diff options
| author | Carl C. Trieloff <cctrieloff@apache.org> | 2008-08-01 13:40:56 +0000 |
|---|---|---|
| committer | Carl C. Trieloff <cctrieloff@apache.org> | 2008-08-01 13:40:56 +0000 |
| commit | 34ba8277044906749d400205f4f56fc24375ae22 (patch) | |
| tree | 6ec3bb69f16820ba734d35fb1457ffe524002f8a /cpp/src/qpid/broker | |
| parent | 76a64b149db18ce1a81b9f34b7a34dde1524a5e9 (diff) | |
| download | qpid-python-34ba8277044906749d400205f4f56fc24375ae22.tar.gz | |
- Add support for ACL on message transfer
- Performance optimizations for ACL on message transfer
git-svn-id: https://svn.apache.org/repos/asf/incubator/qpid/trunk/qpid@681690 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'cpp/src/qpid/broker')
| -rw-r--r-- | cpp/src/qpid/broker/AclModule.h | 8 | ||||
| -rw-r--r-- | cpp/src/qpid/broker/SemanticState.cpp | 10 | ||||
| -rw-r--r-- | cpp/src/qpid/broker/SemanticState.h | 4 | ||||
| -rw-r--r-- | cpp/src/qpid/broker/SessionAdapter.cpp | 4 |
4 files changed, 20 insertions, 6 deletions
diff --git a/cpp/src/qpid/broker/AclModule.h b/cpp/src/qpid/broker/AclModule.h index dfb365158d..568e339a22 100644 --- a/cpp/src/qpid/broker/AclModule.h +++ b/cpp/src/qpid/broker/AclModule.h @@ -44,7 +44,13 @@ class AclModule public: - virtual bool authorise(std::string id, acl::Action action, acl::ObjectType objType, std::string name, std::map<std::string, std::string>* params)=0; + // effienty turn off ACL on message transfer. + virtual bool doTransferAcl()=0; + + virtual bool authorise(std::string id, acl::Action action, acl::ObjectType objType, std::string name, + std::map<std::string, std::string>* params)=0; + virtual bool authorise(std::string id, acl::Action action, acl::ObjectType objType, std::string ExchangeName, + std::string RoutingKey)=0; // create specilied authorise methods for cases that need faster matching as needed. virtual ~AclModule() {}; diff --git a/cpp/src/qpid/broker/SemanticState.cpp b/cpp/src/qpid/broker/SemanticState.cpp index 1cbde08630..484a406c3b 100644 --- a/cpp/src/qpid/broker/SemanticState.cpp +++ b/cpp/src/qpid/broker/SemanticState.cpp @@ -33,6 +33,7 @@ #include "qpid/framing/MessageTransferBody.h" #include "qpid/log/Statement.h" #include "qpid/ptr_map.h" +#include "AclModule.h" #include <boost/bind.hpp> #include <boost/format.hpp> @@ -65,6 +66,7 @@ SemanticState::SemanticState(DeliveryAdapter& da, SessionContext& ss) outputTasks(ss) { outstanding.reset(); + acl = getSession().getBroker().getAcl(); } SemanticState::~SemanticState() { @@ -258,7 +260,7 @@ SemanticState::ConsumerImpl::ConsumerImpl(SemanticState* _parent, blocked(true), windowing(true), msgCredit(0), - byteCredit(0) {} + byteCredit(0){} OwnershipToken* SemanticState::ConsumerImpl::getSession() { @@ -356,6 +358,12 @@ void SemanticState::route(intrusive_ptr<Message> msg, Deliverable& strategy) { cacheExchange = session.getBroker().getExchanges().get(exchangeName); } + if (acl && acl->doTransferAcl()) + { + if (!acl->authorise(getSession().getConnection().getUserId(),acl::PUBLISH,acl::EXCHANGE,exchangeName, msg->getRoutingKey() )) + throw NotAllowedException("ACL denied exhange publish request"); + } + cacheExchange->route(strategy, msg->getRoutingKey(), msg->getApplicationHeaders()); if (!strategy.delivered) { diff --git a/cpp/src/qpid/broker/SemanticState.h b/cpp/src/qpid/broker/SemanticState.h index 0c3b715784..a0424bf747 100644 --- a/cpp/src/qpid/broker/SemanticState.h +++ b/cpp/src/qpid/broker/SemanticState.h @@ -38,6 +38,7 @@ #include "qpid/framing/Uuid.h" #include "qpid/sys/AggregateOutput.h" #include "qpid/shared_ptr.h" +#include "AclModule.h" #include <list> #include <map> @@ -117,7 +118,8 @@ class SemanticState : public sys::OutputTask, framing::SequenceSet accumulatedAck; boost::shared_ptr<Exchange> cacheExchange; sys::AggregateOutput outputTasks; - + AclModule* acl; + void route(boost::intrusive_ptr<Message> msg, Deliverable& strategy); void record(const DeliveryRecord& delivery); bool checkPrefetch(boost::intrusive_ptr<Message>& msg); diff --git a/cpp/src/qpid/broker/SessionAdapter.cpp b/cpp/src/qpid/broker/SessionAdapter.cpp index bf4cd39393..1aeced49c1 100644 --- a/cpp/src/qpid/broker/SessionAdapter.cpp +++ b/cpp/src/qpid/broker/SessionAdapter.cpp @@ -153,9 +153,7 @@ void SessionAdapter::ExchangeHandlerImpl::bind(const string& queueName, AclModule* acl = getBroker().getAcl(); if (acl) { - std::map<std::string, std::string> params; - params.insert(make_pair("RKEY", routingKey)); - if (!acl->authorise(getConnection().getUserId(),acl::BIND,acl::EXCHANGE,exchangeName,¶ms) ) + if (!acl->authorise(getConnection().getUserId(),acl::BIND,acl::EXCHANGE,exchangeName,routingKey) ) throw NotAllowedException("ACL denied exhange bind request"); } |