Example: Declaring a new AccessControlRule type in access-control-policy.xml
- An <acr-type> element is used to declare
the new "example:business-hours-acr" AccessControlRule type.
<?xml version="1.0"?>
<!DOCTYPE access-control-policy SYSTEM "http://cafesoft.com/access-control-policy_1_1.dtd">
<access-control-policy>
<!-- Web Resource Permissions -->
<permission-collection type="http" desc="HTTP Server Permission">
<permission desc="General Web Authentication Permissions">
<resource-pattern id="http://localhost/*"/>
<acr-ref id="granted"/>
</permission>
<permission desc="Resources to be accessed only during business hours">
<resource-pattern id="http://localhost/business-hours-services*"/>
<acr-ref id="LAN rule"/>
</permission>
</permission-collection>
<!-- Library of Access Control Rules -->
<acr-lib>
<!--
Declare the "example:business-hours-acr" AccessControlRule type.
-->
<acr-type
name="example:business-hours-acr"
className="examples.acrs.BusinessHoursAcr"
desc="Control access by normal business hours"
>
<acr-persistence-manager className="examples.acrs.XmlBusinessHoursAcrPm">
<param-list>
<param name="debug" value="true"/>
</param-list>
</acr-persistence-manager>
</acr-type>
<!--
This rule requires that the user be authenticated and
belong to the "employee" role.
-->
<acr id="employee rule">
<auth-rule>
<role-constraint>
<role-name>employee</role-name>
</role-constraint>
</auth-rule>
</acr>
<!--
This rule requires that the user be on our Local Area Network.
-->
<remote-host-acr id="LAN rule">
<accept-remote-address-constraint>
<address>192.168.0.*</address>
</accept-remote-address-constraint>
</remote-host-acr>
</acr-lib>
</access-control-policy>