1 files changed, 28 insertions, 13 deletions

diff --git a/weed/s3api/auth_credentials.go b/weed/s3api/auth_credentials.go
index db5f4c8a3..31519e6e3 100644
--- a/weed/s3api/auth_credentials.go
+++ b/weed/s3api/auth_credentials.go
@@ -3,6 +3,7 @@ package s3api
 import (
 	"bytes"
 	"fmt"
+	"github.com/chrislusf/seaweedfs/weed/s3api/s3err"
 	"io/ioutil"
 	"net/http"
 
@@ -63,7 +64,7 @@ func (iam *IdentityAccessManagement) loadS3ApiConfiguration(fileName string) err
 		return fmt.Errorf("fail to read %s : %v", fileName, readErr)
 	}
 
-	glog.V(1).Infof("maybeLoadVolumeInfo Unmarshal volume info %v", fileName)
+	glog.V(1).Infof("load s3 config: %v", fileName)
 	if err := jsonpb.Unmarshal(bytes.NewReader(rawData), s3ApiConfiguration); err != nil {
 		glog.Warningf("unmarshal error: %v", err)
 		return fmt.Errorf("unmarshal %s error: %v", fileName, err)
@@ -107,6 +108,16 @@ func (iam *IdentityAccessManagement) lookupByAccessKey(accessKey string) (identi
 	return nil, nil, false
 }
 
+func (iam *IdentityAccessManagement) lookupAnonymous() (identity *Identity, found bool) {
+
+	for _, ident := range iam.identities {
+		if ident.Name == "anonymous" {
+			return ident, true
+		}
+	}
+	return nil, false
+}
+
 func (iam *IdentityAccessManagement) Auth(f http.HandlerFunc, action Action) http.HandlerFunc {
 
 	if !iam.isEnabled() {
@@ -115,7 +126,7 @@ func (iam *IdentityAccessManagement) Auth(f http.HandlerFunc, action Action) htt
 
 	return func(w http.ResponseWriter, r *http.Request) {
 		errCode := iam.authRequest(r, action)
-		if errCode == ErrNone {
+		if errCode == s3err.ErrNone {
 			f(w, r)
 			return
 		}
@@ -124,15 +135,16 @@ func (iam *IdentityAccessManagement) Auth(f http.HandlerFunc, action Action) htt
 }
 
 // check whether the request has valid access keys
-func (iam *IdentityAccessManagement) authRequest(r *http.Request, action Action) ErrorCode {
+func (iam *IdentityAccessManagement) authRequest(r *http.Request, action Action) s3err.ErrorCode {
 	var identity *Identity
-	var s3Err ErrorCode
+	var s3Err s3err.ErrorCode
+	var found bool
 	switch getRequestAuthType(r) {
 	case authTypeStreamingSigned:
-		return ErrNone
+		return s3err.ErrNone
 	case authTypeUnknown:
 		glog.V(3).Infof("unknown auth type")
-		return ErrAccessDenied
+		return s3err.ErrAccessDenied
 	case authTypePresignedV2, authTypeSignedV2:
 		glog.V(3).Infof("v2 auth type")
 		identity, s3Err = iam.isReqAuthenticatedV2(r)
@@ -141,18 +153,21 @@ func (iam *IdentityAccessManagement) authRequest(r *http.Request, action Action)
 		identity, s3Err = iam.reqSignatureV4Verify(r)
 	case authTypePostPolicy:
 		glog.V(3).Infof("post policy auth type")
-		return ErrNotImplemented
+		return s3err.ErrNone
 	case authTypeJWT:
 		glog.V(3).Infof("jwt auth type")
-		return ErrNotImplemented
+		return s3err.ErrNotImplemented
 	case authTypeAnonymous:
-		return ErrAccessDenied
+		identity, found = iam.lookupAnonymous()
+		if !found {
+			return s3err.ErrAccessDenied
+		}
 	default:
-		return ErrNotImplemented
+		return s3err.ErrNotImplemented
 	}
 
 	glog.V(3).Infof("auth error: %v", s3Err)
-	if s3Err != ErrNone {
+	if s3Err != s3err.ErrNone {
 		return s3Err
 	}
 
@@ -161,10 +176,10 @@ func (iam *IdentityAccessManagement) authRequest(r *http.Request, action Action)
 	bucket, _ := getBucketAndObject(r)
 
 	if !identity.canDo(action, bucket) {
-		return ErrAccessDenied
+		return s3err.ErrAccessDenied
 	}
 
-	return ErrNone
+	return s3err.ErrNone
 
 }