Tabnine Logo
AccessControlList
Code IndexAdd Tabnine to your IDE (free)

How to use
AccessControlList
in
org.jclouds.s3.domain

Best Java code snippets using org.jclouds.s3.domain.AccessControlList (Showing top 20 results out of 315)

origin: org.apache.jclouds.api/s3

@Override
public BlobAccess getBlobAccess(String container, String name) {
 AccessControlList acl = sync.getObjectACL(container, name);
 if (acl.hasPermission(GroupGranteeURI.ALL_USERS, Permission.READ)) {
   return BlobAccess.PUBLIC_READ;
 } else {
   return BlobAccess.PRIVATE;
 }
}
origin: jclouds/legacy-jclouds

/**
* Converts a canned access control policy into the equivalent access control list.
* 
* @param cannedAP
* @param ownerId
*/
public static AccessControlList fromCannedAccessPolicy(CannedAccessPolicy cannedAP, String ownerId) {
 AccessControlList acl = new AccessControlList();
 acl.setOwner(new CanonicalUser(ownerId));
 // Canned access policies always allow full control to the owner.
 acl.addPermission(new CanonicalUserGrantee(ownerId), Permission.FULL_CONTROL);
 if (CannedAccessPolicy.PRIVATE == cannedAP) {
   // No more work to do.
 } else if (CannedAccessPolicy.AUTHENTICATED_READ == cannedAP) {
   acl.addPermission(GroupGranteeURI.AUTHENTICATED_USERS, Permission.READ);
 } else if (CannedAccessPolicy.PUBLIC_READ == cannedAP) {
   acl.addPermission(GroupGranteeURI.ALL_USERS, Permission.READ);
 } else if (CannedAccessPolicy.PUBLIC_READ_WRITE == cannedAP) {
   acl.addPermission(GroupGranteeURI.ALL_USERS, Permission.READ);
   acl.addPermission(GroupGranteeURI.ALL_USERS, Permission.WRITE);
 }
 return acl;
}
origin: jclouds/legacy-jclouds

/**
* @return an unmodifiable set of grantees who have been assigned permissions in this ACL.
*/
public Set<Grantee> getGrantees() {
 Set<Grantee> grantees = Sets.newTreeSet();
 for (Grant grant : getGrants()) {
   grantees.add(grant.getGrantee());
 }
 return Collections.unmodifiableSet(grantees);
}
origin: jclouds/legacy-jclouds

 public void run() {
   try {
    AccessControlList acl = getApi().getObjectACL(containerName, publicReadObjectKey);
    assertEquals(acl.getGrants().size(), 2);
    assertEquals(acl.getPermissions(GroupGranteeURI.ALL_USERS).size(), 1);
    assertNotNull(acl.getOwner());
    String ownerId = acl.getOwner().getId();
    assertTrue(acl.hasPermission(ownerId, Permission.FULL_CONTROL));
    assertTrue(acl.hasPermission(GroupGranteeURI.ALL_USERS, Permission.READ));
   } catch (Exception e) {
    Throwables.propagateIfPossible(e);
   }
 }
});
origin: jclouds/legacy-jclouds

private void checkGrants(AccessControlList acl) {
 String ownerId = acl.getOwner().getId();
 assertEquals(acl.getGrants().size(), 4, acl.toString());
 assertTrue(acl.hasPermission(ownerId, Permission.FULL_CONTROL), acl.toString());
 assertTrue(acl.hasPermission(GroupGranteeURI.ALL_USERS, Permission.READ), acl.toString());
 assertTrue(acl.hasPermission(ownerId, Permission.WRITE_ACP), acl.toString());
 // EmailAddressGrantee is replaced by a CanonicalUserGrantee, so we cannot test by email addr
 assertTrue(acl.hasPermission(TEST_ACL_ID, Permission.READ_ACP), acl.toString());
}
origin: jclouds/legacy-jclouds

public void testPrivateAclIsDefaultForBucket() throws InterruptedException, ExecutionException, TimeoutException,
   IOException {
 String bucketName = getContainerName();
 try {
   AccessControlList acl = getApi().getBucketACL(bucketName);
   assertEquals(acl.getGrants().size(), 1);
   assertNotNull(acl.getOwner());
   String ownerId = acl.getOwner().getId();
   assertTrue(acl.hasPermission(ownerId, Permission.FULL_CONTROL));
 } finally {
   returnContainer(bucketName);
 }
}
origin: jclouds/legacy-jclouds

