Enterprise Financial Web Platform

Sling Models & OSGi

Each component's business logic and JCR content mapping was encapsulated in an OSGi-registered Sling Model. Models were injected via @OSGiService and @ValueMapValue, keeping HTL scripts free of logic.

Sling Servlets

A custom Sling Servlet was implemented to handle form submission and integrate with an external mail service - covering a use case where the out-of-the-box AEM Forms and content APIs were insufficient. The Servlet was registered by resource type, keeping the endpoint co-located with the form component it served.

To manage the mail service credentials and endpoint configuration securely, a dedicated OSGi configuration was created. This allowed environment-specific values (API keys, sender addresses, service URLs) to be injected at runtime via AEM's OSGi config files - no hardcoded values in code, and no redeployment required to update configuration across environments.

This was a targeted, single-purpose integration - not a general pattern applied across components.

HTL

HTL was used as the server-side rendering language for all component markup, delegating business logic entirely to Sling Models via the Use-API. Beyond basic rendering, the implementation applied advanced HTL patterns to ensure robustness and maintainability:

• —data-sly-test for conditional rendering - preventing empty or broken HTML from reaching the DOM when optional model values were missing or null
• —data-sly-template and data-sly-call for intra-component templating - used when a component needed to cover multiple layout scenarios, keeping the markup clean and avoiding duplication
• —data-sly-use with scoped variables to compose complex component structures without logic leaking into markup
• —context attribute applied correctly where needed - for example, when working with the OOTB Embed component, context was set explicitly to avoid XSS vulnerabilities introduced by unescaped HTML output

The result was markup that was strictly presentational, resilient to missing content, and safe by default.

AEM Editable Templates & Style System

Component behaviour and visual variants were configured per-template via policy definitions - no code changes required to enable or restrict features per template. The Style System allowed authors to select pre-approved component variants directly from the Touch UI, with the corresponding CSS classes injected at runtime based on the active policy. This decoupled visual variation from component code, reducing the need for separate component variants.

JCR Integration

Component content persisted via Apache Jackrabbit (JCR). New node structures followed existing repository conventions to ensure clean merge with authored content already in production.

Critical clientlib (page <head>)

Contains only above-the-fold styles: CSS reset, typography scale, and layout grid. Kept intentionally minimal to avoid render-blocking. No component-specific styles.

Component-scoped clientlibs

Each component owns its own clientlib, loaded only when that component is present on the page - unused components contribute zero bytes to the page payload.

Naming convention & programmatic resolution

A naming convention was established across all component clientlibs - each clientlib category followed a structured pattern (e.g. project.component.<component-name>). At page component runtime, the AEM page component resolves and includes the correct clientlib programmatically based on the component name present on the page, without hardcoding a static list of dependencies. This made the inclusion mechanism self-maintaining as new components were added.

Webpack minification

All frontend JavaScript and CSS was minified via Webpack bundling for production builds, reducing asset payload and improving page load performance.

Granite condition-based field visibility

Fields shown or hidden dynamically based on authored selections - implemented via Granite UI conditions on dialog field nodes. Authors see only the fields relevant to their current configuration.

Custom validators

Field-level business rules enforced via clientlib-based validators attached to dialog fields. Validation runs before content is saved, preventing invalid data from reaching the JCR.

Nested multifield configurations

Repeatable content structures - lists of items with their own sub-fields - implemented with nested Granite multifields. All dialog extensions version-controlled and documented for team auditability.

Semantic HTML & landmark structure

Correct landmark roles (main, nav, aside) and heading hierarchy enforced across all new components. Existing components audited and corrected where heading levels were skipped or roles were missing.

Keyboard navigation & focus management

Interactive components (tabs, accordions, modals) fully navigable via keyboard. Focus trapped appropriately in overlays; focus restored to trigger on close.

Colour contrast

All text and UI elements verified to meet the 4.5:1 (normal text) and 3:1 (large text / UI components) contrast ratios required by WCAG 2.1 AA.

ARIA & alt text governance

ARIA attributes added for dynamic content regions. Alt text requirements for image components enforced at the Touch UI dialog level - authors cannot publish without providing alternative text.

AEM Mocks (io.wcm)

Tests run against a simulated AEM context - JCR content loaded from JSON fixtures, OSGi service registry mocked, Sling resource resolution working without a running AEM instance. Fast, deterministic, CI-compatible.

Mockito for service dependencies

External OSGi service dependencies mocked with Mockito. Tests verified that models behave correctly under all injection scenarios, including missing or null service references.

Coverage scope

Test coverage included: content mapping from JCR nodes to model fields, OSGi service injection, edge cases for optional and missing content, and Sling Servlet request/response handling.

Retroactive coverage

Existing critical models identified as high-risk (high page coverage, complex mapping logic) received retroactive test suites. Coverage added without modifying production model code.

HTL conditional rendering

Components were extended with additional optional authoring fields - for example, a disclaimer text field for the German section. At the HTL level, data-sly-test checked the page path or locale, ensuring regulatory content was injected into the markup only when rendering within the appropriate regional context.

Touch UI dialog visibility

Authors outside the German section would not see the regulatory field in the Touch UI dialog - controlled via custom JS logic attached to the dialog. This kept the authoring experience clean for non-German markets while enforcing compliance at the component level for those that required it.

No component duplication

No separate component variants or duplicated code were required. The same component served all markets - regulatory content was conditionally present or absent based on context.

CSS logical properties

Directional properties were replaced with their logical equivalents across all affected components: margin-inline-start instead of margin-left, padding-inline-end instead of padding-right, inset-inline-start instead of left. Layout direction is driven entirely by the dir attribute (dir="rtl" / dir="ltr") set at the HTML element level on the page template.

Zero per-language overhead

No duplicate stylesheets, no per-language CSS overrides. The switch between LTR and RTL is seamless and automatic - adding a new RTL language requires no CSS changes, only correct dir attribute configuration on the page template.