Basic Customization > User Interface Customization > Presenting Information in the UI > URL Authorization
  
URL Authorization
Objective
You want to use a consistent process for validating authorization to view a URL and present a uniform error page when an unauthorized view is attempted.
Background
A framework is available in Windchill that can be used to apply additional access control verification on JCA and Template Processor based pages. When this validation process is enforced on a URL, unauthorized attempts to view the page cause a consistent error page to display. This validation process is enforced on utility pages out of the box. You can extend this capability to other Windchill pages by authoring a custom URL validator.
Scope/Applicability/Assumptions
The URL validation process can be extended to JCA and Template Processor pages only. Extending this functionality to GWT-based pages is not supported.
Intended Outcome
Before a page is displayed, you are able to determine whether or not the user is authorized to view a page when they access it from a known URL. If they are denied access, a consistent error page is displayed.
Solution
Author a custom URL validator for the page to which you want to extend the URL validation process.
Prerequisite Knowledge
To achieve this objective, you need to have an understanding of JCA or Template Processor pages, depending on the type of the page for which you are creating a custom URL validator. You will also need to know the Component ID for the URL of the page for which you wish to restrict access.
Solution Elements
Your custom validator should extend com.ptc.core.ui.validation.DefaultURLValidator
You can override an existing out-of-the-box validator with your own custom validator. To do this, register your validator for the URL in WT_HOME/codebase/config/urlValidators/custom-validators.xml
Override public UIValidationStatuspreValidateAction (UIValidationKey validationKey, UIValidationCriteria validationCriteria) method.
UIValidationStatus.PERMITTED means that the URL is accessible and all other statuses means the URL is not accessible
Note that the URL Validation service will not execute other available methods in DefaultURLValidator.
Possible attributes of urlvalidator elements are listed in the following table.
Parameter
Default Value
Possible Values
Required?
Description
url
n/a
Any combination of alpha-numeric characters
Yes
The Component ID for the URL for which the validator need to be registered
requestor
n/a
A valid Java class
No
The context type of the validator. This is required if your request is type-based (for example, /tcomp/infoPage/)
class
n/a
Validator class
No
Your validator
uicomponent
n/a
No
References entry in roleaccessprefs.xml (uic.name) to specify role-based access.
* 
Either uicomponent or class is required, otherwise an error will log in the MS server start-up.