Category Archives: Liferay

Liferay

How to debug Liferay? – Some pointers – Part 2

Leave a comment

Practical tips to debug Liferay – further to my two earlier posts:

How to debug Liferay when nothing is printed in logs and there is a problem? – ChatGPT & BARD Generated | LinkedIn

How to debug Liferay? – Some pointers – Part 1 | LinkedIn

  • Setup automated heap dumps when out of memory happens.
  • Setup automated thread dumps when Liferay slows down.
  • Set up Glowroot persistence.
  • Set up Glowroot in central pattern in production especially.
  • Use ycrash.io to analyze thread and heap dumps if possible or an offline tool as per your policy.
  • Cannot emphasize enough on the above five.
  • Check Liferay logs.
  • Check DB connection pool settings via Hikari pool or others as set and it’s exhaustion.
  • Check configuration files: setenv.sh/bat server.xml, osgi/configs, other app server configurations, etc.
  • Check logs of Elasticsearch, Database, Webserver, Load balancer, Web application firewall, Content Delivery Network and more.
  • Use CAT API of Elasticsearch to check status of Elasticsearch.
  • Check if any schedulers or integrations are putting load on the system.
  • Check if things like caching, content delivery, security, etc. are as much as possible offloaded from app server.
  • Check network delays & errors across all component deployments and debug layer by layer for: LR, app nodes, WS, ES, DB, WAF, CDN and so on.
  • Automate via scripting monitoring of CPU, threads and Heap especially on all servers in deployment.
  • Analyze trends for traffic.
  • Email me: Neil@HarwaniSytems.in
  • Website: www.HarwaniSystems.in
  • Blog: www.TechAndTrain.com/blog
  • LinkedIn: Neil Harwani | LinkedIn
Liferay

How to debug Liferay when nothing is printed in logs and there is a problem? – ChatGPT & BARD Generated

Leave a comment

Debugging issues in Liferay when nothing is printed in the logs can be challenging, but there are several strategies you can employ to identify and resolve the problem. Here are some steps to guide you through the debugging process:

### 1. Enable More Verbose Logging

Action: Adjust the logging level for specific packages or components within Liferay to capture more detailed information. This can be done via the Control Panel under “Server Administration” → “Log Levels”, or by modifying the portal-ext.properties file to include more verbose logging for the suspected components.

Goal: To capture more detailed logs that might not be visible under normal logging levels, which could provide insights into the underlying issue.

### 2. Use External Debugging Tools

Action: Connect an external debugger to the Liferay JVM. Most IDEs (like Eclipse, IntelliJ IDEA) allow you to attach a debugger to a remote Java process. You will need to start Liferay with remote debugging enabled by setting appropriate JVM options.

Goal: To step through the code in real-time to understand the flow and pinpoint where the issue might be occurring.

### 3. Thread Dump Analysis

Action: If the problem seems related to hanging or performance issues, generate a thread dump from the JVM. This can be done using tools like jstack or from the operating system’s command line.

Goal: To analyze the state of threads within the JVM and identify any deadlocks, long-waiting threads, or other anomalies that might indicate where the system is getting stuck.

### 4. Memory and Heap Analysis

Action: Use Java profiling tools (like VisualVM, YourKit, or Eclipse Memory Analyzer) to analyze memory usage and heap dumps. This can help in identifying memory leaks, excessive memory usage, or other memory-related issues.

Goal: To understand memory allocation and garbage collection patterns which might be affecting the performance or functionality of Liferay.

### 5. Enable Request Tracing

Action: Utilize Liferay’s built-in request tracing capabilities (if available in your version) or use external tools like browser developer tools or network traffic analyzers to trace the HTTP requests and responses.

Goal: To understand the flow of requests and responses in the system, helping to identify any failures or bottlenecks in the request processing pipeline.

### 6. Review Front-End Console and Network Activity

Action: Use the browser’s developer tools to inspect the console for JavaScript errors and the network activity for failed or stalled requests.

