Merge from trunk

git-svn-id: https://svn.apache.org/repos/asf/qpid/branches/QPID-6262-JavaBrokerNIO@1666200 13f79535-47bb-0310-9956-ffa450edef68

2 files changed, 14 insertions, 46 deletions

diff --git a/qpid/java/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/plugins/ACLFileAccessControlProviderImpl.java b/qpid/java/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/plugins/ACLFileAccessControlProviderImpl.java
index c1bd1b0bb8..99db75ac91 100644
--- a/qpid/java/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/plugins/ACLFileAccessControlProviderImpl.java
+++ b/qpid/java/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/plugins/ACLFileAccessControlProviderImpl.java
@@ -20,7 +20,6 @@
  */
 package org.apache.qpid.server.security.access.plugins;
 
-import java.security.AccessControlException;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.Map;
@@ -33,7 +32,6 @@ import org.apache.log4j.Logger;
 
 import org.apache.qpid.server.configuration.IllegalConfigurationException;
 import org.apache.qpid.server.model.AbstractConfiguredObject;
-import org.apache.qpid.server.model.AccessControlProvider;
 import org.apache.qpid.server.model.Broker;
 import org.apache.qpid.server.model.ConfiguredObject;
 import org.apache.qpid.server.model.ManagedAttributeField;
@@ -41,7 +39,6 @@ import org.apache.qpid.server.model.ManagedObjectFactoryConstructor;
 import org.apache.qpid.server.model.State;
 import org.apache.qpid.server.model.StateTransition;
 import org.apache.qpid.server.security.AccessControl;
-import org.apache.qpid.server.security.access.Operation;
 import org.apache.qpid.server.util.urlstreamhandler.data.Handler;
 
 public class ACLFileAccessControlProviderImpl
@@ -229,27 +226,6 @@ public class ACLFileAccessControlProviderImpl
         return returnVal;
     }
 
-    @Override
-    protected void authoriseSetDesiredState(State desiredState) throws AccessControlException
-    {
-        if(desiredState == State.DELETED)
-        {
-            if (!_broker.getSecurityManager().authoriseConfiguringBroker(getName(), AccessControlProvider.class, Operation.DELETE))
-            {
-                throw new AccessControlException("Deletion of AccessControlProvider is denied");
-            }
-        }
-    }
-
-    @Override
-    protected void authoriseSetAttributes(ConfiguredObject<?> modified, Set<String> attributes) throws AccessControlException
-    {
-        if (!_broker.getSecurityManager().authoriseConfiguringBroker(getName(), AccessControlProvider.class, Operation.UPDATE))
-        {
-            throw new AccessControlException("Setting of AccessControlProvider attributes is denied");
-        }
-    }
-    
     public AccessControl getAccessControl()
     {
         return _accessControl;
diff --git a/qpid/java/broker-plugins/access-control/src/test/java/org/apache/qpid/server/security/access/plugins/RuleSetTest.java b/qpid/java/broker-plugins/access-control/src/test/java/org/apache/qpid/server/security/access/plugins/RuleSetTest.java
index a37c0c7858..5301d2e49d 100644
--- a/qpid/java/broker-plugins/access-control/src/test/java/org/apache/qpid/server/security/access/plugins/RuleSetTest.java
+++ b/qpid/java/broker-plugins/access-control/src/test/java/org/apache/qpid/server/security/access/plugins/RuleSetTest.java
@@ -22,14 +22,10 @@
 package org.apache.qpid.server.security.access.plugins;
 
 import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
 
 import javax.security.auth.Subject;
 
-import org.apache.qpid.server.exchange.ExchangeImpl;
 import org.apache.qpid.server.logging.EventLoggerProvider;
-import org.apache.qpid.server.model.VirtualHost;
-import org.apache.qpid.server.queue.AMQQueue;
 import org.apache.qpid.server.security.Result;
 import org.apache.qpid.server.security.access.ObjectProperties;
 import org.apache.qpid.server.security.access.ObjectType;
@@ -65,8 +61,6 @@ public class RuleSetTest extends QpidTestCase
     private String _exchangeName = "amq.direct";
     private String _exchangeType = "direct";
     private Subject _testSubject = TestPrincipalUtils.createTestSubject(TEST_USER);
-    private AMQQueue<?> _queue;
-    private VirtualHost<?,?,?> _virtualHost;
 
