Example: Internal User Access Control

Access control for an internal user is provided by the InternalProfileActor. The following is an example of access control for an internal user:

# List of mappings between paths and AccessController objects. If a
# path refers to a directory, all the documents in that directory and
# its subdirectories will be protected by the given AccessController.
accessControllers+=\
    /rest/model/atg/userprofiling/InternalProfileActor/login=
        /atg/rest/userprofiling/AllAccessController, \
    /rest/model/atg/userprofiling/InternalProfileActor/logout=
        /atg/rest/userprofiling/LoggedInAccessController, \
    /rest/model/atg/userprofiling/InternalProfileActor/logout-error=
        /atg/rest/userprofiling/AllAccessController, \
    /rest/model/atg/userprofiling/SecurityConfirmationActor=
        /atg/rest/userprofiling/AllAccessController, \
    /rest/model/atg/rest/SessionConfirmationActor/getSessionConfirmationNumber=
        /atg/rest/userprofiling/AllAccessController, \
    /rest/model=/atg/rest/userprofiling/NonTransientAccessController

accessControllers=+\
    /rest/model/atg/userprofiling/ProfileActor/logout=
        /atg/rest/userprofiling/LoggedInAccessController, \
    /rest/model/atg/userprofiling/ProfileActor/logout-success=
        /atg/rest/userprofiling/AllAccessController, \
    /rest/model/atg/userprofiling/ProfileActor/logout-error=
        /atg/rest/userprofiling/AllAccessController, \
    /rest/model/atg/rest/SessionConfirmationActor/getSessionConfirmationNumber
        =/atg/rest/userprofiling/AllAccessController

The following example of the /atg/rest/userprofiling/LoggedInAccessController shows how to set the access controller using the enabled parameter, as well as which rule to use to determine access. If access is denied, the SecurityStatusActor will identify the error and redirect the user to an error URL:

$class=atg.userprofiling.RuleAccessController
enabled=true
# Rules used to determine whether access should be allowed
ruleSetService=/atg/rest/targeting/LoggedInRuleSetService
# URL to redirect to if access is denied
deniedAccessURL=/rest/model/atg/userprofiling/SecurityStatusActor/
    authenticationRequired

Copyright © 1997, 2014 Oracle and/or its affiliates. All rights reserved. Legal Notices