Reputation: 151
DAM Content Unsecure
In our application is based on authentication i.e. a user cannot login to our application till he/she logs in using credentials. But our dam content is getting accessible if it is cached in Dispatcher. Once a image is cached in dispatcher the call does not come to the publish where in sling authentication service I have enabled authentication for /content/dam. Could anyone please let me know how to block dam content till we have logged in. We are using AEM 6.1 SP2
Thanks, Tushar
Upvotes: 1
Views: 141
Answers (2)
Reputation: 1008
You can configure the AuthChecker module of the Dispatcher to always check for authorization before serving content to the end user. If the user is not authorized, the content is not delivered. https://docs.adobe.com/docs/en/dispatcher/permissions-cache.html
The benefit with this approach is that your content can still be cached in the Dispatcher instead of preventing caching on your entire DAM assets - increasing response times.
Upvotes: 5
Reputation: 64
Add the below code to jsp pages so that dispatcher won't catch any information about the page
<%
response.setHeader("Dispatcher", "no-cache");
response.setHeader("Cache-Control", "no-cache");
response.setHeader("Cache-Control", "no-store");
response.setHeader("Pragma", "no-cache");
%>
Upvotes: 0
Related Questions
- AEM Configuration
- Problem with encrypt/decrypting files using aes256gcm algorithm in envelopedCms. What are mine options?
- How AEM DAM Asset renditions are getting used in AEM?
- Query regarding Adobe AEM
- AEM DAM apect ratio crop
- DAM assets are not getting cached in dispatcher adobe aem
- How to create DAM Taxonomy in CQ5
- AES encryption j2me
- Java PBEWithMD5AndDES
- Links for AES 128 bit CFB Implemenation or sample application