From 84d997ffc8c4c94dab6797e6d2b477d15f9e5c86 Mon Sep 17 00:00:00 2001
From: Alex Rudyy <orudyy@apache.org>
Date: Tue, 10 Mar 2015 08:03:38 +0000
Subject: QPID-6436: [Java Broker] Move ACL functionality scattered over the
 configured objects into SecurityManager and AbstractConfiguredObjects

git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk@1665410 13f79535-47bb-0310-9956-ffa450edef68
---
 .../berkeleydb/BDBHARemoteReplicationNodeImpl.java |  24 -
 .../berkeleydb/BDBHARemoteReplicationNodeTest.java |   9 +-
 .../replication/BDBHAVirtualHostNodeRestTest.java  |   4 +-
 .../apache/qpid/server/binding/BindingImpl.java    |   9 +-
 .../qpid/server/exchange/AbstractExchange.java     |  19 +-
 .../server/model/AbstractConfiguredObject.java     | 144 +++-
 .../model/adapter/AbstractPluginAdapter.java       |  24 -
 .../qpid/server/model/adapter/BrokerAdapter.java   |  30 -
 .../model/adapter/FileBasedGroupProviderImpl.java  |  34 +-
 .../adapter/FileSystemPreferencesProviderImpl.java |   5 +
 .../qpid/server/model/port/AbstractPort.java       |  24 -
 .../apache/qpid/server/queue/AbstractQueue.java    |  12 -
 .../qpid/server/queue/QueueConsumerImpl.java       |   9 +-
 .../qpid/server/security/FileKeyStoreImpl.java     |  23 -
 .../qpid/server/security/FileTrustStoreImpl.java   |  23 -
 .../qpid/server/security/NonJavaKeyStoreImpl.java  |  25 -
 .../server/security/NonJavaTrustStoreImpl.java     |  25 -
 .../qpid/server/security/SecurityManager.java      | 449 ++++++----
 .../server/security/access/ObjectProperties.java   |  64 --
 .../manager/AbstractAuthenticationManager.java     |  24 -
 ...odelPasswordManagingAuthenticationProvider.java |  35 +-
 .../server/security/auth/manager/ManagedUser.java  |  43 +-
 .../PrincipalDatabaseAuthenticationManager.java    |  72 +-
 .../server/virtualhost/AbstractVirtualHost.java    |  32 +-
 .../virtualhostnode/AbstractVirtualHostNode.java   |  39 -
 .../qpid/server/exchange/FanoutExchangeTest.java   |  19 +-
 .../qpid/server/exchange/HeadersExchangeTest.java  |  18 +-
 .../apache/qpid/server/model/VirtualHostTest.java  |  16 +-
 .../model/testmodels/hierarchy/TestKitCarImpl.java |   9 +
 .../testmodels/hierarchy/TestStandardCarImpl.java  |   9 +
 .../testmodels/lifecycle/TestConfiguredObject.java |   9 +
 .../testmodels/singleton/TestSingletonImpl.java    |  10 +
 .../qpid/server/security/FileKeyStoreTest.java     |  13 +-
 .../qpid/server/security/FileTrustStoreTest.java   |  18 +-
 .../qpid/server/security/SecurityManagerTest.java  | 900 +++++++++++++++------
 .../apache/qpid/server/util/BrokerTestHelper.java  |   5 +-
 .../virtualhost/AbstractVirtualHostTest.java       |   4 +-
 .../virtualhost/VirtualHostQueueCreationTest.java  |   1 -
 .../AbstractStandardVirtualHostNodeTest.java       |  13 +-
 .../plugins/ACLFileAccessControlProviderImpl.java  |  24 -
 .../security/access/plugins/RuleSetTest.java       |  36 +-
 .../servlet/rest/UserPreferencesServlet.java       |  46 +-
 .../server/jmx/mbeans/VirtualHostManagerMBean.java |   2 +-
 .../jmx/mbeans/VirtualHostManagerMBeanTest.java    |   2 +-
 44 files changed, 1274 insertions(+), 1081 deletions(-)

(limited to 'qpid/java')

diff --git a/qpid/java/bdbstore/src/main/java/org/apache/qpid/server/virtualhostnode/berkeleydb/BDBHARemoteReplicationNodeImpl.java b/qpid/java/bdbstore/src/main/java/org/apache/qpid/server/virtualhostnode/berkeleydb/BDBHARemoteReplicationNodeImpl.java
index dfbdce4399..61a2470173 100644
--- a/qpid/java/bdbstore/src/main/java/org/apache/qpid/server/virtualhostnode/berkeleydb/BDBHARemoteReplicationNodeImpl.java
+++ b/qpid/java/bdbstore/src/main/java/org/apache/qpid/server/virtualhostnode/berkeleydb/BDBHARemoteReplicationNodeImpl.java
@@ -21,10 +21,8 @@
 
 package org.apache.qpid.server.virtualhostnode.berkeleydb;
 
-import java.security.AccessControlException;
 import java.util.Map;
 import java.util.Set;
-import java.util.concurrent.atomic.AtomicReference;
 
 import com.sleepycat.je.rep.MasterStateException;
 
@@ -43,7 +41,6 @@ import org.apache.qpid.server.model.State;
 import org.apache.qpid.server.model.StateTransition;
 import org.apache.qpid.server.model.SystemConfig;
 import org.apache.qpid.server.model.VirtualHostNode;
-import org.apache.qpid.server.security.access.Operation;
 import org.apache.qpid.server.store.berkeleydb.replication.ReplicatedEnvironmentFacade;
 
 public class BDBHARemoteReplicationNodeImpl extends AbstractConfiguredObject<BDBHARemoteReplicationNodeImpl> implements BDBHARemoteReplicationNode<BDBHARemoteReplicationNodeImpl>
@@ -121,27 +118,6 @@ public class BDBHARemoteReplicationNodeImpl extends AbstractConfiguredObject<BDB
         super.deleted();
     }
 
-
-    @Override
-    protected void authoriseSetAttributes(final ConfiguredObject<?> proxyForValidation,
-                                          final Set<String> modifiedAttributes)
-    {
-        _broker.getSecurityManager().authoriseVirtualHostNode(getName(), Operation.UPDATE);
-    }
-
-    @Override
-    protected void authoriseSetDesiredState(State desiredState) throws AccessControlException
-    {
-        if(desiredState == State.DELETED)
-        {
-            _broker.getSecurityManager().authoriseVirtualHostNode(getName(), Operation.DELETE);
-        }
-        else
-        {
-            _broker.getSecurityManager().authoriseVirtualHostNode(getName(), Operation.UPDATE);
-        }
-    }
-
     @Override
     public String toString()
     {
diff --git a/qpid/java/bdbstore/src/test/java/org/apache/qpid/server/virtualhostnode/berkeleydb/BDBHARemoteReplicationNodeTest.java b/qpid/java/bdbstore/src/test/java/org/apache/qpid/server/virtualhostnode/berkeleydb/BDBHARemoteReplicationNodeTest.java
index 8522a39918..cb9d02c767 100644
--- a/qpid/java/bdbstore/src/test/java/org/apache/qpid/server/virtualhostnode/berkeleydb/BDBHARemoteReplicationNodeTest.java
+++ b/qpid/java/bdbstore/src/test/java/org/apache/qpid/server/virtualhostnode/berkeleydb/BDBHARemoteReplicationNodeTest.java
@@ -36,7 +36,6 @@ import org.apache.qpid.server.model.ConfiguredObjectFactory;
 import org.apache.qpid.server.model.VirtualHost;
 import org.apache.qpid.server.model.VirtualHostNode;
 import org.apache.qpid.server.security.SecurityManager;
-import org.apache.qpid.server.security.access.Operation;
 import org.apache.qpid.server.store.DurableConfigurationStore;
 import org.apache.qpid.server.store.berkeleydb.replication.ReplicatedEnvironmentFacade;
 import org.apache.qpid.server.util.BrokerTestHelper;
@@ -106,9 +105,7 @@ public class BDBHARemoteReplicationNodeTest extends QpidTestCase
         String remoteReplicationName = getName();
         BDBHARemoteReplicationNode remoteReplicationNode = createRemoteReplicationNode(remoteReplicationName);
 
-        doThrow(new AccessControlException("mocked ACL exception")).when(_mockSecurityManager).authoriseVirtualHostNode(
-                remoteReplicationName,
-                Operation.UPDATE);
+        doThrow(new AccessControlException("mocked ACL exception")).when(_mockSecurityManager).authoriseUpdate(remoteReplicationNode);
 
         assertNull(remoteReplicationNode.getDescription());
 
@@ -130,9 +127,7 @@ public class BDBHARemoteReplicationNodeTest extends QpidTestCase
         String remoteReplicationName = getName();
         BDBHARemoteReplicationNode remoteReplicationNode = createRemoteReplicationNode(remoteReplicationName);
 
-        doThrow(new AccessControlException("mocked ACL exception")).when(_mockSecurityManager).authoriseVirtualHostNode(
-                remoteReplicationName,
-                Operation.DELETE);
+        doThrow(new AccessControlException("mocked ACL exception")).when(_mockSecurityManager).authoriseDelete(remoteReplicationNode);
 
         assertNull(remoteReplicationNode.getDescription());
 
diff --git a/qpid/java/bdbstore/systests/src/test/java/org/apache/qpid/server/store/berkeleydb/replication/BDBHAVirtualHostNodeRestTest.java b/qpid/java/bdbstore/systests/src/test/java/org/apache/qpid/server/store/berkeleydb/replication/BDBHAVirtualHostNodeRestTest.java
index 45cf9a483c..6d3bacc286 100644
--- a/qpid/java/bdbstore/systests/src/test/java/org/apache/qpid/server/store/berkeleydb/replication/BDBHAVirtualHostNodeRestTest.java
+++ b/qpid/java/bdbstore/systests/src/test/java/org/apache/qpid/server/store/berkeleydb/replication/BDBHAVirtualHostNodeRestTest.java
@@ -398,9 +398,9 @@ public class BDBHAVirtualHostNodeRestTest extends QpidRestTestCase
         assertNotNull("Node " + name + " has unexpected lastKnownReplicationId", lastKnownTransactionId);
         assertTrue("Node " + name + " has unexpected lastKnownReplicationId " + lastKnownTransactionId, lastKnownTransactionId > 0);
 
-        Long joinTime = (Long) nodeData.get(BDBHAVirtualHostNode.JOIN_TIME);
+        Number joinTime = (Number) nodeData.get(BDBHAVirtualHostNode.JOIN_TIME);
         assertNotNull("Node " + name + " has unexpected joinTime", joinTime);
-        assertTrue("Node " + name + " has unexpected joinTime " + joinTime, joinTime > 0);
+        assertTrue("Node " + name + " has unexpected joinTime " + joinTime, joinTime.longValue() > 0);
      }
 
     private void assertActualAndDesiredStates(final String restUrl,
diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/binding/BindingImpl.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/binding/BindingImpl.java
index 6012e2e8db..c2c0cc77fa 100644
--- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/binding/BindingImpl.java
+++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/binding/BindingImpl.java
@@ -45,6 +45,7 @@ import org.apache.qpid.server.model.Queue;
 import org.apache.qpid.server.model.State;
 import org.apache.qpid.server.model.StateTransition;
 import org.apache.qpid.server.queue.AMQQueue;
+import org.apache.qpid.server.security.SecurityManager;
 import org.apache.qpid.server.util.StateChangeListener;
 
 public class BindingImpl
@@ -249,7 +250,7 @@ public class BindingImpl
     @Override
     public void validateOnCreate()
     {
-        _queue.getVirtualHost().getSecurityManager().authoriseCreateBinding(this);
+        authoriseCreate(this);
 
         AMQQueue queue = getAMQQueue();
         Map<String, Object> arguments = getArguments();
@@ -266,4 +267,10 @@ public class BindingImpl
         }
     }
 
+    @Override
+    protected SecurityManager getSecurityManager()
+    {
+        return _queue.getVirtualHost().getSecurityManager();
+    }
+
 }
diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/exchange/AbstractExchange.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/exchange/AbstractExchange.java
index 0be73a828e..cb026e175b 100644
--- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/exchange/AbstractExchange.java
+++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/exchange/AbstractExchange.java
@@ -20,7 +20,6 @@
  */
 package org.apache.qpid.server.exchange;
 
-import java.security.AccessControlException;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Collections;
@@ -135,12 +134,6 @@ public abstract class AbstractExchange<T extends AbstractExchange<T>>
         };
     }
 
-    @Override
-    public void validateOnCreate()
-    {
-        _virtualHost.getSecurityManager().authoriseCreateExchange(this);
-    }
-
     @Override
     public void onValidate()
     {
@@ -190,8 +183,6 @@ public abstract class AbstractExchange<T extends AbstractExchange<T>>
     @Override
     public void deleteWithChecks()
     {
-        _virtualHost.getSecurityManager().authoriseDelete(this);
-
         if(hasReferrers())
         {
             throw new ExchangeIsAlternateException(getName());
@@ -634,7 +625,7 @@ public abstract class AbstractExchange<T extends AbstractExchange<T>>
         }
 
         // Check access
-        _virtualHost.getSecurityManager().authoriseUnbind(binding);
+        authoriseDelete(binding);
 
         BindingImpl b = _bindingsMap.remove(new BindingIdentifier(bindingKey,queue));
 
@@ -755,7 +746,7 @@ public abstract class AbstractExchange<T extends AbstractExchange<T>>
             preSetAlternateExchange();
             setState(State.DELETED);
         }
-        catch (ExchangeIsAlternateException | RequiredExchangeException e)
+        catch (ExchangeIsAlternateException e)
         {
             return;
         }
@@ -869,10 +860,4 @@ public abstract class AbstractExchange<T extends AbstractExchange<T>>
         return binding;
     }
 
-    @Override
-    protected void authoriseSetAttributes(ConfiguredObject<?> modified, Set<String> attributes) throws AccessControlException
-    {
-        _virtualHost.getSecurityManager().authoriseUpdate(this);
-    }
-
 }
diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/AbstractConfiguredObject.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/AbstractConfiguredObject.java
index 0056f37b9a..e63638213e 100644
--- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/AbstractConfiguredObject.java
+++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/AbstractConfiguredObject.java
@@ -1036,8 +1036,6 @@ public abstract class AbstractConfiguredObject<X extends ConfiguredObject<X>> im
                                 }
                                 else
                                 {
-                                    authoriseSetDesiredState(desiredState);
-
                                     setAttributes(Collections.<String, Object>singletonMap(DESIRED_STATE,
                                                                                            desiredState));
 
@@ -1544,12 +1542,6 @@ public abstract class AbstractConfiguredObject<X extends ConfiguredObject<X>> im
         });
     }
 
-    protected void authoriseSetAttributes(final ConfiguredObject<?> proxyForValidation,
-                                          final Set<String> modifiedAttributes)
-    {
-
-    }
-
     protected void changeAttributes(final Map<String, Object> attributes)
     {
         validateChange(createProxyForValidation(attributes), attributes.keySet());
@@ -1608,17 +1600,61 @@ public abstract class AbstractConfiguredObject<X extends ConfiguredObject<X>> im
     {
         return (ConfiguredObject<?>) Proxy.newProxyInstance(getClass().getClassLoader(),
                                                             new Class<?>[]{_bestFitInterface},
-                                                            new AttributeGettingHandler(attributes));
+                                                            new AttributeGettingHandler(attributes, _attributeTypes, this));
+    }
+
+    private ConfiguredObject<?> createProxyForAuthorisation(final Class<? extends ConfiguredObject> category,
+                                                            final Map<String, Object> attributes,
+                                                            final ConfiguredObject<?> parent,
+                                                            final ConfiguredObject<?>... otherParents)
+    {
+        return (ConfiguredObject<?>) Proxy.newProxyInstance(getClass().getClassLoader(),
+                                                            new Class<?>[]{category},
+                                                            new AuthorisationProxyInvocationHandler(attributes,
+                                                                    getModel().getTypeRegistry().getAttributeTypes(category),
+                                                                    category, parent, otherParents));
+    }
+
+    protected final <C extends ConfiguredObject<?>> void authoriseCreateChild(Class<C> childClass, Map<String, Object> attributes, ConfiguredObject... otherParents) throws AccessControlException
+    {
+        ConfiguredObject<?> configuredObject = createProxyForAuthorisation(childClass, attributes, this, otherParents);
+        getSecurityManager().authoriseCreate(configuredObject);
+    }
+
+    protected final void authoriseCreate(ConfiguredObject<?> object) throws AccessControlException
+    {
+        getSecurityManager().authoriseCreate(object);
+    }
+
+    protected final void authoriseSetAttributes(final ConfiguredObject<?> proxyForValidation,
+                                                               final Set<String> modifiedAttributes)
+    {
+        if (modifiedAttributes.contains(DESIRED_STATE) && State.DELETED.equals(proxyForValidation.getDesiredState()))
+        {
+            authoriseDelete(this);
+            if (modifiedAttributes.size() == 1)
+            {
+                // nothing left to authorize
+                return;
+            }
+        }
+        getSecurityManager().authoriseUpdate(this);
     }
 
-    protected void authoriseSetDesiredState(State desiredState) throws AccessControlException
+    protected final void authoriseDelete(ConfiguredObject<?> object)
     {
-        // allowed by default
+        getSecurityManager().authoriseDelete(object);
     }
 
-    protected <C extends ConfiguredObject> void authoriseCreateChild(Class<C> childClass, Map<String, Object> attributes, ConfiguredObject... otherParents) throws AccessControlException
+    protected SecurityManager getSecurityManager()
     {
-        // allowed by default
+        Broker broker = getModel().getAncestor(Broker.class, getCategoryClass(), this);
+        if (broker != null )
+        {
+            return broker.getSecurityManager();
+        }
+        LOGGER.warn("Broker parent is not found for " + getName() + " of type " + getClass());
+        return null;
     }
 
     @Override
@@ -1903,15 +1939,23 @@ public abstract class AbstractConfiguredObject<X extends ConfiguredObject<X>> im
     }
 
 
-    private class AttributeGettingHandler implements InvocationHandler
+    private static class AttributeGettingHandler implements InvocationHandler
     {
-        private Map<String,Object> _attributes;
+        private final Map<String,Object> _attributes;
+        private final Map<String, ConfiguredObjectAttribute<?,?>> _attributeTypes;
+        private final ConfiguredObject<?> _configuredObject;
 
-        AttributeGettingHandler(final Map<String, Object> modifiedAttributes)
+        AttributeGettingHandler(final Map<String, Object> modifiedAttributes, Map<String, ConfiguredObjectAttribute<?,?>> attributeTypes, ConfiguredObject<?> configuredObject)
         {
-            Map<String,Object> combinedAttributes = new HashMap<String, Object>(getActualAttributes());
+            Map<String,Object> combinedAttributes = new HashMap<>();
+            if (configuredObject != null)
+            {
+                combinedAttributes.putAll(configuredObject.getActualAttributes());
+            }
             combinedAttributes.putAll(modifiedAttributes);
             _attributes = combinedAttributes;
+            _attributeTypes = attributeTypes;
+            _configuredObject = configuredObject;
         }
 
         @Override
@@ -1940,16 +1984,26 @@ public abstract class AbstractConfiguredObject<X extends ConfiguredObject<X>> im
 
         protected Object getValue(final ConfiguredObjectAttribute attribute)
         {
+            Object value;
             if(attribute.isAutomated())
             {
-                ConfiguredAutomatedAttribute autoAttr = (ConfiguredAutomatedAttribute)attribute;
-                Object value = _attributes.get(attribute.getName());
-                return attribute.convert(value == null && !"".equals(autoAttr.defaultValue()) ? autoAttr.defaultValue() : value , AbstractConfiguredObject.this);
+                ConfiguredAutomatedAttribute autoAttr = (ConfiguredAutomatedAttribute) attribute;
+                value = _attributes.get(attribute.getName());
+                if (value == null && !"".equals(autoAttr.defaultValue()))
+                {
+                    value = autoAttr.defaultValue();
+                }
             }
             else
             {
-                return _attributes.get(attribute.getName());
+                value = _attributes.get(attribute.getName());
             }
+            return convert(attribute, value);
+        }
+
+        protected Object convert(ConfiguredObjectAttribute attribute, Object value)
+        {
+            return attribute.convert(value, _configuredObject);
         }
 
         private ConfiguredObjectAttribute getAttributeFromMethod(final Method method)
@@ -1966,6 +2020,54 @@ public abstract class AbstractConfiguredObject<X extends ConfiguredObject<X>> im
         }
     }
 
+    private static class AuthorisationProxyInvocationHandler extends AttributeGettingHandler
+    {
+        private final Class<? extends ConfiguredObject> _category;
+        private final Map<Class<? extends ConfiguredObject>, ConfiguredObject<?>> _parents;
+        private final ConfiguredObject<?> _parent   ;
+
+        AuthorisationProxyInvocationHandler(Map<String, Object> attributes,
+                                            Map<String, ConfiguredObjectAttribute<?, ?>> attributeTypes,
+                                            Class<? extends ConfiguredObject> categoryClass,
+                                            ConfiguredObject<?> parent,
+                                            ConfiguredObject<?>... parents)
+        {
+            super(attributes, attributeTypes, null);
+            _parent = parent;
+            _category = categoryClass;
+            _parents = new HashMap<>();
+            if (parents != null)
+            {
+                for (ConfiguredObject<?> parentObject : parents)
+                {
+                    _parents.put(parentObject.getCategoryClass(), parentObject);
+                }
+            }
+            _parents.put(parent.getCategoryClass(), parent);
+        }
+
+        @Override
+        public Object invoke(final Object proxy, final Method method, final Object[] args) throws Throwable
+        {
+            if(method.getName().equals("getParent") && args != null && args.length == 1 && args[0] instanceof Class)
+            {
+                Class<ConfiguredObject> parentClass = (Class<ConfiguredObject> )args[0];
+                return _parents.get(parentClass);
+            }
+            else if(method.getName().equals("getCategoryClass"))
+            {
+                return _category;
+            }
+            return super.invoke(proxy, method, args);
+        }
+
+        @Override
+        protected Object convert(ConfiguredObjectAttribute attribute, Object value)
+        {
+            return attribute.convert(value, _parent);
+        }
+    }
+
     protected final static class DuplicateIdException extends IllegalArgumentException
     {
         public DuplicateIdException(final ConfiguredObject<?> child)
diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/adapter/AbstractPluginAdapter.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/adapter/AbstractPluginAdapter.java
index 3e662fac32..9008705de1 100644
--- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/adapter/AbstractPluginAdapter.java
+++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/adapter/AbstractPluginAdapter.java
@@ -20,7 +20,6 @@
  */
 package org.apache.qpid.server.model.adapter;
 
-import java.security.AccessControlException;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.Map;
@@ -30,8 +29,6 @@ import org.apache.qpid.server.model.AbstractConfiguredObject;
 import org.apache.qpid.server.model.Broker;
 import org.apache.qpid.server.model.ConfiguredObject;
 import org.apache.qpid.server.model.Plugin;
-import org.apache.qpid.server.model.State;
-import org.apache.qpid.server.security.access.Operation;
 
 public abstract class AbstractPluginAdapter<X extends Plugin<X>> extends AbstractConfiguredObject<X> implements Plugin<X>
 {
@@ -70,27 +67,6 @@ public abstract class AbstractPluginAdapter<X extends Plugin<X>> extends Abstrac
         return Collections.emptyList();
     }
 
-    @Override
-    protected void authoriseSetDesiredState(State desiredState) throws AccessControlException
-    {
-        if(desiredState == State.DELETED)
-        {
-            if (!_broker.getSecurityManager().authoriseConfiguringBroker(getName(), Plugin.class, Operation.DELETE))
-            {
-                throw new AccessControlException("Deletion of plugin is denied");
-            }
-        }
-    }
-
-    @Override
-    protected void authoriseSetAttributes(ConfiguredObject<?> modified, Set<String> attributes) throws AccessControlException
-    {
-        if (!_broker.getSecurityManager().authoriseConfiguringBroker(getName(), Plugin.class, Operation.UPDATE))
-        {
-            throw new AccessControlException("Setting of plugin attributes is denied");
-        }
-    }
-
     protected Broker<?> getBroker()
     {
         return _broker;
diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/adapter/BrokerAdapter.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/adapter/BrokerAdapter.java
index 28eea21093..be1d6ebf59 100644
--- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/adapter/BrokerAdapter.java
+++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/adapter/BrokerAdapter.java
@@ -51,7 +51,6 @@ import org.apache.qpid.server.plugin.ConfigurationSecretEncrypterFactory;
 import org.apache.qpid.server.plugin.PluggableFactoryLoader;
 import org.apache.qpid.server.security.SecurityManager;
 import org.apache.qpid.server.security.SubjectCreator;
-import org.apache.qpid.server.security.access.Operation;
 import org.apache.qpid.server.security.auth.manager.SimpleAuthenticationManager;
 import org.apache.qpid.server.stats.StatisticsCounter;
 import org.apache.qpid.server.stats.StatisticsGatherer;
@@ -877,35 +876,6 @@ public class BrokerAdapter extends AbstractConfiguredObject<BrokerAdapter> imple
         return children;
     }
 
