/** * Constructs a new access control policy condition that tests if the * incoming request was sent over a secure transport (HTTPS). * * @return A new access control policy condition that tests if the incoming * request was sent over a secure transport (HTTPS). */ public static Condition newSecureTransportCondition() { return new BooleanCondition(SECURE_TRANSPORT_CONDITION_KEY, true); }
/** * Constructs a new access control policy condition that tests the incoming * request's referer field against the specified value, using the specified * comparison type. * * @param comparisonType * The type of string comparison to perform when testing an * incoming request's referer field with the specified value. * @param value * The value against which to compare the incoming request's * referer field. * * @return A new access control policy condition that tests an incoming * request's referer field. */ public static Condition newRefererCondition(StringComparisonType comparisonType, String value) { return new StringCondition(comparisonType, REFERER_CONDITION_KEY, value); } }
return new ArnCondition(ArnComparisonType.ArnLike, SOURCE_ARN_CONDITION_KEY, arnPattern);
.withActions(SQSActions.SendMessage) .withResources(new Resource(sqsQueueArn)) .withConditions(ConditionFactory.newSourceArnCondition(snsTopicArn)));
logger.trace("condition type: {}, conditionKey: {}", condition.getType(), condition.getConditionKey()); if (condition.getType().equals(ArnCondition.ArnComparisonType.ArnLike.name()) && condition.getConditionKey().equals(ConditionFactory.SOURCE_ARN_CONDITION_KEY)) { matchingConditionFound = true; conditions.add(ConditionFactory.newSourceArnCondition(topicARN));
/** * Constructs a new access control policy condition that compares two * strings. * * @param type * The type of comparison to perform. * @param key * The access policy condition key specifying where to get the * first string for the comparison (ex: aws:UserAgent). See * {@link ConditionFactory} for a list of the condition keys * available for all services. * @param value * The second string to compare against. When using * {@link StringComparisonType#StringLike} or * {@link StringComparisonType#StringNotLike} this may contain * the multi-character wildcard (*) or the single-character * wildcard (?). */ public StringCondition(StringComparisonType type, String key, String value) { super.type = type.toString(); super.conditionKey = key; super.values = Arrays.asList(new String[] {value}); }
/** * Constructs a new access policy condition that compares two numbers. * * @param type * The type of comparison to perform. * @param key * The access policy condition key specifying where to get the * first number for the comparison. * @param value * The second number to compare against. */ public NumericCondition(NumericComparisonType type, String key, String value) { super.type = type.toString(); super.conditionKey = key; super.values = Arrays.asList(new String[] {value}); }
/** * Constructs a new access policy condition that compares the source IP * address of the incoming request to an AWS service against the specified * CIDR range. When the condition evaluates to true (i.e. when the incoming * source IP address is within the CIDR range or not) depends on the * specified {@link IpAddressComparisonType}. * <p> * For more information about CIDR IP ranges, see <a * href="http://en.wikipedia.org/wiki/CIDR_notation"> * http://en.wikipedia.org/wiki/CIDR_notation</a> * * @param type * The type of comparison to to perform. * @param ipAddressRange * The CIDR IP range involved in the policy condition. */ public IpAddressCondition(IpAddressComparisonType type, String ipAddressRange) { super.type = type.toString(); super.conditionKey = ConditionFactory.SOURCE_IP_CONDITION_KEY; super.values = Arrays.asList(new String[] {ipAddressRange}); }
/** * Constructs a new access control policy condition that compares ARNs * (Amazon Resource Names). * * @param type * The type of comparison to perform. * @param key * The access policy condition key specifying where to get the * first ARN for the comparison (ex: * {@link ConditionFactory#SOURCE_ARN_CONDITION_KEY}). * @param value * The second ARN to compare against. When using * {@link ArnComparisonType#ArnLike} or * {@link ArnComparisonType#ArnNotLike} this may contain the * multi-character wildcard (*) or the single-character wildcard * (?). */ public ArnCondition(ArnComparisonType type, String key, String value) { super.type = type.toString(); super.conditionKey = key; super.values = Arrays.asList(new String[] {value}); }
/** * Constructs a new access policy condition that compares the current time * (on the AWS servers) to the specified date. * * @param type * The type of comparison to perform. For example, * {@link DateComparisonType#DateLessThan} will cause this policy * condition to evaluate to true if the current date is less than * the date specified in the second argument. * @param date * The date to compare against. */ public DateCondition(DateComparisonType type, Date date) { super.type = type.toString(); super.conditionKey = ConditionFactory.CURRENT_TIME_CONDITION_KEY; super.values = Arrays.asList(new String[] {DateUtils.formatISO8601Date(date)}); }
/** * Constructs a new AWS access control policy condition that allows an * access control statement to restrict subscriptions to an Amazon SNS topic * based on the protocol being used for the subscription. For example, this * condition can restrict subscriptions to a topic to endpoints using HTTPS * to ensure that messages are securely delivered. * * @param protocol * The protocol against which to compare the requested protocol * for an Amazon SNS topic subscription. * * @return A new access control policy condition that compares the * notification protocol requested in a request to subscribe to an * Amazon SNS topic with the protocol value specified. */ public static Condition newProtocolCondition(String protocol) { return new StringCondition(StringComparisonType.StringEquals, PROTOCOL_CONDITION_KEY, protocol); }
/** * Constructs a new access control policy condition that tests if the * incoming request was sent over a secure transport (HTTPS). * * @return A new access control policy condition that tests if the incoming * request was sent over a secure transport (HTTPS). */ public static Condition newSecureTransportCondition() { return new BooleanCondition(SECURE_TRANSPORT_CONDITION_KEY, true); }
