diff options
| author | Robert Godfrey <rgodfrey@apache.org> | 2014-02-20 15:46:29 +0000 |
|---|---|---|
| committer | Robert Godfrey <rgodfrey@apache.org> | 2014-02-20 15:46:29 +0000 |
| commit | 608a0bb1b83fd2920dbc19dc2be399b27c62c1ba (patch) | |
| tree | 72ce7b1d63c8d358aaa82d321b62caf56bccd298 /qpid/java/broker-plugins/access-control/src/main | |
| parent | e9f5602cdf5b100a348a2f95c620805ffab803b9 (diff) | |
| download | qpid-python-608a0bb1b83fd2920dbc19dc2be399b27c62c1ba.tar.gz | |
QPID-5567 : Further changes to SecurityMangager
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk@1570239 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'qpid/java/broker-plugins/access-control/src/main')
| -rw-r--r-- | qpid/java/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/plugins/DefaultAccessControl.java | 42 |
1 files changed, 12 insertions, 30 deletions
diff --git a/qpid/java/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/plugins/DefaultAccessControl.java b/qpid/java/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/plugins/DefaultAccessControl.java index 75006ae697..f579ea0ec5 100644 --- a/qpid/java/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/plugins/DefaultAccessControl.java +++ b/qpid/java/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/plugins/DefaultAccessControl.java @@ -113,49 +113,31 @@ public class DefaultAccessControl implements AccessControl } /** - * Object instance access authorisation. - * - * Delegate to the {@link #authorise(Operation, ObjectType, ObjectProperties)} method, with - * the operation set to ACCESS and no object properties. - */ - public Result access(ObjectType objectType) - { - InetAddress addressOfClient = null; - final Subject subject = Subject.getSubject(AccessController.getContext()); - if(subject != null) - { - Set<ConnectionPrincipal> principals = subject.getPrincipals(ConnectionPrincipal.class); - if(!principals.isEmpty()) - { - SocketAddress address = principals.iterator().next().getConnection().getRemoteAddress(); - if(address instanceof InetSocketAddress) - { - addressOfClient = ((InetSocketAddress) address).getAddress(); - } - } - } - return authoriseFromAddress(Operation.ACCESS, objectType, ObjectProperties.EMPTY, addressOfClient); - } - - /** * Check if an operation is authorised by asking the configuration object about the access * control rules granted to the current thread's {@link Subject}. If there is no current * user the plugin will abstain. */ public Result authorise(Operation operation, ObjectType objectType, ObjectProperties properties) { - return authoriseFromAddress(operation, objectType, properties, null); - } - - public Result authoriseFromAddress(Operation operation, ObjectType objectType, ObjectProperties properties, InetAddress addressOfClient) - { + InetAddress addressOfClient = null; final Subject subject = Subject.getSubject(AccessController.getContext()); + // Abstain if there is no subject/principal associated with this thread if (subject == null || subject.getPrincipals().size() == 0) { return Result.ABSTAIN; } + Set<ConnectionPrincipal> principals = subject.getPrincipals(ConnectionPrincipal.class); + if(!principals.isEmpty()) + { + SocketAddress address = principals.iterator().next().getConnection().getRemoteAddress(); + if(address instanceof InetSocketAddress) + { + addressOfClient = ((InetSocketAddress) address).getAddress(); + } + } + if(_logger.isDebugEnabled()) { _logger.debug("Checking " + operation + " " + objectType + " " + ObjectUtils.defaultIfNull(addressOfClient, "")); |