Goal: To catch any client-side issues that might not be apparent on the server side, such as failed AJAX requests, loading errors for resources, or JavaScript execution issues.

### 7. Check External Dependencies

Action: Ensure that all external systems and services that Liferay depends on (like databases, external APIs, LDAP servers) are operational and accessible.

Goal: To rule out connectivity issues, authentication failures, or other problems with external dependencies that might cause Liferay to behave unexpectedly.

### 8. Perform A/B Testing

Action: If possible, compare the behavior on another environment where the issue is not present (e.g., development, staging, or another production environment). This can help identify environmental or configuration differences that might be contributing to the issue.

Goal: To isolate the problem to either code, configuration, or environment-specific issues.

### 9. Review Recent Changes

Action: Review any recent changes to the system, including software upgrades, configuration changes, custom developments, or deployed plugins, which might have introduced the issue.

Goal: To identify if the issue correlates with a specific change, which can then be rolled back or further investigated.

### 10. Consult Community Forums and Support

Action: Search for similar issues in Liferay community forums, Stack Overflow, or official Liferay support channels. If you have a Liferay subscription, consider opening a support ticket.

Goal: To leverage collective knowledge and experiences from the Liferay community or get direct support from Liferay experts.

Debugging complex issues in Liferay or any large enterprise platform can be a process of elimination and investigation. Patience, systematic troubleshooting, and leveraging available tools and resources are key to identifying and resolving the problem.

******************************

Here are steps you can take to debug Liferay when there are no logs and a problem persists:

1. Verify Log Configuration:

  • Check Log Levels: Ensure log levels are set to DEBUG for relevant components in portal-log4j-ext.xml.
  • Confirm File Paths: Verify that log files are written to the correct locations and have appropriate permissions.
  • Review Logging Configuration: Ensure logging is enabled in Liferay’s Control Panel (Server Administration -> Log Levels).
  • Disable Custom Filters: If you’ve implemented custom log filters, temporarily disable them to rule out interference.

2. Inspect Server Logs:

  • Examine Server Logs: Check server logs (e.g., Tomcat’s catalina.out) for clues, as some errors might be logged there instead.
  • Analyze Stack Traces: Look for stack traces or error messages that might hint at the issue’s origin.

3. Activate Additional Logging:

  • Enable Finer-Grained Logging: Temporarily increase logging levels for specific classes or packages to capture more detailed information.
  • Utilize Debugging Tools: Employ Java debugging tools (e.g., Eclipse’s debugger) to step through code execution and identify the problem area.

4. Isolate the Issue:

  • Simplify the Scenario: Reproduce the issue in a minimal environment to pinpoint the root cause more easily.
  • Disable Customizations: Temporarily disable custom plugins or themes to see if the problem persists in a standard Liferay configuration.

5. Analyze Browser Developer Tools:

  • Inspect Network Requests: Examine network requests and responses in browser developer tools to identify any failed requests or unusual behavior.
  • Check Console Errors: Look for JavaScript errors or warnings in the browser console that might provide additional insights.

6. Check for Known Issues:

  • Refer to Liferay Documentation: Consult Liferay’s documentation and community forums for similar reported issues and potential solutions.
  • Search for Bug Fixes: Check Liferay’s issue tracker for bug fixes or workarounds related to the problem you’re experiencing.

7. Seek Community Support:

  • Engage with the Community: If you’re still stuck, provide detailed information about your setup, Liferay version, and the specific problem in Liferay community forums or support channels for expert assistance.
Content Management, Liferay

Content Management System feature best practices in Liferay – Part 1

Leave a comment

Here are some best practices for content management system feature usage in Liferay – Part 1.

  • Separate the technical work of portlet creation, hooks, APIs, integration, themes, master templates and so on from content publishing work.
  • Once technical work is done, setup publications feature on your production environment and publish using it. Refer: Publications – Liferay Learn
  • Your workflow for publications should have content creators, reviewers, editors & publishers as bare minimum roles or you can adjust it as per your needs.
  • Preferably, keep Production, Pre-production (Copy of production after scrubbing any PII in terms of CMS / content and technical components both), UAT which is technical replica not CMS content replica, integration and dev environments.
  • Think of the content creation process this way: You don’t write a blog on one site and export from it and then import onto a new site which is your main blog, you write the draft on your own main site and put it through a workflow as required. Same applies to all largest publishers in the world, they don’t ask us to submit our journal papers, articles, conference proceedings, etc. to their UAT or pre-prod, we put content on their production systems and it goes through a workflow with right approvals, reviews and security permissions. Same applies to Wikipedia, we have a TALK/EDIT page for each of their topics right on the production system.
  • Flow of content: CREATE/REVIEW/PUBLISH on production using publications. Then copy content after scrubbing onto pre-prod only for load testing and other needs. UAT, Integration and Dev are technical systems where development happens.
  • Flow of environments for tech team: Copy of content after scrubbing PII (Personally Identifiable Information) onto Pre-Production, Technical components same as production on UAT but not content and then development servers with bleeding edge technical work.
  • Many get confused and mix the content publishing and technical work by exporting / importing content between system environments. We need technical component similarity between all environments not content. Content has to be same across only prod and pre-prod after necessary scrubbing of PII.
  • These practices will help you to smoothen & separate your technical and content management work properly.
  • Refer: Content Creation is Not a Development Activity! – Liferay
  • Email me: Neil@HarwaniSytems.in
  • Website: www.HarwaniSystems.in
  • Blog: www.TechAndTrain.com/blog
  • LinkedIn: Neil Harwani | LinkedIn
Liferay

Liferay best practices – Part 2

Leave a comment

Following up with Part 1 of the series here: Liferay best practices – Part 1 | LinkedIn – Here is part 2 of Liferay best practices:

  • Look out for settings of ORA-1795 error and it’s required settings from Liferay Help Center articles if you are using Oracle
  • If you have heavy usage of web articles, assets, documents and so on, consider switching off view / increment count via portal-ext.properties and user interface of control panel – it will prevent DB locks
  • Consider JVM tuning for meta space, heap, young generation, type of garbage collection and so on regularly based on usage
  • Review caching at fragment level, EHCache, do query analysis and GC analysis regularly
  • Use CDN (Content delivery network) and web server caching for static assets – don’t cache cookies
  • Use a good, standard WAF (Web application firewall) for public websites
  • Review your cluster settings in JAVA_OPTS, tcp.xml and portal-ext.properties – Also, check adding / editing content on one node and checking on another – whether it reflects there or not for cluster health
  • Use a monitoring tool (APM). If you use Glowroot, then install it in Central pattern
  • Review your Elastic Search cluster in terms of heap, embedded JVM and performance tuning regularly
  • Check the stale entries for ElasticSearch in background jobs table
  • Regularly check your blocked / waiting / timed_waiting threads at peak load
  • Take heap dumps to analyze the heap regularly at peak load
  • Review Liferay deployment, compatibility, security and other checklists / matrix
  • Vertically & horizontally scale, performance tune, change heap/GC and so on based on regular analysis of heap/thread dumps and load tests
  • Check errors & warnings in logs regularly
  • Set up filestore in advanced format right from the start
  • If you are migrating from another technology or product, setup a migration checklist
  • Routinely fine tune your tracing in logs from custom code and SERVER ADMINISTRATION section in control panel
  • Fine tune your app server threads
  • Setup error pages and redirects as needed
  • Block rogue IPs via web server or servlet filters
  • Map to security patches and quarterly releases
  • Enable email based password reset and / or TFA / MFA
  • Map SSO / LDAP / SAML based authentication as needed
  • Check your control panel password is complex enough or not?
  • Size your hardware and check your NAS/SAN/iNode limits in load test
  • Check your Hikari pool / DB settings / connection pool timeout / server side timeout and fine tune it
  • Check large web content / large documents and test them in terms of download / views and more
  • Set up a backup / DevOps / DevSecOps strategy
  • Set up automated heap dump and automated thread dumps
  • Change JDK certificate store password from default
  • ElasticSearch, DB should not be in side car pattern
  • Use Expando, dynamic query and service builder for database and not direct JDBC calls
  • Ownership and start / stop of app server, file store folders should be via the app server user not root
  • There are various blogs on Liferay about to debug liferay, how to debug cluster, new features, Glowroot, performance tuning – kindly search and refer them
  • Setup code quality scans via SONAR and similar
  • Maintain a Non-Functional Requirements checklist
  • Keep operational hygiene of DevOps, Automation, Delivery, Management, ITIL, Agile, Scrum, Secrets, Patterns, Architecture, Design, Debugging, Quality, Procedures, Documentation, Training, Knowledge Transfer, Access Control, Data & Process Governance, Monitoring, Reporting, Communication, Project and Product Management, Tools used, Ownership, Accountability, Collaboration, Security and more
  • Analyze your future needs of traffic, usage, infra, load and so on regularly
  • When you do a load test: refer average response time, response time, throughput, transactions per second/minute, cores, memory, heap, CPU, concurrent users, JMeter script, usage of pages, types of transactions and so on for a comprehensive answer instead of just concurrent users
  • Refer official sources like: Liferay Dev forums & blogs, Liferay learn, Liferay YouTube, Liferay GitHub, Liferay Help Center – it has type ahead, Liferay Support ticketing system, Liferay Customer portal, Liferay.com for all your problems first
  • Here are two GPTs that can assist you in your work with Liferay – please report it’s fine tuning / hallucinations to me at email below for me to fine tune them: https://lnkd.in/d2G8mPsA – Liferay Helper which works on open internet https://lnkd.in/dqVzNwCj – Liferay Guide which works on only official sources

