Authorizes or refuses operations on an S3 account - the decision can be based on information in the request message, details about the client, or the signature request itself.
Provides a listing of objects in an S3 account to a client application that cannot query the account for itself.
Stores information about the HTTP client that submitted a request to the Gatekeeper.
A servlet implementation of an S3 Gatekeeper, as described in the document Gatekeeper Concepts.
Provides a transaction ID that uniquely identifies a Gatekeeper transaction - that is, a request and response interaction.
Provides signed URLs that will allow a client to perform the operation requested on a specific object in S3.
Provides the Gatekeeper servlet application, a server-side authorization service that acts as a Gatekeeper server for S3 operations. The servlet receives requests for S3 operations (GET, HEAD, PUT, DELETE) and responds to these requests with either a signed URL allowing the operation, or a message stating that the operation will not be allowed.
Basic decision-making functionality is included with the JetS3t suite, however it is straight-forward to obtain more advanced control over the Gatekeeper's behaviour by implementing the relevant Java interfaces. There are specific interfaces for: allowing/denying requests, signing URLs, and assigning unique transaction IDs for a request.
The Gatekeeper is designed to work closely with the Uploader and CockpitLite applications, providing them with signed URLs so they can access an S3 account without the end-user having any access to the AWS account credentials.
For more information refer to the Gatekeeper Guide.