In AEM, we have both secured pages as well as public pages. Dispatcher provides the capability to cache all the pages but dispatcher doesn’t know about secured or un-secured pages, so it serves all the pages to an Anonymous user. To get rid of this problem, dispatcher needs to know whether a page is to be served to a particular user. In AEM, Permission Sensitive Caching(PSC) provides this functionality which enables you to cache secured pages. Dispatcher checks user’s access permissions for a page before delivering the cached page.
So, when any request comes to the dispatcher, it hits an AEM servlet to check the user permission.
Let’s elaborate PSC integration with AEM 6.4 and Dispatcher 2.4.
Step 1: Dispatcher configurations need to be updated as explained below:
a. Add this code in publish-farm :
# request is sent to this URL with '?uri=<page>' appended
# only the requested pages matching the filter section below are checked, all other pages get delivered unchecked
# any header line returned from the auth_checker's HEAD request matching the section below will be returned as well
Brief description about dispatcher configuration:
URL: The URL of the servlet that performs the security check.
filter: To specify specific folders on which permission sensitive caching is applied.
headers: Specifies the HTTP headers that the Authorization Servlet includes in the response.
b. Also, make sure allow Authorized is set to 1 under the cache configuration.
Note: Any page path which matches the PSC filters, the dispatcher will hit AEM servlet before serving the page from cache, so wisely define filters because network calls increase on each page hit.
Step 2: Now we must create a servlet in AEM which will check if the resource or page is authorized or not for the user who requests the web content and sends response Header.
Below is the Java Servlet to which dispatcher sends HEAD request :