I've managed to resolve the issue: The custom authentication servlet was not being called due to a code error inside a custom 404 handlerThe authentication servlet was not getting the basic authorization information due to "/clientheaders" section of the dispatcher farm not having the "Authorization...

I've tried setting the CUG for the single assets but it's not possible. It's also stated in this guide: https://experienceleague.adobe.com/docs/experience-manager-learn/assets/advanced/closed-user-groups.html?lang=en#closed-user-group-(cug)-with-aem-assets It seems like if the user has no permission...

I've already used this kind of filter and it seems to be working, but only for non-secured folders, which is not so useful in my opinion. These are the cases for the postman calls: /content/dam/secure has CUG user set: Publisher without CUG basic auth: not working  Publisher with CUG basic auth: wor...

Ok, i verified that this configuration is working for .html pages but not for assets, which is what I need.I've tried also with the filter /0000 { /glob "*" /type "allow" }}and it's still not working for assets 

I'm not sure I've understood fully this guide, because I've implemented the servlet but if I try to call it with this URL :http://localhost:4502/bin/permissioncheck?uri=/content/dam/folder/reserved/image.jpgthe response is :Method GET not supportedCannot serve request to /bin/permissioncheck in Auth...

Updating: the error is showing only through the dispatcher, as if I call the asset from the 2 publish instances with the correct basic authentication, the CUG configuration is working as expected. Anybody knows if there is a specific CUG configuration for the dispatchers ?

Hi Kiran, thank you for the reply. So I understand that there is no real issue in storing many nodes under one tag node, unless someone access crx and opens it.  We'll try storing the tags all at the same level.  Thank you!

Ok I managed to fix this after @Asutosh_Jena_ suggestions and after various trying. Final working configuration is this:<?xml version="1.0" encoding="UTF-8"?> <jcr:root xmlns:cq="http://www.day.com/jcr/cq/1.0" xmlns:jcr="http://www.jcp.org/jcr/1.0" xmlns:nt="http://www.jcp.org/jcr/nt/1.0" jcr:pr...

The "disableChecking" was already at true, but after some tests with the configurations I've managed to make the rewriter work with also the versioned-clientlibs.The configuration is the following: jcr:primaryType="nt:unstructured" contentTypes="[text/html]" enabled="{Boolean}true" gen...

Hi @Asutosh_Jena_ , I've tried doing as you told, also removing the property "paths" which I need because I have multiple sites on the same instance, but it's working only the "versioned clientlibs" part, excluding link rewriting.