I recommend to ask in the AEM Forms sub-forum:
(Unfortunately I cannot move this post there ... @kautuk_sahni can you
It allows you to model various requirements towards a ACL setup in an
efficient manner. But this is very hard to explain as general concept;
it's best if you could come up with more specific questions and/or
You don't need to ship it, as the core components are part of the
product. And of course all backwards compatible changes on the
components themselves are versioned, so you still use the v2 page,
although the core components already have a v3 for it.
If you want to write the short-path as URL within the page itself (or a
different page), just write the "long" path there. If a mapping exists
AEM will do that for you automatically. At least for pages, not for JSON
payloads etc. For these you need to use the ResourceResolver as
What type of authentication (and therefor: credentials) are you using?
JWT token? Username/password as basic auth? (Remember, that in AEM as a
Cloud Service the authentication normally works using IMS and tokens,
unlike the "classic" way of using username/password).
The problem with these URLs is that the dispatcher is not able to cache
a URL without an extension. That means you should rewrite your URLs on
the dispatcher to contain extensions. (And of course query strings also
prevent the dispatcher from caching the files...)
For reference: If you use the latest Core Components and Dynamic Media,
a WebP image will be delivered by DM if the browser can handle that. And
to make that work you don't need to do anything (but using DM and Core