Example 1 with Grant
use of com.pspace.ifs.ksan.gw.format.AccessControlPolicy.AccessControlList.Grant in project ksan by infinistor.
the class CopyObject method process.
@Override
public void process() throws GWException {
logger.info(GWConstants.LOG_COPY_OBJECT_START);
String bucket = s3Parameter.getBucketName();
initBucketInfo(bucket);
String object = s3Parameter.getObjectName();
S3Bucket s3Bucket = new S3Bucket();
s3Bucket.setCors(getBucketInfo().getCors());
s3Bucket.setAccess(getBucketInfo().getAccess());
s3Parameter.setBucket(s3Bucket);
GWUtils.checkCors(s3Parameter);
if (s3Parameter.isPublicAccess() && GWUtils.isIgnorePublicAcls(s3Parameter)) {
throw new GWException(GWErrorCode.ACCESS_DENIED, s3Parameter);
}
checkGrantBucket(s3Parameter.isPublicAccess(), String.valueOf(s3Parameter.getUser().getUserId()), GWConstants.GRANT_WRITE);
try {
object = URLDecoder.decode(object, GWConstants.CHARSET_UTF_8);
} catch (UnsupportedEncodingException e) {
PrintStack.logging(logger, e);
throw new GWException(GWErrorCode.SERVER_ERROR, s3Parameter);
}
DataCopyObject dataCopyObject = new DataCopyObject(s3Parameter);
dataCopyObject.extract();
String cacheControl = dataCopyObject.getCacheControl();
String contentDisposition = dataCopyObject.getContentDisposition();
String contentEncoding = dataCopyObject.getContentEncoding();
String contentLanguage = dataCopyObject.getContentLanguage();
String contentType = dataCopyObject.getContentType();
String contentLengthString = dataCopyObject.getContentLength();
String metadataDirective = dataCopyObject.getMetadataDirective();
String serversideEncryption = dataCopyObject.getServerSideEncryption();
String copySource = dataCopyObject.getCopySource();
String copySourceIfMatch = dataCopyObject.getCopySourceIfMatch();
String copySourceIfNoneMatch = dataCopyObject.getCopySourceIfNoneMatch();
String copySourceIfModifiedSince = dataCopyObject.getCopySourceIfModifiedSince();
String copySourceIfUnmodifiedSince = dataCopyObject.getCopySourceIfUnmodifiedSince();
String expires = dataCopyObject.getExpires();
String customerAlgorithm = dataCopyObject.getServerSideEncryptionCustomerAlgorithm();
String customerKey = dataCopyObject.getServerSideEncryptionCustomerKey();
String customerKeyMD5 = dataCopyObject.getServerSideEncryptionCustomerKeyMD5();
String context = dataCopyObject.getServerSideEncryptionContext();
String bucketKeyEnabled = dataCopyObject.getServerSideEncryptionBucketKeyEnabled();
String copySourceCustomerAlgorithm = dataCopyObject.getCopySourceServerSideEncryptionCustomerAlgorithm();
String copySourceCustomerKey = dataCopyObject.getCopySourceServerSideEncryptionCustomerKey();
String copySourceCustomerKeyMD5 = dataCopyObject.getCopySourceServerSideEncryptionCustomerKeyMD5();
Map<String, String> userMetadata = dataCopyObject.getUserMetadata();
// Check copy source
if (Strings.isNullOrEmpty(copySource)) {
logger.error(GWConstants.LOG_COPY_SOURCE_IS_NULL);
throw new GWException(GWErrorCode.BAD_REQUEST, s3Parameter);
}
try {
copySource = URLDecoder.decode(copySource, GWConstants.CHARSET_UTF_8);
} catch (UnsupportedEncodingException e) {
PrintStack.logging(logger, e);
throw new GWException(GWErrorCode.SERVER_ERROR, s3Parameter);
}
if (copySource.startsWith(GWConstants.SLASH)) {
copySource = copySource.substring(1);
