Search in sources :

Example 6 with Grant

use of com.pspace.ifs.ksan.gw.format.AccessControlPolicy.AccessControlList.Grant in project ksan by infinistor.

the class PutObject method process.

@Override
public void process() throws GWException {
    logger.info(GWConstants.LOG_PUT_OBJECT_START);
    String bucket = s3Parameter.getBucketName();
    initBucketInfo(bucket);
    String object = s3Parameter.getObjectName();
    logger.debug(GWConstants.LOG_BUCKET_OBJECT, bucket, object);
    S3Bucket s3Bucket = new S3Bucket();
    s3Bucket.setCors(getBucketInfo().getCors());
    s3Bucket.setAccess(getBucketInfo().getAccess());
    s3Parameter.setBucket(s3Bucket);
    GWUtils.checkCors(s3Parameter);
    if (s3Parameter.isPublicAccess() && GWUtils.isIgnorePublicAcls(s3Parameter)) {
        throw new GWException(GWErrorCode.ACCESS_DENIED, s3Parameter);
    }
    checkGrantBucket(s3Parameter.isPublicAccess(), String.valueOf(s3Parameter.getUser().getUserId()), GWConstants.GRANT_WRITE);
    DataPutObject dataPutObject = new DataPutObject(s3Parameter);
    dataPutObject.extract();
    S3Metadata s3Metadata = new S3Metadata();
    String cacheControl = dataPutObject.getCacheControl();
    String contentDisposition = dataPutObject.getContentDisposition();
    String contentEncoding = dataPutObject.getContentEncoding();
    String contentLanguage = dataPutObject.getContentLanguage();
    String contentType = dataPutObject.getContentType();
    String contentLengthString = dataPutObject.getContentLength();
    String decodedContentLengthString = dataPutObject.getDecodedContentLength();
    String contentMD5String = dataPutObject.getContentMD5();
    String customerAlgorithm = dataPutObject.getServerSideEncryptionCustomerAlgorithm();
    String customerKey = dataPutObject.getServerSideEncryptionCustomerKey();
    String customerKeyMD5 = dataPutObject.getServerSideEncryptionCustomerKeyMD5();
    String serversideEncryption = dataPutObject.getServerSideEncryption();
    s3Metadata.setOwnerId(String.valueOf(s3Parameter.getUser().getUserId()));
    s3Metadata.setOwnerName(s3Parameter.getUser().getUserName());
    s3Metadata.setUserMetadataMap(dataPutObject.getUserMetadata());
    if (!Strings.isNullOrEmpty(serversideEncryption)) {
        if (!GWConstants.AES256.equalsIgnoreCase(serversideEncryption)) {
            logger.error(GWErrorCode.NOT_IMPLEMENTED.getMessage() + GWConstants.SERVER_SIDE_OPTION);
            throw new GWException(GWErrorCode.NOT_IMPLEMENTED, s3Parameter);
        } else {
            s3Metadata.setServersideEncryption(serversideEncryption);
        }
    }
    if (!Strings.isNullOrEmpty(cacheControl)) {
        s3Metadata.setCacheControl(cacheControl);
    }
    if (!Strings.isNullOrEmpty(contentDisposition)) {
        s3Metadata.setContentDisposition(contentDisposition);
    }
    if (!Strings.isNullOrEmpty(contentEncoding)) {
        s3Metadata.setContentEncoding(contentEncoding);
    }
    if (!Strings.isNullOrEmpty(contentLanguage)) {
        s3Metadata.setContentLanguage(contentLanguage);
    }
    if (!Strings.isNullOrEmpty(contentType)) {
        s3Metadata.setContentType(contentType);
    }
    if (!Strings.isNullOrEmpty(customerAlgorithm)) {
        s3Metadata.setCustomerAlgorithm(customerAlgorithm);
    }
    if (!Strings.isNullOrEmpty(customerKey)) {
        s3Metadata.setCustomerKey(customerKey);
    }
    if (!Strings.isNullOrEmpty(customerKeyMD5)) {
        s3Metadata.setCustomerKeyMD5(customerKeyMD5);
    }
    if (!Strings.isNullOrEmpty(decodedContentLengthString)) {
        contentLengthString = decodedContentLengthString;
    }
    HashCode contentMD5 = null;
    if (!Strings.isNullOrEmpty(contentMD5String)) {
        s3Metadata.setContentMD5(contentMD5String);
        try {
            contentMD5 = HashCode.fromBytes(BaseEncoding.base64().decode(contentMD5String));
        } catch (IllegalArgumentException iae) {
            PrintStack.logging(logger, iae);
            throw new GWException(GWErrorCode.INVALID_DIGEST, iae, s3Parameter);
        }
        if (contentMD5.bits() != MD5.bits()) {
            logger.error(GWErrorCode.INVALID_DIGEST.getMessage() + GWConstants.LOG_PUT_OBJECT_HASHCODE_ILLEGAL);
            throw new GWException(GWErrorCode.INVALID_DIGEST, s3Parameter);
        }
    }
    long contentLength;
    if (Strings.isNullOrEmpty(contentLengthString)) {
        logger.error(GWErrorCode.MISSING_CONTENT_LENGTH.getMessage());
        throw new GWException(GWErrorCode.MISSING_CONTENT_LENGTH, s3Parameter);
    } else {
        try {
            contentLength = Long.parseLong(contentLengthString);
            s3Metadata.setContentLength(contentLength);
        } catch (NumberFormatException nfe) {
            PrintStack.logging(logger, nfe);
            throw new GWException(GWErrorCode.INVALID_ARGUMENT, nfe, s3Parameter);
        }
    }
    accessControlPolicy = new AccessControlPolicy();
    accessControlPolicy.aclList = new AccessControlList();
    accessControlPolicy.aclList.grants = new ArrayList<Grant>();
    accessControlPolicy.owner = new Owner();
    accessControlPolicy.owner.id = String.valueOf(s3Parameter.getUser().getUserId());
    accessControlPolicy.owner.displayName = s3Parameter.getUser().getUserName();
    String aclXml = GWUtils.makeAclXml(accessControlPolicy, null, dataPutObject.hasAclKeyword(), null, dataPutObject.getAcl(), getBucketInfo(), String.valueOf(s3Parameter.getUser().getUserId()), s3Parameter.getUser().getUserName(), dataPutObject.getGrantRead(), dataPutObject.getGrantWrite(), dataPutObject.getGrantFullControl(), dataPutObject.getGrantReadAcp(), dataPutObject.getGrantWriteAcp(), s3Parameter);
    logger.debug(GWConstants.LOG_ACL, aclXml);
    String bucketEncryption = getBucketInfo().getEncryption();
    // check encryption
    S3ServerSideEncryption encryption = new S3ServerSideEncryption(bucketEncryption, serversideEncryption, customerAlgorithm, customerKey, customerKeyMD5, s3Parameter);
    encryption.build();
    // Tagging information
    String taggingCount = GWConstants.TAGGING_INIT;
    String taggingxml = "";
    Tagging tagging = new Tagging();
    tagging.tagset = new TagSet();
    if (!Strings.isNullOrEmpty(dataPutObject.getTagging())) {
        String strtaggingInfo = dataPutObject.getTagging();
        String[] strtagset = strtaggingInfo.split(GWConstants.AMPERSAND);
        int starttag = 0;
        for (String strtag : strtagset) {
            if (starttag == 0)
                tagging.tagset.tags = new ArrayList<Tag>();
            starttag += 1;
            Tag tag = new Tag();
            String[] keyvalue = strtag.split(GWConstants.EQUAL);
            if (keyvalue.length == GWConstants.TAG_KEY_SIZE) {
                tag.key = keyvalue[GWConstants.TAG_KEY_INDEX];
                tag.value = keyvalue[GWConstants.TAG_VALUE_INDEX];
            } else {
                tag.key = keyvalue[GWConstants.TAG_KEY_INDEX];
                tag.value = "";
            }
            tagging.tagset.tags.add(tag);
        }
        try {
            taggingxml = new XmlMapper().writeValueAsString(tagging);
        } catch (JsonProcessingException e) {
            throw new GWException(GWErrorCode.SERVER_ERROR, s3Parameter);
        }
        if (tagging != null) {
            if (tagging.tagset != null && tagging.tagset.tags != null) {
                for (Tag t : tagging.tagset.tags) {
                    // key, value 길이 체크
                    if (t.key.length() > GWConstants.TAG_KEY_MAX) {
                        logger.error(GWConstants.LOG_PUT_OBJECT_TAGGING_KEY_LENGTH, t.key.length());
                        throw new GWException(GWErrorCode.INVALID_TAG, s3Parameter);
                    }
                    if (t.value.length() > GWConstants.TAG_VALUE_MAX) {
                        logger.error(GWConstants.LOG_PUT_OBJECT_TAGGING_VALUE_LENGTH, t.value.length());
                        throw new GWException(GWErrorCode.INVALID_TAG, s3Parameter);
                    }
                }
            }
            if (tagging.tagset != null && tagging.tagset.tags != null) {
                if (tagging.tagset.tags.size() > GWConstants.TAG_MAX_SIZE) {
                    logger.error(GWConstants.LOG_PUT_OBJECT_TAGGING_SIZE, tagging.tagset.tags.size());
                    throw new GWException(GWErrorCode.BAD_REQUEST, s3Parameter);
                }
                taggingCount = String.valueOf(tagging.tagset.tags.size());
            }
        }
    }
    if (!Strings.isNullOrEmpty(dataPutObject.getObjectLockMode())) {
        try {
            logger.debug(GWConstants.LOG_OBJECT_LOCK, getBucketInfo().getObjectLock());
            ObjectLockConfiguration oc = new XmlMapper().readValue(getBucketInfo().getObjectLock(), ObjectLockConfiguration.class);
            if (!oc.objectLockEnabled.equals(GWConstants.STATUS_ENABLED)) {
                logger.error(GWConstants.LOG_PUT_OBJECT_LOCK_STATUS, oc.objectLockEnabled);
                throw new GWException(GWErrorCode.INVALID_REQUEST, s3Parameter);
            }
        } catch (IOException e) {
            PrintStack.logging(logger, e);
            throw new GWException(GWErrorCode.SERVER_ERROR, s3Parameter);
        }
        if (!dataPutObject.getObjectLockMode().equals(GWConstants.GOVERNANCE) && !dataPutObject.getObjectLockMode().equals(GWConstants.COMPLIANCE)) {
            logger.error(GWConstants.LOG_PUT_OBJECT_LOCK_MODE, dataPutObject.getObjectLockMode());
            throw new GWException(GWErrorCode.INVALID_ARGUMENT, s3Parameter);
        }
        s3Metadata.setLockMode(dataPutObject.getObjectLockMode());
    }
    if (!Strings.isNullOrEmpty(dataPutObject.getObjectLockRetainUntilDate())) {
        if (!dataPutObject.getObjectLockMode().equals(GWConstants.GOVERNANCE) && !dataPutObject.getObjectLockMode().equals(GWConstants.COMPLIANCE)) {
            logger.error(GWConstants.LOG_PUT_OBJECT_LOCK_MODE, dataPutObject.getObjectLockMode());
            throw new GWException(GWErrorCode.INVALID_ARGUMENT, s3Parameter);
        }
        try {
            ObjectLockConfiguration oc = new XmlMapper().readValue(getBucketInfo().getObjectLock(), ObjectLockConfiguration.class);
            if (!oc.objectLockEnabled.equals(GWConstants.STATUS_ENABLED)) {
                logger.error(GWConstants.LOG_PUT_OBJECT_LOCK_STATUS, oc.objectLockEnabled);
                throw new GWException(GWErrorCode.INVALID_REQUEST, s3Parameter);
            }
        } catch (IOException e) {
            PrintStack.logging(logger, e);
            throw new GWException(GWErrorCode.SERVER_ERROR, s3Parameter);
        }
        s3Metadata.setLockExpires(dataPutObject.getObjectLockRetainUntilDate());
    }
    if (!Strings.isNullOrEmpty(dataPutObject.getObjectLockLegalHold())) {
        try {
            ObjectLockConfiguration oc = new XmlMapper().readValue(getBucketInfo().getObjectLock(), ObjectLockConfiguration.class);
            if (!oc.objectLockEnabled.equals(GWConstants.STATUS_ENABLED)) {
                logger.error(GWConstants.LOG_PUT_OBJECT_LOCK_STATUS, oc.objectLockEnabled);
                throw new GWException(GWErrorCode.INVALID_REQUEST, s3Parameter);
            }
        } catch (IOException e) {
            PrintStack.logging(logger, e);
            throw new GWException(GWErrorCode.SERVER_ERROR, s3Parameter);
        }
        s3Metadata.setLegalHold(dataPutObject.getObjectLockLegalHold());
    }
    String versioningStatus = getBucketVersioning(bucket);
    String versionId = null;
    Metadata objMeta = null;
    try {
        // check exist object
        objMeta = open(bucket, object);
        if (GWConstants.VERSIONING_ENABLED.equalsIgnoreCase(versioningStatus)) {
            versionId = String.valueOf(System.nanoTime());
        } else {
            versionId = GWConstants.VERSIONING_DISABLE_TAIL;
        }
    } catch (GWException e) {
        logger.info(e.getMessage());
        if (GWConfig.getReplicaCount() > 1) {
            objMeta = create(bucket, object);
        } else {
            objMeta = createLocal(bucket, object);
        }
        if (GWConstants.VERSIONING_ENABLED.equalsIgnoreCase(versioningStatus)) {
            versionId = String.valueOf(System.nanoTime());
        } else {
            versionId = GWConstants.VERSIONING_DISABLE_TAIL;
        }
    }
    S3ObjectOperation objectOperation = new S3ObjectOperation(objMeta, s3Metadata, s3Parameter, versionId, encryption);
    S3Object s3Object = objectOperation.putObject();
    s3Metadata.setETag(s3Object.getEtag());
    s3Metadata.setSize(s3Object.getFileSize());
    s3Metadata.setContentLength(s3Object.getFileSize());
    s3Metadata.setTier(GWConstants.AWS_TIER_STANTARD);
    s3Metadata.setLastModified(s3Object.getLastModified());
    s3Metadata.setDeleteMarker(s3Object.getDeleteMarker());
    s3Metadata.setVersionId(s3Object.getVersionId());
    s3Metadata.setTaggingCount(taggingCount);
    if (encryption.isEnableSSEServer()) {
        s3Metadata.setServersideEncryption(GWConstants.AES256);
    }
    s3Parameter.setFileSize(s3Object.getFileSize());
    ObjectMapper jsonMapper = new ObjectMapper();
    String jsonmeta = "";
    try {
        jsonmeta = jsonMapper.writeValueAsString(s3Metadata);
    } catch (JsonProcessingException e) {
        PrintStack.logging(logger, e);
        throw new GWException(GWErrorCode.SERVER_ERROR, s3Parameter);
    }
    logger.debug(GWConstants.LOG_PUT_OBJECT_PRIMARY_DISK_ID, objMeta.getPrimaryDisk().getId());
    try {
        int result;
        objMeta.set(s3Object.getEtag(), taggingxml, jsonmeta, aclXml, s3Object.getFileSize());
        objMeta.setVersionId(versionId, GWConstants.OBJECT_TYPE_FILE, true);
        result = insertObject(bucket, object, objMeta);
        logger.debug(GWConstants.LOG_PUT_OBJECT_INFO, bucket, object, s3Object.getFileSize(), s3Object.getEtag(), aclXml, versionId);
    } catch (GWException e) {
        PrintStack.logging(logger, e);
        throw new GWException(GWErrorCode.SERVER_ERROR, s3Parameter);
    }
    s3Parameter.getResponse().addHeader(HttpHeaders.ETAG, GWUtils.maybeQuoteETag(s3Object.getEtag()));
    if (GWConstants.VERSIONING_ENABLED.equalsIgnoreCase(versioningStatus)) {
        s3Parameter.getResponse().addHeader(GWConstants.X_AMZ_VERSION_ID, s3Object.getVersionId());
        logger.debug(GWConstants.LOG_PUT_OBJECT_VERSIONID, s3Object.getVersionId());
    }
    s3Parameter.getResponse().setStatus(HttpServletResponse.SC_OK);
}
Also used : AccessControlList(com.pspace.ifs.ksan.gw.format.AccessControlPolicy.AccessControlList) AccessControlPolicy(com.pspace.ifs.ksan.gw.format.AccessControlPolicy) Owner(com.pspace.ifs.ksan.gw.format.AccessControlPolicy.Owner) S3ServerSideEncryption(com.pspace.ifs.ksan.gw.object.S3ServerSideEncryption) ArrayList(java.util.ArrayList) S3Metadata(com.pspace.ifs.ksan.gw.identity.S3Metadata) Metadata(com.pspace.ifs.ksan.objmanager.Metadata) DataPutObject(com.pspace.ifs.ksan.gw.data.DataPutObject) HashCode(com.google.common.hash.HashCode) S3ObjectOperation(com.pspace.ifs.ksan.gw.object.S3ObjectOperation) S3Bucket(com.pspace.ifs.ksan.gw.identity.S3Bucket) TagSet(com.pspace.ifs.ksan.gw.format.Tagging.TagSet) ObjectLockConfiguration(com.pspace.ifs.ksan.gw.format.ObjectLockConfiguration) GWException(com.pspace.ifs.ksan.gw.exception.GWException) S3Object(com.pspace.ifs.ksan.gw.object.S3Object) JsonProcessingException(com.fasterxml.jackson.core.JsonProcessingException) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) Grant(com.pspace.ifs.ksan.gw.format.AccessControlPolicy.AccessControlList.Grant) IOException(java.io.IOException) XmlMapper(com.fasterxml.jackson.dataformat.xml.XmlMapper) S3Metadata(com.pspace.ifs.ksan.gw.identity.S3Metadata) Tagging(com.pspace.ifs.ksan.gw.format.Tagging) Tag(com.pspace.ifs.ksan.gw.format.Tagging.TagSet.Tag)

Example 7 with Grant

use of com.pspace.ifs.ksan.gw.format.AccessControlPolicy.AccessControlList.Grant in project ksan by infinistor.

the class S3Request method checkGrant.

protected boolean checkGrant(String id, String s3grant, AccessControlPolicy acp) throws GWException {
    switch(s3grant) {
        case GWConstants.GRANT_READ:
            for (Grant grant : acp.aclList.grants) {
                if (grant.permission.compareTo(GWConstants.GRANT_FULL_CONTROL) == 0) {
                    if (grant.grantee.type.compareTo(GWConstants.GROUP) == 0) {
                        if (grant.grantee.uri.compareTo(GWConstants.AWS_GRANT_URI_ALL_USERS) == 0 || grant.grantee.uri.compareTo(GWConstants.AWS_GRANT_URI_AUTHENTICATED_USERS) == 0) {
                            return true;
                        }
                    } else if (grant.grantee.type.compareTo(GWConstants.CANONICAL_USER) == 0) {
                        if (grant.grantee.id.compareTo(id) == 0) {
                            return true;
                        }
                    }
                } else if (grant.permission.compareTo(GWConstants.GRANT_READ) == 0) {
                    if (grant.grantee.type.compareTo(GWConstants.GROUP) == 0) {
                        if (grant.grantee.uri.compareTo(GWConstants.AWS_GRANT_URI_ALL_USERS) == 0 || grant.grantee.uri.compareTo(GWConstants.AWS_GRANT_URI_AUTHENTICATED_USERS) == 0) {
                            return true;
                        }
                    } else if (grant.grantee.type.compareTo(GWConstants.CANONICAL_USER) == 0) {
                        if (grant.grantee.id.compareTo(id) == 0) {
                            return true;
                        }
                    }
                }
            }
            break;
        case GWConstants.GRANT_WRITE:
            for (Grant grant : acp.aclList.grants) {
                if (grant.permission.compareTo(GWConstants.GRANT_FULL_CONTROL) == 0) {
                    if (grant.grantee.type.compareTo(GWConstants.GROUP) == 0) {
                        if (grant.grantee.uri.compareTo(GWConstants.AWS_GRANT_URI_ALL_USERS) == 0 || grant.grantee.uri.compareTo(GWConstants.AWS_GRANT_URI_AUTHENTICATED_USERS) == 0) {
                            return true;
                        }
                    } else if (grant.grantee.type.compareTo(GWConstants.CANONICAL_USER) == 0) {
                        if (grant.grantee.id.compareTo(id) == 0) {
                            return true;
                        }
                    }
                } else if (grant.permission.compareTo(GWConstants.GRANT_WRITE) == 0) {
                    if (grant.grantee.type.compareTo(GWConstants.GROUP) == 0) {
                        if (grant.grantee.uri.compareTo(GWConstants.AWS_GRANT_URI_ALL_USERS) == 0 || grant.grantee.uri.compareTo(GWConstants.AWS_GRANT_URI_AUTHENTICATED_USERS) == 0) {
                            return true;
                        }
                    } else if (grant.grantee.type.compareTo(GWConstants.CANONICAL_USER) == 0) {
                        if (grant.grantee.id.compareTo(id) == 0) {
                            return true;
                        }
                    }
                }
            }
            break;
        case GWConstants.GRANT_READ_ACP:
            for (Grant grant : acp.aclList.grants) {
                if (grant.permission.compareTo(GWConstants.GRANT_FULL_CONTROL) == 0) {
                    if (grant.grantee.type.compareTo(GWConstants.GROUP) == 0) {
                        if (grant.grantee.uri.compareTo(GWConstants.AWS_GRANT_URI_ALL_USERS) == 0 || grant.grantee.uri.compareTo(GWConstants.AWS_GRANT_URI_AUTHENTICATED_USERS) == 0) {
                            return true;
                        }
                    } else if (grant.grantee.type.compareTo(GWConstants.CANONICAL_USER) == 0) {
                        if (grant.grantee.id.compareTo(id) == 0) {
                            return true;
                        }
                    }
                } else if (grant.permission.compareTo(GWConstants.GRANT_READ_ACP) == 0) {
                    if (grant.grantee.type.compareTo(GWConstants.GROUP) == 0) {
                        if (grant.grantee.uri.compareTo(GWConstants.AWS_GRANT_URI_ALL_USERS) == 0 || grant.grantee.uri.compareTo(GWConstants.AWS_GRANT_URI_AUTHENTICATED_USERS) == 0) {
                            return true;
                        }
                    } else if (grant.grantee.type.compareTo(GWConstants.CANONICAL_USER) == 0) {
                        if (grant.grantee.id.compareTo(id) == 0) {
                            return true;
                        }
                    }
                }
            }
            break;
        case GWConstants.GRANT_WRITE_ACP:
            for (Grant grant : acp.aclList.grants) {
                if (grant.permission.compareTo(GWConstants.GRANT_FULL_CONTROL) == 0) {
                    if (grant.grantee.type.compareTo(GWConstants.GROUP) == 0) {
                        if (grant.grantee.uri.compareTo(GWConstants.AWS_GRANT_URI_ALL_USERS) == 0 || grant.grantee.uri.compareTo(GWConstants.AWS_GRANT_URI_AUTHENTICATED_USERS) == 0) {
                            return true;
                        }
                    } else if (grant.grantee.type.compareTo(GWConstants.CANONICAL_USER) == 0) {
                        if (grant.grantee.id.compareTo(id) == 0) {
                            return true;
                        }
                    }
                } else if (grant.permission.compareTo(GWConstants.GRANT_WRITE_ACP) == 0) {
                    if (grant.grantee.type.compareTo(GWConstants.GROUP) == 0) {
                        if (grant.grantee.uri.compareTo(GWConstants.AWS_GRANT_URI_ALL_USERS) == 0 || grant.grantee.uri.compareTo(GWConstants.AWS_GRANT_URI_AUTHENTICATED_USERS) == 0) {
                            return true;
                        }
                    } else if (grant.grantee.type.compareTo(GWConstants.CANONICAL_USER) == 0) {
                        if (grant.grantee.id.compareTo(id) == 0) {
                            return true;
                        }
                    }
                }
            }
            break;
        case GWConstants.GRANT_FULL_CONTROL:
            for (Grant grant : acp.aclList.grants) {
                if (grant.grantee.type.compareTo(GWConstants.GROUP) == 0) {
                    if (grant.grantee.uri.compareTo(GWConstants.AWS_GRANT_URI_ALL_USERS) == 0 || grant.grantee.uri.compareTo(GWConstants.AWS_GRANT_URI_AUTHENTICATED_USERS) == 0) {
                        return true;
                    }
                } else if (grant.grantee.type.compareTo(GWConstants.CANONICAL_USER) == 0) {
                    if (grant.grantee.id.compareTo(id) == 0) {
                        return true;
                    }
                }
            }
            break;
        default:
            logger.error(GWConstants.LOG_REQUEST_GRANT_NOT_DEFINED, s3grant);
            new GWException(GWErrorCode.INTERNAL_SERVER_ERROR, s3Parameter);
    }
    return false;
}
Also used : Grant(com.pspace.ifs.ksan.gw.format.AccessControlPolicy.AccessControlList.Grant) GWException(com.pspace.ifs.ksan.gw.exception.GWException)

Example 8 with Grant

use of com.pspace.ifs.ksan.gw.format.AccessControlPolicy.AccessControlList.Grant in project ksan by infinistor.

the class CreateBucket method process.

@Override
public void process() throws GWException {
    logger.info(GWConstants.LOG_CREATE_BUCKET_START);
    String bucket = s3Parameter.getBucketName();
    logger.debug(GWConstants.LOG_CREATE_BUCKET_NAME, bucket);
    checkBucketName(bucket);
    if (isExistBucket(bucket) || bucket.equalsIgnoreCase(GWConstants.WEBSITE)) {
        logger.info(GWConstants.LOG_CREATE_BUCKET_EXIST, bucket);
        initBucketInfo(bucket);
        if (isBucketOwner(String.valueOf(s3Parameter.getUser().getUserId()))) {
            throw new GWException(GWErrorCode.BUCKET_ALREADY_OWNED_BY_YOU, s3Parameter);
        }
        throw new GWException(GWErrorCode.BUCKET_ALREADY_EXISTS, s3Parameter);
    }
    DataCreateBucket dataCreateBucket = new DataCreateBucket(s3Parameter);
    dataCreateBucket.extract();
    accessControlPolicy = new AccessControlPolicy();
    accessControlPolicy.aclList = new AccessControlList();
    accessControlPolicy.aclList.grants = new ArrayList<Grant>();
    accessControlPolicy.owner = new Owner();
    accessControlPolicy.owner.id = String.valueOf(s3Parameter.getUser().getUserId());
    accessControlPolicy.owner.displayName = s3Parameter.getUser().getUserName();
    String xml = GWUtils.makeAclXml(accessControlPolicy, null, dataCreateBucket.hasAclKeyword(), null, dataCreateBucket.getAcl(), getBucketInfo(), String.valueOf(s3Parameter.getUser().getUserId()), s3Parameter.getUser().getUserName(), dataCreateBucket.getGrantRead(), dataCreateBucket.getGrantWrite(), dataCreateBucket.getGrantFullControl(), dataCreateBucket.getGrantReadAcp(), dataCreateBucket.getGrantWriteAcp(), s3Parameter);
    logger.debug(GWConstants.LOG_ACL, xml);
    int result = 0;
    if (!Strings.isNullOrEmpty(dataCreateBucket.getBucketObjectLockEnabled()) && GWConstants.STRING_TRUE.equalsIgnoreCase(dataCreateBucket.getBucketObjectLockEnabled())) {
        logger.info(GWConstants.LOG_CREATE_BUCKET_VERSIONING_ENABLED_OBJECT_LOCK_TRUE);
        String objectLockXml = GWConstants.OBJECT_LOCK_XML;
        result = createBucket(bucket, s3Parameter.getUser().getUserName(), String.valueOf(s3Parameter.getUser().getUserId()), xml, "", objectLockXml);
        putBucketVersioning(bucket, GWConstants.STATUS_ENABLED);
    } else {
        result = createBucket(bucket, s3Parameter.getUser().getUserName(), String.valueOf(s3Parameter.getUser().getUserId()), xml, "", "");
    }
    if (result != 0) {
        throw new GWException(GWErrorCode.INTERNAL_SERVER_DB_ERROR, s3Parameter);
    }
    s3Parameter.getResponse().addHeader(HttpHeaders.LOCATION, GWConstants.SLASH + bucket);
    s3Parameter.getResponse().setStatus(HttpServletResponse.SC_OK);
}
Also used : AccessControlList(com.pspace.ifs.ksan.gw.format.AccessControlPolicy.AccessControlList) DataCreateBucket(com.pspace.ifs.ksan.gw.data.DataCreateBucket) Grant(com.pspace.ifs.ksan.gw.format.AccessControlPolicy.AccessControlList.Grant) AccessControlPolicy(com.pspace.ifs.ksan.gw.format.AccessControlPolicy) Owner(com.pspace.ifs.ksan.gw.format.AccessControlPolicy.Owner) GWException(com.pspace.ifs.ksan.gw.exception.GWException)

Example 9 with Grant

use of com.pspace.ifs.ksan.gw.format.AccessControlPolicy.AccessControlList.Grant in project ksan by infinistor.

the class CreateMultipartUpload method process.

@Override
public void process() throws GWException {
    logger.info(GWConstants.LOG_CREATE_MULTIPART_UPLOAD_START);
    String bucket = s3Parameter.getBucketName();
    initBucketInfo(bucket);
    String object = s3Parameter.getObjectName();
    S3Bucket s3Bucket = new S3Bucket();
    s3Bucket.setCors(getBucketInfo().getCors());
    s3Bucket.setAccess(getBucketInfo().getAccess());
    s3Parameter.setBucket(s3Bucket);
    GWUtils.checkCors(s3Parameter);
    if (s3Parameter.isPublicAccess() && GWUtils.isIgnorePublicAcls(s3Parameter)) {
        throw new GWException(GWErrorCode.ACCESS_DENIED, s3Parameter);
    }
    checkGrantBucket(s3Parameter.isPublicAccess(), String.valueOf(s3Parameter.getUser().getUserId()), GWConstants.GRANT_WRITE);
    DataCreateMultipartUpload dataCreateMultipartUpload = new DataCreateMultipartUpload(s3Parameter);
    dataCreateMultipartUpload.extract();
    accessControlPolicy = new AccessControlPolicy();
    accessControlPolicy.aclList = new AccessControlList();
    accessControlPolicy.aclList.grants = new ArrayList<Grant>();
    accessControlPolicy.owner = new Owner();
    accessControlPolicy.owner.id = String.valueOf(s3Parameter.getUser().getUserId());
    accessControlPolicy.owner.displayName = s3Parameter.getUser().getUserName();
    String xml = GWUtils.makeAclXml(accessControlPolicy, null, dataCreateMultipartUpload.hasAclKeyword(), null, dataCreateMultipartUpload.getAcl(), getBucketInfo(), String.valueOf(s3Parameter.getUser().getUserId()), s3Parameter.getUser().getUserName(), dataCreateMultipartUpload.getGrantRead(), dataCreateMultipartUpload.getGrantWrite(), dataCreateMultipartUpload.getGrantFullControl(), dataCreateMultipartUpload.getGrantReadAcp(), dataCreateMultipartUpload.getGrantWriteAcp(), s3Parameter);
    String customerAlgorithm = dataCreateMultipartUpload.getServerSideEncryptionCustomerAlgorithm();
    String customerKey = dataCreateMultipartUpload.getServerSideEncryptionCustomerKey();
    String customerKeyMD5 = dataCreateMultipartUpload.getServerSideEncryptionCustomerKeyMD5();
    String serverSideEncryption = dataCreateMultipartUpload.getServerSideEncryption();
    if (!Strings.isNullOrEmpty(serverSideEncryption)) {
        if (!serverSideEncryption.equalsIgnoreCase(GWConstants.AES256)) {
            logger.error(GWErrorCode.NOT_IMPLEMENTED.getMessage() + GWConstants.SERVER_SIDE_OPTION);
            throw new GWException(GWErrorCode.NOT_IMPLEMENTED, s3Parameter);
        }
    }
    S3Metadata s3Metadata = new S3Metadata();
    s3Metadata.setOwnerId(String.valueOf(s3Parameter.getUser().getUserId()));
    s3Metadata.setOwnerName(s3Parameter.getUser().getUserName());
    s3Metadata.setServersideEncryption(serverSideEncryption);
    s3Metadata.setCustomerAlgorithm(customerAlgorithm);
    s3Metadata.setCustomerKey(customerKey);
    s3Metadata.setCustomerKeyMD5(customerKeyMD5);
    s3Metadata.setName(object);
    String cacheControl = dataCreateMultipartUpload.getCacheControl();
    String contentDisposition = dataCreateMultipartUpload.getContentDisposition();
    String contentEncoding = dataCreateMultipartUpload.getContentEncoding();
    String contentLanguage = dataCreateMultipartUpload.getContentLanguage();
    String contentType = dataCreateMultipartUpload.getContentType();
    String serversideEncryption = dataCreateMultipartUpload.getServerSideEncryption();
    s3Metadata.setOwnerId(String.valueOf(s3Parameter.getUser().getUserId()));
    s3Metadata.setOwnerName(s3Parameter.getUser().getUserName());
    s3Metadata.setUserMetadataMap(dataCreateMultipartUpload.getUserMetadata());
    if (!Strings.isNullOrEmpty(serversideEncryption)) {
        if (!serversideEncryption.equalsIgnoreCase(GWConstants.AES256)) {
            logger.error(GWErrorCode.NOT_IMPLEMENTED.getMessage() + GWConstants.SERVER_SIDE_OPTION);
            throw new GWException(GWErrorCode.NOT_IMPLEMENTED, s3Parameter);
        } else {
            s3Metadata.setServersideEncryption(serversideEncryption);
        }
    }
    if (!Strings.isNullOrEmpty(cacheControl)) {
        s3Metadata.setCacheControl(cacheControl);
    }
    if (!Strings.isNullOrEmpty(contentDisposition)) {
        s3Metadata.setContentDisposition(contentDisposition);
    }
    if (!Strings.isNullOrEmpty(contentEncoding)) {
        s3Metadata.setContentEncoding(contentEncoding);
    }
    if (!Strings.isNullOrEmpty(contentLanguage)) {
        s3Metadata.setContentLanguage(contentLanguage);
    }
    if (!Strings.isNullOrEmpty(contentType)) {
        s3Metadata.setContentType(contentType);
    }
    if (!Strings.isNullOrEmpty(customerAlgorithm)) {
        s3Metadata.setCustomerAlgorithm(customerAlgorithm);
    }
    if (!Strings.isNullOrEmpty(customerKey)) {
        s3Metadata.setCustomerKey(customerKey);
    }
    if (!Strings.isNullOrEmpty(customerKeyMD5)) {
        s3Metadata.setCustomerKeyMD5(customerKeyMD5);
    }
    ObjectMapper jsonMapper = new ObjectMapper();
    String metaJson = "";
    try {
        metaJson = jsonMapper.writeValueAsString(s3Metadata);
    } catch (JsonProcessingException e) {
        PrintStack.logging(logger, e);
        throw new GWException(GWErrorCode.INTERNAL_SERVER_DB_ERROR, s3Parameter);
    }
    Metadata objMeta = null;
    try {
        // check exist object
        objMeta = createLocal(bucket, object);
    } catch (GWException e) {
        logger.info(e.getMessage());
        logger.error(GWConstants.LOG_CREATE_MULTIPART_UPLOAD_FAILED, bucket, object);
        throw new GWException(GWErrorCode.INTERNAL_SERVER_DB_ERROR, s3Parameter);
    }
    String uploadId = null;
    try {
        ObjMultipart objMultipart = new ObjMultipart(bucket);
        uploadId = objMultipart.createMultipartUpload(bucket, object, xml, metaJson, objMeta.getPrimaryDisk().getId());
    } catch (UnknownHostException e) {
        PrintStack.logging(logger, e);
        throw new GWException(GWErrorCode.INTERNAL_SERVER_ERROR, s3Parameter);
    } catch (Exception e) {
        PrintStack.logging(logger, e);
        throw new GWException(GWErrorCode.INTERNAL_SERVER_ERROR, s3Parameter);
    }
    XMLOutputFactory xmlOutputFactory = XMLOutputFactory.newInstance();
    try (Writer writer = s3Parameter.getResponse().getWriter()) {
        s3Parameter.getResponse().setContentType(GWConstants.XML_CONTENT_TYPE);
        XMLStreamWriter xmlStreamWriter = xmlOutputFactory.createXMLStreamWriter(writer);
        xmlStreamWriter.writeStartDocument();
        xmlStreamWriter.writeStartElement(GWConstants.INITATE_MULTIPART_UPLOAD_RESULT);
        xmlStreamWriter.writeDefaultNamespace(GWConstants.AWS_XMLNS);
        writeSimpleElement(xmlStreamWriter, GWConstants.BUCKET, bucket);
        writeSimpleElement(xmlStreamWriter, GWConstants.KEY, object);
        writeSimpleElement(xmlStreamWriter, GWConstants.XML_UPLOADID, uploadId);
        xmlStreamWriter.writeEndElement();
        xmlStreamWriter.flush();
    } catch (XMLStreamException xse) {
        PrintStack.logging(logger, xse);
        throw new GWException(GWErrorCode.INTERNAL_SERVER_ERROR, s3Parameter);
    } catch (IOException e) {
        PrintStack.logging(logger, e);
        throw new GWException(GWErrorCode.INTERNAL_SERVER_ERROR, s3Parameter);
    }
}
Also used : AccessControlList(com.pspace.ifs.ksan.gw.format.AccessControlPolicy.AccessControlList) ObjMultipart(com.pspace.ifs.ksan.objmanager.ObjMultipart) Grant(com.pspace.ifs.ksan.gw.format.AccessControlPolicy.AccessControlList.Grant) AccessControlPolicy(com.pspace.ifs.ksan.gw.format.AccessControlPolicy) Owner(com.pspace.ifs.ksan.gw.format.AccessControlPolicy.Owner) XMLOutputFactory(javax.xml.stream.XMLOutputFactory) UnknownHostException(java.net.UnknownHostException) DataCreateMultipartUpload(com.pspace.ifs.ksan.gw.data.DataCreateMultipartUpload) S3Metadata(com.pspace.ifs.ksan.gw.identity.S3Metadata) Metadata(com.pspace.ifs.ksan.objmanager.Metadata) IOException(java.io.IOException) GWException(com.pspace.ifs.ksan.gw.exception.GWException) XMLStreamException(javax.xml.stream.XMLStreamException) IOException(java.io.IOException) JsonProcessingException(com.fasterxml.jackson.core.JsonProcessingException) UnknownHostException(java.net.UnknownHostException) S3Bucket(com.pspace.ifs.ksan.gw.identity.S3Bucket) XMLStreamException(javax.xml.stream.XMLStreamException) S3Metadata(com.pspace.ifs.ksan.gw.identity.S3Metadata) XMLStreamWriter(javax.xml.stream.XMLStreamWriter) GWException(com.pspace.ifs.ksan.gw.exception.GWException) JsonProcessingException(com.fasterxml.jackson.core.JsonProcessingException) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) XMLStreamWriter(javax.xml.stream.XMLStreamWriter) Writer(java.io.Writer)

Example 10 with Grant

use of com.pspace.ifs.ksan.gw.format.AccessControlPolicy.AccessControlList.Grant in project ksan by infinistor.

the class GWUtils method makeAclXml.

public static String makeAclXml(AccessControlPolicy accessControlPolicy, AccessControlPolicy preAccessControlPolicy, boolean hasKeyWord, String getAclXml, String cannedAcl, Bucket bucketInfo, String userId, String userName, String getGrantRead, String getGrantWrite, String getGrantFullControl, String getGrantReadAcp, String getGrantWriteAcp, S3Parameter s3Parameter) throws GWException {
    PublicAccessBlockConfiguration pabc = null;
    if (bucketInfo != null && !Strings.isNullOrEmpty(bucketInfo.getAccess())) {
        try {
            pabc = new XmlMapper().readValue(bucketInfo.getAccess(), PublicAccessBlockConfiguration.class);
        } catch (JsonProcessingException e) {
            PrintStack.logging(logger, e);
            throw new GWException(GWErrorCode.SERVER_ERROR, s3Parameter);
        }
    }
    logger.info(GWConstants.LOG_UTILS_CANNED_ACL, cannedAcl);
    logger.info(GWConstants.LOG_UTILS_ACL_XML, getAclXml);
    if (preAccessControlPolicy != null && preAccessControlPolicy.owner != null) {
        accessControlPolicy.owner.id = preAccessControlPolicy.owner.id;
        accessControlPolicy.owner.displayName = preAccessControlPolicy.owner.displayName;
    } else {
        accessControlPolicy.owner.id = userId;
        accessControlPolicy.owner.displayName = userName;
    }
    String aclXml = null;
    if (!hasKeyWord) {
        aclXml = getAclXml;
    }
    if (Strings.isNullOrEmpty(cannedAcl)) {
        if (Strings.isNullOrEmpty(aclXml)) {
            if (Strings.isNullOrEmpty(getGrantRead) && Strings.isNullOrEmpty(getGrantWrite) && Strings.isNullOrEmpty(getGrantReadAcp) && Strings.isNullOrEmpty(getGrantWriteAcp) && Strings.isNullOrEmpty(getGrantFullControl)) {
                Grant priUser = new Grant();
                priUser.grantee = new Grantee();
                priUser.grantee.type = GWConstants.CANONICAL_USER;
                priUser.grantee.id = accessControlPolicy.owner.id;
                priUser.grantee.displayName = accessControlPolicy.owner.displayName;
                priUser.permission = GWConstants.GRANT_FULL_CONTROL;
                accessControlPolicy.aclList.grants.add(priUser);
            }
        }
    } else {
        if (GWConstants.CANNED_ACLS_PRIVATE.equalsIgnoreCase(cannedAcl)) {
            Grant priUser = new Grant();
            priUser.grantee = new Grantee();
            priUser.grantee.type = GWConstants.CANONICAL_USER;
            priUser.grantee.id = accessControlPolicy.owner.id;
            priUser.grantee.displayName = accessControlPolicy.owner.displayName;
            priUser.permission = GWConstants.GRANT_FULL_CONTROL;
            accessControlPolicy.aclList.grants.add(priUser);
        } else if (GWConstants.CANNED_ACLS_PUBLIC_READ.equalsIgnoreCase(cannedAcl)) {
            if (pabc != null && GWConstants.STRING_TRUE.equalsIgnoreCase(pabc.BlockPublicAcls)) {
                logger.info(GWConstants.LOG_ACCESS_DENIED_PUBLIC_ACLS);
                throw new GWException(GWErrorCode.ACCESS_DENIED, s3Parameter);
            }
            Grant priUser = new Grant();
            priUser.grantee = new Grantee();
            priUser.grantee.type = GWConstants.CANONICAL_USER;
            priUser.grantee.id = accessControlPolicy.owner.id;
            priUser.grantee.displayName = accessControlPolicy.owner.displayName;
            priUser.permission = GWConstants.GRANT_FULL_CONTROL;
            accessControlPolicy.aclList.grants.add(priUser);
            Grant pubReadUser = new Grant();
            pubReadUser.grantee = new Grantee();
            pubReadUser.grantee.type = GWConstants.GROUP;
            pubReadUser.grantee.uri = GWConstants.AWS_GRANT_URI_ALL_USERS;
            pubReadUser.permission = GWConstants.GRANT_READ;
            accessControlPolicy.aclList.grants.add(pubReadUser);
        } else if (GWConstants.CANNED_ACLS_PUBLIC_READ_WRITE.equalsIgnoreCase(cannedAcl)) {
            if (pabc != null && GWConstants.STRING_TRUE.equalsIgnoreCase(pabc.BlockPublicAcls)) {
                logger.info(GWConstants.LOG_ACCESS_DENIED_PUBLIC_ACLS);
                throw new GWException(GWErrorCode.ACCESS_DENIED, s3Parameter);
            }
            Grant priUser = new Grant();
            priUser.grantee = new Grantee();
            priUser.grantee.type = GWConstants.CANONICAL_USER;
            priUser.grantee.id = accessControlPolicy.owner.id;
            priUser.grantee.displayName = accessControlPolicy.owner.displayName;
            priUser.permission = GWConstants.GRANT_FULL_CONTROL;
            accessControlPolicy.aclList.grants.add(priUser);
            Grant pubReadUser = new Grant();
            pubReadUser.grantee = new Grantee();
            pubReadUser.grantee.type = GWConstants.GROUP;
            pubReadUser.grantee.uri = GWConstants.AWS_GRANT_URI_ALL_USERS;
            pubReadUser.permission = GWConstants.GRANT_READ;
            accessControlPolicy.aclList.grants.add(pubReadUser);
            Grant pubWriteUser = new Grant();
            pubWriteUser.grantee = new Grantee();
            pubWriteUser.grantee.type = GWConstants.GROUP;
            pubWriteUser.grantee.uri = GWConstants.AWS_GRANT_URI_ALL_USERS;
            pubWriteUser.permission = GWConstants.GRANT_WRITE;
            accessControlPolicy.aclList.grants.add(pubWriteUser);
        } else if (GWConstants.CANNED_ACLS_AUTHENTICATED_READ.equalsIgnoreCase(cannedAcl)) {
            if (pabc != null && GWConstants.STRING_TRUE.equalsIgnoreCase(pabc.BlockPublicAcls)) {
                logger.info(GWConstants.LOG_ACCESS_DENIED_PUBLIC_ACLS);
                throw new GWException(GWErrorCode.ACCESS_DENIED, s3Parameter);
            }
            Grant priUser = new Grant();
            priUser.grantee = new Grantee();
            priUser.grantee.type = GWConstants.CANONICAL_USER;
            priUser.grantee.id = accessControlPolicy.owner.id;
            priUser.grantee.displayName = accessControlPolicy.owner.displayName;
            priUser.permission = GWConstants.GRANT_FULL_CONTROL;
            accessControlPolicy.aclList.grants.add(priUser);
            Grant authReadUser = new Grant();
            authReadUser.grantee = new Grantee();
            authReadUser.grantee.type = GWConstants.GROUP;
            authReadUser.grantee.uri = GWConstants.AWS_GRANT_URI_AUTHENTICATED_USERS;
            authReadUser.permission = GWConstants.GRANT_READ;
            accessControlPolicy.aclList.grants.add(authReadUser);
        } else if (GWConstants.CANNED_ACLS_BUCKET_OWNER_READ.equalsIgnoreCase(cannedAcl)) {
            Grant priUser = new Grant();
            priUser.grantee = new Grantee();
            priUser.grantee.type = GWConstants.CANONICAL_USER;
            priUser.grantee.id = accessControlPolicy.owner.id;
            priUser.grantee.displayName = accessControlPolicy.owner.displayName;
            priUser.permission = GWConstants.GRANT_FULL_CONTROL;
            accessControlPolicy.aclList.grants.add(priUser);
            Grant bucketOwnerReadUser = new Grant();
            bucketOwnerReadUser.grantee = new Grantee();
            bucketOwnerReadUser.grantee.type = GWConstants.CANONICAL_USER;
            bucketOwnerReadUser.grantee.id = bucketInfo.getUserId();
            bucketOwnerReadUser.grantee.displayName = bucketInfo.getUserName();
            bucketOwnerReadUser.permission = GWConstants.GRANT_READ;
            accessControlPolicy.aclList.grants.add(bucketOwnerReadUser);
        } else if (GWConstants.CANNED_ACLS_BUCKET_OWNER_FULL_CONTROL.equalsIgnoreCase(cannedAcl)) {
            Grant priUser = new Grant();
            priUser.grantee = new Grantee();
            priUser.grantee.type = GWConstants.CANONICAL_USER;
            priUser.grantee.id = accessControlPolicy.owner.id;
            priUser.grantee.displayName = accessControlPolicy.owner.displayName;
            priUser.permission = GWConstants.GRANT_FULL_CONTROL;
            accessControlPolicy.aclList.grants.add(priUser);
            Grant bucketOwnerFullUser = new Grant();
            bucketOwnerFullUser.grantee = new Grantee();
            bucketOwnerFullUser.grantee.type = GWConstants.CANONICAL_USER;
            bucketOwnerFullUser.grantee.id = bucketInfo.getUserId();
            bucketOwnerFullUser.grantee.displayName = bucketInfo.getUserName();
            bucketOwnerFullUser.permission = GWConstants.GRANT_FULL_CONTROL;
            accessControlPolicy.aclList.grants.add(bucketOwnerFullUser);
        } else if (GWConstants.CANNED_ACLS.contains(cannedAcl)) {
            logger.error(GWErrorCode.NOT_IMPLEMENTED.getMessage() + GWConstants.LOG_ACCESS_CANNED_ACL, cannedAcl);
            throw new GWException(GWErrorCode.NOT_IMPLEMENTED, s3Parameter);
        } else {
            logger.error(HttpServletResponse.SC_BAD_REQUEST + GWConstants.LOG_ACCESS_PROCESS_FAILED);
            throw new GWException(GWErrorCode.BAD_REQUEST, s3Parameter);
        }
    }
    if (!Strings.isNullOrEmpty(getGrantRead)) {
        readAclHeader(getGrantRead, GWConstants.GRANT_READ, accessControlPolicy);
    }
    if (!Strings.isNullOrEmpty(getGrantWrite)) {
        readAclHeader(getGrantWrite, GWConstants.GRANT_WRITE, accessControlPolicy);
    }
    if (!Strings.isNullOrEmpty(getGrantReadAcp)) {
        readAclHeader(getGrantReadAcp, GWConstants.GRANT_READ_ACP, accessControlPolicy);
    }
    if (!Strings.isNullOrEmpty(getGrantWriteAcp)) {
        readAclHeader(getGrantWriteAcp, GWConstants.GRANT_WRITE_ACP, accessControlPolicy);
    }
    if (!Strings.isNullOrEmpty(getGrantFullControl)) {
        readAclHeader(getGrantFullControl, GWConstants.GRANT_FULL_CONTROL, accessControlPolicy);
    }
    if (Strings.isNullOrEmpty(aclXml)) {
        XmlMapper xmlMapper = new XmlMapper();
        try {
            aclXml = xmlMapper.writeValueAsString(accessControlPolicy).replaceAll(GWConstants.WSTXNS, GWConstants.XSI);
        } catch (JsonProcessingException e) {
            PrintStack.logging(logger, e);
            throw new GWException(GWErrorCode.SERVER_ERROR, s3Parameter);
        }
    }
    // check user
    try {
        XmlMapper xmlMapper = new XmlMapper();
        AccessControlPolicy checkAcl = xmlMapper.readValue(aclXml, AccessControlPolicy.class);
        aclXml = checkAcl.toString();
        if (checkAcl.aclList.grants != null) {
            for (Grant user : checkAcl.aclList.grants) {
                if (!Strings.isNullOrEmpty(user.grantee.displayName) && GWUtils.getDBInstance().getIdentityByName(user.grantee.displayName, s3Parameter) == null) {
                    logger.info(user.grantee.displayName);
                    throw new GWException(GWErrorCode.INVALID_ARGUMENT, s3Parameter);
                }
                if (!Strings.isNullOrEmpty(user.grantee.id) && !user.grantee.id.matches(GWConstants.BACKSLASH_D_PLUS)) {
                    logger.info(user.grantee.id);
                    throw new GWException(GWErrorCode.INVALID_ARGUMENT, s3Parameter);
                }
                if (!Strings.isNullOrEmpty(user.grantee.id) && GWUtils.getDBInstance().getIdentityByID(user.grantee.id, s3Parameter) == null) {
                    logger.info(user.grantee.id);
                    throw new GWException(GWErrorCode.INVALID_ARGUMENT, s3Parameter);
                }
            }
        }
    } catch (JsonProcessingException e) {
        PrintStack.logging(logger, e);
        throw new GWException(GWErrorCode.SERVER_ERROR, s3Parameter);
    }
    return aclXml;
}
Also used : PublicAccessBlockConfiguration(com.pspace.ifs.ksan.gw.format.PublicAccessBlockConfiguration) Grant(com.pspace.ifs.ksan.gw.format.AccessControlPolicy.AccessControlList.Grant) Grantee(com.pspace.ifs.ksan.gw.format.AccessControlPolicy.AccessControlList.Grant.Grantee) AccessControlPolicy(com.pspace.ifs.ksan.gw.format.AccessControlPolicy) GWException(com.pspace.ifs.ksan.gw.exception.GWException) JsonProcessingException(com.fasterxml.jackson.core.JsonProcessingException) XmlMapper(com.fasterxml.jackson.dataformat.xml.XmlMapper)

Aggregations

Grant (com.pspace.ifs.ksan.gw.format.AccessControlPolicy.AccessControlList.Grant)11 GWException (com.pspace.ifs.ksan.gw.exception.GWException)10 AccessControlPolicy (com.pspace.ifs.ksan.gw.format.AccessControlPolicy)9 JsonProcessingException (com.fasterxml.jackson.core.JsonProcessingException)7 AccessControlList (com.pspace.ifs.ksan.gw.format.AccessControlPolicy.AccessControlList)6 Owner (com.pspace.ifs.ksan.gw.format.AccessControlPolicy.Owner)6 XmlMapper (com.fasterxml.jackson.dataformat.xml.XmlMapper)5 S3Bucket (com.pspace.ifs.ksan.gw.identity.S3Bucket)5 ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)4 Metadata (com.pspace.ifs.ksan.objmanager.Metadata)4 Grantee (com.pspace.ifs.ksan.gw.format.AccessControlPolicy.AccessControlList.Grant.Grantee)3 S3Metadata (com.pspace.ifs.ksan.gw.identity.S3Metadata)3 IOException (java.io.IOException)3 JsonMappingException (com.fasterxml.jackson.databind.JsonMappingException)2 S3Object (com.pspace.ifs.ksan.gw.object.S3Object)2 S3ObjectOperation (com.pspace.ifs.ksan.gw.object.S3ObjectOperation)2 Writer (java.io.Writer)2 XMLOutputFactory (javax.xml.stream.XMLOutputFactory)2 XMLStreamException (javax.xml.stream.XMLStreamException)2 XMLStreamWriter (javax.xml.stream.XMLStreamWriter)2