Whitepaper

Understanding
Hippo CMS 7
Software Architecture

Introduction
This document describes the architecture of Hippo CMS on an abstract level. This document aims
to provide the basic understanding of the Hippo CMS software architecture to enable Architects to
define their custom requirements for their specific IT ecosystem.

Colofon
Author: Woonsan Ko
Get in touch with Hippo: info@onehippo.com
North America: +1 877 414 47 76 (toll free)
Europe: +31 20 522 44 66

Amsterdam Boston

Follow the Hippo trail: onehippo.com

Whitepaper

Table of Contents

1. Introduction

2. Use Cases Overview

Actors List

Use Cases List

2. Quality Attributes

User/Usability Considerations

Runtime Qualities

Availability

Interoperability

Manageability

Performance

Reliability

Scalability

Security

Design Qualities

Modifiability

Maintainability

Reusability

System Qualities

Supportability

4. Software Architectures

Overall Views

Content Production

Content Delivery

Security Concerns

10

Module View

10

Simple Enterprise SSO Enabled Architecture-Deployment View

10

View Shibboleth/SAML Enabled Architecture

11

5.

Summary

12

6.

References

12

Amsterdam Boston

Follow the Hippo trail: onehippo.com

Whitepaper

1. Introduction

For system administrators,

this will help understand how systems are deployed,

This document describes the software architecture of

maintained and monitored.

Hippo CMS on a high level to help various stakeholders

understand Hippo CMS in general.

For testers,
this will help understand how systems can be integrated

For enterprise architects and technology leaders,

and tested properly.

this document will help to understand how Hippo CMS

can solve technical problems and challenges and how
Hippo CMS can be integrated with industry standard
technologies transparently and seamlessly.
For developers,
this will help understand how components are interacting
with each other and how modules are constructed and and
relate to each other.

Amsterdam Boston

Follow the Hippo trail: onehippo.com

Whitepaper

Key Roles and their Use Cases

Actors

Use Cases

Web User

Search Content

Users accessing the websites to

Web User searches content by

Site

search, view and edit (e.g., adding

comments to an article) the

text, categories, tags or metadata.

View Content

content of the system. Can be an

Web User views selected content

anonymous or authenticated user.

Search Content

on the website. External Search

Author
CMS users who can create and
edit content in the system, but
normally cannot publish the

Engines also crawl content or

Search
Engine

Web
User
View Content

content directly by themselves.

They can request publication on

indexing purpose. The website

content includes generated
content in the markups, meta tags,
sitemap data, etc.

<< include >>

the content instead.

metadata on the website for

View Social Content

Editor

Web User views opinions,

View Social Content

comments, etc. shared by Social

CMS users who can create, edit,

Social
Application

publish and depublish content in

the system. Normally they can
approve the publication requests

Edit Content

from authors.

Applications (e.g., Facebook,

Twitter, Disqus, etc.) on the content.
Edit Content
Web User can create and edit

Webmaster

content on the website. e.g.,

Webmaster who manages

comments on an article.

channels, content delivery web

Syndicate Content

application configurations and

Content
Subscriber

personas.

Administrator

system, manage content migration

Author creates and edits content

CMS

tasks from the external sources

in CMS, and requests publication

on the content.

and do all other CMS related

administration tasks.

Author

Manage Publication

Author Content

Editor can accept or reject the

publication requests on the

External search engines. e.g.,

content, and schedule publication

Google, Bing, etc. CMS provides

of the content.

Search Engine Optimization

Manage Publication

features for external search

Manage Channel

engines.

External users or systems,

Webmaster manages channels and

their associated content delivery

Editor

web application configurations.

Manage Channel

subscribing the content through

Manage Persona

RSS, Atom feeds, e-mails, etc.

Webmaster configures collectors,

defines characteristics and

External Content Source

External content source which can

external repositories, etc.

manages persona for targeting

Manage Persona

be migrated into CMS. e.g., XML

file/folders and images/assets,

content through RSS, Atom feeds,

Author Content

manage access controls of the

Content Subscriber

Content Subscriber can receive

e-mails, etc.

CMS Administrator who can

Search Engine

Syndicate Content

and personalization.

Manage Access Control

Webmaster

Administrator manages access

controls by defining users, groups

Manage Access Control

and privileges per each content

security domain.

Migrate Content
Administrator

Administrator configures and

Migrate Content

monitors content migration tasks.

