atg.userprofiling

Class GroupAccessController

java.lang.Object

atg.nucleus.logging.VariableArgumentApplicationLoggingImpl

atg.nucleus.GenericService

atg.userprofiling.GroupAccessController

All Implemented Interfaces:

atg.core.logging.Logging, atg.core.logging.TraceLogging, atg.naming.AbsoluteNameable, NameContextBindingListener, NameContextElement, atg.naming.NameContextParentable, NameResolver, AdminableService, atg.nucleus.Configured, ApplicationLogging, atg.nucleus.logging.ApplicationLoggingSender, atg.nucleus.logging.TraceApplicationLogging, VariableArgumentApplicationLogging, ComponentNameResolver, Service, ServiceListener, AccessController, atg.userprofiling.ConfigurableAccessController, java.util.EventListener

public class GroupAccessController
extends GenericService
implements atg.userprofiling.ConfigurableAccessController

This implementation of AccessController performs group-based access control. Two properties, allowGroups and denyGroups, specify the names of the groups whose members should be allowed or denied access, respectively. I.e., a user is only allowed access if he is a member of one of the allowGroups, but not a member of one of the denyGroups.

If the allowGroups property is not specified, all groups are implicitly considered to be "allow" groups. If the denyGroups property is not specified, no groups are considered to be "deny" groups. For example, if allowGroups is not specified and denyGroups=Kids,Teenagers, then everybody but kids and teenagers and allowed access. If, on the other hand, denyGroups is not specified and allowGroups=Kids,Teenagers, then only kids and teenagers are allowed access.

See Also:

AccessControlServlet, RepositoryItemGroup, RepositoryGroupContainer

Field Summary

Fields

Modifier and Type	Field and Description
static java.lang.String	CLASS_VERSION Class version string

Fields inherited from class atg.nucleus.GenericService

SERVICE_INFO_KEY

Fields inherited from interface atg.nucleus.logging.TraceApplicationLogging

DEFAULT_LOG_TRACE_STATUS

Fields inherited from interface atg.nucleus.logging.ApplicationLogging

DEFAULT_LOG_DEBUG_STATUS, DEFAULT_LOG_ERROR_STATUS, DEFAULT_LOG_INFO_STATUS, DEFAULT_LOG_WARNING_STATUS

Constructor Summary

Constructors

Constructor and Description
GroupAccessController()

Method Summary

Methods

Modifier and Type	Method and Description
boolean	allowAccess(Profile pProfile, DynamoHttpServletRequest pRequest) Returns true if a user (represented by the specified Profile) should be allowed access, false if not.
void	doStartService() Called after the service has been created, placed into the naming hierarchy, and initialized with its configured property values.
java.lang.String[]	getAllowGroups() Returns the array of "allow" group names.
java.lang.String	getDeniedAccessURL() Returns the URL to go to when access is denied.
java.lang.String	getDeniedAccessURL(Profile pProfile) Returns a URL the user should be redirected to if allowAccess returns false.
java.lang.String[]	getDenyGroups() Returns the array of "deny" group names.
atg.repository.nucleus.RepositoryGroupContainer	getGroupRegistry() Returns the RepositoryGroupContainer used to resolve group names.
protected boolean	inAllowGroup(Profile pProfile) Returns true if the specified profile is a member of one of the allowGroups.
protected boolean	inDenyGroup(Profile pProfile) Returns true if the specified profile is a member of one of the denyGroups.
boolean	isDenyAnonymousUsers() Returns whether or not anonymous users are denied access
boolean	isEnabled() Is access control enabled?
void	setAllowGroups(java.lang.String[] pAllowGroups) Sets the array of "allow" group names.
void	setDeniedAccessURL(java.lang.String pDeniedAccessURL) Sets the URL to go to when access is denied.
void	setDenyAnonymousUsers(boolean pDenyAnonymousUsers) Sets whether or not anonymous users are denied access
void	setDenyGroups(java.lang.String[] pDenyGroups) Sets the array of "deny" group names.
void	setEnabled(boolean pEnabled) Sets whether or not access control is enabled.
void	setGroupRegistry(atg.repository.nucleus.RepositoryGroupContainer pGroupRegistry) Sets the RepositoryGroupContainer used to resolve group names.

