Permission-sensitive caching enables you to cache secured pages. Dispatcher checks user's access permissions for a page before delivering the cached page.
Dispatcher includes the AuthChecker module that implements permission-sensitive caching. When the module is activated, the render calls an AEM servlet to perform user authentication and authorization for the requested content. The servlet response determines whether the content is delivered to the web browser.
Because the methods of authentication and authorization are specific to the AEM deployment, you are required to create the servlet.
The following diagrams illustrate the order of events that occur when a web browser requests a page for which permission-sensitive caching is used.
Page is cached and user is authorized
1. Dispatcher determines that the requested content is cached and valid.
2. Dispatcher sends a request message to the render. The HEAD section includes all of the header lines from the browser request.
3. The render calls the authorizer to perform the security check and responds to Dispatcher. The response message includes an HTTP status code of 200 to indicate that the user is authorized.
4. Dispatcher sends a response message to the browser that consists of the header lines from the render response and the cached content in the body.