/** * Populates the local {@link #updatedAccessControlList} variable with ACL * details set by the user in the GUI elements. */ private void updateAccessControlList() { updatedAccessControlList = new AccessControlList(); updatedAccessControlList.setOwner(originalAccessControlList.getOwner()); for (int i = 0; i < canonicalGranteeTable.getRowCount(); i++) { GranteeInterface grantee = canonicalGranteeTableModel.getGrantee(i); Permission permission = canonicalGranteeTableModel.getPermission(i); updatedAccessControlList.grantPermission(grantee, permission); } for (int i = 0; i < emailGranteeTable.getRowCount(); i++) { GranteeInterface grantee = emailGranteeTableModel.getGrantee(i); Permission permission = emailGranteeTableModel.getPermission(i); updatedAccessControlList.grantPermission(grantee, permission); } for (int i = 0; i < groupGranteeTable.getRowCount(); i++) { GranteeInterface grantee = groupGranteeTableModel.getGrantee(i); Permission permission = groupGranteeTableModel.getPermission(i); updatedAccessControlList.grantPermission(grantee, permission); } }
/** * Returns a string representation of the ACL contents, useful for debugging. */ @Override public String toString() { return "AccessControlList [owner=" + owner + ", grants=" + Arrays.toString(getGrantAndPermissions()) + "]"; }
/** * @param grantee * the grantee to whom the permission will apply * @param permission * the permission to apply to the grantee. * @return true if the given grantee has the given permission in this ACL */ public boolean hasGranteeAndPermission(GranteeInterface grantee, Permission permission) { return getPermissionsForGrantee(grantee).contains(permission); }
@Override public void startElement(String name) { if (name.equals("Owner")) { owner = new S3Owner(); } else if (name.equals("AccessControlList")) { accessControlList = new AccessControlList(); accessControlList.setOwner(owner); insideACL = true; } }
AccessControlList acl = new AccessControlList(); S3Owner owner = new S3Owner("1234567890", "Some Name"); acl.setOwner(owner); acl.grantPermission(grantee, Permission.PERMISSION_WRITE); acl.grantPermission(grantee, Permission.PERMISSION_FULL_CONTROL); grantee = new CanonicalGrantee(); grantee.setIdentifier("aaa"); acl.grantPermission(grantee, Permission.PERMISSION_READ); grantee = GroupGrantee.ALL_USERS; acl.grantPermission(grantee, Permission.PERMISSION_READ); grantee = GroupGrantee.AUTHENTICATED_USERS; acl.grantPermission(grantee, Permission.PERMISSION_WRITE); grantee = new EmailAddressGrantee(); grantee.setIdentifier("james@test.com"); acl.grantPermission(grantee, Permission.PERMISSION_READ); grantee = new EmailAddressGrantee(); grantee.setIdentifier("james@test2.com"); acl.grantPermission(grantee, Permission.PERMISSION_FULL_CONTROL); System.out.println(updatedACL.toXml());
/** * Adds a set of grantee/permission pairs to the ACL, where each item in the set is a * {@link GrantAndPermission} object. * * @param grantAndPermissions * the grant and permission combinations to add. */ public void grantAllPermissions(GrantAndPermission[] grantAndPermissions) { for(GrantAndPermission gap : grantAndPermissions) { grantPermission(gap.getGrantee(), gap.getPermission()); } }
/** * @param list ACL from server * @return Editable ACL */ protected Acl convert(final AccessControlList list) { if(log.isDebugEnabled()) { try { log.debug(list.toXml()); } catch(ServiceException e) { log.error(e.getMessage()); } } Acl acl = new Acl(); acl.setOwner(new Acl.CanonicalUser(list.getOwner().getId(), list.getOwner().getDisplayName())); for(GrantAndPermission grant : list.getGrantAndPermissions()) { Acl.Role role = new Acl.Role(grant.getPermission().toString()); if(grant.getGrantee() instanceof CanonicalGrantee) { acl.addAll(new Acl.CanonicalUser(grant.getGrantee().getIdentifier(), ((CanonicalGrantee) grant.getGrantee()).getDisplayName(), false), role); } else if(grant.getGrantee() instanceof EmailAddressGrantee) { acl.addAll(new Acl.EmailUser(grant.getGrantee().getIdentifier()), role); } else if(grant.getGrantee() instanceof GroupGrantee) { acl.addAll(new Acl.GroupUser(grant.getGrantee().getIdentifier()), role); } } return acl; }
for (GrantAndPermission gap: logBucketACL.getGrantAndPermissions()) { if (groupIdentifier.equals(gap.getGrantee().getIdentifier())) { logBucketACL.grantPermission(GroupGrantee.LOG_DELIVERY, Permission.PERMISSION_WRITE); logBucketACL.grantPermission(GroupGrantee.LOG_DELIVERY, Permission.PERMISSION_READ_ACP); putBucketAcl(status.getTargetBucketName(), logBucketACL); } else {
bucketAcl.grantPermission(GroupGrantee.ALL_USERS, Permission.PERMISSION_READ); AccessControlList acl = new AccessControlList(); acl.grantPermission(new EmailAddressGrantee("someone@somewhere.com"), Permission.PERMISSION_FULL_CONTROL); acl.grantPermission(new CanonicalGrantee("AWS member's ID"), Permission.PERMISSION_READ_ACP); acl.grantPermission(new CanonicalGrantee("AWS member's ID"), Permission.PERMISSION_WRITE_ACP);
@Override public void setConfiguration(final Path container, final LoggingConfiguration configuration) throws BackgroundException { try { // Logging target bucket final GSBucketLoggingStatus status = new GSBucketLoggingStatus( StringUtils.isNotBlank(configuration.getLoggingTarget()) ? configuration.getLoggingTarget() : container.getName(), null); if(configuration.isEnabled()) { status.setLogfilePrefix(PreferencesFactory.get().getProperty("google.logging.prefix")); } // Grant write for Google to logging target bucket final AccessControlList acl = session.getClient().getBucketAcl(container.getName()); final GroupByEmailAddressGrantee grantee = new GroupByEmailAddressGrantee( "cloud-storage-analytics@google.com"); if(!acl.getPermissionsForGrantee(grantee).contains(Permission.PERMISSION_WRITE)) { acl.grantPermission(grantee, Permission.PERMISSION_WRITE); session.getClient().putBucketAcl(container.getName(), acl); } session.getClient().setBucketLoggingStatusImpl(container.getName(), status); } catch(ServiceException e) { throw new S3ExceptionMappingService().map("Failure to write attributes of {0}", e); } } }
/** * Sets an object's ACL details using a pre-signed PUT URL generated for that object. * This method is an implementation of the interface {@link org.jets3t.service.utils.signedurl.SignedUrlHandler}. * * @param signedAclUrl a signed URL generated with {@link org.jets3t.service.S3Service#createSignedUrl(String, String, String, String, java.util.Map, org.jets3t.service.security.ProviderCredentials, long, boolean)}. * @param acl the ACL settings to apply to the object represented by the signed URL. * @throws org.jets3t.service.ServiceException * */ public void putObjectAclWithSignedUrl(String signedAclUrl, AccessControlList acl) throws ServiceException { HttpPut putMethod = new HttpPut(signedAclUrl); if(acl != null) { String restHeaderAclValue = acl.getValueForRESTHeaderACL(); if(restHeaderAclValue != null) { putMethod.addHeader(this.getRestHeaderPrefix() + "acl", restHeaderAclValue); } else { String aclAsXml = acl.toXml(); putMethod.setEntity(new StringEntity( aclAsXml, ContentType.create("text/plain", Constants.DEFAULT_ENCODING))); } } HttpResponse httpResponse = performRequest(putMethod, new int[]{200}); // Consume response data and release connection. releaseConnection(httpResponse); }
/** * @return true if this ACL can be set via an HTTP header, rather than via an XML document. */ public boolean isRESTHeaderACL() { return getValueForRESTHeaderACL() != null; }
protected void putAclImpl(String bucketName, String objectKey, AccessControlList acl, String versionId) throws ServiceException { if(log.isDebugEnabled()) { log.debug("Setting Access Control List for bucketName=" + bucketName + ", objectKey=" + objectKey); } Map<String, String> requestParameters = new HashMap<String, String>(); requestParameters.put("acl", ""); if(versionId != null) { requestParameters.put("versionId", versionId); } Map<String, Object> metadata = new HashMap<String, Object>(); metadata.put("Content-Type", "text/plain"); String aclAsXml = acl.toXml(); metadata.put("Content-Length", String.valueOf(aclAsXml.length())); performRestPut(bucketName, objectKey, metadata, requestParameters, new StringEntity(aclAsXml, ContentType.create("text/plain", Constants.DEFAULT_ENCODING)), true); }
@Override public void startElement(String name, Attributes attrs) { if (name.equals("Owner")) { owner = new GSOwner(); } else if (name.equals("Entries")) { accessControlList = new GSAccessControlList(); accessControlList.setOwner(owner); insideACL = true; } else if (name.equals("Scope")) { scopeType = attrs.getValue("type"); if (scopeType.equals("UserById")) { currentGrantee = new UserByIdGrantee(); } else if (scopeType.equals("UserByEmail")) { currentGrantee = new UserByEmailAddressGrantee(); } else if (scopeType.equals("GroupById")) { currentGrantee = new GroupByIdGrantee(); } else if (scopeType.equals("GroupByEmail")) { currentGrantee = new GroupByEmailAddressGrantee(); } else if (scopeType.equals("GroupByDomain")) { currentGrantee = new GroupByDomainGrantee(); } else if (scopeType.equals("AllUsers")) { currentGrantee = new AllUsersGrantee(); } else if (scopeType.equals("AllAuthenticatedUsers")) { currentGrantee = new AllAuthenticatedUsersGrantee(); } } }
/** * @return * true if this ACL is a REST pre-canned one, in which case REST/HTTP implementations can use * the <tt>x-amz-acl</tt> header as a short-cut to set permissions on upload rather than using * a full ACL XML document. * * @deprecated 0.8.0 */ @Deprecated public boolean isCannedRestACL() { return isRESTHeaderACL(); }
/** * @return * an XML representation of the Access Control List object, suitable to send to * a storage service in the request body. */ public String toXml() throws ServiceException { try { return toXMLBuilder().asString(); } catch (Exception e) { throw new ServiceException("Failed to build XML document for ACL", e); } }
AccessControlList acl = new AccessControlList(); S3Owner owner = new S3Owner("1234567890", "Some Name"); acl.setOwner(owner); acl.grantPermission(grantee, Permission.PERMISSION_WRITE); acl.grantPermission(grantee, Permission.PERMISSION_FULL_CONTROL); grantee = new CanonicalGrantee(); grantee.setIdentifier("aaa"); acl.grantPermission(grantee, Permission.PERMISSION_READ); grantee = GroupGrantee.ALL_USERS; acl.grantPermission(grantee, Permission.PERMISSION_READ); grantee = GroupGrantee.AUTHENTICATED_USERS; acl.grantPermission(grantee, Permission.PERMISSION_WRITE); grantee = new EmailAddressGrantee(); grantee.setIdentifier("james@test.com"); acl.grantPermission(grantee, Permission.PERMISSION_READ); grantee = new EmailAddressGrantee(); grantee.setIdentifier("james@test2.com"); acl.grantPermission(grantee, Permission.PERMISSION_FULL_CONTROL); System.out.println(updatedACL.toXml());
/** * Adds a set of grantee/permission pairs to the ACL, where each item in the set is a * {@link GrantAndPermission} object. * * @param grantAndPermissions * the grant and permission combinations to add. */ public void grantAllPermissions(GrantAndPermission[] grantAndPermissions) { for(GrantAndPermission gap : grantAndPermissions) { grantPermission(gap.getGrantee(), gap.getPermission()); } }
for (GrantAndPermission gap: logBucketACL.getGrantAndPermissions()) { if (groupIdentifier.equals(gap.getGrantee().getIdentifier())) { logBucketACL.grantPermission(GroupGrantee.LOG_DELIVERY, Permission.PERMISSION_WRITE); logBucketACL.grantPermission(GroupGrantee.LOG_DELIVERY, Permission.PERMISSION_READ_ACP); putBucketAcl(status.getTargetBucketName(), logBucketACL); } else {
bucketAcl.grantPermission(GroupGrantee.ALL_USERS, Permission.PERMISSION_READ); AccessControlList acl = new AccessControlList(); acl.grantPermission(new EmailAddressGrantee("someone@somewhere.com"), Permission.PERMISSION_FULL_CONTROL); acl.grantPermission(new CanonicalGrantee("AWS member's ID"), Permission.PERMISSION_READ_ACP); acl.grantPermission(new CanonicalGrantee("AWS member's ID"), Permission.PERMISSION_WRITE_ACP);