This is an abstract class that extends the AppendAclPolicy class. It provides the base implementation for policies that depend on incoming parameter values to determine access rights to the secured object. In the case of Web services, the secured object is always the Web service method. It provides a concrete implementation of getAdditionalACL that appends all the Personae returned by the abstract getPersonae method.
The abstract getPersonae method takes a map of parameter values created by the getMethodParametersFromSecuredObject method and the incoming SecuredObject instance. You can use the incoming parameter values, and the SecuredObject if necessary, to determine the Personae that should have access to the SecuredObject.
For example, a Web service might provide the ability to edit a profile. If you want to allow both the profile owner and users with the Admin role to make edits, the getPersonae method could return both Personae, resulting in an ACL that looks something like the following:
Profile$user$1234:execute;Profile$role$Admin:execute
The access rights for each persona appended to the ACL are defined in the static variable NEW_PERSONA_RIGHTS.
Important: If no Personae are returned from the getPersonae method, the ACL is appended with deny access for everyone.
Refer to the ATG Platform API Reference for information on the abstract methods for this class.