External
Content
Source

External Content Source

External content source which can
be migrated into CMS. e.g., XML
file/folders and images/assets,
external repositories, etc.

Amsterdam Boston

Follow the Hippo trail: onehippo.com

Whitepaper

2. Use Cases Overview

S
 upports enterprise search engine integration.
E
 nables industry standards based communications

The use cases overview diagram on the previous page

(e.g., Servlet/JSP/JSTL, JSR-283, etc.) and supports

shows higher level use cases. Please note that the actors

easy JEE standard based integrations.

and use cases will vary in specific systems and the

overview shows a simplified generic model only.

Allows standards based information exchanges. e.g.,

XML, RSS, Atom feeds, RESTful APIs.
E
 nables to use external authoring tools such as Office

3. Quality Attributes

documents.
C
 ontent migration support from external sources in
various formats such as XML and image files.

Hippo follows a number of core architectural principles

Application Integration support. Enables seamless

when designing features and functionalities for Hippo

integration with various enterprise systems such as

CMS, which are described in more detail below.

eCommerce, CRM, BPM, etc.

Manageability

User/Usability Considerations

Supports easy management with useful tools for

I ntuitive and customizable user experiences for easy

monitoring and tuning.

creation and management of web content without IT

assistance.
E
 nables authors to manage multi lingual have content
and deliver the right content based on user locale.
E
 nables to publish content to multiple, disparate

Performance
Meets performance needs for online business. System
have to be responsive to execute any action within a given
time interval.

channels such as mobile, email, website, landing page,

social network, print, and campaign management

Reliability

system.

Remains operational over time. System will not fail to

E
 nables to target and personalize to any visitor based
on context, behavior, geography and profile data.

perform its intended functions over a specified time

interval.

E
 asy management of rich media files such as images
and asset files, and seamless integration for streaming

Scalability

audio and videos.

Meets massive scalability for online business. System

P
 rovides social and community features that can be
incorporated into existing sites for sharing of opinions,

should handle increases in load without impact on the

performance of the system and should be readily enlarged.

articles and reviews.

Security
Runtime Qualities
Availability
Websites are mission critical systems for online

P
 rovides safe and secure access, and supports access
control with user groups on domain rules.
S
 upports integration with industry security standards

businesses. The website and CMS system have to be

based solutions, e.g., JAAS, LDAP, Single sign-on using

functional and working without being affected by any

popular Central Authentication Services (e.g. OpenID,

critical system errors, infrastructure problems, malicious

SAML, Shibboleth, SiteMinder etc.)

attacks and system loads.

Interoperability

S
 upports customization and plugging in custom

C
 onforms web standards (e.g., W3C XHTML, CSS, etc.).

authentication implementations, Remember-me,

S
 upports search engine optimizations for website.

CAPTCHA, concurrent sessions etc.

Amsterdam Boston

Follow the Hippo trail: onehippo.com

Whitepaper

Design Qualities

Reusability

Modifiability

C
 omponents and subsystems should be designed to

S
 upport templates to be applied to new and existing

be suitable for use in other applications and in other

content, allowing the appearance of all content to be

scenarios as much as possible in order to minimize the

changed from one central place.

duplication of components and implementation time.

S
 upport plugin architecture. Developers should be able
to add functionalities with plugins easily.

System Qualities
Supportability
S
 hould provide information helpful for identifying and

Maintainability

resolving issues when it fails to work correctly.

S
 hould be easy to undergo changes on components,
services, features and interfaces when adding or
changing functionalities, fixing errors, and meeting new
business requirements.

Amsterdam Boston

Follow the Hippo trail: onehippo.com

Whitepaper

System Overview

Browser
Client

Application
Server (1)

Lucene
Index (1)

ht
tp
http

CouchBase
Server

DBMS

HTTPd

r RM

JCR

Content
Subscriber

Load
Balancer

Application
Server (n)

(ov
er W
ebD
AV
o

RS
S/
At
om

Search
Engine

JCR Client

< < artifact > >

< < war > >
CMS

< < artifact > >

< < war > >
SITE

Lucene
Index (n)

< < artifact > >

< < war > >
System Admin
Tools
l

< < artifact > >

< < war > >
Import Tool

< < artifact > >

< < jar > >
Repository

4. Software Architecture
Overall Views
Deployment View
The following deployment view shows a simplified deployment with core systems. For simplicity, it just shows a typical
simple deployment, without considering specific concerns such as security, caching options,
etc. in detail.

