org.jets3t.servlets.gatekeeper
Class Authorizer

java.lang.Object
  extended by org.jets3t.servlets.gatekeeper.Authorizer
Direct Known Subclasses:
DefaultAuthorizer

public abstract class Authorizer
extends java.lang.Object

Authorizes or refuses operations on an S3 account - the decision can be based on information in the request message, details about the client, or the signature request itself.

An example Authorizer implementation might check that a user has alread been authorized and their Principal details are available from the client information, or it might check that the correct password has been provided in an application property in the request message.


Constructor Summary
Authorizer(javax.servlet.ServletConfig servletConfig)
          Constructs an Authorizer.
 
Method Summary
abstract  boolean allowBucketListingRequest(GatekeeperMessage requestMessage, ClientInformation clientInformation)
          Authorizes a bucket listing operation for a client as represented by a the gatekeeper request message.
abstract  boolean allowSignatureRequest(GatekeeperMessage requestMessage, ClientInformation clientInformation, SignatureRequest signatureRequest)
          Authorizes an operation represented by a signature request by returning true, or disallows the operation by returned false (and optionally setting a decline reason in the signature request).
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

Authorizer

public Authorizer(javax.servlet.ServletConfig servletConfig)
           throws javax.servlet.ServletException
Constructs an Authorizer.

Parameters:
servletConfig -
Throws:
javax.servlet.ServletException
Method Detail

allowSignatureRequest

public abstract boolean allowSignatureRequest(GatekeeperMessage requestMessage,
                                              ClientInformation clientInformation,
                                              SignatureRequest signatureRequest)
Authorizes an operation represented by a signature request by returning true, or disallows the operation by returned false (and optionally setting a decline reason in the signature request).

Authorization decisions can be made based on any of the inputs provided to this method.

Parameters:
requestMessage - the Gatekeeper request message.
clientInformation - information about the client end-point this request was received from.
signatureRequest - a signature request to allow or disallow.
Returns:
true if the request is allowed, false otherwise.

allowBucketListingRequest

public abstract boolean allowBucketListingRequest(GatekeeperMessage requestMessage,
                                                  ClientInformation clientInformation)
Authorizes a bucket listing operation for a client as represented by a the gatekeeper request message.

Authorization decisions can be made based on any of the inputs provided to this method.

Parameters:
requestMessage - the Gatekeeper request message.
clientInformation - information about the client end-point this request was received from.
Returns:
true if the request is allowed, false otherwise.