protected Grantee createGrantee(final String value) { if (StringUtils.isEmpty(value)) { return null; } if (value.contains("@")) { return new EmailAddressGrantee(value); } else { return new CanonicalGrantee(value); } }
static AccessControlList grantFullControlToBucketOwner(ServerSideEncryptingAmazonS3 s3Client, String bucket) { final AccessControlList acl = s3Client.getBucketAcl(bucket); acl.grantAllPermissions(new Grant(new CanonicalGrantee(acl.getOwner().getId()), Permission.FullControl)); return acl; }
@Override protected void doStartElement( String uri, String name, String qName, Attributes attrs) { if (in("AccessControlPolicy")) { if (name.equals("Owner")) { accessControlList.setOwner(new Owner()); } } else if (in("AccessControlPolicy", "AccessControlList", "Grant")) { if (name.equals("Grantee")) { String type = XmlResponsesSaxParser .findAttributeValue( "xsi:type", attrs ); if ("AmazonCustomerByEmail".equals(type)) { currentGrantee = new EmailAddressGrantee(null); } else if ("CanonicalUser".equals(type)) { currentGrantee = new CanonicalGrantee(null); } else if ("Group".equals(type)) { /* * Nothing to do for GroupGrantees here since we * can't construct an empty enum value early. */ } } } }
@Override protected void doStartElement( String uri, String name, String qName, Attributes attrs) { if (in("AccessControlPolicy")) { if (name.equals("Owner")) { accessControlList.setOwner(new Owner()); } } else if (in("AccessControlPolicy", "AccessControlList", "Grant")) { if (name.equals("Grantee")) { final String type = XmlResponsesSaxParser .findAttributeValue("xsi:type", attrs); if ("AmazonCustomerByEmail".equals(type)) { currentGrantee = new EmailAddressGrantee(null); } else if ("CanonicalUser".equals(type)) { currentGrantee = new CanonicalGrantee(null); } else if ("Group".equals(type)) { /* * Nothing to do for GroupGrantees here since we can't * construct an empty enum value early. */ } } } }
protected Grantee createGrantee(final String value) { if (StringUtils.isEmpty(value)) { return null; } if (value.contains("@")) { return new EmailAddressGrantee(value); } else { return new CanonicalGrantee(value); } }
static AccessControlList grantFullControlToBucketOwner(ServerSideEncryptingAmazonS3 s3Client, String bucket) { final AccessControlList acl = s3Client.getBucketAcl(bucket); acl.grantAllPermissions(new Grant(new CanonicalGrantee(acl.getOwner().getId()), Permission.FullControl)); return acl; }
@Override protected void doStartElement( String uri, String name, String qName, Attributes attrs) { if (in("AccessControlPolicy")) { if (name.equals("Owner")) { accessControlList.setOwner(new Owner()); } } else if (in("AccessControlPolicy", "AccessControlList", "Grant")) { if (name.equals("Grantee")) { String type = XmlResponsesSaxParser .findAttributeValue( "xsi:type", attrs ); if ("AmazonCustomerByEmail".equals(type)) { currentGrantee = new EmailAddressGrantee(null); } else if ("CanonicalUser".equals(type)) { currentGrantee = new CanonicalGrantee(null); } else if ("Group".equals(type)) { /* * Nothing to do for GroupGrantees here since we * can't construct an empty enum value early. */ } } } }
@Override protected void doStartElement( String uri, String name, String qName, Attributes attrs) { if (in("AccessControlPolicy")) { if (name.equals("Owner")) { accessControlList.setOwner(new Owner()); } } else if (in("AccessControlPolicy", "AccessControlList", "Grant")) { if (name.equals("Grantee")) { final String type = XmlResponsesSaxParser .findAttributeValue("xsi:type", attrs); if ("AmazonCustomerByEmail".equals(type)) { currentGrantee = new EmailAddressGrantee(null); } else if ("CanonicalUser".equals(type)) { currentGrantee = new CanonicalGrantee(null); } else if ("Group".equals(type)) { /* * Nothing to do for GroupGrantees here since we can't * construct an empty enum value early. */ } } } }
private AccessControlList s3AclFromSyncAcl(ObjectAcl syncAcl, boolean ignoreInvalid) { AccessControlList s3Acl = new AccessControlList(); s3Acl.setOwner(new Owner(syncAcl.getOwner(), syncAcl.getOwner())); for (String user : syncAcl.getUserGrants().keySet()) { Grantee grantee = new CanonicalGrantee(user); for (String permission : syncAcl.getUserGrants().get(user)) { Permission perm = getS3Permission(permission, ignoreInvalid); if (perm != null) s3Acl.grantPermission(grantee, perm); } } for (String group : syncAcl.getGroupGrants().keySet()) { Grantee grantee = GroupGrantee.parseGroupGrantee(group); if (grantee == null) { if (ignoreInvalid) log.warn("{} is not a valid S3 group", group); else throw new RuntimeException(group + " is not a valid S3 group"); } for (String permission : syncAcl.getGroupGrants().get(group)) { Permission perm = getS3Permission(permission, ignoreInvalid); if (perm != null) s3Acl.grantPermission(grantee, perm); } } return s3Acl; }
@Test public void testSetAcl() throws Exception { String bucket = "ecs-sync-s3-test-acl"; String key = "test-object"; createBucket(bucket, true); try { String content = "hello ACLs"; s3.putObject(bucket, key, new ByteArrayInputStream(content.getBytes()), null); // 1st version AccessControlList acl = new AccessControlList(); acl.setOwner(new Owner(accessKey, accessKey)); acl.grantPermission(new CanonicalGrantee(accessKey), Permission.FullControl); acl.grantPermission(GroupGrantee.AuthenticatedUsers, Permission.Read); acl.grantPermission(GroupGrantee.AuthenticatedUsers, Permission.Write); acl.grantPermission(GroupGrantee.AllUsers, Permission.Read); PutObjectRequest putRequest = new PutObjectRequest(bucket, key, new ByteArrayInputStream(content.getBytes()), null); putRequest.setAccessControlList(acl); s3.putObject(putRequest); // 2nd version AccessControlList remoteAcl = s3.getObjectAcl(bucket, key); verifyAcls(acl, remoteAcl); } finally { try { deleteVersionedBucket(bucket); } catch (Throwable t) { log.warn("could not delete bucket: " + t.getMessage()); } } }
largeAcl.grantPermission(new CanonicalGrantee(accessKey), Permission.FullControl); largeAcl.grantPermission(GroupGrantee.AuthenticatedUsers, Permission.Read); largeAcl.grantPermission(GroupGrantee.AuthenticatedUsers, Permission.Write); midAcl.grantPermission(new CanonicalGrantee(accessKey), Permission.FullControl); midAcl.grantPermission(GroupGrantee.AuthenticatedUsers, Permission.Read); defaultAcl.grantPermission(new CanonicalGrantee(accessKey), Permission.FullControl);