- Add support for ACL on message transfer

- Performance optimizations for ACL on message transfer



git-svn-id: https://svn.apache.org/repos/asf/incubator/qpid/trunk/qpid@681690 13f79535-47bb-0310-9956-ffa450edef68

1 files changed, 9 insertions, 1 deletions

diff --git a/cpp/src/qpid/broker/SemanticState.cpp b/cpp/src/qpid/broker/SemanticState.cpp
index 1cbde08630..484a406c3b 100644
--- a/cpp/src/qpid/broker/SemanticState.cpp
+++ b/cpp/src/qpid/broker/SemanticState.cpp
@@ -33,6 +33,7 @@
 #include "qpid/framing/MessageTransferBody.h"
 #include "qpid/log/Statement.h"
 #include "qpid/ptr_map.h"
+#include "AclModule.h"
 
 #include <boost/bind.hpp>
 #include <boost/format.hpp>
@@ -65,6 +66,7 @@ SemanticState::SemanticState(DeliveryAdapter& da, SessionContext& ss)
       outputTasks(ss)
 {
     outstanding.reset();
+    acl = getSession().getBroker().getAcl();
 }
 
 SemanticState::~SemanticState() {
@@ -258,7 +260,7 @@ SemanticState::ConsumerImpl::ConsumerImpl(SemanticState* _parent,
     blocked(true), 
     windowing(true), 
     msgCredit(0), 
-    byteCredit(0) {}
+    byteCredit(0){}
 
 OwnershipToken* SemanticState::ConsumerImpl::getSession()
 {
@@ -356,6 +358,12 @@ void SemanticState::route(intrusive_ptr<Message> msg, Deliverable& strategy) {
         cacheExchange = session.getBroker().getExchanges().get(exchangeName);
     }
 
+	if (acl && acl->doTransferAcl())
+	{
+	    if (!acl->authorise(getSession().getConnection().getUserId(),acl::PUBLISH,acl::EXCHANGE,exchangeName, msg->getRoutingKey() ))
+	        throw NotAllowedException("ACL denied exhange publish request");
+    }
+
     cacheExchange->route(strategy, msg->getRoutingKey(), msg->getApplicationHeaders());
 
     if (!strategy.delivered) {