|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object atg.nucleus.logging.VariableArgumentApplicationLoggingImpl atg.nucleus.GenericService atg.userprofiling.RuleAccessController
public class RuleAccessController
This implementation of AccessController performs access control
based on an arbitrary set of rules, specified via the service's
ruleSetService
property, which defines the rules.
For example, if there is a RuleSetService named PreferredMembersRuleSetService,
configured with the following rule set:
<ruleset>and the
<accepts>
<rule op=eq>
<valueof target="GoldAccounts">
<valueof constant="true">
</rule>
<rule op=gt>
<valueof target="numLogins">
<valueof constant="20">
</rule>
</accepts>
</ruleset>
ruleSetService
property points to
PreferredMembersRuleSetService
, then the user
will be allowed access only if their GoldAccounts property is,
true, or if they have logged in more than 20 times. Note
that when the rules are evaluated, the user's Profile object is
used to resolve the target
expressions. Note also
that the rules should evaluate to a boolean.
The optional sourceMap
property, if provided, is
used to resolve any bean
expressions in the access
control rules. If no such expressions occur in the rules, this
property can be left null.
AccessControlServlet
,
RuleSetService
,
RuleNode
Field Summary | |
---|---|
static java.lang.String |
CLASS_VERSION
Class version string |
Fields inherited from class atg.nucleus.GenericService |
---|
SERVICE_INFO_KEY |
Fields inherited from interface atg.nucleus.logging.TraceApplicationLogging |
---|
DEFAULT_LOG_TRACE_STATUS |
Fields inherited from interface atg.nucleus.logging.ApplicationLogging |
---|
DEFAULT_LOG_DEBUG_STATUS, DEFAULT_LOG_ERROR_STATUS, DEFAULT_LOG_INFO_STATUS, DEFAULT_LOG_WARNING_STATUS |
Constructor Summary | |
---|---|
RuleAccessController()
|
Method Summary | |
---|---|
boolean |
allowAccess(Profile pProfile,
DynamoHttpServletRequest pRequest)
Returns true if a user (represented by the specified Profile) should be allowed access, false if not. |
void |
doStartService()
Called after the service has been created, placed into the naming hierarchy, and initialized with its configured property values. |
java.lang.String |
getDeniedAccessURL()
Returns the URL to go to when access is denied. |
java.lang.String |
getDeniedAccessURL(Profile pProfile)
Returns a URL the user should be redirected to if allowAccess returns false. |
protected NameResolver |
getNameResolver(DynamoHttpServletRequest pRequest)
Returns a NameResolver which can be used to resolve names of components in the access control rules. |
atg.targeting.RuleSetService |
getRuleSetService()
Returns the RuleSetService containing access control rules. |
TargetingSourceMap |
getSourceMap()
Returns the TargetingSourceMap used to resolve component names in rules. |
boolean |
isDenyAnonymousUsers()
Gets the denyAnonymousUsers property |
boolean |
isEnabled()
Is access control enabled? |
void |
setDeniedAccessURL(java.lang.String pDeniedAccessURL)
Sets the URL to go to when access is denied. |
void |
setDenyAnonymousUsers(boolean pDenyAnonymousUsers)
Sets the denyAnonymousUsers property |
void |
setEnabled(boolean pEnabled)
Sets whether or not access control is enabled. |
void |
setRuleSetService(atg.targeting.RuleSetService pRuleSetService)
Sets the RuleSetService containing access control rules. |
void |
setSourceMap(TargetingSourceMap pSourceMap)
Sets the TargetingSourceMap used to resolve component names in rules. |
Methods inherited from class atg.nucleus.logging.VariableArgumentApplicationLoggingImpl |
---|
vlogDebug, vlogDebug, vlogDebug, vlogDebug, vlogError, vlogError, vlogError, vlogError, vlogInfo, vlogInfo, vlogInfo, vlogInfo, vlogTrace, vlogTrace, vlogTrace, vlogTrace, vlogWarning, vlogWarning, vlogWarning, vlogWarning |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
public static java.lang.String CLASS_VERSION
Constructor Detail |
---|
public RuleAccessController()
Method Detail |
---|
public boolean isEnabled()
public void setEnabled(boolean pEnabled)
public atg.targeting.RuleSetService getRuleSetService()
public void setRuleSetService(atg.targeting.RuleSetService pRuleSetService)
public TargetingSourceMap getSourceMap()
public void setSourceMap(TargetingSourceMap pSourceMap)
public java.lang.String getDeniedAccessURL()
public void setDeniedAccessURL(java.lang.String pDeniedAccessURL)
public void setDenyAnonymousUsers(boolean pDenyAnonymousUsers)
pDenyAnonymousUsers
- if true, then anonymous users are
automatically denied accesspublic boolean isDenyAnonymousUsers()
public boolean allowAccess(Profile pProfile, DynamoHttpServletRequest pRequest)
allowAccess
in interface AccessController
protected NameResolver getNameResolver(DynamoHttpServletRequest pRequest)
sourceMap
property is not null, its global name
resolver is returned. Otherwise, returns null.
public java.lang.String getDeniedAccessURL(Profile pProfile)
getDeniedAccessURL
in interface AccessController
public void doStartService() throws ServiceException
doStartService
in class GenericService
ServiceException
- if the service had a problem
starting up
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |