//   on the bucket, Amazon S3 will return an
			//   HTTP status code 404 ("no such key")
			//   error.
			// * if you don’t have the s3:ListBucket
			//   permission, Amazon S3 will return an HTTP
			//   status code 403 ("access denied") error.`
			if globalPolicySys.IsAllowed(policy.BucketPolicyArgs{
				Action:          policy.ListBucketAction,
				BucketName:      bucket,

				result.MaxValiditySeconds, minValidityDurationSeconds, maxValidityDurationSeconds)
		}

		return AuthNResponse{
			Success: &result,
		}, nil

	case 403:
		var result AuthNErrorResponse
		if err = json.NewDecoder(resp.Body).Decode(&result); err != nil {
			return AuthNResponse{}, err
		}
		return AuthNResponse{
			Failure: &result,
		}, nil

	default:

	for i in $(seq 1 4); do
		"${MINIO[@]}" --address ":$((start_port + i))" ${args[@]} 2>&1 >"${WORK_DIR}/server$i.log" &
	done

	# Wait until all nodes return 403
	for i in $(seq 1 4); do
		while [ "$(curl -m 1 -s -o /dev/null -w "%{http_code}" http://localhost:$((start_port + i)))" -ne "403" ]; do
			echo -n "."
			sleep 1
		done
	done

}

# Prepare fake disks with losetup
function prepare_block_devices() {
	set -e

// The operation returns a 200 OK if the bucket exists and you
// have permission to access it. Otherwise, the operation might
// return responses such as 404 Not Found and 403 Forbidden.
func (api objectAPIHandlers) HeadBucketHandler(w http.ResponseWriter, r *http.Request) {
	ctx := newContext(r, w, "HeadBucket")

	defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r))

The keys "exp", "parent" and "sub" in the `claims` object are reserved and if present are ignored by MinIO.

If the token is not valid or access is not approved, the plugin must return a `403` (forbidden) HTTP status code. The body must have an `application/json` content-type with the following structure:

```json
{
    "reason": <string>
}
```

The reason message is returned to the client.

			expectedRespStatus: http.StatusNoContent,
		},
		// Test case - 3.
		// Setting Invalid AccessKey to force signature check inside the handler to fail.
		// Should return HTTP response status 403 forbidden.
		{
			bucketName: bucketName,
			objectName: objectName,
			accessKey:  "Invalid-AccessKey",
			secretKey:  credentials.SecretKey,

			expectedRespStatus: http.StatusForbidden,
		},

		// mean that authentication succeeded, but another
		// side-channel check has failed, we shall take
		// the client offline in such situations.
		// generally all implementations should simply return
		// 403, but in situations where there is a dependency
		// with the caller to take the client offline purpose
		// fully it should make sure to respond with '412'
		// instead, see cmd/storage-rest-server.go for ideas.

			//   on the bucket, Amazon S3 will return an
			//   HTTP status code 404 ("no such key")
			//   error.
			// * if you don’t have the s3:ListBucket
			//   permission, Amazon S3 will return an HTTP
			//   status code 403 ("access denied") error.`
			if globalPolicySys.IsAllowed(policy.BucketPolicyArgs{
				Action:          policy.ListBucketAction,
				BucketName:      bucket,

4-03-10 19:43:40,2014-03-10 19:52:51,N,1,-73.863929748535156,40.732795715332031,-73.859237670898437,40.750602722167969,3,1.69,8,1,0.5,0,0,,,9.5,2,1,196,173,green,0.00,1.2,0.0,51,36,5.37,1288,717.02,4,Queens,071702,4071702,I,QN18,Rego Park,4108,650,403,4,Queens,040300,4040300,E,QN26,North Corona,4102^3389338,2,2014-03-14 20:27:59,2014-03-14 20:34:20,N,1,-73.863815307617188,40.732875823974609,-73.875564575195313,40.735641479492188,2,0.79,5.5,0.5,0.5,0,0,,,6.5,2,1,196,82,green,0.00,0.0,0.0,46,22,5....