Removed the --enforce-acl option. Instead if a policy file is specified acl will be enabled.

Also removed Route from the Object list and did a bit of code cleanup. git-svn-id: https://svn.apache.org/repos/asf/incubator/qpid/trunk/qpid@711957 13f79535-47bb-0310-9956-ffa450edef68
author: Rajith Muditha Attapattu <rajith@apache.org> 2008-11-06 20:07:14 +0000
committer: Rajith Muditha Attapattu <rajith@apache.org> 2008-11-06 20:07:14 +0000
commit: e1132d45340a4d1c91648cac856803428d2a60f4 (patch)
tree: 5109e258e838c67371d762fd73240f777efa2c50 /cpp
parent: ee4d8230649fa7ebb5a8688b7a5fdc7da519f1f7 (diff)
download: qpid-python-e1132d45340a4d1c91648cac856803428d2a60f4.tar.gz
5 files changed, 24 insertions, 39 deletions
diff --git a/cpp/src/qpid/acl/Acl.cpp b/cpp/src/qpid/acl/Acl.cpp
index ff1d4b066b..238ab9df6c 100644
--- a/cpp/src/qpid/acl/Acl.cpp
+++ b/cpp/src/qpid/acl/Acl.cpp
@@ -64,28 +64,26 @@ Acl::Acl (AclValues& av, broker::Broker& b): aclValues(av), broker(&b), transfer
 
    bool Acl::authorise(const std::string& id, const Action& action, const ObjectType& objType, const std::string& name, std::map<Property, std::string>* params)
    {
-      if (!aclValues.enforce) return true;
       boost::shared_ptr<AclData> dataLocal = data;  //rcu copy
-      
-      // add real ACL check here... 
+
+      // add real ACL check here...
       AclResult aclreslt = dataLocal->lookup(id,action,objType,name,params);
-	  
-	  
-	  return result(aclreslt, id, action, objType, name); 
+
+
+	  return result(aclreslt, id, action, objType, name);
    }
 
    bool Acl::authorise(const std::string& id, const Action& action, const ObjectType& objType, const std::string& ExchangeName, const std::string& RoutingKey)
    {
-      if (!aclValues.enforce) return true;
       boost::shared_ptr<AclData> dataLocal = data;  //rcu copy
-      
+
       // only use dataLocal here...
-      AclResult aclreslt = dataLocal->lookup(id,action,objType,ExchangeName,RoutingKey);  
-	  
-	  return result(aclreslt, id, action, objType, ExchangeName); 
+      AclResult aclreslt = dataLocal->lookup(id,action,objType,ExchangeName,RoutingKey);
+
+	  return result(aclreslt, id, action, objType, ExchangeName);
    }
 
-   
+
    bool Acl::result(const AclResult& aclreslt, const std::string& id, const Action& action, const ObjectType& objType, const std::string& name)
    {
 	  switch (aclreslt)
diff --git a/cpp/src/qpid/acl/Acl.h b/cpp/src/qpid/acl/Acl.h
index 72a44a5450..2a522bc56d 100644
--- a/cpp/src/qpid/acl/Acl.h
+++ b/cpp/src/qpid/acl/Acl.h
@@ -42,10 +42,7 @@ class Broker;
 namespace acl {
 
 struct AclValues {
-	bool enforce;
-    std::string aclFile;
-
-    AclValues() {enforce = false; aclFile = "policy.acl"; }
+	std::string aclFile;
 };
 
 
diff --git a/cpp/src/qpid/acl/AclPlugin.cpp b/cpp/src/qpid/acl/AclPlugin.cpp
index 6f20ea09be..ffba8d44cf 100644
--- a/cpp/src/qpid/acl/AclPlugin.cpp
+++ b/cpp/src/qpid/acl/AclPlugin.cpp
@@ -36,13 +36,11 @@ using namespace std;
  *  New boost allows a shared_ptr but that's not compatible with old boost.
  */
 struct AclOptions : public Options {
-    AclValues& values; 
+    AclValues& values;
 
     AclOptions(AclValues& v) : Options("ACL Options"), values(v) {
         addOptions()
-            ("enforce-acl", optValue(values.enforce), "Enforce ACL")
-            ("acl-file", optValue(values.aclFile, "FILE"), "The policy file to load from, loaded from data dir")
-            ;
+            ("acl-file", optValue(values.aclFile, "FILE"), "The policy file to load from, loaded from data dir");
     }
 };
 
@@ -51,20 +49,22 @@ struct AclPlugin : public Plugin {
     AclValues values;
     AclOptions options;
     boost::intrusive_ptr<Acl> acl;
-    
+
     AclPlugin() : options(values) {}
 
