|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object atg.nucleus.logging.VariableArgumentApplicationLoggingImpl atg.nucleus.GenericService atg.userprofiling.GroupAccessController
public class GroupAccessController
This implementation of AccessController performs group-based
access control. Two properties, allowGroups
and
denyGroups
, specify the names of the groups whose
members should be allowed or denied access, respectively. I.e.,
a user is only allowed access if he is a member of one of the
allowGroups
, but not a member of one of the
denyGroups
.
If the allowGroups
property is not specified,
all groups are implicitly considered to be "allow"
groups. If the denyGroups
property is not
specified, no groups are considered to be "deny" groups.
For example, if allowGroups
is not specified and
denyGroups=Kids,Teenagers
, then everybody but
kids and teenagers and allowed access. If, on the other hand,
denyGroups
is not specified and
allowGroups=Kids,Teenagers
, then only kids and
teenagers are allowed access.
AccessControlServlet
,
RepositoryItemGroup
,
RepositoryGroupContainer
Field Summary | |
---|---|
static java.lang.String |
CLASS_VERSION
Class version string |
Fields inherited from class atg.nucleus.GenericService |
---|
SERVICE_INFO_KEY |
Fields inherited from interface atg.nucleus.logging.TraceApplicationLogging |
---|
DEFAULT_LOG_TRACE_STATUS |
Fields inherited from interface atg.nucleus.logging.ApplicationLogging |
---|
DEFAULT_LOG_DEBUG_STATUS, DEFAULT_LOG_ERROR_STATUS, DEFAULT_LOG_INFO_STATUS, DEFAULT_LOG_WARNING_STATUS |
Constructor Summary | |
---|---|
GroupAccessController()
|
Method Summary | |
---|---|
boolean |
allowAccess(Profile pProfile,
DynamoHttpServletRequest pRequest)
Returns true if a user (represented by the specified Profile) should be allowed access, false if not. |
void |
doStartService()
Called after the service has been created, placed into the naming hierarchy, and initialized with its configured property values. |
java.lang.String[] |
getAllowGroups()
Returns the array of "allow" group names. |
java.lang.String |
getDeniedAccessURL()
Returns the URL to go to when access is denied. |
java.lang.String |
getDeniedAccessURL(Profile pProfile)
Returns a URL the user should be redirected to if allowAccess returns false. |
java.lang.String[] |
getDenyGroups()
Returns the array of "deny" group names. |
atg.repository.nucleus.RepositoryGroupContainer |
getGroupRegistry()
Returns the RepositoryGroupContainer used to resolve group names. |
protected boolean |
inAllowGroup(Profile pProfile)
Returns true if the specified profile is a member of one of the allowGroups. |
protected boolean |
inDenyGroup(Profile pProfile)
Returns true if the specified profile is a member of one of the denyGroups. |
boolean |
isDenyAnonymousUsers()
Returns whether or not anonymous users are denied access |
boolean |
isEnabled()
Is access control enabled? |
void |
setAllowGroups(java.lang.String[] pAllowGroups)
Sets the array of "allow" group names. |
void |
setDeniedAccessURL(java.lang.String pDeniedAccessURL)
Sets the URL to go to when access is denied. |
void |
setDenyAnonymousUsers(boolean pDenyAnonymousUsers)
Sets whether or not anonymous users are denied access |
void |
setDenyGroups(java.lang.String[] pDenyGroups)
Sets the array of "deny" group names. |
void |
setEnabled(boolean pEnabled)
Sets whether or not access control is enabled. |
void |
setGroupRegistry(atg.repository.nucleus.RepositoryGroupContainer pGroupRegistry)
Sets the RepositoryGroupContainer used to resolve group names. |
Methods inherited from class atg.nucleus.logging.VariableArgumentApplicationLoggingImpl |
---|
vlogDebug, vlogDebug, vlogDebug, vlogDebug, vlogError, vlogError, vlogError, vlogError, vlogInfo, vlogInfo, vlogInfo, vlogInfo, vlogTrace, vlogTrace, vlogTrace, vlogTrace, vlogWarning, vlogWarning, vlogWarning, vlogWarning |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
public static java.lang.String CLASS_VERSION
Constructor Detail |
---|
public GroupAccessController()
Method Detail |
---|
public boolean isEnabled()
public void setEnabled(boolean pEnabled)
public java.lang.String[] getAllowGroups()
public void setAllowGroups(java.lang.String[] pAllowGroups)
public java.lang.String[] getDenyGroups()
public void setDenyGroups(java.lang.String[] pDenyGroups)
public atg.repository.nucleus.RepositoryGroupContainer getGroupRegistry()
public void setGroupRegistry(atg.repository.nucleus.RepositoryGroupContainer pGroupRegistry)
public java.lang.String getDeniedAccessURL()
public void setDeniedAccessURL(java.lang.String pDeniedAccessURL)
public void setDenyAnonymousUsers(boolean pDenyAnonymousUsers)
pDenyAnonymousUsers
- if true, then anonymous
users are not allowed access to any access controlled areaspublic boolean isDenyAnonymousUsers()
protected boolean inAllowGroup(Profile pProfile)
protected boolean inDenyGroup(Profile pProfile)
public boolean allowAccess(Profile pProfile, DynamoHttpServletRequest pRequest)
allowAccess
in interface AccessController
public java.lang.String getDeniedAccessURL(Profile pProfile)
getDeniedAccessURL
in interface AccessController
public void doStartService() throws ServiceException
doStartService
in class GenericService
ServiceException
- if the service had a problem
starting up
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |