Querying asset in CUG | Community
Skip to main content
Guglielmo_Francesconi
Guglielmo_Francesconi
Level 2
November 19, 2021

Querying asset in CUG

  • November 19, 2021
  • 3 replies
  • 2587 views

Hello,

 

I have the need to retrieve assets through GET calls, only if I'm logged in (reserved assets).

I've tried using the CUG, setting an user as a viewer then, when I've published the folder and also the asset, I try with Postman to access the resource with basic authentication (of course the user that is in the CUG settings of the folder) and I get a resource not found 404 error.

What is the correct process to retrieve those assets with a GET call?

 

Thank you,

 

Guglielmo

 

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

3 replies

Guglielmo_Francesconi
Guglielmo_FrancesconiAuthor
Level 2
November 19, 2021

Updating: 

the error is showing only through the dispatcher, as if I call the asset from the 2 publish instances with the correct basic authentication, the CUG configuration is working as expected. Anybody knows if there is a specific CUG configuration for the dispatchers ?

    arunpatidar
    Community Advisor
    arunpatidarCommunity Advisor
    Community Advisor
    November 19, 2021

    Hi,

    Please check https://experienceleague.adobe.com/docs/experience-manager-dispatcher/using/configuring/permissions-cache.html?lang=en to implement dispatcher changes in order to protect asset properly and with caching.

    Arun Patidar
      Guglielmo_Francesconi
      Guglielmo_FrancesconiAuthor
      Level 2
      November 23, 2021

      Ok, i verified that this configuration is working for .html pages but not for assets, which is what I need.

      I've tried also with the filter 

      /0000
        {
        /glob "*"
        /type "allow"
        }
      }

      and it's still not working for assets 

        Guglielmo_Francesconi
        Guglielmo_FrancesconiAuthor
        Level 2
        November 25, 2021

        Hi,

        For assets, if you applied cug, it will only applied for the immediate child asset.
        Could you try to add cug to asset and check, if you are getting head request or not.

        Ideally it should work.

        we are also using this feature to protect page as well asset.


        I've tried setting the CUG for the single assets but it's not possible. It's also stated in this guide: https://experienceleague.adobe.com/docs/experience-manager-learn/assets/advanced/closed-user-groups.html?lang=en#closed-user-group-(cug)-with-aem-assets

         

        It seems like if the user has no permissions over the CUG protected folder, he/she can't neither call the authentication servlet, which becomes useless. The strange behaviour it's that it happens only with the dispatcher.

          Guglielmo_Francesconi
          Guglielmo_FrancesconiAuthor
          Level 2
          November 25, 2021

          I've managed to resolve the issue:

           

          • The custom authentication servlet was not being called due to a code error inside a custom 404 handler
          • The authentication servlet was not getting the basic authorization information due to "/clientheaders" section of the dispatcher farm not having the "Authorization" header

           

          Thank you @arunpatidar for all the support!

            arunpatidar
            Community Advisor
            arunpatidarCommunity Advisor
            Community Advisor
            November 27, 2021

            I am glad that finally it works for you.

            Arun Patidar
              Terms & ConditionsAccessibility statement

              Loading footer...