This implementation of AccessController performs group-based access control. Two properties, allowGroups and denyGroups, specify the names of the groups whose members should be allowed or denied access, respectively. A user is allowed access only if he is a member of one of the allowGroups, but not a member of one of the denyGroups.

If the allowGroups property is not specified, all groups are implicitly considered to be “allow” groups. If the denyGroups property is not specified, no groups are considered to be “deny” groups. For example, if allowGroups is not specified and denyGroups=Kids,Teenagers, then everybody but kids and teenagers is allowed access. If, on the other hand, the denyGroups property is not specified and allowGroups=Kids,Teenagers, then only kids and teenagers are allowed access.

As an example, here is a configuration for a PreferredMemberAccessController component that allows access only to members of the GoldAccounts group:




# URL to redirect to if access is denied