qpid-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ritch...@apache.org
Subject svn commit: r764412 - in /qpid/branches/0.5-fix/qpid: ./ cpp/src/qpid/cluster/ dotnet/ java/broker/etc/ java/broker/src/main/java/org/apache/qpid/server/plugins/ java/broker/src/main/java/org/apache/qpid/server/registry/ java/broker/src/main/java/org/a...
Date Mon, 13 Apr 2009 11:19:29 GMT
Author: ritchiem
Date: Mon Apr 13 11:19:27 2009
New Revision: 764412

URL: http://svn.apache.org/viewvc?rev=764412&view=rev
Log:
QPID-1626:  Add per-virtualhost authorization plugins.
Merged from trunk r742626

Added:
    qpid/branches/0.5-fix/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/ACLPluginFactory.java
      - copied unchanged from r742626, qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/ACLPluginFactory.java
    qpid/branches/0.5-fix/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/AuthorizationManager.java
      - copied unchanged from r742626, qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/AuthorizationManager.java
    qpid/branches/0.5-fix/qpid/java/broker/src/test/java/org/apache/qpid/server/plugins/MockPluginManager.java
      - copied unchanged from r742626, qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/plugins/MockPluginManager.java
    qpid/branches/0.5-fix/qpid/java/broker/src/test/java/org/apache/qpid/server/security/access/ACLManagerTest.java
      - copied unchanged from r742626, qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/security/access/ACLManagerTest.java
    qpid/branches/0.5-fix/qpid/java/broker/src/test/java/org/apache/qpid/server/security/access/ExchangeDenier.java
      - copied unchanged from r742626, qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/security/access/ExchangeDenier.java
    qpid/branches/0.5-fix/qpid/java/broker/src/test/java/org/apache/qpid/server/security/access/QueueDenier.java
      - copied unchanged from r742626, qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/security/access/QueueDenier.java
Modified:
    qpid/branches/0.5-fix/qpid/   (props changed)
    qpid/branches/0.5-fix/qpid/cpp/src/qpid/cluster/UpdateClient.cpp   (props changed)
    qpid/branches/0.5-fix/qpid/cpp/src/qpid/cluster/UpdateClient.h   (props changed)
    qpid/branches/0.5-fix/qpid/dotnet/build-msbuild.bat   (props changed)
    qpid/branches/0.5-fix/qpid/dotnet/build-nant-release   (props changed)
    qpid/branches/0.5-fix/qpid/dotnet/build-nant.bat   (props changed)
    qpid/branches/0.5-fix/qpid/java/broker/etc/acl.config.xml
    qpid/branches/0.5-fix/qpid/java/broker/src/main/java/org/apache/qpid/server/plugins/PluginManager.java
    qpid/branches/0.5-fix/qpid/java/broker/src/main/java/org/apache/qpid/server/registry/ApplicationRegistry.java
    qpid/branches/0.5-fix/qpid/java/broker/src/main/java/org/apache/qpid/server/registry/ConfigurationFileApplicationRegistry.java
    qpid/branches/0.5-fix/qpid/java/broker/src/main/java/org/apache/qpid/server/registry/IApplicationRegistry.java
    qpid/branches/0.5-fix/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/ACLManager.java
    qpid/branches/0.5-fix/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/ACLPlugin.java
    qpid/branches/0.5-fix/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/AccessResult.java
    qpid/branches/0.5-fix/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/PrincipalPermissions.java
    qpid/branches/0.5-fix/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/plugins/AllowAll.java
    qpid/branches/0.5-fix/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/plugins/BasicACLPlugin.java
    qpid/branches/0.5-fix/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/plugins/DenyAll.java
    qpid/branches/0.5-fix/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/plugins/SimpleXML.java
    qpid/branches/0.5-fix/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/HashedUser.java   (props changed)
    qpid/branches/0.5-fix/qpid/java/broker/src/main/java/org/apache/qpid/server/util/NullApplicationRegistry.java
    qpid/branches/0.5-fix/qpid/java/broker/src/main/java/org/apache/qpid/server/virtualhost/VirtualHost.java
    qpid/branches/0.5-fix/qpid/java/broker/src/test/java/org/apache/qpid/server/plugins/PluginTest.java
    qpid/branches/0.5-fix/qpid/java/broker/src/test/java/org/apache/qpid/server/queue/MockAMQQueue.java
    qpid/branches/0.5-fix/qpid/java/broker/src/test/java/org/apache/qpid/server/security/access/PrincipalPermissionsTest.java
    qpid/branches/0.5-fix/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/database/HashedUserTest.java   (props changed)
    qpid/branches/0.5-fix/qpid/java/broker/src/test/java/org/apache/qpid/server/util/TestApplicationRegistry.java
    qpid/branches/0.5-fix/qpid/java/lib/org.osgi.core_1.0.0.jar   (props changed)
    qpid/branches/0.5-fix/qpid/java/management/client/src/main/java/org/apache/qpid/management/   (props changed)
    qpid/branches/0.5-fix/qpid/java/management/client/src/test/java/org/apache/qpid/management/   (props changed)
    qpid/branches/0.5-fix/qpid/java/management/eclipse-plugin/src/main/resources/macosx/Contents/MacOS/qpidmc   (props changed)
    qpid/branches/0.5-fix/qpid/java/systests/src/main/java/org/apache/qpid/client/MultipleJCAProviderRegistrationTest.java   (props changed)
    qpid/branches/0.5-fix/qpid/ruby/ext/sasl/extconf.rb   (props changed)

Propchange: qpid/branches/0.5-fix/qpid/
------------------------------------------------------------------------------
    svn:mergeinfo = /qpid/trunk/qpid:742626

Propchange: qpid/branches/0.5-fix/qpid/cpp/src/qpid/cluster/UpdateClient.cpp
            ('svn:mergeinfo' removed)

Propchange: qpid/branches/0.5-fix/qpid/cpp/src/qpid/cluster/UpdateClient.h
            ('svn:mergeinfo' removed)

Propchange: qpid/branches/0.5-fix/qpid/dotnet/build-msbuild.bat
            ('svn:mergeinfo' removed)

Propchange: qpid/branches/0.5-fix/qpid/dotnet/build-nant-release
            ('svn:mergeinfo' removed)

Propchange: qpid/branches/0.5-fix/qpid/dotnet/build-nant.bat
            ('svn:mergeinfo' removed)

Modified: qpid/branches/0.5-fix/qpid/java/broker/etc/acl.config.xml
URL: http://svn.apache.org/viewvc/qpid/branches/0.5-fix/qpid/java/broker/etc/acl.config.xml?rev=764412&r1=764411&r2=764412&view=diff
==============================================================================
--- qpid/branches/0.5-fix/qpid/java/broker/etc/acl.config.xml (original)
+++ qpid/branches/0.5-fix/qpid/java/broker/etc/acl.config.xml Mon Apr 13 11:19:27 2009
@@ -105,7 +105,6 @@
                     <access>
                         <class>org.apache.qpid.server.security.access.plugins.SimpleXML</class>
                     </access>
-
                     <access_control_list>
                         <!-- This section grants pubish rights to an exchange + routing key pair -->
                         <publish>

Modified: qpid/branches/0.5-fix/qpid/java/broker/src/main/java/org/apache/qpid/server/plugins/PluginManager.java
URL: http://svn.apache.org/viewvc/qpid/branches/0.5-fix/qpid/java/broker/src/main/java/org/apache/qpid/server/plugins/PluginManager.java?rev=764412&r1=764411&r2=764412&view=diff
==============================================================================
--- qpid/branches/0.5-fix/qpid/java/broker/src/main/java/org/apache/qpid/server/plugins/PluginManager.java (original)
+++ qpid/branches/0.5-fix/qpid/java/broker/src/main/java/org/apache/qpid/server/plugins/PluginManager.java Mon Apr 13 11:19:27 2009
@@ -30,6 +30,11 @@
 import org.apache.felix.framework.util.FelixConstants;
 import org.apache.felix.framework.util.StringMap;
 import org.apache.qpid.server.exchange.ExchangeType;
+import org.apache.qpid.server.security.access.ACLPlugin;
+import org.apache.qpid.server.security.access.ACLPluginFactory;
+import org.apache.qpid.server.security.access.plugins.AllowAll;
+import org.apache.qpid.server.security.access.plugins.DenyAll;
+import org.apache.qpid.server.security.access.plugins.SimpleXML;
 import org.osgi.framework.BundleActivator;
 import org.osgi.framework.BundleException;
 import org.osgi.util.tracker.ServiceTracker;
@@ -46,8 +51,10 @@
 
     private Felix _felix = null;
     private ServiceTracker _exchangeTracker = null;
+    private ServiceTracker _securityTracker = null;
     private Activator _activator = null;
     private boolean _empty;
+    private Map<String, ACLPluginFactory> _securityPlugins;
 
     public PluginManager(String plugindir) throws Exception
     {
@@ -115,8 +122,13 @@
         try
         {
             _felix.start();
+            
             _exchangeTracker = new ServiceTracker(_activator.getContext(), ExchangeType.class.getName(), null);
             _exchangeTracker.open();
+            
+            _securityTracker = new ServiceTracker(_activator.getContext(), ACLPlugin.class.getName(), null);
+            _exchangeTracker.open();
+            
         }
         catch (BundleException e)
         {
@@ -124,22 +136,37 @@
         }
     }
 
-    public Map<String, ExchangeType<?>> getExchanges()
-    {
-        if (_empty)
-        {
-            return null;
-        }
-        Map<String, ExchangeType<?>>exchanges = new HashMap<String, ExchangeType<?>>();
-        for (Object service : _exchangeTracker.getServices())
+    private <type> Map<String, type> getServices(ServiceTracker tracker)
+    {   
+        Map<String, type>exchanges = new HashMap<String, type>();
+        
+        if (tracker != null)
         {
-            if (service instanceof ExchangeType<?>)
+            for (Object service : tracker.getServices())
             {
-                exchanges.put(service.getClass().getName(), (ExchangeType<?>) service);
+                exchanges.put(service.getClass().getName(), (type) service);
             }
         }
         
         return exchanges;
     }
+    
+    public Map<String, ExchangeType<?>> getExchanges()
+    {
+        return getServices(_exchangeTracker);
+    }
+    
+    public Map<String, ACLPluginFactory> getSecurityPlugins()
+    {
+        if (_securityPlugins == null)
+        {
+            _securityPlugins = getServices(_securityTracker);
+            // A little gross that we have to add them here, but not all the plugins are OSGIfied
+            _securityPlugins.put(SimpleXML.class.getName(), SimpleXML.FACTORY);
+            _securityPlugins.put(AllowAll.class.getName(), AllowAll.FACTORY);
+            _securityPlugins.put(DenyAll.class.getName(), DenyAll.FACTORY);
+        }
+        return _securityPlugins;
+    }
 
 }

Modified: qpid/branches/0.5-fix/qpid/java/broker/src/main/java/org/apache/qpid/server/registry/ApplicationRegistry.java
URL: http://svn.apache.org/viewvc/qpid/branches/0.5-fix/qpid/java/broker/src/main/java/org/apache/qpid/server/registry/ApplicationRegistry.java?rev=764412&r1=764411&r2=764412&view=diff
==============================================================================
--- qpid/branches/0.5-fix/qpid/java/broker/src/main/java/org/apache/qpid/server/registry/ApplicationRegistry.java (original)
+++ qpid/branches/0.5-fix/qpid/java/broker/src/main/java/org/apache/qpid/server/registry/ApplicationRegistry.java Mon Apr 13 11:19:27 2009
@@ -67,7 +67,7 @@
 
     protected VirtualHostRegistry _virtualHostRegistry;
 
-    protected ACLPlugin _accessManager;
+    protected ACLManager _accessManager;
 
     protected PrincipalDatabaseManager _databaseManager;
 
@@ -285,9 +285,9 @@
         return _virtualHostRegistry;
     }
 
-    public ACLPlugin getAccessManager()
+    public ACLManager getAccessManager()
     {
-        return _accessManager;
+        return new ACLManager(_configuration, _pluginManager);
     }
 
     public ManagedObjectRegistry getManagedObjectRegistry()

Modified: qpid/branches/0.5-fix/qpid/java/broker/src/main/java/org/apache/qpid/server/registry/ConfigurationFileApplicationRegistry.java
URL: http://svn.apache.org/viewvc/qpid/branches/0.5-fix/qpid/java/broker/src/main/java/org/apache/qpid/server/registry/ConfigurationFileApplicationRegistry.java?rev=764412&r1=764411&r2=764412&view=diff
==============================================================================
--- qpid/branches/0.5-fix/qpid/java/broker/src/main/java/org/apache/qpid/server/registry/ConfigurationFileApplicationRegistry.java (original)
+++ qpid/branches/0.5-fix/qpid/java/broker/src/main/java/org/apache/qpid/server/registry/ConfigurationFileApplicationRegistry.java Mon Apr 13 11:19:27 2009
@@ -94,8 +94,10 @@
 
         _virtualHostRegistry = new VirtualHostRegistry();
 
-        _accessManager = ACLManager.loadACLManager("default", _configuration);
+        _pluginManager = new PluginManager(_configuration.getString("plugin-directory"));
 
+        _accessManager = new ACLManager(_configuration, _pluginManager);
+        
         _databaseManager = new ConfigurationFilePrincipalDatabaseManager(_configuration);
 
         _authenticationManager = new PrincipalDatabaseAuthenticationManager(null, null);
@@ -104,8 +106,6 @@
 
         _managedObjectRegistry.start();
 
-        _pluginManager = new PluginManager(_configuration.getString("plugin-directory"));
-
         initialiseVirtualHosts();
 
