This implementation of the AccessController
interface performs access control based on access rights. You specify the access rights through the allowedAccessRightNames
property, which is a List of access right names. If a page’s URL is mapped to an AccessRightAccessController
component (through the Access Control Servlet’s accessControllers
property) , then that component’s access rights are used to control access to the page.
Access rights are associated with users through global and organization roles. If a user’s role and the AccessRightsAccessController
associated with the page have at least one access right in common, the user is allowed to access the page.