The atg.userdirectory
package contains the following interfaces, which represent each of the different types of objects that can exist in a user directory:
atg.userdirectory.User
atg.userdirectory.Organization
atg.userdirectory.Role
atg.userdirectory.RelativeRole
(represents organizational roles)atg.userdirectory.DirectoryPrincipal
atg.userdirectory.OrganizationalEntity
atg.userdirectory.RoleFolder
Note that each of these interfaces contains methods that you can use to search for items in a user directory. These methods provide alternative and in some cases more flexible techniques for sorting user directory items than the implementations in the atg.userdirectory.droplet
package described in the next section. For example, the atg.userdirectory.organizations
interface contains methods for finding all users associated with a directory and for sorting them by first name, last name, login ID, or e-mail address.
In addition to the interfaces described above, the atg.userdirectory
package contains the interface atg.userdirectory.UserDirectory
, which manages the organizational tree, and the following additional classes:
atg.userdirectory.RoleNotAssignableException
atg.userdirectory.DirectoryModificationException
For information about the atg.userdirectory
package, refer to the ATG Platform API Reference.
atg.userdirectory.UserDirectoryUserAuthority
A user authority (an implementation of the atg.security.UserAuthority
interface) produces Persona objects that can be used as part of a security model to identify users and associate them with any roles that they may have. The atg.userdirectory.UserDirectoryUserAuthority
class is a user authority that is designed for creating Persona objects specific to a user directory.
The UserDirectoryUserAuthority
class supports the following items for identity lookup:
user
org
role
login
orgpath
rolepath
These identities can be included as PRINCIPAL_TYPE access control entries in Access Control Lists and then extracted, for example by an ACL parser. Access Control Entries use the following format:
UD_NAME '$' PRINCIPAL_TYPE '$' UD_PRINCIPAL_KEY
where UD_NAME is the name of the user directory (for example, Profile), and UD_PRINCIPAL_KEY is the primary key used for looking up the principal in the given user directory. The following table gives example access control entries for the identities that the UserDirectoryUserAuthority
class supports:
PRINCIPAL_TYPE | UD_PRINCIPAL_KEY | Example |
---|---|---|
| Profile ID |
|
| Profile ID |
|
| Profile ID |
|
| Login name |
|
| The path to the organization |
|
| The organizational role, by organizational path and function name |
|
| The path to the role |
|
For more information on access control entries, refer to ACL Syntax in the ATG Repository Guide.
The /atg/dynamo/security/UserAuthority
component is the default implementation of the UserDirectoryUserAuthority
class. Use the PrincipalResolver
interface and the addPrincipalResolver()
method in the UserDirectoryUserAuthority
API to extend the UserDirectoryUserAuthority
.