ErrEntityTooSmall: {
		Code:           "EntityTooSmall",
		Description:    "Your proposed upload is smaller than the minimum allowed object size.",
		HTTPStatusCode: http.StatusBadRequest,
	},
	ErrEntityTooLarge: {
		Code:           "EntityTooLarge",
		Description:    "Your proposed upload exceeds the maximum allowed object size.",
		HTTPStatusCode: http.StatusBadRequest,
	},
	ErrExcessData: {
		Code:           "ExcessData",

	// Policies were found, evaluate all of them.
	return sys.GetCombinedPolicy(policy).IsAllowed(args)
}

// IsAllowed - checks given policy args is allowed to continue the Rest API.
func (sys *IAMSys) IsAllowed(args policy.Args) bool {
	// If opa is configured, use OPA always.
	if authz := newGlobalAuthZPluginFn(); authz != nil {
		ok, err := authz.IsAllowed(args)
		if err != nil {
			authZLogIf(GlobalContext, err)
		}

	targetCred := u.Credentials

	if !globalIAMSys.IsAllowed(policy.Args{
		AccountName:     cred.AccessKey,
		Groups:          cred.Groups,
		Action:          policy.ListServiceAccountsAdminAction,
		ConditionValues: getConditionValues(r, "", cred),
		IsOwner:         owner,
		Claims:          cred.Claims,
	}) {
		// If requested user does not exist and requestor is not allowed to list service accounts, return access denied.

	readable := globalPolicySys.IsAllowed(policy.BucketPolicyArgs{
		Action:          policy.ListBucketAction,
		BucketName:      bucket,
		ConditionValues: getConditionValues(r, "", auth.AnonymousCredentials),
		IsOwner:         false,
	})

	// Check if anonymous (non-owner) has access to upload objects.
	writable := globalPolicySys.IsAllowed(policy.BucketPolicyArgs{

# Allowed origins for CORS.
api.cors.allow.origin=*
# Allowed HTTP methods for CORS.
api.cors.allow.methods=GET, POST, OPTIONS, DELETE, PUT
# Max age for CORS preflight requests.
api.cors.max.age=3600
# Allowed headers for CORS.
api.cors.allow.headers=Origin, Content-Type, Accept, Authorization, X-Requested-With
# Whether to allow credentials for CORS.
api.cors.allow.credentials=true

        }
        return OptionalEntity.empty();
    }

    /**
     * Checks if the specified LDAP user is allowed to have empty group and role permissions.
     *
     * @param ldapUser the LDAP user to check
     * @return true if empty permissions are allowed, false otherwise
     */
    protected boolean allowEmptyGroupAndRole(final LdapUser ldapUser) {

            if (m.equals(method)) {
                return true;
            }
        }
        writeJsonResponse(HttpServletResponse.SC_METHOD_NOT_ALLOWED, escapeJsonKeyValue(MESSAGE_FIELD, method + " is not allowed."));
        return false;
    }

    /**
     * Processes a scroll search request.
     * @param request The HTTP request.
     * @param response The HTTP response.
     * @param chain The filter chain.

                        classes.push('off', 'ends');

                    //don't allow selection of dates before the minimum date
                    if (this.minDate && calendar[row][col].isBefore(this.minDate, 'day'))
                        classes.push('off', 'disabled');

                    //don't allow selection of dates after the maximum date

    return this;
  }

  int getInitialCapacity() {
    return (initialCapacity == UNSET_INT) ? DEFAULT_INITIAL_CAPACITY : initialCapacity;
  }

  /**
   * Guides the allowed concurrency among update operations. Used as a hint for internal sizing. The
   * table is internally partitioned to try to permit the indicated number of concurrent updates

     * reflection implementation.
     */
    try {
      new TypeToken<T>() {};
      fail();
    } catch (IllegalStateException expected) {
      // Type variables aren't allowed.
    }
  }

  public void testRawTypeIsCorrect() {
    TypeToken<List<String>> token = new TypeToken<List<String>>() {};
    assertEquals(List.class, token.getRawType());
  }