Class RuleAccessController

  extended by atg.nucleus.logging.VariableArgumentApplicationLoggingImpl
      extended by atg.nucleus.GenericService
          extended by atg.userprofiling.RuleAccessController
All Implemented Interfaces:
NameContextBindingListener, NameContextElement, NameResolver, AdminableService, ApplicationLogging, atg.nucleus.logging.ApplicationLoggingSender, atg.nucleus.logging.TraceApplicationLogging, VariableArgumentApplicationLogging, ComponentNameResolver, Service, ServiceListener, AccessController, java.util.EventListener

public class RuleAccessController
extends GenericService
implements AccessController

This implementation of AccessController performs access control based on an arbitrary set of rules, specified via the service's ruleSetService property, which defines the rules. For example, if there is a RuleSetService named PreferredMembersRuleSetService, configured with the following rule set:

<rule op=eq>
<valueof target="GoldAccounts">
<valueof constant="true">
<rule op=gt>
<valueof target="numLogins">
<valueof constant="20">
and the ruleSetService property points to PreferredMembersRuleSetService, then the user will be allowed access only if their GoldAccounts property is, true, or if they have logged in more than 20 times. Note that when the rules are evaluated, the user's Profile object is used to resolve the target expressions. Note also that the rules should evaluate to a boolean.

The optional sourceMap property, if provided, is used to resolve any bean expressions in the access control rules. If no such expressions occur in the rules, this property can be left null.

See Also:
AccessControlServlet, RuleSetService, RuleNode

Field Summary
static java.lang.String CLASS_VERSION
          Class version string
Fields inherited from class atg.nucleus.GenericService
Fields inherited from interface atg.nucleus.logging.TraceApplicationLogging
Fields inherited from interface atg.nucleus.logging.ApplicationLogging
Constructor Summary
Method Summary
 boolean allowAccess(Profile pProfile, DynamoHttpServletRequest pRequest)
          Returns true if a user (represented by the specified Profile) should be allowed access, false if not.
 void doStartService()
          Called after the service has been created, placed into the naming hierarchy, and initialized with its configured property values.
 java.lang.String getDeniedAccessURL()
          Returns the URL to go to when access is denied.
 java.lang.String getDeniedAccessURL(Profile pProfile)
          Returns a URL the user should be redirected to if allowAccess returns false.
protected  NameResolver getNameResolver(DynamoHttpServletRequest pRequest)
          Returns a NameResolver which can be used to resolve names of components in the access control rules.
 atg.targeting.RuleSetService getRuleSetService()
          Returns the RuleSetService containing access control rules.
 TargetingSourceMap getSourceMap()
          Returns the TargetingSourceMap used to resolve component names in rules.
 boolean isDenyAnonymousUsers()
          Gets the denyAnonymousUsers property
 boolean isEnabled()
          Is access control enabled?
 void setDeniedAccessURL(java.lang.String pDeniedAccessURL)
          Sets the URL to go to when access is denied.
 void setDenyAnonymousUsers(boolean pDenyAnonymousUsers)
          Sets the denyAnonymousUsers property
 void setEnabled(boolean pEnabled)
          Sets whether or not access control is enabled.
 void setRuleSetService(atg.targeting.RuleSetService pRuleSetService)
          Sets the RuleSetService containing access control rules.
 void setSourceMap(TargetingSourceMap pSourceMap)
          Sets the TargetingSourceMap used to resolve component names in rules.
Methods inherited from class atg.nucleus.GenericService
addLogListener, createAdminServlet, doStopService, getAbsoluteName, getAdminServlet, getLoggingForVlogging, getLogListenerCount, getLogListeners, getName, getNameContext, getNucleus, getRoot, getServiceConfiguration, getServiceInfo, isLoggingDebug, isLoggingError, isLoggingInfo, isLoggingTrace, isLoggingWarning, isRunning, logDebug, logDebug, logDebug, logError, logError, logError, logInfo, logInfo, logInfo, logTrace, logTrace, logTrace, logWarning, logWarning, logWarning, nameContextElementBound, nameContextElementUnbound, removeLogListener, reResolveThis, resolveName, resolveName, resolveName, resolveName, sendLogEvent, setLoggingDebug, setLoggingError, setLoggingInfo, setLoggingTrace, setLoggingWarning, setNucleus, setServiceInfo, startService, stopService
Methods inherited from class atg.nucleus.logging.VariableArgumentApplicationLoggingImpl
vlogDebug, vlogDebug, vlogDebug, vlogDebug, vlogError, vlogError, vlogError, vlogError, vlogInfo, vlogInfo, vlogInfo, vlogInfo, vlogTrace, vlogTrace, vlogTrace, vlogTrace, vlogWarning, vlogWarning, vlogWarning, vlogWarning
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail


public static java.lang.String CLASS_VERSION
Class version string

Constructor Detail


public RuleAccessController()
Method Detail


public boolean isEnabled()
Is access control enabled?


public void setEnabled(boolean pEnabled)
Sets whether or not access control is enabled.


public atg.targeting.RuleSetService getRuleSetService()
Returns the RuleSetService containing access control rules.


public void setRuleSetService(atg.targeting.RuleSetService pRuleSetService)
Sets the RuleSetService containing access control rules.


public TargetingSourceMap getSourceMap()
Returns the TargetingSourceMap used to resolve component names in rules.


public void setSourceMap(TargetingSourceMap pSourceMap)
Sets the TargetingSourceMap used to resolve component names in rules.


public java.lang.String getDeniedAccessURL()
Returns the URL to go to when access is denied. The URL can be either relative or absolute.


public void setDeniedAccessURL(java.lang.String pDeniedAccessURL)
Sets the URL to go to when access is denied. The URL can be either relative or absolute.


public void setDenyAnonymousUsers(boolean pDenyAnonymousUsers)
Sets the denyAnonymousUsers property

pDenyAnonymousUsers - if true, then anonymous users are automatically denied access


public boolean isDenyAnonymousUsers()
Gets the denyAnonymousUsers property

whether anonymous users are automatically denied access


public boolean allowAccess(Profile pProfile,
                           DynamoHttpServletRequest pRequest)
Returns true if a user (represented by the specified Profile) should be allowed access, false if not.

Specified by:
allowAccess in interface AccessController


protected NameResolver getNameResolver(DynamoHttpServletRequest pRequest)
Returns a NameResolver which can be used to resolve names of components in the access control rules. If the sourceMap property is not null, its global name resolver is returned. Otherwise, returns null.


public java.lang.String getDeniedAccessURL(Profile pProfile)
Returns a URL the user should be redirected to if allowAccess returns false.

Specified by:
getDeniedAccessURL in interface AccessController


public void doStartService()
                    throws ServiceException
Called after the service has been created, placed into the naming hierarchy, and initialized with its configured property values. Makes sure all the required properties have been set in the .properties file.

doStartService in class GenericService
ServiceException - if the service had a problem starting up