atg.userprofiling

Class AccessRightAccessController

java.lang.Object

atg.nucleus.logging.VariableArgumentApplicationLoggingImpl

atg.nucleus.GenericService

atg.userprofiling.AccessRightAccessController

All Implemented Interfaces:

atg.core.logging.Logging, atg.core.logging.TraceLogging, atg.naming.AbsoluteNameable, NameContextBindingListener, NameContextElement, atg.naming.NameContextParentable, NameResolver, AdminableService, atg.nucleus.Configured, ApplicationLogging, atg.nucleus.logging.ApplicationLoggingSender, atg.nucleus.logging.TraceApplicationLogging, VariableArgumentApplicationLogging, ComponentNameResolver, Service, ServiceListener, AccessController, java.util.EventListener

public class AccessRightAccessController
extends GenericService
implements AccessController

This class grants or denies access based on whether the given profile has one of the configured access rights. This controller assumes a specific data model for access rights, which involves the Profile having a Collection property that contains RepositoryItems that have a String property identifying the name of an access right.

Field Summary

Fields

Modifier and Type	Field and Description
static java.lang.String	CLASS_VERSION

Fields inherited from class atg.nucleus.GenericService

SERVICE_INFO_KEY

Fields inherited from interface atg.nucleus.logging.TraceApplicationLogging

DEFAULT_LOG_TRACE_STATUS

Fields inherited from interface atg.nucleus.logging.ApplicationLogging

DEFAULT_LOG_DEBUG_STATUS, DEFAULT_LOG_ERROR_STATUS, DEFAULT_LOG_INFO_STATUS, DEFAULT_LOG_WARNING_STATUS

Constructor Summary

Constructors

Constructor and Description
AccessRightAccessController()

Method Summary

Methods

Modifier and Type	Method and Description
boolean	allowAccess(Profile pProfile, DynamoHttpServletRequest pRequest) Checks the accessRights collection of the user for an access right whose name matches any of the strings in the allowedAccessRights collection.
protected boolean	collectionContainsAllowedAccessRight(java.util.Collection pAccessRights) Checks to see if the given collection contains an allowed access right as configured on this instance
protected java.lang.String	getAccessRightFromItem(java.lang.Object pAccessRightItem) Gets the access right name from the given object.
protected java.lang.String	getAccessRightFromItem(RepositoryItem pAccessRightItem) Gets the access right name from the given RepositoryItem.
java.lang.String	getAccessRightNamePropertyName()
protected java.util.Collection	getAccessRightsProperty(Profile pProfile) Gets the accessRights property from the given profile using the name specified in the accessRightPropertyName property.
java.lang.String	getAccessRightsPropertyName()
java.util.List	getAllowedAccessRightNames()
java.lang.String	getDeniedAccessURL() Returns a URL the user should be redirected to if allowAccess returns false.
java.lang.String	getDeniedAccessURL(Profile pProfile) Returns a URL the user should be redirected to if allowAccess returns false.
void	setAccessRightNamePropertyName(java.lang.String pAccessRightNamePropertyName) The name of the name property of the accessRight item
void	setAccessRightsPropertyName(java.lang.String pAccessRightsPropertyName) The name of the accessRights property of the internalUser
void	setAllowedAccessRightNames(java.util.List pAllowedAccessRightNames) The names of the access rights that will allow access
void	setDeniedAccessURL(java.lang.String pDeniedAccessURL) A URL the user should be redirected to if allowAccess returns false

Methods inherited from class atg.nucleus.GenericService

addLogListener, createAdminServlet, doStartService, doStopService, getAbsoluteName, getAdminServlet, getAdminServletOutputStreamEncoding, getLoggingForVlogging, getLogListenerCount, getLogListeners, getName, getNameContext, getNucleus, getRoot, getServiceConfiguration, getServiceInfo, isAdminServletUseServletOutputStream, isLoggingDebug, isLoggingError, isLoggingInfo, isLoggingTrace, isLoggingWarning, isRunning, logDebug, logDebug, logDebug, logError, logError, logError, logInfo, logInfo, logInfo, logTrace, logTrace, logTrace, logWarning, logWarning, logWarning, nameContextElementBound, nameContextElementUnbound, removeLogListener, reResolveThis, resolveName, resolveName, resolveName, resolveName, sendLogEvent, setAdminServletOutputStreamEncoding, setAdminServletUseServletOutputStream, setLoggingDebug, setLoggingError, setLoggingInfo, setLoggingTrace, setLoggingWarning, setNucleus, setServiceInfo, startService, stopService

