This is for QPID-1297.

This commit adds ACL checks for creation and deletion of federation links.
The AclModule.h was modified to have a defaut value for params in the authorize method.


git-svn-id: https://svn.apache.org/repos/asf/incubator/qpid/trunk/qpid@700525 13f79535-47bb-0310-9956-ffa450edef68

1 files changed, 10 insertions, 2 deletions

diff --git a/cpp/src/qpid/broker/ConnectionHandler.cpp b/cpp/src/qpid/broker/ConnectionHandler.cpp
index 7281fb53c6..fae4992270 100644
--- a/cpp/src/qpid/broker/ConnectionHandler.cpp
+++ b/cpp/src/qpid/broker/ConnectionHandler.cpp
@@ -28,6 +28,7 @@
 #include "qpid/framing/ServerInvoker.h"
 #include "qpid/framing/enum.h"
 #include "qpid/log/Statement.h"
+#include "AclModule.h"
 
 using namespace qpid;
 using namespace qpid::broker;
@@ -72,9 +73,12 @@ ConnectionHandler::ConnectionHandler(Connection& connection, bool isClient)  : h
 
 ConnectionHandler::Handler::Handler(Connection& c, bool isClient) :
     client(c.getOutput()), server(c.getOutput()),
-    connection(c), serverMode(!isClient)
+    connection(c), serverMode(!isClient), acl(0)
 {
     if (serverMode) {
+
+    	acl =  connection.getBroker().getAcl();
+
         FieldTable properties;
         Array mechanisms(0x95);
 
@@ -100,7 +104,11 @@ void ConnectionHandler::Handler::startOk(const framing::FieldTable& clientProper
     authenticator->start(mechanism, response);
     connection.setFederationLink(clientProperties.get(QPID_FED_LINK));
     if (connection.isFederationLink()){
-		QPID_LOG(info, "Connection is a federation link");
+    	if (acl && !acl->authorise(connection.getUserId(),acl::CREATE,acl::LINK,"")){
+             client.close(framing::connection::CLOSE_CODE_CONNECTION_FORCED,"ACL denied creating a federation link");
+    	      return;
+	}
+	QPID_LOG(info, "Connection is a federation link");
     }
 }