public class RuleAccessController extends GenericService implements atg.userprofiling.ConfigurableAccessController
ruleSetService
property, which defines the rules.
For example, if there is a RuleSetService named PreferredMembersRuleSetService,
configured with the following rule set:
<ruleset>and the
<accepts>
<rule op=eq>
<valueof target="GoldAccounts">
<valueof constant="true">
</rule>
<rule op=gt>
<valueof target="numLogins">
<valueof constant="20">
</rule>
</accepts>
</ruleset>
ruleSetService
property points to
PreferredMembersRuleSetService
, then the user
will be allowed access only if their GoldAccounts property is,
true, or if they have logged in more than 20 times. Note
that when the rules are evaluated, the user's Profile object is
used to resolve the target
expressions. Note also
that the rules should evaluate to a boolean.
The optional sourceMap
property, if provided, is
used to resolve any bean
expressions in the access
control rules. If no such expressions occur in the rules, this
property can be left null.
AccessControlServlet
,
RuleSetService
,
RuleNode
Modifier and Type | Field and Description |
---|---|
static java.lang.String |
CLASS_VERSION
Class version string
|
SERVICE_INFO_KEY
DEFAULT_LOG_TRACE_STATUS
DEFAULT_LOG_DEBUG_STATUS, DEFAULT_LOG_ERROR_STATUS, DEFAULT_LOG_INFO_STATUS, DEFAULT_LOG_WARNING_STATUS
Constructor and Description |
---|
RuleAccessController() |
Modifier and Type | Method and Description |
---|---|
boolean |
allowAccess(Profile pProfile,
DynamoHttpServletRequest pRequest)
Returns true if a user (represented by the specified Profile)
should be allowed access, false if not.
|
void |
doStartService()
Called after the service has been created, placed into the
naming hierarchy, and initialized with its configured property
values.
|
java.lang.String |
getDeniedAccessURL()
Returns the URL to go to when access is denied.
|
java.lang.String |
getDeniedAccessURL(Profile pProfile)
Returns a URL the user should be redirected to if allowAccess
returns false.
|
protected NameResolver |
getNameResolver(DynamoHttpServletRequest pRequest)
Returns a NameResolver which can be used to resolve names of
components in the access control rules.
|
atg.targeting.RuleSetService |
getRuleSetService()
Returns the RuleSetService containing access control rules.
|
TargetingSourceMap |
getSourceMap()
Returns the TargetingSourceMap used to resolve component
names in rules.
|
boolean |
isDenyAnonymousUsers()
Gets the denyAnonymousUsers property
|
boolean |
isEnabled()
Is access control enabled?
|
void |
setDeniedAccessURL(java.lang.String pDeniedAccessURL)
Sets the URL to go to when access is denied.
|
void |
setDenyAnonymousUsers(boolean pDenyAnonymousUsers)
Sets the denyAnonymousUsers property
|
void |
setEnabled(boolean pEnabled)
Sets whether or not access control is enabled.
|
void |
setRuleSetService(atg.targeting.RuleSetService pRuleSetService)
Sets the RuleSetService containing access control rules.
|
void |
setSourceMap(TargetingSourceMap pSourceMap)
Sets the TargetingSourceMap used to resolve component names
in rules.
|
addLogListener, createAdminServlet, doStopService, getAbsoluteName, getAdminServlet, getAdminServletOutputStreamEncoding, getLoggingForVlogging, getLogListenerCount, getLogListeners, getName, getNameContext, getNucleus, getRoot, getServiceConfiguration, getServiceInfo, isAdminServletUseServletOutputStream, isLoggingDebug, isLoggingError, isLoggingInfo, isLoggingTrace, isLoggingWarning, isRunning, logDebug, logDebug, logDebug, logError, logError, logError, logInfo, logInfo, logInfo, logTrace, logTrace, logTrace, logWarning, logWarning, logWarning, nameContextElementBound, nameContextElementUnbound, removeLogListener, reResolveThis, resolveName, resolveName, resolveName, resolveName, sendLogEvent, setAdminServletOutputStreamEncoding, setAdminServletUseServletOutputStream, setLoggingDebug, setLoggingError, setLoggingInfo, setLoggingTrace, setLoggingWarning, setNucleus, setServiceInfo, startService, stopService
vlogDebug, vlogDebug, vlogDebug, vlogDebug, vlogDebugTrace, vlogError, vlogError, vlogError, vlogError, vlogInfo, vlogInfo, vlogInfo, vlogInfo, vlogTrace, vlogTrace, vlogTrace, vlogTrace, vlogWarning, vlogWarning, vlogWarning, vlogWarning
public boolean isEnabled()
isEnabled
in interface atg.userprofiling.ConfigurableAccessController
public void setEnabled(boolean pEnabled)
public atg.targeting.RuleSetService getRuleSetService()
public void setRuleSetService(atg.targeting.RuleSetService pRuleSetService)
public TargetingSourceMap getSourceMap()
public void setSourceMap(TargetingSourceMap pSourceMap)
public java.lang.String getDeniedAccessURL()
public void setDeniedAccessURL(java.lang.String pDeniedAccessURL)
public void setDenyAnonymousUsers(boolean pDenyAnonymousUsers)
pDenyAnonymousUsers
- if true, then anonymous users are
automatically denied accesspublic boolean isDenyAnonymousUsers()
public boolean allowAccess(Profile pProfile, DynamoHttpServletRequest pRequest)
allowAccess
in interface AccessController
protected NameResolver getNameResolver(DynamoHttpServletRequest pRequest)
sourceMap
property is not null, its global name
resolver is returned. Otherwise, returns null.public java.lang.String getDeniedAccessURL(Profile pProfile)
getDeniedAccessURL
in interface AccessController
public void doStartService() throws ServiceException
doStartService
in class GenericService
ServiceException
- if the service had a problem
starting up