From d8d247cf054414af090e6d2a9dbb5a299158bb69 Mon Sep 17 00:00:00 2001 From: "Charles E. Rolke" Date: Mon, 8 Apr 2013 18:40:34 +0000 Subject: QPID-4727:C++ Broker ACL keyword to reference default exchange. git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk@1465719 13f79535-47bb-0310-9956-ffa450edef68 --- qpid/cpp/src/qpid/acl/AclData.cpp | 10 ++++++++-- qpid/cpp/src/qpid/acl/AclData.h | 6 +++++- qpid/cpp/src/qpid/acl/AclReader.cpp | 2 ++ qpid/cpp/src/tests/acl.py | 11 +++++++++++ 4 files changed, 26 insertions(+), 3 deletions(-) diff --git a/qpid/cpp/src/qpid/acl/AclData.cpp b/qpid/cpp/src/qpid/acl/AclData.cpp index 922f65ba69..847b67cb58 100644 --- a/qpid/cpp/src/qpid/acl/AclData.cpp +++ b/qpid/cpp/src/qpid/acl/AclData.cpp @@ -39,6 +39,7 @@ namespace acl { const char AclData::ACL_SYMBOL_WILDCARD = '*'; const std::string AclData::ACL_KEYWORD_WILDCARD = "*"; const char AclData::ACL_SYMBOL_LINE_CONTINUATION = '\\'; + const std::string AclData::ACL_KEYWORD_DEFAULT_EXCHANGE = "amq.default"; // // constructor @@ -432,7 +433,13 @@ namespace acl { std::string sName(rsItr->pubExchName); substituteUserId(sName, id); result = matchProp(sName, name); - } else { + } + else if (rsItr->pubExchNameMatchesBlank) + { + result = name.empty(); + } + else + { result = matchProp(rsItr->pubExchName, name); } @@ -441,7 +448,6 @@ namespace acl { QPID_LOG(debug, "ACL: Rule: " << rsItr->rawRuleNum << " lookup exchange name '" << name << "' matched with rule name '" << rsItr->pubExchName << "'"); - } else { diff --git a/qpid/cpp/src/qpid/acl/AclData.h b/qpid/cpp/src/qpid/acl/AclData.h index c561b95e09..cd41e6d315 100644 --- a/qpid/cpp/src/qpid/acl/AclData.h +++ b/qpid/cpp/src/qpid/acl/AclData.h @@ -56,11 +56,13 @@ public: int rawRuleNum; // rule number in ACL file qpid::acl::AclResult ruleMode; // combined allow/deny log/nolog - specPropertyMap props; // + specPropertyMap props; // properties to be matched + // pubXxx for publish exchange fastpath bool pubRoutingKeyInRule; std::string pubRoutingKey; boost::shared_ptr pTTest; bool pubExchNameInRule; + bool pubExchNameMatchesBlank; std::string pubExchName; std::vector ruleHasUserSub; @@ -72,6 +74,7 @@ public: pubRoutingKey(), pTTest(boost::shared_ptr(new topicTester())), pubExchNameInRule(false), + pubExchNameMatchesBlank(false), pubExchName(), ruleHasUserSub(PROPERTYSIZE, false) {} @@ -148,6 +151,7 @@ public: static const char ACL_SYMBOL_WILDCARD; static const std::string ACL_KEYWORD_WILDCARD; static const char ACL_SYMBOL_LINE_CONTINUATION; + static const std::string ACL_KEYWORD_DEFAULT_EXCHANGE; void substituteString(std::string& targetString, const std::string& placeholder, diff --git a/qpid/cpp/src/qpid/acl/AclReader.cpp b/qpid/cpp/src/qpid/acl/AclReader.cpp index 1fd5445b52..8f2e6f1fad 100644 --- a/qpid/cpp/src/qpid/acl/AclReader.cpp +++ b/qpid/cpp/src/qpid/acl/AclReader.cpp @@ -17,6 +17,7 @@ */ #include "qpid/acl/AclReader.h" +#include "qpid/acl/AclData.h" #include #include @@ -141,6 +142,7 @@ namespace acl { { rule.pubExchNameInRule = true; rule.pubExchName = pItr->second; + rule.pubExchNameMatchesBlank = rule.pubExchName.compare(AclData::ACL_KEYWORD_DEFAULT_EXCHANGE) == 0; } } } diff --git a/qpid/cpp/src/tests/acl.py b/qpid/cpp/src/tests/acl.py index 94ede22783..a8861db170 100755 --- a/qpid/cpp/src/tests/acl.py +++ b/qpid/cpp/src/tests/acl.py @@ -1532,6 +1532,7 @@ class ACLTests(TestBase010): aclf.write('acl deny bob@QPID publish exchange name=amq.direct routingkey=rk1\n') aclf.write('acl deny bob@QPID publish exchange name=amq.topic\n') aclf.write('acl deny bob@QPID publish exchange name=myEx routingkey=rk2\n') + aclf.write("acl deny bob@QPID publish exchange name=amq.default routingkey=restricted\n") aclf.write('acl allow all all') aclf.close() @@ -1572,6 +1573,10 @@ class ACLTests(TestBase010): if (403 == e.args[0].error_code): self.fail("ACL should allow message transfer to exchange amq.direct with routing key rk2"); + self.LookupPublish("bob@QPID", "", "restricted", "deny") + self.LookupPublish("bob@QPID", "", "another", "allow") + self.LookupPublish("joe@QPID", "", "restricted", "allow") + def test_publish_acl_deny_mode(self): """ @@ -1582,6 +1587,7 @@ class ACLTests(TestBase010): aclf.write('acl allow bob@QPID publish exchange name=amq.topic\n') aclf.write('acl allow bob@QPID publish exchange name=myEx routingkey=rk2\n') aclf.write('acl allow bob@QPID create exchange\n') + aclf.write("acl allow bob@QPID publish exchange name=amq.default routingkey=unrestricted\n") aclf.write('acl allow anonymous all all \n') aclf.write('acl deny all all') aclf.close() @@ -1629,6 +1635,11 @@ class ACLTests(TestBase010): if (403 == e.args[0].error_code): self.fail("ACL should allow message transfer to exchange amq.direct with routing key rk1"); + self.LookupPublish("bob@QPID", "", "unrestricted", "allow") + self.LookupPublish("bob@QPID", "", "another", "deny") + self.LookupPublish("joe@QPID", "", "unrestricted", "deny") + + #===================================== # ACL broker configuration tests #===================================== -- cgit v1.2.1