Author: chug
Date: Mon Apr 8 18:40:34 2013
New Revision: 1465719
URL: http://svn.apache.org/r1465719
Log:
QPID-4727:C++ Broker ACL keyword to reference default exchange.
Modified:
qpid/trunk/qpid/cpp/src/qpid/acl/AclData.cpp
qpid/trunk/qpid/cpp/src/qpid/acl/AclData.h
qpid/trunk/qpid/cpp/src/qpid/acl/AclReader.cpp
qpid/trunk/qpid/cpp/src/tests/acl.py
Modified: qpid/trunk/qpid/cpp/src/qpid/acl/AclData.cpp
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/qpid/acl/AclData.cpp?rev=1465719&r1=1465718&r2=1465719&view=diff
==============================================================================
--- qpid/trunk/qpid/cpp/src/qpid/acl/AclData.cpp (original)
+++ qpid/trunk/qpid/cpp/src/qpid/acl/AclData.cpp Mon Apr 8 18:40:34 2013
@@ -39,6 +39,7 @@ namespace acl {
const char AclData::ACL_SYMBOL_WILDCARD = '*';
const std::string AclData::ACL_KEYWORD_WILDCARD = "*";
const char AclData::ACL_SYMBOL_LINE_CONTINUATION = '\\';
+ const std::string AclData::ACL_KEYWORD_DEFAULT_EXCHANGE = "amq.default";
//
// constructor
@@ -432,7 +433,13 @@ namespace acl {
std::string sName(rsItr->pubExchName);
substituteUserId(sName, id);
result = matchProp(sName, name);
- } else {
+ }
+ else if (rsItr->pubExchNameMatchesBlank)
+ {
+ result = name.empty();
+ }
+ else
+ {
result = matchProp(rsItr->pubExchName, name);
}
@@ -441,7 +448,6 @@ namespace acl {
QPID_LOG(debug, "ACL: Rule: " << rsItr->rawRuleNum
<< " lookup exchange name '"
<< name << "' matched with rule name '"
<< rsItr->pubExchName << "'");
-
}
else
{
Modified: qpid/trunk/qpid/cpp/src/qpid/acl/AclData.h
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/qpid/acl/AclData.h?rev=1465719&r1=1465718&r2=1465719&view=diff
==============================================================================
--- qpid/trunk/qpid/cpp/src/qpid/acl/AclData.h (original)
+++ qpid/trunk/qpid/cpp/src/qpid/acl/AclData.h Mon Apr 8 18:40:34 2013
@@ -56,11 +56,13 @@ public:
int rawRuleNum; // rule number in ACL file
qpid::acl::AclResult ruleMode; // combined allow/deny log/nolog
- specPropertyMap props; //
+ specPropertyMap props; // properties to be matched
+ // pubXxx for publish exchange
fastpath
bool pubRoutingKeyInRule;
std::string pubRoutingKey;
boost::shared_ptr<topicTester> pTTest;
bool pubExchNameInRule;
+ bool pubExchNameMatchesBlank;
std::string pubExchName;
std::vector<bool> ruleHasUserSub;
@@ -72,6 +74,7 @@ public:
pubRoutingKey(),
pTTest(boost::shared_ptr<topicTester>(new topicTester())),
pubExchNameInRule(false),
+ pubExchNameMatchesBlank(false),
pubExchName(),
ruleHasUserSub(PROPERTYSIZE, false)
{}
@@ -148,6 +151,7 @@ public:
static const char ACL_SYMBOL_WILDCARD;
static const std::string ACL_KEYWORD_WILDCARD;
static const char ACL_SYMBOL_LINE_CONTINUATION;
+ static const std::string ACL_KEYWORD_DEFAULT_EXCHANGE;
void substituteString(std::string& targetString,
const std::string& placeholder,
Modified: qpid/trunk/qpid/cpp/src/qpid/acl/AclReader.cpp
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/qpid/acl/AclReader.cpp?rev=1465719&r1=1465718&r2=1465719&view=diff
==============================================================================
--- qpid/trunk/qpid/cpp/src/qpid/acl/AclReader.cpp (original)
+++ qpid/trunk/qpid/cpp/src/qpid/acl/AclReader.cpp Mon Apr 8 18:40:34 2013
@@ -17,6 +17,7 @@
*/
#include "qpid/acl/AclReader.h"
+#include "qpid/acl/AclData.h"
#include <cctype>
#include <cstring>
@@ -141,6 +142,7 @@ namespace acl {
{
rule.pubExchNameInRule = true;
rule.pubExchName = pItr->second;
+ rule.pubExchNameMatchesBlank =
rule.pubExchName.compare(AclData::ACL_KEYWORD_DEFAULT_EXCHANGE) == 0;
}
}
}
Modified: qpid/trunk/qpid/cpp/src/tests/acl.py
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/tests/acl.py?rev=1465719&r1=1465718&r2=1465719&view=diff
==============================================================================
--- qpid/trunk/qpid/cpp/src/tests/acl.py (original)
+++ qpid/trunk/qpid/cpp/src/tests/acl.py Mon Apr 8 18:40:34 2013
@@ -1532,6 +1532,7 @@ class ACLTests(TestBase010):
aclf.write('acl deny bob@QPID publish exchange name=amq.direct
routingkey=rk1\n')
aclf.write('acl deny bob@QPID publish exchange name=amq.topic\n')
aclf.write('acl deny bob@QPID publish exchange name=myEx
routingkey=rk2\n')
+ aclf.write("acl deny bob@QPID publish exchange name=amq.default
routingkey=restricted\n")
aclf.write('acl allow all all')
aclf.close()
@@ -1572,6 +1573,10 @@ class ACLTests(TestBase010):
if (403 == e.args[0].error_code):
self.fail("ACL should allow message transfer to exchange
amq.direct with routing key rk2");
+ self.LookupPublish("bob@QPID", "", "restricted", "deny")
+ self.LookupPublish("bob@QPID", "", "another", "allow")
+ self.LookupPublish("joe@QPID", "", "restricted", "allow")
+
def test_publish_acl_deny_mode(self):
"""
@@ -1582,6 +1587,7 @@ class ACLTests(TestBase010):
aclf.write('acl allow bob@QPID publish exchange name=amq.topic\n')
aclf.write('acl allow bob@QPID publish exchange name=myEx
routingkey=rk2\n')
aclf.write('acl allow bob@QPID create exchange\n')
+ aclf.write("acl allow bob@QPID publish exchange name=amq.default
routingkey=unrestricted\n")
aclf.write('acl allow anonymous all all \n')
aclf.write('acl deny all all')
aclf.close()
@@ -1629,6 +1635,11 @@ class ACLTests(TestBase010):
if (403 == e.args[0].error_code):
self.fail("ACL should allow message transfer to exchange
amq.direct with routing key rk1");
+ self.LookupPublish("bob@QPID", "", "unrestricted", "allow")
+ self.LookupPublish("bob@QPID", "", "another", "deny")
+ self.LookupPublish("joe@QPID", "", "unrestricted", "deny")
+
+
#=====================================
# ACL broker configuration tests
#=====================================
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