     }

Modified: qpid/branches/0.5-fix/qpid/java/broker/src/main/java/org/apache/qpid/server/registry/IApplicationRegistry.java
URL: http://svn.apache.org/viewvc/qpid/branches/0.5-fix/qpid/java/broker/src/main/java/org/apache/qpid/server/registry/IApplicationRegistry.java?rev=764412&r1=764411&r2=764412&view=diff
==============================================================================
--- qpid/branches/0.5-fix/qpid/java/broker/src/main/java/org/apache/qpid/server/registry/IApplicationRegistry.java (original)
+++ qpid/branches/0.5-fix/qpid/java/broker/src/main/java/org/apache/qpid/server/registry/IApplicationRegistry.java Mon Apr 13 11:19:27 2009
@@ -28,6 +28,7 @@
 import org.apache.qpid.server.plugins.PluginManager;
 import org.apache.qpid.server.security.auth.manager.AuthenticationManager;
 import org.apache.qpid.server.security.auth.database.PrincipalDatabaseManager;
+import org.apache.qpid.server.security.access.ACLManager;
 import org.apache.qpid.server.security.access.ACLPlugin;
 import org.apache.qpid.server.virtualhost.VirtualHostRegistry;
 import org.apache.mina.common.IoAcceptor;
@@ -74,7 +75,7 @@
 
     VirtualHostRegistry getVirtualHostRegistry();
 
-    ACLPlugin getAccessManager();
+    ACLManager getAccessManager();
 
     PluginManager getPluginManager();
 

Modified: qpid/branches/0.5-fix/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/ACLManager.java
URL: http://svn.apache.org/viewvc/qpid/branches/0.5-fix/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/ACLManager.java?rev=764412&r1=764411&r2=764412&view=diff
==============================================================================
--- qpid/branches/0.5-fix/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/ACLManager.java (original)
+++ qpid/branches/0.5-fix/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/ACLManager.java Mon Apr 13 11:19:27 2009
@@ -20,142 +20,300 @@
  */
 package org.apache.qpid.server.security.access;
 
+import java.util.Collection;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Map;
+import java.util.Map.Entry;
+
 import org.apache.commons.configuration.Configuration;
-import org.apache.commons.configuration.ConfigurationException;
-import org.apache.qpid.server.registry.ApplicationRegistry;
-import org.apache.qpid.server.security.access.plugins.DenyAll;
-import org.apache.qpid.configuration.PropertyUtils;
 import org.apache.log4j.Logger;
-
-import java.util.List;
-import java.lang.reflect.Method;
+import org.apache.qpid.framing.AMQShortString;
+import org.apache.qpid.server.exchange.Exchange;
+import org.apache.qpid.server.plugins.PluginManager;
+import org.apache.qpid.server.protocol.AMQProtocolSession;
+import org.apache.qpid.server.queue.AMQQueue;
+import org.apache.qpid.server.security.access.ACLPlugin.AuthzResult;
+import org.apache.qpid.server.security.access.plugins.SimpleXML;
+import org.apache.qpid.server.virtualhost.VirtualHost;
 
 public class ACLManager
 {
     private static final Logger _logger = Logger.getLogger(ACLManager.class);
+    private PluginManager _pluginManager;
+    private Map<String, ACLPluginFactory> _allSecurityPlugins = new HashMap<String, ACLPluginFactory>();
+    private Map<String, ACLPlugin> _globalPlugins = new HashMap<String, ACLPlugin>();
+    private Map<String, ACLPlugin> _hostPlugins = new HashMap<String, ACLPlugin>();
 
-    public static ACLPlugin loadACLManager(String name, Configuration hostConfig) throws ConfigurationException
+    public ACLManager(Configuration configuration, PluginManager manager)
     {
-        ACLPlugin aclPlugin = ApplicationRegistry.getInstance().getAccessManager();
+        this(configuration, manager, null);
+    }
 
-        if (hostConfig == null)
-        {
-            _logger.warn("No Configuration specified. Using default ACLPlugin '" + aclPlugin.getPluginName()
-                         + "' for VirtualHost:'" + name + "'");
-            return aclPlugin;
-        }
+    public ACLManager(Configuration configuration, PluginManager manager, ACLPluginFactory securityPlugin)
+    {
+        _pluginManager = manager;
 
-        String accessClass = hostConfig.getString("security.access.class");
-        if (accessClass == null)
+        if (manager == null) // No plugin manager, no plugins
         {
-
-            _logger.warn("No ACL Plugin specified. Using default ACL Plugin '" + aclPlugin.getPluginName() +
-                         "' for VirtualHost:'" + name + "'");
-            return aclPlugin;
+            return;
         }
 
-        Object o;
-        try
+        _allSecurityPlugins = _pluginManager.getSecurityPlugins();
+        if (securityPlugin != null)
         {
-            o = Class.forName(accessClass).newInstance();
-        }
-        catch (Exception e)
-        {
-            throw new ConfigurationException("Error initialising ACL: " + e, e);
+            _allSecurityPlugins.put(securityPlugin.getClass().getName(), securityPlugin);
         }
 
-        if (!(o instanceof ACLPlugin))
-        {
-            throw new ConfigurationException("ACL Plugins must implement the ACLPlugin interface");
-        }
+        _globalPlugins = configurePlugins(configuration);
+    }
 
-        initialiseAccessControl((ACLPlugin) o, hostConfig);
 
-        aclPlugin = getManager((ACLPlugin) o);
-        if (_logger.isInfoEnabled())
+    public void configureHostPlugins(Configuration hostConfig)
+    {
+        _hostPlugins = configurePlugins(hostConfig);
+    }
+    
+    public Map<String, ACLPlugin> configurePlugins(Configuration configuration)
+    {
+        Configuration securityConfig = configuration.subset("security");
+        Map<String, ACLPlugin> plugins = new HashMap<String, ACLPlugin>();
+        Iterator keys = securityConfig.getKeys();
+        Collection<String> handledTags = new HashSet();
+        while (keys.hasNext())
         {
-            _logger.info("Initialised ACL Plugin '" + aclPlugin.getPluginName()
-                         + "' for virtualhost '" + name + "' successfully");
+            // Splitting the string is necessary here because of the way that getKeys() returns only
+            // bottom level children
+            String tag = ((String) keys.next()).split("\\.", 2)[0];
+            
+            if (!handledTags.contains(tag))
+            {
+                for (ACLPluginFactory plugin : _allSecurityPlugins.values())
+                {
+                    if (plugin.supportsTag(tag))
+                    {
+                        _logger.warn("Plugin handling security section "+tag+" is "+plugin.getClass().getSimpleName());
+                        handledTags.add(tag);
+                        plugins.put(plugin.getClass().getName(), plugin.newInstance(securityConfig));
+                    }
+                }
+            }
+            if (!handledTags.contains(tag))
+            {
+                _logger.warn("No plugin handled security section "+tag);
+            }
         }
+        return plugins;
+    }    
 
-        return aclPlugin;
+    public static Logger getLogger()
+    {
+        return _logger;
     }
 
-
-    private static void initialiseAccessControl(ACLPlugin accessManager, Configuration config)
-            throws ConfigurationException
+    private abstract class AccessCheck
     {
-        //First provide the ACLPlugin with the host configuration
+        abstract AuthzResult allowed(ACLPlugin plugin);
+    }
 
