apiRouter.ServeHTTP(rec, anonReq)

	// expected error response when the unsigned HTTP request is not permitted.
	accessDenied := getAPIError(ErrAccessDenied).HTTPStatusCode
	if rec.Code != accessDenied {
		t.Fatal(failTestStr(anonTestStr, fmt.Sprintf("Object API Nil Test expected to fail with %d, but failed with %d", accessDenied, rec.Code)))
	}

	// HEAD HTTP request doesn't contain response body.
	if anonReq.Method != http.MethodHead {

	_, err := client.PutObject(ctx, bucket, "some-object", bytes.NewBuffer([]byte("stuff")), 5, minio.PutObjectOptions{})
	if e, ok := err.(minio.ErrorResponse); ok {
		if e.Code == "AccessDenied" {
			return
		}
	}
	c.Fatalf("upload did not get an AccessDenied error - got %#v instead", err)
}

func (c *check) assertSvcAccS3Access(ctx context.Context, s *TestSuiteIAM, cr madmin.Credentials, bucket string) {

    @Test
    public void test_accessDenied() {
        activityHelper.useEcsFormat = false;
        activityHelper.accessDenied(OptionalThing.empty(), "/admin/user/");
        assertEquals("action:ACCESS_DENIED\tuser:-\tpath:/admin/user/", localLogMsg.get());

        activityHelper.accessDenied(createUser("testuser", new String[0]), "/admin/user/");

	response, err = s.client.Get(getGetObjectURL(s.endPoint, bucketName, objectName+".1"))
	c.Assert(err, nil)
	// assert the http response status code.
	verifyError(c, response, "AccessDenied", "Access Denied.", http.StatusForbidden)

	// initiate anonymous HTTP request to fetch the object which does exist. We need to return AccessDenied.

			err = ObjectNotFound{Bucket: bucket, Object: object, VersionID: versionID}
		} else {
			err = BucketNotFound{Bucket: bucket}
		}
	case "XMinioInvalidObjectName":
		err = ObjectNameInvalid{}
	case "AccessDenied":
		err = PrefixAccessDenied{
			Bucket: bucket,
			Object: object,
		}
	case "XAmzContentSHA256Mismatch":
		err = hash.SHA256Mismatch{}
	case "NoSuchUpload":
		err = InvalidUploadID{}

		return
	}

	getObjectInfo := objectAPI.GetObjectInfo

	// Check for auth type to return S3 compatible error.
	// type to return the correct error (NoSuchKey vs AccessDenied)
	if s3Error := checkRequestAuthType(ctx, r, policy.GetObjectAction, bucket, object); s3Error != ErrNone {
		if getRequestAuthType(r) == authTypeAnonymous {
			// As per "Permission" section in

    public ActionResponse godHandPrologue(final ActionRuntime runtime) {
        try {
            return superGodHandPrologue(runtime);
        } catch (final UserRoleLoginException e) {
            activityHelper.accessDenied(getUserBean(), runtime.getRequestPath());
            return redirect(e.getActionClass());
        }
    }

    /**
     * Calls the parent's godHandPrologue method.
     * <p>

					Value:          float64(stat.ReplicatedCount),
					VariableLabels: map[string]string{"endpoint": stat.Endpoint},
				})

				if c, ok := stat.Failed.ErrCounts["AccessDenied"]; ok {
					ml = append(ml, MetricV2{
						Description:    getClusterRepCredentialErrorsMD(clusterMetricNamespace),
						Value:          float64(c),

        initialContext.put("host", "server.example.com");
        initialContext.put("port", 445);

        exception = new SmbOperationException(SmbOperationException.ErrorCode.ACCESS_DENIED, "Permission denied", null,
                SmbOperationException.RetryPolicy.DEFAULT, initialContext);

        // When
        exception.withContext("path", "/share/file.txt").withContext("user", "testuser");

                        true), HOST_NOT_FOUND("Host not found", ErrorCategory.NETWORK, false),

        // Authentication errors
        AUTHENTICATION_FAILED("Authentication failed", ErrorCategory.AUTHENTICATION, false), ACCESS_DENIED("Access denied",
                ErrorCategory.AUTHENTICATION, false), INVALID_CREDENTIALS("Invalid credentials", ErrorCategory.AUTHENTICATION,