} else if (copySource.contains(GWConstants.S3_ARN)) {
logger.error(GWConstants.LOG_COPY_SOURCE_IS_NOT_IMPLEMENTED, copySource);
throw new GWException(GWErrorCode.NOT_IMPLEMENTED, s3Parameter);
}
String[] sourcePath = copySource.split(GWConstants.SLASH, 2);
if (sourcePath.length != 2) {
throw new GWException(GWErrorCode.INVALID_ARGUMENT, s3Parameter);
}
String srcBucket = sourcePath[0];
String srcObjectName = sourcePath[1];
String srcVersionId = null;
setSrcBucket(srcBucket);
if (srcObjectName.contains(GWConstants.SUB_PARAMETER_VERSIONID) == true) {
String[] source = sourcePath[1].split(GWConstants.PARAMETER_BACKSLASH_VERSIONID, 2);
srcObjectName = source[0];
srcVersionId = source[1].replaceAll(GWConstants.DOUBLE_QUOTE, "");
}
s3Parameter.setSrcBucketName(srcBucket);
s3Parameter.setSrcVersionId(srcVersionId);
s3Parameter.setSrcPath(srcObjectName);
logger.debug(GWConstants.LOG_SOURCE_INFO, srcBucket, srcObjectName, srcVersionId);
String versioningStatus = getBucketVersioning(srcBucket);
Metadata srcMeta = null;
if (GWConstants.VERSIONING_ENABLED.equalsIgnoreCase(versioningStatus)) {
if (!Strings.isNullOrEmpty(srcVersionId) && !GWConstants.VERSIONING_DISABLE_TAIL.equals(srcVersionId)) {
srcMeta = open(srcBucket, srcObjectName, srcVersionId);
} else {
srcMeta = open(srcBucket, srcObjectName);
}
} else {
srcMeta = open(srcBucket, srcObjectName);
}
srcVersionId = srcMeta.getVersionId();
srcMeta.setAcl(GWUtils.makeOriginalXml(srcMeta.getAcl(), s3Parameter));
checkGrantObject(s3Parameter.isPublicAccess(), srcMeta, String.valueOf(s3Parameter.getUser().getUserId()), GWConstants.GRANT_READ);
// get metadata
S3Metadata s3Metadata = null;
ObjectMapper objectMapper = new ObjectMapper();
try {
s3Metadata = objectMapper.readValue(srcMeta.getMeta(), S3Metadata.class);
} catch (JsonProcessingException e) {
PrintStack.logging(logger, e);
throw new GWException(GWErrorCode.INTERNAL_SERVER_ERROR, s3Parameter);
}
// Check match
if (!Strings.isNullOrEmpty(copySourceIfMatch)) {
logger.debug(GWConstants.LOG_SOURCE_ETAG_MATCH, s3Metadata.getETag(), copySourceIfMatch.replace(GWConstants.DOUBLE_QUOTE, ""));
if (!GWUtils.maybeQuoteETag(s3Metadata.getETag()).equals(copySourceIfMatch.replace(GWConstants.DOUBLE_QUOTE, ""))) {
throw new GWException(GWErrorCode.PRECONDITION_FAILED, s3Parameter);
}
}
if (!Strings.isNullOrEmpty(copySourceIfNoneMatch)) {
logger.debug(GWConstants.LOG_SOURCE_ETAG_MATCH, s3Metadata.getETag(), copySourceIfNoneMatch.replace(GWConstants.DOUBLE_QUOTE, ""));
if (GWUtils.maybeQuoteETag(s3Metadata.getETag()).equals(copySourceIfNoneMatch.replace(GWConstants.DOUBLE_QUOTE, ""))) {
throw new GWException(GWErrorCode.DOES_NOT_MATCH, String.format(GWConstants.LOG_ETAG_IS_MISMATCH), s3Parameter);
}
}
if (!Strings.isNullOrEmpty(copySourceIfModifiedSince)) {
long copySourceIfModifiedSinceLong = Long.parseLong(copySourceIfModifiedSince);
if (copySourceIfModifiedSinceLong != -1) {
Date modifiedSince = new Date(copySourceIfModifiedSinceLong);
if (s3Metadata.getLastModified().before(modifiedSince)) {
throw new GWException(GWErrorCode.DOES_NOT_MATCH, String.format(GWConstants.LOG_MATCH_BEFORE, s3Metadata.getLastModified(), modifiedSince), s3Parameter);
}
}
}
if (!Strings.isNullOrEmpty(copySourceIfUnmodifiedSince)) {
long copySourceIfUnmodifiedSinceLong = Long.parseLong(copySourceIfUnmodifiedSince);