-    @Override
-    protected <C extends ConfiguredObject> void authoriseCreateChild(Class<C> childClass, Map<String, Object> attributes,
-            ConfiguredObject... otherParents) throws AccessControlException
-    {
-        if (childClass == VirtualHostNode.class)
-        {
-            _securityManager.authoriseVirtualHostNode(String.valueOf(attributes.get(NAME)), Operation.CREATE);
-
-        }
-        else
-        {
-            if (!_securityManager.authoriseConfiguringBroker(String.valueOf(attributes.get(NAME)),
-                                                             childClass,
-                                                             Operation.CREATE))
-            {
-                throw new AccessControlException("Creation of new broker level entity is denied");
-            }
-        }
-    }
-
-    @Override
-    protected void authoriseSetAttributes(ConfiguredObject<?> modified, Set<String> attributes) throws AccessControlException
-    {
-        if (!_securityManager.authoriseConfiguringBroker(getName(), Broker.class, Operation.UPDATE))
-        {
-            throw new AccessControlException("Setting of broker attributes is denied");
-        }
-    }
-
     @Override
     public boolean isManagementMode()
     {
diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/adapter/FileBasedGroupProviderImpl.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/adapter/FileBasedGroupProviderImpl.java
index 327b7ddfe9..fda8a6f2e9 100644
--- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/adapter/FileBasedGroupProviderImpl.java
+++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/adapter/FileBasedGroupProviderImpl.java
@@ -21,7 +21,6 @@ package org.apache.qpid.server.model.adapter;
 
 import java.io.File;
 import java.io.IOException;
-import java.security.AccessControlException;
 import java.security.Principal;
 import java.util.ArrayList;
 import java.util.Collection;
@@ -47,7 +46,6 @@ import org.apache.qpid.server.model.ManagedObjectFactoryConstructor;
 import org.apache.qpid.server.model.State;
 import org.apache.qpid.server.model.StateTransition;
 import org.apache.qpid.server.security.SecurityManager;
-import org.apache.qpid.server.security.access.Operation;
 import org.apache.qpid.server.security.auth.UsernamePrincipal;
 import org.apache.qpid.server.security.group.FileGroupDatabase;
 import org.apache.qpid.server.security.group.GroupPrincipal;
@@ -215,8 +213,6 @@ public class FileBasedGroupProviderImpl
         {
             String groupName = (String) attributes.get(Group.NAME);
 
-            getSecurityManager().authoriseGroupOperation(Operation.CREATE, groupName);
-
             if (getState() != State.ACTIVE)
             {
                 throw new IllegalConfigurationException(String.format("Group provider '%s' is not activated. Cannot create a group.", getName()));
@@ -258,8 +254,8 @@ public class FileBasedGroupProviderImpl
         }
     }
 
-
-    private SecurityManager getSecurityManager()
+    @Override
+    protected SecurityManager getSecurityManager()
     {
         return _broker.getSecurityManager();
     }
@@ -337,27 +333,6 @@ public class FileBasedGroupProviderImpl
         // no-op, as per above, groups are not in the store
     }
 
-    @Override
-    protected void authoriseSetDesiredState(State desiredState) throws AccessControlException
-    {
-        if(desiredState == State.DELETED)
-        {
-            if (!_broker.getSecurityManager().authoriseConfiguringBroker(getName(), GroupProvider.class, Operation.DELETE))
-            {
-                throw new AccessControlException("Deletion of groups provider is denied");
-            }
-        }
-    }
-
-    @Override
-    protected void authoriseSetAttributes(ConfiguredObject<?> modified, Set<String> attributes) throws AccessControlException
-    {
-        if (!_broker.getSecurityManager().authoriseConfiguringBroker(getName(), GroupProvider.class, Operation.UPDATE))
-        {
-            throw new AccessControlException("Setting of group provider attributes is denied");
-        }
-    }
-
     private class GroupAdapter extends AbstractConfiguredObject<GroupAdapter> implements Group<GroupAdapter>
     {
         private GroupPrincipal _groupPrincipal;
@@ -440,8 +415,6 @@ public class FileBasedGroupProviderImpl
             {
                 String memberName = (String) attributes.get(GroupMember.NAME);
 
-                getSecurityManager().authoriseGroupOperation(Operation.UPDATE, getName());
-
                 _groupDatabase.addUserToGroup(memberName, getName());
                 UUID id = UUID.randomUUID();
                 Map<String,Object> attrMap = new HashMap<String, Object>();
@@ -461,7 +434,6 @@ public class FileBasedGroupProviderImpl
         @StateTransition( currentState = State.ACTIVE, desiredState = State.DELETED )
         private void doDelete()
         {
-            getSecurityManager().authoriseGroupOperation(Operation.DELETE, getName());
             _groupDatabase.removeGroup(getName());
             deleted();
             setState(State.DELETED);
@@ -530,8 +502,6 @@ public class FileBasedGroupProviderImpl
             @StateTransition(currentState = State.ACTIVE, desiredState = State.DELETED)
             private void doDelete()
             {
-                getSecurityManager().authoriseGroupOperation(Operation.UPDATE, GroupAdapter.this.getName());
-
                 _groupDatabase.removeUserFromGroup(getName(), GroupAdapter.this.getName());
                 deleted();
                 setState(State.DELETED);
diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/adapter/FileSystemPreferencesProviderImpl.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/adapter/FileSystemPreferencesProviderImpl.java
index 7046f2973e..2b77b0d2a9 100644
--- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/adapter/FileSystemPreferencesProviderImpl.java
+++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/adapter/FileSystemPreferencesProviderImpl.java
@@ -211,6 +211,7 @@ public class FileSystemPreferencesProviderImpl
     @Override
     public Map<String, Object> getPreferences(String userId)
     {
+        getSecurityManager().authoriseUserUpdate(userId);
         return _store == null? Collections.<String, Object>emptyMap() : _store.getPreferences(userId);
     }
 
@@ -233,6 +234,10 @@ public class FileSystemPreferencesProviderImpl
             throw new IllegalStateException("Cannot delete preferences with preferences provider " + getName() + " in state " + getState() );
         }
 
+        for (String userId: userIDs)
+        {
+            getSecurityManager().authoriseUserUpdate(userId);
+        }
         return _store.deletePreferences(userIDs);
     }
 
diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/port/AbstractPort.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/port/AbstractPort.java
index 21827ffe58..791bbe4dd3 100644
--- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/port/AbstractPort.java
+++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/port/AbstractPort.java
@@ -21,7 +21,6 @@
 
 package org.apache.qpid.server.model.port;
 
-import java.security.AccessControlException;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.HashSet;
@@ -43,7 +42,6 @@ import org.apache.qpid.server.model.State;
 import org.apache.qpid.server.model.StateTransition;
 import org.apache.qpid.server.model.Transport;
 import org.apache.qpid.server.model.TrustStore;
-import org.apache.qpid.server.security.access.Operation;
 
 abstract public class AbstractPort<X extends AbstractPort<X>> extends AbstractConfiguredObject<X> implements Port<X>
 {
@@ -261,28 +259,6 @@ abstract public class AbstractPort<X extends AbstractPort<X>> extends AbstractCo
         return State.ACTIVE;
     }
 
-
-    @Override
-    protected void authoriseSetDesiredState(State desiredState) throws AccessControlException
-    {
-        if(desiredState == State.DELETED)
-        {
-            if (!_broker.getSecurityManager().authoriseConfiguringBroker(getName(), Port.class, Operation.DELETE))
-            {
-                throw new AccessControlException("Deletion of port is denied");
-            }
-        }
-    }
-
-    @Override
-    protected void authoriseSetAttributes(ConfiguredObject<?> modified, Set<String> attributes) throws AccessControlException
-    {
-        if (!_broker.getSecurityManager().authoriseConfiguringBroker(getName(), Port.class, Operation.UPDATE))
-        {
-            throw new AccessControlException("Setting of port attributes is denied");
-        }
-    }
-
     @Override
     public Collection<String> getEnabledCipherSuites()
     {
diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/queue/AbstractQueue.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/queue/AbstractQueue.java
index b85377e2a7..04d5fef462 100644
--- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/queue/AbstractQueue.java
+++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/queue/AbstractQueue.java
@@ -267,12 +267,6 @@ public abstract class AbstractQueue<X extends AbstractQueue<X>>
 
     }
 
-    @Override
-    protected void validateOnCreate()
-    {
-        _virtualHost.getSecurityManager().authoriseCreateQueue(this);
-    }
-
     @Override
     protected void onCreate()
     {
@@ -3006,12 +3000,6 @@ public abstract class AbstractQueue<X extends AbstractQueue<X>>
         }
     }
 
-    @Override
-    protected void authoriseSetAttributes(ConfiguredObject<?> modified, Set<String> attributes) throws AccessControlException
-    {
-        _virtualHost.getSecurityManager().authoriseUpdate(this);
-    }
-
     int getMaxAsyncDeliveries()
     {
         return _maxAsyncDeliveries;
diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/queue/QueueConsumerImpl.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/queue/QueueConsumerImpl.java
index 6b02a84e83..12ab353c8a 100644
--- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/queue/QueueConsumerImpl.java
+++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/queue/QueueConsumerImpl.java
@@ -51,6 +51,7 @@ import org.apache.qpid.server.model.ManagedAttributeField;
 import org.apache.qpid.server.model.State;
 import org.apache.qpid.server.protocol.AMQSessionModel;
 import org.apache.qpid.server.protocol.MessageConverterRegistry;
+import org.apache.qpid.server.security.SecurityManager;
 import org.apache.qpid.server.util.StateChangeListener;
 
 class QueueConsumerImpl
@@ -126,7 +127,7 @@ class QueueConsumerImpl
         _queue = queue;
 
         // Access control
-        _queue.getVirtualHost().getSecurityManager().authoriseCreateConsumer(this);
+        authoriseCreate(this);
 
         open();
 
@@ -145,6 +146,12 @@ class QueueConsumerImpl
         _target.addStateListener(_listener);
     }
 
+    @Override
+    protected SecurityManager getSecurityManager()
+    {
+        return _queue.getVirtualHost().getSecurityManager();
+    }
+
     private static Map<String, Object> createAttributeMap(String name, FilterManager filters, EnumSet<Option> optionSet)
     {
         Map<String,Object> attributes = new HashMap<String, Object>();
diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/FileKeyStoreImpl.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/FileKeyStoreImpl.java
index aa5f55dfb4..bf648186d2 100644
--- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/FileKeyStoreImpl.java
+++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/FileKeyStoreImpl.java
@@ -24,7 +24,6 @@ import java.io.File;
 import java.io.IOException;
 import java.net.MalformedURLException;
 import java.net.URL;
-import java.security.AccessControlException;
 import java.security.GeneralSecurityException;
 import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
@@ -50,7 +49,6 @@ import org.apache.qpid.server.model.ManagedObjectFactoryConstructor;
 import org.apache.qpid.server.model.Port;
 import org.apache.qpid.server.model.State;
 import org.apache.qpid.server.model.StateTransition;
-import org.apache.qpid.server.security.access.Operation;
 import org.apache.qpid.server.util.ServerScopedRuntimeException;
 import org.apache.qpid.server.util.urlstreamhandler.data.Handler;
 import org.apache.qpid.transport.network.security.ssl.QpidClientX509KeyManager;
@@ -121,27 +119,6 @@ public class FileKeyStoreImpl extends AbstractConfiguredObject<FileKeyStoreImpl>
         setState(State.ACTIVE);
     }
 
-    @Override
-    protected void authoriseSetDesiredState(State desiredState) throws AccessControlException
-    {
-        if(desiredState == State.DELETED)
-        {
-            if (!_broker.getSecurityManager().authoriseConfiguringBroker(getName(), KeyStore.class, Operation.DELETE))
-            {
-                throw new AccessControlException("Deletion of key store is denied");
-            }
-        }
-    }
-
-    @Override
-    protected void authoriseSetAttributes(ConfiguredObject<?> modified, Set<String> attributes) throws AccessControlException
-    {
-        if (!_broker.getSecurityManager().authoriseConfiguringBroker(getName(), KeyStore.class, Operation.UPDATE))
-        {
-            throw new AccessControlException("Setting key store attributes is denied");
-        }
-    }
-
     @Override
     protected void validateChange(final ConfiguredObject<?> proxyForValidation, final Set<String> changedAttributes)
     {
diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/FileTrustStoreImpl.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/FileTrustStoreImpl.java
index fb161fef4e..b53dcf9ea1 100644
--- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/FileTrustStoreImpl.java
+++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/FileTrustStoreImpl.java
@@ -24,7 +24,6 @@ import java.io.File;
 import java.io.IOException;
 import java.net.MalformedURLException;
 import java.net.URL;
-import java.security.AccessControlException;
 import java.security.GeneralSecurityException;
 import java.security.KeyStore;
 import java.security.NoSuchAlgorithmException;
@@ -50,7 +49,6 @@ import org.apache.qpid.server.model.Port;
 import org.apache.qpid.server.model.State;
 import org.apache.qpid.server.model.StateTransition;
 import org.apache.qpid.server.model.TrustStore;
-import org.apache.qpid.server.security.access.Operation;
 import org.apache.qpid.server.security.auth.manager.SimpleLDAPAuthenticationManager;
 import org.apache.qpid.server.util.urlstreamhandler.data.Handler;
 import org.apache.qpid.transport.network.security.ssl.QpidMultipleTrustManager;
@@ -147,27 +145,6 @@ public class FileTrustStoreImpl extends AbstractConfiguredObject<FileTrustStoreI
         setState(State.ACTIVE);
     }
 
-    @Override
-    protected void authoriseSetDesiredState(State desiredState) throws AccessControlException
-    {
-        if(desiredState == State.DELETED)
-        {
-            if (!_broker.getSecurityManager().authoriseConfiguringBroker(getName(), TrustStore.class, Operation.DELETE))
-            {
-                throw new AccessControlException("Deletion of key store is denied");
-            }
-        }
-    }
-
-    @Override
-    protected void authoriseSetAttributes(ConfiguredObject<?> modified, Set<String> attributes) throws AccessControlException
-    {
-        if (!_broker.getSecurityManager().authoriseConfiguringBroker(getName(), TrustStore.class, Operation.UPDATE))
-        {
-            throw new AccessControlException("Setting key store attributes is denied");
-        }
-    }
-
     @Override
     protected void validateChange(final ConfiguredObject<?> proxyForValidation, final Set<String> changedAttributes)
     {
diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/NonJavaKeyStoreImpl.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/NonJavaKeyStoreImpl.java
index f6298ab383..0c68cb467e 100644
--- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/NonJavaKeyStoreImpl.java
+++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/NonJavaKeyStoreImpl.java
@@ -32,7 +32,6 @@ import java.net.URL;
 import java.nio.BufferUnderflowException;
 import java.nio.ByteBuffer;
 import java.nio.charset.StandardCharsets;
-import java.security.AccessControlException;
 import java.security.GeneralSecurityException;
 import java.security.KeyFactory;
 import java.security.PrivateKey;
@@ -64,14 +63,12 @@ import org.apache.qpid.server.model.AbstractConfiguredObject;
 import org.apache.qpid.server.model.Broker;
 import org.apache.qpid.server.model.ConfiguredObject;
 import org.apache.qpid.server.model.IntegrityViolationException;
-import org.apache.qpid.server.model.KeyStore;
 import org.apache.qpid.server.model.ManagedAttributeField;
 import org.apache.qpid.server.model.ManagedObject;
 import org.apache.qpid.server.model.ManagedObjectFactoryConstructor;
 import org.apache.qpid.server.model.Port;
 import org.apache.qpid.server.model.State;
 import org.apache.qpid.server.model.StateTransition;
-import org.apache.qpid.server.security.access.Operation;
 import org.apache.qpid.server.util.urlstreamhandler.data.Handler;
 
 @ManagedObject( category = false )
@@ -210,28 +207,6 @@ public class NonJavaKeyStoreImpl extends AbstractConfiguredObject<NonJavaKeyStor
         setState(State.ACTIVE);
     }
 
-    @Override
-    protected void authoriseSetDesiredState(State desiredState) throws AccessControlException
-    {
-        if (desiredState == State.DELETED)
-        {
-            if (!_broker.getSecurityManager().authoriseConfiguringBroker(getName(), KeyStore.class, Operation.DELETE))
-            {
-                throw new AccessControlException("Deletion of key store is denied");
-            }
-        }
-    }
-
-    @Override
-    protected void authoriseSetAttributes(ConfiguredObject<?> modified, Set<String> attributes)
-            throws AccessControlException
-    {
-        if (!_broker.getSecurityManager().authoriseConfiguringBroker(getName(), KeyStore.class, Operation.UPDATE))
-        {
-            throw new AccessControlException("Setting key store attributes is denied");
-        }
-    }
-
     @Override
     protected void validateChange(final ConfiguredObject<?> proxyForValidation, final Set<String> changedAttributes)
     {
diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/NonJavaTrustStoreImpl.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/NonJavaTrustStoreImpl.java
index 993d689fb6..bd46b76a66 100644
--- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/NonJavaTrustStoreImpl.java
+++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/NonJavaTrustStoreImpl.java
@@ -25,7 +25,6 @@ import java.io.IOException;
 import java.io.InputStream;
 import java.net.MalformedURLException;
 import java.net.URL;
-import java.security.AccessControlException;
 import java.security.GeneralSecurityException;
 import java.security.cert.Certificate;
 import java.security.cert.CertificateException;
@@ -53,7 +52,6 @@ import org.apache.qpid.server.model.AuthenticationProvider;
 import org.apache.qpid.server.model.Broker;
 import org.apache.qpid.server.model.ConfiguredObject;
 import org.apache.qpid.server.model.IntegrityViolationException;
-import org.apache.qpid.server.model.KeyStore;
 import org.apache.qpid.server.model.ManagedAttributeField;
 import org.apache.qpid.server.model.ManagedObject;
 import org.apache.qpid.server.model.ManagedObjectFactoryConstructor;
@@ -61,7 +59,6 @@ import org.apache.qpid.server.model.Port;
 import org.apache.qpid.server.model.State;
 import org.apache.qpid.server.model.StateTransition;
 import org.apache.qpid.server.model.TrustStore;
-import org.apache.qpid.server.security.access.Operation;
 import org.apache.qpid.server.security.auth.manager.SimpleLDAPAuthenticationManager;
 import org.apache.qpid.server.util.urlstreamhandler.data.Handler;
 
@@ -223,28 +220,6 @@ public class NonJavaTrustStoreImpl
         setState(State.ACTIVE);
     }
 
-    @Override
-    protected void authoriseSetDesiredState(State desiredState) throws AccessControlException
-    {
-        if (desiredState == State.DELETED)
-        {
-            if (!_broker.getSecurityManager().authoriseConfiguringBroker(getName(), KeyStore.class, Operation.DELETE))
-            {
-                throw new AccessControlException("Deletion of key store is denied");
-            }
-        }
-    }
-
-    @Override
-    protected void authoriseSetAttributes(ConfiguredObject<?> modified, Set<String> attributes)
-            throws AccessControlException
-    {
-        if (!_broker.getSecurityManager().authoriseConfiguringBroker(getName(), KeyStore.class, Operation.UPDATE))
-        {
-            throw new AccessControlException("Setting key store attributes is denied");
-        }
-    }
-
     @Override
     protected void validateChange(final ConfiguredObject<?> proxyForValidation, final Set<String> changedAttributes)
     {
diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/SecurityManager.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/SecurityManager.java
index 71878dcf72..922d64e6ee 100755
--- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/SecurityManager.java
+++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/SecurityManager.java
@@ -20,13 +20,12 @@ package org.apache.qpid.server.security;
 
 import static org.apache.qpid.server.security.access.ObjectType.BROKER;
 import static org.apache.qpid.server.security.access.ObjectType.EXCHANGE;
-import static org.apache.qpid.server.security.access.ObjectType.GROUP;
 import static org.apache.qpid.server.security.access.ObjectType.METHOD;
 import static org.apache.qpid.server.security.access.ObjectType.QUEUE;
 import static org.apache.qpid.server.security.access.ObjectType.USER;
-import static org.apache.qpid.server.security.access.ObjectType.VIRTUALHOST;
-import static org.apache.qpid.server.security.access.ObjectType.VIRTUALHOSTNODE;
-import static org.apache.qpid.server.security.access.Operation.*;
+import static org.apache.qpid.server.security.access.Operation.ACCESS_LOGS;
+import static org.apache.qpid.server.security.access.Operation.PUBLISH;
+import static org.apache.qpid.server.security.access.Operation.PURGE;
 
 import java.security.AccessControlException;
 import java.security.AccessController;
@@ -39,15 +38,35 @@ import java.util.concurrent.ConcurrentMap;
 
 import javax.security.auth.Subject;
 
-import org.apache.qpid.server.binding.BindingImpl;
-import org.apache.qpid.server.consumer.ConsumerImpl;
-import org.apache.qpid.server.exchange.ExchangeImpl;
+import org.apache.log4j.Logger;
 import org.apache.qpid.server.model.AccessControlProvider;
+import org.apache.qpid.server.model.AuthenticationProvider;
+import org.apache.qpid.server.model.Binding;
 import org.apache.qpid.server.model.Broker;
 import org.apache.qpid.server.model.ConfiguredObject;
+import org.apache.qpid.server.model.Connection;
+import org.apache.qpid.server.model.Consumer;
+import org.apache.qpid.server.model.Exchange;
+import org.apache.qpid.server.model.ExclusivityPolicy;
+import org.apache.qpid.server.model.Group;
+import org.apache.qpid.server.model.GroupMember;
+import org.apache.qpid.server.model.GroupProvider;
+import org.apache.qpid.server.model.KeyStore;
+import org.apache.qpid.server.model.LifetimePolicy;
+import org.apache.qpid.server.model.Model;
+import org.apache.qpid.server.model.Plugin;
+import org.apache.qpid.server.model.Port;
+import org.apache.qpid.server.model.Queue;
+import org.apache.qpid.server.model.RemoteReplicationNode;
+import org.apache.qpid.server.model.Session;
 import org.apache.qpid.server.model.State;
+import org.apache.qpid.server.model.TrustStore;
+import org.apache.qpid.server.model.User;
+import org.apache.qpid.server.model.VirtualHost;
+import org.apache.qpid.server.model.VirtualHostAlias;
+import org.apache.qpid.server.model.VirtualHostNode;
 import org.apache.qpid.server.protocol.AMQConnectionModel;
-import org.apache.qpid.server.queue.AMQQueue;
+import org.apache.qpid.server.queue.QueueConsumer;
 import org.apache.qpid.server.security.access.ObjectProperties;
 import org.apache.qpid.server.security.access.ObjectProperties.Property;
 import org.apache.qpid.server.security.access.ObjectType;
@@ -58,20 +77,22 @@ import org.apache.qpid.server.security.auth.TaskPrincipal;
 
 public class SecurityManager
 {
+    private static final Logger LOGGER = Logger.getLogger(SecurityManager.class);
+
     private static final Subject SYSTEM = new Subject(true,
                                                      Collections.singleton(new SystemPrincipal()),
                                                      Collections.emptySet(),
                                                      Collections.emptySet());
 
     private final boolean _managementMode;
-    private final Broker<?> _broker;
+    private final ConfiguredObject<?> _aclProvidersParent;
 
