Package com.amazonaws.auth.policy
Class Principal
java.lang.Object
com.amazonaws.auth.policy.Principal
A principal is an AWS account or AWS web serivce, which is being allowed or denied access to a
resource through an access control policy. The principal is a property of the
Statement
object, not directly the Policy
object.
The principal is A in the statement "A has permission to do B to C where D applies."
In an access control policy statement, you can set the principal to all
authenticated AWS users through the AllUsers
member. This
is useful when you don't want to restrict access based on the identity of the
requester, but instead on other identifying characteristics such as the
requester's IP address.
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionstatic enum
The services who have the right to do the assume the role action.static enum
Web identity providers, such as Login with Amazon, Facebook, or Google. -
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final Principal
Principal instance that includes all the AWS accounts, AWS web services and web identity providers.static final Principal
Principal instance that includes all AWS web services.static final Principal
Principal instance that includes all users, including anonymous users.static final Principal
Principal instance that includes all the web identity providers. -
Constructor Summary
ConstructorsConstructorDescriptionPrincipal
(Principal.Services service) Constructs a new principal with the specified AWS web service which is being allowed or denied access to a resource through an access control policy.Principal
(Principal.WebIdentityProviders webIdentityProvider) Constructs a new principal with the specified web identity provider.Constructs a new principal with the specified AWS account ID.Constructs a new principal with the specified id and provider.Constructs a new principal with the specified id and provider. -
Method Summary
-
Field Details
-
AllUsers
Principal instance that includes all users, including anonymous users.This is useful when you don't want to restrict access based on the identity of the requester, but instead on other identifying characteristics such as the requester's IP address.
-
AllServices
Principal instance that includes all AWS web services. -
AllWebProviders
Principal instance that includes all the web identity providers. -
All
Principal instance that includes all the AWS accounts, AWS web services and web identity providers.
-
-
Constructor Details
-
Principal
Constructs a new principal with the specified AWS web service which is being allowed or denied access to a resource through an access control policy.- Parameters:
service
- An AWS service.
-
Principal
Constructs a new principal with the specified AWS account ID. This method automatically strips hyphen characters found in the account Id.- Parameters:
accountId
- An AWS account ID.
-
Principal
Constructs a new principal with the specified id and provider. This method automatically strips hyphen characters found in the account ID if the provider is "AWS". -
Principal
Constructs a new principal with the specified id and provider. This method optionally strips hyphen characters found in the account Id. -
Principal
Constructs a new principal with the specified web identity provider.- Parameters:
webIdentityProvider
- An web identity provider.
-
-
Method Details
-
getProvider
Returns the provider for this principal, which indicates in what group of users this principal resides.- Returns:
- The provider for this principal.
-
getId
Returns the unique ID for this principal.- Returns:
- The unique ID for this principal.
-
hashCode
public int hashCode() -
equals
-