All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.ksc.auth.policy.package-info Maven / Gradle / Ivy

The newest version!
/*
 * Copyright 2010-2016 ksyun.com, Inc. or its affiliates. All Rights Reserved.
 *
 * Licensed under the Apache License, Version 2.0 (the "License").
 * You may not use this file except in compliance with the License.
 * A copy of the License is located at
 *
 *  http://ksyun.com/apache2.0
 *
 * or in the "license" file accompanying this file. This file is distributed
 * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
 * express or implied. See the License for the specific language governing
 * permissions and limitations under the License.
 */

/**
 * Classes for creating custom AWS access control policies.  Policies allow you to specify fine grained
 * access controls on your AWS resources.  You can allow or deny access to your AWS resources based on:
 * 
    *
  • what resource is being accessed *
  • who is accessing the resource (i.e. the principal) *
  • what action is being taken on the resource *
  • a variety of conditions including date restrictions, IP address restrictions, etc. *
* *

* Access control policies are a collection of statements. * Each statement takes the form: "A has permission to do B to C where D applies". *

    *
  • A is the principal - the AWS account that is making a request to * access or modify one of your AWS resources. *
  • B is the action - the way in which your AWS resource is being accessed or modified, such * as sending a message to an Amazon SQS queue, or storing an object in an Amazon S3 bucket. *
  • C is the resource - your AWS entity that the principal wants to access, such * as an Amazon SQS queue, or an object stored in Amazon S3. *
  • D is the set of conditions - optional constraints that specify when to allow or deny * access for the principal to access your resource. Many expressive conditions are available, * some specific to each service. For example you can use date conditions to allow access to * your resources only after or before a specific time. *
* *

* The following code creates a policy to allow a specific AWS account to send * and receive messages using one of your Amazon SQS queues: *

 *    Policy policy = new Policy("MyQueuePolicy");
 *    policy.withStatements(new Statement(Effect.Allow)
 *           .withPrincipals(new Principal("123456789012"))
 *           .withActions(SQSActions.SendMessage, SQSActions.ReceiveMessage)
 *           .withResources(new SQSQueueResource("987654321000", "queue2")));
 * 
* *

* Once you've created a policy, you need to use methods on the service to upload your policy to AWS. */ package com.ksc.auth.policy;





© 2015 - 2024 Weber Informatics LLC | Privacy Policy