     @Override
     public void setUp() throws Exception
@@ -74,11 +68,6 @@ public class RuleSetTest extends QpidTestCase
         super.setUp();
 
         _ruleSet = new RuleSet(mock(EventLoggerProvider.class));
-
-        _virtualHost = mock(VirtualHost.class);
-        _queue = mock(AMQQueue.class);
-        when(_queue.getName()).thenReturn(_queueName);
-        when(_queue.getParent(VirtualHost.class)).thenReturn(_virtualHost);
     }
 
     @Override
@@ -178,11 +167,13 @@ public class RuleSetTest extends QpidTestCase
     {
         _ruleSet.grant(0, TEST_USER, Permission.ALLOW, Operation.CREATE, ObjectType.QUEUE, new ObjectProperties(Property.VIRTUALHOST_NAME, ALLOWED_VH));
 
-        when(_virtualHost.getName()).thenReturn(ALLOWED_VH);
-        assertEquals(Result.ALLOWED, _ruleSet.check(_testSubject, Operation.CREATE, ObjectType.QUEUE, new ObjectProperties(_queue)));
+        ObjectProperties allowedQueueObjectProperties = new ObjectProperties(_queueName);
+        allowedQueueObjectProperties.put(Property.VIRTUALHOST_NAME, ALLOWED_VH);
+        assertEquals(Result.ALLOWED, _ruleSet.check(_testSubject, Operation.CREATE, ObjectType.QUEUE, new ObjectProperties(allowedQueueObjectProperties)));
 
-        when(_virtualHost.getName()).thenReturn(DENIED_VH);
-        assertEquals(Result.DEFER, _ruleSet.check(_testSubject, Operation.CREATE, ObjectType.QUEUE, new ObjectProperties(_queue)));
+        ObjectProperties deniedQueueObjectProperties = new ObjectProperties(_queueName);
+        deniedQueueObjectProperties.put(Property.VIRTUALHOST_NAME, DENIED_VH);
+        assertEquals(Result.DEFER, _ruleSet.check(_testSubject, Operation.CREATE, ObjectType.QUEUE, deniedQueueObjectProperties));
     }
 
     public void testQueueCreateNamedNullRoutingKey()
@@ -197,15 +188,16 @@ public class RuleSetTest extends QpidTestCase
     {
         _ruleSet.grant(0, TEST_USER, Permission.ALLOW, Operation.CREATE, ObjectType.EXCHANGE, new ObjectProperties(Property.VIRTUALHOST_NAME, ALLOWED_VH));
 
-        ExchangeImpl<?> exchange = mock(ExchangeImpl.class);
-        when(exchange.getParent(VirtualHost.class)).thenReturn(_virtualHost);
-        when(exchange.getType()).thenReturn(_exchangeType);
-        when(_virtualHost.getName()).thenReturn(ALLOWED_VH);
+        ObjectProperties allowedExchangeProperties = new ObjectProperties(_exchangeName);
+        allowedExchangeProperties.put(Property.TYPE, _exchangeType);
+        allowedExchangeProperties.put(Property.VIRTUALHOST_NAME, ALLOWED_VH);
 
-        assertEquals(Result.ALLOWED, _ruleSet.check(_testSubject, Operation.CREATE, ObjectType.EXCHANGE, new ObjectProperties(exchange)));
+        assertEquals(Result.ALLOWED, _ruleSet.check(_testSubject, Operation.CREATE, ObjectType.EXCHANGE, allowedExchangeProperties));
 
-        when(_virtualHost.getName()).thenReturn(DENIED_VH);
-        assertEquals(Result.DEFER, _ruleSet.check(_testSubject, Operation.CREATE, ObjectType.EXCHANGE, new ObjectProperties(exchange)));
+        ObjectProperties deniedExchangeProperties = new ObjectProperties(_exchangeName);
+        deniedExchangeProperties.put(Property.TYPE, _exchangeType);
+        deniedExchangeProperties.put(Property.VIRTUALHOST_NAME, DENIED_VH);
+        assertEquals(Result.DEFER, _ruleSet.check(_testSubject, Operation.CREATE, ObjectType.EXCHANGE, deniedExchangeProperties));
     }
 
     public void testExchangeCreate()