1 files changed, 29 insertions, 1 deletions

diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/virtualhostnode/AbstractStandardVirtualHostNode.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/virtualhostnode/AbstractStandardVirtualHostNode.java
index 1b2e505df9..44139a71e0 100644
--- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/virtualhostnode/AbstractStandardVirtualHostNode.java
+++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/virtualhostnode/AbstractStandardVirtualHostNode.java
@@ -21,11 +21,13 @@
 package org.apache.qpid.server.virtualhostnode;
 
 import java.io.File;
+import java.security.AccessControlException;
 import java.security.PrivilegedAction;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.Map;
+import java.util.Set;
 import java.util.concurrent.atomic.AtomicReference;
 
 import javax.security.auth.Subject;
@@ -47,6 +49,7 @@ import org.apache.qpid.server.model.VirtualHost;
 import org.apache.qpid.server.model.VirtualHostNode;
 import org.apache.qpid.server.plugin.DurableConfigurationStoreFactory;
 import org.apache.qpid.server.security.SecurityManager;
+import org.apache.qpid.server.security.access.Operation;
 import org.apache.qpid.server.store.DurableConfigurationStore;
 import org.apache.qpid.server.store.MessageStore;
 import org.apache.qpid.server.store.VirtualHostStoreUpgraderAndRecoverer;
@@ -152,7 +155,12 @@ public abstract class AbstractStandardVirtualHostNode<X extends AbstractStandard
         State state = _state.get();
         if (desiredState == State.DELETED)
         {
-            if (state == State.INITIALISING || state == State.ACTIVE || state == State.STOPPED || state == State.ERRORED)
+            if (state == State.ACTIVE || state == State.INITIALISING)
+            {
+                state = setDesiredState(currentState, State.STOPPED);
+            }
+
+            if (state == State.STOPPED || state == State.ERRORED)
             {
                 if( _state.compareAndSet(state, State.DELETED))
                 {
@@ -350,5 +358,25 @@ public abstract class AbstractStandardVirtualHostNode<X extends AbstractStandard
         _eventLogger.message(_configurationStoreLogSubject, ConfigStoreMessages.CLOSE());
     }
 
+    @Override
+    protected void authoriseSetDesiredState(State currentState, State desiredState) throws AccessControlException
+    {
+        if(desiredState == State.DELETED)
+        {
+            if (!_broker.getSecurityManager().authoriseConfiguringBroker(getName(), VirtualHostNode.class, Operation.DELETE))
+            {
+                throw new AccessControlException("Deletion of virtual host node is denied");
+            }
+        }
+    }
+
+    @Override
+    protected void authoriseSetAttributes(ConfiguredObject<?> modified, Set<String> attributes) throws AccessControlException
+    {
+        if (!_broker.getSecurityManager().authoriseConfiguringBroker(getName(), VirtualHostNode.class, Operation.UPDATE))
+        {
+            throw new AccessControlException("Setting of virtual host node attributes is denied");
+        }
+    }
 
 }