From a92613d7c9e7d623fda47cc41175197ec86c3cfb Mon Sep 17 00:00:00 2001
From: Robert Gemmell <robbie@apache.org>
Date: Sat, 18 Sep 2010 21:18:19 +0000
Subject: QPID-2870: move the authorisation check outside the AtomicBoolean
 wrapped queue deletion process to prevent an unauthorised attempt from
 barring all future deletion attempts

git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@998545 13f79535-47bb-0310-9956-ffa450edef68
---
 .../java/org/apache/qpid/server/queue/SimpleAMQQueue.java     | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

(limited to 'java')

diff --git a/java/broker/src/main/java/org/apache/qpid/server/queue/SimpleAMQQueue.java b/java/broker/src/main/java/org/apache/qpid/server/queue/SimpleAMQQueue.java
index fc04e1382e..112f682fdc 100644
--- a/java/broker/src/main/java/org/apache/qpid/server/queue/SimpleAMQQueue.java
+++ b/java/broker/src/main/java/org/apache/qpid/server/queue/SimpleAMQQueue.java
@@ -1357,13 +1357,14 @@ public class SimpleAMQQueue implements AMQQueue, Subscription.StateListener
     // TODO list all thrown exceptions
     public int delete() throws AMQSecurityException, AMQException
     {
+        // Check access
+        if (!_virtualHost.getSecurityManager().authoriseDelete(this))
+        {
+            throw new AMQSecurityException("Permission denied: " + getName());
+        }
+        
         if (!_deleted.getAndSet(true))
         {
-            // Check access
-            if (!_virtualHost.getSecurityManager().authoriseDelete(this))
-            {
-                throw new AMQSecurityException("Permission denied: " + getName());
-            }
 
             for (Binding b : getBindings())
             {
-- 
cgit v1.2.1