-        accessManager.setConfiguaration(config);
+    private boolean checkAllPlugins(AccessCheck checker)
+    {
+        AuthzResult result = AuthzResult.ABSTAIN;
+        HashMap<String, ACLPlugin> remainingPlugins = new HashMap<String, ACLPlugin>();
+        remainingPlugins.putAll(_globalPlugins);
+        for (Entry<String, ACLPlugin> plugin : _hostPlugins.entrySet())
+        {
+            result = checker.allowed(plugin.getValue());
+            if (result == AuthzResult.DENIED)
+            {
+                // Something vetoed the access, we're done
+                return false; 
+            }
+            else if (result == AuthzResult.ALLOWED)
+            {
+                // Remove plugin from global check list since 
+                // host allow overrides global allow
+                remainingPlugins.remove(plugin.getKey());
+            }
+        }
+        
+        for (ACLPlugin plugin : remainingPlugins.values())
+        {   
+            result = checker.allowed(plugin);
+            if (result == AuthzResult.DENIED)
+            {
+                return false;
+            }
+        }
+        return true;
+    }
 
-        //Provide additional attribute customisation.        
-        String baseName = "security.access.attributes.attribute.";
-        List<String> argumentNames = config.getList(baseName + "name");
-        List<String> argumentValues = config.getList(baseName + "value");
-        for (int i = 0; i < argumentNames.size(); i++)
+    public boolean authoriseBind(final AMQProtocolSession session, final Exchange exch, final AMQQueue queue,
+            final AMQShortString routingKey)
+    {
+        return checkAllPlugins(new AccessCheck()
         {
-            String argName = argumentNames.get(i);
-            if (argName == null || argName.length() == 0)
+
+            @Override
+            AuthzResult allowed(ACLPlugin plugin)
             {
-                throw new ConfigurationException("Access Control argument names must have length >= 1 character");
+                return plugin.authoriseBind(session, exch, queue, routingKey);
             }
-            if (Character.isLowerCase(argName.charAt(0)))
+
+        });
+    }
+
+    public boolean authoriseConnect(final AMQProtocolSession session, final VirtualHost virtualHost)
+    {
+        return checkAllPlugins(new AccessCheck()
+        {
+
+            @Override
+            AuthzResult allowed(ACLPlugin plugin)
             {
-                argName = Character.toUpperCase(argName.charAt(0)) + argName.substring(1);
+                return plugin.authoriseConnect(session, virtualHost);
             }
-            String methodName = "set" + argName;
-            Method method = null;
-            try
+
+        });
+    }
+
+    public boolean authoriseConsume(final AMQProtocolSession session, final boolean noAck, final AMQQueue queue)
+    {
+        return checkAllPlugins(new AccessCheck()
+        {
+
+            @Override
+            AuthzResult allowed(ACLPlugin plugin)
             {
-                method = accessManager.getClass().getMethod(methodName, String.class);
+                return plugin.authoriseConsume(session, noAck, queue);
             }
-            catch (NoSuchMethodException e)
+
+        });
+    }
+
+    public boolean authoriseConsume(final AMQProtocolSession session, final boolean exclusive, final boolean noAck,
+            final boolean noLocal, final boolean nowait, final AMQQueue queue)
+    {
+        return checkAllPlugins(new AccessCheck()
+        {
+
+            @Override
+            AuthzResult allowed(ACLPlugin plugin)
             {
-                //do nothing as method will be null
+                return plugin.authoriseConsume(session, exclusive, noAck, noLocal, nowait, queue);
             }
 
-            if (method == null)
+        });
+    }
+
+    public boolean authoriseCreateExchange(final AMQProtocolSession session, final boolean autoDelete,
+            final boolean durable, final AMQShortString exchangeName, final boolean internal, final boolean nowait,
+            final boolean passive, final AMQShortString exchangeType)
+    {
+        return checkAllPlugins(new AccessCheck()
+        {
+
+            @Override
+            AuthzResult allowed(ACLPlugin plugin)
             {
-                throw new ConfigurationException("No method " + methodName + " found in class " + accessManager.getClass() +
-                                                 " hence unable to configure access control. The method must be public and " +
-                                                 "have a single String argument with a void return type");
+                return plugin.authoriseCreateExchange(session, autoDelete, durable, exchangeName, internal, nowait,
+                        passive, exchangeType);
             }
-            try
+
+        });
+    }
+
+    public boolean authoriseCreateQueue(final AMQProtocolSession session, final boolean autoDelete,
+            final boolean durable, final boolean exclusive, final boolean nowait, final boolean passive,
+            final AMQShortString queue)
+    {
+        return checkAllPlugins(new AccessCheck()
+        {
+
+            @Override
+            AuthzResult allowed(ACLPlugin plugin)
             {
-                method.invoke(accessManager, PropertyUtils.replaceProperties(argumentValues.get(i)));
+                return plugin.authoriseCreateQueue(session, autoDelete, durable, exclusive, nowait, passive, queue);
             }
-            catch (Exception e)
+
+        });
+    }
+
+    public boolean authoriseDelete(final AMQProtocolSession session, final AMQQueue queue)
+    {
+        return checkAllPlugins(new AccessCheck()
+        {
+
+            @Override
+            AuthzResult allowed(ACLPlugin plugin)
             {
-                ConfigurationException ce = new ConfigurationException(e.getMessage(), e.getCause());
-                ce.initCause(e);
-                throw ce;
+                return plugin.authoriseDelete(session, queue);
             }
-        }
+
+        });
     }
 
+    public boolean authoriseDelete(final AMQProtocolSession session, final Exchange exchange)
+    {
+        return checkAllPlugins(new AccessCheck()
+        {
+
+            @Override
+            AuthzResult allowed(ACLPlugin plugin)
+            {
+                return plugin.authoriseDelete(session, exchange);
+            }
 
-    private static ACLPlugin getManager(ACLPlugin manager)
+        });
+    }
+    
+    public boolean authorisePublish(final AMQProtocolSession session, final boolean immediate, final boolean mandatory,
+            final AMQShortString routingKey, final Exchange e)
     {
-        if (manager == null)
+        return checkAllPlugins(new AccessCheck()
         {
-            if (ApplicationRegistry.getInstance().getAccessManager() == null)
+
+            @Override
+            AuthzResult allowed(ACLPlugin plugin)
             {
-                return new DenyAll();
+                return plugin.authorisePublish(session, immediate, mandatory, routingKey, e);
             }
-            else
+
+        });
+    }
+
+    public boolean authorisePurge(final AMQProtocolSession session, final AMQQueue queue)
+    {
+        return checkAllPlugins(new AccessCheck()
+        {
+
+            @Override
+            AuthzResult allowed(ACLPlugin plugin)
             {
-                return ApplicationRegistry.getInstance().getAccessManager();
+                return plugin.authorisePurge(session, queue);
             }
-        }
-        else
+
+        });
+    }
+
+    public boolean authoriseUnbind(final AMQProtocolSession session, final Exchange exch,
+            final AMQShortString routingKey, final AMQQueue queue)
+    {
+        return checkAllPlugins(new AccessCheck()
         {
-            return manager;
-        }
+
+            @Override
+            AuthzResult allowed(ACLPlugin plugin)
+            {
+                return plugin.authoriseUnbind(session, exch, routingKey, queue);
+            }
+
+        });
     }
 