if (copySourceIfUnmodifiedSinceLong != -1) {
Date unmodifiedSince = new Date(copySourceIfUnmodifiedSinceLong);
if (s3Metadata.getLastModified().after(unmodifiedSince)) {
throw new GWException(GWErrorCode.PRECONDITION_FAILED, String.format(GWConstants.LOG_MATCH_AFTER, s3Metadata.getLastModified(), unmodifiedSince), s3Parameter);
}
}
}
accessControlPolicy = new AccessControlPolicy();
accessControlPolicy.aclList = new AccessControlList();
accessControlPolicy.aclList.grants = new ArrayList<Grant>();
accessControlPolicy.owner = new Owner();
accessControlPolicy.owner.id = String.valueOf(s3Parameter.getUser().getUserId());
accessControlPolicy.owner.displayName = s3Parameter.getUser().getUserName();
String aclXml = GWUtils.makeAclXml(accessControlPolicy, null, dataCopyObject.hasAclKeyword(), null, dataCopyObject.getAcl(), getBucketInfo(), String.valueOf(s3Parameter.getUser().getUserId()), s3Parameter.getUser().getUserName(), dataCopyObject.getGrantRead(), dataCopyObject.getGrantWrite(), dataCopyObject.getGrantFullControl(), dataCopyObject.getGrantReadAcp(), dataCopyObject.getGrantWriteAcp(), s3Parameter);
boolean bReplaceMetadata = false;
logger.debug(GWConstants.LOG_COPY_OBJECT_METADATA_DIRECTIVE, metadataDirective);
if (!Strings.isNullOrEmpty(metadataDirective) && metadataDirective.equalsIgnoreCase(GWConstants.REPLACE)) {
bReplaceMetadata = true;
}
s3Metadata.setOwnerId(String.valueOf(s3Parameter.getUser().getUserId()));
s3Metadata.setOwnerName(s3Parameter.getUser().getUserName());
if (userMetadata.size() > 0) {
for (String key : userMetadata.keySet()) {
logger.info(GWConstants.LOG_COPY_OBJECT_USER_METADATA, key, userMetadata.get(key));
}
if (bReplaceMetadata) {
logger.info(GWConstants.LOG_COPY_OBJECT_REPLACE_USER_METADATA, userMetadata.toString());
s3Metadata.setUserMetadataMap(userMetadata);
}
}
if (!Strings.isNullOrEmpty(cacheControl) && bReplaceMetadata) {
s3Metadata.setCacheControl(cacheControl);
}
if (!Strings.isNullOrEmpty(contentDisposition) && bReplaceMetadata) {
s3Metadata.setContentDisposition(contentDisposition);
}
if (!Strings.isNullOrEmpty(contentEncoding) && bReplaceMetadata) {
s3Metadata.setContentEncoding(contentEncoding);
}
if (!Strings.isNullOrEmpty(contentLanguage) && bReplaceMetadata) {
s3Metadata.setContentLanguage(contentLanguage);
}
if (!Strings.isNullOrEmpty(contentType) && bReplaceMetadata) {
s3Metadata.setContentType(contentType);
}
if (Strings.isNullOrEmpty(contentLengthString)) {
logger.error(GWErrorCode.MISSING_CONTENT_LENGTH.getMessage());
throw new GWException(GWErrorCode.MISSING_CONTENT_LENGTH, s3Parameter);
}
/*else {
try {
long contentLength = Long.parseLong(contentLengthString);
s3Metadata.setContentLength(contentLength);
} catch (NumberFormatException e) {
logger.error(e.getMessage());
throw new S3Exception(S3ErrorCode.INVALID_ARGUMENT, e);
}
}*/
String jsonmeta = "";
// update
if (s3Parameter.getSrcBucketName().equals(bucket) && s3Parameter.getSrcPath().equals(object)) {
if (!Strings.isNullOrEmpty(metadataDirective) && bReplaceMetadata) {
// update metadata
try {
S3Metadata metaClass = objectMapper.readValue(srcMeta.getMeta(), S3Metadata.class);
s3Metadata.setTier(GWConstants.AWS_TIER_STANTARD);
s3Metadata.setContentLength(metaClass.getContentLength());
s3Metadata.setETag(metaClass.getETag());
