Portal Access Control :- This provides interfaces for retrieving,modifying and accessing control information for portal resources like Pages or Portlets.
You can retrieve the following main service interfaces through the AccessControlHome interface.
com.ibm.portal.ac.AccessControlHome
com.ibm.portal.ac.AccessControlEnvironment
Use case :- We have PageA and PageB , Ram and krishna has access to PageA but ram only has access to PageB. PageA has a link the moment we click on it user navigates to PageB. Now how can you check whether user logging in is authorized to access PageB if not do not display the link.
You can retrieve the following main service interfaces through the AccessControlHome interface.
com.ibm.portal.ac.AccessControlHome
Portal Access Control provides interfaces for retrieving and modifying and access control information of portal resources, such as portlets or pages.
com.ibm.portal.ac.AccessControlGlobalRuntimeModel
The AccessControlGlobalRuntimeModel provides read access to the current access control permissions on a resource that is registered at Portal Access Control.
com.ibm.portal.ac.AccessControlRuntimeModel
The AccessControlRuntimeModel provides read access to the current access control permissions on one specific resource.
You can use the configuration model to retrieve the hierarchy of protected resources, and also to retrieve and modify role assignments and configuration data such as role blocks. com.ibm.portal.ac.AccessControlEnvironment
The AccessControlEnvironment provides some general information about the access control configuration, for example the available role types.
com.ibm.portal.ac.ManagedProtectedResource
The ManagedProtectedResource provides read access to the access control configuration of a resource that is registered at Portal Access Control.
com.ibm.portal.ac.ManagedProtectedResourceController
The ManagedProtectedResourceController provides write access to the access control configuration of a resource that is registered at Portal Access Control.
com.ibm.portal.ac.RoleData
The RoleData provides read access to the role data of a single resource, such as role assignments.
Note: For performance reasons, make requests of the form "Is user x allowed to perform operation y on resource z ?" by using AccessControlRuntimeModel or AccessControlGlobalRuntimeModel, rather than by asking for explicit role assignments using the RoleData interface.
com.ibm.portal.ac.RoleDataControllerNote: For performance reasons, make requests of the form "Is user x allowed to perform operation y on resource z ?" by using AccessControlRuntimeModel or AccessControlGlobalRuntimeModel, rather than by asking for explicit role assignments using the RoleData interface.
The RoleDataController provides write access to the role data of a single resource, such as role assignments.
com.ibm.portal.ac.ManagedProtectedResourceModel
The ManagedProtectedResource represents the hierarchical tree model of protected resources per database domain.
Examples of how these interfaces are used are provided in the accompanying Javadoc. The following example shows how to evaluate if a principal has view permissions on a resource:Use case :- We have PageA and PageB , Ram and krishna has access to PageA but ram only has access to PageB. PageA has a link the moment we click on it user navigates to PageB. Now how can you check whether user logging in is authorized to access PageB if not do not display the link.
package com.ibm.pacexplore;
import java.io.*;
import java.util.logging.Logger;
import javax.naming.CompositeName;
import javax.naming.Context;
import javax.naming.InitialContext;
import javax.naming.Name;
import javax.naming.NamingException;
import javax.portlet.*;
import javax.servlet.ServletRequest;
import com.ibm.portal.Identifiable;
import com.ibm.portal.ObjectID;
import com.ibm.portal.ac.AccessControlEnvironment;
import com.ibm.portal.ac.AccessControlGlobalRuntimeModel;
import com.ibm.portal.ac.AccessControlHome;
import com.ibm.portal.ac.AccessControlRuntimeModel;
import com.ibm.portal.ac.data.Permission;
import com.ibm.portal.ac.data.RoleType;
import com.ibm.portal.ac.exception.AccessControlException;
import com.ibm.portal.ac.exception.MissingAccessRightsException;
import com.ibm.portal.ac.exception.SystemException;
import com.ibm.portal.um.User;
import com.ibm.wps.portlets.admin.shared.ContextUtil;
import com.ibm.ws.portletcontainer.portlet.PortletUtils;
/**
* A sample portlet
*/
public class PacExplorePortlet extends javax.portlet.GenericPortlet {
/**
* @see javax.portlet.Portlet#init()
*/
public static final Logger logger = Logger.getLogger(PacExplorePortlet.class.getName());
public void init() throws PortletException{
super.init();
}
/**
* Serve up the <code>view</code> mode.
*
* @see javax.portlet.GenericPortlet#doView(javax.portlet.RenderRequest, javax.portlet.RenderResponse)
*/
public void doView(RenderRequest request, RenderResponse response) throws PortletException, IOException {
// Set the MIME type for the render response
response.setContentType(request.getResponseContentType());
Context ctx;
Permission permission= null;
boolean isAllowed = false;
try {
ctx = new InitialContext();
//Retrieve Access controller home controller
AccessControlHome home = (AccessControlHome) ctx.lookup(AccessControlHome.JNDI_NAME);
//Retrieve page details
Name uniqueName = new CompositeName( "portal:uniquename");
uniqueName.add("PortalAcessControl");
ObjectID aUniqNameObject= (ObjectID) ctx.lookup(uniqueName);
//Access environment object to get the access role
User user = ContextUtil.getUser((ServletRequest) PortletUtils.getHttpServletRequest(request));
AccessControlEnvironment environment = home.getAccessControlEnvironment();
permission = environment.getPermission( (Identifiable) aUniqNameObject, RoleType.USER);
//Acess global runtime to check permissopns
AccessControlGlobalRuntimeModel globalModel = home.getAccessControlGlobalRuntimeModel();
isAllowed = globalModel.hasPermission(user, permission);
logger.info("isAllowed :-"+isAllowed);
} catch (NamingException e) {
// TODO Auto-generated catch block
e.printStackTrace(); }
catch (SystemException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (MissingAccessRightsException e) {
// TODO Auto-generated catch block
e.printStackTrace(); }
catch (AccessControlException e) { // TODO Auto-generated catch block
e.printStackTrace(); }
// or write to the response directly
response.getWriter().println("PacExplore#doView()");
}
/**
* Serve up the <code>edit</code> mode.
*
* @see javax.portlet.GenericPortlet#doEdit(javax.portlet.RenderRequest, javax.portlet.RenderResponse)
*/
public void doEdit(RenderRequest request, RenderResponse response) throws PortletException, IOException {
// TODO: auto-generated method stub
}
/**
* Serve up the <code>help</code> mode.
*
* @see javax.portlet.GenericPortlet#doHelp(javax.portlet.RenderRequest, javax.portlet.RenderResponse)
*/
protected void doHelp(RenderRequest request, RenderResponse response) throws PortletException, IOException {
// TODO: auto-generated method stub
}
/**
* Process an action request.
*
* @see javax.portlet.Portlet#processAction(javax.portlet.ActionRequest, javax.portlet.ActionResponse)
*/
public void processAction(ActionRequest request, ActionResponse response) throws PortletException, java.io.IOException {
// TODO: auto-generated method stub
}
}
No comments:
Post a Comment