See: Description
Class | Description |
---|---|
Authorizer |
Authorizes or refuses operations on an S3 account - the decision can be based on information
in the request message, details about the client, or the signature request itself.
|
BucketLister |
Provides a listing of objects in an S3 account to a client application that cannot query
the account for itself.
|
ClientInformation |
Stores information about the HTTP client that submitted a request to the Gatekeeper.
|
GatekeeperServlet |
A servlet implementation of an S3 Gatekeeper, as described in the document
Gatekeeper Concepts.
|
TransactionIdProvider |
Provides a transaction ID that uniquely identifies a Gatekeeper transaction - that is, a request
and response interaction.
|
UrlSigner |
Provides signed URLs that will allow a client to perform the operation requested on a specific
object in S3.
|
Provides the Gatekeeper servlet application, a server-side authorization service that acts as a Gatekeeper server for S3 operations. The servlet receives requests for S3 operations (GET, HEAD, PUT, DELETE) and responds to these requests with either a signed URL allowing the operation, or a message stating that the operation will not be allowed.
Basic decision-making functionality is included with the JetS3t suite, however it is straight-forward to obtain more advanced control over the Gatekeeper's behaviour by implementing the relevant Java interfaces. There are specific interfaces for: allowing/denying requests, signing URLs, and assigning unique transaction IDs for a request.
The Gatekeeper is designed to work closely with the Uploader and CockpitLite applications, providing them with signed URLs so they can access an S3 account without the end-user having any access to the AWS account credentials.
For more information refer to the Gatekeeper Guide.