- Add support for ACL on message transfer

- Performance optimizations for ACL on message transfer



git-svn-id: https://svn.apache.org/repos/asf/incubator/qpid/trunk/qpid@681690 13f79535-47bb-0310-9956-ffa450edef68

2 files changed, 33 insertions, 8 deletions

diff --git a/cpp/src/qpid/acl/Acl.cpp b/cpp/src/qpid/acl/Acl.cpp
index 7fceba8b1a..9f6917a006 100644
--- a/cpp/src/qpid/acl/Acl.cpp
+++ b/cpp/src/qpid/acl/Acl.cpp
@@ -34,7 +34,7 @@ namespace acl {
 
 using namespace std;
 
-   Acl::Acl (AclValues& av, broker::Broker& b): aclValues(av), broker(&b)
+   Acl::Acl (AclValues& av, broker::Broker& b): aclValues(av), broker(&b), transferAcl(false)
    {
        if (!readAclFile()) throw Exception("Could not read ACL file");
 	   QPID_LOG(info, "ACL Plugin loaded");
@@ -76,6 +76,24 @@ using namespace std;
       // add real ACL check here... 
       AclResult aclreslt = ALLOWLOG;  // hack to test, set based on real decision.
 	  
+	  
+	  return result(aclreslt, id, action, objType, name); 
+   }
+
+   bool Acl::authorise(std::string id, acl::Action action, acl::ObjectType objType, std::string ExchangeName, std::string /*RoutingKey*/)
+   {
+      if (aclValues.noEnforce) return true;
+   
+      // add real ACL check here... 
+      AclResult aclreslt = ALLOWLOG;  // hack to test, set based on real decision.
+	  
+	  
+	  return result(aclreslt, id, action, objType, ExchangeName); 
+   }
+
+   
+   bool Acl::result(AclResult aclreslt, std::string id, acl::Action action, acl::ObjectType objType, std::string name)
+   {
 	  switch (aclreslt)
 	  {
 	  case ALLOWLOG:
@@ -89,12 +107,13 @@ using namespace std;
 	      QPID_LOG(info, "ACL Deny id:" << id << " action:" << printAction(action) << " ObjectType:" << printObjType(objType) << " Name:" << name);  
 	      return false;
 	  }
-   
       return false;  
    }
-   
+      
    bool Acl::readAclFile()
    {
+      // only set transferAcl = true if a rule implies the use of ACL on transfer, else keep false for permormance reasons.
+   
    
       return true;
    }
diff --git a/cpp/src/qpid/acl/Acl.h b/cpp/src/qpid/acl/Acl.h
index 98400eb33d..f460fb0c5e 100644
--- a/cpp/src/qpid/acl/Acl.h
+++ b/cpp/src/qpid/acl/Acl.h
@@ -48,22 +48,28 @@ struct AclValues {
 class Acl : public broker::AclModule, public RefCounted 
 {
 
+private:
+   acl::AclValues aclValues;
+   broker::Broker* broker;
+   bool transferAcl;
+
+
 public:
    Acl (AclValues& av, broker::Broker& b);
 
    void initialize();
    
-   virtual bool authorise(std::string id, acl::Action action, acl::ObjectType objType, std::string name, std::map<std::string, std::string>* params);
+   inline virtual bool doTransferAcl() {return transferAcl;};
+   
    // create specilied authorise methods for cases that need faster matching as needed.
+   virtual bool authorise(std::string id, acl::Action action, acl::ObjectType objType, std::string name, std::map<std::string, std::string>* params);
+   virtual bool authorise(std::string id, acl::Action action, acl::ObjectType objType, std::string ExchangeName, std::string RoutingKey);
 
    virtual ~Acl();
 private:
    std::string printAction(acl::Action action);
    std::string printObjType(acl::ObjectType objType);
-
-   acl::AclValues aclValues;
-   broker::Broker* broker;
-   
+   bool result(AclResult aclreslt, std::string id, acl::Action action, acl::ObjectType objType, std::string name);
    bool readAclFile();
       
 };