An explanation of core nodes:


Browser Clients can visit websites through HTTP/S connections.

Search Engines can crawl websites and metadata through HTTP/S
connections.


Content Subscribers (e.g., RSS/Atom feed clients) can retrieve contents
through content syndication protocols.


JCR Clients can communicate with the repository, which can be
deployed onto the same Application Server node as shown above or a
separate Application Server node, through the JCR API. The underlying
connection for JCR API for remote clients can be either WebDAV or
RMI. By the standard of JCR API, JCR Clients can communicate with
the repository in either client-server invocation style or asynchronous
event subscription style.


The content delivery web application, SITE, can be deployed onto any


The repository server module, Repository, can be deployed onto an
application server together with the CMS web application, but also can
be deployed onto a separate application server or as a separate web
application.


Each repository instance has its own Lucene index, while all the cluster
repository nodes should share the same DBMS.


Hippo CMS can leverage CouchBase as separate server installation for
storing visitor data used for targeting and analytics.


Hippo repository supports various DBMS such as MySQL, PostgreSQL,
Oracle, MS SQL, Amazon RDS and IBM DB2.


System Admin Tools are mostly web-based applications and can
be deployed onto any JEE compliant servlet containers. System
administrators can also use JMX tools to monitor JVMs and Content

JEE compliant servlet containers such as Tomcat 6, JBoss, Glassfish,

Delivery web applications, by connecting through JMX protocol (either

WebSphere, etc.

local, RMI, or HTTP based).


The content production web application, CMS, can be deployed onto


Content Import Tool application, which imports XML files and binary

any JEE compliant servlet containers such as Tomcat 6, JBoss,

files into the repository, can be deployed onto any JEE compliant

Glassfish, WebSphere, etc.

servlet containers, too.

Amsterdam Boston

Follow the Hippo trail: onehippo.com

Whitepaper

Content Management System Application Components and Connectors View

User Session

< < Servlet Filter > >

Wicket Application

Document
Wizard Plugin

Main
Dashboard
Perspective
Plugin Config
Service

Hippo JCR
Repository

JCR Session

Document
History Plugin

Plugin Page

Todo List
Plugin

Plugin Config

Browse
Perspective

Folder Tree
Plugin

Admin
Perspective

Document List
Plugin

Reports
Perspective
Targeting
Perspective
Channel
Manager
Perspective

Experience
Optimizer Plugin

Google Analytics
Plugin

< < http/ rest > >

Channel
Manager

Login Page

An explanation of core components and connectors:


The Content production CMS web application is based on the Apache
Wicket framework, providing a very flexible Hippo plugins architecture
and extensions points.


Like normal Apache Wicket applications, a page component consists
of descendant components. In addition, the CMS Frontend Plugin
Architecture allows dynamic plugin components aggregation, at
runtime, which can be configured in the repository, without having to
know all the descendant components at design time.


With rich component set of Wicket based plugins, native Wicket AJAX
support and extensions of ExtJS and jQuery by Hippo, usability can be
maximized.


WicketApplication is just a standard Apache Wicket filter, and Main
is the entry point Wicket application which shows homepages such


PluginPage consists of multi ple Perspective plugin components and each
Perspective plugin component consists of multiple child plugin components.


For example, Dashboard Perspective plugin component consists of
Document Wizard, Document History, Todo List, Folder Tree, Document
List plugin components, etc.


A plugin component can contain multiple child plugin components
by defining configurations in the repository, which increases
customizability, maintainability and reusability.


All component may use the JCR Session in the UserSession to retrieve/
update content in the repository through JCR API. Also they may use
Hippo Repository API to handle virtual nodes and workflows.


Because it has to communicate with SITE web application at runtime

as PluginPage, LoginPage, etc. and has the UserSession which is

when composing page layouts or assembling components in pages,

associated with a JCR Session.

ChannelManager Perspective can connect to the ChannelManager

through RESTful APIs.

Amsterdam Boston

Follow the Hippo trail: onehippo.com

Whitepaper

HST Core

HST Client

HST JAXRS

HST Security

HST Session Pool

HST Content Beans

HST Commons

HST API

HST Mock

Hippo
Repository API

JCR API

HST Rewriter

The figure above shows module dependencies of the Hippo Delivery Tier:

HST Core is the core module of the Hippo Delivery Tier, including
component manager, pipeline, valves, component invoker, etc.


