The Access Control Servlet registers one or more AccessController
components in its accessControllers
service map property. This property maps URLs to AccessController
components. If the URL requested is mapped to an AccessController
component, the request’s Profile object is passed to the AccessController
, which determines whether or not access should be allowed. If access is allowed, the request is passed on; if access is denied, the servlet redirects the user to a specified deniedAccessURL
.
AccessController
is an interface that has a number of implementation classes. (The interface and the implementation classes are found in the atg.userprofiling
package.) Each of the classes implements a different mechanism for enforcing access control. Some of these implementation classes are discussed in the sections below: AccessRightAccessController, GroupAccessController, and RuleAccessController. For additional information about the AccessController
interface and the classes that implement it, see the ATG Platform API Reference.
In addition to the accessControllers
property, the Access Control Servlet has accessAllowedListeners
and accessDeniedListeners
properties. You can use these properties to specify atg.userprofiling.AccessAllowedListener
and atg.userprofiling.AccessDeniedListener
components, which are notified when page access is granted or denied.
The Access Control Servlet is enabled by default. You can disable it by setting the enabled
property of /atg/userprofiling/AccessControlServlet
to false
.
The following is an example of an AccessControlServlet.properties
file:
$class=atg.userprofiling.AccessControlServlet enabled=true # Nucleus path of the Profile object profilePath^=ProfileRequestServlet.profilePath # List of mappings between paths and AccessController objects. If a # path refers to a directory, all the documents in that directory and # its subdirectories will be protected by the given AccessController. accessControllers=\ /docs/members=/your/path/MemberAccessController,\ /docs/members/preferred=/your/path/PreferredMemberAccessController # List of "access allowed" event listeners # accessAllowedListeners= # List of "access denied" event listeners # accessDeniedListeners= # The URL to redirect to if access is denied. If the AccessController # supplies its own deniedAccessURL, it will overwrite this value. deniedAccessURL=http://yourserver/noaccess.html