+

Search Tips   |   Advanced Search


Portal Access Control SPI

The Portal Access Control (PAC) System Programming Interface (SPI) retrieves and modifies access control information of portal resources that are managed by Portal Access Control.

For example, such resources can be portlets or pages.

You can retrieve the main service interfaces listed below through the AccessControlHome interface. You can use the runtime model of Portal Access Control to evaluate whether a user is allowed to perform a specific operation.

For example, you can evaluate whether the user who triggered the request is allowed to do that.

com.ibm.portal.ac.AccessControlGlobalRuntimeModel

The AccessControlGlobalRuntimeModel provides read access to the current access control permissions on a resource that is registered at Portal Access Control.

com.ibm.portal.ac.AccessControlRuntimeModel

The AccessControlRuntimeModel provides read access to the current access control permissions on one specific resource.

You can use the configuration model to retrieve the hierarchy of protected resources, and also to retrieve and modify role assignments and configuration data such as role blocks.

com.ibm.portal.ac.AccessControlEnvironment

The AccessControlEnvironment provides some general information about the access control configuration, for example the available role types.

com.ibm.portal.ac.ManagedProtectedResource

The ManagedProtectedResource provides read access to the access control configuration of a resource that is registered at Portal Access Control.

com.ibm.portal.ac.ManagedProtectedResourceController

The ManagedProtectedResourceController provides write access to the access control configuration of a resource that is registered at Portal Access Control.

com.ibm.portal.ac.RoleData

The RoleData provides read access to the role data of a single resource, such as role assignments.

For performance reasons, make requests of the form "Is user x allowed to perform operation y on resource z ?" by using AccessControlRuntimeModel or AccessControlGlobalRuntimeModel, rather than by asking for explicit role assignments using the RoleData interface.

com.ibm.portal.ac.RoleDataController

The RoleDataController provides write access to the role data of a single resource, such as role assignments.

com.ibm.portal.ac.ManagedProtectedResourceModel

The ManagedProtectedResource represents the hierarchical tree model of protected resources per database domain.
Examples of how these interfaces are used are provided in the accompanying Javadoc. The following example shows how to evaluate if a principal has view permissions on a resource:

Identifiable resource = ... ; // some resource, for example a portlet Principal bob = ... ; // some principal, for example Bob Context ctx = new InitialContext(); AccessControlHome home = (AccessControlHome) ctx.lookup(AccessControlHome.JNDI_NAME); AccessControlRuntimeModel runtimeModel = home.getAccessControlRuntimeModel(resource); boolean isAllowed = runtimeModel.isAllowed(bob, RoleType.USER);

// the following is equivalent AccessControlEnvironment environment = home.getAccessControlEnvironment(); Permission permission = environment.getPermission(resource, RoleType.USER); AccessControlGlobalRuntimeModel gobalModel = home.getAccessControlGlobalRuntimeModel(); isAllowed = globalModel.hasPermission(bob, permission); 


Parent topic:

Develop portlets