Email me: Neil@HarwaniSystems.in

Liferay

Common programming mistakes in Liferay – GPT generated

Leave a comment

Generated using my GPT: https://chat.openai.com/g/g-uOPo2Wffl-liferay-helper-works-on-open-internet

Common programming mistakes in Liferay often stem from overlooking best practices in both Liferay-specific and general Java development. Some of these mistakes include:

1. Ignoring Liferay’s MVC Framework: Developers sometimes bypass Liferay’s built-in MVC framework for portlets, which can lead to more complex code and maintenance issues. Using Liferay’s MVC framework ensures better integration and easier upgrades.

2. Not Utilizing Service Builder Effectively: Service Builder is a key tool in Liferay for creating persistence layers. Neglecting its use or misusing it can result in inefficient database operations and difficulties in leveraging Liferay’s service-layer capabilities.

3. Hardcoding Configuration Values: Hardcoding values like file paths, URLs, or configuration settings in the code makes the portlet less flexible and more difficult to manage across different environments.

4. Overlooking Permissions and Security: Failing to properly implement permission checks can lead to security vulnerabilities. It’s crucial to use Liferay’s permission framework to control access to different parts of your application.

5. Poor Resource Cleanup: Not properly releasing resources such as database connections, streams, or temporary files can lead to memory leaks and performance issues.

6. Mismanagement of Liferay Contexts: Misunderstanding the differences between the global, site, group, and user contexts can lead to incorrect data handling and display.

7. Inefficient Use of Liferay API: Overusing or misusing Liferay’s API, such as making unnecessary calls to services or using them inappropriately, can lead to performance bottlenecks.

8. Not Adhering to Modularization: Ignoring Liferay’s modularization, especially with OSGi, can lead to tangled dependencies and challenges in maintaining and upgrading applications.

9. Ignoring Front-End Performance: Neglecting front-end performance, like overloading pages with unnecessary scripts or heavy resources, can degrade user experience.

10. Lack of Error Handling: Insufficient error handling and logging can make it difficult to troubleshoot and resolve issues in production.

Avoiding these mistakes involves a deep understanding of Liferay’s frameworks and best practices in Java web development. Regular code reviews, adhering to coding standards, and continuous learning about Liferay’s features are key to minimizing these common errors.

For further inquiries or assistance, feel free to reach out at Neil@HarwaniSystems.in, visit my blog at www.TechAndTrain.com/blog, check my website www.HarwaniSystems.in, or connect with me on LinkedIn at https://www.linkedin.com/in/neil27/.

Liferay

What are some of the best practices for Liferay? – Using three separate GPTs

Leave a comment

Generated using my GPT – Liferay Guide – Via official sources of Liferayhttps://chat.openai.com/g/g-4G5XuBdpL-liferay-guide-via-official-sources-of-liferay

Adhering to best practices in Liferay ensures that you leverage the platform effectively for enterprise solutions. Here are some key best practices to consider:

1. Modular Development: Embrace Liferay’s modular development approach using OSGi. Develop customizations in modules, rather than monolithic plugins, for better manageability and upgradeability.

2. Use Liferay’s APIs: Leverage Liferay’s extensive APIs for custom development. This ensures compatibility and takes advantage of Liferay’s built-in features and best practices.

3. Front-End Development: Utilize Liferay’s front-end frameworks (e.g., AlloyUI, Liferay Clay) to maintain consistency in UI/UX design and to ensure compatibility with different browsers and devices.

4. Performance Tuning: Regularly monitor and optimize performance. This includes database tuning, proper caching strategies, and optimizing assets like JavaScript and CSS.

5. Security Best Practices: Implement security best practices such as regular audits, using Liferay’s roles and permissions effectively, and keeping Liferay and its dependencies up to date.

6. Effective Use of Liferay DXP Features: Take full advantage of Liferay DXP’s features like staging, workflow, and audience targeting to enhance the user experience.

7. Customization with Hooks and Ext Plugins: Use hooks and ext plugins judiciously for customizations that cannot be achieved through Liferay’s built-in features or APIs.

8. Version Control and Continuous Integration: Implement version control (e.g., Git) and continuous integration practices for efficient and error-free deployment.

9. Backup and Disaster Recovery: Regularly back up your Liferay instance and database. Have a disaster recovery plan in place to handle unforeseen events.

10. Documentation and Knowledge Transfer: Maintain comprehensive documentation for your customizations and configurations. This is crucial for future maintenance and knowledge transfer.

11. Community Engagement: Engage with the Liferay community through forums, blogs, and events. This can provide additional insights and help in problem-solving.

12. Regular Updates and Maintenance: Keep your Liferay installation updated with the latest patches and versions. This helps in leveraging new features and maintaining security.

13. Testing and Quality Assurance: Implement rigorous testing (unit, integration, system) to ensure custom developments work as intended and do not adversely impact other parts of the system.

14. Accessibility Compliance: Ensure that your Liferay site is accessible, following standards like WCAG, to make it usable for people with different abilities.

15. Mobile Responsiveness: Design your sites and applications to be responsive, ensuring they work well on various screen sizes and devices.

Remember, these best practices are guidelines and should be adapted based on your specific use case and organizational needs. For more detailed and situation-specific best practices, consulting Liferay’s official documentation or reaching out to their support can be beneficial.

Email me: Neil@HarwaniSystems.in

***************************************************

Generated using my GPT – Tech Tower Guidehttps://chat.openai.com/g/g-cELlz9ieP-tech-tower-guide

Liferay, known for its powerful and flexible digital experience platform (DXP), can be optimized through several best practices:

1. Modular Development: Emphasize on modular development by using OSGi modules. This approach helps in creating scalable, maintainable, and reusable components.

2. Service Layer Abstraction: Maintain a clear separation between your business logic and Liferay’s core functionality. This abstraction ensures that your custom code is decoupled from the platform, making it easier to manage and upgrade.

3. Performance Optimization: Implement caching strategies, optimize database interactions, and manage resource-intensive operations carefully to ensure optimal performance. Regular performance testing is crucial.

4. Front-End Development: Utilize Liferay’s built-in front-end frameworks and tools. Ensure that the UI is responsive and accessible. Employ web standards and best practices in front-end development.

5. Security Practices: Follow Liferay’s security recommendations. Regularly update Liferay and its dependencies to protect against vulnerabilities. Implement proper authentication, authorization, and data validation practices.

6. Customization with Extensions: Prefer extensions over core modifications. Use Liferay’s extension points to add or modify functionality without altering the core codebase, which simplifies upgrades.

7. Effective Use of Liferay APIs: Utilize Liferay’s APIs for various functionalities instead of creating custom solutions from scratch. This leverages Liferay’s built-in capabilities and ensures compatibility.

8. Code Quality and Standards: Adhere to coding standards and best practices. Conduct regular code reviews and utilize static code analysis tools to maintain high-quality code.

9. Version Control and Continuous Integration: Implement version control using systems like Git. Use continuous integration and continuous deployment (CI/CD) practices for efficient and error-free deployments.

10. Backup and Disaster Recovery: Regularly backup Liferay data and configurations. Have a disaster recovery plan in place to handle system failures without significant data loss or downtime.

11. Training and Documentation: Ensure that your team is well-trained on Liferay and maintains comprehensive documentation for any custom development or configurations.

12. Community Engagement: Engage with the Liferay community. The community is a rich source of information, support, and innovation.

Adopting these practices will help in maximizing the effectiveness and longevity of your Liferay implementation. For more detailed insights and guidance on technology and management, feel free to visit our website at www.HarwaniSystems.in and our blog at www.TechAndTrain.com/blog. For further discussions, you can also contact us at Neil@HarwaniSystems.in.

****************************************

Generated using my GPT Liferay Helper – Works on open internet: https://chat.openai.com/g/g-uOPo2Wffl-liferay-helper-works-on-open-internet

Best practices for Liferay development and deployment encompass a range of areas, including coding standards, performance optimization, security, and deployment strategies. Here are some key best practices:

1. Adhere to MVC Architecture: Liferay follows the Model-View-Controller (MVC) architecture. Adhering to this pattern in your custom developments ensures maintainability and scalability.

2. Use Liferay Service Builder: For creating persistence layers, the Liferay Service Builder is highly recommended. It simplifies database operations and ensures consistency across different database systems.

3. Modular Development: Embrace OSGi-based modular development. Develop features as separate modules rather than monolithic applications. This enhances maintainability and allows for easier upgrades.

4. Liferay’s API and Tag Libraries: Utilize Liferay’s extensive API and tag libraries to leverage built-in functionalities rather than creating custom solutions from scratch.

5. Front-End Development: Follow Liferay’s front-end guidelines, including using Liferay’s front-end framework (AlloyUI or Clay, depending on the version) and responsive design principles.

6. Performance Optimization: Pay attention to performance best practices, such as efficient database interaction, caching strategies, and optimizing resource loading (JavaScript, CSS).

7. Security Best Practices: Follow security best practices like input validation, proper authentication and authorization, and secure communication (HTTPS).

8. Effective Use of Liferay Hooks: Use Liferay hooks for customizing Liferay’s default behavior instead of modifying Liferay’s core files directly.

9. Testing and Quality Assurance: Implement comprehensive testing, including unit tests, integration tests, and functional tests. Liferay’s testing framework should be used for this purpose.

10. Deployment and Versioning: Use tools like Git for source control and Maven or Gradle for dependency management and build processes. Follow semantic versioning for your modules.

11. Liferay Upgrades: Regularly update your Liferay installation to the latest version to benefit from security updates, bug fixes, and new features.

12. Documentation and Code Comments: Maintain thorough documentation and code comments for future reference and easier maintenance.

