Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

atg.userprofiling
Class GroupAccessController

java.lang.Object
  extended by atg.nucleus.logging.VariableArgumentApplicationLoggingImpl
      extended by atg.nucleus.GenericService
          extended by atg.userprofiling.GroupAccessController
All Implemented Interfaces:
atg.naming.AbsoluteNameable, NameContextBindingListener, NameContextElement, atg.naming.NameContextParentable, NameResolver, AdminableService, atg.nucleus.Configured, ApplicationLogging, atg.nucleus.logging.ApplicationLoggingSender, atg.nucleus.logging.TraceApplicationLogging, VariableArgumentApplicationLogging, ComponentNameResolver, Service, ServiceListener, AccessController, atg.userprofiling.ConfigurableAccessController, java.util.EventListener
public class GroupAccessController
extends GenericService
implements atg.userprofiling.ConfigurableAccessController

This implementation of AccessController performs group-based access control. Two properties, allowGroups and denyGroups, specify the names of the groups whose members should be allowed or denied access, respectively. I.e., a user is only allowed access if he is a member of one of the allowGroups, but not a member of one of the denyGroups.

If the allowGroups property is not specified, all groups are implicitly considered to be "allow" groups. If the denyGroups property is not specified, no groups are considered to be "deny" groups. For example, if allowGroups is not specified and denyGroups=Kids,Teenagers, then everybody but kids and teenagers and allowed access. If, on the other hand, denyGroups is not specified and allowGroups=Kids,Teenagers, then only kids and teenagers are allowed access.

See Also:
AccessControlServlet, RepositoryItemGroup, RepositoryGroupContainer

Field Summary
static java.lang.String CLASS_VERSION
          Class version string
 
Fields inherited from class atg.nucleus.GenericService
SERVICE_INFO_KEY
 
Fields inherited from interface atg.nucleus.logging.TraceApplicationLogging
DEFAULT_LOG_TRACE_STATUS
 
Fields inherited from interface atg.nucleus.logging.ApplicationLogging
DEFAULT_LOG_DEBUG_STATUS, DEFAULT_LOG_ERROR_STATUS, DEFAULT_LOG_INFO_STATUS, DEFAULT_LOG_WARNING_STATUS
 
Constructor Summary
GroupAccessController()
           
 
Method Summary
 boolean allowAccess(Profile pProfile, DynamoHttpServletRequest pRequest)
          Returns true if a user (represented by the specified Profile) should be allowed access, false if not.
 void doStartService()
          Called after the service has been created, placed into the naming hierarchy, and initialized with its configured property values.
 java.lang.String[] getAllowGroups()
          Returns the array of "allow" group names.
 java.lang.String getDeniedAccessURL()
          Returns the URL to go to when access is denied.
 java.lang.String getDeniedAccessURL(Profile pProfile)
          Returns a URL the user should be redirected to if allowAccess returns false.
 java.lang.String[] getDenyGroups()
          Returns the array of "deny" group names.
 atg.repository.nucleus.RepositoryGroupContainer getGroupRegistry()
          Returns the RepositoryGroupContainer used to resolve group names.
protected  boolean inAllowGroup(Profile pProfile)
          Returns true if the specified profile is a member of one of the allowGroups.
protected  boolean inDenyGroup(Profile pProfile)
          Returns true if the specified profile is a member of one of the denyGroups.
 boolean isDenyAnonymousUsers()
          Returns whether or not anonymous users are denied access
 boolean isEnabled()
          Is access control enabled?
 void setAllowGroups(java.lang.String[] pAllowGroups)
          Sets the array of "allow" group names.
 void setDeniedAccessURL(java.lang.String pDeniedAccessURL)
          Sets the URL to go to when access is denied.
 void setDenyAnonymousUsers(boolean pDenyAnonymousUsers)
          Sets whether or not anonymous users are denied access
 void setDenyGroups(java.lang.String[] pDenyGroups)
          Sets the array of "deny" group names.
 void setEnabled(boolean pEnabled)
          Sets whether or not access control is enabled.
 void setGroupRegistry(atg.repository.nucleus.RepositoryGroupContainer pGroupRegistry)
          Sets the RepositoryGroupContainer used to resolve group names.
 
Methods inherited from class atg.nucleus.GenericService
addLogListener, createAdminServlet, doStopService, getAbsoluteName, getAdminServlet, getAdminServletOutputStreamEncoding, getLoggingForVlogging, getLogListenerCount, getLogListeners, getName, getNameContext, getNucleus, getRoot, getServiceConfiguration, getServiceInfo, isAdminServletUseServletOutputStream, isLoggingDebug, isLoggingError, isLoggingInfo, isLoggingTrace, isLoggingWarning, isRunning, logDebug, logDebug, logDebug, logError, logError, logError, logInfo, logInfo, logInfo, logTrace, logTrace, logTrace, logWarning, logWarning, logWarning, nameContextElementBound, nameContextElementUnbound, removeLogListener, reResolveThis, resolveName, resolveName, resolveName, resolveName, sendLogEvent, setAdminServletOutputStreamEncoding, setAdminServletUseServletOutputStream, setLoggingDebug, setLoggingError, setLoggingInfo, setLoggingTrace, setLoggingWarning, setNucleus, setServiceInfo, startService, stopService
 
Methods inherited from class atg.nucleus.logging.VariableArgumentApplicationLoggingImpl
vlogDebug, vlogDebug, vlogDebug, vlogDebug, vlogDebugTrace, vlogError, vlogError, vlogError, vlogError, vlogInfo, vlogInfo, vlogInfo, vlogInfo, vlogTrace, vlogTrace, vlogTrace, vlogTrace, vlogWarning, vlogWarning, vlogWarning, vlogWarning
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

CLASS_VERSION

public static java.lang.String CLASS_VERSION
Class version string

Constructor Detail

GroupAccessController

public GroupAccessController()
Method Detail

isEnabled

public boolean isEnabled()
Is access control enabled?

Specified by:
isEnabled in interface atg.userprofiling.ConfigurableAccessController

setEnabled

public void setEnabled(boolean pEnabled)
Sets whether or not access control is enabled.

getAllowGroups

public java.lang.String[] getAllowGroups()
Returns the array of "allow" group names.

setAllowGroups

public void setAllowGroups(java.lang.String[] pAllowGroups)
Sets the array of "allow" group names. If a profile is a member of any of these groups (and not a member of any "deny" group), it will be allowed access. If the array is null, all groups are implicitly considered to be "allow" groups.

getDenyGroups

public java.lang.String[] getDenyGroups()
Returns the array of "deny" group names.

setDenyGroups

public void setDenyGroups(java.lang.String[] pDenyGroups)
Sets the array of "deny" group names. If a profile is a member of any of these groups, it will be denied access. If the array is null, no groups are considered to be "deny" groups.

getGroupRegistry

public atg.repository.nucleus.RepositoryGroupContainer getGroupRegistry()
Returns the RepositoryGroupContainer used to resolve group names.

setGroupRegistry

public void setGroupRegistry(atg.repository.nucleus.RepositoryGroupContainer pGroupRegistry)
Sets the RepositoryGroupContainer used to resolve group names.

getDeniedAccessURL

public java.lang.String getDeniedAccessURL()
Returns the URL to go to when access is denied. The URL can be either relative or absolute.

setDeniedAccessURL

public void setDeniedAccessURL(java.lang.String pDeniedAccessURL)
Sets the URL to go to when access is denied. The URL can be either relative or absolute.

setDenyAnonymousUsers

public void setDenyAnonymousUsers(boolean pDenyAnonymousUsers)
Sets whether or not anonymous users are denied access

Parameters:
pDenyAnonymousUsers - if true, then anonymous users are not allowed access to any access controlled areas

isDenyAnonymousUsers

public boolean isDenyAnonymousUsers()
Returns whether or not anonymous users are denied access

Returns:
whether or not anonymous users are denied access

inAllowGroup

protected boolean inAllowGroup(Profile pProfile)
Returns true if the specified profile is a member of one of the allowGroups. If allowGroups has not been set, returns true to indicate that the profile should be allowed access (i.e., if allowGroups is null, all groups are implicitly allowed).

inDenyGroup

protected boolean inDenyGroup(Profile pProfile)
Returns true if the specified profile is a member of one of the denyGroups. If denyGroups has not been set, returns false to indicate that the profile should be allowed access (i.e., if denyGroups is null, no groups are denied).

allowAccess

public boolean allowAccess(Profile pProfile,
                           DynamoHttpServletRequest pRequest)
Returns true if a user (represented by the specified Profile) should be allowed access, false if not. If denyAnonymousUsers is true, than no anonymous users are allowed

Specified by:
allowAccess in interface AccessController

getDeniedAccessURL

public java.lang.String getDeniedAccessURL(Profile pProfile)
Returns a URL the user should be redirected to if allowAccess returns false.

Specified by:
getDeniedAccessURL in interface AccessController

doStartService

public void doStartService()
                    throws ServiceException
Called after the service has been created, placed into the naming hierarchy, and initialized with its configured property values. Makes sure all the required properties have been set in the .properties file.

Overrides:
doStartService in class GenericService
Throws:
ServiceException - if the service had a problem starting up
Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD