diff options
-rw-r--r-- | qpid/cpp/src/qpid/broker/SemanticState.cpp | 7 | ||||
-rw-r--r-- | qpid/cpp/src/qpid/broker/SemanticState.h | 1 |
2 files changed, 5 insertions, 3 deletions
diff --git a/qpid/cpp/src/qpid/broker/SemanticState.cpp b/qpid/cpp/src/qpid/broker/SemanticState.cpp index 4502ff9f32..e9b6aad967 100644 --- a/qpid/cpp/src/qpid/broker/SemanticState.cpp +++ b/qpid/cpp/src/qpid/broker/SemanticState.cpp @@ -70,7 +70,8 @@ SemanticState::SemanticState(DeliveryAdapter& da, SessionContext& ss) tagGenerator("sgen"), dtxSelected(false), authMsg(getSession().getBroker().getOptions().auth && !getSession().getConnection().isFederationLink()), - userID(getSession().getConnection().getUserId()) + userID(getSession().getConnection().getUserId()), + defaultRealm(getSession().getBroker().getOptions().realm) { acl = getSession().getBroker().getAcl(); } @@ -429,7 +430,7 @@ void SemanticState::route(intrusive_ptr<Message> msg, Deliverable& strategy) { std::string id = msg->hasProperties<MessageProperties>() ? msg->getProperties<MessageProperties>()->getUserId() : nullstring; - if (authMsg && !id.empty() && id != userID ) + if (authMsg && !id.empty() && id != userID && id.append("@").append(defaultRealm) != userID) { QPID_LOG(debug, "authorised user id : " << userID << " but user id in message declared as " << id); throw UnauthorizedAccessException(QPID_MSG("authorised user id : " << userID << " but user id in message declared as " << id)); @@ -438,7 +439,7 @@ void SemanticState::route(intrusive_ptr<Message> msg, Deliverable& strategy) { if (acl && acl->doTransferAcl()) { if (!acl->authorise(getSession().getConnection().getUserId(),acl::ACT_PUBLISH,acl::OBJ_EXCHANGE,exchangeName, msg->getRoutingKey() )) - throw NotAllowedException(QPID_MSG(getSession().getConnection().getUserId() << " cannot publish to " << + throw NotAllowedException(QPID_MSG(userID << " cannot publish to " << exchangeName << " with routing-key " << msg->getRoutingKey())); } diff --git a/qpid/cpp/src/qpid/broker/SemanticState.h b/qpid/cpp/src/qpid/broker/SemanticState.h index 99f793c1fc..e5e3f909f1 100644 --- a/qpid/cpp/src/qpid/broker/SemanticState.h +++ b/qpid/cpp/src/qpid/broker/SemanticState.h @@ -156,6 +156,7 @@ class SemanticState : private boost::noncopyable { AclModule* acl; const bool authMsg; const string userID; + const string defaultRealm; void route(boost::intrusive_ptr<Message> msg, Deliverable& strategy); void checkDtxTimeout(); |