This is for QPID-1297.

This commit adds ACL checks for creation and deletion of federation links.
The AclModule.h was modified to have a defaut value for params in the authorize method.


git-svn-id: https://svn.apache.org/repos/asf/incubator/qpid/trunk/qpid@700525 13f79535-47bb-0310-9956-ffa450edef68

1 files changed, 9 insertions, 0 deletions

diff --git a/cpp/src/qpid/broker/Link.cpp b/cpp/src/qpid/broker/Link.cpp
index f5a7f3a4c3..12cbf48986 100644
--- a/cpp/src/qpid/broker/Link.cpp
+++ b/cpp/src/qpid/broker/Link.cpp
@@ -26,10 +26,13 @@
 #include "qpid/agent/ManagementAgent.h"
 #include "boost/bind.hpp"
 #include "qpid/log/Statement.h"
+#include "qpid/framing/reply_exceptions.h"
+#include "AclModule.h"
 
 using namespace qpid::broker;
 using qpid::framing::Buffer;
 using qpid::framing::FieldTable;
+using qpid::framing::NotAllowedException;
 using qpid::management::ManagementAgent;
 using qpid::management::ManagementObject;
 using qpid::management::Manageable;
@@ -154,6 +157,12 @@ void Link::destroy ()
     Mutex::ScopedLock mutex(lock);
     Bridges toDelete;
 
+    AclModule* acl = getBroker()->getAcl();
+    std::string userID = getUsername() + "@" + getBroker()->getOptions().realm;
+    if (acl && !acl->authorise(userID,acl::DELETE,acl::LINK,"")){
+    	throw NotAllowedException("ACL denied delete link request");
+    }
+
     QPID_LOG (info, "Inter-broker link to " << host << ":" << port << " removed by management");
     if (connection)
         connection->close(403, "closed by management");