  String ownerId = acl.getOwner().getId();
  assertEquals(acl.getGrants().size(), 1);
  assertTrue(acl.hasPermission(ownerId, Permission.FULL_CONTROL));
  assertEquals(acl.getGrants().size(), 4);
  assertTrue(getApi().putObjectACL(containerName, objectKey, acl));
  acl.revokeAllPermissions(new CanonicalUserGrantee(ownerId));
  if (!ownerId.equals(TEST_ACL_ID))
   acl.revokeAllPermissions(new CanonicalUserGrantee(TEST_ACL_ID));
  assertEquals(acl.getGrants().size(), 1);
  assertTrue(acl.hasPermission(GroupGranteeURI.ALL_USERS, Permission.READ));
  assertEquals(acl.getGrants().size(), 1);
  assertEquals(acl.getPermissions(ownerId).size(), 0);
  assertTrue(acl.hasPermission(GroupGranteeURI.ALL_USERS, Permission.READ), acl.toString());
} finally {
  returnContainer(containerName);
origin: jclouds/legacy-jclouds

 public void run() {
   try {
    BucketLogging newLogging = getApi().getBucketLogging(bucketName);
    assert newLogging !=null;
    AccessControlList acl = new AccessControlList();
    for (Grant grant : newLogging.getTargetGrants()) { // TODO: add permission
      // checking features to
      // bucketlogging
      acl.addPermission(grant.getGrantee(), grant.getPermission());
    }
    // EmailAddressGrantee is replaced by a CanonicalUserGrantee, so we cannot test by
    // email addr
    assertTrue(acl.hasPermission(StubS3AsyncClient.TEST_ACL_ID, Permission.FULL_CONTROL), acl.toString());
    assertEquals(logging.getTargetBucket(), newLogging.getTargetBucket());
    assertEquals(logging.getTargetPrefix(), newLogging.getTargetPrefix());
   } catch (Exception e) {
    Throwables.propagateIfPossible(e);
   }
 }
});
origin: jclouds/legacy-jclouds

 public void run() {
   try {
    AccessControlList acl = getApi().getBucketACL(bucketName + "eu");
    assertTrue(acl.hasPermission(GroupGranteeURI.ALL_USERS, Permission.READ), acl.toString());
   } catch (Exception e) {
    Throwables.propagateIfPossible(e);
   }
 }
});
origin: jclouds/legacy-jclouds

/**
* @param granteeURI
* @param permission
* @return true if the grantee has the given permission.
*/
public boolean hasPermission(URI granteeURI, String permission) {
 return getPermissions(granteeURI).contains(permission);
}
origin: jclouds/legacy-jclouds

private void addGrantsToACL(AccessControlList acl) {
 String ownerId = acl.getOwner().getId();
 acl.addPermission(GroupGranteeURI.ALL_USERS, Permission.READ);
 acl.addPermission(new EmailAddressGrantee(TEST_ACL_EMAIL), Permission.READ_ACP);
 acl.addPermission(new CanonicalUserGrantee(ownerId), Permission.WRITE_ACP);
}
origin: jclouds/legacy-jclouds

public void endElement(String uri, String name, String qName) {
 if (qName.equals("Owner")) {
   CanonicalUser owner = new CanonicalUser(currentId);
   owner.setDisplayName(currentDisplayName);
   acl.setOwner(owner);
 } else if (qName.equals("Grantee")) {
   if ("AmazonCustomerByEmail".equals(currentGranteeType)) {
    currentGrantee = new EmailAddressGrantee(currentId);
   } else if ("CanonicalUser".equals(currentGranteeType)) {
    currentGrantee = new CanonicalUserGrantee(currentId, currentDisplayName);
   } else if ("Group".equals(currentGranteeType)) {
    currentGrantee = new GroupGrantee(URI.create(currentId));
   }
 } else if (qName.equals("Grant")) {
   acl.addPermission(currentGrantee, currentPermission);
 }
 else if (qName.equals("ID") || qName.equals("EmailAddress") || qName.equals("URI")) {
   currentId = currentOrNull(currentText);
 } else if (qName.equals("DisplayName")) {
   currentDisplayName = currentOrNull(currentText);
 } else if (qName.equals("Permission")) {
   currentPermission = currentOrNull(currentText);
 }
 currentText = new StringBuilder();
}
origin: jclouds/legacy-jclouds

