Example 6 with AccessControlList
use of com.aliyun.oss.model.AccessControlList in project aliyun-oss-java-sdk by aliyun.
the class SecurityTokenTest method testBucketOperationsWithToken.
@SuppressWarnings("deprecation")
@Test
public void testBucketOperationsWithToken() throws JSONException {
List<String> actions = new ArrayList<String>();
actions.add("oss:ListBuckets");
List<String> resources = new ArrayList<String>();
resources.add("acs:oss:*:" + STS_USER + ":*");
// List buckets with security token is not supported
OSSClient sessionClient = createSessionClient(actions, resources);
try {
sessionClient.listBuckets();
} catch (Exception e) {
Assert.fail(e.getMessage());
} finally {
actions.clear();
resources.clear();
sessionClient.shutdown();
}
// Delete bucket if already exists
final String bucketName = "test-bucket-operations-with-token";
actions.add("oss:DeleteBucket");
resources.add("acs:oss:*:" + STS_USER + ":" + bucketName);
sessionClient = createSessionClient(actions, resources);
try {
sessionClient.deleteBucket(bucketName);
} catch (OSSException oe) {
Assert.assertEquals(OSSErrorCode.NO_SUCH_BUCKET, oe.getErrorCode());
} catch (Exception e) {
Assert.fail(e.getMessage());
} finally {
actions.clear();
resources.clear();
sessionClient.shutdown();
}
waitForCacheExpiration(2);
// Put bucket with valid security token
actions.add("oss:PutBucket");
resources.add("acs:oss:*:" + STS_USER + ":" + bucketName);
sessionClient = createSessionClient(actions, resources);
try {
sessionClient.createBucket(bucketName);
} catch (Exception e) {
Assert.fail(e.getMessage());
} finally {
actions.clear();
resources.clear();
}
// Put unmatched bucket with valid security token
String unmatchedBucketName = bucketName + DUMMY_SUFFIX;
try {
sessionClient.createBucket(unmatchedBucketName);
} catch (OSSException e) {
Assert.assertEquals(OSSErrorCode.ACCESS_DENIED, e.getErrorCode());
Assert.assertTrue(e.getMessage().startsWith(SECURITY_TOKEN_ACCESS_DENIED_ERR));
} finally {
actions.clear();
resources.clear();
}
// Put bucket with non-existent username && valid security token
final String nonexistentUser = "non-existent-user";
actions.add("oss:PutBucket");
resources.add("acs:oss:*:" + nonexistentUser + ":" + bucketName);
sessionClient = createSessionClient(actions, resources);
try {
sessionClient.createBucket(unmatchedBucketName);
} catch (OSSException e) {
Assert.assertEquals(OSSErrorCode.ACCESS_DENIED, e.getErrorCode());
Assert.assertTrue(e.getMessage().startsWith(SECURITY_TOKEN_ACCESS_DENIED_ERR));
} finally {
actions.clear();
resources.clear();
sessionClient.shutdown();
}
// Allow anyone to trigger operations start with 'Put'
final String anyone = "*";
actions.add("oss:Put*");
resources.add("acs:oss:*:" + anyone + ":" + bucketName);
sessionClient = createSessionClient(actions, resources);
try {
sessionClient.createBucket(bucketName);
} catch (Exception e) {
Assert.fail(e.getMessage());
} finally {
actions.clear();
resources.clear();
sessionClient.shutdown();
}
// Put bucket acl
actions.add("oss:PutBucketAcl");
resources.add("acs:oss:*:" + STS_USER + ":" + bucketName);
sessionClient = createSessionClient(actions, resources);
try {
sessionClient.setBucketAcl(bucketName, CannedAccessControlList.PublicRead);
} catch (Exception e) {
Assert.fail(e.getMessage());
} finally {
actions.clear();
resources.clear();
}
try {
sessionClient.getBucketAcl(bucketName);
} catch (OSSException e) {
Assert.assertEquals(OSSErrorCode.ACCESS_DENIED, e.getErrorCode());
Assert.assertTrue(e.getMessage().startsWith(SECURITY_TOKEN_ACCESS_DENIED_ERR));
} finally {
actions.clear();
resources.clear();
sessionClient.shutdown();
}
// Get bucket acl
actions.add("oss:GetBucketAcl");
resources.add("acs:oss:*:" + STS_USER + ":" + bucketName);
sessionClient = createSessionClient(actions, resources);
try {
AccessControlList returnedAcl = sessionClient.getBucketAcl(bucketName);
Set<Grant> grants = returnedAcl.getGrants();
Assert.assertEquals(1, grants.size());
Grant grant = (Grant) grants.toArray()[0];
Assert.assertEquals(GroupGrantee.AllUsers, grant.getGrantee());
Assert.assertEquals(Permission.Read, grant.getPermission());
} catch (Exception e) {
Assert.fail(e.getMessage());
} finally {
actions.clear();
resources.clear();
}
try {
sessionClient.setBucketAcl(bucketName, CannedAccessControlList.Private);
} catch (OSSException e) {
Assert.assertEquals(OSSErrorCode.ACCESS_DENIED, e.getErrorCode());
Assert.assertTrue(e.getMessage().startsWith(SECURITY_TOKEN_ACCESS_DENIED_ERR));
} finally {
actions.clear();
resources.clear();
sessionClient.shutdown();
}
// Put bucket logging
final String targetPrefix = "bucket-logging-prefix";
actions.add("oss:PutBucketLogging");
resources.add("acs:oss:*:" + STS_USER + ":" + bucketName);
sessionClient = createSessionClient(actions, resources);
try {
SetBucketLoggingRequest request = new SetBucketLoggingRequest(bucketName);
request.setTargetBucket(bucketName);
request.setTargetPrefix(targetPrefix);
sessionClient.setBucketLogging(request);
} catch (Exception e) {
Assert.fail(e.getMessage());
} finally {
actions.clear();
resources.clear();
}
try {
sessionClient.getBucketLogging(bucketName);
} catch (OSSException e) {
Assert.assertEquals(OSSErrorCode.ACCESS_DENIED, e.getErrorCode());
Assert.assertTrue(e.getMessage().startsWith(SECURITY_TOKEN_ACCESS_DENIED_ERR));
} finally {
actions.clear();
resources.clear();
sessionClient.shutdown();
}
// Get bucket logging
actions.add("oss:GetBucketLogging");
resources.add("acs:oss:*:" + STS_USER + ":" + bucketName);
sessionClient = createSessionClient(actions, resources);
try {
BucketLoggingResult result = sessionClient.getBucketLogging(bucketName);
Assert.assertEquals(bucketName, result.getTargetBucket());
Assert.assertEquals(targetPrefix, result.getTargetPrefix());
} catch (Exception e) {
Assert.fail(e.getMessage());
} finally {
actions.clear();
resources.clear();
}
try {
SetBucketLoggingRequest request = new SetBucketLoggingRequest(bucketName);
request.setTargetBucket(bucketName);
request.setTargetPrefix(targetPrefix);
sessionClient.setBucketLogging(request);
} catch (OSSException e) {
Assert.assertEquals(OSSErrorCode.ACCESS_DENIED, e.getErrorCode());
Assert.assertTrue(e.getMessage().startsWith(SECURITY_TOKEN_ACCESS_DENIED_ERR));
} finally {
actions.clear();
resources.clear();
sessionClient.shutdown();
}
// Delete bucket logging
actions.add("oss:DeleteBucketLogging");
resources.add("acs:oss:*:" + STS_USER + ":" + bucketName);
sessionClient = createSessionClient(actions, resources);
try {
sessionClient.deleteBucketLogging(bucketName);
} catch (Exception e) {
Assert.fail(e.getMessage());
} finally {
actions.clear();
resources.clear();
sessionClient.shutdown();
}
// Put bucket website
final String indexDocument = "index.html";
final String errorDocument = "error.html";
actions.add("oss:PutBucketWebsite");
resources.add("acs:oss:*:" + STS_USER + ":" + bucketName);
sessionClient = createSessionClient(actions, resources);
try {
SetBucketWebsiteRequest request = new SetBucketWebsiteRequest(bucketName);
request.setIndexDocument(indexDocument);
request.setErrorDocument(errorDocument);
sessionClient.setBucketWebsite(request);
} catch (Exception e) {
Assert.fail(e.getMessage());
} finally {
actions.clear();
resources.clear();
sessionClient.shutdown();
}
// Put bucket referer
final String referer0 = "http://www.aliyun.com";
final String referer1 = "https://www.aliyun.com";
final String referer2 = "http://www.*.com";
final String referer3 = "https://www.?.aliyuncs.com";
actions.add("oss:PutBucketReferer");
resources.add("acs:oss:*:" + STS_USER + ":" + bucketName);
sessionClient = createSessionClient(actions, resources);
try {
// Set non-empty referer list
BucketReferer r = new BucketReferer();
List<String> refererList = new ArrayList<String>();
refererList.add(referer0);
refererList.add(referer1);
refererList.add(referer2);
refererList.add(referer3);
r.setRefererList(refererList);
sessionClient.setBucketReferer(bucketName, r);
} catch (Exception e) {
Assert.fail(e.getMessage());
} finally {
actions.clear();
resources.clear();
sessionClient.shutdown();
}
// Put bucket lifecycle
final String ruleId0 = "delete obsoleted files";
final String matchPrefix0 = "obsoleted/";
final String ruleId1 = "delete temporary files";
final String matchPrefix1 = "temporary/";
actions.add("oss:PutBucketLifecycle");
resources.add("acs:oss:*:" + STS_USER + ":" + bucketName);
sessionClient = createSessionClient(actions, resources);
try {
SetBucketLifecycleRequest request = new SetBucketLifecycleRequest(bucketName);
request.AddLifecycleRule(new LifecycleRule(ruleId0, matchPrefix0, RuleStatus.Enabled, 3));
request.AddLifecycleRule(new LifecycleRule(ruleId1, matchPrefix1, RuleStatus.Enabled, DateUtil.parseIso8601Date("2022-10-12T00:00:00.000Z")));
sessionClient.setBucketLifecycle(request);
} catch (Exception e) {
Assert.fail(e.getMessage());
} finally {
actions.clear();
resources.clear();
sessionClient.shutdown();
}
// Put bucket cors
actions.add("oss:PutBucketCors");
resources.add("acs:oss:*:" + STS_USER + ":" + bucketName);
sessionClient = createSessionClient(actions, resources);
try {
SetBucketCORSRequest request = new SetBucketCORSRequest(bucketName);
CORSRule r0 = new CORSRule();
r0.addAllowdOrigin("http://www.a.com");
r0.addAllowdOrigin("http://www.b.com");
r0.addAllowedMethod("GET");
r0.addAllowedHeader("Authorization");
r0.addExposeHeader("x-oss-test");
r0.addExposeHeader("x-oss-test1");
r0.setMaxAgeSeconds(100);
request.addCorsRule(r0);
sessionClient.setBucketCORS(request);
} catch (Exception e) {
Assert.fail(e.getMessage());
} finally {
actions.clear();
resources.clear();
sessionClient.shutdown();
}
// List objects
actions.add("oss:ListObjects");
resources.add("acs:oss:*:" + STS_USER + ":" + bucketName);
sessionClient = createSessionClient(actions, resources);
try {
ObjectListing objectListing = sessionClient.listObjects(bucketName);
Assert.assertEquals(0, objectListing.getObjectSummaries().size());
Assert.assertEquals(bucketName, objectListing.getBucketName());
Assert.assertNull(objectListing.getDelimiter());
Assert.assertNull(objectListing.getPrefix());
Assert.assertNull(objectListing.getMarker());
Assert.assertNull(objectListing.getNextMarker());
Assert.assertFalse(objectListing.isTruncated());
} catch (Exception e) {
Assert.fail(e.getMessage());
} finally {
actions.clear();
resources.clear();
sessionClient.shutdown();
}
// Cleanup bucket if already exists
actions.add("oss:DeleteBucket");
resources.add("acs:oss:*:" + STS_USER + ":" + bucketName);
sessionClient = createSessionClient(actions, resources);
try {
sessionClient.deleteBucket(bucketName);
} catch (Exception e) {
Assert.fail(e.getMessage());
} finally {
actions.clear();
resources.clear();
sessionClient.shutdown();
}
}
Also used :
CannedAccessControlList(com.aliyun.oss.model.CannedAccessControlList)
AccessControlList(com.aliyun.oss.model.AccessControlList)
Grant(com.aliyun.oss.model.Grant)
BucketLoggingResult(com.aliyun.oss.model.BucketLoggingResult)
OSSClient(com.aliyun.oss.OSSClient)
ArrayList(java.util.ArrayList)
CORSRule(com.aliyun.oss.model.SetBucketCORSRequest.CORSRule)
OSSException(com.aliyun.oss.OSSException)
ObjectListing(com.aliyun.oss.model.ObjectListing)
BucketReferer(com.aliyun.oss.model.BucketReferer)
LifecycleRule(com.aliyun.oss.model.LifecycleRule)
OSSException(com.aliyun.oss.OSSException)
IOException(java.io.IOException)
JSONException(org.codehaus.jettison.json.JSONException)
SetBucketCORSRequest(com.aliyun.oss.model.SetBucketCORSRequest)
SetBucketWebsiteRequest(com.aliyun.oss.model.SetBucketWebsiteRequest)
SetBucketLifecycleRequest(com.aliyun.oss.model.SetBucketLifecycleRequest)
SetBucketLoggingRequest(com.aliyun.oss.model.SetBucketLoggingRequest)
Test(org.junit.Test)
Example 7 with AccessControlList
use of com.aliyun.oss.model.AccessControlList in project aliyun-oss-java-sdk by aliyun.
the class CreateBucketTest method testPutWithStorageType.
@Ignore
public void testPutWithStorageType() {
final String bucketName = "bucket-with-storage-type";
CreateBucketRequest createBucketRequest = new CreateBucketRequest(bucketName);
createBucketRequest.setStorageClass(StorageClass.IA);
try {
ossClient.createBucket(createBucketRequest);
AccessControlList returnedAcl = ossClient.getBucketAcl(bucketName);
Set<Grant> grants = returnedAcl.getGrants();
Assert.assertEquals(0, grants.size());
BucketList buckets = ossClient.listBuckets(bucketName, "", 100);
Assert.assertEquals(1, buckets.getBucketList().size());
Assert.assertEquals(StorageClass.IA, buckets.getBucketList().get(0).getStorageClass());
} catch (Exception ex) {
Assert.fail(ex.getMessage());
} finally {
ossClient.deleteBucket(bucketName);
}
}
Also used :
AccessControlList(com.aliyun.oss.model.AccessControlList)
CannedAccessControlList(com.aliyun.oss.model.CannedAccessControlList)
Grant(com.aliyun.oss.model.Grant)
CreateBucketRequest(com.aliyun.oss.model.CreateBucketRequest)
BucketList(com.aliyun.oss.model.BucketList)
OSSException(com.aliyun.oss.OSSException)
Ignore(org.junit.Ignore)
Example 8 with AccessControlList
use of com.aliyun.oss.model.AccessControlList in project aliyun-oss-java-sdk by aliyun.
the class BucketAclTest method testNormalSetBucketAcl.
@Test
public void testNormalSetBucketAcl() {
final String bucketName = "normal-set-bucket-acl";
try {
ossClient.createBucket(bucketName);
for (CannedAccessControlList acl : acls) {
ossClient.setBucketAcl(bucketName, acl);
AccessControlList returnedAcl = ossClient.getBucketAcl(bucketName);
if (acl != null && !acl.equals(CannedAccessControlList.Private)) {
Set<Grant> grants = returnedAcl.getGrants();
Assert.assertEquals(1, grants.size());
Grant grant = (Grant) grants.toArray()[0];
if (acl.equals(CannedAccessControlList.PublicRead)) {
Assert.assertEquals(GroupGrantee.AllUsers, grant.getGrantee());
Assert.assertEquals(Permission.Read, grant.getPermission());
} else if (acl.equals(CannedAccessControlList.PublicReadWrite)) {
Assert.assertEquals(GroupGrantee.AllUsers, grant.getGrantee());
Assert.assertEquals(Permission.FullControl, grant.getPermission());
}
}
Assert.assertEquals(returnedAcl.getRequestId().length(), REQUEST_ID_LEN);
if (acl != null) {
Assert.assertEquals(returnedAcl.getCannedACL(), acl);
}
}
} catch (Exception e) {
Assert.fail(e.getMessage());
} finally {
ossClient.deleteBucket(bucketName);
}
}
Also used :
AccessControlList(com.aliyun.oss.model.AccessControlList)
CannedAccessControlList(com.aliyun.oss.model.CannedAccessControlList)
Grant(com.aliyun.oss.model.Grant)
CannedAccessControlList(com.aliyun.oss.model.CannedAccessControlList)
OSSException(com.aliyun.oss.OSSException)
Test(org.junit.Test)
Example 9 with AccessControlList
use of com.aliyun.oss.model.AccessControlList in project aliyun-oss-java-sdk by aliyun.
the class OSSResponseParserTest method testParseGetBucketAcl.
@SuppressWarnings("deprecation")
@Test
public void testParseGetBucketAcl() throws Exception {
String filename = "getBucketAcl.xml";
InputStream in = getInputStream(filename);
AccessControlList accessControlList = ResponseParsers.parseGetBucketAcl(in);
Assert.assertEquals("51744", accessControlList.getOwner().getId());
Assert.assertEquals("51744", accessControlList.getOwner().getDisplayName());
Assert.assertEquals(Permission.FullControl, ((Grant) (accessControlList.getGrants().toArray()[0])).getPermission());
in.close();
}
Also used :
AccessControlList(com.aliyun.oss.model.AccessControlList)
InputStream(java.io.InputStream)
Test(org.junit.Test)
Example 10 with AccessControlList
use of com.aliyun.oss.model.AccessControlList in project aliyun-oss-java-sdk by aliyun.
the class ResponseParsers method parseGetBucketAcl.
/**
* Unmarshall get bucket acl response body to ACL.
*/
public static AccessControlList parseGetBucketAcl(InputStream responseBody) throws ResponseParseException {
try {
Element root = getXmlRootElement(responseBody);
AccessControlList acl = new AccessControlList();
String id = root.getChild("Owner").getChildText("ID");
String displayName = root.getChild("Owner").getChildText("DisplayName");
Owner owner = new Owner(id, displayName);
acl.setOwner(owner);
String aclString = root.getChild("AccessControlList").getChildText("Grant");
CannedAccessControlList cacl = CannedAccessControlList.parse(aclString);
acl.setCannedACL(cacl);
switch(cacl) {
case PublicRead:
acl.grantPermission(GroupGrantee.AllUsers, Permission.Read);
break;
case PublicReadWrite:
acl.grantPermission(GroupGrantee.AllUsers, Permission.FullControl);
break;
default:
break;
}
return acl;
} catch (JDOMParseException e) {
throw new ResponseParseException(e.getPartialDocument() + ": " + e.getMessage(), e);
} catch (Exception e) {
throw new ResponseParseException(e.getMessage(), e);
}
}
Also used :
CannedAccessControlList(com.aliyun.oss.model.CannedAccessControlList)
AccessControlList(com.aliyun.oss.model.AccessControlList)
JDOMParseException(org.jdom.input.JDOMParseException)
Owner(com.aliyun.oss.model.Owner)
Element(org.jdom.Element)
ResponseParseException(com.aliyun.oss.common.parser.ResponseParseException)
CannedAccessControlList(com.aliyun.oss.model.CannedAccessControlList)
ParseException(java.text.ParseException)
JDOMParseException(org.jdom.input.JDOMParseException)
ResponseParseException(com.aliyun.oss.common.parser.ResponseParseException)
Aggregations
AccessControlList (com.aliyun.oss.model.AccessControlList)11
CannedAccessControlList (com.aliyun.oss.model.CannedAccessControlList)9
OSSException (com.aliyun.oss.OSSException)7
Grant (com.aliyun.oss.model.Grant)7
Test (org.junit.Test)6
CreateBucketRequest (com.aliyun.oss.model.CreateBucketRequest)4
BucketList (com.aliyun.oss.model.BucketList)3
Owner (com.aliyun.oss.model.Owner)2
ArrayList (java.util.ArrayList)2
Ignore (org.junit.Ignore)2
OSSClient (com.aliyun.oss.OSSClient)1
ResponseParseException (com.aliyun.oss.common.parser.ResponseParseException)1
BucketLoggingResult (com.aliyun.oss.model.BucketLoggingResult)1
BucketReferer (com.aliyun.oss.model.BucketReferer)1
LifecycleRule (com.aliyun.oss.model.LifecycleRule)1
ObjectListing (com.aliyun.oss.model.ObjectListing)1
PutObjectResult (com.aliyun.oss.model.PutObjectResult)1
SetBucketCORSRequest (com.aliyun.oss.model.SetBucketCORSRequest)1
CORSRule (com.aliyun.oss.model.SetBucketCORSRequest.CORSRule)1
SetBucketLifecycleRequest (com.aliyun.oss.model.SetBucketLifecycleRequest)1