-    private final ConcurrentMap<PublishAccessCheckCacheEntry, PublishAccessCheck> _publishAccessCheckCache = new ConcurrentHashMap<PublishAccessCheckCacheEntry, SecurityManager.PublishAccessCheck>();
+    private final ConcurrentMap<PublishAccessCheckCacheEntry, PublishAccessCheck> _publishAccessCheckCache = new ConcurrentHashMap<>();
 
-    public SecurityManager(Broker<?> broker, boolean managementMode)
+    public SecurityManager(ConfiguredObject<?> aclProvidersParent, boolean managementMode)
     {
         _managementMode = managementMode;
-        _broker = broker;
+        _aclProvidersParent = aclProvidersParent;
     }
 
     public static Subject getSubjectWithAddedSystemRights()
@@ -99,11 +120,6 @@ public class SecurityManager
         return subject;
     }
 
-    private String getPluginTypeName(AccessControl accessControl)
-    {
-        return accessControl.getClass().getName();
-    }
-
     public static boolean isSystemProcess()
     {
         Subject subject = Subject.getSubject(AccessController.getContext());
@@ -161,7 +177,7 @@ public class SecurityManager
         }
 
 
-        Collection<AccessControlProvider<?>> accessControlProviders = _broker.getAccessControlProviders();
+        Collection<AccessControlProvider> accessControlProviders = _aclProvidersParent.getChildren(AccessControlProvider.class);
         if(accessControlProviders != null && !accessControlProviders.isEmpty())
         {
             AccessControlProvider<?> accessControlProvider = accessControlProviders.iterator().next();
@@ -184,22 +200,6 @@ public class SecurityManager
         return true;
     }
 
-    public void authoriseCreateBinding(final BindingImpl binding)
-    {
-        boolean allowed = checkAllPlugins(new AccessCheck()
-        {
-            Result allowed(AccessControl plugin)
-            {
-                return plugin.authorise(BIND, EXCHANGE, new ObjectProperties(binding));
-            }
-        });
-
-        if(!allowed)
-        {
-            throw new AccessControlException("Permission denied: binding " + binding.getBindingKey());
-        }
-    }
-
     public void authoriseMethod(final Operation operation, final String componentName, final String methodName, final String virtualHostName)
     {
         boolean allowed =  checkAllPlugins(new AccessCheck()
@@ -239,176 +239,300 @@ public class SecurityManager
         }
     }
 
-    public void authoriseVirtualHostNode(final String virtualHostNodeName, final Operation operation)
+    public void authoriseCreateConnection(final AMQConnectionModel connection)
     {
-        if(!checkAllPlugins(new AccessCheck()
-        {
-            Result allowed(AccessControl plugin)
-            {
-                ObjectProperties properties = new ObjectProperties(virtualHostNodeName);
-                return plugin.authorise(operation, VIRTUALHOSTNODE, properties);
-            }
-        }))
+        String virtualHostName = connection.getVirtualHostName();
+        ObjectProperties properties = new ObjectProperties(virtualHostName);
+        properties.put(Property.VIRTUALHOST_NAME, virtualHostName);
+        if (!checkAllPlugins(ObjectType.VIRTUALHOST,  properties, Operation.ACCESS))
         {
-            throw new AccessControlException(operation + " permission denied for " + VIRTUALHOSTNODE
-                                             + " : " + virtualHostNodeName);
+            throw new AccessControlException("Permission denied: " + virtualHostName);
         }
     }
 
-    public void authoriseVirtualHost(final String virtualHostName, final Operation operation)
+    public void authoriseCreate(ConfiguredObject<?> object)
     {
-        if(!checkAllPlugins(new AccessCheck()
-        {
-            Result allowed(AccessControl plugin)
-            {
-                // We put the name into the properties under both name and virtualhost_name so the user may express predicates using either.
-                ObjectProperties properties = new ObjectProperties(virtualHostName);
-                properties.put(Property.VIRTUALHOST_NAME, virtualHostName);
-                return plugin.authorise(operation, VIRTUALHOST, properties);
-            }
-        }))
-        {
-            throw new AccessControlException(operation + " permission denied for " + VIRTUALHOST
-                                             + " : " + virtualHostName);
-        }
+        authorise(Operation.CREATE, object);
     }
 
-    public void authoriseCreateConnection(final AMQConnectionModel connection)
+    public void authoriseUpdate(ConfiguredObject<?> configuredObject)
     {
-        String virtualHostName = connection.getVirtualHostName();
-        try
+        authorise(Operation.UPDATE, configuredObject);
+    }
+
+    public void authoriseDelete(ConfiguredObject<?> configuredObject)
+    {
+        authorise(Operation.DELETE, configuredObject);
+    }
+
+    public void authorise(Operation operation, ConfiguredObject<?> configuredObject)
+    {
+        // If we are running as SYSTEM then no ACL checking
+        if(isSystemProcess() || _managementMode)
         {
-            authoriseVirtualHost(virtualHostName, Operation.ACCESS);
+            return;
         }
-        catch (AccessControlException ace)
+
+        if (Operation.CREATE == operation && configuredObject instanceof RemoteReplicationNode)
         {
-            throw new AccessControlException("Permission denied: " + virtualHostName);
+            // creation of remote replication node is out of control for user of this broker
+            return;
         }
-    }
 
-    public void authoriseCreateConsumer(final ConsumerImpl consumer)
-    {
-        // TODO - remove cast to AMQQueue and allow testing of consumption from any MessageSource
-        final AMQQueue queue = (AMQQueue) consumer.getMessageSource();
+        Class<? extends ConfiguredObject> categoryClass = configuredObject.getCategoryClass();
+        ObjectType objectType = getACLObjectTypeManagingConfiguredObjectOfCategory(categoryClass);
+        if (objectType == null)
+        {
+            LOGGER.warn("Cannot determine object type for " + configuredObject.getName() + " of category "
+                    + categoryClass + ". Skipping ACL check...");
+            return;
+        }
 
-        if(!checkAllPlugins(new AccessCheck()
+        ObjectProperties properties = getACLObjectProperties(configuredObject, operation);
+        Operation authoriseOperation = validateAuthoriseOperation(operation, categoryClass);
+        if(!checkAllPlugins(objectType, properties, authoriseOperation))
         {
-            Result allowed(AccessControl plugin)
+            String objectName = (String)configuredObject.getAttribute(ConfiguredObject.NAME);
+            StringBuilder exceptionMessage = new StringBuilder(String.format("Permission %s %s is denied for : %s %s '%s'",
+                    authoriseOperation.name(), objectType.name(), operation.name(), categoryClass.getSimpleName(), objectName ));
+            Model model = getModel();
+
+            Collection<Class<? extends ConfiguredObject>> parentClasses = model.getParentTypes(categoryClass);
+            if (parentClasses != null)
             {
-                return plugin.authorise(CONSUME, QUEUE, new ObjectProperties(queue));
+                exceptionMessage.append(" on");
+                for (Class<? extends ConfiguredObject> parentClass: parentClasses)
+                {
+                    String objectCategory = parentClass.getSimpleName();
+                    ConfiguredObject<?> parent = configuredObject.getParent(parentClass);
+                    exceptionMessage.append(" ").append(objectCategory);
+                    if (parent != null)
+                    {
+                        exceptionMessage.append(" '").append(parent.getAttribute(ConfiguredObject.NAME)).append("'");
+                    }
+                }
             }
-        }))
-        {
-            throw new AccessControlException("Permission denied: consume from queue '" + queue.getName() + "'.");
+            throw new AccessControlException(exceptionMessage.toString());
         }
     }
 
-    public void authoriseCreateExchange(final ExchangeImpl exchange)
+    private Model getModel()
     {
-        final String exchangeName = exchange.getName();
-        if(!checkAllPlugins(new AccessCheck()
-        {
-            Result allowed(AccessControl plugin)
-            {
-                return plugin.authorise(CREATE, EXCHANGE, new ObjectProperties(exchange));
-            }
-        }))
-        {
-            throw new AccessControlException("Permission denied: exchange-name '" + exchangeName + "'");
-        }
+        return _aclProvidersParent.getModel();
     }
 
-    public void authoriseCreateQueue(final AMQQueue queue)
+    private boolean checkAllPlugins(final ObjectType objectType, final ObjectProperties properties, final Operation authoriseOperation)
     {
-        final String queueName = queue.getName();
-        if(! checkAllPlugins(new AccessCheck()
+        return checkAllPlugins(new AccessCheck()
         {
             Result allowed(AccessControl plugin)
             {
-                return plugin.authorise(CREATE, QUEUE, new ObjectProperties(queue));
+                return plugin.authorise(authoriseOperation, objectType, properties);
             }
-        }))
-        {
-            throw new AccessControlException("Permission denied: queue-name '" + queueName + "'");
-        }
+        });
     }
 
-
-    public void authoriseDelete(final AMQQueue queue)
+    private Operation validateAuthoriseOperation(Operation operation, Class<? extends ConfiguredObject> category)
     {
-        if(!checkAllPlugins(new AccessCheck()
+        if (operation == Operation.CREATE || operation == Operation.UPDATE)
         {
-            Result allowed(AccessControl plugin)
+            if (Binding.class.isAssignableFrom(category))
             {
-                return plugin.authorise(DELETE, QUEUE, new ObjectProperties(queue));
+                // CREATE BINDING is transformed into BIND EXCHANGE rule
+                return Operation.BIND;
             }
-        }))
+            else if (Consumer.class.isAssignableFrom(category))
+            {
+                // CREATE CONSUMER is transformed into CONSUME QUEUE rule
+                return Operation.CONSUME;
+            }
+            else if (GroupMember.class.isAssignableFrom(category))
+            {
+                // CREATE GROUP MEMBER is transformed into UPDATE GROUP rule
+                return Operation.UPDATE;
+            }
+            else if (isBrokerOrBrokerChild(category))
+            {
+                // CREATE/UPDATE broker child is transformed into CONFIGURE BROKER rule
+                return Operation.CONFIGURE;
+            }
+        }
+        else if (operation == Operation.DELETE)
         {
-            throw new AccessControlException("Permission denied, delete queue: " + queue.getName());
+            if (Binding.class.isAssignableFrom(category))
+            {
+                // DELETE BINDING is transformed into UNBIND EXCHANGE rule
+                return Operation.UNBIND;
+            }
+            else if (isBrokerOrBrokerChild(category))
+            {
+                // DELETE broker child is transformed into CONFIGURE BROKER rule
+                return Operation.CONFIGURE;
+            }
+            else if (GroupMember.class.isAssignableFrom(category))
+            {
+                // DELETE GROUP MEMBER is transformed into UPDATE GROUP rule
+                return Operation.UPDATE;
+            }
         }
+        return operation;
     }
 
+    private boolean isBrokerOrBrokerChild(Class<? extends ConfiguredObject> category)
+    {
+        return Broker.class.isAssignableFrom(category)
+                || Port.class.isAssignableFrom(category)
+                || AuthenticationProvider.class.isAssignableFrom(category)
+                || AccessControlProvider.class.isAssignableFrom(category)
+                || GroupProvider.class.isAssignableFrom(category)
+                || KeyStore.class.isAssignableFrom(category)
+                || TrustStore.class.isAssignableFrom(category)
+                || Plugin.class.isAssignableFrom(category);
+    }
 
-    public void authoriseUpdate(final AMQQueue queue)
+    private ObjectProperties getACLObjectProperties(ConfiguredObject<?> configuredObject, Operation configuredObjectOperation)
     {
-        if(!checkAllPlugins(new AccessCheck()
+        String objectName = (String)configuredObject.getAttribute(ConfiguredObject.NAME);
+        Class<? extends ConfiguredObject> configuredObjectType = configuredObject.getCategoryClass();
+        ObjectProperties properties = new ObjectProperties(objectName);
+        if (configuredObject instanceof Binding)
         {
-            Result allowed(AccessControl plugin)
-            {
-                return plugin.authorise(UPDATE, QUEUE, new ObjectProperties(queue));
-            }
-        }))
+            Exchange<?> exchange = (Exchange<?>)configuredObject.getParent(Exchange.class);
+            Queue<?> queue = (Queue<?>)configuredObject.getParent(Queue.class);
+            properties.setName((String)exchange.getAttribute(Exchange.NAME));
+            properties.put(Property.QUEUE_NAME, (String)queue.getAttribute(Queue.NAME));
+            properties.put(Property.ROUTING_KEY, (String)configuredObject.getAttribute(Binding.NAME));
+            properties.put(Property.VIRTUALHOST_NAME, (String)queue.getParent(VirtualHost.class).getAttribute(VirtualHost.NAME));
+
+            // The temporary attribute (inherited from the binding's queue) seems to exist to allow the user to
+            // express rules about the binding of temporary queues (whose names cannot be predicted).
+            properties.put(Property.TEMPORARY, queue.getAttribute(Queue.LIFETIME_POLICY) != LifetimePolicy.PERMANENT);
+            properties.put(Property.DURABLE, (Boolean)queue.getAttribute(Queue.DURABLE));
+        }
+        else if (configuredObject instanceof Queue)
+        {
+            setQueueProperties(configuredObject, properties);
+        }
+        else if (configuredObject instanceof Exchange)
+        {
+            Object lifeTimePolicy = configuredObject.getAttribute(ConfiguredObject.LIFETIME_POLICY);
+            properties.put(Property.AUTO_DELETE, lifeTimePolicy != LifetimePolicy.PERMANENT);
+            properties.put(Property.TEMPORARY, lifeTimePolicy != LifetimePolicy.PERMANENT);
+            properties.put(Property.DURABLE, (Boolean) configuredObject.getAttribute(ConfiguredObject.DURABLE));
+            properties.put(Property.TYPE, (String) configuredObject.getAttribute(Exchange.TYPE));
+            VirtualHost virtualHost = configuredObject.getParent(VirtualHost.class);
+            properties.put(Property.VIRTUALHOST_NAME, (String)virtualHost.getAttribute(virtualHost.NAME));
+        }
+        else if (configuredObject instanceof QueueConsumer)
+        {
+            Queue<?> queue = (Queue<?>)configuredObject.getParent(Queue.class);
+            setQueueProperties(queue, properties);
+        }
+        else if (isBrokerOrBrokerChild(configuredObjectType))
         {
-            throw new AccessControlException("Permission denied: update queue: " + queue.getName());
+            String description = String.format("%s %s '%s'",
+                    configuredObjectOperation == null? null : configuredObjectOperation.name().toLowerCase(),
+                    configuredObjectType == null ? null : configuredObjectType.getSimpleName().toLowerCase(),
+                    objectName);
+            properties = new OperationLoggingDetails(description);
         }
+        return properties;
     }
 
+    private void setQueueProperties(ConfiguredObject<?>  queue, ObjectProperties properties)
+    {
+        properties.setName((String)queue.getAttribute(Exchange.NAME));
+        Object lifeTimePolicy = queue.getAttribute(ConfiguredObject.LIFETIME_POLICY);
+        properties.put(Property.AUTO_DELETE, lifeTimePolicy!= LifetimePolicy.PERMANENT);
+        properties.put(Property.TEMPORARY, lifeTimePolicy != LifetimePolicy.PERMANENT);
+        properties.put(Property.DURABLE, (Boolean)queue.getAttribute(ConfiguredObject.DURABLE));
+        properties.put(Property.EXCLUSIVE, queue.getAttribute(Queue.EXCLUSIVE) != ExclusivityPolicy.NONE);
+        Object alternateExchange = queue.getAttribute(Queue.ALTERNATE_EXCHANGE);
+        if (alternateExchange != null)
+        {
+            String name = alternateExchange instanceof ConfiguredObject ?
+                    (String)((ConfiguredObject)alternateExchange).getAttribute(ConfiguredObject.NAME) :
+                    String.valueOf(alternateExchange);
+            properties.put(Property.ALTERNATE,name);
+        }
+        String owner = (String)queue.getAttribute(Queue.OWNER);
+        if (owner != null)
+        {
+            properties.put(Property.OWNER, owner);
+        }
+        VirtualHost virtualHost = queue.getParent(VirtualHost.class);
+        properties.put(Property.VIRTUALHOST_NAME, (String)virtualHost.getAttribute(virtualHost.NAME));
+    }
 
-    public void authoriseUpdate(final ExchangeImpl exchange)
+    private ObjectType getACLObjectTypeManagingConfiguredObjectOfCategory(Class<? extends ConfiguredObject> category)
     {
-        if(!checkAllPlugins(new AccessCheck()
+        if (Binding.class.isAssignableFrom(category))
         {
-            Result allowed(AccessControl plugin)
-            {
-                return plugin.authorise(UPDATE, EXCHANGE, new ObjectProperties(exchange));
-            }
-        }))
+            return ObjectType.EXCHANGE;
+        }
+        else if (VirtualHostNode.class.isAssignableFrom(category))
         {
-            throw new AccessControlException("Permission denied: update exchange: " + exchange.getName());
+            return ObjectType.VIRTUALHOSTNODE;
         }
-    }
-
-    public void authoriseDelete(final ExchangeImpl exchange)
-    {
-        if(! checkAllPlugins(new AccessCheck()
+        else if (isBrokerOrBrokerChild(category))
         {
-            Result allowed(AccessControl plugin)
-            {
-                return plugin.authorise(DELETE, EXCHANGE, new ObjectProperties(exchange));
-            }
-        }))
+            return ObjectType.BROKER;
+        }
+        else if (Group.class.isAssignableFrom(category))
         {
-            throw new AccessControlException("Permission denied, delete exchange: '" + exchange.getName() + "'");
+            return ObjectType.GROUP;
         }
-    }
-
-    public void authoriseGroupOperation(final Operation operation, final String groupName)
-    {
-        if(!checkAllPlugins(new AccessCheck()
+        else if (GroupMember.class.isAssignableFrom(category))
         {
-            Result allowed(AccessControl plugin)
-            {
-                return plugin.authorise(operation, GROUP, new ObjectProperties(groupName));
-            }
-        }))
+            // UPDATE GROUP
+            return ObjectType.GROUP;
+        }
+        else if (User.class.isAssignableFrom(category))
         {
-            throw new AccessControlException("Do not have permission" +
-                                             " to perform the " + operation + " on the group " + groupName);
+            return ObjectType.USER;
+        }
+        else if (VirtualHost.class.isAssignableFrom(category))
+        {
+            return ObjectType.VIRTUALHOST;
         }
+        else if (VirtualHostAlias.class.isAssignableFrom(category))
+        {
+            return ObjectType.VIRTUALHOST;
+        }
+        else if (Queue.class.isAssignableFrom(category))
+        {
+            return ObjectType.QUEUE;
+        }
+        else if (Exchange.class.isAssignableFrom(category))
+        {
+            return ObjectType.EXCHANGE;
+        }
+        else if (Connection.class.isAssignableFrom(category))
+        {
+            // ACCESS VIRTUALHOST
+            return ObjectType.VIRTUALHOST;
+        }
+        else if (Session.class.isAssignableFrom(category))
+        {
+            // PUBLISH EXCHANGE
+            return ObjectType.EXCHANGE;
+        }
+        else if (Consumer.class.isAssignableFrom(category))
+        {
+            // CONSUME QUEUE
+            return ObjectType.QUEUE;
+        }
+        else if (RemoteReplicationNode.class.isAssignableFrom(category))
+        {
+            // VHN permissions apply to remote nodes
+            return ObjectType.VIRTUALHOSTNODE;
+        }
+        return null;
     }
 
-    public void authoriseUserOperation(final Operation operation, final String userName)
+    public void authoriseUserUpdate(final String userName)
     {
+        final Operation operation = Operation.UPDATE;
         if(! checkAllPlugins(new AccessCheck()
         {
             Result allowed(AccessControl plugin)
@@ -437,13 +561,15 @@ public class SecurityManager
         }
     }
 
-    public void authorisePurge(final AMQQueue queue)
+    public void authorisePurge(final Queue queue)
     {
+        final ObjectProperties properties = new ObjectProperties();
+        setQueueProperties(queue, properties);
         if(!checkAllPlugins(new AccessCheck()
         {
             Result allowed(AccessControl plugin)
             {
-                return plugin.authorise(PURGE, QUEUE, new ObjectProperties(queue));
+                return plugin.authorise(PURGE, QUEUE, properties);
             }
         }))
         {
@@ -451,21 +577,6 @@ public class SecurityManager
         }
     }
 
-    public void authoriseUnbind(final BindingImpl binding)
-    {
-        if(! checkAllPlugins(new AccessCheck()
-        {
-            Result allowed(AccessControl plugin)
-            {
-                return plugin.authorise(UNBIND, EXCHANGE, new ObjectProperties(binding));
-            }
-        }))
-        {
-            throw new AccessControlException("Permission denied: unbinding " + binding.getBindingKey());
-        }
-    }
-
-
     private class PublishAccessCheck extends AccessCheck
     {
         private final ObjectProperties _props;
@@ -481,22 +592,6 @@ public class SecurityManager
         }
     }
 
-    public boolean authoriseConfiguringBroker(String configuredObjectName, Class<? extends ConfiguredObject> configuredObjectType, Operation configuredObjectOperation)
-    {
-        String description = String.format("%s %s '%s'",
-                configuredObjectOperation == null? null : configuredObjectOperation.name().toLowerCase(),
-                configuredObjectType == null ? null : configuredObjectType.getSimpleName().toLowerCase(),
-                configuredObjectName);
-        final OperationLoggingDetails properties = new OperationLoggingDetails(description);
-        return checkAllPlugins(new AccessCheck()
-        {
-            Result allowed(AccessControl plugin)
-            {
-                return plugin.authorise(CONFIGURE, BROKER, properties);
-            }
-        });
-    }
-
     public boolean authoriseLogsAccess()
     {
         return checkAllPlugins(new AccessCheck()
diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/access/ObjectProperties.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/access/ObjectProperties.java
index 05b3f0d9d1..6d3fbb1cea 100644
--- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/access/ObjectProperties.java
+++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/access/ObjectProperties.java
@@ -26,11 +26,6 @@ import java.util.Map;
 
 import org.apache.commons.lang.StringUtils;
 import org.apache.commons.lang.builder.EqualsBuilder;
-import org.apache.qpid.server.binding.BindingImpl;
-import org.apache.qpid.server.exchange.ExchangeImpl;
-import org.apache.qpid.server.model.LifetimePolicy;
-import org.apache.qpid.server.model.VirtualHost;
-import org.apache.qpid.server.queue.AMQQueue;
 
 /**
  * An set of properties for an access control v2 rule {@link ObjectType}.
@@ -139,42 +134,6 @@ public class ObjectProperties
         setName(name);
     }
 
-    public ObjectProperties(AMQQueue queue)
-    {
-        setName(queue.getName());
-
-        put(Property.AUTO_DELETE, queue.getLifetimePolicy() != LifetimePolicy.PERMANENT);
-        put(Property.TEMPORARY, queue.getLifetimePolicy() != LifetimePolicy.PERMANENT);
-        put(Property.DURABLE, queue.isDurable());
-        put(Property.EXCLUSIVE, queue.isExclusive());
-        if (queue.getAlternateExchange() != null)
-        {
-	        put(Property.ALTERNATE, queue.getAlternateExchange().getName());
-        }
-        if (queue.getOwner() != null)
-        {
-            put(Property.OWNER, queue.getOwner());
-        }
-        put(Property.VIRTUALHOST_NAME, queue.getParent(VirtualHost.class).getName());
-    }
-
-    public ObjectProperties(BindingImpl binding)
-    {
-        ExchangeImpl<?> exch = binding.getExchange();
-        AMQQueue<?> queue = binding.getAMQQueue();
-        String routingKey = binding.getBindingKey();
-
-        setName(exch.getName());
-
-        put(Property.QUEUE_NAME, queue.getName());
-        put(Property.ROUTING_KEY, routingKey);
-        put(Property.VIRTUALHOST_NAME, queue.getParent(VirtualHost.class).getName());
-
-        // The temporary attribute (inherited from the binding's queue) seems to exist to allow the user to
-        // express rules about the binding of temporary queues (whose names cannot be predicted).
-        put(Property.TEMPORARY, queue.getLifetimePolicy() != LifetimePolicy.PERMANENT);
-        put(Property.DURABLE, queue.isDurable());
-    }
 
     public ObjectProperties(String virtualHostName, String exchangeName, String routingKey, Boolean immediate)
     {
@@ -187,29 +146,6 @@ public class ObjectProperties
         put(Property.VIRTUALHOST_NAME, virtualHostName);
     }
 
-    public ObjectProperties(ExchangeImpl<?> exchange)
-    {
-        super();
-
-        setName(exchange.getName());
-
-        put(Property.AUTO_DELETE, exchange.isAutoDelete());
-        put(Property.TEMPORARY, exchange.getLifetimePolicy() != LifetimePolicy.PERMANENT);
-        put(Property.DURABLE, exchange.isDurable());
-        put(Property.TYPE, exchange.getType());
-        put(Property.VIRTUALHOST_NAME, exchange.getParent(VirtualHost.class).getName());
-    }
-
-    public ObjectProperties(Boolean exclusive, Boolean noAck, Boolean noLocal, Boolean nowait, AMQQueue queue)
-    {
-        this(queue);
-
-        put(Property.NO_LOCAL, noLocal);
-        put(Property.NO_ACK, noAck);
-        put(Property.EXCLUSIVE, exclusive);
-        put(Property.NO_WAIT, nowait);
-    }
-
     public Boolean isSet(Property key)
     {
         return _properties.containsKey(key) && Boolean.valueOf(_properties.get(key));
diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AbstractAuthenticationManager.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AbstractAuthenticationManager.java
index 7f98468726..88a761fe19 100644
--- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AbstractAuthenticationManager.java
+++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AbstractAuthenticationManager.java
@@ -20,7 +20,6 @@
  */
 package org.apache.qpid.server.security.auth.manager;
 
-import java.security.AccessControlException;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.HashMap;
@@ -45,7 +44,6 @@ import org.apache.qpid.server.model.User;
 import org.apache.qpid.server.model.VirtualHostAlias;
 import org.apache.qpid.server.model.port.AbstractPortWithAuthProvider;
 import org.apache.qpid.server.security.SubjectCreator;
-import org.apache.qpid.server.security.access.Operation;
 
 public abstract class AbstractAuthenticationManager<T extends AbstractAuthenticationManager<T>>
     extends AbstractConfiguredObject<T>
@@ -152,28 +150,6 @@ public abstract class AbstractAuthenticationManager<T extends AbstractAuthentica
         throw new IllegalArgumentException("Cannot create child of class " + childClass.getSimpleName());
     }
 
-
-    @Override
-    protected void authoriseSetDesiredState(State desiredState) throws AccessControlException
-    {
-        if(desiredState == State.DELETED)
-        {
-            if (!_broker.getSecurityManager().authoriseConfiguringBroker(getName(), AuthenticationProvider.class, Operation.DELETE))
-            {
-                throw new AccessControlException("Deletion of authentication provider is denied");
-            }
-        }
-    }
-
-    @Override
-    protected void authoriseSetAttributes(ConfiguredObject<?> modified, Set<String> attributes) throws AccessControlException
-    {
-        if (!_broker.getSecurityManager().authoriseConfiguringBroker(getName(), AuthenticationProvider.class, Operation.UPDATE))
-        {
-            throw new AccessControlException("Setting of authentication provider attributes is denied");
-        }
-    }
-
     @StateTransition( currentState = State.UNINITIALIZED, desiredState = State.QUIESCED )
     protected void startQuiesced()
     {
diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/ConfigModelPasswordManagingAuthenticationProvider.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/ConfigModelPasswordManagingAuthenticationProvider.java
index 78b2b60fe9..7773d9e98d 100644
--- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/ConfigModelPasswordManagingAuthenticationProvider.java
+++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/ConfigModelPasswordManagingAuthenticationProvider.java
@@ -70,27 +70,21 @@ public abstract class ConfigModelPasswordManagingAuthenticationProvider<X extend
             @Override
             public Boolean execute()
             {
-                getSecurityManager().authoriseUserOperation(Operation.CREATE, username);
-                if (_users.containsKey(username))
-                {
-                    throw new IllegalArgumentException("User '" + username + "' already exists");
-                }
 
                 Map<String, Object> userAttrs = new HashMap<>();
                 userAttrs.put(User.ID, UUID.randomUUID());
                 userAttrs.put(User.NAME, username);
-                userAttrs.put(User.PASSWORD, createStoredPassword(password));
+                userAttrs.put(User.PASSWORD, password);
                 userAttrs.put(User.TYPE, ManagedUser.MANAGED_USER_TYPE);
-                ManagedUser user = new ManagedUser(userAttrs, ConfigModelPasswordManagingAuthenticationProvider.this);
-                user.create();
-
-                return true;
+                User user = createChild(User.class, userAttrs);
+                return user != null;
 
             }
         });
     }
 
-    SecurityManager getSecurityManager()
+    @Override
+    protected SecurityManager getSecurityManager()
     {
         return getBroker().getSecurityManager();
     }
@@ -208,20 +202,15 @@ public abstract class ConfigModelPasswordManagingAuthenticationProvider<X extend
     {
         if(childClass == User.class)
         {
-            String username = (String) attributes.get("name");
-            String password = (String) attributes.get("password");
-
-            if(createUser(username, password,null))
+            String username = (String) attributes.get(User.NAME);
+            if (_users.containsKey(username))
             {
-                @SuppressWarnings("unchecked")
-                C user = (C) getUser(username);
-                return user;
-            }
-            else
-            {
-                return null;
-
+                throw new IllegalArgumentException("User '" + username + "' already exists");
             }
+            attributes.put(User.PASSWORD, createStoredPassword((String) attributes.get(User.PASSWORD)));
+            ManagedUser user = new ManagedUser(attributes, ConfigModelPasswordManagingAuthenticationProvider.this);
+            user.create();
+            return (C)getUser(username);
         }
         return super.addChild(childClass, attributes, otherParents);
     }
diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/ManagedUser.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/ManagedUser.java
index c8884e15a8..b317b93d71 100644
--- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/ManagedUser.java
+++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/ManagedUser.java
@@ -37,7 +37,6 @@ import org.apache.qpid.server.model.PreferencesProvider;
 import org.apache.qpid.server.model.State;
 import org.apache.qpid.server.model.StateTransition;
 import org.apache.qpid.server.model.User;
-import org.apache.qpid.server.security.access.Operation;
 
 @ManagedObject( category = false, type = ManagedUser.MANAGED_USER_TYPE)
 class ManagedUser extends AbstractConfiguredObject<ManagedUser> implements User<ManagedUser>
@@ -85,16 +84,6 @@ class ManagedUser extends AbstractConfiguredObject<ManagedUser> implements User<
         }
     }
 
-    @Override
-    protected void authoriseSetDesiredState(final State desiredState) throws AccessControlException
-    {
-        if(desiredState == State.DELETED)
-        {
-            _authenticationManager.getSecurityManager().authoriseUserOperation(Operation.DELETE, getName());
-        }
-
-    }
-
     @StateTransition(currentState = {State.ACTIVE}, desiredState = State.DELETED)
     private void doDelete()
     {
@@ -102,31 +91,18 @@ class ManagedUser extends AbstractConfiguredObject<ManagedUser> implements User<
         deleted();
     }
 
-
     @Override
-    public void setAttributes(final Map<String, Object> attributes)
-            throws IllegalStateException, AccessControlException, IllegalArgumentException
+    protected boolean changeAttribute(String name, Object expected, Object desired)
     {
-        runTask(new VoidTask()
+        if (User.PASSWORD.equals(name))
         {
-
-            @Override
-            public void execute()
+            String storedPassword = _authenticationManager.createStoredPassword((String)desired);
+            if (!storedPassword.equals(getActualAttributes().get(User.PASSWORD)))
             {
-                Map<String, Object> modifiedAttributes = new HashMap<String, Object>(attributes);
-                final String newPassword = (String) attributes.get(User.PASSWORD);
-                if (attributes.containsKey(User.PASSWORD)
-                    && !newPassword.equals(getActualAttributes().get(User.PASSWORD)))
-                {
-                    modifiedAttributes.put(User.PASSWORD,
-                                           _authenticationManager.createStoredPassword(newPassword));
-
-                }
-                ManagedUser.super.setAttributes(modifiedAttributes);
+                desired = storedPassword;
             }
-        });
-
-
+        }
+        return super.changeAttribute(name, expected, desired);
     }
 
     @Override
@@ -138,10 +114,7 @@ class ManagedUser extends AbstractConfiguredObject<ManagedUser> implements User<
     @Override
     public void setPassword(final String password)
     {
-        _authenticationManager.getSecurityManager().authoriseUserOperation(Operation.UPDATE, getName());
-
-        changeAttribute(User.PASSWORD, getAttribute(User.PASSWORD),
-                        _authenticationManager.createStoredPassword(password));
+        setAttributes(Collections.<String, Object>singletonMap(User.PASSWORD, password));
 
     }
 
diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManager.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManager.java
index cf165ff4af..d5f32a9d6d 100644
--- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManager.java
+++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManager.java
@@ -54,11 +54,11 @@ import org.apache.qpid.server.model.PreferencesSupportingAuthenticationProvider;
 import org.apache.qpid.server.model.State;
 import org.apache.qpid.server.model.StateTransition;
 import org.apache.qpid.server.model.User;
-import org.apache.qpid.server.security.access.Operation;
 import org.apache.qpid.server.security.auth.AuthenticationResult;
 import org.apache.qpid.server.security.auth.AuthenticationResult.AuthenticationStatus;
 import org.apache.qpid.server.security.auth.UsernamePrincipal;
 import org.apache.qpid.server.security.auth.database.PrincipalDatabase;
+import org.apache.qpid.server.security.SecurityManager;
 import org.apache.qpid.server.util.FileHelper;
 
 public abstract class PrincipalDatabaseAuthenticationManager<T extends PrincipalDatabaseAuthenticationManager<T>>
@@ -233,26 +233,18 @@ public abstract class PrincipalDatabaseAuthenticationManager<T extends Principal
     @Override
     public boolean createUser(String username, String password, Map<String, String> attributes)
     {
-        getSecurityManager().authoriseUserOperation(Operation.CREATE, username);
-        Principal principal = new UsernamePrincipal(username);
-        boolean created =
-                getPrincipalDatabase().createPrincipal(principal, password.toCharArray());
-        if(created)
-        {
-            principal = getPrincipalDatabase().getUser(username);
+        Map<String, Object> userAttrs = new HashMap<>();
+        userAttrs.put(User.NAME, username);
+        userAttrs.put(User.PASSWORD, password);
 
-            PrincipalAdapter principalAdapter = new PrincipalAdapter(principal);
-            principalAdapter.create();
-            _userMap.put(principal, principalAdapter);
-        }
-        return created;
+        User user = createChild(User.class, userAttrs);
+        return user != null;
 
     }
 
 
     private void deleteUserFromDatabase(String username) throws AccountNotFoundException
     {
-        getSecurityManager().authoriseUserOperation(Operation.DELETE, username);
         UsernamePrincipal principal = new UsernamePrincipal(username);
         getPrincipalDatabase().deletePrincipal(principal);
         _userMap.remove(principal);
@@ -269,11 +261,12 @@ public abstract class PrincipalDatabaseAuthenticationManager<T extends Principal
         }
         else
         {
-            deleteUserFromDatabase(username);
+            throw new AccountNotFoundException("No such user: '" + username + "'");
         }
     }
 
-    private org.apache.qpid.server.security.SecurityManager getSecurityManager()
+    @Override
+    protected SecurityManager getSecurityManager()
     {
         return getBroker().getSecurityManager();
     }
@@ -281,10 +274,12 @@ public abstract class PrincipalDatabaseAuthenticationManager<T extends Principal
     @Override
     public void setPassword(String username, String password) throws AccountNotFoundException
     {
-        getSecurityManager().authoriseUserOperation(Operation.UPDATE, username);
-
-        getPrincipalDatabase().updatePassword(new UsernamePrincipal(username), password.toCharArray());
-
+        Principal principal = new UsernamePrincipal(username);
+        User user = _userMap.get(principal);
+        if (user != null)
+        {
+            user.setPassword(password);
+        }
     }
 
     @Override
@@ -315,7 +310,17 @@ public abstract class PrincipalDatabaseAuthenticationManager<T extends Principal
             String password = (String) attributes.get("password");
             Principal p = new UsernamePrincipal(username);
 
-            if(createUser(username, password,null))
+            boolean created = getPrincipalDatabase().createPrincipal(p, password.toCharArray());
+            if(created)
+            {
+                p = getPrincipalDatabase().getUser(username);
+
+                PrincipalAdapter principalAdapter = new PrincipalAdapter(p);
+                principalAdapter.create();
+                _userMap.put(p, principalAdapter);
+            }
+
+            if(created)
             {
                 return (C) _userMap.get(p);
             }
@@ -442,14 +447,7 @@ public abstract class PrincipalDatabaseAuthenticationManager<T extends Principal
         @Override
         public void setPassword(String password)
         {
-            try
-            {
-                PrincipalDatabaseAuthenticationManager.this.setPassword(_user.getName(), password);
-            }
-            catch (AccountNotFoundException e)
-            {
-                throw new IllegalStateException(e);
-            }
+            setAttributes(Collections.<String, Object>singletonMap(PASSWORD, password));
         }
 
         @Override
@@ -458,8 +456,20 @@ public abstract class PrincipalDatabaseAuthenticationManager<T extends Principal
         {
             if(name.equals(PASSWORD))
             {
-                setPassword((String)desired);
-                return true;
+                try
+                {
+                    String desiredPassword = (String) desired;
+                    boolean changed = getPrincipalDatabase().updatePassword(_user, desiredPassword.toCharArray());
+                    if (changed)
+                    {
+                        return super.changeAttribute(name, expected, desired);
+                    }
+                    return false;
+                }
+                catch(AccountNotFoundException e)
+                {
+                    throw new IllegalStateException(e);
+                }
             }
             return super.changeAttribute(name, expected, desired);
         }
diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/virtualhost/AbstractVirtualHost.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/virtualhost/AbstractVirtualHost.java
index 7cf988961e..95bd54424f 100644
--- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/virtualhost/AbstractVirtualHost.java
+++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/virtualhost/AbstractVirtualHost.java
@@ -21,7 +21,6 @@
 package org.apache.qpid.server.virtualhost;
 
 import java.io.File;
-import java.security.AccessControlException;
 import java.security.PrivilegedAction;
 import java.util.ArrayList;
 import java.util.Collection;
@@ -74,7 +73,6 @@ import org.apache.qpid.server.queue.AMQQueue;
 import org.apache.qpid.server.queue.QueueConsumer;
 import org.apache.qpid.server.queue.QueueEntry;
 import org.apache.qpid.server.security.SecurityManager;
-import org.apache.qpid.server.security.access.Operation;
 import org.apache.qpid.server.stats.StatisticsCounter;
 import org.apache.qpid.server.store.ConfiguredObjectRecord;
 import org.apache.qpid.server.store.DurableConfigurationStore;
@@ -421,25 +419,6 @@ public abstract class AbstractVirtualHost<X extends AbstractVirtualHost<X>> exte
         return _connectionRegistry;
     }
 
-    @Override
-    protected void authoriseSetDesiredState(State desiredState) throws AccessControlException
-    {
-        if(desiredState == State.DELETED)
-        {
-            _broker.getSecurityManager().authoriseVirtualHost(getName(), Operation.DELETE);
-        }
-        else
-        {
-            _broker.getSecurityManager().authoriseVirtualHost(getName(), Operation.UPDATE);
-        }
-    }
-
-    @Override
-    protected void authoriseSetAttributes(ConfiguredObject<?> modified, Set<String> attributes) throws AccessControlException
-    {
-        _broker.getSecurityManager().authoriseVirtualHost(getName(), Operation.UPDATE);
-    }
-
     public Collection<Connection> getConnections()
     {
         return getChildren(Connection.class);
@@ -665,11 +644,7 @@ public abstract class AbstractVirtualHost<X extends AbstractVirtualHost<X>> exte
 
     public AMQQueue<?> createQueue(Map<String, Object> attributes) throws QueueExistsException
     {
-        checkVHostStateIsActive();
-
-        AMQQueue<?> queue = addQueue(attributes);
-        childAdded(queue);
-        return queue;
+        return (AMQQueue<?> )createChild(Queue.class, attributes);
     }
 
     private AMQQueue<?> addQueue(Map<String, Object> attributes) throws QueueExistsException
@@ -753,10 +728,7 @@ public abstract class AbstractVirtualHost<X extends AbstractVirtualHost<X>> exte
             throws ExchangeExistsException, ReservedExchangeNameException,
                    NoFactoryForTypeException
     {
-        checkVHostStateIsActive();
-        ExchangeImpl child = addExchange(attributes);
-        childAdded(child);
-        return child;
+        return (ExchangeImpl)createChild(Exchange.class, attributes);
     }
 
 
diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/virtualhostnode/AbstractVirtualHostNode.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/virtualhostnode/AbstractVirtualHostNode.java
index bcfd0ff951..a343b71501 100644
--- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/virtualhostnode/AbstractVirtualHostNode.java
+++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/virtualhostnode/AbstractVirtualHostNode.java
@@ -26,7 +26,6 @@ import java.io.Reader;
 import java.io.StringReader;
 import java.net.MalformedURLException;
 import java.net.URL;
-import java.security.AccessControlException;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Collections;
@@ -60,7 +59,6 @@ import org.apache.qpid.server.model.VirtualHost;
 import org.apache.qpid.server.model.VirtualHostNode;
 import org.apache.qpid.server.plugin.ConfiguredObjectRegistration;
 import org.apache.qpid.server.plugin.QpidServiceLoader;
-import org.apache.qpid.server.security.access.Operation;
 import org.apache.qpid.server.security.auth.AuthenticatedPrincipal;
 import org.apache.qpid.server.store.ConfiguredObjectRecord;
 import org.apache.qpid.server.store.ConfiguredObjectRecordConverter;
@@ -242,43 +240,6 @@ public abstract class AbstractVirtualHostNode<X extends AbstractVirtualHostNode<
         closeConfigurationStore();
     }
 
-    @Override
-    protected void authoriseSetDesiredState(State desiredState) throws AccessControlException
-    {
-        if(desiredState == State.DELETED)
-        {
-            _broker.getSecurityManager().authoriseVirtualHostNode(getName(), Operation.DELETE);
-        }
-        else
-        {
-            _broker.getSecurityManager().authoriseVirtualHostNode(getName(), Operation.UPDATE);
-        }
-    }
-
-    @Override
-    protected <C extends ConfiguredObject> void authoriseCreateChild(final Class<C> childClass,
-                                                                     final Map<String, Object> attributes,
-                                                                     final ConfiguredObject... otherParents)
-            throws AccessControlException
-    {
-        if (childClass == VirtualHost.class)
-        {
-            _broker.getSecurityManager().authoriseVirtualHost(String.valueOf(attributes.get(VirtualHost.NAME)),
-                                                              Operation.CREATE);
-
-        }
-        else
-        {
-            super.authoriseCreateChild(childClass, attributes, otherParents);
-        }
-    }
-
-    @Override
-    protected void authoriseSetAttributes(ConfiguredObject<?> modified, Set<String> attributes) throws AccessControlException
-    {
-        _broker.getSecurityManager().authoriseVirtualHostNode(getName(), Operation.UPDATE);
-    }
-
     private void closeConfigurationStore()
     {
         DurableConfigurationStore configurationStore = getConfigurationStore();
diff --git a/qpid/java/broker-core/src/test/java/org/apache/qpid/server/exchange/FanoutExchangeTest.java b/qpid/java/broker-core/src/test/java/org/apache/qpid/server/exchange/FanoutExchangeTest.java
index cb5034b3f3..3e0ba31b08 100644
--- a/qpid/java/broker-core/src/test/java/org/apache/qpid/server/exchange/FanoutExchangeTest.java
+++ b/qpid/java/broker-core/src/test/java/org/apache/qpid/server/exchange/FanoutExchangeTest.java
@@ -32,6 +32,9 @@ import java.util.Set;
 import java.util.UUID;
 
 import junit.framework.TestCase;
+import org.apache.qpid.server.model.Broker;
+import org.apache.qpid.server.model.VirtualHost;
+import org.apache.qpid.server.model.VirtualHostNode;
 import org.mockito.invocation.InvocationOnMock;
 import org.mockito.stubbing.Answer;
 
@@ -63,14 +66,27 @@ public class FanoutExchangeTest extends TestCase
         attributes.put(Exchange.NAME, "test");
         attributes.put(Exchange.DURABLE, false);
 
+        Broker broker = mock(Broker.class);
+        SecurityManager securityManager = new SecurityManager(broker, false);
+        when(broker.getCategoryClass()).thenReturn(Broker.class);
+        when(broker.getModel()).thenReturn(BrokerModel.getInstance());
+        when(broker.getSecurityManager()).thenReturn(securityManager);
+
+        VirtualHostNode virtualHostNode = mock(VirtualHostNode.class);
+        when(virtualHostNode.getCategoryClass()).thenReturn(VirtualHostNode.class);
+        when(virtualHostNode.getParent(Broker.class)).thenReturn(broker);
+        when(virtualHostNode.getModel()).thenReturn(BrokerModel.getInstance());
+
         _taskExecutor = new CurrentThreadTaskExecutor();
         _taskExecutor.start();
         _virtualHost = mock(VirtualHostImpl.class);
-        SecurityManager securityManager = mock(SecurityManager.class);
+
         when(_virtualHost.getSecurityManager()).thenReturn(securityManager);
         when(_virtualHost.getEventLogger()).thenReturn(new EventLogger());
         when(_virtualHost.getTaskExecutor()).thenReturn(_taskExecutor);
         when(_virtualHost.getModel()).thenReturn(BrokerModel.getInstance());
+        when(_virtualHost.getParent(VirtualHostNode.class)).thenReturn(virtualHostNode);
+        when(_virtualHost.getCategoryClass()).thenReturn(VirtualHost.class);
         _exchange = new FanoutExchange(attributes, _virtualHost);
         _exchange.open();
     }
@@ -134,6 +150,7 @@ public class FanoutExchangeTest extends TestCase
         when(queue.getCategoryClass()).thenReturn(Queue.class);
         when(queue.getModel()).thenReturn(BrokerModel.getInstance());
         when(queue.getTaskExecutor()).thenReturn(CurrentThreadTaskExecutor.newStartedInstance());
+        when(queue.getParent(VirtualHost.class)).thenReturn(_virtualHost);
         return queue;
     }
 
diff --git a/qpid/java/broker-core/src/test/java/org/apache/qpid/server/exchange/HeadersExchangeTest.java b/qpid/java/broker-core/src/test/java/org/apache/qpid/server/exchange/HeadersExchangeTest.java
index 6d9277006f..c5ad190477 100644
--- a/qpid/java/broker-core/src/test/java/org/apache/qpid/server/exchange/HeadersExchangeTest.java
+++ b/qpid/java/broker-core/src/test/java/org/apache/qpid/server/exchange/HeadersExchangeTest.java
@@ -35,6 +35,9 @@ import java.util.Set;
 import java.util.UUID;
 
 import junit.framework.TestCase;
+import org.apache.qpid.server.model.Broker;
+import org.apache.qpid.server.model.ConfiguredObject;
+import org.apache.qpid.server.model.VirtualHostNode;
 import org.mockito.invocation.InvocationOnMock;
 import org.mockito.stubbing.Answer;
 
@@ -70,7 +73,18 @@ public class HeadersExchangeTest extends TestCase
         _taskExecutor = new CurrentThreadTaskExecutor();
         _taskExecutor.start();
         _virtualHost = mock(VirtualHostImpl.class);
-        SecurityManager securityManager = mock(SecurityManager.class);
+
+        Broker broker = mock(Broker.class);
+        SecurityManager securityManager = new SecurityManager(broker, false);
+        when(broker.getCategoryClass()).thenReturn(Broker.class);
+        when(broker.getModel()).thenReturn(BrokerModel.getInstance());
+        when(broker.getSecurityManager()).thenReturn(securityManager);
+
+        VirtualHostNode virtualHostNode = mock(VirtualHostNode.class);
+        when(virtualHostNode.getCategoryClass()).thenReturn(VirtualHostNode.class);
+        when(virtualHostNode.getParent(Broker.class)).thenReturn(broker);
+        when(virtualHostNode.getModel()).thenReturn(BrokerModel.getInstance());
+
         when(_virtualHost.getSecurityManager()).thenReturn(securityManager);
         when(_virtualHost.getEventLogger()).thenReturn(new EventLogger());
         when(_virtualHost.getCategoryClass()).thenReturn(VirtualHost.class);
@@ -78,6 +92,7 @@ public class HeadersExchangeTest extends TestCase
         _factory = new ConfiguredObjectFactoryImpl(BrokerModel.getInstance());
         when(_virtualHost.getObjectFactory()).thenReturn(_factory);
         when(_virtualHost.getModel()).thenReturn(_factory.getModel());
+        when(_virtualHost.getParent(VirtualHostNode.class)).thenReturn(virtualHostNode);
         Map<String,Object> attributes = new HashMap<String, Object>();
         attributes.put(Exchange.ID, UUID.randomUUID());
         attributes.put(Exchange.NAME, "test");
@@ -149,6 +164,7 @@ public class HeadersExchangeTest extends TestCase
         AMQQueue q = mock(AMQQueue.class);
         when(q.toString()).thenReturn(name);
         when(q.getVirtualHost()).thenReturn(_virtualHost);
+        when(q.getParent(VirtualHost.class)).thenReturn(_virtualHost);
         when(q.getCategoryClass()).thenReturn(Queue.class);
         when(q.getObjectFactory()).thenReturn(_factory);
         when(q.getModel()).thenReturn(_factory.getModel());
diff --git a/qpid/java/broker-core/src/test/java/org/apache/qpid/server/model/VirtualHostTest.java b/qpid/java/broker-core/src/test/java/org/apache/qpid/server/model/VirtualHostTest.java
index aa05447851..20f6e31ebe 100644
--- a/qpid/java/broker-core/src/test/java/org/apache/qpid/server/model/VirtualHostTest.java
+++ b/qpid/java/broker-core/src/test/java/org/apache/qpid/server/model/VirtualHostTest.java
@@ -64,7 +64,7 @@ public class VirtualHostTest extends QpidTestCase
     private final SecurityManager _mockSecurityManager = mock(SecurityManager.class);
     private Broker _broker;
     private TaskExecutor _taskExecutor;
-    private VirtualHostNode<?> _virtualHostNode;
+    private VirtualHostNode _virtualHostNode;
     private DurableConfigurationStore _configStore;
     private VirtualHost<?, ?, ?> _virtualHost;
     private StoreConfigurationChangeListener _storeConfigurationChangeListener;
@@ -81,6 +81,8 @@ public class VirtualHostTest extends QpidTestCase
         when(_broker.getTaskExecutor()).thenReturn(_taskExecutor);
 
         _virtualHostNode = mock(VirtualHostNode.class);
+        when(_virtualHostNode.getParent(Broker.class)).thenReturn(_broker);
+        when(_virtualHostNode.getCategoryClass()).thenReturn(VirtualHostNode.class);
         when(_virtualHostNode.isDurable()).thenReturn(true);
         _configStore = mock(DurableConfigurationStore.class);
         _storeConfigurationChangeListener = new StoreConfigurationChangeListener(_configStore);
@@ -328,9 +330,7 @@ public class VirtualHostTest extends QpidTestCase
         String virtualHostName = getName();
         VirtualHost<?,?,?> virtualHost = createVirtualHost(virtualHostName);
 
-        doThrow(new AccessControlException("mocked ACL exception")).when(_mockSecurityManager).authoriseVirtualHost(
-                virtualHostName,
-                Operation.UPDATE);
+        doThrow(new AccessControlException("mocked ACL exception")).when(_mockSecurityManager).authoriseUpdate(virtualHost);
 
         assertNull(virtualHost.getDescription());
 
@@ -354,9 +354,7 @@ public class VirtualHostTest extends QpidTestCase
         String virtualHostName = getName();
         VirtualHost<?,?,?> virtualHost = createVirtualHost(virtualHostName);
 
-        doThrow(new AccessControlException("mocked ACL exception")).when(_mockSecurityManager).authoriseVirtualHost(
-                virtualHostName,
-                Operation.UPDATE);
+        doThrow(new AccessControlException("mocked ACL exception")).when(_mockSecurityManager).authoriseUpdate(virtualHost);
 
         try
         {
@@ -378,9 +376,7 @@ public class VirtualHostTest extends QpidTestCase
         String virtualHostName = getName();
         VirtualHost<?,?,?> virtualHost = createVirtualHost(virtualHostName);
 
-        doThrow(new AccessControlException("mocked ACL exception")).when(_mockSecurityManager).authoriseVirtualHost(
-                virtualHostName,
-                Operation.DELETE);
+        doThrow(new AccessControlException("mocked ACL exception")).when(_mockSecurityManager).authoriseDelete(virtualHost);
 
         try
         {
diff --git a/qpid/java/broker-core/src/test/java/org/apache/qpid/server/model/testmodels/hierarchy/TestKitCarImpl.java b/qpid/java/broker-core/src/test/java/org/apache/qpid/server/model/testmodels/hierarchy/TestKitCarImpl.java
index 5785071e15..43dcecd6c8 100644
--- a/qpid/java/broker-core/src/test/java/org/apache/qpid/server/model/testmodels/hierarchy/TestKitCarImpl.java
+++ b/qpid/java/broker-core/src/test/java/org/apache/qpid/server/model/testmodels/hierarchy/TestKitCarImpl.java
@@ -25,6 +25,7 @@ import org.apache.qpid.server.model.AbstractConfiguredObject;
 import org.apache.qpid.server.model.ConfiguredObject;
 import org.apache.qpid.server.model.ManagedObject;
 import org.apache.qpid.server.model.ManagedObjectFactoryConstructor;
+import org.apache.qpid.server.security.SecurityManager;
 
 @ManagedObject( category = false,
                 type = TestKitCarImpl.TEST_KITCAR_TYPE)
@@ -32,11 +33,13 @@ public class TestKitCarImpl extends AbstractConfiguredObject<TestKitCarImpl>
         implements TestKitCar<TestKitCarImpl>
 {
     public static final String TEST_KITCAR_TYPE = "testkitcar";
+    private final SecurityManager _securityManager;
 
     @ManagedObjectFactoryConstructor
     public TestKitCarImpl(final Map<String, Object> attributes)
     {
         super(parentsMap(), attributes, newTaskExecutor(), TestModel.getInstance());
+        _securityManager = new SecurityManager(this, false);
     }
 
     @Override
@@ -53,4 +56,10 @@ public class TestKitCarImpl extends AbstractConfiguredObject<TestKitCarImpl>
         currentThreadTaskExecutor.start();
         return currentThreadTaskExecutor;
     }
+
+    @Override
+    protected SecurityManager getSecurityManager()
+    {
+        return _securityManager;
+    }
 }
diff --git a/qpid/java/broker-core/src/test/java/org/apache/qpid/server/model/testmodels/hierarchy/TestStandardCarImpl.java b/qpid/java/broker-core/src/test/java/org/apache/qpid/server/model/testmodels/hierarchy/TestStandardCarImpl.java
index 83dfd73b8b..7582de2952 100644
--- a/qpid/java/broker-core/src/test/java/org/apache/qpid/server/model/testmodels/hierarchy/TestStandardCarImpl.java
+++ b/qpid/java/broker-core/src/test/java/org/apache/qpid/server/model/testmodels/hierarchy/TestStandardCarImpl.java
@@ -29,6 +29,7 @@ import org.apache.qpid.server.configuration.updater.CurrentThreadTaskExecutor;
 import org.apache.qpid.server.model.AbstractConfiguredObject;
 import org.apache.qpid.server.model.ManagedObject;
 import org.apache.qpid.server.model.ManagedObjectFactoryConstructor;
+import org.apache.qpid.server.security.SecurityManager;
 
 @ManagedObject( category = false,
                 type = TestStandardCarImpl.TEST_STANDARD_CAR_TYPE,
@@ -37,11 +38,13 @@ public class TestStandardCarImpl extends AbstractConfiguredObject<TestStandardCa
         implements TestStandardCar<TestStandardCarImpl>
 {
     public static final String TEST_STANDARD_CAR_TYPE = "testpertrolcar";
+    private final SecurityManager _securityManager;
 
     @ManagedObjectFactoryConstructor
     public TestStandardCarImpl(final Map<String, Object> attributes)
     {
         super(parentsMap(), attributes, newTaskExecutor(), TestModel.getInstance());
+        _securityManager = new SecurityManager(this, false);
     }
 
     private static CurrentThreadTaskExecutor newTaskExecutor()
@@ -57,4 +60,10 @@ public class TestStandardCarImpl extends AbstractConfiguredObject<TestStandardCa
         Collection<String> types = Arrays.asList(TestPetrolEngineImpl.TEST_PETROL_ENGINE_TYPE, TestHybridEngineImpl.TEST_HYBRID_ENGINE_TYPE);
         return Collections.singletonMap(TestEngine.class.getSimpleName(), types);
     }
+
+    @Override
+    protected SecurityManager getSecurityManager()
+    {
+        return _securityManager;
+    }
 }
diff --git a/qpid/java/broker-core/src/test/java/org/apache/qpid/server/model/testmodels/lifecycle/TestConfiguredObject.java b/qpid/java/broker-core/src/test/java/org/apache/qpid/server/model/testmodels/lifecycle/TestConfiguredObject.java
index 0b35ba9330..6935230aeb 100644
--- a/qpid/java/broker-core/src/test/java/org/apache/qpid/server/model/testmodels/lifecycle/TestConfiguredObject.java
+++ b/qpid/java/broker-core/src/test/java/org/apache/qpid/server/model/testmodels/lifecycle/TestConfiguredObject.java
@@ -39,10 +39,12 @@ import org.apache.qpid.server.model.Model;
 import org.apache.qpid.server.model.State;
 import org.apache.qpid.server.model.StateTransition;
 import org.apache.qpid.server.plugin.ConfiguredObjectRegistration;
+import org.apache.qpid.server.security.SecurityManager;
 
 @ManagedObject
 public class TestConfiguredObject extends AbstractConfiguredObject
 {
+    private final SecurityManager _securityManager;
     private boolean _opened;
     private boolean _validated;
     private boolean _resolved;
@@ -76,6 +78,13 @@ public class TestConfiguredObject extends AbstractConfiguredObject
     {
         super(parents, attributes, taskExecutor, model);
         _opened = false;
+        _securityManager = new SecurityManager(this, false);
+    }
+
+    @Override
+    protected SecurityManager getSecurityManager()
+    {
+        return _securityManager;
     }
 
     @Override
diff --git a/qpid/java/broker-core/src/test/java/org/apache/qpid/server/model/testmodels/singleton/TestSingletonImpl.java b/qpid/java/broker-core/src/test/java/org/apache/qpid/server/model/testmodels/singleton/TestSingletonImpl.java
index c4dc0fa39d..5de40042cc 100644
--- a/qpid/java/broker-core/src/test/java/org/apache/qpid/server/model/testmodels/singleton/TestSingletonImpl.java
+++ b/qpid/java/broker-core/src/test/java/org/apache/qpid/server/model/testmodels/singleton/TestSingletonImpl.java
@@ -27,6 +27,7 @@ import org.apache.qpid.server.model.AbstractConfiguredObject;
 import org.apache.qpid.server.model.ManagedAttributeField;
 import org.apache.qpid.server.model.ManagedObject;
 import org.apache.qpid.server.model.ManagedObjectFactoryConstructor;
+import org.apache.qpid.server.security.SecurityManager;
 
 @ManagedObject( category = false, type = TestSingletonImpl.TEST_SINGLETON_TYPE)
 public class TestSingletonImpl extends AbstractConfiguredObject<TestSingletonImpl>
@@ -35,6 +36,7 @@ public class TestSingletonImpl extends AbstractConfiguredObject<TestSingletonImp
     public static final String TEST_SINGLETON_TYPE = "testsingleton";
 
     public static final int DERIVED_VALUE = -100;
+    private final SecurityManager _securityManager;
 
     @ManagedAttributeField
     private String _automatedPersistedValue;
@@ -71,6 +73,7 @@ public class TestSingletonImpl extends AbstractConfiguredObject<TestSingletonImp
     public TestSingletonImpl(final Map<String, Object> attributes)
     {
         super(parentsMap(), attributes, newTaskExecutor(), TestModel.getInstance());
+        _securityManager = new SecurityManager(this, false);
     }
 
     private static CurrentThreadTaskExecutor newTaskExecutor()
@@ -84,6 +87,7 @@ public class TestSingletonImpl extends AbstractConfiguredObject<TestSingletonImp
                              final TaskExecutor taskExecutor)
     {
         super(parentsMap(), attributes, taskExecutor);
+        _securityManager = new SecurityManager(this, false);
     }
 
 
@@ -152,4 +156,10 @@ public class TestSingletonImpl extends AbstractConfiguredObject<TestSingletonImp
     {
         return _secureValue;
     }
+
+    @Override
+    protected SecurityManager getSecurityManager()
+    {
+        return _securityManager;
+    }
 }
diff --git a/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/FileKeyStoreTest.java b/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/FileKeyStoreTest.java
index 0a2e122d16..c691c21ce2 100644
--- a/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/FileKeyStoreTest.java
+++ b/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/FileKeyStoreTest.java
@@ -49,7 +49,7 @@ import org.apache.qpid.util.FileUtils;
 
 public class FileKeyStoreTest extends QpidTestCase
 {
-    private final Broker<?> _broker = mock(Broker.class);
+    private final Broker _broker = mock(Broker.class);
     private final TaskExecutor _taskExecutor = CurrentThreadTaskExecutor.newStartedInstance();
     private final SecurityManager _securityManager = mock(SecurityManager.class);
     private final Model _model = BrokerModel.getInstance();
@@ -63,6 +63,7 @@ public class FileKeyStoreTest extends QpidTestCase
         when(_broker.getTaskExecutor()).thenReturn(_taskExecutor);
         when(_broker.getModel()).thenReturn(_model);
         when(_broker.getSecurityManager()).thenReturn(_securityManager);
+        when(_broker.getCategoryClass()).thenReturn(Broker.class);
     }
 
     public void testCreateKeyStoreFromFile_Success() throws Exception
@@ -237,9 +238,6 @@ public class FileKeyStoreTest extends QpidTestCase
 
     public void testUpdateKeyStore_Success() throws Exception
     {
-
-        when(_securityManager.authoriseConfiguringBroker(any(String.class), (Class<? extends ConfiguredObject>)any(), any(Operation.class))).thenReturn(true);
-
         Map<String,Object> attributes = new HashMap<>();
         attributes.put(FileKeyStore.NAME, "myFileKeyStore");
         attributes.put(FileKeyStore.STORE_URL, TestSSLConstants.BROKER_KEYSTORE);
@@ -278,9 +276,6 @@ public class FileKeyStoreTest extends QpidTestCase
 
     public void testDeleteKeyStore_Success() throws Exception
     {
-
-        when(_securityManager.authoriseConfiguringBroker(any(String.class), (Class<? extends ConfiguredObject>)any(), any(Operation.class))).thenReturn(true);
-
         Map<String,Object> attributes = new HashMap<>();
         attributes.put(FileKeyStore.NAME, "myFileKeyStore");
         attributes.put(FileKeyStore.STORE_URL, TestSSLConstants.BROKER_KEYSTORE);
@@ -293,10 +288,6 @@ public class FileKeyStoreTest extends QpidTestCase
 
     public void testDeleteKeyStore_KeyManagerInUseByPort() throws Exception
     {
-        when(_securityManager.authoriseConfiguringBroker(any(String.class),
-                                                         any(Class.class),
-                                                         any(Operation.class))).thenReturn(true);
-
         Map<String,Object> attributes = new HashMap<>();
         attributes.put(FileKeyStore.NAME, "myFileKeyStore");
         attributes.put(FileKeyStore.STORE_URL, TestSSLConstants.BROKER_KEYSTORE);
diff --git a/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/FileTrustStoreTest.java b/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/FileTrustStoreTest.java
index 72c8926f85..8e7f004923 100644
--- a/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/FileTrustStoreTest.java
+++ b/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/FileTrustStoreTest.java
@@ -53,7 +53,7 @@ import org.apache.qpid.util.FileUtils;
 
 public class FileTrustStoreTest extends QpidTestCase
 {
-    private final Broker<?> _broker = mock(Broker.class);
+    private final Broker _broker = mock(Broker.class);
     private final TaskExecutor _taskExecutor = CurrentThreadTaskExecutor.newStartedInstance();
     private final SecurityManager _securityManager = mock(SecurityManager.class);
     private final Model _model = BrokerModel.getInstance();
@@ -66,7 +66,7 @@ public class FileTrustStoreTest extends QpidTestCase
         when(_broker.getTaskExecutor()).thenReturn(_taskExecutor);
         when(_broker.getModel()).thenReturn(_model);
         when(_broker.getSecurityManager()).thenReturn(_securityManager);
-
+        when(_broker.getCategoryClass()).thenReturn(Broker.class);
     }
 
     public void testCreateTrustStoreFromFile_Success() throws Exception
@@ -186,9 +186,6 @@ public class FileTrustStoreTest extends QpidTestCase
 
     public void testUpdateTrustStore_Success() throws Exception
     {
-
-        when(_securityManager.authoriseConfiguringBroker(any(String.class), (Class<? extends ConfiguredObject>)any(), any(Operation.class))).thenReturn(true);
-
         Map<String,Object> attributes = new HashMap<>();
         attributes.put(FileTrustStore.NAME, "myFileTrustStore");
         attributes.put(FileTrustStore.STORE_URL, TestSSLConstants.TRUSTSTORE);
@@ -228,9 +225,6 @@ public class FileTrustStoreTest extends QpidTestCase
 
     public void testDeleteTrustStore_Success() throws Exception
     {
-
-        when(_securityManager.authoriseConfiguringBroker(any(String.class), (Class<? extends ConfiguredObject>)any(), any(Operation.class))).thenReturn(true);
-
         Map<String,Object> attributes = new HashMap<>();
         attributes.put(FileTrustStore.NAME, "myFileTrustStore");
         attributes.put(FileTrustStore.STORE_URL, TestSSLConstants.TRUSTSTORE);
@@ -244,10 +238,6 @@ public class FileTrustStoreTest extends QpidTestCase
 
     public void testDeleteTrustStore_TrustManagerInUseByAuthProvider() throws Exception
     {
-        when(_securityManager.authoriseConfiguringBroker(any(String.class),
-                                                         any(Class.class),
-                                                         any(Operation.class))).thenReturn(true);
-
         Map<String,Object> attributes = new HashMap<>();
         attributes.put(FileTrustStore.NAME, "myFileTrustStore");
         attributes.put(FileTrustStore.STORE_URL, TestSSLConstants.TRUSTSTORE);
@@ -275,10 +265,6 @@ public class FileTrustStoreTest extends QpidTestCase
 
     public void testDeleteTrustStore_TrustManagerInUseByPort() throws Exception
     {
-        when(_securityManager.authoriseConfiguringBroker(any(String.class),
-                                                         any(Class.class),
-                                                         any(Operation.class))).thenReturn(true);
-
         Map<String,Object> attributes = new HashMap<>();
         attributes.put(FileTrustStore.NAME, "myFileTrustStore");
         attributes.put(FileTrustStore.STORE_URL, TestSSLConstants.TRUSTSTORE);
diff --git a/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/SecurityManagerTest.java b/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/SecurityManagerTest.java
index 54bd69120b..4b63577376 100644
--- a/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/SecurityManagerTest.java
+++ b/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/SecurityManagerTest.java
@@ -32,16 +32,31 @@ import static org.mockito.Mockito.when;
 import java.security.AccessControlException;
 import java.util.Collections;
 
-import org.apache.qpid.server.binding.BindingImpl;
-import org.apache.qpid.server.consumer.ConsumerImpl;
-import org.apache.qpid.server.exchange.ExchangeImpl;
 import org.apache.qpid.server.model.AccessControlProvider;
+import org.apache.qpid.server.model.AuthenticationProvider;
+import org.apache.qpid.server.model.Binding;
 import org.apache.qpid.server.model.Broker;
+import org.apache.qpid.server.model.BrokerModel;
+import org.apache.qpid.server.model.ConfiguredObject;
+import org.apache.qpid.server.model.Consumer;
+import org.apache.qpid.server.model.Exchange;
+import org.apache.qpid.server.model.ExclusivityPolicy;
+import org.apache.qpid.server.model.Group;
+import org.apache.qpid.server.model.GroupMember;
+import org.apache.qpid.server.model.GroupProvider;
+import org.apache.qpid.server.model.KeyStore;
 import org.apache.qpid.server.model.LifetimePolicy;
+import org.apache.qpid.server.model.Port;
+import org.apache.qpid.server.model.Queue;
+import org.apache.qpid.server.model.Session;
 import org.apache.qpid.server.model.State;
+import org.apache.qpid.server.model.TrustStore;
+import org.apache.qpid.server.model.User;
 import org.apache.qpid.server.model.VirtualHost;
+import org.apache.qpid.server.model.VirtualHostNode;
 import org.apache.qpid.server.protocol.AMQConnectionModel;
 import org.apache.qpid.server.queue.AMQQueue;
+import org.apache.qpid.server.queue.QueueConsumer;
 import org.apache.qpid.server.security.access.ObjectProperties;
 import org.apache.qpid.server.security.access.ObjectProperties.Property;
 import org.apache.qpid.server.security.access.ObjectType;
@@ -59,6 +74,8 @@ public class SecurityManagerTest extends QpidTestCase
     private AccessControl _accessControl;
     private SecurityManager _securityManager;
     private VirtualHost<?,?,?> _virtualHost;
+    private Broker _broker;
+    private VirtualHostNode<?> _virtualHostNode;
 
     @Override
     public void setUp() throws Exception
@@ -72,28 +89,38 @@ public class SecurityManagerTest extends QpidTestCase
         when(aclProvider.getState()).thenReturn(State.ACTIVE);
 
         when(_virtualHost.getName()).thenReturn(TEST_VIRTUAL_HOST);
-
-        Broker broker = mock(Broker.class);
-        when(broker.getAccessControlProviders()).thenReturn(Collections.singleton(aclProvider));
-        _securityManager = new SecurityManager(broker, false);
+        when(_virtualHost.getAttribute(VirtualHost.NAME)).thenReturn(TEST_VIRTUAL_HOST);
+
+        _broker = mock(Broker.class);
+        when(_broker.getAccessControlProviders()).thenReturn(Collections.singleton(aclProvider));
+        when(_broker.getChildren(AccessControlProvider.class)).thenReturn(Collections.singleton(aclProvider));
+        when(_broker.getCategoryClass()).thenReturn(Broker.class);
+        when(_broker.getName()).thenReturn("My Broker");
+        when(_broker.getAttribute(Broker.NAME)).thenReturn("My Broker");
+        when(_broker.getModel()).thenReturn(BrokerModel.getInstance());
+
+        _virtualHostNode = getMockVirtualHostNode();
+        _securityManager = new SecurityManager(_broker, false);
     }
 
     public void testAuthoriseCreateBinding()
     {
-        ExchangeImpl exchange = mock(ExchangeImpl.class);
+        VirtualHost vh = getMockVirtualHost();
+
+        Exchange exchange = mock(Exchange.class);
         when(exchange.getParent(VirtualHost.class)).thenReturn(_virtualHost);
-        when(exchange.getName()).thenReturn(TEST_EXCHANGE);
+        when(exchange.getAttribute(Exchange.NAME)).thenReturn(TEST_EXCHANGE);
+        when(exchange.getCategoryClass()).thenReturn(Exchange.class);
+        when(exchange.getParent(VirtualHost.class)).thenReturn(vh);
+        when(exchange.getModel()).thenReturn(BrokerModel.getInstance());
 
-        AMQQueue<?> queue = mock(AMQQueue.class);
+        Queue queue = mock(Queue.class);
         when(queue.getParent(VirtualHost.class)).thenReturn(_virtualHost);
-        when(queue.getName()).thenReturn(TEST_QUEUE);
-        when(queue.isDurable()).thenReturn(true);
-        when(queue.getLifetimePolicy()).thenReturn(LifetimePolicy.PERMANENT);
-
-        BindingImpl binding = mock(BindingImpl.class);
-        when(binding.getExchange()).thenReturn(exchange);
-        when(binding.getAMQQueue()).thenReturn(queue);
-        when(binding.getBindingKey()).thenReturn("bindingKey");
+        when(queue.getAttribute(Queue.NAME)).thenReturn(TEST_QUEUE);
+        when(queue.getAttribute(Queue.DURABLE)).thenReturn(true);
+        when(queue.getAttribute(Queue.LIFETIME_POLICY)).thenReturn(LifetimePolicy.PERMANENT);
+        when(queue.getCategoryClass()).thenReturn(Queue.class);
+        when(queue.getParent(VirtualHost.class)).thenReturn(vh);
 
         ObjectProperties properties = new ObjectProperties();
         properties.put(Property.NAME, TEST_EXCHANGE);
@@ -103,22 +130,13 @@ public class SecurityManagerTest extends QpidTestCase
         properties.put(Property.TEMPORARY, false);
         properties.put(Property.DURABLE, true);
 
+        Binding binding = mock(Binding.class);
+        when(binding.getParent(Exchange.class)).thenReturn(exchange);
+        when(binding.getParent(Queue.class)).thenReturn(queue);
+        when(binding.getAttribute(Binding.NAME)).thenReturn("bindingKey");
+        when(binding.getCategoryClass()).thenReturn(Binding.class);
 
-        configureAccessPlugin(Result.ALLOWED);
-        _securityManager.authoriseCreateBinding(binding);
-        verify(_accessControl).authorise(eq(Operation.BIND), eq(ObjectType.EXCHANGE), eq(properties));
-
-        configureAccessPlugin(Result.DENIED);
-        try
-        {
-            _securityManager.authoriseCreateBinding(binding);
-            fail("AccessControlException is expected");
-        }
-        catch(AccessControlException e)
-        {
-            // pass
-        }
-        verify(_accessControl, times(2)).authorise(eq(Operation.BIND), eq(ObjectType.EXCHANGE), eq(properties));
+        assertCreateAuthorization(binding, Operation.BIND, ObjectType.EXCHANGE, properties, exchange, queue);
     }
 
 
@@ -192,14 +210,23 @@ public class SecurityManagerTest extends QpidTestCase
 
     public void testAuthoriseCreateConsumer()
     {
-        AMQQueue<?> queue = mock(AMQQueue.class);
+        Queue queue = mock(Queue.class);
         when(queue.getParent(VirtualHost.class)).thenReturn(_virtualHost);
-        when(queue.getName()).thenReturn(TEST_QUEUE);
-        when(queue.isDurable()).thenReturn(true);
-        when(queue.getLifetimePolicy()).thenReturn(LifetimePolicy.PERMANENT);
-
-        ConsumerImpl consumer = mock(ConsumerImpl.class);
-        when(consumer.getMessageSource()).thenReturn(queue);
+        when(queue.getAttribute(Queue.NAME)).thenReturn(TEST_QUEUE);
+        when(queue.getAttribute(Queue.DURABLE)).thenReturn(true);
+        when(queue.getAttribute(Queue.LIFETIME_POLICY)).thenReturn(LifetimePolicy.PERMANENT);
+        when(queue.getAttribute(Queue.EXCLUSIVE)).thenReturn(ExclusivityPolicy.NONE);
+        when(queue.getCategoryClass()).thenReturn(Queue.class);
+
+        Session session = mock(Session.class);
+        when(session.getCategoryClass()).thenReturn(Session.class);
+        when(session.getAttribute(Session.NAME)).thenReturn("1");
+
+        QueueConsumer consumer = mock(QueueConsumer.class);
+        when(consumer.getAttribute(QueueConsumer.NAME)).thenReturn("1");
+        when(consumer.getParent(Queue.class)).thenReturn(queue);
+        when(consumer.getParent(Session.class)).thenReturn(session);
+        when(consumer.getCategoryClass()).thenReturn(Consumer.class);
 
         ObjectProperties properties = new ObjectProperties();
         properties.put(Property.NAME, TEST_QUEUE);
@@ -209,284 +236,573 @@ public class SecurityManagerTest extends QpidTestCase
         properties.put(Property.DURABLE, true);
         properties.put(Property.EXCLUSIVE, false);
 
+        assertAuthorization(Operation.CREATE, consumer, Operation.CONSUME, ObjectType.QUEUE, properties, queue, session);
+    }
+
+    public void testAuthoriseUserOperation()
+    {
+        ObjectProperties properties = new ObjectProperties("testUser");
+
         configureAccessPlugin(Result.ALLOWED);
-        _securityManager.authoriseCreateConsumer(consumer);
-        verify(_accessControl).authorise(eq(Operation.CONSUME), eq(ObjectType.QUEUE), eq(properties));
+       _securityManager.authoriseUserUpdate("testUser");
+       verify(_accessControl).authorise(eq(Operation.UPDATE), eq(ObjectType.USER), eq(properties));
 
-        configureAccessPlugin(Result.DENIED);
-        try
-        {
-            _securityManager.authoriseCreateConsumer(consumer);
-            fail("AccessControlException is expected");
-        }
-        catch(AccessControlException e)
-        {
-            // pass
-        }
-        verify(_accessControl, times(2)).authorise(eq(Operation.CONSUME), eq(ObjectType.QUEUE), eq(properties));
+       configureAccessPlugin(Result.DENIED);
+       try
+       {
+           _securityManager.authoriseUserUpdate("testUser");
+           fail("AccessControlException is expected");
+       }
+       catch(AccessControlException e)
+       {
+           // pass
+       }
+       verify(_accessControl, times(2)).authorise(eq(Operation.UPDATE), eq(ObjectType.USER), eq(properties));
     }
 
     public void testAuthoriseCreateExchange()
     {
-        ExchangeImpl<?> exchange = mock(ExchangeImpl.class);
-        when(exchange.getParent(VirtualHost.class)).thenReturn(_virtualHost);
-        when(exchange.getName()).thenReturn(TEST_EXCHANGE);
-        when(exchange.getType()).thenReturn(TEST_EXCHANGE_TYPE);
+        VirtualHost vh = getMockVirtualHost();
+        ObjectProperties expectedProperties = createExpectedExchangeObjectProperties();
+
+        Exchange exchange = mock(Exchange.class);
+        when(exchange.getAttribute(ConfiguredObject.NAME)).thenReturn(TEST_EXCHANGE);
+        when(exchange.getAttribute(ConfiguredObject.LIFETIME_POLICY)).thenReturn(LifetimePolicy.DELETE_ON_CONNECTION_CLOSE);
+        when(exchange.getAttribute(Exchange.DURABLE)).thenReturn(false);
+        when(exchange.getAttribute(Exchange.TYPE)).thenReturn(TEST_EXCHANGE_TYPE);
+        when(exchange.getCategoryClass()).thenReturn(Exchange.class);
+        when(exchange.getParent(VirtualHost.class)).thenReturn(vh);
+
+        assertCreateAuthorization( exchange, Operation.CREATE, ObjectType.EXCHANGE, expectedProperties, vh);
+    }
 
-        ObjectProperties properties = createExpectedExchangeObjectProperties();
+    public void testAuthoriseCreateQueue()
+    {
+        VirtualHost vh = getMockVirtualHost();
+        ObjectProperties expectedProperties = createExpectedQueueObjectProperties();
+
+        Queue queue = mock(Queue.class);
+        when(queue.getAttribute(ConfiguredObject.NAME)).thenReturn(TEST_QUEUE);
+        when(queue.getAttribute(ConfiguredObject.LIFETIME_POLICY)).thenReturn(LifetimePolicy.DELETE_ON_CONNECTION_CLOSE);
+        when(queue.getAttribute(Queue.OWNER)).thenReturn(null);
+        when(queue.getAttribute(Queue.EXCLUSIVE)).thenReturn(ExclusivityPolicy.NONE);
+        when(queue.getAttribute(Queue.DURABLE)).thenReturn(false);
+        when(queue.getAttribute(Queue.ALTERNATE_EXCHANGE)).thenReturn(null);
+        when(queue.getCategoryClass()).thenReturn(Queue.class);
+        when(queue.getParent(VirtualHost.class)).thenReturn(vh);
+
+        assertCreateAuthorization(queue, Operation.CREATE, ObjectType.QUEUE, expectedProperties, vh);
+    }
 
-        configureAccessPlugin(Result.ALLOWED);
-        _securityManager.authoriseCreateExchange(exchange);
-        verify(_accessControl).authorise(eq(Operation.CREATE), eq(ObjectType.EXCHANGE), eq(properties));
+    public void testAuthoriseDeleteQueue()
+    {
+        VirtualHost vh = getMockVirtualHost();
+        ObjectProperties expectedProperties = createExpectedQueueObjectProperties();
+
+        Queue queueObject = mock(Queue.class);
+        when(queueObject.getAttribute(Queue.NAME)).thenReturn(TEST_QUEUE);
+        when(queueObject.getAttribute(ConfiguredObject.LIFETIME_POLICY)).thenReturn(LifetimePolicy.DELETE_ON_CONNECTION_CLOSE);
+        when(queueObject.getAttribute(Queue.OWNER)).thenReturn(null);
+        when(queueObject.getAttribute(Queue.EXCLUSIVE)).thenReturn(ExclusivityPolicy.NONE);
+        when(queueObject.getAttribute(Queue.DURABLE)).thenReturn(false);
+        when(queueObject.getParent(VirtualHost.class)).thenReturn(vh);
+        when(queueObject.getCategoryClass()).thenReturn(Queue.class);
+
+        assertDeleteAuthorization(queueObject, Operation.DELETE, ObjectType.QUEUE, expectedProperties, vh);
+    }
 
-        configureAccessPlugin(Result.DENIED);
-        try
-        {
-            _securityManager.authoriseCreateExchange(exchange);
-            fail("AccessControlException is expected");
-        }
-        catch(AccessControlException e)
-        {
-            // pass
-        }
-        verify(_accessControl, times(2)).authorise(eq(Operation.CREATE), eq(ObjectType.EXCHANGE), eq(properties));
+    public void testAuthoriseUpdateQueue()
+    {
+        VirtualHost vh = getMockVirtualHost();
+        ObjectProperties expectedProperties = createExpectedQueueObjectProperties();
+
+        Queue queueObject = mock(Queue.class);
+        when(queueObject.getAttribute(Queue.NAME)).thenReturn(TEST_QUEUE);
+        when(queueObject.getAttribute(ConfiguredObject.LIFETIME_POLICY)).thenReturn(LifetimePolicy.DELETE_ON_CONNECTION_CLOSE);
+        when(queueObject.getAttribute(Queue.OWNER)).thenReturn(null);
+        when(queueObject.getAttribute(Queue.EXCLUSIVE)).thenReturn(ExclusivityPolicy.NONE);
+        when(queueObject.getAttribute(Queue.DURABLE)).thenReturn(false);
+        when(queueObject.getParent(VirtualHost.class)).thenReturn(vh);
+        when(queueObject.getCategoryClass()).thenReturn(Queue.class);
+
+        assertUpdateAuthorization(queueObject, Operation.UPDATE, ObjectType.QUEUE, expectedProperties, vh);
     }
 
-    public void testAuthoriseCreateQueue()
+    public void testAuthoriseUpdateExchange()
     {
-        AMQQueue<?> queue = mock(AMQQueue.class);
-        when(queue.getParent(VirtualHost.class)).thenReturn(_virtualHost);
-        when(queue.getName()).thenReturn(TEST_QUEUE);
+        VirtualHost vh = getMockVirtualHost();
+        ObjectProperties expectedProperties = createExpectedExchangeObjectProperties();
+
+        Exchange exchange = mock(Exchange.class);
+        when(exchange.getAttribute(Exchange.NAME)).thenReturn(TEST_EXCHANGE);
+        when(exchange.getAttribute(Exchange.LIFETIME_POLICY)).thenReturn(LifetimePolicy.DELETE_ON_CONNECTION_CLOSE);
+        when(exchange.getAttribute(Exchange.DURABLE)).thenReturn(false);
+        when(exchange.getAttribute(Exchange.TYPE)).thenReturn(TEST_EXCHANGE_TYPE);
+        when(exchange.getParent(VirtualHost.class)).thenReturn(vh);
+        when(exchange.getCategoryClass()).thenReturn(Exchange.class);
+
+        assertUpdateAuthorization(exchange, Operation.UPDATE, ObjectType.EXCHANGE, expectedProperties, vh);
+    }
 
-        ObjectProperties properties = createExpectedQueueObjectProperties();
+    public void testAuthoriseDeleteExchange()
+    {
+        VirtualHost vh = getMockVirtualHost();
+        ObjectProperties expectedProperties = createExpectedExchangeObjectProperties();
+
+        Exchange exchange = mock(Exchange.class);
+        when(exchange.getAttribute(Exchange.NAME)).thenReturn(TEST_EXCHANGE);
+        when(exchange.getAttribute(Exchange.LIFETIME_POLICY)).thenReturn(LifetimePolicy.DELETE_ON_CONNECTION_CLOSE);
+        when(exchange.getAttribute(Exchange.DURABLE)).thenReturn(false);
+        when(exchange.getAttribute(Exchange.TYPE)).thenReturn(TEST_EXCHANGE_TYPE);
+        when(exchange.getParent(VirtualHost.class)).thenReturn(vh);
+        when(exchange.getCategoryClass()).thenReturn(Exchange.class);
+
+        assertDeleteAuthorization(exchange, Operation.DELETE, ObjectType.EXCHANGE, expectedProperties, vh);
+    }
+
+    public void testAuthorisePublish()
+    {
+        String routingKey = "routingKey";
+        String exchangeName = "exchangeName";
+        boolean immediate = true;
+        ObjectProperties properties = new ObjectProperties(TEST_VIRTUAL_HOST, exchangeName, routingKey, immediate);
 
         configureAccessPlugin(Result.ALLOWED);
-        _securityManager.authoriseCreateQueue(queue);
-        verify(_accessControl).authorise(eq(Operation.CREATE), eq(ObjectType.QUEUE), eq(properties));
+        _securityManager.authorisePublish(immediate, routingKey, exchangeName, TEST_VIRTUAL_HOST);
+        verify(_accessControl).authorise(eq(Operation.PUBLISH), eq(ObjectType.EXCHANGE), eq(properties));
 
         configureAccessPlugin(Result.DENIED);
         try
         {
-            _securityManager.authoriseCreateQueue(queue);
+            _securityManager.authorisePublish(immediate, routingKey, exchangeName, TEST_VIRTUAL_HOST);
             fail("AccessControlException is expected");
         }
         catch(AccessControlException e)
         {
             // pass
         }
-        verify(_accessControl, times(2)).authorise(eq(Operation.CREATE), eq(ObjectType.QUEUE), eq(properties));
+        verify(_accessControl, times(2)).authorise(eq(Operation.PUBLISH), eq(ObjectType.EXCHANGE), eq(properties));
     }
 
-    public void testAuthoriseDeleteQueue()
+    public void testAuthorisePurge()
     {
-        AMQQueue<?> queue = mock(AMQQueue.class);
+        Queue queue = mock(Queue.class);
         when(queue.getParent(VirtualHost.class)).thenReturn(_virtualHost);
-        when(queue.getName()).thenReturn(TEST_QUEUE);
+        when(queue.getAttribute(Queue.NAME)).thenReturn(TEST_QUEUE);
+        when(queue.getCategoryClass()).thenReturn(Queue.class);
+        when(queue.getAttribute(Queue.DURABLE)).thenReturn(false);
+        when(queue.getAttribute(Queue.EXCLUSIVE)).thenReturn(ExclusivityPolicy.NONE);
+        when(queue.getAttribute(Queue.LIFETIME_POLICY)).thenReturn(LifetimePolicy.DELETE_ON_CONNECTION_CLOSE);
 
         ObjectProperties properties = createExpectedQueueObjectProperties();
 
         configureAccessPlugin(Result.ALLOWED);
-        _securityManager.authoriseDelete(queue);
-        verify(_accessControl).authorise(eq(Operation.DELETE), eq(ObjectType.QUEUE), eq(properties));
+        _securityManager.authorisePurge(queue);
+        verify(_accessControl).authorise(eq(Operation.PURGE), eq(ObjectType.QUEUE), eq(properties));
 
         configureAccessPlugin(Result.DENIED);
         try
         {
-            _securityManager.authoriseDelete(queue);
+            _securityManager.authorisePurge(queue);
             fail("AccessControlException is expected");
         }
         catch(AccessControlException e)
         {
             // pass
         }
-        verify(_accessControl, times(2)).authorise(eq(Operation.DELETE), eq(ObjectType.QUEUE), eq(properties));
+        verify(_accessControl, times(2)).authorise(eq(Operation.PURGE), eq(ObjectType.QUEUE), eq(properties));
     }
 
-    public void testAuthoriseUpdateQueue()
+    public void testAuthoriseUnbind()
     {
-        AMQQueue<?> queue = mock(AMQQueue.class);
+        Exchange exchange = mock(Exchange.class);
+        when(exchange.getParent(VirtualHost.class)).thenReturn(_virtualHost);
+        when(exchange.getAttribute(Exchange.NAME)).thenReturn(TEST_EXCHANGE);
+        when(exchange.getCategoryClass()).thenReturn(Exchange.class);
+
+        Queue queue = mock(Queue.class);
         when(queue.getParent(VirtualHost.class)).thenReturn(_virtualHost);
-        when(queue.getName()).thenReturn(TEST_QUEUE);
+        when(queue.getAttribute(Queue.NAME)).thenReturn(TEST_QUEUE);
+        when(queue.getAttribute(Queue.DURABLE)).thenReturn(true);
+        when(queue.getAttribute(Queue.LIFETIME_POLICY)).thenReturn(LifetimePolicy.PERMANENT);
+        when(queue.getCategoryClass()).thenReturn(Queue.class);
 
-        ObjectProperties properties = createExpectedQueueObjectProperties();
+        Binding binding = mock(Binding.class);
+        when(binding.getParent(Exchange.class)).thenReturn(exchange);
+        when(binding.getParent(Queue.class)).thenReturn(queue);
+        when(binding.getAttribute(Binding.NAME)).thenReturn("bindingKey");
+        when(binding.getCategoryClass()).thenReturn(Binding.class);
 
-        configureAccessPlugin(Result.ALLOWED);
-        _securityManager.authoriseUpdate(queue);
-        verify(_accessControl).authorise(eq(Operation.UPDATE), eq(ObjectType.QUEUE), eq(properties));
+        ObjectProperties properties = new ObjectProperties();
+        properties.put(Property.NAME, TEST_EXCHANGE);
+        properties.put(Property.VIRTUALHOST_NAME, TEST_VIRTUAL_HOST);
+        properties.put(Property.QUEUE_NAME, TEST_QUEUE);
+        properties.put(Property.ROUTING_KEY, "bindingKey");
+        properties.put(Property.TEMPORARY, false);
+        properties.put(Property.DURABLE, true);
 
-        configureAccessPlugin(Result.DENIED);
-        try
-        {
-            _securityManager.authoriseUpdate(queue);
-            fail("AccessControlException is expected");
-        }
-        catch(AccessControlException e)
-        {
-            // pass
-        }
-        verify(_accessControl, times(2)).authorise(eq(Operation.UPDATE), eq(ObjectType.QUEUE), eq(properties));
+        assertDeleteAuthorization(binding, Operation.UNBIND, ObjectType.EXCHANGE, properties, exchange, queue);
     }
 
-    public void testAuthoriseUpdateExchange()
+    public void testAuthoriseCreateVirtualHostNode()
     {
-        ExchangeImpl<?> exchange = mock(ExchangeImpl.class);
-        when(exchange.getParent(VirtualHost.class)).thenReturn(_virtualHost);
-        when(exchange.getName()).thenReturn(TEST_EXCHANGE);
-        when(exchange.getType()).thenReturn(TEST_EXCHANGE_TYPE);
+        VirtualHostNode vhn = getMockVirtualHostNode();
+        assertCreateAuthorization(vhn, Operation.CREATE, ObjectType.VIRTUALHOSTNODE, new ObjectProperties("testVHN"), _broker);
+    }
 
-        ObjectProperties properties = createExpectedExchangeObjectProperties();
+    public void testAuthoriseCreatePort()
+    {
+        Port port = mock(Port.class);
+        when(port.getParent(Broker.class)).thenReturn(_broker);
+        when(port.getAttribute(ConfiguredObject.NAME)).thenReturn("TEST");
+        when(port.getCategoryClass()).thenReturn(Port.class);
 
-        configureAccessPlugin(Result.ALLOWED);
-        _securityManager.authoriseUpdate(exchange);
-        verify(_accessControl).authorise(eq(Operation.UPDATE), eq(ObjectType.EXCHANGE), eq(properties));
+        assertBrokerChildCreateAuthorization(port);
+    }
 
-        configureAccessPlugin(Result.DENIED);
-        try
-        {
-            _securityManager.authoriseUpdate(exchange);
-            fail("AccessControlException is expected");
-        }
-        catch(AccessControlException e)
-        {
-            // pass
-        }
-        verify(_accessControl, times(2)).authorise(eq(Operation.UPDATE), eq(ObjectType.EXCHANGE), eq(properties));
+    public void testAuthoriseCreateAuthenticationProvider()
+    {
+        AuthenticationProvider authenticationProvider = mock(AuthenticationProvider.class);
+        when(authenticationProvider.getParent(Broker.class)).thenReturn(_broker);
+        when(authenticationProvider.getAttribute(ConfiguredObject.NAME)).thenReturn("TEST");
+        when(authenticationProvider.getCategoryClass()).thenReturn(AuthenticationProvider.class);
+
+        assertBrokerChildCreateAuthorization(authenticationProvider);
     }
 
-    public void testAuthoriseDeleteExchange()
+    public void testAuthoriseCreateGroupProvider()
     {
-        ExchangeImpl<?> exchange = mock(ExchangeImpl.class);
-        when(exchange.getParent(VirtualHost.class)).thenReturn(_virtualHost);
-        when(exchange.getName()).thenReturn(TEST_EXCHANGE);
-        when(exchange.getType()).thenReturn(TEST_EXCHANGE_TYPE);
+        GroupProvider groupProvider = mock(GroupProvider.class);
+        when(groupProvider.getParent(Broker.class)).thenReturn(_broker);
+        when(groupProvider.getAttribute(ConfiguredObject.NAME)).thenReturn("TEST");
+        when(groupProvider.getCategoryClass()).thenReturn(GroupProvider.class);
 
-        ObjectProperties properties = createExpectedExchangeObjectProperties();
+        assertBrokerChildCreateAuthorization(groupProvider);
+    }
 
-        configureAccessPlugin(Result.ALLOWED);
-        _securityManager.authoriseDelete(exchange);
-        verify(_accessControl).authorise(eq(Operation.DELETE), eq(ObjectType.EXCHANGE), eq(properties));
+    public void testAuthoriseCreateAccessControlProvider()
+    {
+        AccessControlProvider accessControlProvider = mock(AccessControlProvider.class);
+        when(accessControlProvider.getParent(Broker.class)).thenReturn(_broker);
+        when(accessControlProvider.getAttribute(ConfiguredObject.NAME)).thenReturn("TEST");
+        when(accessControlProvider.getCategoryClass()).thenReturn(AccessControlProvider.class);
 
-        configureAccessPlugin(Result.DENIED);
-        try
-        {
-            _securityManager.authoriseDelete(exchange);
-            fail("AccessControlException is expected");
-        }
-        catch(AccessControlException e)
-        {
-            // pass
-        }
-        verify(_accessControl, times(2)).authorise(eq(Operation.DELETE), eq(ObjectType.EXCHANGE), eq(properties));
+        assertBrokerChildCreateAuthorization(accessControlProvider);
     }
 
-    public void testAuthoriseGroupOperation()
+    public void testAuthoriseCreateKeyStore()
     {
-        ObjectProperties properties = new ObjectProperties("testGroup");
+        KeyStore keyStore = mock(KeyStore.class);
+        when(keyStore.getParent(Broker.class)).thenReturn(_broker);
+        when(keyStore.getAttribute(ConfiguredObject.NAME)).thenReturn("TEST");
+        when(keyStore.getCategoryClass()).thenReturn(KeyStore.class);
 
-         configureAccessPlugin(Result.ALLOWED);
-        _securityManager.authoriseGroupOperation(Operation.CREATE, "testGroup");
-        verify(_accessControl).authorise(eq(Operation.CREATE), eq(ObjectType.GROUP), eq(properties));
+        assertBrokerChildCreateAuthorization(keyStore);
+    }
 