HST Client is the base module for Content Delivery applications such
as custom HSTComponents, containing base component classes,
utilities, etc.


HST JAXRS contains RESTful API support components based on
JAX-RS standard. Custom JAXRS Resource Beans can be implemented
based on the JAX-RS standard and configured with this module in the
Spring Framework configurations.


HST Security contains authentication/authorization support for
websites, including JAAS and form based authentication support.
Spring Security Framework can be configured with this, too, in order to
support various security requirements such as SiteMinder integration,
Enterprise SSO integrations, etc.


HST Session Pool has JCR Session pool support, with sophisticated
resource management and JMX management features.


HST Content Beans has Object-Content mapping support, which allows
to map JCR content nodes to POJOs and vice versa.


HST Rewriter has HTML content rewriting support with link and image
rewriting features.


HST Commons has default implementations of standard interfaces and
common utilities.


HST API provides all the standard APIs of the Hippo Delivery Tier.

HST Mock contains some necessary mocking classes for easy unit
testing, which increases testability.


The Content Delivery Framework depends on Hippo Repository API
and JCR API.

Amsterdam Boston

Follow the Hippo trail: onehippo.com

Understanding Hipo CMS 7 Software Architecture

Hippo Delivery Tier Modules view

Whitepaper

SSO

LDAP

Server

httpd authenticates the secured resources by mod_shib2 module, which invokes Shibboleth
Daemon. Shibboleth Daemon mayServer
communicate with
Enterprise Shibboleth Identity Provider via SAML/HTTPS.


If the user is successfully
authenticated by the handshakes between Client Browser and Shibboleth Identity Provider, then httpd will do reverse
http/s
Browser

HTTPd

proxy to Client
Tomcat.

Application
Server

DBMS


If the user is authenticated in the httpd level by mod_shib2 module and Shibboleth Daemon, then it is regarded as pre-authenticated state from
the viewpoint of Java Web Applications on Tomcat.

< artifact
>
< < the
artifact
>>
< < artifact
> > which should be provided by

Spring Security Framework Filter initializes<proper
user> principal
based on
pre-authenticated
user
information,
SSL

< < war > >

< < war > >

HTTP Header. [8] The components initializing

the pre-authenticated user detail
can be easily customized.
See [9] for an example.
Configuration
CMS
Site


Now, HST-2 Container can use the initialized user principal on serving secured page resources.

Also, CMS Frontend Application can create a user JCR session based on the initialized user principal.
< < artifact > >
Form
Authentication
Configuration

< < artifact > >

JAAS
Configuration

< < artifact > >

Spring Security
Integration
Configuration

An explanation of core nodes:


In most cases, HTTPS connection for browser clients is configured and
enabled on the HTTPd (Apache2) layer.


In many cases, HTTPd or other reverse proxy layer node can redirect to
the Enterprise SSO Server for authentication required clients and the
request can be redirected back with a valid security token.


Enterprise SSO Server such as SiteMinder can be accessed by
applications on the Application Server to validate the security tokens if
needed.


CMS and site applications on Application Server can also authenticate
users against LDAP Server if configured.


CMS and site applications on Application Server can also authenticate
users by either Form Authentication or JAAS or Spring Security
Integration. If Enterprise SSO Server is used, Spring Security
Integration is capable of integrating with it seamlessly.

Amsterdam Boston

Follow the Hippo trail: onehippo.com

Understanding Hipo CMS 7 Software Architecture

10

Security Aspects An Enterprise SSO Enabled Architecture-Deployment View

Whitepaper

WCMS
< < artifact > >
mod_shib2

Browser
Client

< < http/s > >

Apache2
HTTPd

< < artifact > >

Spring Security
Integration
Configuration

Tomcat

< < artifact > >

< < war > >
SITE

Shibboleth
Deamon

>>

< < SAML/https > >

ttp/s
<<h

Enterprise
Federated
Security
Resources

< < artifact > >

< < war > >
CMS

< < artifact > >

shibboleth2.xml

Shibboleth
Identity Provider

LDAP Server

Shibboleth/SAML Enabled Architecture

Shibboleth is a single-sign in, or logging-in system for computer networks and the internet. It allows people to sign in,
using just one identity, to various systems run by federations of different organizations or institutions. The federations
are often universities or public service organizations. [5] This section describes how Hippo CMS 7 can be deployed,
integrating with Enterprise Shibboleth SSO Solution, and how internal components interact with each other. For detail of

An explanation on core nodes:


Browser Client attempts to access WCMS system through the web
URLs served by the frontend Apache HTTPd Server.


