// Disallow: / but Allow: /$ (only root), Allow: /index.html$, Allow: /public/
        assertFalse(robotsTxt.allows("/about", "ComplexBot"));
        assertTrue(robotsTxt.allows("/", "ComplexBot")); // Allow: /$
        assertTrue(robotsTxt.allows("/index.html", "ComplexBot")); // Allow: /index.html$
        assertFalse(robotsTxt.allows("/index.html?page=1", "ComplexBot")); // $ means exact end

Disallow: /admin/*.php
Disallow: /*/private/
Allow: /public/*.html

# Test end-of-path ($) patterns
User-agent: EndPathBot
Disallow: /fish$
Disallow: /temp$
Allow: /fishing

# Test complex patterns
User-agent: ComplexBot
Disallow: /
Allow: /$
Allow: /index.html$
Allow: /public/

# Test priority rules (longer match wins)
User-agent: PriorityBot
Disallow: /store
Allow: /store/public
Disallow: /store/public/sale

 * FILE_WRITE_DATA</code>) and the target file has the following security
 * descriptor ACEs:
 *
 * <pre>
 * Allow WNET\alice     0x001200A9  Direct
 * Allow Administrators 0x001F01FF  Inherited
 * Allow SYSTEM         0x001F01FF  Inherited
 * </pre>
 *
 * the access check would fail because the direct ACE has an access mask
 * of <code>0x001200A9</code> which doesn't have the

Allow:    # empty value

# Case 3: Multiple colons in directive
User-agent: MultiColonBot
Disallow: http://example.com:8080/path
Allow: /path:with:colons

# Case 4: Extra whitespace
User-agent:    ExtraSpaceBot
Disallow:     /spaced/
   Allow:   /also-spaced/

# Case 5: Mixed case directives (should still work)
UsEr-AgEnT: MixedCaseBot
DiSaLlOw: /test1/
AlLoW: /test2/
CrAwL-dElAy: 2
SiTeMaP: http://example.com/sitemap.xml

iam-assets/policies.json {"consoleAdmin":{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":["admin:*"]},{"Effect":"Allow","Action":["kms:*"]},{"Effect":"Allow","Action":["s3:*"],"Resource":["arn:aws:s3:::*"]}]},diagnostics":{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":["admin:TopLocksInfo","admin:BandwidthMonitor","admin:ConsoleLog","admin:OBDInfo","admin:Profiling","admin:Prometheus","admin:ServerInfo","admin:ServerTrace"],"Resource":["arn:aws:s3:::*"]}]},rea...

         * 2. If both Allow and Disallow patterns match with the same length, Allow takes precedence
         * 3. If no pattern matches, the path is allowed by default
         *
         * @param path the path to check
         * @return true if the path is allowed, false otherwise
         */
        public boolean allows(final String path) {
            PathPattern longestAllowMatch = null;

* `allow_origin_regex` - A regex string to match against origins that should be permitted to make cross-origin requests. e.g. `'https://.*\.example\.org'`.
* `allow_methods` - A list of HTTP methods that should be allowed for cross-origin requests. Defaults to `['GET']`. You can use `['*']` to allow all standard methods.

    /**
     * CORS header for specifying allowed headers.
     */
    protected static final String ACCESS_CONTROL_ALLOW_HEADERS = "Access-Control-Allow-Headers";

    /**
     * CORS header for specifying allowed HTTP methods.
     */
    protected static final String ACCESS_CONTROL_ALLOW_METHODS = "Access-Control-Allow-Methods";

    /**

 * FILE_WRITE_DATA</code>) and the target file has the following security
 * descriptor ACEs:
 *
 * <pre>
 * Allow WNET\alice     0x001200A9  Direct
 * Allow Administrators 0x001F01FF  Inherited
 * Allow SYSTEM         0x001F01FF  Inherited
 * </pre>
 *
 * the access check would fail because the direct ACE has an access mask
 * of <code>0x001200A9</code> which doesn't have the

			asRoot: false,

			policy: `{"Effect": "Allow",
				"Action": ["kms:CreateKey"] }`,

			wantStatusCode: http.StatusOK,
		},
		{
			name:   "create key as user set policy to allow want success",
			method: http.MethodPost,
			path:   kmsKeyCreatePath,
			query:  map[string]string{"key-id": "second-new-test-key"},
			asRoot: false,

			policy: `{"Effect": "Allow",
				"Action": ["kms:CreateKey"],