I've managed to resolve the issue: The custom authentication servlet was not being called due to a code error inside a custom 404 handlerThe authentication servlet was not getting the basic authorization information due to "/clientheaders" section of the dispatcher farm not having the "Authorization...

I've tried setting the CUG for the single assets but it's not possible. It's also stated in this guide: https://experienceleague.adobe.com/docs/experience-manager-learn/assets/advanced/closed-user-groups.html?lang=en#closed-user-group-(cug)-with-aem-assets It seems like if the user has no permission...

I've already used this kind of filter and it seems to be working, but only for non-secured folders, which is not so useful in my opinion. These are the cases for the postman calls: /content/dam/secure has CUG user set: Publisher without CUG basic auth: not working  Publisher with CUG basic auth: wor...

Ok, i verified that this configuration is working for .html pages but not for assets, which is what I need.I've tried also with the filter /0000 { /glob "*" /type "allow" }}and it's still not working for assets 

I'm not sure I've understood fully this guide, because I've implemented the servlet but if I try to call it with this URL :http://localhost:4502/bin/permissioncheck?uri=/content/dam/folder/reserved/image.jpgthe response is :Method GET not supportedCannot serve request to /bin/permissioncheck in Auth...

Updating: the error is showing only through the dispatcher, as if I call the asset from the 2 publish instances with the correct basic authentication, the CUG configuration is working as expected. Anybody knows if there is a specific CUG configuration for the dispatchers ?