Expand my Community achievements bar.

Guidelines for the Responsible Use of Generative AI in the Experience Cloud Community.

Secure Cached Content is not working for first request

Avatar

Level 1

9/3/24

Request for Feature Enhancement (RFE) Summary:

I have implemented permission-based caching for our secure site. The site will perform user authentication before serving any secure content. I have followed the document for configurations and implementation-https://docs.adobe.com/docs/en/dispatcher/permissions-cache.html 

For initial request/cached content not available, the Dispatcher directly calls AEM resulting in displaying the secure page without authentication.

Use-case:

Use Case 1: The user must be authenticated via the Dispatcher Auth Checker Servlet before serving secure content.

Use Case 2: If the user's authentication via the Dispatcher Auth Checker Servlet fails, the dispatcher will not forward the original request to AEM.

Current/Experienced Behavior:

Current Behaviour for Use Case 1: When the requested content is not cached, the Dispatcher Auth Checker sends the request directly to the AEM publisher for page rendering, allowing the user to access secure content without authentication.

Current Behaviour for Use Case 2: If user authentication fails, the dispatcher forwards the original request to the AEM publisher for page rendering without authentication.

Improved/Expected Behavior:  Expected Behaviour for Use Case 1: The user must be authenticated via the Dispatcher Auth Checker Servlet before serving secure content.
Expected Behaviour for Use Case 2: If the user's authentication via the Dispatcher Auth Checker Servlet fails, the dispatcher should not forward the original request to AEM.
Environment Details (AEM version/service pack, any other specifics if applicable): Cloud Release - 2024.8.17465.20240813T175259Z
Customer-name/Organization name: Boston Scientific (BSC) 
Screenshot (if applicable):  
Code package (if applicable):  

@GurjotSingh @AkashRamchandani

1 Comment

Avatar

Administrator

9/13/24

@IndrajitSi 

Thanks for proposing this idea.
This has been reported to the engineering under the internal reference SITES-25118. The product team will triage this request to verify feasibility based on the prioritization model. This post will be updated according to the Jira status.
Status changed to: Investigating