Creating Access Control for Files on the Web Server

You can create dynamic access control to any parent folder and files under the system-defined stogroup storage root folder on your web server. In Application Designer, extend the PeopleTools-delivered PTPP_SG:ContentAuthorizorBase base class. Then, implement the Authorize method to determine whether a user is authorized to access a parent folder (or the parent folder and all subfolders) under the storage root. Then, on the Storage Group Management page, create a storage group, which serves as an alias to the storage group parent folder on the web server. This storage group associates your PeopleCode implementation to this parent folder. Finally, provide your users with the URLs to files on the web server.

Use the Storage Group Management page to create an alias to the storage group parent folder on the web server and associate your PeopleCode implementation to the parent folder.

Navigation

PeopleTools > Portal > Storage Group Management

Image: Storage Group Management page

This example illustrates the fields and controls on the Storage Group Management page. You can find definitions for the fields and controls later on this page.

Storage Group Management page

Field or Control

Definition
Storage Group Name

Enter the name for the storage group, which serves as an alias for a parent folder on the web server. A parent folder must contain one or more subfolders.
Label

Enter a label for the storage group.
Long Description

Enter a description for the storage group.
Object Owner ID

Select the ID for the object owner.
Folder Name

Enter the name of the storage group parent folder on the web server.
Root Package ID

Select the name of the application package that contains your implementation of the PTPP_SG:ContentAuthorizorBase base class.
Path

Select the names of each subpackage in the application class hierarchy that define the location of the application class. Separate subpackage names by a colon. If the class is defined in the top-level application package, enter or select the colon.
Class Name

Select the name of the application class that contains your implementation.

To set up access control, you create the storage group root folder and storage group parent folders on your web server. Then, you create a subfolder structure as needed and upload files to these subfolders on the web server.

Image: Storage groups and folders

The following diagram illustrates the relationship of the file system on the web server to the definition on the Storage Group Management page and to a URL provided to users.

Storage groups and folders

To set up access control:

  1. Create the storage group root folder under PS_CFG_HOME/peoplesoft/applications/peoplesoft/PORTAL.war/WEB-INF/. The required name for the storage group root folder is: stogroup/site_name.

    Note: Use 755 as the permissions for the folders in the storage group hierarchy.

  2. Create one or more storage group parent folders under this storage group root folder.

  3. Under each parent folder, create one or more subfolders and upload files as needed.

    Note: Files must be stored in and accessed from the subfolders, not from the storage group parent folder.

  4. In Application Designer, create a custom implementation for the PTPP_SG:ContentAuthorizorBase base class.

  5. Implement the Authorize method to return one of three authorization results for the current user: Authorized for the specified subfolder, authorized for the specified subfolder and any of its subfolders, or denied.

  6. Using the Storage Group Management page, associate your PeopleCode implementation to a parent folder on the web server.

  7. Provide users with URLs to the files that they can access on the web server using the psp servlet. For example, the URL to CS101_syllabus.pdf in the subfldr1 folder would be:

    http://webserver.example.com:8000/psp/site_name/PORTAL/NODE/p/ELM1/subfldr1/CS101_syllabus.pdf

    You can use a function provided in a delivered function library to facilitate generation of these URLs. For example, use the following PeopleCode program to generate the URL for this same CS101_syllabus.pdf file. The value returned can be assigned to a hyperlink or button, for example.

    Declare Function GetStorageGroupContentURL PeopleCode FUNCLIB_PORTAL.PTPP_SG_FUNC FieldFormula;
ViewContentURL(GetStorageGroupContentURL(%Portal, %Node, "ELM1", "subfldr1/CS101_syllabus.pdf"), True);

Syntax

GetStorageGroupContentURL(PortalName, NodeName, StorageGroupName, rel_path)

Description

Use the GetStorageGroupContentURL function to generate a private content URL for a specific file.

Parameters

Field or Control

Definition
PortalName

Specifies the portal name as a string value.
NodeName

Specifies the node name as a string value.
StorageGroupName

Specifies the storage group name as a string value.
rel_path

Specifies the relative file path from the storage group parent folder as a string value.

Returns

A string value.

Example

Declare Function GetStorageGroupContentURL PeopleCode FUNCLIB_PORTAL.PTPP_SG_FUNC FieldFormula;
ViewContentURL(GetStorageGroupContentURL(%Portal, %Node, "ELM", "course1/index.html"), True);