     Options* getOptions() { return &options; }
 
     void init(broker::Broker& b) {
-        if (!values.enforce){
-		    QPID_LOG(info, "ACL Disabled, no ACL checking being done.");
-			return;  
-		}
-        if (acl) throw Exception("ACL plugin cannot be initialized twice in one process.");
+        if (values.aclFile.empty()){
+            QPID_LOG(info, "Policy file not specified. ACL Disabled, no ACL checking being done!");
+        	return;
+        }
+
+    	if (acl) throw Exception("ACL plugin cannot be initialized twice in one process.");
         std::ostringstream oss;
         oss << b.getDataDir().getPath() << "/" << values.aclFile;
         values.aclFile = oss.str();
+
         acl = new Acl(values, b);
 		b.setAcl(acl.get());
         b.addFinalizer(boost::bind(&AclPlugin::shutdown, this));
diff --git a/cpp/src/qpid/broker/AclModule.h b/cpp/src/qpid/broker/AclModule.h
index 92dac50220..4bb6ca12b4 100644
--- a/cpp/src/qpid/broker/AclModule.h
+++ b/cpp/src/qpid/broker/AclModule.h
@@ -33,7 +33,7 @@ namespace qpid {
 
 namespace acl {
 
-enum ObjectType {OBJ_QUEUE, OBJ_EXCHANGE, OBJ_BROKER, OBJ_LINK, OBJ_ROUTE,
+enum ObjectType {OBJ_QUEUE, OBJ_EXCHANGE, OBJ_BROKER, OBJ_LINK,
                  OBJ_METHOD, OBJECTSIZE}; // OBJECTSIZE must be last in list
 enum Action {ACT_CONSUME, ACT_PUBLISH, ACT_CREATE, ACT_ACCESS, ACT_BIND,
              ACT_UNBIND, ACT_DELETE, ACT_PURGE, ACT_UPDATE,
@@ -79,7 +79,6 @@ class AclHelper {
         if (str.compare("exchange") == 0) return OBJ_EXCHANGE;
         if (str.compare("broker") == 0) return OBJ_BROKER;
         if (str.compare("link") == 0) return OBJ_LINK;
-        if (str.compare("route") == 0) return OBJ_ROUTE;
         if (str.compare("method") == 0) return OBJ_METHOD;
         throw str;
     }
@@ -89,7 +88,6 @@ class AclHelper {
           case OBJ_EXCHANGE: return "exchange";
           case OBJ_BROKER: return "broker";
           case OBJ_LINK: return "link";
-          case OBJ_ROUTE: return "route";
           case OBJ_METHOD: return "method";
           default: assert(false); // should never get here
         }
@@ -237,16 +235,8 @@ class AclHelper {
 
         actionMapPtr a2(new actionMap);
         a2->insert(actionPair(ACT_CREATE,  p0));
-        
-        map->insert(objectPair(OBJ_LINK, a2));
-
-        // == Route ==
 
-        actionMapPtr a3(new actionMap);
-        a3->insert(actionPair(ACT_CREATE,  p0));
-        a3->insert(actionPair(ACT_DELETE,  p0));
-        
-        map->insert(objectPair(OBJ_ROUTE, a3));
+        map->insert(objectPair(OBJ_LINK, a2));
 
         // == Method ==
 
diff --git a/cpp/src/tests/run_acl_tests b/cpp/src/tests/run_acl_tests
index 11186961b8..0cf673228a 100755
--- a/cpp/src/tests/run_acl_tests
+++ b/cpp/src/tests/run_acl_tests
@@ -7,7 +7,7 @@ DATA_DIR=`pwd`/data_dir
 trap stop_brokers INT TERM QUIT
 
 start_brokers() {
-    ../qpidd --daemon --port 0 --no-module-dir --data-dir $DATA_DIR --load-module ../.libs/acl.so --enforce-acl --auth no > qpidd.port
+    ../qpidd --daemon --port 0 --no-module-dir --data-dir $DATA_DIR --load-module ../.libs/acl.so --acl-file policy.acl --auth no > qpidd.port
     LOCAL_PORT=`cat qpidd.port`
 }
author	Rajith Muditha Attapattu <rajith@apache.org>	2008-11-06 20:07:14 +0000
committer	Rajith Muditha Attapattu <rajith@apache.org>	2008-11-06 20:07:14 +0000
commit	e1132d45340a4d1c91648cac856803428d2a60f4 (patch)
tree	5109e258e838c67371d762fd73240f777efa2c50 /cpp
parent	ee4d8230649fa7ebb5a8688b7a5fdc7da519f1f7 (diff)
download	qpid-python-e1132d45340a4d1c91648cac856803428d2a60f4.tar.gz