-    public static Logger getLogger()
+    public void addHostPlugin(ACLPlugin aclPlugin)
     {
-        return _logger;
+        _hostPlugins.put(aclPlugin.getClass().getName(), aclPlugin);
     }
 }

Modified: qpid/branches/0.5-fix/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/ACLPlugin.java
URL: http://svn.apache.org/viewvc/qpid/branches/0.5-fix/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/ACLPlugin.java?rev=764412&r1=764411&r2=764412&view=diff
==============================================================================
--- qpid/branches/0.5-fix/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/ACLPlugin.java (original)
+++ qpid/branches/0.5-fix/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/ACLPlugin.java Mon Apr 13 11:19:27 2009
@@ -29,36 +29,41 @@
 
 public interface ACLPlugin
 {
-    String getPluginName();
+    public enum AuthzResult
+    {
+        ALLOWED,
+        DENIED,
+        ABSTAIN        
+    }
 
-    void setConfiguaration(Configuration config);
+    void setConfiguration(Configuration config);
 
     // These return true if the plugin thinks the action should be allowed, and false if not. 
     
-    boolean authoriseBind(AMQProtocolSession session, Exchange exch, AMQQueue queue, AMQShortString routingKey);
+    AuthzResult authoriseBind(AMQProtocolSession session, Exchange exch, AMQQueue queue, AMQShortString routingKey);
 
-    boolean authoriseCreateExchange(AMQProtocolSession session, boolean autoDelete, boolean durable,
+    AuthzResult authoriseCreateExchange(AMQProtocolSession session, boolean autoDelete, boolean durable,
             AMQShortString exchangeName, boolean internal, boolean nowait, boolean passive, AMQShortString exchangeType);
 
-    boolean authoriseCreateQueue(AMQProtocolSession session, boolean autoDelete, boolean durable, boolean exclusive,
+    AuthzResult authoriseCreateQueue(AMQProtocolSession session, boolean autoDelete, boolean durable, boolean exclusive,
             boolean nowait, boolean passive, AMQShortString queue);
 
-    boolean authoriseConnect(AMQProtocolSession session, VirtualHost virtualHost);
+    AuthzResult authoriseConnect(AMQProtocolSession session, VirtualHost virtualHost);
 
-    boolean authoriseConsume(AMQProtocolSession session, boolean noAck, AMQQueue queue);
+    AuthzResult authoriseConsume(AMQProtocolSession session, boolean noAck, AMQQueue queue);
 
-    boolean authoriseConsume(AMQProtocolSession session, boolean exclusive, boolean noAck, boolean noLocal,
+    AuthzResult authoriseConsume(AMQProtocolSession session, boolean exclusive, boolean noAck, boolean noLocal,
             boolean nowait, AMQQueue queue);
 
-    boolean authoriseDelete(AMQProtocolSession session, AMQQueue queue);
+    AuthzResult authoriseDelete(AMQProtocolSession session, AMQQueue queue);
 
-    boolean authoriseDelete(AMQProtocolSession session, Exchange exchange);
+    AuthzResult authoriseDelete(AMQProtocolSession session, Exchange exchange);
 
-    boolean authorisePublish(AMQProtocolSession session, boolean immediate, boolean mandatory,
+    AuthzResult authorisePublish(AMQProtocolSession session, boolean immediate, boolean mandatory,
             AMQShortString routingKey, Exchange e);
 
-    boolean authorisePurge(AMQProtocolSession session, AMQQueue queue);
+    AuthzResult authorisePurge(AMQProtocolSession session, AMQQueue queue);
 
-    boolean authoriseUnbind(AMQProtocolSession session, Exchange exch, AMQShortString routingKey, AMQQueue queue);
+    AuthzResult authoriseUnbind(AMQProtocolSession session, Exchange exch, AMQShortString routingKey, AMQQueue queue);
 
 }

Modified: qpid/branches/0.5-fix/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/AccessResult.java
URL: http://svn.apache.org/viewvc/qpid/branches/0.5-fix/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/AccessResult.java?rev=764412&r1=764411&r2=764412&view=diff
==============================================================================
--- qpid/branches/0.5-fix/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/AccessResult.java (original)
+++ qpid/branches/0.5-fix/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/AccessResult.java Mon Apr 13 11:19:27 2009
@@ -33,12 +33,12 @@
     public AccessResult(ACLPlugin authorizer, AccessStatus status)
     {
         _status = status;
-        _authorizer = authorizer.getPluginName();
+        _authorizer = authorizer.getClass().getSimpleName();
     }
 
     public void setAuthorizer(ACLPlugin authorizer)
     {
-        _authorizer += authorizer.getPluginName();
+        _authorizer += authorizer.getClass().getSimpleName();
     }
 
     public String getAuthorizer()
@@ -58,7 +58,7 @@
 
     public void addAuthorizer(ACLPlugin accessManager)
     {
-        _authorizer = accessManager.getPluginName() + "->" + _authorizer;
+        _authorizer = accessManager.getClass().getSimpleName() + "->" + _authorizer;
     }
 
 

Modified: qpid/branches/0.5-fix/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/PrincipalPermissions.java
URL: http://svn.apache.org/viewvc/qpid/branches/0.5-fix/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/PrincipalPermissions.java?rev=764412&r1=764411&r2=764412&view=diff
==============================================================================
--- qpid/branches/0.5-fix/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/PrincipalPermissions.java (original)
+++ qpid/branches/0.5-fix/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/PrincipalPermissions.java Mon Apr 13 11:19:27 2009
@@ -25,6 +25,7 @@
 import org.apache.qpid.framing.QueueDeclareBody;
 import org.apache.qpid.framing.ExchangeDeclareBody;
 import org.apache.qpid.server.queue.AMQQueue;
+import org.apache.qpid.server.security.access.ACLPlugin.AuthzResult;
 import org.apache.qpid.server.exchange.Exchange;
 
 import java.util.*;
@@ -336,13 +337,13 @@
      *  PURGE: none
      *  UNBIND: none
      */
-    public boolean authorise(Permission permission, Object... parameters)
+    public AuthzResult authorise(Permission permission, Object... parameters)
     {
 
         switch (permission)
         {
             case ACCESS:
-                return true; // This is here for completeness but the SimpleXML ACLManager never calls it.
+                return AuthzResult.ALLOWED; // This is here for completeness but the SimpleXML ACLManager never calls it.
                 // The existence of this user specific PP can be validated in the map SimpleXML maintains.
             case BIND: // Parameters : QueueBindMethod , Exchange , AMQQueue, AMQShortString routingKey
 
@@ -368,7 +369,7 @@
 
                     if (exchangeDetails == null) //Then all queue can be bound to all exchanges.
                     {
-                        return true;
+                        return AuthzResult.ALLOWED;
                     }
 
                     // Check to see if we have a white list of routingkeys to check
@@ -378,7 +379,7 @@
                     if (rkeys == null)
                     {
                         // There is no routingkey white list
-                        return true;
+                        return AuthzResult.ALLOWED;
                     }
                     else
                     {
@@ -400,7 +401,7 @@
                         }
 
 
-                        return matched;
+                        return (matched) ? AuthzResult.ALLOWED : AuthzResult.DENIED;
                     }
 
 
@@ -425,14 +426,14 @@
                             // Check to see if the requested exchange is allowed.
                             Map exchangeDetails = (Map) bind_exchanges.get(exchange.getName());
 
-                            return (Boolean) exchangeDetails.get(CREATE_QUEUE_EXCHANGES_TEMPORARY_KEY);
+                            return ((Boolean) exchangeDetails.get(CREATE_QUEUE_EXCHANGES_TEMPORARY_KEY)) ? AuthzResult.ALLOWED : AuthzResult.DENIED;
                         }
 
                         //no white list so all allowed, drop through to return true below.
                     }
 
                     // not a temporary queue and no white list so all allowed.
-                    return true;
+                    return AuthzResult.ALLOWED;
                 }
 
             case CREATEQUEUE:// Parameters : boolean autodelete, AMQShortString name
@@ -442,7 +443,7 @@
                 // If there are no create rights then deny request
                 if (createRights == null)
                 {
-                    return false;
+                    return AuthzResult.DENIED;
                 }
 
                 //Look up the Queue Creation Rights
@@ -457,12 +458,20 @@
 
                 if (autoDelete)// we have a temporary queue
                 {
-                    return (Boolean) create_queues.get(CREATE_QUEUE_TEMPORARY_KEY);
+                    return ((Boolean) create_queues.get(CREATE_QUEUE_TEMPORARY_KEY)) ? AuthzResult.ALLOWED : AuthzResult.DENIED;
                 }
                 else
                 {
                     // If there is a white list then check
-                    return create_queues_queues == null || create_queues_queues.containsKey(queueName);
+                    if (create_queues_queues == null || create_queues_queues.containsKey(queueName))
+                    {
+                        return AuthzResult.ALLOWED; 
+                    }
+                    else
+                    {
+                        return AuthzResult.DENIED;
+                    }
+                        
                 }
             case CREATEEXCHANGE:
                 Map rights = (Map) _permissions.get(permission);
@@ -471,7 +480,14 @@
 
                 // If the exchange list is doesn't exist then all is allowed else
                 // check the valid exchanges
-                return rights == null || rights.containsKey(exchangeName);
+                if (rights == null || rights.containsKey(exchangeName))
+                {
+                    return AuthzResult.ALLOWED; 
+                }
+                else
+                {
+                    return AuthzResult.DENIED;
+                }
             case CONSUME: // Parameters :  AMQQueue
 
                 if (parameters.length == 1 && parameters[0] instanceof AMQQueue)
@@ -492,11 +508,11 @@
                         // Of course the exclusivity will not be broken.
                         {
                             // if not limited to ownQueuesOnly then ok else check queue Owner.
-                            return !ownQueuesOnly || queue.getOwner().equals(_user);
+                            return (!ownQueuesOnly || queue.getOwner().equals(_user)) ? AuthzResult.ALLOWED : AuthzResult.DENIED;
                         }
                         else
                         {
-                            return false;
+                            return AuthzResult.DENIED;
                         }
                     }
 
@@ -508,21 +524,21 @@
                         {
                             if (queue.getOwner().equals(_user))
                             {
-                                return queues.size() == 0 || queues.contains(queue.getName());
+                                return (queues.size() == 0 || queues.contains(queue.getName())) ? AuthzResult.ALLOWED : AuthzResult.DENIED;
                             }
                             else
                             {
-                                return false;
+                                return AuthzResult.DENIED;
                             }
                         }
 
                         // If we are
-                        return queues.size() == 0 || queues.contains(queue.getName());
+                        return (queues.size() == 0 || queues.contains(queue.getName())) ? AuthzResult.ALLOWED : AuthzResult.DENIED;
                     }
                 }
 
                 // Can't authenticate without the right parameters
-                return false;
+                return AuthzResult.DENIED;
             case DELETE:
                 break;
 
@@ -531,7 +547,7 @@
 
                 if (publishRights == null)
                 {
-                    return false;
+                    return AuthzResult.DENIED;
                 }
 
                 Map exchanges = (Map) publishRights.get(PUBLISH_EXCHANGES_KEY);
@@ -539,14 +555,14 @@
                 // Having no exchanges listed gives full publish rights to all exchanges
                 if (exchanges == null)
                 {
-                    return true;
+                    return AuthzResult.ALLOWED;
                 }
                 // Otherwise exchange must be listed in the white list
 
                 // If the map doesn't have the exchange then it isn't allowed
                 if (!exchanges.containsKey(((Exchange) parameters[0]).getName()))
                 {
-                    return false;
+                    return AuthzResult.DENIED;
                 }
                 else
                 {
@@ -557,7 +573,7 @@
                     // Having no routingKeys in the map then all are allowed.
                     if (routingKeys == null)
                     {
-                        return true;
+                        return AuthzResult.ALLOWED;
                     }
                     else
                     {
@@ -581,7 +597,7 @@
                                 matched = publishRKey.equals(rkey);
                             }
                         }
-                        return matched;
+                        return (matched) ? AuthzResult.ALLOWED : AuthzResult.DENIED;
                     }
                 }
             case PURGE:
@@ -591,6 +607,6 @@
 
         }
 
-        return false;
+        return AuthzResult.DENIED;
     }
 }

Modified: qpid/branches/0.5-fix/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/plugins/AllowAll.java
URL: http://svn.apache.org/viewvc/qpid/branches/0.5-fix/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/plugins/AllowAll.java?rev=764412&r1=764411&r2=764412&view=diff
==============================================================================
--- qpid/branches/0.5-fix/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/plugins/AllowAll.java (original)
+++ qpid/branches/0.5-fix/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/plugins/AllowAll.java Mon Apr 13 11:19:27 2009
@@ -21,24 +21,34 @@
 package org.apache.qpid.server.security.access.plugins;
 
 import org.apache.commons.configuration.Configuration;
+import org.apache.qpid.server.security.access.ACLPlugin;
+import org.apache.qpid.server.security.access.ACLPluginFactory;
 
 public class AllowAll extends BasicACLPlugin
 {
 
-    public String getPluginName()
+    public static final ACLPluginFactory FACTORY = new ACLPluginFactory()
     {
-        return "AllowAll";
-    }
+        public boolean supportsTag(String name)
+        {
+            return false;
+        }
 
