I have got a filter servlet in AEM which is used for custom authentication & and redirect handling on the websites.
Currently, all the user-specific pages are getting served from the publish instance in AEM and caching is not enabled on these pages. Hence my forced-login scenario works.
If I want to use the dispatcher to serve these pages, Filter Servlets are not triggered and the user is able to access these pages even if logged out with broken/missing details. Can we add any configuration in the dispatcher to allow filter servlets even on dispatcher-cached pages?
If you want to use the Dispatcher while having AEM maintain control over which users see which resources, the most natural way to do this is through configuring the auth_checker
in your Dispatcher config. It mostly boils down to defining glob patterns to instruct it which requests require an auth check and which ones do not and pointing at a servlet that handles the authorization.
The official documentation contains decent guidelines on the topic