Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

atg.userprofiling
Class AccessRightAccessController

java.lang.Object
  extended by atg.nucleus.logging.VariableArgumentApplicationLoggingImpl
      extended by atg.nucleus.GenericService
          extended by atg.userprofiling.AccessRightAccessController
All Implemented Interfaces:
atg.naming.AbsoluteNameable, NameContextBindingListener, NameContextElement, atg.naming.NameContextParentable, NameResolver, AdminableService, atg.nucleus.Configured, ApplicationLogging, atg.nucleus.logging.ApplicationLoggingSender, atg.nucleus.logging.TraceApplicationLogging, VariableArgumentApplicationLogging, ComponentNameResolver, Service, ServiceListener, AccessController, java.util.EventListener
public class AccessRightAccessController
extends GenericService
implements AccessController

This class grants or denies access based on whether the given profile has one of the configured access rights. This controller assumes a specific data model for access rights, which involves the Profile having a Collection property that contains RepositoryItems that have a String property identifying the name of an access right.

Field Summary
static java.lang.String CLASS_VERSION
           
 
Fields inherited from class atg.nucleus.GenericService
SERVICE_INFO_KEY
 
Fields inherited from interface atg.nucleus.logging.TraceApplicationLogging
DEFAULT_LOG_TRACE_STATUS
 
Fields inherited from interface atg.nucleus.logging.ApplicationLogging
DEFAULT_LOG_DEBUG_STATUS, DEFAULT_LOG_ERROR_STATUS, DEFAULT_LOG_INFO_STATUS, DEFAULT_LOG_WARNING_STATUS
 
Constructor Summary
AccessRightAccessController()
           
 
Method Summary
 boolean allowAccess(Profile pProfile, DynamoHttpServletRequest pRequest)
          Checks the accessRights collection of the user for an access right whose name matches any of the strings in the allowedAccessRights collection.
protected  boolean collectionContainsAllowedAccessRight(java.util.Collection pAccessRights)
          Checks to see if the given collection contains an allowed access right as configured on this instance
protected  java.lang.String getAccessRightFromItem(java.lang.Object pAccessRightItem)
          Gets the access right name from the given object.
protected  java.lang.String getAccessRightFromItem(RepositoryItem pAccessRightItem)
          Gets the access right name from the given RepositoryItem.
 java.lang.String getAccessRightNamePropertyName()
           
protected  java.util.Collection getAccessRightsProperty(Profile pProfile)
          Gets the accessRights property from the given profile using the name specified in the accessRightPropertyName property.
 java.lang.String getAccessRightsPropertyName()
           
 java.util.List getAllowedAccessRightNames()
           
 java.lang.String getDeniedAccessURL()
          Returns a URL the user should be redirected to if allowAccess returns false.
 java.lang.String getDeniedAccessURL(Profile pProfile)
          Returns a URL the user should be redirected to if allowAccess returns false.
 void setAccessRightNamePropertyName(java.lang.String pAccessRightNamePropertyName)
          The name of the name property of the accessRight item
 void setAccessRightsPropertyName(java.lang.String pAccessRightsPropertyName)
          The name of the accessRights property of the internalUser
 void setAllowedAccessRightNames(java.util.List pAllowedAccessRightNames)
          The names of the access rights that will allow access
 void setDeniedAccessURL(java.lang.String pDeniedAccessURL)
          A URL the user should be redirected to if allowAccess returns false
 
Methods inherited from class atg.nucleus.GenericService
addLogListener, createAdminServlet, doStartService, doStopService, getAbsoluteName, getAdminServlet, getAdminServletOutputStreamEncoding, getLoggingForVlogging, getLogListenerCount, getLogListeners, getName, getNameContext, getNucleus, getRoot, getServiceConfiguration, getServiceInfo, isAdminServletUseServletOutputStream, isLoggingDebug, isLoggingError, isLoggingInfo, isLoggingTrace, isLoggingWarning, isRunning, logDebug, logDebug, logDebug, logError, logError, logError, logInfo, logInfo, logInfo, logTrace, logTrace, logTrace, logWarning, logWarning, logWarning, nameContextElementBound, nameContextElementUnbound, removeLogListener, reResolveThis, resolveName, resolveName, resolveName, resolveName, sendLogEvent, setAdminServletOutputStreamEncoding, setAdminServletUseServletOutputStream, setLoggingDebug, setLoggingError, setLoggingInfo, setLoggingTrace, setLoggingWarning, setNucleus, setServiceInfo, startService, stopService
 
