Class Authorizer

  • Direct Known Subclasses:
    DefaultAuthorizer

    public abstract class Authorizer
    extends Object
    Authorizes or refuses operations on an S3 account - the decision can be based on information in the request message, details about the client, or the signature request itself.

    An example Authorizer implementation might check that a user has alread been authorized and their Principal details are available from the client information, or it might check that the correct password has been provided in an application property in the request message.

    Author:
    James Murty
    • Constructor Detail

      • Authorizer

        public Authorizer​(javax.servlet.ServletConfig servletConfig)
                   throws javax.servlet.ServletException
        Constructs an Authorizer.
        Parameters:
        servletConfig -
        Throws:
        javax.servlet.ServletException
    • Method Detail

      • allowSignatureRequest

        public abstract boolean allowSignatureRequest​(GatekeeperMessage requestMessage,
                                                      ClientInformation clientInformation,
                                                      SignatureRequest signatureRequest)
        Authorizes an operation represented by a signature request by returning true, or disallows the operation by returned false (and optionally setting a decline reason in the signature request).

        Authorization decisions can be made based on any of the inputs provided to this method.

        Parameters:
        requestMessage - the Gatekeeper request message.
        clientInformation - information about the client end-point this request was received from.
        signatureRequest - a signature request to allow or disallow.
        Returns:
        true if the request is allowed, false otherwise.
      • allowBucketListingRequest

        public abstract boolean allowBucketListingRequest​(GatekeeperMessage requestMessage,
                                                          ClientInformation clientInformation)
        Authorizes a bucket listing operation for a client as represented by a the gatekeeper request message.

        Authorization decisions can be made based on any of the inputs provided to this method.

        Parameters:
        requestMessage - the Gatekeeper request message.
        clientInformation - information about the client end-point this request was received from.
        Returns:
        true if the request is allowed, false otherwise.