Expand my Community achievements bar.

Adobe Summit 2025: AEM Session Recordings Are Live! Missed a session or want to revisit your favorites? Watch the latest recordings now.
Watch Now!
SOLVED

Dispatcher not respecting CUG restriction on parent node

Avatar

Level 1
Level 1
10/15/15 7:26:13 PM

I've been investigating the below dispatcher issue. Can you please provide pointers on the below.

I have a cq:Page titled 'index' and under this page there is 'xyz.html'. This is only visible to group "xyz1" and not visible to group "xyz2" configured on the publisher. Initially when cache is empty a user in group xyz2 will see a 404 - Not Found error for the following requests made in the browser: 1) http://dispatcher-hostname.com/content/index.html, 2) http://dispatcher-hostname.com/content/index/xyz.html

When a user from group xyz1 requests URLS 1) and 2) above, the docs are cached separately in docroot and are seen in the cache as the following: 1) ../docroot/content/index.html and 2) ../docroot/content/index/xyz.html as expected.

When user from group xyz2 requests the cached documents they are able to access http://dispatcher-hostname.com/content/index.html which is NOT expected. However the user still gets a 404 - Not Found error when they access the 2nd URL: http://dispatcher-hostname.com/content/index/xyz.html which is expected. It appears that CUG entitlement check is NOT being respected on the cached parent node (.../index.html) but it is being applied on the child node (.../index/xyz.html).

A few things about my current setup: 1) allowAuthorized is '1', 2) dispatcher is configured to cache *.html, 3) Permission Sensitive Caching IS ENABLED (implemented using http://docs.adobe.com/docs/en/dispatcher/permissions-cache.html)

I read this dispatcher issue but it appears to be different from what we are experiencing: http://help-forums.adobe.com/content/adobeforums/en/experience-manager-forum/adobe-experience-manage...

Views

1.1K

Replies

3
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Community Advisor
Community Advisor
12/5/23 6:36:07 PM

Please assure that the auth_checker section in configured properly. Only the documents matching the /filter regex would be validated for CUG.

 

/auth_checker
  {
  # request is sent to this URL with '?uri=<page>' appended
  /url "/bin/permissioncheck"

  # only the requested pages matching the filter section below are checked,
  # all other pages get delivered unchecked
  /filter
    {
    /0000
      {
      /glob "*"
      /type "deny"
      }
    /0001
      {
      /glob "/content/secure/*.html"
      /type "allow"
      }
    }
  # any header line returned from the auth_checker's HEAD request matching
  # the section below will be returned as well
  /headers
    {
    /0000
      {
      /glob "*"
      /type "deny"
      }
    /0001
      {
      /glob "Set-Cookie:*"
      /type "allow"
      }
    }
  }

 

You can also enable DEBUG logs on dispatcher by setting DISP_LOG_LEVEL=debug. This will help you understand the requests and flow better

 

 

https://experienceleague.adobe.com/docs/experience-manager-dispatcher/using/configuring/permissions-...

Aanchal Sikka

View solution in original post

Views

374

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
3 Replies

Avatar

Level 10
Level 10
10/15/15 7:26:13 PM

so is the CUG applied for parent or the child page ?

Views

1.0K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 1
Level 1
10/15/15 7:26:13 PM

CUG is applied on the parent node e.g on the path: /content/index

Views

786

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Correct answer by
Community Advisor
Community Advisor
12/5/23 6:36:07 PM

Please assure that the auth_checker section in configured properly. Only the documents matching the /filter regex would be validated for CUG.

 

/auth_checker
  {
  # request is sent to this URL with '?uri=<page>' appended
  /url "/bin/permissioncheck"

  # only the requested pages matching the filter section below are checked,
  # all other pages get delivered unchecked
  /filter
    {
    /0000
      {
      /glob "*"
      /type "deny"
      }
    /0001
      {
      /glob "/content/secure/*.html"
      /type "allow"
      }
    }
  # any header line returned from the auth_checker's HEAD request matching
  # the section below will be returned as well
  /headers
    {
    /0000
      {
      /glob "*"
      /type "deny"
      }
    /0001
      {
      /glob "Set-Cookie:*"
      /type "allow"
      }
    }
  }

 

You can also enable DEBUG logs on dispatcher by setting DISP_LOG_LEVEL=debug. This will help you understand the requests and flow better

 

 

https://experienceleague.adobe.com/docs/experience-manager-dispatcher/using/configuring/permissions-...

Aanchal Sikka

Views

375

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
Related Conversations
How to quickly set up dispatcher locally for AEM AMS using AEM Cloud SDK? Solved

Views

138

Like

1

Replies

6
Clientlib css not loading in Dispatcher only Solved

Views

186

Likes

0

Replies

6
not able to change html for embed component Solved

Views

120

Likes

0

Replies

5
What is the best way to create a component which will be authored/edited by only one user group?

Views

125

Like

1

Replies

5
Stale Content Served via Firewall (Imperva) Layer Despite CDN and dispatcher Cache Purge

Views

51

Likes

0

Replies

0