diff options
| author | Rajith Muditha Attapattu <rajith@apache.org> | 2008-11-06 20:07:14 +0000 |
|---|---|---|
| committer | Rajith Muditha Attapattu <rajith@apache.org> | 2008-11-06 20:07:14 +0000 |
| commit | e1132d45340a4d1c91648cac856803428d2a60f4 (patch) | |
| tree | 5109e258e838c67371d762fd73240f777efa2c50 /cpp/src/qpid/acl | |
| parent | ee4d8230649fa7ebb5a8688b7a5fdc7da519f1f7 (diff) | |
| download | qpid-python-e1132d45340a4d1c91648cac856803428d2a60f4.tar.gz | |
Removed the --enforce-acl option. Instead if a policy file is specified acl will be enabled.
Also removed Route from the Object list and did a bit of code cleanup.
git-svn-id: https://svn.apache.org/repos/asf/incubator/qpid/trunk/qpid@711957 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'cpp/src/qpid/acl')
| -rw-r--r-- | cpp/src/qpid/acl/Acl.cpp | 22 | ||||
| -rw-r--r-- | cpp/src/qpid/acl/Acl.h | 5 | ||||
| -rw-r--r-- | cpp/src/qpid/acl/AclPlugin.cpp | 20 |
3 files changed, 21 insertions, 26 deletions
diff --git a/cpp/src/qpid/acl/Acl.cpp b/cpp/src/qpid/acl/Acl.cpp index ff1d4b066b..238ab9df6c 100644 --- a/cpp/src/qpid/acl/Acl.cpp +++ b/cpp/src/qpid/acl/Acl.cpp @@ -64,28 +64,26 @@ Acl::Acl (AclValues& av, broker::Broker& b): aclValues(av), broker(&b), transfer bool Acl::authorise(const std::string& id, const Action& action, const ObjectType& objType, const std::string& name, std::map<Property, std::string>* params) { - if (!aclValues.enforce) return true; boost::shared_ptr<AclData> dataLocal = data; //rcu copy - - // add real ACL check here... + + // add real ACL check here... AclResult aclreslt = dataLocal->lookup(id,action,objType,name,params); - - - return result(aclreslt, id, action, objType, name); + + + return result(aclreslt, id, action, objType, name); } bool Acl::authorise(const std::string& id, const Action& action, const ObjectType& objType, const std::string& ExchangeName, const std::string& RoutingKey) { - if (!aclValues.enforce) return true; boost::shared_ptr<AclData> dataLocal = data; //rcu copy - + // only use dataLocal here... - AclResult aclreslt = dataLocal->lookup(id,action,objType,ExchangeName,RoutingKey); - - return result(aclreslt, id, action, objType, ExchangeName); + AclResult aclreslt = dataLocal->lookup(id,action,objType,ExchangeName,RoutingKey); + + return result(aclreslt, id, action, objType, ExchangeName); } - + bool Acl::result(const AclResult& aclreslt, const std::string& id, const Action& action, const ObjectType& objType, const std::string& name) { switch (aclreslt) diff --git a/cpp/src/qpid/acl/Acl.h b/cpp/src/qpid/acl/Acl.h index 72a44a5450..2a522bc56d 100644 --- a/cpp/src/qpid/acl/Acl.h +++ b/cpp/src/qpid/acl/Acl.h @@ -42,10 +42,7 @@ class Broker; namespace acl { struct AclValues { - bool enforce; - std::string aclFile; - - AclValues() {enforce = false; aclFile = "policy.acl"; } + std::string aclFile; }; diff --git a/cpp/src/qpid/acl/AclPlugin.cpp b/cpp/src/qpid/acl/AclPlugin.cpp index 6f20ea09be..ffba8d44cf 100644 --- a/cpp/src/qpid/acl/AclPlugin.cpp +++ b/cpp/src/qpid/acl/AclPlugin.cpp @@ -36,13 +36,11 @@ using namespace std; * New boost allows a shared_ptr but that's not compatible with old boost. */ struct AclOptions : public Options { - AclValues& values; + AclValues& values; AclOptions(AclValues& v) : Options("ACL Options"), values(v) { addOptions() - ("enforce-acl", optValue(values.enforce), "Enforce ACL") - ("acl-file", optValue(values.aclFile, "FILE"), "The policy file to load from, loaded from data dir") - ; + ("acl-file", optValue(values.aclFile, "FILE"), "The policy file to load from, loaded from data dir"); } }; @@ -51,20 +49,22 @@ struct AclPlugin : public Plugin { AclValues values; AclOptions options; boost::intrusive_ptr<Acl> acl; - + AclPlugin() : options(values) {} Options* getOptions() { return &options; } void init(broker::Broker& b) { - if (!values.enforce){ - QPID_LOG(info, "ACL Disabled, no ACL checking being done."); - return; - } - if (acl) throw Exception("ACL plugin cannot be initialized twice in one process."); + if (values.aclFile.empty()){ + QPID_LOG(info, "Policy file not specified. ACL Disabled, no ACL checking being done!"); + return; + } + + if (acl) throw Exception("ACL plugin cannot be initialized twice in one process."); std::ostringstream oss; oss << b.getDataDir().getPath() << "/" << values.aclFile; values.aclFile = oss.str(); + acl = new Acl(values, b); b.setAcl(acl.get()); b.addFinalizer(boost::bind(&AclPlugin::shutdown, this)); |