QPID-3544: ACL denials while replicating exclusive queues to a newly joined node.

Changes missed from previous commit.

git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@1182514 13f79535-47bb-0310-9956-ffa450edef68

4 files changed, 5 insertions, 9 deletions

diff --git a/cpp/src/qpid/broker/ConnectionHandler.cpp b/cpp/src/qpid/broker/ConnectionHandler.cpp
index 82b72d3f52..7cd91ae539 100644
--- a/cpp/src/qpid/broker/ConnectionHandler.cpp
+++ b/cpp/src/qpid/broker/ConnectionHandler.cpp
@@ -108,13 +108,10 @@ ConnectionHandler::ConnectionHandler(Connection& connection, bool isClient, bool
 
 ConnectionHandler::Handler::Handler(Connection& c, bool isClient, bool isShadow) :
     proxy(c.getOutput()),
-    connection(c), serverMode(!isClient), acl(0), secured(0),
+    connection(c), serverMode(!isClient), secured(0),
     isOpen(false)
 {
     if (serverMode) {
-
-    	acl =  connection.getBroker().getAcl();
-
         FieldTable properties;
         Array mechanisms(0x95);
 
@@ -168,6 +165,8 @@ void ConnectionHandler::Handler::startOk(const ConnectionStartOkBody& body)
         connection.setFederationPeerTag(clientProperties.getAsString(QPID_FED_TAG));
     }
     if (connection.isFederationLink()) {
+        AclModule* acl =  connection.getBroker().getAcl();
+        FieldTable properties;
     	if (acl && !acl->authorise(connection.getUserId(),acl::ACT_CREATE,acl::OBJ_LINK,"")){
             proxy.close(framing::connection::CLOSE_CODE_CONNECTION_FORCED,"ACL denied creating a federation link");
             return;
diff --git a/cpp/src/qpid/broker/ConnectionHandler.h b/cpp/src/qpid/broker/ConnectionHandler.h
index f3e7d7d21d..05c5f00c57 100644
--- a/cpp/src/qpid/broker/ConnectionHandler.h
+++ b/cpp/src/qpid/broker/ConnectionHandler.h
@@ -59,7 +59,6 @@ class ConnectionHandler : public framing::FrameHandler
         Connection& connection;
         bool serverMode;
         std::auto_ptr<SaslAuthenticator> authenticator;
-        AclModule* acl;
         SecureConnection* secured;
         bool isOpen;
 
diff --git a/cpp/src/qpid/broker/SemanticState.cpp b/cpp/src/qpid/broker/SemanticState.cpp
index 380ec656cb..fbcb21eab9 100644
--- a/cpp/src/qpid/broker/SemanticState.cpp
+++ b/cpp/src/qpid/broker/SemanticState.cpp
@@ -75,9 +75,7 @@ SemanticState::SemanticState(DeliveryAdapter& da, SessionContext& ss)
       userName(getSession().getConnection().getUserId().substr(0,getSession().getConnection().getUserId().find('@'))),
       isDefaultRealm(userID.find('@') != std::string::npos && getSession().getBroker().getOptions().realm == userID.substr(userID.find('@')+1,userID.size())),
       closeComplete(false)
-{
-    acl = getSession().getBroker().getAcl();
-}
+{}
 
 SemanticState::~SemanticState() {
     closed();
@@ -488,6 +486,7 @@ void SemanticState::route(intrusive_ptr<Message> msg, Deliverable& strategy) {
         throw UnauthorizedAccessException(QPID_MSG("authorised user id : " << userID << " but user id in message declared as " << id));
     }
 
+    AclModule* acl = getSession().getBroker().getAcl();
     if (acl && acl->doTransferAcl())
     {
         if (!acl->authorise(getSession().getConnection().getUserId(),acl::ACT_PUBLISH,acl::OBJ_EXCHANGE,exchangeName, msg->getRoutingKey() ))
diff --git a/cpp/src/qpid/broker/SemanticState.h b/cpp/src/qpid/broker/SemanticState.h
index 12ccc75f11..6d88dd56d9 100644
--- a/cpp/src/qpid/broker/SemanticState.h
+++ b/cpp/src/qpid/broker/SemanticState.h
@@ -165,7 +165,6 @@ class SemanticState : private boost::noncopyable {
     DtxBufferMap suspendedXids;
     framing::SequenceSet accumulatedAck;
     boost::shared_ptr<Exchange> cacheExchange;
-    AclModule* acl;
     const bool authMsg;
     const std::string userID;
     const std::string userName;