Your question is not clear and it is fully out of our imagination what is your code without any samples from your side. But still it sounds like you are talking about:
<xsd:attribute name="object-acl-expression">
<xsd:annotation>
<xsd:documentation>
A SpEL expression to evaluate S3Object ACL at runtime against request message
for the 'upload' operation.
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
The result of this expression must be an instance of AccessControlList
or CannedAccessControlList
:
Object acl = this.objectAclExpression.getValue(this.evaluationContext, requestMessage);
Assert.state(acl instanceof AccessControlList || acl instanceof CannedAccessControlList,
"The 'objectAclExpression' ["
+ this.objectAclExpression.getExpressionString()
+ "] must evaluate to com.amazonaws.services.s3.model.AccessControlList " +
"or must evaluate to com.amazonaws.services.s3.model.CannedAccessControlList. " +
"Gotten: [" + acl + "]");
So, if you talk about a full access permissions, it looks like you just need to use CannedAccessControlList.AwsExecRead
in that expression:
/**
* Specifies the owner is granted {@link Permission#FullControl}. Amazon EC2
* is granted {@link Permission#Read} access to GET an Amazon Machine Image
* (AMI) bundle from Amazon S3.
*/
AwsExecRead("aws-exec-read");
Such an expression may look like:
object-acl-expression="T(com.amazonaws.services.s3.model.CannedAccessControlList).AwsExecRead"