Access control for an internal user is provided by the InternalProfileActor
. The following is an example of access control for an internal user:
# List of mappings between paths and AccessController objects. If a # path refers to a directory, all the documents in that directory and # its subdirectories will be protected by the given AccessController. accessControllers+=\ /rest/model/atg/userprofiling/InternalProfileActor/login= /atg/rest/userprofiling/AllAccessController, \ /rest/model/atg/userprofiling/InternalProfileActor/logout= /atg/rest/userprofiling/LoggedInAccessController, \ /rest/model/atg/userprofiling/InternalProfileActor/logout-error= /atg/rest/userprofiling/AllAccessController, \ /rest/model/atg/userprofiling/SecurityConfirmationActor= /atg/rest/userprofiling/AllAccessController, \ /rest/model/atg/rest/SessionConfirmationActor/getSessionConfirmationNumber= /atg/rest/userprofiling/AllAccessController, \ /rest/model=/atg/rest/userprofiling/NonTransientAccessController accessControllers=+\ /rest/model/atg/userprofiling/ProfileActor/logout= /atg/rest/userprofiling/LoggedInAccessController, \ /rest/model/atg/userprofiling/ProfileActor/logout-success= /atg/rest/userprofiling/AllAccessController, \ /rest/model/atg/userprofiling/ProfileActor/logout-error= /atg/rest/userprofiling/AllAccessController, \ /rest/model/atg/rest/SessionConfirmationActor/getSessionConfirmationNumber =/atg/rest/userprofiling/AllAccessController
The following example of the /atg/rest/userprofiling/LoggedInAccessController
shows how to set the access controller using the enabled
parameter, as well as which rule to use to determine access. If access is denied, the SecurityStatusActor
will identify the error and redirect the user to an error URL:
$class=atg.userprofiling.RuleAccessController enabled=true # Rules used to determine whether access should be allowed ruleSetService=/atg/rest/targeting/LoggedInRuleSetService # URL to redirect to if access is denied deniedAccessURL=/rest/model/atg/userprofiling/SecurityStatusActor/ authenticationRequired