[AEM Dispatcher] 404 for Servlet with Custom Selector – Dispatcher Logs Show actionblocked | Community
Skip to main content
Level 2
July 14, 2026
Question

[AEM Dispatcher] 404 for Servlet with Custom Selector – Dispatcher Logs Show actionblocked

  • July 14, 2026
  • 0 replies
  • 7 views

Hi everyone,

I'm facing a 404 issue with a custom Sling Servlet and the AEM Dispatcher. The servlet works for one placement of the component but returns a 404 for another, even though they share the exact same resource type.

Environment:

AEM as a Cloud Service

Servlet registered via @SlingServletResourceTypes with selectors = "customselector", extensions = "json"

Dispatcher module with a standard filter.any configuration

Scenario:

The servlet is registered for the resource type path/components/componentname and handles requests with the selector customselector and extension json (e.g., ...componentname.customselector.json).

Placement A (Works): The component is placed inside an Experience Fragment (XF) used in the site header.

Request URL: /content/experience-fragments/.../componentname.customselector.json

Response: 200 OK

Placement B (Fails): The exact same component (same sling:resourceType) is placed inline on a standard content page.

Request URL:

/content/path/us/en/pagepath/_jcr_content/root/container/componentname.customselector.json?tags=...

Response: 404 Not Found

Dispatcher Log Entry: [actionblocked] develop.domain.com

Note: Both components are on the same AEM Publish environment. The only difference is their physical location in the JCR tree (under /content/experience-fragments/ vs. under /content/path/).

Dispatcher Rules Context:

I have a universal deny rule at the top of my filter.any file:


/0001 { /type "deny" /url "*" }
I also have other working allow rules for JSON endpoints placed near the bottom, for example:


/10200 { /type "allow" /method "GET" /path "/content/path/*" /selectors "anotherselector" /extension "json" }

This rule works perfectly for its intended URLs.

if i add this anotherselector in the browser instead of customselector with my page content path then getting 400 not 404

if i change my selector name from the file then getting 404 for both placements


What I Tried (Failed):

To fix the 404 for Placement B, I added a specific allow rule at the bottom of the file (near the other working rules):


Option 1 (Exact path for this specific placement):

apache
/10600 { 
    /type "allow" 
    /method "GET" 
    /path "/content/path/us/en/pagepath/_jcr_content/root/container/componentname" 
    /selectors "customselector" 
    /extension "json" 
}
Option 2 (Generic approach, mirroring the working /102 rule, which I prefer for maintainability):

apache
/10601{ 
    /type "allow" 
    /method "GET" 
    /path "/content/path/*" 
    /selectors "customselector" 
    /extension "json" 
}
After applying Option 2 and reloading the dispatcher, Placement B now returns a 200 OK.

Questions for the Community:

Is my understanding of the Dispatcher path-matching behavior correct (that selectors/extensions are stripped from the /path attribute during filter evaluation)?

Are there any security implications with using the generic allow rule (/content/path/*) for this specific selector, or is it acceptable as long as the selector (customselector) is unique and unlikely to be exploited?

I hope this detailed breakdown helps anyone else facing similar issues with Dispatcher and custom selectors. Any feedback on best practices would be greatly appreciated!

Thanks!