Configuring the Access Control Servlet

The Access Control Servlet registers one or more AccessController components in its accessControllers service map property. This property maps URLs to AccessController components. If the URL requested is mapped to an AccessController component, the request’s Profile object is passed to the AccessController, which determines whether or not access should be allowed. If access is allowed, the request is passed on; if access is denied, the servlet redirects the user to a specified deniedAccessURL.

AccessController is an interface that has a number of implementation classes. (The interface and the implementation classes are found in the atg.userprofiling package.) Each of the classes implements a different mechanism for enforcing access control. Some of these implementation classes are discussed in the sections below: AccessRightAccessController, GroupAccessController, and RuleAccessController. For additional information about the AccessController interface and the classes that implement it, see the ATG Platform API Reference.

In addition to the accessControllers property, the Access Control Servlet has accessAllowedListeners and accessDeniedListeners properties. You can use these properties to specify atg.userprofiling.AccessAllowedListener and atg.userprofiling.AccessDeniedListener components, which are notified when page access is granted or denied.

The Access Control Servlet is enabled by default. You can disable it by setting the enabled property of /atg/userprofiling/AccessControlServlet to false.

The following is an example of an AccessControlServlet.properties file:

$class=atg.userprofiling.AccessControlServlet

enabled=true

# Nucleus path of the Profile object
profilePath^=ProfileRequestServlet.profilePath

# List of mappings between paths and AccessController objects.  If a
# path refers to a directory, all the documents in that directory and
# its subdirectories will be protected by the given AccessController.
accessControllers=\
  /docs/members=/your/path/MemberAccessController,\
  /docs/members/preferred=/your/path/PreferredMemberAccessController

# List of "access allowed" event listeners
# accessAllowedListeners=

# List of "access denied" event listeners
# accessDeniedListeners=

# The URL to redirect to if access is denied.  If the AccessController
# supplies its own deniedAccessURL, it will overwrite this value.
deniedAccessURL=http://yourserver/noaccess.html

Copyright © 1997, 2013 Oracle and/or its affiliates. All rights reserved. Legal Notices