Methods inherited from class atg.nucleus.logging.VariableArgumentApplicationLoggingImpl

vlogDebug, vlogDebug, vlogDebug, vlogDebug, vlogDebugTrace, vlogError, vlogError, vlogError, vlogError, vlogInfo, vlogInfo, vlogInfo, vlogInfo, vlogTrace, vlogTrace, vlogTrace, vlogTrace, vlogWarning, vlogWarning, vlogWarning, vlogWarning

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

CLASS_VERSION

public static java.lang.String CLASS_VERSION

Constructor Detail

AccessRightAccessController

public AccessRightAccessController()

Method Detail

setAccessRightsPropertyName

public void setAccessRightsPropertyName(java.lang.String pAccessRightsPropertyName)

The name of the accessRights property of the internalUser

Parameters:

pAccessRightPropertyName - the name of the accessRights property of the internalUser

getAccessRightsPropertyName

public java.lang.String getAccessRightsPropertyName()

Returns:

the name of the accessRights property of the internalUser

setAccessRightNamePropertyName

public void setAccessRightNamePropertyName(java.lang.String pAccessRightNamePropertyName)

The name of the name property of the accessRight item

Parameters:

pAccessRightNamePropertyName - the name of the name property of the accessRight item

getAccessRightNamePropertyName

public java.lang.String getAccessRightNamePropertyName()

Returns:

the name of the name property of the accessRights item

setAllowedAccessRightNames

public void setAllowedAccessRightNames(java.util.List pAllowedAccessRightNames)

The names of the access rights that will allow access

Parameters:

pAccessRights - the names of the access rights that will allow access

getAllowedAccessRightNames

public java.util.List getAllowedAccessRightNames()

Returns:

the names of the access rights that will allow access

setDeniedAccessURL

public void setDeniedAccessURL(java.lang.String pDeniedAccessURL)

A URL the user should be redirected to if allowAccess returns false

Parameters:

pDeniedAccessURL - the URL the user should be redirected to if allowAccess returns false

getDeniedAccessURL

public java.lang.String getDeniedAccessURL()

Returns a URL the user should be redirected to if allowAccess returns false.

getDeniedAccessURL

public java.lang.String getDeniedAccessURL(Profile pProfile)

Returns a URL the user should be redirected to if allowAccess returns false.

Specified by:

getDeniedAccessURL in interface AccessController

allowAccess

public boolean allowAccess(Profile pProfile,
                  DynamoHttpServletRequest pRequest)

Checks the accessRights collection of the user for an access right whose name matches any of the strings in the allowedAccessRights collection. If there are no matches, or access cannot be determined due to missing information, incorrect configuration, or a data model that doesn't match what is expected, then access is denied.

Specified by:

allowAccess in interface AccessController

Parameters:

pProfile - the profile that is requesting access

pRequest - the current http request

Returns:

true if access is allowed, false otherwise

collectionContainsAllowedAccessRight

protected boolean collectionContainsAllowedAccessRight(java.util.Collection pAccessRights)

Checks to see if the given collection contains an allowed access right as configured on this instance

Parameters:

pAccessRights - the collection of access right names to check

getAccessRightFromItem

protected java.lang.String getAccessRightFromItem(java.lang.Object pAccessRightItem)

Gets the access right name from the given object. This implementation handles the case where the object is a RepositoryItem

Parameters:

pAccessRightItem - the object that contains the access right name

Returns:

the access right name contained by the object, or null if the access right cannot be determined

getAccessRightFromItem

protected java.lang.String getAccessRightFromItem(RepositoryItem pAccessRightItem)

Gets the access right name from the given RepositoryItem. This implementation expects the given item to have a property identified by the accessRightNamePropertyName property of this controller that contains the access right name

Parameters:

pAccessRightItem - the item that contains the access right name

Returns:

the access right name contained by the item, or null if the access right cannot be determined

getAccessRightsProperty

protected java.util.Collection getAccessRightsProperty(Profile pProfile)

Gets the accessRights property from the given profile using the name specified in the accessRightPropertyName property. This property is expected to be an instance of a java.util.Collection

Parameters:

pProfile - the profile to get the access rights property from

Returns:

the accessRights collection property, or null if the property is of the wrong type, the controller is configured incorrectly or the profile has no value for the property