Methods inherited from class atg.nucleus.logging.VariableArgumentApplicationLoggingImpl
vlogDebug, vlogDebug, vlogDebug, vlogDebug, vlogDebugTrace, vlogError, vlogError, vlogError, vlogError, vlogInfo, vlogInfo, vlogInfo, vlogInfo, vlogTrace, vlogTrace, vlogTrace, vlogTrace, vlogWarning, vlogWarning, vlogWarning, vlogWarning
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

CLASS_VERSION

public static java.lang.String CLASS_VERSION
Constructor Detail

AccessRightAccessController

public AccessRightAccessController()
Method Detail

setAccessRightsPropertyName

public void setAccessRightsPropertyName(java.lang.String pAccessRightsPropertyName)
The name of the accessRights property of the internalUser

Parameters:
pAccessRightPropertyName - the name of the accessRights property of the internalUser

getAccessRightsPropertyName

public java.lang.String getAccessRightsPropertyName()
Returns:
the name of the accessRights property of the internalUser

setAccessRightNamePropertyName

public void setAccessRightNamePropertyName(java.lang.String pAccessRightNamePropertyName)
The name of the name property of the accessRight item

Parameters:
pAccessRightNamePropertyName - the name of the name property of the accessRight item

getAccessRightNamePropertyName

public java.lang.String getAccessRightNamePropertyName()
Returns:
the name of the name property of the accessRights item

setAllowedAccessRightNames

public void setAllowedAccessRightNames(java.util.List pAllowedAccessRightNames)
The names of the access rights that will allow access

Parameters:
pAccessRights - the names of the access rights that will allow access

getAllowedAccessRightNames

public java.util.List getAllowedAccessRightNames()
Returns:
the names of the access rights that will allow access

setDeniedAccessURL

public void setDeniedAccessURL(java.lang.String pDeniedAccessURL)
A URL the user should be redirected to if allowAccess returns false

Parameters:
pDeniedAccessURL - the URL the user should be redirected to if allowAccess returns false

getDeniedAccessURL

public java.lang.String getDeniedAccessURL()
Returns a URL the user should be redirected to if allowAccess returns false.

getDeniedAccessURL

public java.lang.String getDeniedAccessURL(Profile pProfile)
Returns a URL the user should be redirected to if allowAccess returns false.

Specified by:
getDeniedAccessURL in interface AccessController

allowAccess

public boolean allowAccess(Profile pProfile,
                           DynamoHttpServletRequest pRequest)
Checks the accessRights collection of the user for an access right whose name matches any of the strings in the allowedAccessRights collection. If there are no matches, or access cannot be determined due to missing information, incorrect configuration, or a data model that doesn't match what is expected, then access is denied.

Specified by:
allowAccess in interface AccessController
Parameters:
pProfile - the profile that is requesting access
pRequest - the current http request
Returns:
true if access is allowed, false otherwise

collectionContainsAllowedAccessRight

protected boolean collectionContainsAllowedAccessRight(java.util.Collection pAccessRights)
Checks to see if the given collection contains an allowed access right as configured on this instance

Parameters:
pAccessRights - the collection of access right names to check

getAccessRightFromItem

protected java.lang.String getAccessRightFromItem(java.lang.Object pAccessRightItem)
Gets the access right name from the given object. This implementation handles the case where the object is a RepositoryItem

Parameters:
pAccessRightItem - the object that contains the access right name
Returns:
the access right name contained by the object, or null if the access right cannot be determined

getAccessRightFromItem

protected java.lang.String getAccessRightFromItem(RepositoryItem pAccessRightItem)
Gets the access right name from the given RepositoryItem. This implementation expects the given item to have a property identified by the accessRightNamePropertyName property of this controller that contains the access right name

Parameters:
pAccessRightItem - the item that contains the access right name
Returns:
the access right name contained by the item, or null if the access right cannot be determined

getAccessRightsProperty

protected java.util.Collection getAccessRightsProperty(Profile pProfile)
Gets the accessRights property from the given profile using the name specified in the accessRightPropertyName property. This property is expected to be an instance of a java.util.Collection

Parameters:
pProfile - the profile to get the access rights property from
Returns:
the accessRights collection property, or null if the property is of the wrong type, the controller is configured incorrectly or the profile has no value for the property
Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD