1. 包列表
  2. 类列表
  3. com.amazonaws.auth.policy.actions.S3Actions

Java 类com.amazonaws.auth.policy.actions.S3Actions 实例源码

项目:aws-doc-sdk-examples    文件:SetBucketPolicy.java    
public static String getPublicReadPolicy(String bucket_name)
{
    Policy bucket_policy = new Policy().withStatements(
        new Statement(Statement.Effect.Allow)
            .withPrincipals(Principal.AllUsers)
            .withActions(S3Actions.GetObject)
            .withResources(new Resource(
                "arn:aws:s3:::" + bucket_name + "/*")));
    return bucket_policy.toJson();
}
项目:herd    文件:AwsPolicyBuilder.java    
/**
 * Adds a permission to allow the specified actions to the given bucket and s3 object key. The permission will allow the given actions only to the specified
 * object key. If object key is null, the permission is applied to the bucket itself.
 *
 * @param bucketName S3 bucket name
 * @param objectKey S3 object key
 * @param actions List of actions to allow
 *
 * @return This builder
 */
@SuppressWarnings("PMD.CloseResource")
public AwsPolicyBuilder withS3(String bucketName, String objectKey, S3Actions... actions)
{
    Statement statement = new Statement(Effect.Allow);
    statement.setActions(Arrays.asList(actions));
    String resource = "arn:aws:s3:::" + bucketName;
    if (objectKey != null)
    {
        resource += "/" + objectKey;
    }
    statement.setResources(Arrays.asList(new Resource(resource)));
    policy.getStatements().add(statement);
    return this;
}
项目:herd    文件:UploadDownloadServiceImpl.java    
@SuppressWarnings("PMD.CloseResource") // These are not SQL statements so they don't need to be closed.
private Policy createUploaderPolicyNoKmsKey(String s3BucketName, String s3Key)
{
    return new AwsPolicyBuilder().withS3(s3BucketName, s3Key, S3Actions.PutObject).build();
}
项目:herd    文件:StorageUnitServiceImpl.java    
/**
 * Creates and returns a set of AWS credentials which can be used to access the S3 object indicated by the given business object data and storage.
 *
 * @param businessObjectDataKey Business object data key
 * @param createNewVersion true to create credentials for the next version up from the latest business object data, otherwise, uses specified data version
 * in data key.
 * @param storageName Name of storage to access
 * @param isUpload true if this credential is to upload, false to download
 *
 * @return Credentials which has the permissions to perform the specified actions at the specified storage.
 */
private AwsCredential getBusinessObjectDataS3Credential(BusinessObjectDataKey businessObjectDataKey, Boolean createNewVersion, String storageName,
    boolean isUpload)
{
    Assert.isTrue(StringUtils.isNotBlank(storageName), "storageName must be specified");
    Assert.isTrue(businessObjectDataKey.getBusinessObjectDataVersion() != null || createNewVersion != null,
        "One of businessObjectDataVersion or createNewVersion must be specified.");
    Assert.isTrue(businessObjectDataKey.getBusinessObjectDataVersion() == null || !Boolean.TRUE.equals(createNewVersion),
        "createNewVersion must be false or unspecified when businessObjectDataVersion is specified.");

    /*
     * Choose configurations based on whether this is an upload or download operation.
     */
    ConfigurationValue roleArnConfigurationValue;
    ConfigurationValue defaultSessionDurationConfigurationValue;
    ConfigurationValue sessionDurationConfigurationValue;
    S3Actions[] s3Actions;
    KmsActions[] kmsActions;

    if (isUpload)
    {
        roleArnConfigurationValue = ConfigurationValue.S3_ATTRIBUTE_NAME_UPLOAD_ROLE_ARN;
        defaultSessionDurationConfigurationValue = ConfigurationValue.AWS_S3_DEFAULT_UPLOAD_SESSION_DURATION_SECS;
        sessionDurationConfigurationValue = ConfigurationValue.S3_ATTRIBUTE_NAME_UPLOAD_SESSION_DURATION_SECS;
        s3Actions = new S3Actions[] {S3Actions.PutObject, S3Actions.DeleteObject};
        kmsActions = new KmsActions[] {KmsActions.GENERATE_DATA_KEY, KmsActions.DECRYPT};
    }
    else
    {
        roleArnConfigurationValue = ConfigurationValue.S3_ATTRIBUTE_NAME_DOWNLOAD_ROLE_ARN;
        defaultSessionDurationConfigurationValue = ConfigurationValue.AWS_S3_DEFAULT_DOWNLOAD_SESSION_DURATION_SECS;
        sessionDurationConfigurationValue = ConfigurationValue.S3_ATTRIBUTE_NAME_DOWNLOAD_SESSION_DURATION_SECS;
        s3Actions = new S3Actions[] {S3Actions.GetObject};
        kmsActions = new KmsActions[] {KmsActions.DECRYPT};
    }