} catch (JsonProcessingException e) {
PrintStack.logging(logger, e);
throw new GWException(GWErrorCode.SERVER_ERROR, s3Parameter);
}
s3Metadata.setLastModified(new Date());
try {
jsonmeta = objectMapper.writeValueAsString(s3Metadata);
} catch (JsonProcessingException e) {
PrintStack.logging(logger, e);
throw new GWException(GWErrorCode.SERVER_ERROR, s3Parameter);
}
logger.debug(GWConstants.LOG_COPY_OBJECT_META, jsonmeta);
srcMeta.setMeta(jsonmeta);
updateObjectMeta(srcMeta);
s3Parameter.getResponse().setCharacterEncoding(GWConstants.CHARSET_UTF_8);
XMLOutputFactory xmlOutputFactory = XMLOutputFactory.newInstance();
try (Writer writer = s3Parameter.getResponse().getWriter()) {
s3Parameter.getResponse().setContentType(GWConstants.XML_CONTENT_TYPE);
XMLStreamWriter xmlout = xmlOutputFactory.createXMLStreamWriter(writer);
xmlout.writeStartDocument();
xmlout.writeStartElement(GWConstants.COPY_OBJECT_RESULT);
xmlout.writeDefaultNamespace(GWConstants.AWS_XMLNS);
writeSimpleElement(xmlout, GWConstants.LAST_MODIFIED, formatDate(s3Metadata.getLastModified()));
writeSimpleElement(xmlout, GWConstants.ETAG, GWUtils.maybeQuoteETag(s3Metadata.getETag()));
xmlout.writeEndElement();
xmlout.flush();
} catch (XMLStreamException | IOException e) {
PrintStack.logging(logger, e);
throw new GWException(GWErrorCode.SERVER_ERROR, s3Parameter);
}
s3Parameter.getResponse().setStatus(HttpServletResponse.SC_OK);
return;
} else {
logger.error(GWErrorCode.INVALID_REQUEST.getMessage());
throw new GWException(GWErrorCode.INVALID_REQUEST, s3Parameter);
}
}
Metadata objMeta = createCopy(srcBucket, srcObjectName, srcVersionId, bucket, object);
versioningStatus = getBucketVersioning(bucket);
String versionId = null;
if (GWConstants.VERSIONING_ENABLED.equalsIgnoreCase(versioningStatus)) {
versionId = String.valueOf(System.nanoTime());
} else {
versionId = GWConstants.VERSIONING_DISABLE_TAIL;
}
S3ObjectOperation objectOperation = new S3ObjectOperation(objMeta, s3Metadata, s3Parameter, versionId, null);
S3Object s3Object = objectOperation.copyObject(srcMeta);
s3Metadata.setETag(s3Object.getEtag());
s3Metadata.setSize(s3Object.getFileSize());
s3Metadata.setTier(GWConstants.AWS_TIER_STANTARD);
s3Metadata.setLastModified(s3Object.getLastModified());
s3Metadata.setDeleteMarker(s3Object.getDeleteMarker());
s3Metadata.setVersionId(s3Object.getVersionId());
try {
jsonmeta = objectMapper.writeValueAsString(s3Metadata);
} catch (JsonProcessingException e) {
PrintStack.logging(logger, e);
throw new GWException(GWErrorCode.SERVER_ERROR, s3Parameter);
}
logger.debug(GWConstants.LOG_COPY_OBJECT_META, jsonmeta);
try {
int result;
objMeta.set(s3Object.getEtag(), srcMeta.getTag(), jsonmeta, aclXml, s3Object.getFileSize());
objMeta.setVersionId(versionId, GWConstants.OBJECT_TYPE_FILE, true);
result = insertObject(bucket, object, objMeta);
if (result != 0) {
logger.error(GWConstants.LOG_COPY_OBJECT_FAILED, bucket, object);
}
logger.debug(GWConstants.LOG_COPY_OBJECT_INFO, bucket, object, s3Object.getFileSize(), s3Object.getEtag(), srcMeta.getAcl(), srcMeta.getAcl(), versionId);
} catch (GWException e) {
PrintStack.logging(logger, e);
throw new GWException(GWErrorCode.SERVER_ERROR, s3Parameter);
}
s3Parameter.getResponse().setCharacterEncoding(GWConstants.CHARSET_UTF_8);
XMLOutputFactory xmlOutputFactory = XMLOutputFactory.newInstance();
try (Writer writer = s3Parameter.getResponse().getWriter()) {
s3Parameter.getResponse().setContentType(GWConstants.XML_CONTENT_TYPE);
XMLStreamWriter xmlout = xmlOutputFactory.createXMLStreamWriter(writer);
xmlout.writeStartDocument();
xmlout.writeStartElement(GWConstants.COPY_OBJECT_RESULT);
xmlout.writeDefaultNamespace(GWConstants.AWS_XMLNS);
writeSimpleElement(xmlout, GWConstants.LAST_MODIFIED, formatDate(s3Metadata.getLastModified()));
writeSimpleElement(xmlout, GWConstants.ETAG, GWUtils.maybeQuoteETag(s3Object.getEtag()));
xmlout.writeEndElement();
xmlout.flush();
} catch (XMLStreamException | IOException e) {
PrintStack.logging(logger, e);
throw new GWException(GWErrorCode.SERVER_ERROR, s3Parameter);
}
s3Parameter.getResponse().setStatus(HttpServletResponse.SC_OK);
}
Also used :
AccessControlList(com.pspace.ifs.ksan.gw.format.AccessControlPolicy.AccessControlList)
AccessControlPolicy(com.pspace.ifs.ksan.gw.format.AccessControlPolicy)
Owner(com.pspace.ifs.ksan.gw.format.AccessControlPolicy.Owner)
XMLOutputFactory(javax.xml.stream.XMLOutputFactory)
S3Metadata(com.pspace.ifs.ksan.gw.identity.S3Metadata)
Metadata(com.pspace.ifs.ksan.objmanager.Metadata)
S3ObjectOperation(com.pspace.ifs.ksan.gw.object.S3ObjectOperation)
S3Bucket(com.pspace.ifs.ksan.gw.identity.S3Bucket)
XMLStreamWriter(javax.xml.stream.XMLStreamWriter)
GWException(com.pspace.ifs.ksan.gw.exception.GWException)
S3Object(com.pspace.ifs.ksan.gw.object.S3Object)
JsonProcessingException(com.fasterxml.jackson.core.JsonProcessingException)
ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper)
Grant(com.pspace.ifs.ksan.gw.format.AccessControlPolicy.AccessControlList.Grant)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
DataCopyObject(com.pspace.ifs.ksan.gw.data.DataCopyObject)
IOException(java.io.IOException)
Date(java.util.Date)
XMLStreamException(javax.xml.stream.XMLStreamException)
S3Metadata(com.pspace.ifs.ksan.gw.identity.S3Metadata)
XMLStreamWriter(javax.xml.stream.XMLStreamWriter)
Writer(java.io.Writer)
Example 2 with Grant
use of com.pspace.ifs.ksan.gw.format.AccessControlPolicy.AccessControlList.Grant in project ksan by infinistor.
the class GWUtils method readAclHeader.
protected static void readAclHeader(String grantstr, String permission, AccessControlPolicy policy) {
String[] ids = grantstr.split(GWConstants.COMMA);
for (String readid : ids) {
String[] idkeyvalue = readid.split(GWConstants.EQUAL);
Grant rg = new Grant();
rg.grantee = new Grantee();
if (idkeyvalue[0].trim().compareTo(GWConstants.ID) == 0) {
rg.grantee.type = GWConstants.CANONICAL_USER;
rg.grantee.id = idkeyvalue[1].replaceAll(GWConstants.DOUBLE_QUOTE, "");
}
if (idkeyvalue[0].trim().compareTo(GWConstants.URI) == 0) {
rg.grantee.type = GWConstants.GROUP;
rg.grantee.uri = idkeyvalue[1].replaceAll(GWConstants.DOUBLE_QUOTE, "");
}
if (idkeyvalue[0].trim().compareTo(GWConstants.EMAIL_ADDRESS) == 0) {
rg.grantee.type = GWConstants.CANONICAL_USER;
rg.grantee.emailAddress = idkeyvalue[1].replaceAll(GWConstants.DOUBLE_QUOTE, "");
}
rg.permission = permission;
policy.aclList.grants.add(rg);
}
}Example 3 with Grant
use of com.pspace.ifs.ksan.gw.format.AccessControlPolicy.AccessControlList.Grant in project ksan by infinistor.
the class GWUtils method makeOriginalXml.
public static String makeOriginalXml(String xml, S3Parameter s3Parameter) throws GWException {
logger.debug(GWConstants.LOG_UTILS_SOURCE_ACL, xml);
if (Strings.isNullOrEmpty(xml)) {
return "";
}
ObjectMapper objectMapper = new ObjectMapper().configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false).configure(DeserializationFeature.ACCEPT_EMPTY_STRING_AS_NULL_OBJECT, true);
AccessControlPolicyJson actualObj;
try {
actualObj = objectMapper.readValue(xml, AccessControlPolicyJson.class);
} catch (JsonProcessingException e) {
PrintStack.logging(logger, e);
throw new GWException(GWErrorCode.SERVER_ERROR, s3Parameter);
}
AccessControlPolicy accessControlPolicy = new AccessControlPolicy();
accessControlPolicy.owner = new AccessControlPolicy.Owner();
if (actualObj.ow != null) {
if (!Strings.isNullOrEmpty(actualObj.ow.id)) {
accessControlPolicy.owner.id = actualObj.ow.id;
}
if (!Strings.isNullOrEmpty(actualObj.ow.dN)) {
accessControlPolicy.owner.displayName = actualObj.ow.dN;
}
}
if (actualObj.acs != null) {
accessControlPolicy.aclList = new AccessControlPolicy.AccessControlList();
if (actualObj.acs.gt != null) {
accessControlPolicy.aclList.grants = new ArrayList<AccessControlPolicy.AccessControlList.Grant>();
for (AccessControlPolicyJson.ACS.Gt gt : actualObj.acs.gt) {
AccessControlPolicy.AccessControlList.Grant grant = new AccessControlPolicy.AccessControlList.Grant();
if (!Strings.isNullOrEmpty(gt.perm)) {
if (gt.perm.equals(GWConstants.GRANT_AB_FC)) {
grant.permission = GWConstants.GRANT_FULL_CONTROL;
} else if (gt.perm.equals(GWConstants.GRANT_AB_W)) {
grant.permission = GWConstants.GRANT_WRITE;
} else if (gt.perm.equals(GWConstants.GRANT_AB_R)) {
grant.permission = GWConstants.GRANT_READ;
} else if (gt.perm.equals(GWConstants.GRANT_AB_RA)) {
grant.permission = GWConstants.GRANT_READ_ACP;
} else if (gt.perm.equals(GWConstants.GRANT_AB_WA)) {
grant.permission = GWConstants.GRANT_WRITE_ACP;
}
}
if (gt.gte != null) {
AccessControlPolicy.AccessControlList.Grant.Grantee grantee = new AccessControlPolicy.AccessControlList.Grant.Grantee();
if (!Strings.isNullOrEmpty(gt.gte.id)) {
grantee.id = gt.gte.id;
}
if (!Strings.isNullOrEmpty(gt.gte.ddN)) {
grantee.displayName = gt.gte.ddN;
}
if (!Strings.isNullOrEmpty(gt.gte.eA)) {
grantee.emailAddress = gt.gte.eA;
}
if (!Strings.isNullOrEmpty(gt.gte.type)) {
if (gt.gte.type.equals(GWConstants.GRANT_AB_CU)) {
grantee.type = GWConstants.CANONICAL_USER;
} else if (gt.gte.type.equals(GWConstants.GRANT_AB_G)) {
grantee.type = GWConstants.GROUP;
}
}
if (!Strings.isNullOrEmpty(gt.gte.uri)) {
if (gt.gte.uri.equals(GWConstants.GRANT_AB_PU)) {
grantee.uri = GWConstants.AWS_GRANT_URI_ALL_USERS;
} else if (gt.gte.uri.equals(GWConstants.GRANT_AB_AU)) {
grantee.uri = GWConstants.AWS_GRANT_URI_AUTHENTICATED_USERS;
}
}
grant.grantee = grantee;
}
accessControlPolicy.aclList.grants.add(grant);
}
}
}
String aclXml = "";
XmlMapper xmlMapper = new XmlMapper();
try {
xmlMapper.setSerializationInclusion(Include.NON_EMPTY);
aclXml = xmlMapper.writeValueAsString(accessControlPolicy).replaceAll(GWConstants.WSTXNS, GWConstants.XSI);
} catch (JsonProcessingException e) {
PrintStack.logging(logger, e);
throw new GWException(GWErrorCode.SERVER_ERROR, s3Parameter);
}
aclXml = aclXml.replace(GWConstants.ACCESS_CONTROL_POLICY, GWConstants.ACCESS_CONTROL_POLICY_XMLNS);
if (!aclXml.contains(GWConstants.XML_VERSION)) {
aclXml = GWConstants.XML_VERSION_FULL_STANDALONE + aclXml;
}
return aclXml;
}
Also used :
Grant(com.pspace.ifs.ksan.gw.format.AccessControlPolicy.AccessControlList.Grant)
AccessControlPolicy(com.pspace.ifs.ksan.gw.format.AccessControlPolicy)
XmlMapper(com.fasterxml.jackson.dataformat.xml.XmlMapper)
Grantee(com.pspace.ifs.ksan.gw.format.AccessControlPolicy.AccessControlList.Grant.Grantee)
AccessControlPolicyJson(com.pspace.ifs.ksan.gw.format.AccessControlPolicyJson)
Grantee(com.pspace.ifs.ksan.gw.format.AccessControlPolicy.AccessControlList.Grant.Grantee)
GWException(com.pspace.ifs.ksan.gw.exception.GWException)
Grant(com.pspace.ifs.ksan.gw.format.AccessControlPolicy.AccessControlList.Grant)
JsonProcessingException(com.fasterxml.jackson.core.JsonProcessingException)
ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper)
Example 4 with Grant
use of com.pspace.ifs.ksan.gw.format.AccessControlPolicy.AccessControlList.Grant in project ksan by infinistor.
the class PutObjectAcl method process.
@Override
public void process() throws GWException {
logger.info(GWConstants.LOG_PUT_OBJECT_ACL_START);
String bucket = s3Parameter.getBucketName();
String object = s3Parameter.getObjectName();
initBucketInfo(bucket);
S3Bucket s3Bucket = new S3Bucket();
s3Bucket.setCors(getBucketInfo().getCors());
s3Bucket.setAccess(getBucketInfo().getAccess());
s3Parameter.setBucket(s3Bucket);
GWUtils.checkCors(s3Parameter);
if (s3Parameter.isPublicAccess() && GWUtils.isIgnorePublicAcls(s3Parameter)) {
throw new GWException(GWErrorCode.ACCESS_DENIED, s3Parameter);
}
DataPutObjectAcl dataPutObjectAcl = new DataPutObjectAcl(s3Parameter);
dataPutObjectAcl.extract();
String versionId = dataPutObjectAcl.getVersionId();
Metadata objMeta = null;
if (Strings.isNullOrEmpty(versionId)) {
objMeta = open(bucket, object);
} else {
objMeta = open(bucket, object, versionId);
}
objMeta.setAcl(GWUtils.makeOriginalXml(objMeta.getAcl(), s3Parameter));
checkGrantObjectOwner(s3Parameter.isPublicAccess(), objMeta, String.valueOf(s3Parameter.getUser().getUserId()), GWConstants.GRANT_WRITE_ACP);
accessControlPolicy = new AccessControlPolicy();
accessControlPolicy.aclList = new AccessControlList();
accessControlPolicy.aclList.grants = new ArrayList<Grant>();
accessControlPolicy.owner = new Owner();
accessControlPolicy.owner.id = String.valueOf(s3Parameter.getUser().getUserId());
accessControlPolicy.owner.displayName = s3Parameter.getUser().getUserName();
String xml = GWUtils.makeAclXml(accessControlPolicy, null, dataPutObjectAcl.hasAclKeyword(), dataPutObjectAcl.getAclXml(), dataPutObjectAcl.getAcl(), getBucketInfo(), String.valueOf(s3Parameter.getUser().getUserId()), s3Parameter.getUser().getUserName(), dataPutObjectAcl.getGrantRead(), dataPutObjectAcl.getGrantWrite(), dataPutObjectAcl.getGrantFullControl(), dataPutObjectAcl.getGrantReadAcp(), dataPutObjectAcl.getGrantWriteAcp(), s3Parameter);
logger.debug(GWConstants.LOG_ACL, xml);
objMeta.setAcl(xml);
updateObjectAcl(objMeta);
s3Parameter.getResponse().setStatus(HttpServletResponse.SC_OK);
}
Also used :
AccessControlList(com.pspace.ifs.ksan.gw.format.AccessControlPolicy.AccessControlList)
Grant(com.pspace.ifs.ksan.gw.format.AccessControlPolicy.AccessControlList.Grant)
AccessControlPolicy(com.pspace.ifs.ksan.gw.format.AccessControlPolicy)
Owner(com.pspace.ifs.ksan.gw.format.AccessControlPolicy.Owner)
S3Bucket(com.pspace.ifs.ksan.gw.identity.S3Bucket)
Metadata(com.pspace.ifs.ksan.objmanager.Metadata)
DataPutObjectAcl(com.pspace.ifs.ksan.gw.data.DataPutObjectAcl)
GWException(com.pspace.ifs.ksan.gw.exception.GWException)
Example 5 with Grant
use of com.pspace.ifs.ksan.gw.format.AccessControlPolicy.AccessControlList.Grant in project ksan by infinistor.
the class PutBucketAcl method process.
@Override
public void process() throws GWException {
logger.info(GWConstants.LOG_PUT_BUCKET_ACL_START);
String bucket = s3Parameter.getBucketName();
initBucketInfo(bucket);
S3Bucket s3Bucket = new S3Bucket();
s3Bucket.setCors(getBucketInfo().getCors());
s3Bucket.setAccess(getBucketInfo().getAccess());
s3Parameter.setBucket(s3Bucket);
GWUtils.checkCors(s3Parameter);
if (s3Parameter.isPublicAccess() && GWUtils.isIgnorePublicAcls(s3Parameter)) {
throw new GWException(GWErrorCode.ACCESS_DENIED, s3Parameter);
}
checkGrantBucketOwner(s3Parameter.isPublicAccess(), String.valueOf(s3Parameter.getUser().getUserId()), GWConstants.GRANT_WRITE_ACP);
DataPutBucketAcl dataPutBucketAcl = new DataPutBucketAcl(s3Parameter);
dataPutBucketAcl.extract();
AccessControlPolicy preAccessControlPolicy = null;
try {
XmlMapper xmlMapper = new XmlMapper();
preAccessControlPolicy = xmlMapper.readValue(getBucketInfo().getAcl(), AccessControlPolicy.class);
} catch (JsonMappingException e) {
logger.error(e.getMessage());
new GWException(GWErrorCode.INTERNAL_SERVER_ERROR, s3Parameter);
} catch (JsonProcessingException e) {
logger.error(e.getMessage());
new GWException(GWErrorCode.INTERNAL_SERVER_ERROR, s3Parameter);
}
accessControlPolicy = new AccessControlPolicy();
accessControlPolicy.aclList = new AccessControlList();
accessControlPolicy.aclList.grants = new ArrayList<Grant>();
accessControlPolicy.owner = new Owner();
accessControlPolicy.owner.id = String.valueOf(s3Parameter.getUser().getUserId());
accessControlPolicy.owner.displayName = s3Parameter.getUser().getUserName();
String xml = GWUtils.makeAclXml(accessControlPolicy, preAccessControlPolicy, dataPutBucketAcl.hasAclKeyword(), dataPutBucketAcl.getAclXml(), dataPutBucketAcl.getAcl(), getBucketInfo(), String.valueOf(s3Parameter.getUser().getUserId()), s3Parameter.getUser().getUserName(), dataPutBucketAcl.getGrantRead(), dataPutBucketAcl.getGrantWrite(), dataPutBucketAcl.getGrantFullControl(), dataPutBucketAcl.getGrantReadAcp(), dataPutBucketAcl.getGrantWriteAcp(), s3Parameter);
logger.debug(GWConstants.LOG_ACL, xml);
updateBucketAcl(bucket, xml);
s3Parameter.getResponse().setStatus(HttpServletResponse.SC_OK);
}
Also used :
AccessControlList(com.pspace.ifs.ksan.gw.format.AccessControlPolicy.AccessControlList)
DataPutBucketAcl(com.pspace.ifs.ksan.gw.data.DataPutBucketAcl)
Grant(com.pspace.ifs.ksan.gw.format.AccessControlPolicy.AccessControlList.Grant)
AccessControlPolicy(com.pspace.ifs.ksan.gw.format.AccessControlPolicy)
Owner(com.pspace.ifs.ksan.gw.format.AccessControlPolicy.Owner)
S3Bucket(com.pspace.ifs.ksan.gw.identity.S3Bucket)
JsonMappingException(com.fasterxml.jackson.databind.JsonMappingException)
GWException(com.pspace.ifs.ksan.gw.exception.GWException)
JsonProcessingException(com.fasterxml.jackson.core.JsonProcessingException)
XmlMapper(com.fasterxml.jackson.dataformat.xml.XmlMapper)
Aggregations
Grant (com.pspace.ifs.ksan.gw.format.AccessControlPolicy.AccessControlList.Grant)11
GWException (com.pspace.ifs.ksan.gw.exception.GWException)10
AccessControlPolicy (com.pspace.ifs.ksan.gw.format.AccessControlPolicy)9
JsonProcessingException (com.fasterxml.jackson.core.JsonProcessingException)7
AccessControlList (com.pspace.ifs.ksan.gw.format.AccessControlPolicy.AccessControlList)6
Owner (com.pspace.ifs.ksan.gw.format.AccessControlPolicy.Owner)6
XmlMapper (com.fasterxml.jackson.dataformat.xml.XmlMapper)5
S3Bucket (com.pspace.ifs.ksan.gw.identity.S3Bucket)5
ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)4
Metadata (com.pspace.ifs.ksan.objmanager.Metadata)4
Grantee (com.pspace.ifs.ksan.gw.format.AccessControlPolicy.AccessControlList.Grant.Grantee)3
S3Metadata (com.pspace.ifs.ksan.gw.identity.S3Metadata)3
IOException (java.io.IOException)3
JsonMappingException (com.fasterxml.jackson.databind.JsonMappingException)2
S3Object (com.pspace.ifs.ksan.gw.object.S3Object)2
S3ObjectOperation (com.pspace.ifs.ksan.gw.object.S3ObjectOperation)2
Writer (java.io.Writer)2
XMLOutputFactory (javax.xml.stream.XMLOutputFactory)2
XMLStreamException (javax.xml.stream.XMLStreamException)2
XMLStreamWriter (javax.xml.stream.XMLStreamWriter)2
