Start line:  
End line:  

Snippet Preview

Snippet HTML Code

Stack Overflow Questions
  /*
   * Copyright 2010-2015 Amazon.com, Inc. or its affiliates. All Rights Reserved.
   *
   * Licensed under the Apache License, Version 2.0 (the "License").
   * You may not use this file except in compliance with the License.
   * A copy of the License is located at
   *
   *  http://aws.amazon.com/apache2.0
   *
  * or in the "license" file accompanying this file. This file is distributed
  * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
  * express or implied. See the License for the specific language governing
  * permissions and limitations under the License.
  */
 package com.amazonaws.auth.policy;

A principal is an AWS account or AWS web serivce, which is being allowed or denied access to a resource through an access control policy. The principal is a property of the Statement object, not directly the Policy object.

The principal is A in the statement "A has permission to do B to C where D applies."

In an access control policy statement, you can set the principal to all authenticated AWS users through the AllUsers member. This is useful when you don't want to restrict access based on the identity of the requester, but instead on other identifying characteristics such as the requester's IP address.

 
 public class Principal {

    
Principal instance that includes all users, including anonymous users.

This is useful when you don't want to restrict access based on the identity of the requester, but instead on other identifying characteristics such as the requester's IP address.

 
     public static final Principal AllUsers = new Principal("AWS""*");

    
Principal instance that includes all AWS web services.
 
     public static final Principal AllServices = new Principal("Service""*");

    
Principal instance that includes all the web identity providers.
 
     public static final Principal AllWebProviders = new Principal("Federated""*");

    
Principal instance that includes all the AWS accounts, AWS web services and web identity providers.
 
     public static final Principal All = new Principal("*""*");
 
     private final String id;
     private final String provider;

    
Constructs a new principal with the specified AWS web service which is being allowed or denied access to a resource through an access control policy.

Parameters:
service An AWS service.
 
     public Principal(Services service) {
         if (service == null) {
             throw new IllegalArgumentException("Null AWS service name specified");
         }
         = service.getServiceId();
         = "Service";
     }


    
Constructs a new principal with the specified AWS account ID. This method automatically strips hyphen characters found in the account Id.

Parameters:
accountId An AWS account ID.
 
     public Principal(String accountId) {
         this("AWS"accountId);
 
         if (accountId == null) {
             throw new IllegalArgumentException("Null AWS account ID specified");
         }
     }

    
Constructs a new principal with the specified id and provider. This method automatically strips hyphen characters found in the account ID if the provider is "AWS".
 
     public Principal(String providerString id) {
         this(provideridprovider.equals("AWS"));
     }

    
Constructs a new principal with the specified id and provider. This method optionally strips hyphen characters found in the account Id.
    public Principal(String providerString idboolean stripHyphen) {
        this. = provider;
        this. = stripHyphen ?
                id.replace("-""") : id;
    }

    
Constructs a new principal with the specified web identity provider.

Parameters:
webIdentityProvider An web identity provider.
    public Principal(WebIdentityProviders webIdentityProvider) {
        if (webIdentityProvider == null) {
            throw new IllegalArgumentException("Null web identity provider specified");
        }
        this. = webIdentityProvider.getWebIdentityProvider();
         = "Federated";
    }

    
Returns the provider for this principal, which indicates in what group of users this principal resides.

Returns:
The provider for this principal.
    public String getProvider() {
       return ;
    }

    
Returns the unique ID for this principal.

Returns:
The unique ID for this principal.
    public String getId() {
            return ;
    }

    
The services who have the right to do the assume the role action. The AssumeRole action returns a set of temporary security credentials that you can use to access resources that are defined in the role's policy. The returned credentials consist of an Access Key ID, a Secret Access Key, and a security token.
    static public enum Services {
        AWSDataPipeline("datapipeline.amazonaws.com"),
        AmazonElasticTranscoder("elastictranscoder.amazonaws.com"),
        AmazonEC2("ec2.amazonaws.com"),
        AWSOpsWorks("opsworks.amazonaws.com"),
        AWSCloudHSM("cloudhsm.amazonaws.com"),
        AllServices("*");
        private String serviceId;

        
The service which has the right to assume the role.
        private Services(String serviceId) {
            this. = serviceId;
        }
        public String getServiceId() {
            return ;
        }

        
Construct the Services object from a string representing the service id.
        public static Services fromString(String serviceId) {
            if (serviceId != null) {
                for (Services s : Services.values()) {
                    if (s.getServiceId().equalsIgnoreCase(serviceId)) {
                        return s;
                    }
                }
            }
            return null;
        }
    }

    
Web identity providers, such as Login with Amazon, Facebook, or Google.
    static public enum WebIdentityProviders {
        Facebook("graph.facebook.com"),
        Google("accounts.google.com"),
        Amazon("www.amazon.com"),
        AllProviders("*");
        private String webIdentityProvider;

        
The web identity provider which has the right to assume the role.
        private WebIdentityProviders(String webIdentityProvider) {
            this. = webIdentityProvider;
        }
        public String getWebIdentityProvider() {
            return ;
        }

        
Construct the Services object from a string representing web identity provider.
        public static WebIdentityProviders fromString(String webIdentityProvider) {
            if (webIdentityProvider != null) {
                for (WebIdentityProviders provider : WebIdentityProviders.values()) {
                    if (provider.getWebIdentityProvider().equalsIgnoreCase(webIdentityProvider)) {
                        return provider;
                    }
                }
            }
            return null;
        }
    }
    @Override
    public int hashCode() {
        final int prime = 31;
        int hashCode = 1;
        hashCode = prime * hashCode + .hashCode();
        hashCode = prime * hashCode + .hashCode();
        return hashCode;
    }
    @Override
    public boolean equals(Object principal) {
        if (this == principal) {
            return true;
        }
        if (principal == null) {
            return false;
        }
        if (principal instanceof Principal == false) {
            return false;
        }
        Principal other = (Principalprincipal;
        if (this.getProvider().equals(other.getProvider())
                && this.getId().equals(other.getId())) {
            return true;
        }
        return false;
    }
New to GrepCode? Check out our FAQ X