/**
* Replace any AmazonCustomerByEmail grantees with a somewhat-arbitrary canonical user grantee,
* to match S3 which substitutes each email address grantee with that user's corresponding ID. In
* short, although you can PUT email address grantees, these are actually subsequently returned
* by S3 as canonical user grantees.
* 
* @param acl
* @return
*/
protected AccessControlList sanitizeUploadedACL(AccessControlList acl) {
 // Replace any email address grantees with canonical user grantees, using
 // the acl's owner ID as the surrogate replacement.
 for (Grant grant : acl.getGrants()) {
   if (grant.getGrantee() instanceof EmailAddressGrantee) {
    EmailAddressGrantee emailGrantee = (EmailAddressGrantee) grant.getGrantee();
    String id = emailGrantee.getEmailAddress().equals(TEST_ACL_EMAIL) ? TEST_ACL_ID : acl.getOwner().getId();
    grant.setGrantee(new CanonicalUserGrantee(id, acl.getOwner().getDisplayName()));
   }
 }
 return acl;
}
origin: jclouds/legacy-jclouds

/**
* Add a permission for the given group grantee.
* 
* @param groupGranteeURI
* @param permission
*/
public AccessControlList addPermission(URI groupGranteeURI, String permission) {
 return addPermission(new GroupGrantee(groupGranteeURI), permission);
}
origin: jclouds/legacy-jclouds

/**
* @param granteeId
* @return the permissions assigned to a grantee, as identified by the given ID.
*/
public Collection<String> getPermissions(String granteeId) {
 Collection<Grant> grantsForGrantee = findGrantsForGrantee(granteeId);
 return Collections2.transform(grantsForGrantee, new Function<Grant, String>() {
   public String apply(Grant g) {
    return g.getPermission();
   }
 });
}
origin: jclouds/legacy-jclouds

/**
* Revoke a permission for the given group grantee, if this specific permission was granted.
* 
* Note that you must be very explicit about the permissions you revoke, you cannot revoke
* partial permissions and expect this class to determine the implied remaining permissions. For
* example, if you revoke the {@link Permission#READ} permission from a grantee with
* {@link Permission#FULL_CONTROL} access, <strong>the revocation will do nothing</strong> and
* the grantee will retain full access. To change the access settings for this grantee, you must
* first remove the {@link Permission#FULL_CONTROL} permission the add back the
* {@link Permission#READ} permission.
* 
* @param groupGranteeURI
* @param permission
*/
public AccessControlList revokePermission(URI groupGranteeURI, String permission) {
 return revokePermission(new GroupGrantee(groupGranteeURI), permission);
}
origin: jclouds/legacy-jclouds

@Test
public void testAccessControlListOwnerOnly() throws HttpException {
 String ownerId = "1a405254c932b52e5b5caaa88186bc431a1bacb9ece631f835daddaf0c47677c";
 AccessControlList acl = createParser().parse(Strings2.toInputStream(aclOwnerOnly));
 assertEquals(acl.getOwner().getId(), ownerId);
 assertEquals(acl.getOwner().getDisplayName(), "jamesmurty");
 assertEquals(acl.getPermissions(ownerId).size(), 1);
 assertTrue(acl.hasPermission(ownerId, Permission.FULL_CONTROL));
 assertEquals(acl.getGrants().size(), 1);
 assertEquals(acl.getPermissions(GroupGranteeURI.ALL_USERS).size(), 0);
 assertEquals(acl.getPermissions(GroupGranteeURI.AUTHENTICATED_USERS).size(), 0);
 assertEquals(acl.getPermissions(GroupGranteeURI.LOG_DELIVERY).size(), 0);
}
origin: jclouds/legacy-jclouds

private void checkGrants(AccessControlList acl) {
 String ownerId = acl.getOwner().getId();
 assertEquals(acl.getGrants().size(), 4, acl.toString());
 assertTrue(acl.hasPermission(ownerId, Permission.FULL_CONTROL), acl.toString());
 assertTrue(acl.hasPermission(GroupGranteeURI.ALL_USERS, Permission.READ), acl.toString());
 assertTrue(acl.hasPermission(ownerId, Permission.WRITE_ACP), acl.toString());
 // EmailAddressGrantee is replaced by a CanonicalUserGrantee, so we cannot test by email addr
 assertTrue(acl.hasPermission(StubS3AsyncClient.TEST_ACL_ID, Permission.READ_ACP), acl.toString());
}
origin: apache/jclouds

