I'm not sure I've understood fully this guide, because I've implemented the servlet but if I try to call it with this URL :http://localhost:4502/bin/permissioncheck?uri=/content/dam/folder/reserved/image.jpg

the response is :

Method GET not supported

Cannot serve request to /bin/permissioncheck in AuthcheckerServlet

Even if I call the servlet from author or publish directly, it doesn't seem to work. 

I've not used the org.apache.felix.scr.annotations, since they are deprecated, but instead i wrote this:

@Component(service = Servlet.class, immediate = true,
    property = {
        SLING_SERVLET_PATHS + "=/bin/permissioncheck",
    })
public class AuthcheckerServlet extends SlingSafeMethodsServlet {

 Could this be the error ? 

Hi,
1. You have to create a servlet , that you already did.

2. Update the /auth_checker section in the dispatcher file

https://experienceleague.adobe.com/docs/experience-manager-dispatcher/using/configuring/permissions-...

Arun Patidar

Ok, i verified that this configuration is working for .html pages but not for assets, which is what I need.

I've tried also with the filter 

/0000
  {
  /glob "*"
  /type "allow"
  }
}

and it's still not working for assets 

/filter
    {
    /0000
      {
      /glob "*"
      /type "deny"
      }
    /0001
      {
      /glob "/content/secure/*.html"
      /type "allow"
      }
      /0010 { /glob "/content/dam/secure/*.pdf" /type "allow"}
      /0012 { /glob "/content/dam/secure/*.doc" /type "allow"}
    }

Arun Patidar

I've already used this kind of filter and it seems to be working, but only for non-secured folders, which is not so useful in my opinion. 
These are the cases for the postman calls:

•  /content/dam/secure has CUG user set:
  •  Publisher without CUG basic auth: not working 
  •  Publisher with CUG basic auth: working
  •  Dispatcher without CUG basic auth: not working (no HEAD servlet auth call)
  • Dispatcher with CUG basic auth: not working (no HEAD servlet auth call)
• /content/dam/secure has no CUG user set:
  •  Publisher without CUG basic auth: working
  •  Publisher with CUG basic auth: working
  •  Dispatcher without CUG basic auth: working (HEAD servlet auth call)
  •  Dispatcher with CUG basic auth: working (HEAD servlet auth call)

Hi,

For assets, if you applied cug, it will only applied for the immediate child asset.
Could you try to add cug to asset and check, if you are getting head request or not.

Ideally it should work.

we are also using this feature to protect page as well asset.

Arun Patidar

I've tried setting the CUG for the single assets but it's not possible. It's also stated in this guide: https://experienceleague.adobe.com/docs/experience-manager-learn/assets/advanced/closed-user-groups....

It seems like if the user has no permissions over the CUG protected folder, he/she can't neither call the authentication servlet, which becomes useless. The strange behaviour it's that it happens only with the dispatcher.

I am glad that finally it works for you.

Arun Patidar