Class Condition
- java.lang.Object
-
- com.amazonaws.auth.policy.Condition
-
- Direct Known Subclasses:
ArnCondition
,BooleanCondition
,DateCondition
,IpAddressCondition
,NumericCondition
,StringCondition
public class Condition extends Object
AWS access control policy conditions are contained inStatement
objects, and affect when a statement is applied. For example, a statement that allows access to an Amazon SQS queue could use a condition to only apply the effect of that statement for requests that are made before a certain date, or that originate from a range of IP addresses.Multiple conditions can be included in a single statement, and all conditions must evaluate to true in order for the statement to take effect.
The set of conditions is D in the statement "A has permission to do B to C where D applies."
A condition is composed of three parts:
- Condition Key - The condition key declares which value of a
request to pull in and compare against when a policy is evaluated by AWS. For
example, using
ConditionFactory.SOURCE_IP_CONDITION_KEY
will cause AWS to pull in the current request's source IP as the first value to compare against every time your policy is evaluated. - Comparison Type - Most condition types allow several ways to
compare the value obtained from the condition key and the comparison value.
For example, the
NumericCondition.NumericComparisonType
enumerates the ways aNumericCondition
can be evaluated (less than, greater than, equals, etc). - Comparison Value - This is a static value used as the second value in the comparison when your policy is evaluated. Depending on the comparison type, this value can optionally use wildcards. See the documentation for individual comparison types for more information.
There are many expressive conditions available in the
com.amazonaws.auth.policy.conditions
package to use in access control policy statements.This class is not intended to be directly subclassed by users, instead users should use the many available conditions and condition factories in the com.amazonaws.auth.policy.conditions package.
-
-
Constructor Summary
Constructors Constructor Description Condition()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description String
getConditionKey()
Returns the name of the condition key involved in this condition.String
getType()
Returns the type of this condition.List<String>
getValues()
Returns the values specified for this access control policy condition.void
setConditionKey(String conditionKey)
Sets the name of the condition key involved in this condition.void
setType(String type)
Sets the type of this condition.void
setValues(List<String> values)
Sets the values specified for this access control policy condition.Condition
withConditionKey(String key)
Fluent version ofsetConditionKey(String)
Condition
withType(String type)
Fluent version ofsetType(String)
Condition
withValues(String... values)
Fluent version ofsetValues(List)
Condition
withValues(List<String> values)
Fluent version ofsetValues(List)
-
-
-
Method Detail
-
getType
public String getType()
Returns the type of this condition.- Returns:
- The type of this condition.
-
setType
public void setType(String type)
Sets the type of this condition.- Parameters:
type
- The type of this condition.
-
getConditionKey
public String getConditionKey()
Returns the name of the condition key involved in this condition. Condition keys are predefined values supported by AWS that provide input to a condition's evaluation, such as the current time, or the IP address of the incoming request.Your policy is evaluated for each incoming request, and condition keys specify what information to pull out of those incoming requests and plug into the conditions in your policy.
- Returns:
- The name of the condition key involved in this condition.
-
setConditionKey
public void setConditionKey(String conditionKey)
Sets the name of the condition key involved in this condition. Condition keys are predefined values supported by AWS that provide input to a condition's evaluation, such as the current time, or the IP address of the incoming request.Your policy is evaluated for each incoming request, and condition keys specify what information to pull out of those incoming requests and plug into the conditions in your policy.
- Parameters:
conditionKey
- The name of the condition key involved in this condition.
-
getValues
public List<String> getValues()
Returns the values specified for this access control policy condition. For example, in a condition that compares the incoming IP address of a request to a specified range of IP addresses, the range of IP addresses is the single value in the condition.Most conditions accept only one value, but multiple values are possible.
- Returns:
- The values specified for this access control policy condition.
-
setValues
public void setValues(List<String> values)
Sets the values specified for this access control policy condition. For example, in a condition that compares the incoming IP address of a request to a specified range of IP addresses, the range of IP addresses is the single value in the condition.Most conditions accept only one value, but multiple values are possible.
- Parameters:
values
- The values specified for this access control policy condition.
-
withType
public Condition withType(String type)
Fluent version ofsetType(String)
- Returns:
- this
-
withConditionKey
public Condition withConditionKey(String key)
Fluent version ofsetConditionKey(String)
- Returns:
- this
-
withValues
public Condition withValues(String... values)
Fluent version ofsetValues(List)
- Returns:
- this
-
withValues
public Condition withValues(List<String> values)
Fluent version ofsetValues(List)
- Returns:
- this
-
-