The Apache HTTPd Server has authentication configuration for
secured resources (e.g., /cms, /SITE/secured/articles/, etc.) with
Shibboleth authentication option. For the Shibboleth authentication
option, the Apache HTTPd Server invokes mod_shib2 module which is
deployed onto the server.


The mod_shib2 module communicates with Shibboleth Daemon to
request authentication through either Unix socket or TCP socket based
on configuration.


Shibboleth Deamon may initiate user sessions, manage the sessions


Shibboleth Deamon is configured by shibboleth2.xml. Because the
authentication information should be used in Java Applications
connected through either mod_proxy or mod_jk2, Shibboleth Daemon
should be configured to leave the authentication information as HTTP
Headers.


For authenticated user session, Apache HTTPd Server will serve Java
Web Applications (e.g., Content Production Application and Content
Delivery Application) hosted by Tomcat, which is connected by either
mod_proxy or mod_jk2.


CMS (Content Production) Application and SITE (Content Delivery)
Application can be configured with Spring Security Framework
enabled. Spring Security Framework can read the pre-authenticated

for the specified time duration, let Browser Client be redirected to the

HTTP Header [8], which is provided by Shibboleth Daemon, and it can

Shibboleth Identity Provider, and provide authentication information

build a user principal based on the pre-authenticated HTTP Header.

environment variables or http headers. Shibboleth Identity Provider

CMS (Content Production) Application and SITE (Content Delivery)

is normally deployed centrally in the enterprise, and so WCMS system

Application should be configured to use the user principal provided

should normally be configured to access remote Shibboleth Identity

by the Spring Security, instead of trying to authenticate the user by

Provider through Shibboleth Damon.

themselves.


CMS (Content Production) Application should be configured to
synchronize the user data from the LDAP Server.

Amsterdam Boston

Follow the Hippo trail: onehippo.com

Understanding Hipo CMS 7 Software Architecture

11

Deep Dive Example for SSO Shibboleth/SAML Deployment

Whitepaper

About Hippo
At Hippo, we believe, digital is here to make our lives a

Hippo CMS is open source, 100% Java and convinces

little bit better.

with its lean product architecture that is built for uptime,

security and performance.

Hippo sets the standard for how organizations can bring

real-time relevance to their audience and is the foundation

Our dedicated, Certified Partner Network delivers Hippo

for personalized communication across all channels:

Awesomeness around the globe to our valued customers.

mobile, social and web. Our purpose is to facilitate

Hippo is proud to serve organizations such as Disney,

innovation so our customers can create digital miracles.

British Telecom, Dolce & Gabbana, Max Bahr, the Dutch

We serve our customers, by creating a platform that is fun

Police, Thomson Reuters and Crdit Agricole.

to use, easy to implement and open for innovation.

Hippo is headquartered in Amsterdam, The Netherlands
Hippo CMS is a powerful, enterprise-class foundation

and Boston, USA.

to deliver outstanding Customer Experiences based on

Enterprise Agility and Innovation Power.

Curious for more? Visit www.onehippo.com

Resources
1. Hippo Campus Community
http://www.onehippo.org

6. Shibboleth Documentation
https://wiki.shibboleth.net/confluence/
dashboard.action

2. Spring Framework
http://www.springsource.org/spring-framework

7. Deployment of Shibboleth Service Provider (SP)

2.0 on Debian GNU/Linux 4.0

3. Spring Security Framework

https://www.switch.ch/aai/docs/shibboleth/

http://static.springsource.org/spring-security/

SWITCH/2.0/sp/deployment-sp-2.0-debian-

site/

4.0.html

4. Apache Wicket
http://wicket.apache.org

8. Spring Security Framework-Pre-Authentication

Scenario
http://static.springsource.org/spring-security/

5. Shibboleth (Internet2)

site/docs/3.1.x/reference/preauth.html

http://en.wikipedia.org/wiki/
Shibboleth_%28Internet2%29

Amsterdam Boston

Follow the Hippo trail: onehippo.com

Understanding Hipo CMS 7 Software Architecture

12