From 8dda03490e49964ec4811c2844a07a23cdca04c1 Mon Sep 17 00:00:00 2001 From: Rajith Muditha Attapattu Date: Mon, 11 Jan 2010 19:26:11 +0000 Subject: This further improves the fix made at rev 19819 in Qpid trunk for QPID-2175 The check is now done without creating any new strings to avoid extra allocations. git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk@898021 13f79535-47bb-0310-9956-ffa450edef68 --- qpid/cpp/src/qpid/broker/SemanticState.cpp | 7 ++++--- qpid/cpp/src/qpid/broker/SemanticState.h | 3 ++- 2 files changed, 6 insertions(+), 4 deletions(-) (limited to 'qpid/cpp') diff --git a/qpid/cpp/src/qpid/broker/SemanticState.cpp b/qpid/cpp/src/qpid/broker/SemanticState.cpp index e9b6aad967..e24744fe81 100644 --- a/qpid/cpp/src/qpid/broker/SemanticState.cpp +++ b/qpid/cpp/src/qpid/broker/SemanticState.cpp @@ -71,7 +71,8 @@ SemanticState::SemanticState(DeliveryAdapter& da, SessionContext& ss) dtxSelected(false), authMsg(getSession().getBroker().getOptions().auth && !getSession().getConnection().isFederationLink()), userID(getSession().getConnection().getUserId()), - defaultRealm(getSession().getBroker().getOptions().realm) + userName(getSession().getConnection().getUserId().substr(0,getSession().getConnection().getUserId().find('@'))), + isDefaultRealm(userID.find('@') != std::string::npos && getSession().getBroker().getOptions().realm == userID.substr(userID.find('@')+1,userID.size())) { acl = getSession().getBroker().getAcl(); } @@ -429,8 +430,8 @@ void SemanticState::route(intrusive_ptr msg, Deliverable& strategy) { /* verify the userid if specified: */ std::string id = msg->hasProperties() ? msg->getProperties()->getUserId() : nullstring; - - if (authMsg && !id.empty() && id != userID && id.append("@").append(defaultRealm) != userID) + + if (authMsg && !id.empty() && !(id == userID || (isDefaultRealm && id == userName))) { QPID_LOG(debug, "authorised user id : " << userID << " but user id in message declared as " << id); throw UnauthorizedAccessException(QPID_MSG("authorised user id : " << userID << " but user id in message declared as " << id)); diff --git a/qpid/cpp/src/qpid/broker/SemanticState.h b/qpid/cpp/src/qpid/broker/SemanticState.h index e5e3f909f1..c39161c8a6 100644 --- a/qpid/cpp/src/qpid/broker/SemanticState.h +++ b/qpid/cpp/src/qpid/broker/SemanticState.h @@ -156,7 +156,8 @@ class SemanticState : private boost::noncopyable { AclModule* acl; const bool authMsg; const string userID; - const string defaultRealm; + const string userName; + const bool isDefaultRealm; void route(boost::intrusive_ptr msg, Deliverable& strategy); void checkDtxTimeout(); -- cgit v1.2.1