QPID-4712: authorisation for AMQP 1.0 connections

git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk@1496466 13f79535-47bb-0310-9956-ffa450edef68

1 files changed, 27 insertions, 1 deletions

diff --git a/qpid/cpp/src/qpid/broker/amqp/Incoming.cpp b/qpid/cpp/src/qpid/broker/amqp/Incoming.cpp
index 14614b0b87..119d05af60 100644
--- a/qpid/cpp/src/qpid/broker/amqp/Incoming.cpp
+++ b/qpid/cpp/src/qpid/broker/amqp/Incoming.cpp
@@ -19,8 +19,10 @@
  *
  */
 #include "Incoming.h"
+#include "Exception.h"
 #include "Message.h"
 #include "Session.h"
+#include "qpid/amqp/descriptors.h"
 #include "qpid/broker/AsyncCompletion.h"
 #include "qpid/broker/Message.h"
 
@@ -60,6 +62,30 @@ void Incoming::wakeup()
 {
     session.wakeup();
 }
+
+void Incoming::verify(const std::string& u, const std::string& r)
+{
+    userid.init(u, r);
+}
+
+Incoming::UserId::UserId() : inDefaultRealm(false) {}
+void Incoming::UserId::init(const std::string& u, const std::string& defaultRealm)
+{
+    userid = u;
+    size_t at = userid.find('@');
+    if (at != std::string::npos) {
+        unqualified = userid.substr(0, at);
+        inDefaultRealm = defaultRealm == userid.substr(at+1);
+    }
+}
+void Incoming::UserId::verify(const std::string& claimed)
+{
+    if(!userid.empty() && !claimed.empty() && userid != claimed && !(inDefaultRealm && claimed == unqualified)) {
+        throw Exception(qpid::amqp::error_conditions::NOT_ALLOWED, QPID_MSG("Authenticated user id is " << userid << " but user id in message declared as " << claimed));
+    }
+}
+
+
 namespace {
     class Transfer : public qpid::broker::AsyncCompletion::Callback
     {
@@ -89,7 +115,7 @@ void DecodingIncoming::readable(pn_delivery_t* delivery)
     pn_link_advance(link);
 
     qpid::broker::Message message(received, received);
-
+    userid.verify(message.getUserId());
     handle(message);
     --window;
     received->begin();