From fce3f24c6745e0def3cf98725a949dfca07b9a0d Mon Sep 17 00:00:00 2001
From: Keith Wall <kwall@apache.org>
Date: Fri, 4 Jul 2014 14:40:13 +0000
Subject: QPID-5873: [Java Broker] Allow ACL rules to be applied to
 VirtualHostNode objects

* ACL rules using the new operation VIRTUALHOSTNODE apply to VHN model objects.
* ACL rules using the operation VIRTUALHOST apply to VH model objects for CREATE, UPDATE and DELETE.  This
  is a change from previous version where BROKER operation permission was required.
* For HA, VIRTUALHOSTNODE permission is required to perform updates on RemoteReplicationNodes.

git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk@1607868 13f79535-47bb-0310-9956-ffa450edef68
---
 .../apache/qpid/server/security/access/plugins/RuleSetTest.java    | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'qpid/java/broker-plugins')

diff --git a/qpid/java/broker-plugins/access-control/src/test/java/org/apache/qpid/server/security/access/plugins/RuleSetTest.java b/qpid/java/broker-plugins/access-control/src/test/java/org/apache/qpid/server/security/access/plugins/RuleSetTest.java
index 0ce2555bcf..a37c0c7858 100644
--- a/qpid/java/broker-plugins/access-control/src/test/java/org/apache/qpid/server/security/access/plugins/RuleSetTest.java
+++ b/qpid/java/broker-plugins/access-control/src/test/java/org/apache/qpid/server/security/access/plugins/RuleSetTest.java
@@ -108,6 +108,13 @@ public class RuleSetTest extends QpidTestCase
         assertEquals(_ruleSet.getDefault(), _ruleSet.check(_testSubject, Operation.ACCESS, ObjectType.VIRTUALHOST, ObjectProperties.EMPTY));
     }
 
+    public void testVirtualHostNodeCreateAllowPermissionWithVirtualHostName() throws Exception
+    {
+        _ruleSet.grant(0, TEST_USER, Permission.ALLOW, Operation.CREATE, ObjectType.VIRTUALHOSTNODE, ObjectProperties.EMPTY);
+        assertEquals(Result.ALLOWED, _ruleSet.check(_testSubject, Operation.CREATE, ObjectType.VIRTUALHOSTNODE, ObjectProperties.EMPTY));
+        assertEquals(Result.DENIED, _ruleSet.check(_testSubject, Operation.DELETE, ObjectType.VIRTUALHOSTNODE, ObjectProperties.EMPTY));
+    }
+
     public void testVirtualHostAccessAllowPermissionWithVirtualHostName() throws Exception
     {
         _ruleSet.grant(0, TEST_USER, Permission.ALLOW, Operation.ACCESS, ObjectType.VIRTUALHOST, new ObjectProperties(ALLOWED_VH));
-- 
cgit v1.2.1