public void testPrivateAclIsDefaultForBucket() throws InterruptedException, ExecutionException, TimeoutException,
   IOException {
 String bucketName = getContainerName();
 try {
   AccessControlList acl = getApi().getBucketACL(bucketName);
   assertEquals(acl.getGrants().size(), 1);
   assertNotNull(acl.getOwner());
   String ownerId = acl.getOwner().getId();
   assertTrue(acl.hasPermission(ownerId, FULL_CONTROL));
 } finally {
   returnContainer(bucketName);
 }
}
origin: apache/jclouds

  String ownerId = acl.getOwner().getId();
  assertEquals(acl.getGrants().size(), 1);
  assertTrue(acl.hasPermission(ownerId, Permission.FULL_CONTROL));
  assertEquals(acl.getGrants().size(), 4);
  assertTrue(getApi().putObjectACL(containerName, objectKey, acl));
  acl.revokeAllPermissions(new CanonicalUserGrantee(ownerId));
  if (!ownerId.equals(TEST_ACL_ID))
   acl.revokeAllPermissions(new CanonicalUserGrantee(TEST_ACL_ID));
  assertEquals(acl.getGrants().size(), 1);
  assertTrue(acl.hasPermission(GroupGranteeURI.ALL_USERS, Permission.READ));
  assertEquals(acl.getGrants().size(), 1);
  assertEquals(acl.getPermissions(ownerId).size(), 0);
  assertTrue(acl.hasPermission(GroupGranteeURI.ALL_USERS, Permission.READ), acl.toString());
} finally {
  returnContainer(containerName);
org.jclouds.s3.domainAccessControlList

Javadoc

An Access Control List (ACL) describes the access control settings for a bucket or object in S3. ACL settings comprise a set of Grants, each of which specifies a Permission that has been granted to a specific Grantee. If an payload tries to access or modify an item in S3, the operation will be denied unless the item has ACL settings that explicitly permit that payload to perform that action.

Most used methods

  • hasPermission
  • <init>
  • addPermission
    Add a permission for the given grantee.
  • getGrants
  • getOwner
  • getPermissions
  • toString
  • findGrantsForGrantee
    Find all the grants for a given grantee, identified by an ID which allows all Grantee types to be se
  • revokePermission
    Revoke a permission for the given grantee, if this specific permission was granted. Note that you mu
  • setOwner
  • fromCannedAccessPolicy
    Converts a canned access control policy into the equivalent access control list.
  • revokeAllPermissions
    Revoke all the permissions granted to the given grantee.
  • fromCannedAccessPolicy,
  • revokeAllPermissions

Popular in Java

  • Reactive rest calls using spring rest template
  • putExtra (Intent)
  • notifyDataSetChanged (ArrayAdapter)
  • findViewById (Activity)
  • PrintWriter (java.io)
    Wraps either an existing OutputStream or an existing Writerand provides convenience methods for prin
  • System (java.lang)
    Provides access to system-related information and resources including standard input and output. Ena
  • ConnectException (java.net)
    A ConnectException is thrown if a connection cannot be established to a remote host on a specific po
  • Cipher (javax.crypto)
    This class provides access to implementations of cryptographic ciphers for encryption and decryption
  • Project (org.apache.tools.ant)
    Central representation of an Ant project. This class defines an Ant project with all of its targets,
  • Location (org.springframework.beans.factory.parsing)
    Class that models an arbitrary location in a Resource.Typically used to track the location of proble
  • Top plugins for Android Studio
Tabnine Logo
  • Products

    Search for Java codeSearch for JavaScript code
  • IDE Plugins

    IntelliJ IDEAWebStormVisual StudioAndroid StudioEclipseVisual Studio CodePyCharmSublime TextPhpStormVimGoLandRubyMineEmacsJupyter NotebookJupyter LabRiderDataGripAppCode
  • Company

    About UsContact UsCareers
  • Resources

    FAQBlogTabnine AcademyTerms of usePrivacy policyJava Code IndexJavascript Code Index
Get Tabnine for your IDE now