Methods inherited from class atg.nucleus.GenericService

addLogListener, createAdminServlet, doStopService, getAbsoluteName, getAdminServlet, getAdminServletOutputStreamEncoding, getLoggingForVlogging, getLogListenerCount, getLogListeners, getName, getNameContext, getNucleus, getRoot, getServiceConfiguration, getServiceInfo, isAdminServletUseServletOutputStream, isLoggingDebug, isLoggingError, isLoggingInfo, isLoggingTrace, isLoggingWarning, isRunning, logDebug, logDebug, logDebug, logError, logError, logError, logInfo, logInfo, logInfo, logTrace, logTrace, logTrace, logWarning, logWarning, logWarning, nameContextElementBound, nameContextElementUnbound, removeLogListener, reResolveThis, resolveName, resolveName, resolveName, resolveName, sendLogEvent, setAdminServletOutputStreamEncoding, setAdminServletUseServletOutputStream, setLoggingDebug, setLoggingError, setLoggingInfo, setLoggingTrace, setLoggingWarning, setNucleus, setServiceInfo, startService, stopService

Methods inherited from class atg.nucleus.logging.VariableArgumentApplicationLoggingImpl

vlogDebug, vlogDebug, vlogDebug, vlogDebug, vlogDebugTrace, vlogError, vlogError, vlogError, vlogError, vlogInfo, vlogInfo, vlogInfo, vlogInfo, vlogTrace, vlogTrace, vlogTrace, vlogTrace, vlogWarning, vlogWarning, vlogWarning, vlogWarning

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

CLASS_VERSION

public static java.lang.String CLASS_VERSION

Class version string

Constructor Detail

GroupAccessController

public GroupAccessController()

Method Detail

isEnabled

public boolean isEnabled()

Is access control enabled?

Specified by:

isEnabled in interface atg.userprofiling.ConfigurableAccessController

setEnabled

public void setEnabled(boolean pEnabled)

Sets whether or not access control is enabled.

getAllowGroups

public java.lang.String[] getAllowGroups()

Returns the array of "allow" group names.

setAllowGroups

public void setAllowGroups(java.lang.String[] pAllowGroups)

Sets the array of "allow" group names. If a profile is a member of any of these groups (and not a member of any "deny" group), it will be allowed access. If the array is null, all groups are implicitly considered to be "allow" groups.

getDenyGroups

public java.lang.String[] getDenyGroups()

Returns the array of "deny" group names.

setDenyGroups

public void setDenyGroups(java.lang.String[] pDenyGroups)

Sets the array of "deny" group names. If a profile is a member of any of these groups, it will be denied access. If the array is null, no groups are considered to be "deny" groups.

getGroupRegistry

public atg.repository.nucleus.RepositoryGroupContainer getGroupRegistry()

Returns the RepositoryGroupContainer used to resolve group names.

setGroupRegistry

public void setGroupRegistry(atg.repository.nucleus.RepositoryGroupContainer pGroupRegistry)

Sets the RepositoryGroupContainer used to resolve group names.

getDeniedAccessURL

public java.lang.String getDeniedAccessURL()

Returns the URL to go to when access is denied. The URL can be either relative or absolute.

setDeniedAccessURL

public void setDeniedAccessURL(java.lang.String pDeniedAccessURL)

Sets the URL to go to when access is denied. The URL can be either relative or absolute.

setDenyAnonymousUsers

public void setDenyAnonymousUsers(boolean pDenyAnonymousUsers)

Sets whether or not anonymous users are denied access

Parameters:

pDenyAnonymousUsers - if true, then anonymous users are not allowed access to any access controlled areas

isDenyAnonymousUsers

public boolean isDenyAnonymousUsers()

Returns whether or not anonymous users are denied access

Returns:

whether or not anonymous users are denied access

inAllowGroup

protected boolean inAllowGroup(Profile pProfile)

Returns true if the specified profile is a member of one of the allowGroups. If allowGroups has not been set, returns true to indicate that the profile should be allowed access (i.e., if allowGroups is null, all groups are implicitly allowed).

inDenyGroup

protected boolean inDenyGroup(Profile pProfile)

Returns true if the specified profile is a member of one of the denyGroups. If denyGroups has not been set, returns false to indicate that the profile should be allowed access (i.e., if denyGroups is null, no groups are denied).

allowAccess

public boolean allowAccess(Profile pProfile,
                  DynamoHttpServletRequest pRequest)

Returns true if a user (represented by the specified Profile) should be allowed access, false if not. If denyAnonymousUsers is true, than no anonymous users are allowed

Specified by:

allowAccess in interface AccessController

getDeniedAccessURL

public java.lang.String getDeniedAccessURL(Profile pProfile)

Returns a URL the user should be redirected to if allowAccess returns false.

Specified by:

getDeniedAccessURL in interface AccessController

doStartService

public void doStartService()
                    throws ServiceException

Called after the service has been created, placed into the naming hierarchy, and initialized with its configured property values. Makes sure all the required properties have been set in the .properties file.

Overrides:

doStartService in class GenericService

Throws:

ServiceException - if the service had a problem starting up