Institutional and corporate portals have been the central point of digital presence for many organizations for years. However, most continue to operate under monolithic architectures that, although functional in their beginnings, have become true obstacles to innovation and digital evolution.
In this article we explore how to transform a traditional portal into a composable platform using Liferay DXP, APIs and modern development technologies. It's not about a complete rewrite, but rather a progressive evolution that allows gaining agility, scalability and autonomy.
The Problem with Monolithic Portals
Many current institutional portals were built with an architecture where backend, frontend and content are tightly coupled. This dependency generates a series of problems that worsen over time:
- •Simple changes require complete deployments: Modifying a text or updating a style can involve a complete cycle of development, testing and deployment.
- •High dependency on the technical team: Business teams cannot make changes autonomously, creating bottlenecks.
- •Difficulty integrating new systems: Each integration requires custom development and direct coupling with the portal core.
- •Content encapsulated in non-reusable formats: The massive use of PDFs as the primary format limits content reusability and accessibility.
- •Low evolution speed: The system becomes rigid and difficult to adapt to new needs.
The result is clear: the portal stops being a facilitator and becomes a bottleneck that slows down digital transformation.
Composable Architecture: The Modern Approach
The solution involves evolving towards a composable architecture, where each piece of the system is independent, decoupled and reusable. This approach allows building flexible platforms that can quickly adapt to new requirements without the need for complete rewrites.
APIs as Foundation: OpenAPI-first Approach
The first step towards composability is designing the backend as a set of well-defined APIs. Instead of having business logic coupled to the portal, services are exposed through REST APIs documented with OpenAPI.
The benefits of this approach are multiple:
- •Clear contracts through OpenAPI: The OpenAPI specification precisely defines endpoints, parameters, responses and data models.
- •Total separation between frontend and backend: Teams can work independently following the defined contract.
- •Versioning and change control: APIs can evolve in a controlled manner without breaking existing consumers.
- •Reuse by multiple consumers: The same API can be consumed by the portal, mobile applications, external systems or integrations.
Liferay DXP facilitates this approach through its REST APIs framework, which allows creating and exposing services quickly following industry standards.
Client Extensions: Decoupled Frontend with React and Angular
Traditionally, Liferay portals used JSP portlets or proprietary frameworks for the frontend. This approach limited the use of modern technologies and generated coupling with the portal stack.
With Client Extensions, Liferay allows developing completely decoupled frontend applications using React, Angular or any modern framework. These applications integrate into the portal but are deployed independently.
Client Extensions allow frontend teams to work with their favorite tools, follow modern best practices and deploy their changes without depending on the portal core release cycle.
This provides:
- •Greater development speed: Developers can use modern tools and libraries without restrictions.
- •Independence from the portal core: Frontend deployments don't require restarting the Liferay server.
- •Use of modern best practices: Unit testing, hot reload, tree shaking and other current frontend development techniques.
Headless CMS + Reusable Fragments
One of the most important changes in composable architecture is separating content from its presentation. Liferay DXP can act as a headless CMS, exposing structured content through APIs that can be consumed by any channel.
The strategy combines two key elements:
- •Content APIs: Content is exposed via REST APIs in structured formats (JSON), allowing its consumption from multiple channels.
- •Reusable fragments: Layout is managed through fragments that can be combined and reused by business teams without the need for development.
The advantages of this approach are significant:
- •Autonomy for business teams: They can create and modify pages by combining fragments without depending on development.
- •Elimination of PDF dependency: Structured content is more accessible, indexable and reusable than static documents.
- •Improvement in content reusability: The same content can be presented in different ways depending on the context.
Integration with Legacy Systems
In real enterprise environments, legacy systems are inevitable. Old databases, applications without APIs and rigid integrations are part of the technological landscape of most organizations.
The correct strategy is not to ignore them or couple them directly to the portal, but to introduce an API layer as an intermediary:
Legacy System → Adapter/Wrapper → REST API → Liferay Portal
This approach applies the anti-corruption layer pattern, which allows:
- •Isolating the portal from the complexity and limitations of the legacy system
- •Exposing only the necessary information through clean API contracts
- •Facilitating the future replacement of the legacy system without impacting the portal
- •Applying data transformations and adaptation logic at a centralized point
Liferay facilitates this type of integration through its ability to consume external REST APIs and expose them in a unified way through its service layer.
Security in Distributed Environments
A composable architecture involves multiple components communicating with each other. Security must be transversal and standardized at all integration points.
Key security elements include:
OAuth2 for API Protection
All APIs must be protected through OAuth2, the de facto standard for authorization in REST APIs. Liferay DXP includes native support for OAuth2, allowing:
- •Issuance of access tokens with limited scopes
- •Role and permission-based authorization
- •Centralized access revocation
SSO to Unify Authentication
In environments with multiple systems, implementing Single Sign-On (SSO) is fundamental to improve user experience and centralize identity management. Liferay supports the main SSO protocols such as SAML, OpenID Connect and CAS.
2FA for Sensitive Access
For critical areas of the portal or administrative access, two-factor authentication (2FA) adds an additional layer of security. Liferay allows integrating 2FA solutions through TOTP or other mechanisms.
Modern Deployment with GitLab CI/CD and Docker
A composable architecture must be accompanied by a modern deployment model that allows independent and automated release cycles.
The recommended strategy includes:
Automated Pipelines in GitLab CI/CD
Each component (APIs, Client Extensions, configurations) has its own pipeline that executes:
- •Static code analysis and unit tests
- •Build and packaging of the artifact
- •Automatic deployment in pre-production environments
- •Controlled promotion to production
Independent Builds for Frontend and Backend
Frontend Client Extensions are built and deployed completely independently from the Liferay core, allowing:
- •Faster iterations on the presentation layer
- •Selective rollbacks without affecting other components
- •Specific optimization of each artifact
Reproducible Environments with Docker
The use of Docker containers guarantees that development, pre-production and production environments are consistent. Liferay DXP provides official Docker images that facilitate this approach.
Real Benefits of the Transformation
Accelerated Time-to-Market
Composable architecture drastically reduces the time needed to bring new functionalities to production:
- •Faster iterations: Teams can work in parallel without blocking each other
- •Independent deployments: It's not necessary to wait for maintenance windows for minor changes
- •Less friction in changes: Modifications are isolated and have lower risk of side effects
Business Autonomy
Business teams gain independence from technical teams:
- •Content editing without depending on development: They can create and modify pages using fragments
- •Use of reusable fragments: Library of components they can combine without programming
- •Lower load on technical teams: Developers can focus on value functionality
Technical and Organizational Scalability
The platform can grow sustainably:
- •Independent component scaling: Each service can scale according to its specific load
- •Integration with new channels: Mobile apps, public APIs, chatbots can consume the same APIs
- •Progressive evolution without complete rewrites: Components can be modernized incrementally
Conclusion: Evolution, Not Revolution
Transforming a monolithic portal into a composable platform does not mean redoing everything from scratch. It's about a progressive evolution that can be approached in phases:
- •Identify components with the greatest need for frequent change
- •Expose them through well-defined APIs
- •Progressively migrate the frontend to Client Extensions
- •Implement the headless CMS for structured content
- •Modernize the deployment pipeline
This strategy allows obtaining quick benefits while reducing the risk associated with large transformations. The result is a flexible, scalable portal prepared to evolve at the pace demanded by the business.
At JULDITEC we accompany organizations in this transformation, combining our experience in Liferay DXP with modern development, integration and automation practices. If your portal has become an obstacle instead of a facilitator, it's time to evolve towards a composable architecture.