QPID-1872: check for existence of outer consume permissions map before proceeding to further checks, and if not present then deny immediately as it signifies a complete lack of consume rights in the ACL settigns for the user in question. Update SimpleACLTest to add a check for consumption with create but without consume right, and to allow each test to customise the ACL settings before QTC.setUp() starts the broker

git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk@823464 13f79535-47bb-0310-9956-ffa450edef68

1 files changed, 6 insertions, 0 deletions

diff --git a/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/PrincipalPermissions.java b/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/PrincipalPermissions.java
index f852514444..fb57ca9a59 100755
--- a/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/PrincipalPermissions.java
+++ b/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/PrincipalPermissions.java
@@ -494,6 +494,12 @@ public class PrincipalPermissions
                 {
                     AMQQueue queue = ((AMQQueue) parameters[0]);
                     Map queuePermissions = (Map) _permissions.get(permission);
+                    
+                    if (queuePermissions == null)
+                    {
+                    	//if the outer map is null, the user has no CONSUME rights at all
+                    	return AuthzResult.DENIED;
+                    }
 
                     List queues = (List) queuePermissions.get(CONSUME_QUEUES_KEY);