QPID-5873: [Java Broker] Allow ACL rules to be applied to VirtualHostNode objects

* ACL rules using the new operation VIRTUALHOSTNODE apply to VHN model objects. * ACL rules using the operation VIRTUALHOST apply to VH model objects for CREATE, UPDATE and DELETE. This is a change from previous version where BROKER operation permission was required. * For HA, VIRTUALHOSTNODE permission is required to perform updates on RemoteReplicationNodes. git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk@1607868 13f79535-47bb-0310-9956-ffa450edef68
author: Keith Wall <kwall@apache.org> 2014-07-04 14:40:13 +0000
committer: Keith Wall <kwall@apache.org> 2014-07-04 14:40:13 +0000
commit: fce3f24c6745e0def3cf98725a949dfca07b9a0d (patch)
tree: 0d9c786584f21c57657f4600656e9d1726aee69f /qpid/java/bdbstore/src/main
parent: 67b6cafa1b23daa3edb36325e2e1c0970130106d (diff)
download: qpid-python-fce3f24c6745e0def3cf98725a949dfca07b9a0d.tar.gz
1 files changed, 26 insertions, 0 deletions
diff --git a/qpid/java/bdbstore/src/main/java/org/apache/qpid/server/virtualhostnode/berkeleydb/BDBHARemoteReplicationNodeImpl.java b/qpid/java/bdbstore/src/main/java/org/apache/qpid/server/virtualhostnode/berkeleydb/BDBHARemoteReplicationNodeImpl.java
index 5327997498..64b29b8daf 100644
--- a/qpid/java/bdbstore/src/main/java/org/apache/qpid/server/virtualhostnode/berkeleydb/BDBHARemoteReplicationNodeImpl.java
+++ b/qpid/java/bdbstore/src/main/java/org/apache/qpid/server/virtualhostnode/berkeleydb/BDBHARemoteReplicationNodeImpl.java
@@ -24,6 +24,7 @@ package org.apache.qpid.server.virtualhostnode.berkeleydb;
 import static com.sleepycat.je.rep.ReplicatedEnvironment.State.MASTER;
 import static com.sleepycat.je.rep.ReplicatedEnvironment.State.REPLICA;
 
+import java.security.AccessControlException;
 import java.util.Map;
 import java.util.Set;
 import java.util.concurrent.atomic.AtomicReference;
@@ -33,11 +34,13 @@ import com.sleepycat.je.rep.MasterStateException;
 import org.apache.log4j.Logger;
 import org.apache.qpid.server.configuration.IllegalConfigurationException;
 import org.apache.qpid.server.model.AbstractConfiguredObject;
+import org.apache.qpid.server.model.Broker;
 import org.apache.qpid.server.model.ConfiguredObject;
 import org.apache.qpid.server.model.IllegalStateTransitionException;
 import org.apache.qpid.server.model.ManagedAttributeField;
 import org.apache.qpid.server.model.State;
 import org.apache.qpid.server.model.StateTransition;
+import org.apache.qpid.server.security.access.Operation;
 import org.apache.qpid.server.store.berkeleydb.replication.ReplicatedEnvironmentFacade;
 
 public class BDBHARemoteReplicationNodeImpl extends AbstractConfiguredObject<BDBHARemoteReplicationNodeImpl> implements BDBHARemoteReplicationNode<BDBHARemoteReplicationNodeImpl>
@@ -46,6 +49,7 @@ public class BDBHARemoteReplicationNodeImpl extends AbstractConfiguredObject<BDB
 
     private final ReplicatedEnvironmentFacade _replicatedEnvironmentFacade;
     private final String _address;
+    private final Broker _broker;
 
     private volatile long _joinTime;
     private volatile long _lastTransactionId;
@@ -59,6 +63,7 @@ public class BDBHARemoteReplicationNodeImpl extends AbstractConfiguredObject<BDB
     public BDBHARemoteReplicationNodeImpl(BDBHAVirtualHostNode<?> virtualHostNode, Map<String, Object> attributes, ReplicatedEnvironmentFacade replicatedEnvironmentFacade)
     {
         super(parentsMap(virtualHostNode), attributes);
+        _broker = virtualHostNode.getParent(Broker.class);
         _address = (String)attributes.get(ADDRESS);
         _replicatedEnvironmentFacade = replicatedEnvironmentFacade;
         _state = new AtomicReference<State>(State.ACTIVE);
@@ -113,6 +118,27 @@ public class BDBHARemoteReplicationNodeImpl extends AbstractConfiguredObject<BDB
         super.deleted();
     }
 
+
+    @Override
+    protected void authoriseSetAttributes(final ConfiguredObject<?> proxyForValidation,
+                                          final Set<String> modifiedAttributes)
+    {
+        _broker.getSecurityManager().authoriseVirtualHostNode(getName(), Operation.UPDATE);
+    }
+
+    @Override
+    protected void authoriseSetDesiredState(State desiredState) throws AccessControlException
+    {
+        if(desiredState == State.DELETED)
+        {
+            _broker.getSecurityManager().authoriseVirtualHostNode(getName(), Operation.DELETE);
+        }
+        else
+        {
+            _broker.getSecurityManager().authoriseVirtualHostNode(getName(), Operation.UPDATE);
+        }
+    }
+
     @Override
     public String toString()
     {
author	Keith Wall <kwall@apache.org>	2014-07-04 14:40:13 +0000
committer	Keith Wall <kwall@apache.org>	2014-07-04 14:40:13 +0000
commit	fce3f24c6745e0def3cf98725a949dfca07b9a0d (patch)
tree	0d9c786584f21c57657f4600656e9d1726aee69f /qpid/java/bdbstore/src/main
parent	67b6cafa1b23daa3edb36325e2e1c0970130106d (diff)
download	qpid-python-fce3f24c6745e0def3cf98725a949dfca07b9a0d.tar.gz