Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

atg.userprofiling
Class RuleAccessController

java.lang.Object
  extended by atg.nucleus.logging.VariableArgumentApplicationLoggingImpl
      extended by atg.nucleus.GenericService
          extended by atg.userprofiling.RuleAccessController
All Implemented Interfaces:
atg.naming.AbsoluteNameable, NameContextBindingListener, NameContextElement, atg.naming.NameContextParentable, NameResolver, AdminableService, atg.nucleus.Configured, ApplicationLogging, atg.nucleus.logging.ApplicationLoggingSender, atg.nucleus.logging.TraceApplicationLogging, VariableArgumentApplicationLogging, ComponentNameResolver, Service, ServiceListener, AccessController, atg.userprofiling.ConfigurableAccessController, java.util.EventListener
public class RuleAccessController
extends GenericService
implements atg.userprofiling.ConfigurableAccessController

This implementation of AccessController performs access control based on an arbitrary set of rules, specified via the service's ruleSetService property, which defines the rules. For example, if there is a RuleSetService named PreferredMembersRuleSetService, configured with the following rule set:

<ruleset>
<accepts>
<rule op=eq>
<valueof target="GoldAccounts">
<valueof constant="true">
</rule>
<rule op=gt>
<valueof target="numLogins">
<valueof constant="20">
</rule>
</accepts>
</ruleset>
and the ruleSetService property points to PreferredMembersRuleSetService, then the user will be allowed access only if their GoldAccounts property is, true, or if they have logged in more than 20 times. Note that when the rules are evaluated, the user's Profile object is used to resolve the target expressions. Note also that the rules should evaluate to a boolean.

The optional sourceMap property, if provided, is used to resolve any bean expressions in the access control rules. If no such expressions occur in the rules, this property can be left null.

See Also:
AccessControlServlet, RuleSetService, RuleNode

Field Summary
static java.lang.String CLASS_VERSION
          Class version string
 
Fields inherited from class atg.nucleus.GenericService
SERVICE_INFO_KEY
 
Fields inherited from interface atg.nucleus.logging.TraceApplicationLogging
DEFAULT_LOG_TRACE_STATUS
 
Fields inherited from interface atg.nucleus.logging.ApplicationLogging
DEFAULT_LOG_DEBUG_STATUS, DEFAULT_LOG_ERROR_STATUS, DEFAULT_LOG_INFO_STATUS, DEFAULT_LOG_WARNING_STATUS
 
Constructor Summary
RuleAccessController()
           
 
Method Summary
 boolean allowAccess(Profile pProfile, DynamoHttpServletRequest pRequest)
          Returns true if a user (represented by the specified Profile) should be allowed access, false if not.
 void doStartService()
          Called after the service has been created, placed into the naming hierarchy, and initialized with its configured property values.
 java.lang.String getDeniedAccessURL()
          Returns the URL to go to when access is denied.
 java.lang.String getDeniedAccessURL(Profile pProfile)
          Returns a URL the user should be redirected to if allowAccess returns false.
protected  NameResolver getNameResolver(DynamoHttpServletRequest pRequest)
          Returns a NameResolver which can be used to resolve names of components in the access control rules.
 atg.targeting.RuleSetService getRuleSetService()
          Returns the RuleSetService containing access control rules.
 TargetingSourceMap getSourceMap()
          Returns the TargetingSourceMap used to resolve component names in rules.
 boolean isDenyAnonymousUsers()
          Gets the denyAnonymousUsers property
 boolean isEnabled()
          Is access control enabled?
 void setDeniedAccessURL(java.lang.String pDeniedAccessURL)
          Sets the URL to go to when access is denied.
 void setDenyAnonymousUsers(boolean pDenyAnonymousUsers)
          Sets the denyAnonymousUsers property
 void setEnabled(boolean pEnabled)
          Sets whether or not access control is enabled.
 void setRuleSetService(atg.targeting.RuleSetService pRuleSetService)
          Sets the RuleSetService containing access control rules.
 void setSourceMap(TargetingSourceMap pSourceMap)
          Sets the TargetingSourceMap used to resolve component names in rules.
 
Methods inherited from class atg.nucleus.GenericService
addLogListener, createAdminServlet, doStopService, getAbsoluteName, getAdminServlet, getAdminServletOutputStreamEncoding, getLoggingForVlogging, getLogListenerCount, getLogListeners, getName, getNameContext, getNucleus, getRoot, getServiceConfiguration, getServiceInfo, isAdminServletUseServletOutputStream, isLoggingDebug, isLoggingError, isLoggingInfo, isLoggingTrace, isLoggingWarning, isRunning, logDebug, logDebug, logDebug, logError, logError, logError, logInfo, logInfo, logInfo, logTrace, logTrace, logTrace, logWarning, logWarning, logWarning, nameContextElementBound, nameContextElementUnbound, removeLogListener, reResolveThis, resolveName, resolveName, resolveName, resolveName, sendLogEvent, setAdminServletOutputStreamEncoding, setAdminServletUseServletOutputStream, setLoggingDebug, setLoggingError, setLoggingInfo, setLoggingTrace, setLoggingWarning, setNucleus, setServiceInfo, startService, stopService
 
Methods inherited from class atg.nucleus.logging.VariableArgumentApplicationLoggingImpl
vlogDebug, vlogDebug, vlogDebug, vlogDebug, vlogDebugTrace, vlogError, vlogError, vlogError, vlogError, vlogInfo, vlogInfo, vlogInfo, vlogInfo, vlogTrace, vlogTrace, vlogTrace, vlogTrace, vlogWarning, vlogWarning, vlogWarning, vlogWarning
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

CLASS_VERSION

public static java.lang.String CLASS_VERSION
Class version string

Constructor Detail

RuleAccessController

public RuleAccessController()
Method Detail

isEnabled

public boolean isEnabled()
Is access control enabled?

Specified by:
isEnabled in interface atg.userprofiling.ConfigurableAccessController

setEnabled

public void setEnabled(boolean pEnabled)
Sets whether or not access control is enabled.

getRuleSetService

public atg.targeting.RuleSetService getRuleSetService()
Returns the RuleSetService containing access control rules.

setRuleSetService

public void setRuleSetService(atg.targeting.RuleSetService pRuleSetService)
Sets the RuleSetService containing access control rules.

getSourceMap

public TargetingSourceMap getSourceMap()
Returns the TargetingSourceMap used to resolve component names in rules.

setSourceMap

public void setSourceMap(TargetingSourceMap pSourceMap)
Sets the TargetingSourceMap used to resolve component names in rules.

getDeniedAccessURL

public java.lang.String getDeniedAccessURL()
Returns the URL to go to when access is denied. The URL can be either relative or absolute.

setDeniedAccessURL

public void setDeniedAccessURL(java.lang.String pDeniedAccessURL)
Sets the URL to go to when access is denied. The URL can be either relative or absolute.

setDenyAnonymousUsers

public void setDenyAnonymousUsers(boolean pDenyAnonymousUsers)
Sets the denyAnonymousUsers property

Parameters:
pDenyAnonymousUsers - if true, then anonymous users are automatically denied access

isDenyAnonymousUsers

public boolean isDenyAnonymousUsers()
Gets the denyAnonymousUsers property

Returns:
whether anonymous users are automatically denied access

allowAccess

public boolean allowAccess(Profile pProfile,
                           DynamoHttpServletRequest pRequest)
Returns true if a user (represented by the specified Profile) should be allowed access, false if not.

Specified by:
allowAccess in interface AccessController

getNameResolver

protected NameResolver getNameResolver(DynamoHttpServletRequest pRequest)
Returns a NameResolver which can be used to resolve names of components in the access control rules. If the sourceMap property is not null, its global name resolver is returned. Otherwise, returns null.

getDeniedAccessURL

public java.lang.String getDeniedAccessURL(Profile pProfile)
Returns a URL the user should be redirected to if allowAccess returns false.

Specified by:
getDeniedAccessURL in interface AccessController

doStartService

public void doStartService()
                    throws ServiceException
Called after the service has been created, placed into the naming hierarchy, and initialized with its configured property values. Makes sure all the required properties have been set in the .properties file.

Overrides:
doStartService in class GenericService
Throws:
ServiceException - if the service had a problem starting up
Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD