This implementation of AccessController
performs group-based access control. Two properties, allowGroups
and denyGroups
, specify the names of the groups whose members should be allowed or denied access, respectively. A user is allowed access only if he is a member of one of the allowGroups
, but not a member of one of the denyGroups
.
If the allowGroups
property is not specified, all groups are implicitly considered to be “allow” groups. If the denyGroups
property is not specified, no groups are considered to be “deny” groups. For example, if allowGroups
is not specified and denyGroups=Kids,Teenagers
, then everybody but kids and teenagers is allowed access. If, on the other hand, the denyGroups
property is not specified and allowGroups=Kids,Teenagers
, then only kids and teenagers are allowed access.
As an example, here is a configuration for a PreferredMemberAccessController
component that allows access only to members of the GoldAccounts
group:
$class=atg.userprofiling.GroupAccessController enabled=true allowGroups=GoldAccounts groupRegistry=/atg/registry/RepositoryGroups # URL to redirect to if access is denied deniedAccessURL=http://yourserver/preferredAccessOnly.html