diff options
author | Robert Godfrey <rgodfrey@apache.org> | 2014-02-21 01:15:30 +0000 |
---|---|---|
committer | Robert Godfrey <rgodfrey@apache.org> | 2014-02-21 01:15:30 +0000 |
commit | 7e6f4149a73c4347475caa362f50e4e97d697e2d (patch) | |
tree | a594a4ba22e59090ce699900f5a78d0c39eaac3a /qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/SecurityManager.java | |
parent | 344ca0282a94ff5dc364a25186593249bbd478d8 (diff) | |
download | qpid-python-7e6f4149a73c4347475caa362f50e4e97d697e2d.tar.gz |
QPID-5567 : Move acl checks into the objects being created
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk@1570411 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/SecurityManager.java')
-rwxr-xr-x | qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/SecurityManager.java | 54 |
1 files changed, 31 insertions, 23 deletions
diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/SecurityManager.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/SecurityManager.java index 85be4c6a3d..8dd8dda220 100755 --- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/SecurityManager.java +++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/SecurityManager.java @@ -20,15 +20,14 @@ package org.apache.qpid.server.security; import org.apache.log4j.Logger; +import org.apache.qpid.server.binding.Binding; +import org.apache.qpid.server.consumer.Consumer; import org.apache.qpid.server.exchange.Exchange; -import org.apache.qpid.server.model.AccessControlProvider; -import org.apache.qpid.server.model.Broker; -import org.apache.qpid.server.model.ConfigurationChangeListener; -import org.apache.qpid.server.model.ConfiguredObject; -import org.apache.qpid.server.model.State; +import org.apache.qpid.server.model.*; import org.apache.qpid.server.plugin.AccessControlFactory; import org.apache.qpid.server.plugin.QpidServiceLoader; +import org.apache.qpid.server.protocol.AMQConnectionModel; import org.apache.qpid.server.queue.AMQQueue; import org.apache.qpid.server.security.access.FileAccessControlProviderConstants; import org.apache.qpid.server.security.access.ObjectProperties; @@ -253,20 +252,24 @@ public class SecurityManager implements ConfigurationChangeListener return true; } - public void authoriseBind(final Exchange exch, final AMQQueue queue, final String routingKey) + public void authoriseCreateBinding(Binding binding) { + final Exchange exch = binding.getExchange(); + final AMQQueue queue = binding.getQueue(); + final String bindingKey = binding.getBindingKey(); + boolean allowed = checkAllPlugins(new AccessCheck() { Result allowed(AccessControl plugin) { - return plugin.authorise(BIND, EXCHANGE, new ObjectProperties(exch, queue, routingKey)); + return plugin.authorise(BIND, EXCHANGE, new ObjectProperties(exch, queue, bindingKey)); } }); if(!allowed) { - throw new AccessControlException("Permission denied: binding " + routingKey); + throw new AccessControlException("Permission denied: binding " + bindingKey); } } @@ -306,7 +309,7 @@ public class SecurityManager implements ConfigurationChangeListener } } - public void accessVirtualhost(final String vhostname) + public void authoriseCreateConnection(final AMQConnectionModel connection) { if(!checkAllPlugins(new AccessCheck() { @@ -316,12 +319,15 @@ public class SecurityManager implements ConfigurationChangeListener } })) { - throw new AccessControlException("Permission denied: " + vhostname); + throw new AccessControlException("Permission denied: " + connection.getVirtualHostName()); } } - public void authoriseConsume(final AMQQueue queue) + public void authoriseCreateConsumer(final Consumer consumer) { + // TODO + final AMQQueue queue = (AMQQueue) consumer.getMessageSource(); + if(!checkAllPlugins(new AccessCheck() { Result allowed(AccessControl plugin) @@ -334,20 +340,17 @@ public class SecurityManager implements ConfigurationChangeListener } } - public void authoriseCreateExchange(final Boolean autoDelete, - final Boolean durable, - final String exchangeName, - final Boolean internal, - final Boolean nowait, - final Boolean passive, - final String exchangeType) + public void authoriseCreateExchange(final Exchange exchange) { + final String exchangeName = exchange.getName(); if(!checkAllPlugins(new AccessCheck() { Result allowed(AccessControl plugin) { - return plugin.authorise(CREATE, EXCHANGE, new ObjectProperties(autoDelete, durable, exchangeName, - internal, nowait, passive, exchangeType)); + return plugin.authorise(CREATE, EXCHANGE, new ObjectProperties(exchange.isAutoDelete(), + exchange.isDurable(), + exchangeName, + exchange.getTypeName())); } })) { @@ -355,14 +358,18 @@ public class SecurityManager implements ConfigurationChangeListener } } - public void authoriseCreateQueue(final Boolean autoDelete, final Boolean durable, final Boolean exclusive, - final Boolean nowait, final Boolean passive, final String queueName, final String owner) + public void authoriseCreateQueue(final AMQQueue queue) { + final String queueName = queue.getName(); if(! checkAllPlugins(new AccessCheck() { Result allowed(AccessControl plugin) { - return plugin.authorise(CREATE, QUEUE, new ObjectProperties(autoDelete, durable, exclusive, nowait, passive, queueName, owner)); + return plugin.authorise(CREATE, QUEUE, new ObjectProperties(queue.getAttribute(Queue.LIFETIME_POLICY) != LifetimePolicy.PERMANENT, + Boolean.TRUE.equals(queue.getAttribute(Queue.DURABLE)), + queue.getAttribute(Queue.EXCLUSIVE) != ExclusivityPolicy.NONE, + queueName, + queue.getOwner())); } })) { @@ -370,6 +377,7 @@ public class SecurityManager implements ConfigurationChangeListener } } + public void authoriseDelete(final AMQQueue queue) { if(!checkAllPlugins(new AccessCheck() |