private void setupQueueAndTopic() { String randomSeed = UUID.randomUUID().toString(); String queueName = "glacier-archive-transfer-" + randomSeed; String topicName = "glacier-archive-transfer-" + randomSeed; queueUrl = sqs.createQueue(new CreateQueueRequest(queueName)).getQueueUrl(); topicArn = sns.createTopic(new CreateTopicRequest(topicName)).getTopicArn(); String queueARN = sqs.getQueueAttributes(new GetQueueAttributesRequest(queueUrl).withAttributeNames("QueueArn")).getAttributes().get("QueueArn"); Policy sqsPolicy = new Policy().withStatements( new Statement(Effect.Allow) .withPrincipals(Principal.AllUsers) .withActions(SQSActions.SendMessage) .withResources(new Resource(queueARN)) .withConditions(ConditionFactory.newSourceArnCondition(topicArn))); sqs.setQueueAttributes(new SetQueueAttributesRequest(queueUrl, newAttributes("Policy", sqsPolicy.toJson()))); sns.subscribe(new SubscribeRequest(topicArn, "sqs", queueARN)); }
/** * Constructs a new access control policy condition that tests the incoming * request's user agent field against the specified value, using the * specified comparison type. This condition can be used to allow or deny * access to a resource based on what user agent is specified in the * request. * * @param comparisonType * The type of string comparison to perform when testing an * incoming request's user agent field with the specified value. * @param value * The value against which to compare the incoming request's user * agent. * * @return A new access control policy condition that tests an incoming * request's user agent field. */ public static Condition newUserAgentCondition(StringComparisonType comparisonType, String value) { return new StringCondition(comparisonType, USER_AGENT_CONDITION_KEY, value); }
/** * Constructs a new access control policy condition that tests if the * incoming request was sent over a secure transport (HTTPS). * * @return A new access control policy condition that tests if the incoming * request was sent over a secure transport (HTTPS). */ public static Condition newSecureTransportCondition() { return new BooleanCondition(SECURE_TRANSPORT_CONDITION_KEY, true); }
/** * Constructs a new access policy condition that compares the requested * endpoint used to subscribe to an Amazon SNS topic with the specified * endpoint pattern. The endpoint pattern may optionally contain the * multi-character wildcard (*) or the single-character wildcard (?). * <p> * For example, this condition can restrict subscriptions to a topic to * email addresses in a certain domain ("*@my-company.com"). * * <pre class="brush: java"> * Policy policy = new Policy("MyTopicPolicy"); * policy.withStatements(new Statement("RestrictSubscriptions", Effect.Allow) * .withPrincipals(new Principal("*")).withActions(SNSActions.Subscribe) * .withResources(new Resource(myTopicArn)) * .withConditions(SNSConditionFactory.newEndpointCondition("*@my-company.com"))); * </pre> * * @param endpointPattern * The endpoint pattern against which to compare the requested * endpoint for an Amazon SNS topic subscription. * * @return A new access control policy condition that compares the endpoint * used in a request to subscribe to an Amazon SNS topic with the * endpoint pattern specified. */ public static Condition newEndpointCondition(String endpointPattern) { return new StringCondition(StringComparisonType.StringLike, ENDPOINT_CONDITION_KEY, endpointPattern); }
/** * Constructs a new access policy condition that compares an Amazon S3 * canned ACL with the canned ACL specified by an incoming request. * <p> * You can use this condition to ensure that any objects uploaded to an * Amazon S3 bucket have a specific canned ACL set. * * @param cannedAcl * The Amazon S3 canned ACL to compare against. * * @return A new access control policy condition that compares the Amazon S3 * canned ACL specified in incoming requests against the value * specified. */ public static Condition newCannedACLCondition(CannedAccessControlList cannedAcl) { return new StringCondition(StringComparisonType.StringEquals, CANNED_ACL_CONDITION_KEY, cannedAcl.toString()); }
/** * Constructs a new AWS access control policy condition that allows an * access control statement to restrict subscriptions to an Amazon SNS topic * based on the protocol being used for the subscription. For example, this * condition can restrict subscriptions to a topic to endpoints using HTTPS * to ensure that messages are securely delivered. * * @param protocol The protocol against which to compare the requested * protocol for an Amazon SNS topic subscription. * @return A new access control policy condition that compares the * notification protocol requested in a request to subscribe to an * Amazon SNS topic with the protocol value specified. */ public static Condition newProtocolCondition(String protocol) { return new StringCondition(StringComparisonType.StringEquals, PROTOCOL_CONDITION_KEY, protocol); }
/** * Constructs a new access control policy condition that tests the incoming * request's referer field against the specified value, using the specified * comparison type. * * @param comparisonType The type of string comparison to perform when * testing an incoming request's referer field with the specified * value. * @param value The value against which to compare the incoming request's * referer field. * @return A new access control policy condition that tests an incoming * request's referer field. */ public static Condition newRefererCondition(StringComparisonType comparisonType, String value) { return new StringCondition(comparisonType, REFERER_CONDITION_KEY, value); } }
/** * Constructs a new access control policy condition that tests the incoming * request's user agent field against the specified value, using the * specified comparison type. This condition can be used to allow or deny * access to a resource based on what user agent is specified in the * request. * * @param comparisonType The type of string comparison to perform when * testing an incoming request's user agent field with the * specified value. * @param value The value against which to compare the incoming request's * user agent. * @return A new access control policy condition that tests an incoming * request's user agent field. */ public static Condition newUserAgentCondition(StringComparisonType comparisonType, String value) { return new StringCondition(comparisonType, USER_AGENT_CONDITION_KEY, value); }