You can extend the StandardSecurityPolicy
to make the policy more flexible or tighter, depending on the needs of your application.
In the following example, access is denied if the access control list is null (unspecified):
public class DefaultDenySecurityPolicy extends StandardSecurityPolicy { public int getAccess(AccessControlList pAcl, Object pObject, Persona pPersona, AccessRight pRight, boolean pExactPersona) { if (pAcl == null) return DENIED; else return super.getAccess(pAcl, pObject, pPersona, pRight, pExactPersona); } }
In the following example, access is denied except during the hours of 9:00 to 5:00 in the default (local) time zone:
public class DenyOutsideBusinessHoursSecurityPolicy extends StandardSecurityPolicy { public int getAccess(AccessControlList pAcl, Object pObject, Persona pPersona, AccessRight pRight, boolean pExactPersona) { Calendar calender = new GregorianCalendar(new Date()); int hourOfDay = calendar.get(Calendar.HOUR_OF_DAY); if ((hourOfDay < 9) || (hourOfDay > 5)) return DENIED; else return super.getAccess(pAcl, pObject, pPersona, pRight, pExactPersona); } }