QPID-2616 Count and limit client connections.

Bug fix: use Connection.getUserId() and not getUsername() to identify user and upgrade selftest to match. Add comment to Connection.h to suggest the particular pitfall.



git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk@1333110 13f79535-47bb-0310-9956-ffa450edef68

3 files changed, 32 insertions, 15 deletions

diff --git a/qpid/cpp/src/qpid/acl/AclConnectionCounter.cpp b/qpid/cpp/src/qpid/acl/AclConnectionCounter.cpp
index 5a70c569a7..5d4e3c1544 100644
--- a/qpid/cpp/src/qpid/acl/AclConnectionCounter.cpp
+++ b/qpid/cpp/src/qpid/acl/AclConnectionCounter.cpp
@@ -104,7 +104,7 @@ void ConnectionCounter::releaseLH(
 //
 void ConnectionCounter::connection(broker::Connection& connection) {
     QPID_LOG(trace, "ACL ConnectionCounter connection IP:" << connection.getMgmtId()
-        << ", user:" << connection.getUsername());
+        << ", userId:" << connection.getUserId());
 
     Mutex::ScopedLock locker(dataLock);
 
@@ -117,11 +117,11 @@ void ConnectionCounter::connection(broker::Connection& connection) {
 //
 void ConnectionCounter::opened(broker::Connection& connection) {
     QPID_LOG(trace, "ACL ConnectionCounter Opened IP:" << connection.getMgmtId()
-        << ", user:" << connection.getUsername());
+        << ", userId:" << connection.getUserId());
 
     Mutex::ScopedLock locker(dataLock);
 
-    const std::string& userName(              connection.getUsername());
+    const std::string& userName(              connection.getUserId());
     const std::string& hostName(getClientHost(connection.getMgmtId()));
 
     // Bump state from CREATED to OPENED
@@ -157,7 +157,7 @@ void ConnectionCounter::opened(broker::Connection& connection) {
 //
 void ConnectionCounter::closed(broker::Connection& connection) {
     QPID_LOG(trace, "ACL ConnectionCounter Closed IP:" << connection.getMgmtId()
-        << ", user:" << connection.getUsername());
+        << ", userId:" << connection.getUserId());
 
     Mutex::ScopedLock locker(dataLock);
 
@@ -167,7 +167,7 @@ void ConnectionCounter::closed(broker::Connection& connection) {
             // Normal case: connection was created and opened.
             // Decrement in-use counts
             releaseLH(connectByNameMap,
-                      connection.getUsername(),
+                      connection.getUserId(),
                       nameLimit);
 
             releaseLH(connectByHostMap,
diff --git a/qpid/cpp/src/qpid/broker/Connection.h b/qpid/cpp/src/qpid/broker/Connection.h
index 858ab6f7f4..1b8bd83139 100644
--- a/qpid/cpp/src/qpid/broker/Connection.h
+++ b/qpid/cpp/src/qpid/broker/Connection.h
@@ -113,15 +113,20 @@ class Connection : public sys::ConnectionInputHandler,
     void requestIOProcessing (boost::function0<void>);
     void recordFromServer (const framing::AMQFrame& frame);
     void recordFromClient (const framing::AMQFrame& frame);
+
+    // gets for configured federation links
     std::string getAuthMechanism();
     std::string getAuthCredentials();
     std::string getUsername();
     std::string getPassword();
     std::string getHost();
     uint16_t    getPort();
+
     void notifyConnectionForced(const std::string& text);
     void setUserId(const std::string& uid);
     void raiseConnectEvent();
+
+    // credentials for connected client
     const std::string& getUserId() const { return ConnectionState::getUserId(); }
     const std::string& getMgmtId() const { return mgmtId; }
     management::ManagementAgent* getAgent() const { return agent; }
diff --git a/qpid/cpp/src/tests/acl.py b/qpid/cpp/src/tests/acl.py
index 9b170c16f5..720b3b4216 100755
--- a/qpid/cpp/src/tests/acl.py
+++ b/qpid/cpp/src/tests/acl.py
@@ -1518,29 +1518,41 @@ class ACLTests(TestBase010):
         """
         # By username should be able to connect twice per user
         try:
-            sessiona1 = self.get_session_by_port('anonymous','anonymous', self.port_u())
-            sessiona2 = self.get_session_by_port('anonymous','anonymous', self.port_u())
+            sessiona1 = self.get_session_by_port('alice','alice', self.port_u())
+            sessiona2 = self.get_session_by_port('alice','alice', self.port_u())
         except Exception, e:
-            self.fail("Could not create two connections per user: " + str(e))
+            self.fail("Could not create two connections for user alice: " + str(e))
 
         # Third session should fail
         try:
-            sessiona3 = self.get_session_by_port('anonymous','anonymous', self.port_u())
-            self.fail("Should not be able to create third connection")
+            sessiona3 = self.get_session_by_port('alice','alice', self.port_u())
+            self.fail("Should not be able to create third connection for user alice")
+        except Exception, e:
+            result = None
+
+        try:
+            sessionb1 = self.get_session_by_port('bob','bob', self.port_u())
+            sessionb2 = self.get_session_by_port('bob','bob', self.port_u())
+        except Exception, e:
+            self.fail("Could not create two connections for user bob: " + str(e))
+
+        try:
+            sessionb3 = self.get_session_by_port('bob','bob', self.port_u())
+            self.fail("Should not be able to create third connection for user bob")
         except Exception, e:
             result = None
 
         # By IP address should be able to connect twice per client address
         try:
-            sessionb1 = self.get_session_by_port('anonymous','anonymous', self.port_i())
-            sessionb2 = self.get_session_by_port('anonymous','anonymous', self.port_i())
+            sessionb1 = self.get_session_by_port('alice','alice', self.port_i())
+            sessionb2 = self.get_session_by_port('bob','bob', self.port_i())
         except Exception, e:
-            self.fail("Could not create two connections per user: " + str(e))
+            self.fail("Could not create two connections for client address: " + str(e))
 
         # Third session should fail
         try:
-            sessionb3 = self.get_session_by_port('anonymous','anonymous', self.port_i())
-            self.fail("Should not be able to create third connection")
+            sessionb3 = self.get_session_by_port('charlie','charlie', self.port_i())
+            self.fail("Should not be able to create third connection for client address")
         except Exception, e:
             result = None