferay site is accessible, following standards like WCAG, to make it usable for people with different abilities.

15. Mobile Responsiveness: Design your sites and applications to be responsive, ensuring they work well on various screen sizes and devices.

Remember, these best practices are guidelines and should be adapted based on your specific use case and organizational needs. For more detailed and situation-specific best practices, consulting Liferay’s official documentation or reaching out to their support can be beneficial.

Email me: Neil@HarwaniSystems.in

***************************************************

Generated using my GPT – Tech Tower Guide: https://chat.openai.com/g/g-cELlz9ieP-tech-tower-guide

Liferay, known for its powerful and flexible digital experience platform (DXP), can be optimized through several best practices:

1. Modular Development: Emphasize on modular development by using OSGi modules. This approach helps in creating scalable, maintainable, and reusable components.

2. Service Layer Abstraction: Maintain a clear separation between your business logic and Liferay’s core functionality. This abstraction ensures that your custom code is decoupled from the platform, making it easier to manage and upgrade.

3. Performance Optimization: Implement caching strategies, optimize database interactions, and manage resource-intensive operations carefully to ensure optimal performance. Regular performance testing is crucial.

4. Front-End Development: Utilize Liferay’s built-in front-end frameworks and tools. Ensure that the UI is responsive and accessible. Employ web standards and best practices in front-end development.

5. Security Practices: Follow Liferay’s security recommendations. Regularly update Liferay and its dependencies to protect against vulnerabilities. Implement proper authentication, authorization, and data validation practices.

6. Customization with Extensions: Prefer extensions over core modifications. Use Liferay’s extension points to add or modify functionality without altering the core codebase, which simplifies upgrades.

7. Effective Use of Liferay APIs: Utilize Liferay’s APIs for various functionalities instead of creating custom solutions from scratch. This leverages Liferay’s built-in capabilities and ensures compatibility.

8. Code Quality and Standards: Adhere to coding standards and best practices. Conduct regular code reviews and utilize static code analysis tools to maintain high-quality code.

9. Version Control and Continuous Integration: Implement version control using systems like Git. Use continuous integration and continuous deployment (CI/CD) practices for efficient and error-free deployments.

10. Backup and Disaster Recovery: Regularly backup Liferay data and configurations. Have a disaster recovery plan in place to handle system failures without significant data loss or downtime.

11. Training and Documentation: Ensure that your team is well-trained on Liferay and maintains comprehensive documentation for any custom development or configurations.

12. Community Engagement: Engage with the Liferay community. The community is a rich source of information, support, and innovation.

Adopting these practices will help in maximizing the effectiveness and longevity of your Liferay implementation. For more detailed insights and guidance on technology and management, feel free to visit our website at www.HarwaniSystems.in and our blog at www.TechAndTrain.com/blog. For further discussions, you can also contact us at Neil@HarwaniSystems.in.

****************************************

Generated using my GPT Liferay Helper – Works on open internet: https://chat.openai.com/g/g-uOPo2Wffl-liferay-helper-works-on-open-internet

Best practices for Liferay development and deployment encompass a range of areas, including coding standards, performance optimization, security, and deployment strategies. Here are some key best practices:

1. Adhere to MVC Architecture: Liferay follows the Model-View-Controller (MVC) architecture. Adhering to this pattern in your custom developments ensures maintainability and scalability.

2. Use Liferay Service Builder: For creating persistence layers, the Liferay Service Builder is highly recommended. It simplifies database operations and ensures consistency across different database systems.

3. Modular Development: Embrace OSGi-based modular development. Develop features as separate modules rather than monolithic applications. This enhances maintainability and allows for easier upgrades.

4. Liferay’s API and Tag Libraries: Utilize Liferay’s extensive API and tag libraries to leverage built-in functionalities rather than creating custom solutions from scratch.

5. Front-End Development: Follow Liferay’s front-end guidelines, including using Liferay’s front-end framework (AlloyUI or Clay, depending on the version) and responsive design principles.

6. Performance Optimization: Pay attention to performance best practices, such as efficient database interaction, caching strategies, and optimizing resource loading (JavaScript, CSS).

7. Security Best Practices: Follow security best practices like input validation, proper authentication and authorization, and secure communication (HTTPS).

8. Effective Use of Liferay Hooks: Use Liferay hooks for customizing Liferay’s default behavior instead of modifying Liferay’s core files directly.

9. Testing and Quality Assurance: Implement comprehensive testing, including unit tests, integration tests, and functional tests. Liferay’s testing framework should be used for this purpose.

10. Deployment and Versioning: Use tools like Git for source control and Maven or Gradle for dependency management and build processes. Follow semantic versioning for your modules.

11. Liferay Upgrades: Regularly update your Liferay installation to the latest version to benefit from security updates, bug fixes, and new features.

12. Documentation and Code Comments: Maintain thorough documentation and code comments for future reference and easier maintenance.

13. Logging and Monitoring: Implement proper logging and monitoring for easier troubleshooting and performance tracking.

14. Community Involvement: Engage with the Liferay community through forums, blogs, and events to stay updated with the latest practices and solutions.

Following these practices ensures that your Liferay projects are robust, maintainable, scalable, and secure. These practices are in line with general best practices in software development but are tailored to fit the Liferay ecosystem.

***********************

Email me: Neil@HarwaniSystems.in

Liferay

Performance Tuning in Liferay – Part 3

November 7, 2023 Neil Harwani Leave a comment

You will find the part 1 & 2 of this series on Performance Tuning in Liferay here:

Performance tuning in Liferay – Part 1 | LinkedIn

Performance tuning in Liferay – Part 2 | LinkedIn

Further to above, find below some tips on Performance Tuning as part 3 of the series.

Explore Java 11 instead of Java 8 with Liferay. Java 11 has performance and concurrency improvements. Check your compatibility matrix for compatibility.
Explore various types of Garbage collection options – In my experience for certain scenarios G1 is especially helpful: Types of Garbage Collector in Java – Javatpoint
Explore fragment caching button and option if you are using fragments
Fine tune your Heap Size, analyse your heap dump, queries in Glowroot, MBeans in Glowroot to change EHCache values in Liferay – Make this an ongoing exercise
Explore fast load css, fast load javascript, minifier, no pragma and cache.browser.disabled, users.update.last.login configurations
Explore configuration in control panel for documents and media for private and public cache
Upgrade and map to latest quarterly release, generally they have improvements
Explore row lock error, Ora-1795, etc. settings in help center which cause known issues while scaling and workarounds for which are added in Help Center
While doing performance tuning, do a warmup with low users to fill up cache of Liferay before actual testing – clear all 4 types of cache in CONTROL PANEL -> SERVER ADMINISTRATION when you make web content or other changes for them to reflect properly before load test
Be cognizant of load times on JMeter and browser both – different configurations affect both differently

Email me: Neil@HarwaniSystems.in

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Ideas on Innovation around Software. We Thrive On Ideas. We are Learner Centered, Open Source & Digital Focused.