This implementation of AccessController
performs access control based on a set of rules, specified via the service’s ruleSetService
property. For example, suppose there is a RuleSetService
named FemaleRuleSetService
, configured with the following rule set:
<ruleset> <accepts> <rule op=eq> <valueof target="Gender"> <valueof constant="female"> </rule> </accepts> </ruleset>
Set the ruleSetService
property of the Access Controller to point to FemaleMembersRuleSetService
. The user will be allowed access only if she is in the Female
profile group. Here is the example configuration:
$class=atg.userprofiling.RuleAccessController enabled=true # Rules used to determine whether access should be allowed ruleSetService=/your/path/rules/FemaleRuleSetService # URL to redirect to if access is denied deniedAccessURL=http://yourserver/femaleAccessOnly.html
Note that when the rules are evaluated, the user’s Profile
object is used to resolve the target expressions. Note also that the rules must evaluate to a Boolean. The rules used by a RuleAccessController
component use the same syntax as those used for content targeting. See the Creating Rules for Targeting Content and the Setting Up Targeting Services chapters for more information.
The optional sourceMap
property, if provided, is used to resolve any bean expressions in the access control rules. If no such expressions occur in the rules, you can leave this property as null.