public class GroupAccessController extends GenericService implements atg.userprofiling.ConfigurableAccessController
allowGroups
and
denyGroups
, specify the names of the groups whose
members should be allowed or denied access, respectively. I.e.,
a user is only allowed access if he is a member of one of the
allowGroups
, but not a member of one of the
denyGroups
.
If the allowGroups
property is not specified,
all groups are implicitly considered to be "allow"
groups. If the denyGroups
property is not
specified, no groups are considered to be "deny" groups.
For example, if allowGroups
is not specified and
denyGroups=Kids,Teenagers
, then everybody but
kids and teenagers and allowed access. If, on the other hand,
denyGroups
is not specified and
allowGroups=Kids,Teenagers
, then only kids and
teenagers are allowed access.
AccessControlServlet
,
RepositoryItemGroup
,
RepositoryGroupContainer
Modifier and Type | Field and Description |
---|---|
static java.lang.String |
CLASS_VERSION
Class version string
|
SERVICE_INFO_KEY
DEFAULT_LOG_TRACE_STATUS
DEFAULT_LOG_DEBUG_STATUS, DEFAULT_LOG_ERROR_STATUS, DEFAULT_LOG_INFO_STATUS, DEFAULT_LOG_WARNING_STATUS
Constructor and Description |
---|
GroupAccessController() |
Modifier and Type | Method and Description |
---|---|
boolean |
allowAccess(Profile pProfile,
DynamoHttpServletRequest pRequest)
Returns true if a user (represented by the specified Profile)
should be allowed access, false if not.
|
void |
doStartService()
Called after the service has been created, placed into the
naming hierarchy, and initialized with its configured property
values.
|
java.lang.String[] |
getAllowGroups()
Returns the array of "allow" group names.
|
java.lang.String |
getDeniedAccessURL()
Returns the URL to go to when access is denied.
|
java.lang.String |
getDeniedAccessURL(Profile pProfile)
Returns a URL the user should be redirected to if allowAccess
returns false.
|
java.lang.String[] |
getDenyGroups()
Returns the array of "deny" group names.
|
atg.repository.nucleus.RepositoryGroupContainer |
getGroupRegistry()
Returns the RepositoryGroupContainer used to resolve group names.
|
protected boolean |
inAllowGroup(Profile pProfile)
Returns true if the specified profile is a member of one of
the allowGroups.
|
protected boolean |
inDenyGroup(Profile pProfile)
Returns true if the specified profile is a member of one of
the denyGroups.
|
boolean |
isDenyAnonymousUsers()
Returns whether or not anonymous users are denied access
|
boolean |
isEnabled()
Is access control enabled?
|
void |
setAllowGroups(java.lang.String[] pAllowGroups)
Sets the array of "allow" group names.
|
void |
setDeniedAccessURL(java.lang.String pDeniedAccessURL)
Sets the URL to go to when access is denied.
|
void |
setDenyAnonymousUsers(boolean pDenyAnonymousUsers)
Sets whether or not anonymous users are denied access
|
void |
setDenyGroups(java.lang.String[] pDenyGroups)
Sets the array of "deny" group names.
|
void |
setEnabled(boolean pEnabled)
Sets whether or not access control is enabled.
|
void |
setGroupRegistry(atg.repository.nucleus.RepositoryGroupContainer pGroupRegistry)
Sets the RepositoryGroupContainer used to resolve group names.
|
addLogListener, createAdminServlet, doStopService, getAbsoluteName, getAdminServlet, getAdminServletOutputStreamEncoding, getLoggingForVlogging, getLogListenerCount, getLogListeners, getName, getNameContext, getNucleus, getRoot, getServiceConfiguration, getServiceInfo, isAdminServletUseServletOutputStream, isLoggingDebug, isLoggingError, isLoggingInfo, isLoggingTrace, isLoggingWarning, isRunning, logDebug, logDebug, logDebug, logError, logError, logError, logInfo, logInfo, logInfo, logTrace, logTrace, logTrace, logWarning, logWarning, logWarning, nameContextElementBound, nameContextElementUnbound, removeLogListener, reResolveThis, resolveName, resolveName, resolveName, resolveName, sendLogEvent, setAdminServletOutputStreamEncoding, setAdminServletUseServletOutputStream, setLoggingDebug, setLoggingError, setLoggingInfo, setLoggingTrace, setLoggingWarning, setNucleus, setServiceInfo, startService, stopService
vlogDebug, vlogDebug, vlogDebug, vlogDebug, vlogDebugTrace, vlogError, vlogError, vlogError, vlogError, vlogInfo, vlogInfo, vlogInfo, vlogInfo, vlogTrace, vlogTrace, vlogTrace, vlogTrace, vlogWarning, vlogWarning, vlogWarning, vlogWarning
public boolean isEnabled()
isEnabled
in interface atg.userprofiling.ConfigurableAccessController
public void setEnabled(boolean pEnabled)
public java.lang.String[] getAllowGroups()
public void setAllowGroups(java.lang.String[] pAllowGroups)
public java.lang.String[] getDenyGroups()
public void setDenyGroups(java.lang.String[] pDenyGroups)
public atg.repository.nucleus.RepositoryGroupContainer getGroupRegistry()
public void setGroupRegistry(atg.repository.nucleus.RepositoryGroupContainer pGroupRegistry)
public java.lang.String getDeniedAccessURL()
public void setDeniedAccessURL(java.lang.String pDeniedAccessURL)
public void setDenyAnonymousUsers(boolean pDenyAnonymousUsers)
pDenyAnonymousUsers
- if true, then anonymous
users are not allowed access to any access controlled areaspublic boolean isDenyAnonymousUsers()
protected boolean inAllowGroup(Profile pProfile)
protected boolean inDenyGroup(Profile pProfile)
public boolean allowAccess(Profile pProfile, DynamoHttpServletRequest pRequest)
allowAccess
in interface AccessController
public java.lang.String getDeniedAccessURL(Profile pProfile)
getDeniedAccessURL
in interface AccessController
public void doStartService() throws ServiceException
doStartService
in class GenericService
ServiceException
- if the service had a problem
starting up