-        configureAccessPlugin(Result.DENIED);
-        try
-        {
-            _securityManager.authoriseGroupOperation(Operation.CREATE, "testGroup");
-            fail("AccessControlException is expected");
-        }
-        catch(AccessControlException e)
-        {
-            // pass
-        }
-        verify(_accessControl, times(2)).authorise(eq(Operation.CREATE), eq(ObjectType.GROUP), eq(properties));
+    public void testAuthoriseCreateTrustStore()
+    {
+        TrustStore trustStore = mock(TrustStore.class);
+        when(trustStore.getParent(Broker.class)).thenReturn(_broker);
+        when(trustStore.getAttribute(ConfiguredObject.NAME)).thenReturn("TEST");
+        when(trustStore.getCategoryClass()).thenReturn(TrustStore.class);
+
+        assertBrokerChildCreateAuthorization(trustStore);
     }
 
-    public void testAuthoriseUserOperation()
+    public void testAuthoriseCreateGroup()
     {
-        ObjectProperties properties = new ObjectProperties("testUser");
+        GroupProvider groupProvider = mock(GroupProvider.class);
+        when(groupProvider.getCategoryClass()).thenReturn(GroupProvider.class);
+        when(groupProvider.getAttribute(GroupProvider.NAME)).thenReturn("testGroupProvider");
+        when(groupProvider.getModel()).thenReturn(BrokerModel.getInstance());
 
-        configureAccessPlugin(Result.ALLOWED);
-       _securityManager.authoriseUserOperation(Operation.CREATE, "testUser");
-       verify(_accessControl).authorise(eq(Operation.CREATE), eq(ObjectType.USER), eq(properties));
+        Group group = mock(Group.class);
+        when(group.getCategoryClass()).thenReturn(Group.class);
+        when(group.getParent(GroupProvider.class)).thenReturn(groupProvider);
+        when(group.getAttribute(Group.NAME)).thenReturn("test");
 
-       configureAccessPlugin(Result.DENIED);
-       try
-       {
-           _securityManager.authoriseUserOperation(Operation.CREATE, "testUser");
-           fail("AccessControlException is expected");
-       }
-       catch(AccessControlException e)
-       {
-           // pass
-       }
-       verify(_accessControl, times(2)).authorise(eq(Operation.CREATE), eq(ObjectType.USER), eq(properties));
+        assertCreateAuthorization(group, Operation.CREATE, ObjectType.GROUP, new ObjectProperties("test"), groupProvider);
     }
 
-    public void testAuthorisePublish()
+    public void testAuthoriseCreateGroupMember()
     {
-        String routingKey = "routingKey";
-        String exchangeName = "exchangeName";
-        boolean immediate = true;
-        ObjectProperties properties = new ObjectProperties(TEST_VIRTUAL_HOST, exchangeName, routingKey, immediate);
+        Group group = mock(Group.class);
+        when(group.getCategoryClass()).thenReturn(Group.class);
+        when(group.getAttribute(Group.NAME)).thenReturn("testGroup");
+        when(group.getModel()).thenReturn(BrokerModel.getInstance());
 
-        configureAccessPlugin(Result.ALLOWED);
-        _securityManager.authorisePublish(immediate, routingKey, exchangeName, TEST_VIRTUAL_HOST);
-        verify(_accessControl).authorise(eq(Operation.PUBLISH), eq(ObjectType.EXCHANGE), eq(properties));
+        GroupMember groupMember = mock(GroupMember.class);
+        when(groupMember.getCategoryClass()).thenReturn(GroupMember.class);
+        when(groupMember.getParent(Group.class)).thenReturn(group);
+        when(groupMember.getAttribute(Group.NAME)).thenReturn("test");
 
-        configureAccessPlugin(Result.DENIED);
-        try
-        {
-            _securityManager.authorisePublish(immediate, routingKey, exchangeName, TEST_VIRTUAL_HOST);
-            fail("AccessControlException is expected");
-        }
-        catch(AccessControlException e)
-        {
-            // pass
-        }
-        verify(_accessControl, times(2)).authorise(eq(Operation.PUBLISH), eq(ObjectType.EXCHANGE), eq(properties));
+        assertCreateAuthorization(groupMember, Operation.UPDATE, ObjectType.GROUP, new ObjectProperties("test"), group);
     }
 
-    public void testAuthorisePurge()
+    public void testAuthoriseCreateUser()
     {
-        AMQQueue<?> queue = mock(AMQQueue.class);
-        when(queue.getParent(VirtualHost.class)).thenReturn(_virtualHost);
-        when(queue.getName()).thenReturn(TEST_QUEUE);
+        AuthenticationProvider authenticationProvider = mock(AuthenticationProvider.class);
+        when(authenticationProvider.getCategoryClass()).thenReturn(AuthenticationProvider.class);
+        when(authenticationProvider.getAttribute(AuthenticationProvider.NAME)).thenReturn("testAuthenticationProvider");
+        when(authenticationProvider.getModel()).thenReturn(BrokerModel.getInstance());
+
+        User user = mock(User.class);
+        when(user.getCategoryClass()).thenReturn(User.class);
+        when(user.getAttribute(User.NAME)).thenReturn("test");
+        when(user.getParent(AuthenticationProvider.class)).thenReturn(authenticationProvider);
+        when(user.getModel()).thenReturn(BrokerModel.getInstance());
+
+        assertCreateAuthorization(user, Operation.CREATE, ObjectType.USER, new ObjectProperties("test"), authenticationProvider);
+    }
 
-        ObjectProperties properties = createExpectedQueueObjectProperties();
+    public void testAuthoriseCreateVirtualHost()
+    {
+        VirtualHost vh = getMockVirtualHost();
+        assertCreateAuthorization(vh, Operation.CREATE, ObjectType.VIRTUALHOST, new ObjectProperties(TEST_VIRTUAL_HOST), _virtualHostNode);
+    }
 
-        configureAccessPlugin(Result.ALLOWED);
-        _securityManager.authorisePurge(queue);
-        verify(_accessControl).authorise(eq(Operation.PURGE), eq(ObjectType.QUEUE), eq(properties));
+    public void testAuthoriseUpdateVirtualHostNode()
+    {
+        VirtualHostNode vhn = getMockVirtualHostNode();
+        assertUpdateAuthorization(vhn, Operation.UPDATE, ObjectType.VIRTUALHOSTNODE, new ObjectProperties(vhn.getName()), vhn);
+    }
 
-        configureAccessPlugin(Result.DENIED);
-        try
-        {
-            _securityManager.authorisePurge(queue);
-            fail("AccessControlException is expected");
-        }
-        catch(AccessControlException e)
-        {
-            // pass
-        }
-        verify(_accessControl, times(2)).authorise(eq(Operation.PURGE), eq(ObjectType.QUEUE), eq(properties));
+    public void testAuthoriseUpdatePort()
+    {
+        Port mock = mock(Port.class);
+        when(mock.getAttribute(ConfiguredObject.NAME)).thenReturn("test");
+        when(mock.getCategoryClass()).thenReturn(Port.class);
+        when(mock.getParent(Broker.class)).thenReturn(_broker);
+        assertBrokerChildUpdateAuthorization(mock);
     }
 
+    public void testAuthoriseUpdateAuthenticationProvider()
+    {
+        AuthenticationProvider mock = mock(AuthenticationProvider.class);
+        when(mock.getAttribute(ConfiguredObject.NAME)).thenReturn("test");
+        when(mock.getCategoryClass()).thenReturn(AuthenticationProvider.class);
+        when(mock.getParent(Broker.class)).thenReturn(_broker);
+        assertBrokerChildUpdateAuthorization(mock);
+    }
 
-    public void testAuthoriseUnbind()
+    public void testAuthoriseUpdateGroupProvider()
+    {
+        GroupProvider mock = mock(GroupProvider.class);
+        when(mock.getAttribute(ConfiguredObject.NAME)).thenReturn("test");
+        when(mock.getCategoryClass()).thenReturn(GroupProvider.class);
+        when(mock.getParent(Broker.class)).thenReturn(_broker);
+        assertBrokerChildUpdateAuthorization(mock);
+    }
+
+    public void testAuthoriseUpdateAccessControlProvider()
+    {
+        AccessControlProvider mock = mock(AccessControlProvider.class);
+        when(mock.getAttribute(ConfiguredObject.NAME)).thenReturn("test");
+        when(mock.getCategoryClass()).thenReturn(AccessControlProvider.class);
+        when(mock.getParent(Broker.class)).thenReturn(_broker);
+        assertBrokerChildUpdateAuthorization(mock);
+    }
+
+    public void testAuthoriseUpdateKeyStore()
+    {
+        KeyStore mock = mock(KeyStore.class);
+        when(mock.getAttribute(ConfiguredObject.NAME)).thenReturn("test");
+        when(mock.getCategoryClass()).thenReturn(KeyStore.class);
+        when(mock.getParent(Broker.class)).thenReturn(_broker);
+        assertBrokerChildUpdateAuthorization(mock);
+    }
+
+    public void testAuthoriseUpdateTrustStore()
     {
-        ExchangeImpl exchange = mock(ExchangeImpl.class);
+        TrustStore mock = mock(TrustStore.class);
+        when(mock.getAttribute(ConfiguredObject.NAME)).thenReturn("test");
+        when(mock.getCategoryClass()).thenReturn(TrustStore.class);
+        when(mock.getParent(Broker.class)).thenReturn(_broker);
+        assertBrokerChildUpdateAuthorization(mock);
+    }
+
+    public void testAuthoriseUpdateGroup()
+    {
+        GroupProvider groupProvider = mock(GroupProvider.class);
+        when(groupProvider.getCategoryClass()).thenReturn(GroupProvider.class);
+        when(groupProvider.getName()).thenReturn("testGroupProvider");
+        Group mock = mock(Group.class);
+        when(mock.getAttribute(ConfiguredObject.NAME)).thenReturn("test");
+        when(mock.getCategoryClass()).thenReturn(Group.class);
+        when(mock.getParent(GroupProvider.class)).thenReturn(groupProvider);
+        ObjectProperties properties = new ObjectProperties((String)mock.getAttribute(ConfiguredObject.NAME));
+        assertUpdateAuthorization(mock, Operation.UPDATE, ObjectType.GROUP, properties, groupProvider);
+    }
+
+    public void testAuthoriseUpdateGroupMember()
+    {
+        Group group = mock(Group.class);
+        when(group.getCategoryClass()).thenReturn(Group.class);
+        when(group.getName()).thenReturn("testGroup");
+        GroupMember mock = mock(GroupMember.class);
+        when(mock.getAttribute(ConfiguredObject.NAME)).thenReturn("test");
+        when(mock.getCategoryClass()).thenReturn(GroupMember.class);
+        when(mock.getParent(Group.class)).thenReturn(group);
+        ObjectProperties properties = new ObjectProperties((String)mock.getAttribute(ConfiguredObject.NAME));
+        assertUpdateAuthorization(mock, Operation.UPDATE, ObjectType.GROUP, properties, group);
+    }
+
+    public void testAuthoriseUpdateUser()
+    {
+        AuthenticationProvider authenticationProvider = mock(AuthenticationProvider.class);
+        when(authenticationProvider.getCategoryClass()).thenReturn(AuthenticationProvider.class);
+        when(authenticationProvider.getName()).thenReturn("testAuthenticationProvider");
+        User mock = mock(User.class);
+        when(mock.getAttribute(ConfiguredObject.NAME)).thenReturn("test");
+        when(mock.getCategoryClass()).thenReturn(User.class);
+        when(mock.getParent(AuthenticationProvider.class)).thenReturn(authenticationProvider);
+        ObjectProperties properties = new ObjectProperties((String)mock.getAttribute(ConfiguredObject.NAME));
+        assertUpdateAuthorization(mock, Operation.UPDATE, ObjectType.USER, properties, authenticationProvider);
+    }
+
+    public void testAuthoriseUpdateVirtualHost()
+    {
+        VirtualHostNode vhn = getMockVirtualHostNode();
+
+        VirtualHost mock = mock(VirtualHost.class);
+        when(mock.getAttribute(ConfiguredObject.NAME)).thenReturn("test");
+        when(mock.getCategoryClass()).thenReturn(VirtualHost.class);
+        when(mock.getParent(VirtualHostNode.class)).thenReturn(vhn);
+        ObjectProperties properties = new ObjectProperties((String)mock.getAttribute(ConfiguredObject.NAME));
+        assertUpdateAuthorization(mock, Operation.UPDATE, ObjectType.VIRTUALHOST, properties, vhn);
+    }
+
+    public void testAuthoriseDeleteVirtualHostNode()
+    {
+        VirtualHostNode vhn = getMockVirtualHostNode();
+        assertDeleteAuthorization(vhn, Operation.DELETE, ObjectType.VIRTUALHOSTNODE, new ObjectProperties(vhn.getName()), vhn);
+    }
+
+    public void testAuthoriseDeletePort()
+    {
+        Port mock = mock(Port.class);
+        when(mock.getAttribute(ConfiguredObject.NAME)).thenReturn("test");
+        when(mock.getCategoryClass()).thenReturn(Port.class);
+        when(mock.getParent(Broker.class)).thenReturn(_broker);
+        assertBrokerChildDeleteAuthorization(mock);
+    }
+
+    public void testAuthoriseDeleteAuthenticationProvider()
+    {
+        AuthenticationProvider mock = mock(AuthenticationProvider.class);
+        when(mock.getAttribute(ConfiguredObject.NAME)).thenReturn("test");
+        when(mock.getCategoryClass()).thenReturn(AuthenticationProvider.class);
+        when(mock.getParent(Broker.class)).thenReturn(_broker);
+        assertBrokerChildDeleteAuthorization(mock);
+    }
+
+    public void testAuthoriseDeleteGroupProvider()
+    {
+        GroupProvider mock = mock(GroupProvider.class);
+        when(mock.getAttribute(ConfiguredObject.NAME)).thenReturn("test");
+        when(mock.getCategoryClass()).thenReturn(GroupProvider.class);
+        when(mock.getParent(Broker.class)).thenReturn(_broker);
+        assertBrokerChildDeleteAuthorization(mock);
+    }
+
+    public void testAuthoriseDeleteAccessControlProvider()
+    {
+        AccessControlProvider mock = mock(AccessControlProvider.class);
+        when(mock.getAttribute(ConfiguredObject.NAME)).thenReturn("test");
+        when(mock.getCategoryClass()).thenReturn(AccessControlProvider.class);
+        when(mock.getParent(Broker.class)).thenReturn(_broker);
+        assertBrokerChildDeleteAuthorization(mock);
+    }
+
+    public void testAuthoriseDeleteKeyStore()
+    {
+        KeyStore mock = mock(KeyStore.class);
+        when(mock.getAttribute(ConfiguredObject.NAME)).thenReturn("test");
+        when(mock.getCategoryClass()).thenReturn(KeyStore.class);
+        when(mock.getParent(Broker.class)).thenReturn(_broker);
+        assertBrokerChildDeleteAuthorization(mock);
+    }
+
+    public void testAuthoriseDeleteTrustStore()
+    {
+        TrustStore mock = mock(TrustStore.class);
+        when(mock.getAttribute(ConfiguredObject.NAME)).thenReturn("test");
+        when(mock.getCategoryClass()).thenReturn(TrustStore.class);
+        when(mock.getParent(Broker.class)).thenReturn(_broker);
+        assertBrokerChildDeleteAuthorization(mock);
+    }
+
+    public void testAuthoriseDeleteGroup()
+    {
+        GroupProvider groupProvider = mock(GroupProvider.class);
+        when(groupProvider.getCategoryClass()).thenReturn(GroupProvider.class);
+        when(groupProvider.getName()).thenReturn("testGroupProvider");
+        Group mock = mock(Group.class);
+        when(mock.getAttribute(ConfiguredObject.NAME)).thenReturn("test");
+        when(mock.getCategoryClass()).thenReturn(Group.class);
+        when(mock.getParent(GroupProvider.class)).thenReturn(groupProvider);
+        ObjectProperties properties = new ObjectProperties((String)mock.getAttribute(ConfiguredObject.NAME));
+        assertDeleteAuthorization(mock, Operation.DELETE, ObjectType.GROUP, properties, groupProvider);
+    }
+
+    public void testAuthoriseDeleteGroupMember()
+    {
+        Group group = mock(Group.class);
+        when(group.getCategoryClass()).thenReturn(Group.class);
+        when(group.getName()).thenReturn("testGroup");
+        GroupMember mock = mock(GroupMember.class);
+        when(mock.getAttribute(ConfiguredObject.NAME)).thenReturn("test");
+        when(mock.getCategoryClass()).thenReturn(GroupMember.class);
+        when(mock.getParent(Group.class)).thenReturn(group);
+        ObjectProperties properties = new ObjectProperties((String)mock.getAttribute(ConfiguredObject.NAME));
+        assertDeleteAuthorization(mock, Operation.UPDATE, ObjectType.GROUP, properties, group);
+    }
+
+    public void testAuthoriseDeleteUser()
+    {
+        AuthenticationProvider authenticationProvider = mock(AuthenticationProvider.class);
+        when(authenticationProvider.getCategoryClass()).thenReturn(AuthenticationProvider.class);
+        when(authenticationProvider.getName()).thenReturn("testAuthenticationProvider");
+        User mock = mock(User.class);
+        when(mock.getAttribute(ConfiguredObject.NAME)).thenReturn("test");
+        when(mock.getCategoryClass()).thenReturn(User.class);
+        when(mock.getParent(AuthenticationProvider.class)).thenReturn(authenticationProvider);
+        ObjectProperties properties = new ObjectProperties((String)mock.getAttribute(ConfiguredObject.NAME));
+        assertDeleteAuthorization(mock, Operation.DELETE, ObjectType.USER, properties, authenticationProvider);
+    }
+
+    public void testAuthoriseDeleteVirtualHost()
+    {
+        VirtualHostNode vhn = getMockVirtualHostNode();
+
+        VirtualHost mock = mock(VirtualHost.class);
+        when(mock.getAttribute(ConfiguredObject.NAME)).thenReturn("test");
+        when(mock.getCategoryClass()).thenReturn(VirtualHost.class);
+        when(mock.getParent(VirtualHostNode.class)).thenReturn(vhn);
+        ObjectProperties properties = new ObjectProperties((String)mock.getAttribute(ConfiguredObject.NAME));
+        assertDeleteAuthorization(mock, Operation.DELETE, ObjectType.VIRTUALHOST, properties, vhn);
+    }
+
+    public void testAuthoriseDeleteBinding()
+    {
+        Exchange exchange = mock(Exchange.class);
         when(exchange.getParent(VirtualHost.class)).thenReturn(_virtualHost);
-        when(exchange.getName()).thenReturn(TEST_EXCHANGE);
+        when(exchange.getAttribute(Exchange.NAME)).thenReturn(TEST_EXCHANGE);
+        when(exchange.getCategoryClass()).thenReturn(Exchange.class);
 
-        AMQQueue<?> queue = mock(AMQQueue.class);
+        Queue queue = mock(Queue.class);
         when(queue.getParent(VirtualHost.class)).thenReturn(_virtualHost);
-        when(queue.getName()).thenReturn(TEST_QUEUE);
-        when(queue.isDurable()).thenReturn(true);
-        when(queue.getLifetimePolicy()).thenReturn(LifetimePolicy.PERMANENT);
+        when(queue.getAttribute(Queue.NAME)).thenReturn(TEST_QUEUE);
+        when(queue.getAttribute(Queue.DURABLE)).thenReturn(true);
+        when(queue.getAttribute(Queue.LIFETIME_POLICY)).thenReturn(LifetimePolicy.PERMANENT);
+        when(queue.getCategoryClass()).thenReturn(Queue.class);
 
-        BindingImpl binding = mock(BindingImpl.class);
-        when(binding.getExchange()).thenReturn(exchange);
-        when(binding.getAMQQueue()).thenReturn(queue);
-        when(binding.getBindingKey()).thenReturn("bindingKey");
+        Binding binding = mock(Binding.class);
+        when(binding.getParent(Exchange.class)).thenReturn(exchange);
+        when(binding.getParent(Queue.class)).thenReturn(queue);
+        when(binding.getAttribute(Binding.NAME)).thenReturn("bindingKey");
+        when(binding.getCategoryClass()).thenReturn(Binding.class);
 
         ObjectProperties properties = new ObjectProperties();
         properties.put(Property.NAME, TEST_EXCHANGE);
@@ -496,35 +812,141 @@ public class SecurityManagerTest extends QpidTestCase
         properties.put(Property.TEMPORARY, false);
         properties.put(Property.DURABLE, true);
 
+        assertDeleteAuthorization(binding, Operation.UNBIND, ObjectType.EXCHANGE, properties, exchange, queue);
+    }
+
+    private VirtualHost getMockVirtualHost()
+    {
+        VirtualHost vh = mock(VirtualHost.class);
+        when(vh.getCategoryClass()).thenReturn(VirtualHost.class);
+        when(vh.getName()).thenReturn(TEST_VIRTUAL_HOST);
+        when(vh.getAttribute(VirtualHost.NAME)).thenReturn(TEST_VIRTUAL_HOST);
+        when(vh.getParent(VirtualHostNode.class)).thenReturn(_virtualHostNode);
+        when(vh.getModel()).thenReturn(BrokerModel.getInstance());
+        return vh;
+    }
+
+    private VirtualHostNode getMockVirtualHostNode()
+    {
+        VirtualHostNode vhn = mock(VirtualHostNode.class);
+        when(vhn.getCategoryClass()).thenReturn(VirtualHostNode.class);
+        when(vhn.getName()).thenReturn("testVHN");
+        when(vhn.getAttribute(ConfiguredObject.NAME)).thenReturn("testVHN");
+        when(vhn.getParent(Broker.class)).thenReturn(_broker);
+        when(vhn.getModel()).thenReturn(BrokerModel.getInstance());
+        return vhn;
+    }
+
+    private void assertBrokerChildCreateAuthorization(ConfiguredObject object)
+    {
+        String description = String.format("%s %s '%s'",
+                Operation.CREATE.name().toLowerCase(),
+                object.getCategoryClass().getSimpleName().toLowerCase(),
+                "TEST");
+        ObjectProperties properties = new OperationLoggingDetails(description);
+        assertCreateAuthorization(object, Operation.CONFIGURE, ObjectType.BROKER, properties, _broker );
+    }
+
+    private void assertBrokerChildUpdateAuthorization(ConfiguredObject configuredObject)
+    {
+        String description = String.format("%s %s '%s'",
+                Operation.UPDATE.name().toLowerCase(),
+                configuredObject.getCategoryClass().getSimpleName().toLowerCase(),
+                configuredObject.getAttribute(ConfiguredObject.NAME));
+        ObjectProperties properties = new OperationLoggingDetails(description);
+
+        assertUpdateAuthorization(configuredObject, Operation.CONFIGURE, ObjectType.BROKER,
+                properties, _broker );
+    }
+
+    private void assertBrokerChildDeleteAuthorization(ConfiguredObject configuredObject)
+    {
+        String description = String.format("%s %s '%s'",
+                Operation.DELETE.name().toLowerCase(),
+                configuredObject.getCategoryClass().getSimpleName().toLowerCase(),
+                configuredObject.getAttribute(ConfiguredObject.NAME));
+        ObjectProperties properties = new OperationLoggingDetails(description);
+
+        assertDeleteAuthorization(configuredObject, Operation.CONFIGURE, ObjectType.BROKER,
+                properties, _broker );
+    }
 
