{
String bucketName = (String)request.getAttribute(S3Constants.BUCKET_ATTR_KEY);
String policy = streamToString( request.getInputStream());
// [A] Is there an owner of an existing policy or bucket?
BucketPolicyDao policyDao = new BucketPolicyDao();
SBucketDao bucketDao = new SBucketDao();
SBucket bucket = bucketDao.getByName( bucketName );
String owner = null;
if ( null != bucket )
{
owner = bucket.getOwnerCanonicalId();
}
else
{ try {
owner = policyDao.getPolicyOwner( bucketName );
}
catch( Exception e ) {}
}
// [B] "The bucket owner by default has permissions to attach bucket policies to their buckets using PUT Bucket policy."
// -> the bucket owner may want to restrict the IP address from where this can be executed
String client = UserContext.current().getCanonicalUserId();
S3PolicyContext context = new S3PolicyContext( PolicyActions.PutBucketPolicy, bucketName );
switch( S3Engine.verifyPolicy( context )) {
case ALLOW:
break;
case DEFAULT_DENY:
if (null != owner && !client.equals( owner )) {
response.setStatus(405);
return;
}
break;
case DENY:
response.setStatus(403);
return;
}
// [B] Place the policy into the database over writting an existing policy
try {
// -> first make sure that the policy is valid by parsing it
PolicyParser parser = new PolicyParser();
S3BucketPolicy sbp = parser.parse( policy, bucketName );
policyDao.deletePolicy( bucketName );
if (null != policy && !policy.isEmpty()) policyDao.addPolicy( bucketName, client, policy );
if (null != sbp) ServiceProvider.getInstance().setBucketPolicy( bucketName, sbp );
response.setStatus(200);
}
catch( PermissionDeniedException e ) {