-    public void setConfiguaration(Configuration config)
+        public ACLPlugin newInstance(Configuration config)
+        {
+            return new AllowAll();
+        }
+    };
+
+    public String getPluginName()
     {
-        // no-op
+        return this.getClass().getSimpleName();
     }
 
     @Override
-    protected boolean getResult()
+    protected AuthzResult getResult()
     {
         // Always allow
-        return true;
+        return AuthzResult.ALLOWED;
     }
 }

Modified: qpid/branches/0.5-fix/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/plugins/BasicACLPlugin.java
URL: http://svn.apache.org/viewvc/qpid/branches/0.5-fix/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/plugins/BasicACLPlugin.java?rev=764412&r1=764411&r2=764412&view=diff
==============================================================================
--- qpid/branches/0.5-fix/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/plugins/BasicACLPlugin.java (original)
+++ qpid/branches/0.5-fix/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/plugins/BasicACLPlugin.java Mon Apr 13 11:19:27 2009
@@ -33,31 +33,31 @@
 {
 
     // Returns true or false if the plugin should authorise or deny the request    
-    protected abstract boolean getResult();
+    protected abstract AuthzResult getResult();
     
     @Override
-    public boolean authoriseBind(AMQProtocolSession session, Exchange exch,
+    public AuthzResult authoriseBind(AMQProtocolSession session, Exchange exch,
             AMQQueue queue, AMQShortString routingKey)
     {
         return getResult();
     }
 
     @Override
-    public boolean authoriseConnect(AMQProtocolSession session,
+    public AuthzResult authoriseConnect(AMQProtocolSession session,
             VirtualHost virtualHost)
     {
         return getResult();
     }
 
     @Override
-    public boolean authoriseConsume(AMQProtocolSession session, boolean noAck,
+    public AuthzResult authoriseConsume(AMQProtocolSession session, boolean noAck,
             AMQQueue queue)
     {
         return getResult();    
     }
 
     @Override
-    public boolean authoriseConsume(AMQProtocolSession session,
+    public AuthzResult authoriseConsume(AMQProtocolSession session,
             boolean exclusive, boolean noAck, boolean noLocal, boolean nowait,
             AMQQueue queue)
     {
@@ -65,7 +65,7 @@
     }
 
     @Override
-    public boolean authoriseCreateExchange(AMQProtocolSession session,
+    public AuthzResult authoriseCreateExchange(AMQProtocolSession session,
             boolean autoDelete, boolean durable, AMQShortString exchangeName,
             boolean internal, boolean nowait, boolean passive,
             AMQShortString exchangeType)
@@ -74,7 +74,7 @@
     }
 
     @Override
-    public boolean authoriseCreateQueue(AMQProtocolSession session,
+    public AuthzResult authoriseCreateQueue(AMQProtocolSession session,
             boolean autoDelete, boolean durable, boolean exclusive,
             boolean nowait, boolean passive, AMQShortString queue)
     {
@@ -82,19 +82,19 @@
     }
 
     @Override
-    public boolean authoriseDelete(AMQProtocolSession session, AMQQueue queue)
+    public AuthzResult authoriseDelete(AMQProtocolSession session, AMQQueue queue)
     {
         return getResult();
     }
 
     @Override
-    public boolean authoriseDelete(AMQProtocolSession session, Exchange exchange)
+    public AuthzResult authoriseDelete(AMQProtocolSession session, Exchange exchange)
     {
         return getResult();
     }
 
     @Override
-    public boolean authorisePublish(AMQProtocolSession session,
+    public AuthzResult authorisePublish(AMQProtocolSession session,
             boolean immediate, boolean mandatory, AMQShortString routingKey,
             Exchange e)
     {
@@ -102,22 +102,28 @@
     }
 
     @Override
-    public boolean authorisePurge(AMQProtocolSession session, AMQQueue queue)
+    public AuthzResult authorisePurge(AMQProtocolSession session, AMQQueue queue)
     {
         return getResult();
     }
 
     @Override
-    public boolean authoriseUnbind(AMQProtocolSession session, Exchange exch,
+    public AuthzResult authoriseUnbind(AMQProtocolSession session, Exchange exch,
             AMQShortString routingKey, AMQQueue queue)
     {
         return getResult();
     }
 
     @Override
-    public void setConfiguaration(Configuration config)
+    public void setConfiguration(Configuration config)
     {
         // no-op
     }
 
+    public boolean supportsTag(String name)
+    {
+        // This plugin doesn't support any tags
+        return false;
+    }
+
 }

Modified: qpid/branches/0.5-fix/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/plugins/DenyAll.java
URL: http://svn.apache.org/viewvc/qpid/branches/0.5-fix/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/plugins/DenyAll.java?rev=764412&r1=764411&r2=764412&view=diff
==============================================================================
--- qpid/branches/0.5-fix/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/plugins/DenyAll.java (original)
+++ qpid/branches/0.5-fix/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/plugins/DenyAll.java Mon Apr 13 11:19:27 2009
@@ -26,11 +26,26 @@
 import org.apache.qpid.protocol.AMQConstant;
 import org.apache.qpid.server.protocol.AMQProtocolSession;
 import org.apache.qpid.server.security.access.ACLManager;
+import org.apache.qpid.server.security.access.ACLPlugin;
+import org.apache.qpid.server.security.access.ACLPluginFactory;
 import org.apache.qpid.server.security.access.AccessResult;
 import org.apache.qpid.server.security.access.Permission;
 
 public class DenyAll extends BasicACLPlugin
 {
+    public static final ACLPluginFactory FACTORY = new ACLPluginFactory()
+    {
+        public boolean supportsTag(String name)
+        {
+            return false;
+        }
+
+        public ACLPlugin newInstance(Configuration config)
+        {
+            return new DenyAll();
+        }
+    };
+    
     public AccessResult authorise(AMQProtocolSession session,
             Permission permission, AMQMethodBody body, Object... parameters)
             throws AMQConnectionException
@@ -47,19 +62,14 @@
 
     public String getPluginName()
     {
-        return "DenyAll";
-    }
-
-    public void setConfiguaration(Configuration config)
-    {
-        // no-op
+        return getClass().getSimpleName();
     }
 
     @Override 
-    protected boolean getResult()
+    protected AuthzResult getResult()
     {
         // Always deny
-        return false;
+        return AuthzResult.DENIED;
     }
 