+    private void assertAuthorization(Operation operation, ConfiguredObject<?> configuredObject, Operation aclOperation, ObjectType aclObjectType, ObjectProperties expectedProperties, ConfiguredObject... objects)
+    {
         configureAccessPlugin(Result.ALLOWED);
-        _securityManager.authoriseUnbind(binding);
-        verify(_accessControl).authorise(eq(Operation.UNBIND), eq(ObjectType.EXCHANGE), eq(properties));
+        _securityManager.authorise(operation, configuredObject);
+        verify(_accessControl).authorise(eq(aclOperation), eq(aclObjectType), eq(expectedProperties));
 
         configureAccessPlugin(Result.DENIED);
         try
         {
-            _securityManager.authoriseUnbind(binding);
+            _securityManager.authorise(operation, configuredObject);
             fail("AccessControlException is expected");
         }
         catch(AccessControlException e)
         {
-            // pass
+            String expectedMessage = "Permission " + aclOperation.name() + " "
+                    + aclObjectType.name() +" is denied for : " + operation.name() + " "
+                    + configuredObject.getCategoryClass().getSimpleName() + " '"
+                    + configuredObject.getAttribute(ConfiguredObject.NAME) + "' on";
+
+            assertTrue("Unexpected exception message: " + e.getMessage() + " vs " + expectedMessage,
+                    e.getMessage().startsWith(expectedMessage));
+            for (ConfiguredObject object: objects)
+            {
+                String parentInfo = object.getCategoryClass().getSimpleName() + " '"
+                        + object.getAttribute(ConfiguredObject.NAME) + "'";
+                assertTrue("Exception message does not contain information about parent object "
+                                + object.getCategoryClass() + " " + object.getAttribute(ConfiguredObject.NAME) + ":"
+                                + e.getMessage(),
+                        e.getMessage().contains(parentInfo));
+            }
         }
-        verify(_accessControl, times(2)).authorise(eq(Operation.UNBIND), eq(ObjectType.EXCHANGE), eq(properties));
+
+        verify(_accessControl, times(2)).authorise(eq(aclOperation), eq(aclObjectType), eq(expectedProperties));
     }
 
-    public void testAuthoriseConfiguringBroker()
+    private void assertDeleteAuthorization(ConfiguredObject<?> configuredObject, Operation aclOperation, ObjectType aclObjectType, ObjectProperties expectedProperties, ConfiguredObject... objects)
     {
-        OperationLoggingDetails properties = new OperationLoggingDetails("create virtualhost 'test'");
+        assertAuthorization(Operation.DELETE, configuredObject, aclOperation, aclObjectType, expectedProperties, objects);
+    }
 
+    private void assertUpdateAuthorization(ConfiguredObject<?> configuredObject, Operation aclOperation, ObjectType aclObjectType, ObjectProperties expectedProperties, ConfiguredObject... objects)
+    {
+        assertAuthorization(Operation.UPDATE, configuredObject, aclOperation, aclObjectType, expectedProperties, objects);
+    }
+
+    private void assertCreateAuthorization(ConfiguredObject<?> configuredObject, Operation aclOperation, ObjectType aclObjectType, ObjectProperties expectedProperties, ConfiguredObject<?>... parents)
+    {
         configureAccessPlugin(Result.ALLOWED);
-        assertTrue(_securityManager.authoriseConfiguringBroker("test", VirtualHost.class, Operation.CREATE));
-        verify(_accessControl).authorise(eq(Operation.CONFIGURE), eq(ObjectType.BROKER), eq(properties));
+        _securityManager.authorise(Operation.CREATE, configuredObject);
+        verify(_accessControl).authorise(eq(aclOperation), eq(aclObjectType), eq(expectedProperties));
 
         configureAccessPlugin(Result.DENIED);
-        assertFalse(_securityManager.authoriseConfiguringBroker("test", VirtualHost.class, Operation.CREATE));
-        verify(_accessControl, times(2)).authorise(eq(Operation.CONFIGURE), eq(ObjectType.BROKER), eq(properties));
+        try
+        {
+            _securityManager.authorise(Operation.CREATE, configuredObject);
+            fail("AccessControlException is expected");
+        }
+        catch(AccessControlException e)
+        {
+            String expectedMessage = "Permission " + aclOperation.name() + " "
+                    + aclObjectType.name() +" is denied for : CREATE " + configuredObject.getCategoryClass().getSimpleName() + " '"
+                    + configuredObject.getAttribute(ConfiguredObject.NAME) + "' on";
+
+            assertTrue("Unexpected exception message", e.getMessage().startsWith(expectedMessage));
+            for (ConfiguredObject object: parents)
+            {
+                String parentInfo = object.getCategoryClass().getSimpleName() + " '"
+                        + object.getAttribute(ConfiguredObject.NAME) + "'";
+                assertTrue("Exception message does not contain information about parent configuredObject "
+                                + parentInfo + ": "
+                                + e.getMessage(),
+                        e.getMessage().contains(parentInfo));
+            }
+        }
+
+        verify(_accessControl, times(2)).authorise(eq(aclOperation), eq(aclObjectType), eq(expectedProperties));
     }
 
     public void testAuthoriseLogsAccess()
@@ -548,7 +970,7 @@ public class SecurityManagerTest extends QpidTestCase
         ObjectProperties properties = new ObjectProperties();
         properties.put(Property.NAME, TEST_EXCHANGE);
         properties.put(Property.VIRTUALHOST_NAME, TEST_VIRTUAL_HOST);
-        properties.put(Property.AUTO_DELETE, false);
+        properties.put(Property.AUTO_DELETE, true);
         properties.put(Property.TEMPORARY, true);
         properties.put(Property.DURABLE, false);
         properties.put(Property.TYPE, TEST_EXCHANGE_TYPE);
diff --git a/qpid/java/broker-core/src/test/java/org/apache/qpid/server/util/BrokerTestHelper.java b/qpid/java/broker-core/src/test/java/org/apache/qpid/server/util/BrokerTestHelper.java
index 2f44218cf1..0f256d0999 100644
--- a/qpid/java/broker-core/src/test/java/org/apache/qpid/server/util/BrokerTestHelper.java
+++ b/qpid/java/broker-core/src/test/java/org/apache/qpid/server/util/BrokerTestHelper.java
@@ -196,7 +196,10 @@ public class BrokerTestHelper
 
     public static ExchangeImpl<?> createExchange(String hostName, final boolean durable, final EventLogger eventLogger) throws Exception
     {
-        SecurityManager securityManager = new SecurityManager(mock(Broker.class), false);
+        Broker broker = mock(Broker.class);
+        when(broker.getModel()).thenReturn(BrokerModel.getInstance());
+        when(broker.getCategoryClass()).thenReturn(Broker.class);
+        SecurityManager securityManager = new SecurityManager(broker, false);
         final VirtualHostImpl<?,?,?> virtualHost = mock(VirtualHostImpl.class);
         when(virtualHost.getName()).thenReturn(hostName);
         when(virtualHost.getSecurityManager()).thenReturn(securityManager);
diff --git a/qpid/java/broker-core/src/test/java/org/apache/qpid/server/virtualhost/AbstractVirtualHostTest.java b/qpid/java/broker-core/src/test/java/org/apache/qpid/server/virtualhost/AbstractVirtualHostTest.java
index 889097f850..1231f5393e 100644
--- a/qpid/java/broker-core/src/test/java/org/apache/qpid/server/virtualhost/AbstractVirtualHostTest.java
+++ b/qpid/java/broker-core/src/test/java/org/apache/qpid/server/virtualhost/AbstractVirtualHostTest.java
@@ -50,12 +50,11 @@ import org.apache.qpid.server.security.SecurityManager;
 import org.apache.qpid.server.store.DurableConfigurationStore;
 import org.apache.qpid.server.store.MessageStore;
 import org.apache.qpid.test.utils.QpidTestCase;
-import org.mockito.verification.VerificationMode;
 
 public class AbstractVirtualHostTest extends QpidTestCase
 {
     private TaskExecutor _taskExecutor;
-    private VirtualHostNode<?> _node;
+    private VirtualHostNode _node;
     private MessageStore _failingStore;
 
     @Override
@@ -78,6 +77,7 @@ public class AbstractVirtualHostTest extends QpidTestCase
         when(_node.getModel()).thenReturn(BrokerModel.getInstance());
         when(_node.getTaskExecutor()).thenReturn(_taskExecutor);
         when(_node.getConfigurationStore()).thenReturn(mock(DurableConfigurationStore.class));
+        when(_node.getCategoryClass()).thenReturn(VirtualHostNode.class);
 
         _failingStore = mock(MessageStore.class);
         doThrow(new RuntimeException("Cannot open store")).when(_failingStore).openMessageStore(any(ConfiguredObject.class));
diff --git a/qpid/java/broker-core/src/test/java/org/apache/qpid/server/virtualhost/VirtualHostQueueCreationTest.java b/qpid/java/broker-core/src/test/java/org/apache/qpid/server/virtualhost/VirtualHostQueueCreationTest.java
index 78793726a8..fd6748f500 100644
--- a/qpid/java/broker-core/src/test/java/org/apache/qpid/server/virtualhost/VirtualHostQueueCreationTest.java
+++ b/qpid/java/broker-core/src/test/java/org/apache/qpid/server/virtualhost/VirtualHostQueueCreationTest.java
@@ -68,7 +68,6 @@ public class VirtualHostQueueCreationTest extends QpidTestCase
 
         EventLogger eventLogger = mock(EventLogger.class);
         SecurityManager securityManager = mock(SecurityManager.class);
-        when(securityManager.authoriseConfiguringBroker(anyString(),any(Class.class),any(Operation.class))).thenReturn(true);
         ConfiguredObjectFactory objectFactory = new ConfiguredObjectFactoryImpl(BrokerModel.getInstance());
 
         _taskExecutor = new CurrentThreadTaskExecutor();
diff --git a/qpid/java/broker-core/src/test/java/org/apache/qpid/server/virtualhostnode/AbstractStandardVirtualHostNodeTest.java b/qpid/java/broker-core/src/test/java/org/apache/qpid/server/virtualhostnode/AbstractStandardVirtualHostNodeTest.java
index b17f383217..e799f62d56 100644
--- a/qpid/java/broker-core/src/test/java/org/apache/qpid/server/virtualhostnode/AbstractStandardVirtualHostNodeTest.java
+++ b/qpid/java/broker-core/src/test/java/org/apache/qpid/server/virtualhostnode/AbstractStandardVirtualHostNodeTest.java
@@ -49,7 +49,6 @@ import org.apache.qpid.server.model.SystemConfig;
 import org.apache.qpid.server.model.VirtualHost;
 import org.apache.qpid.server.model.VirtualHostNode;
 import org.apache.qpid.server.security.SecurityManager;
-import org.apache.qpid.server.security.access.Operation;
 import org.apache.qpid.server.store.ConfiguredObjectRecord;
 import org.apache.qpid.server.store.DurableConfigurationStore;
 import org.apache.qpid.server.store.NullMessageStore;
@@ -275,9 +274,7 @@ public class AbstractStandardVirtualHostNodeTest extends QpidTestCase
         node.open();
         node.start();
 
-        doThrow(new AccessControlException("mocked ACL exception")).when(_mockSecurityManager).authoriseVirtualHostNode(
-                TEST_VIRTUAL_HOST_NODE_NAME,
-                Operation.UPDATE);
+        doThrow(new AccessControlException("mocked ACL exception")).when(_mockSecurityManager).authoriseUpdate(node);
 
         assertNull(node.getDescription());
         try
@@ -307,9 +304,7 @@ public class AbstractStandardVirtualHostNodeTest extends QpidTestCase
         node.open();
         node.start();
 
-        doThrow(new AccessControlException("mocked ACL exception")).when(mockSecurityManager).authoriseVirtualHostNode(
-                TEST_VIRTUAL_HOST_NODE_NAME,
-                Operation.DELETE);
+        doThrow(new AccessControlException("mocked ACL exception")).when(mockSecurityManager).authoriseDelete(node);
 
         try
         {
@@ -339,9 +334,7 @@ public class AbstractStandardVirtualHostNodeTest extends QpidTestCase
         node.open();
         node.start();
 
-        doThrow(new AccessControlException("mocked ACL exception")).when(mockSecurityManager).authoriseVirtualHostNode(
-                TEST_VIRTUAL_HOST_NODE_NAME,
-                Operation.UPDATE);
+        doThrow(new AccessControlException("mocked ACL exception")).when(mockSecurityManager).authoriseUpdate(node);
 
         try
         {
diff --git a/qpid/java/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/plugins/ACLFileAccessControlProviderImpl.java b/qpid/java/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/plugins/ACLFileAccessControlProviderImpl.java
index 00b42094b1..0904379ab4 100644
--- a/qpid/java/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/plugins/ACLFileAccessControlProviderImpl.java
+++ b/qpid/java/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/plugins/ACLFileAccessControlProviderImpl.java
@@ -20,7 +20,6 @@
  */
 package org.apache.qpid.server.security.access.plugins;
 
-import java.security.AccessControlException;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.Map;
@@ -30,7 +29,6 @@ import org.apache.log4j.Logger;
 
 import org.apache.qpid.server.configuration.IllegalConfigurationException;
 import org.apache.qpid.server.model.AbstractConfiguredObject;
-import org.apache.qpid.server.model.AccessControlProvider;
 import org.apache.qpid.server.model.Broker;
 import org.apache.qpid.server.model.ConfiguredObject;
 import org.apache.qpid.server.model.ManagedAttributeField;
@@ -38,7 +36,6 @@ import org.apache.qpid.server.model.ManagedObjectFactoryConstructor;
 import org.apache.qpid.server.model.State;
 import org.apache.qpid.server.model.StateTransition;
 import org.apache.qpid.server.security.AccessControl;
-import org.apache.qpid.server.security.access.Operation;
 import org.apache.qpid.server.util.urlstreamhandler.data.Handler;
 
 public class ACLFileAccessControlProviderImpl
@@ -206,27 +203,6 @@ public class ACLFileAccessControlProviderImpl
         deleted();
     }
 
-    @Override
-    protected void authoriseSetDesiredState(State desiredState) throws AccessControlException
-    {
-        if(desiredState == State.DELETED)
-        {
-            if (!_broker.getSecurityManager().authoriseConfiguringBroker(getName(), AccessControlProvider.class, Operation.DELETE))
-            {
-                throw new AccessControlException("Deletion of AccessControlProvider is denied");
-            }
-        }
-    }
-
-    @Override
-    protected void authoriseSetAttributes(ConfiguredObject<?> modified, Set<String> attributes) throws AccessControlException
-    {
-        if (!_broker.getSecurityManager().authoriseConfiguringBroker(getName(), AccessControlProvider.class, Operation.UPDATE))
-        {
-            throw new AccessControlException("Setting of AccessControlProvider attributes is denied");
-        }
-    }
-    
     public AccessControl getAccessControl()
     {
         return _accessControl;
diff --git a/qpid/java/broker-plugins/access-control/src/test/java/org/apache/qpid/server/security/access/plugins/RuleSetTest.java b/qpid/java/broker-plugins/access-control/src/test/java/org/apache/qpid/server/security/access/plugins/RuleSetTest.java
index a37c0c7858..5301d2e49d 100644
--- a/qpid/java/broker-plugins/access-control/src/test/java/org/apache/qpid/server/security/access/plugins/RuleSetTest.java
+++ b/qpid/java/broker-plugins/access-control/src/test/java/org/apache/qpid/server/security/access/plugins/RuleSetTest.java
@@ -22,14 +22,10 @@
 package org.apache.qpid.server.security.access.plugins;
 
 import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
 
 import javax.security.auth.Subject;
 
-import org.apache.qpid.server.exchange.ExchangeImpl;
 import org.apache.qpid.server.logging.EventLoggerProvider;
-import org.apache.qpid.server.model.VirtualHost;
-import org.apache.qpid.server.queue.AMQQueue;
 import org.apache.qpid.server.security.Result;
 import org.apache.qpid.server.security.access.ObjectProperties;
 import org.apache.qpid.server.security.access.ObjectType;
@@ -65,8 +61,6 @@ public class RuleSetTest extends QpidTestCase
     private String _exchangeName = "amq.direct";
     private String _exchangeType = "direct";
     private Subject _testSubject = TestPrincipalUtils.createTestSubject(TEST_USER);
-    private AMQQueue<?> _queue;
-    private VirtualHost<?,?,?> _virtualHost;
 
     @Override
     public void setUp() throws Exception
@@ -74,11 +68,6 @@ public class RuleSetTest extends QpidTestCase
         super.setUp();
 
         _ruleSet = new RuleSet(mock(EventLoggerProvider.class));
-
-        _virtualHost = mock(VirtualHost.class);
-        _queue = mock(AMQQueue.class);
-        when(_queue.getName()).thenReturn(_queueName);
-        when(_queue.getParent(VirtualHost.class)).thenReturn(_virtualHost);
     }
 
     @Override
@@ -178,11 +167,13 @@ public class RuleSetTest extends QpidTestCase
     {
         _ruleSet.grant(0, TEST_USER, Permission.ALLOW, Operation.CREATE, ObjectType.QUEUE, new ObjectProperties(Property.VIRTUALHOST_NAME, ALLOWED_VH));
 
-        when(_virtualHost.getName()).thenReturn(ALLOWED_VH);
-        assertEquals(Result.ALLOWED, _ruleSet.check(_testSubject, Operation.CREATE, ObjectType.QUEUE, new ObjectProperties(_queue)));
+        ObjectProperties allowedQueueObjectProperties = new ObjectProperties(_queueName);
+        allowedQueueObjectProperties.put(Property.VIRTUALHOST_NAME, ALLOWED_VH);
+        assertEquals(Result.ALLOWED, _ruleSet.check(_testSubject, Operation.CREATE, ObjectType.QUEUE, new ObjectProperties(allowedQueueObjectProperties)));
 
-        when(_virtualHost.getName()).thenReturn(DENIED_VH);
-        assertEquals(Result.DEFER, _ruleSet.check(_testSubject, Operation.CREATE, ObjectType.QUEUE, new ObjectProperties(_queue)));
+        ObjectProperties deniedQueueObjectProperties = new ObjectProperties(_queueName);
+        deniedQueueObjectProperties.put(Property.VIRTUALHOST_NAME, DENIED_VH);
+        assertEquals(Result.DEFER, _ruleSet.check(_testSubject, Operation.CREATE, ObjectType.QUEUE, deniedQueueObjectProperties));
     }
 
     public void testQueueCreateNamedNullRoutingKey()
@@ -197,15 +188,16 @@ public class RuleSetTest extends QpidTestCase
     {
         _ruleSet.grant(0, TEST_USER, Permission.ALLOW, Operation.CREATE, ObjectType.EXCHANGE, new ObjectProperties(Property.VIRTUALHOST_NAME, ALLOWED_VH));
 
-        ExchangeImpl<?> exchange = mock(ExchangeImpl.class);
-        when(exchange.getParent(VirtualHost.class)).thenReturn(_virtualHost);
-        when(exchange.getType()).thenReturn(_exchangeType);
-        when(_virtualHost.getName()).thenReturn(ALLOWED_VH);
+        ObjectProperties allowedExchangeProperties = new ObjectProperties(_exchangeName);
+        allowedExchangeProperties.put(Property.TYPE, _exchangeType);
+        allowedExchangeProperties.put(Property.VIRTUALHOST_NAME, ALLOWED_VH);
 
-        assertEquals(Result.ALLOWED, _ruleSet.check(_testSubject, Operation.CREATE, ObjectType.EXCHANGE, new ObjectProperties(exchange)));
+        assertEquals(Result.ALLOWED, _ruleSet.check(_testSubject, Operation.CREATE, ObjectType.EXCHANGE, allowedExchangeProperties));
 
-        when(_virtualHost.getName()).thenReturn(DENIED_VH);
-        assertEquals(Result.DEFER, _ruleSet.check(_testSubject, Operation.CREATE, ObjectType.EXCHANGE, new ObjectProperties(exchange)));
+        ObjectProperties deniedExchangeProperties = new ObjectProperties(_exchangeName);
+        deniedExchangeProperties.put(Property.TYPE, _exchangeType);
+        deniedExchangeProperties.put(Property.VIRTUALHOST_NAME, DENIED_VH);
+        assertEquals(Result.DEFER, _ruleSet.check(_testSubject, Operation.CREATE, ObjectType.EXCHANGE, deniedExchangeProperties));
     }
 
     public void testExchangeCreate()
diff --git a/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/UserPreferencesServlet.java b/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/UserPreferencesServlet.java
index b782022986..11876f115e 100644
--- a/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/UserPreferencesServlet.java
+++ b/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/UserPreferencesServlet.java
@@ -65,16 +65,6 @@ public class UserPreferencesServlet extends AbstractServlet
     private void getUserPreferences(String authenticationProviderName, String userId, HttpServletRequest request, HttpServletResponse response)
             throws IOException
     {
-        try
-        {
-            assertUserPreferencesOperationAuthorized(userId);
-        }
-        catch (SecurityException e)
-        {
-            response.sendError(HttpServletResponse.SC_FORBIDDEN, "Viewing of preferences is not allowed");
-            return;
-        }
-
         Map<String, Object> preferences = null;
         PreferencesProvider preferencesProvider = getPreferencesProvider(authenticationProviderName);
         if (preferencesProvider == null)
@@ -82,9 +72,17 @@ public class UserPreferencesServlet extends AbstractServlet
             response.sendError(HttpServletResponse.SC_NOT_FOUND, "Preferences provider is not configured");
             return;
         }
-        preferences =  preferencesProvider.getPreferences(userId);
+        try
+        {
+            preferences =  preferencesProvider.getPreferences(userId);
 
-        sendJsonResponse(preferences, request, response);
+            sendJsonResponse(preferences, request, response);
+        }
+        catch (SecurityException e)
+        {
+            response.sendError(HttpServletResponse.SC_FORBIDDEN, "Viewing of preferences is not allowed");
+            return;
+        }
     }
 
     private void getUserList(String[] pathElements, HttpServletRequest request, HttpServletResponse response) throws IOException
@@ -177,16 +175,6 @@ public class UserPreferencesServlet extends AbstractServlet
 
             String userId = elements[1];
 
-            try
-            {
-                assertUserPreferencesOperationAuthorized(userId);
-            }
-            catch (SecurityException e)
-            {
-                response.sendError(HttpServletResponse.SC_FORBIDDEN, "Deletion of preferences is not allowed");
-                return;
-            }
-
             String providerName =  elements[0];
             Set<String> users = providerUsers.get(providerName);
 
@@ -216,7 +204,15 @@ public class UserPreferencesServlet extends AbstractServlet
                 if (preferencesProvider != null && !usersToDelete.isEmpty())
                 {
                     String[] users = usersToDelete.toArray(new String[usersToDelete.size()]);
-                    preferencesProvider.deletePreferences(users);
+                    try
+                    {
+                        preferencesProvider.deletePreferences(users);
+                    }
+                    catch (SecurityException e)
+                    {
+                        response.sendError(HttpServletResponse.SC_FORBIDDEN, "Deletion of preferences is not allowed");
+                        return;
+                    }
                 }
             }
         }
@@ -237,8 +233,4 @@ public class UserPreferencesServlet extends AbstractServlet
         return provider;
     }
 
-    private void assertUserPreferencesOperationAuthorized(String userId)
-    {
-        getBroker().getSecurityManager().authoriseUserOperation(Operation.UPDATE, userId);
-    }
 }
diff --git a/qpid/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/mbeans/VirtualHostManagerMBean.java b/qpid/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/mbeans/VirtualHostManagerMBean.java
index 3b3d6b9cd2..bdf44e54da 100644
--- a/qpid/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/mbeans/VirtualHostManagerMBean.java
+++ b/qpid/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/mbeans/VirtualHostManagerMBean.java
@@ -216,7 +216,7 @@ public class VirtualHostManagerMBean extends AbstractStatisticsGatheringMBean<Vi
 
         try
         {
-            exchange.deleteWithChecks();
+            exchange.delete();
         }
         catch(RequiredExchangeException e)
         {
diff --git a/qpid/java/broker-plugins/management-jmx/src/test/java/org/apache/qpid/server/jmx/mbeans/VirtualHostManagerMBeanTest.java b/qpid/java/broker-plugins/management-jmx/src/test/java/org/apache/qpid/server/jmx/mbeans/VirtualHostManagerMBeanTest.java
index 5a804e7605..c8c27d386c 100644
--- a/qpid/java/broker-plugins/management-jmx/src/test/java/org/apache/qpid/server/jmx/mbeans/VirtualHostManagerMBeanTest.java
+++ b/qpid/java/broker-plugins/management-jmx/src/test/java/org/apache/qpid/server/jmx/mbeans/VirtualHostManagerMBeanTest.java
@@ -201,7 +201,7 @@ public class VirtualHostManagerMBeanTest extends TestCase
 
 
         _virtualHostManagerMBean.unregisterExchange(EXCHANGE_1_NAME);
-        verify(mockExchange).deleteWithChecks();
+        verify(mockExchange).delete();
     }
 
     public void testUnregisterExchangeWhenExchangeDoesNotExist() throws Exception
-- 
cgit v1.2.1