Author: rajith
Date: Fri Dec 18 03:52:58 2009
New Revision: 892123
URL: http://svn.apache.org/viewvc?rev=892123&view=rev
Log:
This is a fix for QPID-2290 and the proper fix for QPID-2175
If the client doesn't add a domain to the userID supplied in the message, the
broker will add the default realm before performing the userID check.
Modified:
qpid/trunk/qpid/cpp/src/qpid/broker/SemanticState.cpp
qpid/trunk/qpid/cpp/src/qpid/broker/SemanticState.h
Modified: qpid/trunk/qpid/cpp/src/qpid/broker/SemanticState.cpp
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/qpid/broker/SemanticState.cpp?rev=892123&r1=892122&r2=892123&view=diff
==============================================================================
--- qpid/trunk/qpid/cpp/src/qpid/broker/SemanticState.cpp (original)
+++ qpid/trunk/qpid/cpp/src/qpid/broker/SemanticState.cpp Fri Dec 18 03:52:58
2009
@@ -70,7 +70,8 @@
tagGenerator("sgen"),
dtxSelected(false),
authMsg(getSession().getBroker().getOptions().auth &&
!getSession().getConnection().isFederationLink()),
- userID(getSession().getConnection().getUserId())
+ userID(getSession().getConnection().getUserId()),
+ defaultRealm(getSession().getBroker().getOptions().realm)
{
acl = getSession().getBroker().getAcl();
}
@@ -429,7 +430,7 @@
std::string id =
msg->hasProperties<MessageProperties>() ?
msg->getProperties<MessageProperties>()->getUserId() : nullstring;
- if (authMsg && !id.empty() && id != userID )
+ if (authMsg && !id.empty() && id != userID &&
id.append("@").append(defaultRealm) != userID)
{
QPID_LOG(debug, "authorised user id : " << userID << " but user id in
message declared as " << id);
throw UnauthorizedAccessException(QPID_MSG("authorised user id : " <<
userID << " but user id in message declared as " << id));
@@ -438,7 +439,7 @@
if (acl && acl->doTransferAcl())
{
if
(!acl->authorise(getSession().getConnection().getUserId(),acl::ACT_PUBLISH,acl::OBJ_EXCHANGE,exchangeName,
msg->getRoutingKey() ))
- throw
NotAllowedException(QPID_MSG(getSession().getConnection().getUserId() << "
cannot publish to " <<
+ throw NotAllowedException(QPID_MSG(userID << " cannot publish to "
<<
exchangeName << " with
routing-key " << msg->getRoutingKey()));
}
Modified: qpid/trunk/qpid/cpp/src/qpid/broker/SemanticState.h
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/qpid/broker/SemanticState.h?rev=892123&r1=892122&r2=892123&view=diff
==============================================================================
--- qpid/trunk/qpid/cpp/src/qpid/broker/SemanticState.h (original)
+++ qpid/trunk/qpid/cpp/src/qpid/broker/SemanticState.h Fri Dec 18 03:52:58 2009
@@ -156,6 +156,7 @@
AclModule* acl;
const bool authMsg;
const string userID;
+ const string defaultRealm;
void route(boost::intrusive_ptr<Message> msg, Deliverable& strategy);
void checkDtxTimeout();
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:[email protected]
