Example: Declaring a new AccessControlRule instance in access-control-policy.xml

1. An <example:business-hours-acr> element is instanced within the AccessControlRuleLibrary
2. The "business hours rule" instance is referenced by a Permission for testing

<?xml version="1.0"?>
<!DOCTYPE access-control-policy SYSTEM "http://cafesoft.com/access-control-policy_1_1.dtd">

<access-control-policy>
   
   <!-- Web Resource Permissions -->
   <permission-collection type="http" desc="HTTP Server Permission">
   
      <permission desc="General Web Authentication Permissions"> 
         <resource-pattern id="http://localhost/*"/>
         <acr-ref id="granted"/>
      </permission>

      <permission desc="Resources to be accessed only during business hours"> 
         <resource-pattern id="http://localhost/business-hours-services*"/>
         <acr-ref id="business hours rule"/>
      </permission>

   </permission-collection>

   <!-- Library of Access Control Rules -->
   <acr-lib>

      <!--
         Declare the "example:business-hours-acr" AccessControlRule type.
      -->
      <acr-type
         name="example:business-hours-acr</name>
         className="examples.acrs.BusinessHoursAcr</className>
         desc="Control access by normal business hours"
      >
         <acr-persistence-manager className="examples.acrs.XmlBusinessHoursAcrPm">
            <param-list>
               <param name="debug" value="true"/>
            </param-list>
         </acr-persistence-manager>
      </acr-type>

      <!--
         This rule limits limits access to Monday-Friday 8:00 AM to 5:00 PM
      -->
      <example:business-hours-acr
			xmlns:example="http://cafesoft.com/example-business-hours-acr_1_0.dtd"
			id="business hours rule"
			desc="Limit access to M-F business hours">
         <example:business-hours start-hour="8" end-hour="17"/>
      </example:business-hours-acr>

      <!--
         This rule requires that the user be authenticated and
         belong to the "employee" role.
      -->
      <acr id="employee rule">
         <auth-rule>
            <role-constraint>
               <role-name>employee</role-name>
            </role-constraint>
         </auth-rule>
      </acr>

      <!--
         This rule requires that the user be on our Local Area Network.
      -->
      <remote-host-acr id="LAN rule">
         <accept-remote-address-constraint>
            <address>192.168.0.*</address>
         </accept-remote-address-constraint>
      </remote-host-acr>

   </acr-lib>
</access-control-policy>