AccessControlServlet checks the requestURI to see if it matches any of the restricted URLs identified in its accessController map. The accessController map is made up of URLs matched to an AccessController instance that governs the rules that determine, when that URL is requested, whether the active Profile is permitted to view the page. When access is denied by an AccessController, AccessController calls AccessControlServlet, which redirects the user to the URL in deniedAccessURL.

When access is permitted or denied by an AccessController, AccessControlServlet alerts the registered listeners held in the appropriate property: accessAllowedListeners or accessDeniedListeners. These properties are populated with the components that register themselves as listeners with AccessControlServlet.

You can disable AccessControlServlet by setting its enabled property to false.

For more information on configuring AccessControlServlet, see the ATG Personalization Programming Guide.