    StorageEntity storageEntity = storageDaoHelper.getStorageEntity(storageName.trim());
    String roleArn = storageHelper.getStorageAttributeValueByName(configurationHelper.getProperty(roleArnConfigurationValue), storageEntity, true);
    Integer durationSeconds = storageHelper
        .getStorageAttributeIntegerValueByName(configurationHelper.getProperty(sessionDurationConfigurationValue), storageEntity,
            configurationHelper.getProperty(defaultSessionDurationConfigurationValue, Integer.class));
    String bucketName = storageHelper
        .getStorageAttributeValueByName(configurationHelper.getProperty(ConfigurationValue.S3_ATTRIBUTE_NAME_BUCKET_NAME), storageEntity, true);

    S3KeyPrefixInformation s3KeyPrefixInformation = getS3KeyPrefixImpl(businessObjectDataKey, null, storageName, createNewVersion);
    /*
     * Policy is different based on whether this is meant for downloading or uploading.
     * However, both uploader and downloader requires a ListBucket at the bucket level.
     */
    AwsPolicyBuilder awsPolicyBuilder =
        new AwsPolicyBuilder().withS3Prefix(bucketName, s3KeyPrefixInformation.getS3KeyPrefix(), s3Actions).withS3(bucketName, null, S3Actions.ListObjects);

    /*
     * Only add KMS policies if the storage specifies a KMS ID
     */
    String kmsKeyId = getStorageKmsKeyId(storageEntity);
    if (kmsKeyId != null)
    {
        awsPolicyBuilder.withKms(kmsKeyId.trim(), kmsActions);
    }

    Credentials credentials = stsDao
        .getTemporarySecurityCredentials(awsHelper.getAwsParamsDto(), UUID.randomUUID().toString(), roleArn, durationSeconds, awsPolicyBuilder.build());

    AwsCredential awsCredential = new AwsCredential();
    awsCredential.setAwsAccessKey(credentials.getAccessKeyId());
    awsCredential.setAwsSecretKey(credentials.getSecretAccessKey());
    awsCredential.setAwsSessionToken(credentials.getSessionToken());
    awsCredential.setAwsSessionExpirationTime(HerdDateUtils.getXMLGregorianCalendarValue(credentials.getExpiration()));
    return awsCredential;
}
项目:herd    文件:UploadDownloadServiceImpl.java    
/**
 * Creates a restricted policy JSON string which only allows PutObject to the given bucket name and object key, and allows GenerateDataKey and Decrypt for
 * the given key ID. The Decrypt is required for multipart upload with KMS encryption.
 *
 * @param s3BucketName - The S3 bucket name to restrict uploads to
 * @param s3Key - The S3 object key to restrict the uploads to
 * @param awsKmsKeyId - The KMS key ID to allow access
 *
 * @return the policy JSON string
 */
@SuppressWarnings("PMD.CloseResource") // These are not SQL statements so they don't need to be closed.
private Policy createUploaderPolicy(String s3BucketName, String s3Key, String awsKmsKeyId)
{
    return new AwsPolicyBuilder().withS3(s3BucketName, s3Key, S3Actions.PutObject).withKms(awsKmsKeyId, KmsActions.GENERATE_DATA_KEY, KmsActions.DECRYPT)
        .build();
}
项目:herd    文件:AwsPolicyBuilder.java    
/**
 * Adds a permission to allow the specified actions to the given bucket and s3 key prefix. The permissions will allow the given actions to all objects with
 * the given prefix.
 *
 * @param bucketName S3 Bucket name
 * @param prefix S3 Object key prefix
 * @param actions List of actions to allow
 *
 * @return This builder
 */
public AwsPolicyBuilder withS3Prefix(String bucketName, String prefix, S3Actions... actions)
{
    return withS3(bucketName, prefix + "/*", actions);
}
项目:herd    文件:UploadDownloadServiceImpl.java    
/**
 * Creates a restricted policy JSON string which only allows GetObject to the given bucket name and object key, and allows Decrypt for the given key ID.
 *
 * @param s3BucketName - The S3 bucket name to restrict uploads to
 * @param s3Key - The S3 object key to restrict the uploads to
 * @param awsKmsKeyId - The KMS key ID to allow access
 *
 * @return the policy JSON string
 */
@SuppressWarnings("PMD.CloseResource") // These are not SQL statements so they don't need to be closed.
private Policy createDownloaderPolicy(String s3BucketName, String s3Key, String awsKmsKeyId)
{
    return new AwsPolicyBuilder().withS3(s3BucketName, s3Key, S3Actions.GetObject).withKms(awsKmsKeyId, KmsActions.DECRYPT).build();
}
项目:herd    文件:UploadDownloadServiceImpl.java    
/**
 * Creates a restricted policy JSON string which only allows GetObject to the given bucket name and object key, and allows Decrypt for the given key ID.
 *
 * @param s3BucketName - The S3 bucket name to restrict uploads to
 * @param s3Key - The S3 object key to restrict the uploads to
 *
 * @return the policy JSON string
 */
@SuppressWarnings("PMD.CloseResource") // These are not SQL statements so they don't need to be closed.
private Policy createDownloaderPolicy(String s3BucketName, String s3Key)
{
    return new AwsPolicyBuilder().withS3(s3BucketName, s3Key, S3Actions.GetObject).build();
}