13. Logging and Monitoring: Implement proper logging and monitoring for easier troubleshooting and performance tracking.

14. Community Involvement: Engage with the Liferay community through forums, blogs, and events to stay updated with the latest practices and solutions.

Following these practices ensures that your Liferay projects are robust, maintainable, scalable, and secure. These practices are in line with general best practices in software development but are tailored to fit the Liferay ecosystem.

***********************

Email me: Neil@HarwaniSystems.in

Liferay

Performance Tuning in Liferay – Part 3

Leave a comment

You will find the part 1 & 2 of this series on Performance Tuning in Liferay here:

Performance tuning in Liferay – Part 1 | LinkedIn

Performance tuning in Liferay – Part 2 | LinkedIn

Further to above, find below some tips on Performance Tuning as part 3 of the series.

  • Explore Java 11 instead of Java 8 with Liferay. Java 11 has performance and concurrency improvements. Check your compatibility matrix for compatibility.
  • Explore various types of Garbage collection options – In my experience for certain scenarios G1 is especially helpful: Types of Garbage Collector in Java – Javatpoint
  • Explore fragment caching button and option if you are using fragments
  • Fine tune your Heap Size, analyse your heap dump, queries in Glowroot, MBeans in Glowroot to change EHCache values in Liferay – Make this an ongoing exercise
  • Explore fast load css, fast load javascript, minifier, no pragma and cache.browser.disabled, users.update.last.login configurations
  • Explore configuration in control panel for documents and media for private and public cache
  • Upgrade and map to latest quarterly release, generally they have improvements
  • Explore row lock error, Ora-1795, etc. settings in help center which cause known issues while scaling and workarounds for which are added in Help Center
  • While doing performance tuning, do a warmup with low users to fill up cache of Liferay before actual testing – clear all 4 types of cache in CONTROL PANEL -> SERVER ADMINISTRATION when you make web content or other changes for them to reflect properly before load test
  • Be cognizant of load times on JMeter and browser both – different configurations affect both differently

Email me: Neil@HarwaniSystems.in

Liferay, Security, Software Security

Security & Cookie links @ www.Liferay.com – Part 1

Leave a comment

List of Liferay security & cookie related links which includes Cookies, XSS, CSRF, OWASP, CORS, SSO, IAM, Service Action Policies and more:

  1. Known vulnerabilities: Known Vulnerabilities – Liferay
  2. Security statement: Security Statement | Liferay
  3. LXC Cloud security: DXP Cloud Security | Liferay
  4. Securing Liferay page: Securing Liferay – Liferay Learn
  5. Help center DXP 7.0: Liferay DXP Security Overview – Liferay Help Center
  6. Help center DXP 7.1: Introduction to Securing Liferay DXP – Liferay Help Center
  7. Administration security: Security – Liferay Learn
  8. Search security DXP 7.2: Installing Liferay Enterprise Search Security – Liferay Help Center
  9. Search security DXP 7.1: Installing Liferay Enterprise Search Security – Liferay Help Center
  10. Securing ElasticSearch DXP 7.3/7.4: Securing Elasticsearch – Liferay Learn
  11. Reporting security issues: Reporting Security Issues – Liferay
  12. Liferay product cookies: Liferay Product Cookies – Liferay Help Center
  13. Cookie list: Cookies list that could be found in a Liferay Portal and their usage – Liferay Help Center
  14. Login cookies: List of Cookies That Are Affected at Liferay Login – Liferay Help Center
  15. Liferay cloud cookies: Liferay Cloud cookies – Liferay Help Center

Email me: Neil@HarwaniSystems.in

Liferay

What you should not be doing in Liferay – Part 1

Leave a comment

Here is a list of what you should not be doing in Liferay – Part 1 and also what you should be doing written right next to it in place of the wrong things:

  • Write JDBC calls in portlets. Avoid JDBC calls in portlets. Please explore expando, service builder, dynamic queries and such from Liferay.
  • Run elasticsearch & database in embedded mode in production. This is to be avoided always. For production and especially clustering, use remote elasticsearch and separate database.
  • Use simple filestore for large number of documents. Right from the start prefer using advanced filestore.
  • Forget to switch off developer settings in portal-ext.properties and verbose level of tracing in logs. Please switch off developer settings and verbose level tracing in logs.
  • No performance testing and tuning of system before go-live. Please perform performance testing and tuning including GC / JVM / Caching / etc. for Liferay. Install Glowroot right from the start if possible in central pattern.
  • Not configure security for various parts of the system. Configure SSL, xpack security for search. Explore the security page on Liferay Learn for various configurations. Perform VAPT at the start.
  • Not enabling SSO. If SSO will be required in future, please enable it right from the start so that there are no user problems later. Also, it helps to reduce load on Liferay CPU of encryption.
  • Not refer official documentation. Please refer liferay.dev – forums, blogs, learn.liferay.comhelp.liferay.com, help center articles, Liferay Learn YouTube channel and more from the start.
  • Not explore commerce, objects, publications, headless APIs, blueprints, asset library, fragments and such features. Please explore all this right from the start.
  • Not explore benchmarking, performance, compatibility matrix whitepapers. Please explore them before go-live. There are lot of resources under resources section on Liferay.com including case studies, whitepapers and more.
  • Not create go-live, integration, deployment diagram, architecture and such documents at the start. Please create go-live, integration, deployment, architecture, design documents from the start.
  • Check Glowroot only when you face a problem. Instead, check your Glowroot regularly on weekly basis at least.
  • Not size the infrastructure requirements for NAS/SAN for filestore and DR strategy. Please plan your infrastructure requirements in terms of NAS/SAN, servers for Liferay, database, elastic and others like web server before go-live.
  • Not doing regular maintenance. Routinely do maintenance of Liferay, database, Elasticsearch, webserver and more by checking logs, JVM, CPU/memory usage, configurations and more.
  • Not checking your lighthouse score incase of public websites. Regularly optimize your lighthouse score incase of public facing websites.
  • Not have a DevSecOps strategy in place. Please create a CICD pipeline, DevSecOps strategy and implementation with Git style repository to manage things properly.
  • Not have an upgrade plan mapped to quarterly release of Liferay. Please have an upgrade plan mapped to quarterly releases of Liferay.

Email me: Neil@HarwaniSystems.in

Liferay

Performance tuning in Liferay – Part 2

Leave a comment

Following up on the Performance tuning in Liferay – Part 1 post – here are some additional points for performance tuning:

  1. The blue circle in Glowroot slow traces indicates that the transaction is still ongoing whereas yellow indicates it’s completed. Red indicates there is an error.
  2. You can change the JVM gauges as needed to see lot of different types of details of JVM
  3. You can use instrumentation from configuration using type ahead drop down (AJAX style)
  4. You can allocate specific cores to a JVM if need be using an argument on core allotment
  5. You can see thread profiles and take heap dumps from Glowroot itself
  6. Glowroot has sections on errors, queries and service calls
  7. You can get Glowroot to sustain it’s data through restarts using arguments
  8. For frequent garbage collection, check if some queries, etc. are continuously filling up memory and any fine tuning on caching can help
  9. It helps to follow these sections in no particular order and check them regularly: JVM – guages, MBeans (You can search your cache related things here – it’s like seeing things in VisualVM), threads and more, transactions, slow traces (all three areas throughput/etc.), thread profiles (search “blocked” here), queries, service calls, errors, sorting options in transactions, instrumentation, etc.
  10. Latest Glowroot works with Java 11 that is compatible with Liferay for customizations and product usage but not source code compile. This latest Glowroot gives lot many more options especially in transactions.
  11. If you are using Java 8, check if your Glowroot version is compatible with it. Typically 0.13.6 and below are compatible with Java 8 as far as I know.

Email me: Neil@HarwaniSystems.in