Start line:  
End line:  

Snippet Preview

Snippet HTML Code

Stack Overflow Questions
  /*
   * Copyright 2010-2015 Amazon.com, Inc. or its affiliates. All Rights Reserved.
   *
   * Portions copyright 2006-2009 James Murty. Please see LICENSE.txt
   * for applicable license terms and NOTICE.txt for applicable notices.
   *
   * Licensed under the Apache License, Version 2.0 (the "License").
   * You may not use this file except in compliance with the License.
   * A copy of the License is located at
  *
  *  http://aws.amazon.com/apache2.0
  *
  * or in the "license" file accompanying this file. This file is distributed
  * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
  * express or implied. See the License for the specific language governing
  * permissions and limitations under the License.
  */
 package com.amazonaws.services.s3.model;
 
 import java.util.List;
 import java.util.Set;

Represents an Amazon S3 Access Control List (ACL), including the ACL's set of grantees and the permissions assigned to each grantee.

Each bucket and object in Amazon S3 has an ACL that defines its access control policy. When a request is made, Amazon S3 authenticates the request using its standard authentication procedure and then checks the ACL to verify the sender was granted access to the bucket or object. If the sender is approved, the request proceeds. Otherwise, Amazon S3 returns an error.

An ACL contains a list of grants. Each grant consists of one grantee and one permission. ACLs only grant permissions; they do not deny them.

For convenience, some commonly used ACLs are defined in CannedAccessControlList.

Note: Bucket and object ACLs are completely independent; an object does not inherit an ACL from its bucket. For example, if you create a bucket and grant write access to another user, you will not be able to access the user's objects unless the user explicitly grants access. This also applies if you grant anonymous write access to a bucket. Only the user "anonymous" will be able to access objects the user created unless permission is explicitly granted to the bucket owner.

Important: Do not grant the anonymous group write access to buckets, as you will have no control over the objects others can store and their associated charges. For more information, see Grantee and java.security.Permissions.

 
 public class AccessControlList implements Serializable {
     private static final long serialVersionUID = 8095040648034788376L;
 
     // grant set is maintained for backwards compatibility. Both grantSet and
     // grantList cannot be non null at the same time.
     private Set<GrantgrantSet;
     private List<GrantgrantList;
     private Owner owner = null;

    
Gets the owner of the AccessControlList.

Every bucket and object in Amazon S3 has an owner, the user that created the bucket or object. The owner of a bucket or object cannot be changed. However, if the object is overwritten by another user (deleted and rewritten), the new object will have a new owner.

Note: Even the owner is subject to the access control list (ACL). For example, if an owner does not have Permission.Read access to an object, the owner cannot read that object. However, the owner of an object always has write access to the access control policy (Permission.WriteAcp) and can change the ACL to read the object.

Returns:
The owner for this AccessControlList.
 
     public Owner getOwner() {
         return ;
     }

    
For internal use only. Sets the owner on this access control list (ACL). This method is only intended for internal use by the library. The owner of a bucket or object cannot be changed. However the object can be overwritten by the new desired owner (deleted and rewritten).

Parameters:
owner The owner for this ACL.
    public void setOwner(Owner owner) {
        this. = owner;
    }

    
Adds a grantee to the access control list (ACL) with the given permission. If this access control list already contains the grantee (i.e. the same grantee object) the permission for the grantee will be updated.

Parameters:
grantee The grantee to whom the permission will apply.
permission The permission to apply to the grantee.
    public void grantPermission(Grantee granteePermission permission) {
        getGrantsAsList().add(new Grant(granteepermission));
    }

    
Adds a set of grantee/permission pairs to the access control list (ACL), where each item in the set is a Grant object.

Parameters:
grantsVarArg A collection of Grant objects
    public void grantAllPermissions(Grant... grantsVarArg) {
        for (Grant gap : grantsVarArg) {
            grantPermission(gap.getGrantee(), gap.getPermission());
        }
    }

    
Revokes the permissions of a grantee by removing the grantee from the access control list (ACL).

Parameters:
grantee The grantee to remove from this ACL.
    public void revokeAllPermissions(Grantee grantee) {
        ArrayList<GrantgrantsToRemove = new ArrayList<Grant>();
        List<GrantexistingGrants = getGrantsAsList();
        for (Grant gap : existingGrants) {
            if (gap.getGrantee().equals(grantee)) {
                grantsToRemove.add(gap);
            }
        }
        .removeAll(grantsToRemove);
    }

    
Gets the set of Grant objects in this access control list (ACL).

Deprecated:
This will remove the duplicate grants if received from Amazon S3. Use getGrantsAsList() instead.
Returns:
The set of Grant objects in this ACL.
    @Deprecated
    public Set<GrantgetGrants() {
        checkState();
        if ( == null) {
            if ( == null) {
                 = new HashSet<Grant>();
            } else {
                 = new HashSet<Grant>();
                 = null;
            }
        }
        return ;
    }

    
Both grant set and grant list cannot be null at the same time.
    private void checkState() {
        if ( != null &&  != null) {
            throw new IllegalStateException(
                    "Both grant set and grant list cannot be null");
        }
    }


    
Gets the list of Grant objects in this access control list (ACL).

Returns:
The list of Grant objects in this ACL.
    public List<GrantgetGrantsAsList() {
        checkState();
        if ( == null) {
            if ( == null) {
                 = new LinkedList<Grant>();
            } else {
                 = new LinkedList<Grant>();
                 = null;
            }
        }
        return ;
    }
    public String toString() {
        return "AccessControlList [owner=" +  + ", grants=" + getGrantsAsList() + "]";
    }
New to GrepCode? Check out our FAQ X