 }

Modified: qpid/branches/0.5-fix/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/plugins/SimpleXML.java
URL: http://svn.apache.org/viewvc/qpid/branches/0.5-fix/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/plugins/SimpleXML.java?rev=764412&r1=764411&r2=764412&view=diff
==============================================================================
--- qpid/branches/0.5-fix/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/plugins/SimpleXML.java (original)
+++ qpid/branches/0.5-fix/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/plugins/SimpleXML.java Mon Apr 13 11:19:27 2009
@@ -35,9 +35,11 @@
 import org.apache.qpid.server.queue.AMQQueue;
 import org.apache.qpid.server.security.access.ACLManager;
 import org.apache.qpid.server.security.access.ACLPlugin;
+import org.apache.qpid.server.security.access.ACLPluginFactory;
 import org.apache.qpid.server.security.access.AccessResult;
 import org.apache.qpid.server.security.access.Permission;
 import org.apache.qpid.server.security.access.PrincipalPermissions;
+import org.apache.qpid.server.security.access.ACLPlugin.AuthzResult;
 import org.apache.qpid.server.virtualhost.VirtualHost;
 
 import java.util.Map;
@@ -48,6 +50,21 @@
  */
 public class SimpleXML implements ACLPlugin
 {
+    public static final ACLPluginFactory FACTORY = new ACLPluginFactory()
+    {
+        public boolean supportsTag(String name)
+        {
+            return name.startsWith("access_control_list");
+        }
+
+        public ACLPlugin newInstance(Configuration config)
+        {
+            SimpleXML plugin = new SimpleXML();
+            plugin.setConfiguration(config);
+            return plugin;
+        }
+    };
+    
     private Map<String, PrincipalPermissions> _users;
     private final AccessResult GRANTED = new AccessResult(this, AccessResult.AccessStatus.GRANTED);
 
@@ -56,7 +73,7 @@
         _users = new ConcurrentHashMap<String, PrincipalPermissions>();
     }
 
-    public void setConfiguaration(Configuration config)
+    public void setConfiguration(Configuration config)
     {
         processConfig(config);
     }
@@ -78,7 +95,7 @@
      */
     private void processPublish(Configuration config)
     {
-        Configuration publishConfig = config.subset("security.access_control_list.publish");
+        Configuration publishConfig = config.subset("access_control_list.publish");
 
         // Process users that have full publish permission
         String[] users = publishConfig.getStringArray("users.user");
@@ -149,7 +166,7 @@
 
     private void processConsume(Configuration config)
     {
-        Configuration consumeConfig = config.subset("security.access_control_list.consume");
+        Configuration consumeConfig = config.subset("access_control_list.consume");
 
         // Process queue limited users
         int queueCount = 0;
@@ -186,7 +203,7 @@
 
     private void processCreate(Configuration config)
     {
-        Configuration createConfig = config.subset("security.access_control_list.create");
+        Configuration createConfig = config.subset("access_control_list.create");
 
         // Process create permissions for queue creation
         int queueCount = 0;
@@ -273,13 +290,12 @@
         return "Simple";
     }
 
-    @Override
-    public boolean authoriseBind(AMQProtocolSession session, Exchange exch, AMQQueue queue, AMQShortString routingKey)
+    public AuthzResult authoriseBind(AMQProtocolSession session, Exchange exch, AMQQueue queue, AMQShortString routingKey)
     {
         PrincipalPermissions principalPermissions = _users.get(session.getAuthorizedID().getName());
         if (principalPermissions == null)
         {
-            return false;
+            return AuthzResult.DENIED;
         }
         else
         {
@@ -287,13 +303,12 @@
         }
     }
 
-    @Override
-    public boolean authoriseConnect(AMQProtocolSession session, VirtualHost virtualHost)
+    public AuthzResult authoriseConnect(AMQProtocolSession session, VirtualHost virtualHost)
     {
         PrincipalPermissions principalPermissions = _users.get(session.getAuthorizedID().getName());
         if (principalPermissions == null)
         {
-            return false;
+            return AuthzResult.DENIED;
         }
         else
         {
@@ -301,13 +316,12 @@
         }
     }
 
-    @Override
-    public boolean authoriseConsume(AMQProtocolSession session, boolean noAck, AMQQueue queue)
+    public AuthzResult authoriseConsume(AMQProtocolSession session, boolean noAck, AMQQueue queue)
     {
         PrincipalPermissions principalPermissions = _users.get(session.getAuthorizedID().getName());
         if (principalPermissions == null)
         {
-            return false;
+            return AuthzResult.DENIED;
         }
         else
         {
@@ -315,21 +329,19 @@
         }
     }
 
-    @Override
-    public boolean authoriseConsume(AMQProtocolSession session, boolean exclusive, boolean noAck, boolean noLocal,
+    public AuthzResult authoriseConsume(AMQProtocolSession session, boolean exclusive, boolean noAck, boolean noLocal,
             boolean nowait, AMQQueue queue)
     {
         return authoriseConsume(session, noAck, queue);
     }
 
-    @Override
-    public boolean authoriseCreateExchange(AMQProtocolSession session, boolean autoDelete, boolean durable,
+    public AuthzResult authoriseCreateExchange(AMQProtocolSession session, boolean autoDelete, boolean durable,
             AMQShortString exchangeName, boolean internal, boolean nowait, boolean passive, AMQShortString exchangeType)
     {
         PrincipalPermissions principalPermissions = _users.get(session.getAuthorizedID().getName());
         if (principalPermissions == null)
         {
-            return false;
+            return AuthzResult.DENIED;
         }
         else
         {
@@ -337,14 +349,13 @@
         }
     }
 
-    @Override
-    public boolean authoriseCreateQueue(AMQProtocolSession session, boolean autoDelete, boolean durable, boolean exclusive,
+    public AuthzResult authoriseCreateQueue(AMQProtocolSession session, boolean autoDelete, boolean durable, boolean exclusive,
             boolean nowait, boolean passive, AMQShortString queue)
     {
         PrincipalPermissions principalPermissions = _users.get(session.getAuthorizedID().getName());
         if (principalPermissions == null)
         {
-            return false;
+            return AuthzResult.DENIED;
         }
         else
         {
@@ -352,13 +363,12 @@
         }
     }
 
-    @Override
-    public boolean authoriseDelete(AMQProtocolSession session, AMQQueue queue)
+    public AuthzResult authoriseDelete(AMQProtocolSession session, AMQQueue queue)
     {
         PrincipalPermissions principalPermissions = _users.get(session.getAuthorizedID().getName());
         if (principalPermissions == null)
         {
-            return false;
+            return AuthzResult.DENIED;
         }
         else
         {
@@ -366,13 +376,12 @@
         }
     }
 
-    @Override
-    public boolean authoriseDelete(AMQProtocolSession session, Exchange exchange)
+    public AuthzResult authoriseDelete(AMQProtocolSession session, Exchange exchange)
     {
         PrincipalPermissions principalPermissions = _users.get(session.getAuthorizedID().getName());
         if (principalPermissions == null)
         {
-            return false;
+            return AuthzResult.DENIED;
         }
         else
         {
@@ -380,14 +389,13 @@
         }
     }
 
-    @Override
-    public boolean authorisePublish(AMQProtocolSession session, boolean immediate, boolean mandatory,
+    public AuthzResult authorisePublish(AMQProtocolSession session, boolean immediate, boolean mandatory,
             AMQShortString routingKey, Exchange e)
     {
         PrincipalPermissions principalPermissions = _users.get(session.getAuthorizedID().getName());
         if (principalPermissions == null)
         {
-            return false;
+            return AuthzResult.DENIED;
         }
         else
         {
@@ -395,13 +403,12 @@
         }
     }
 
-    @Override
-    public boolean authorisePurge(AMQProtocolSession session, AMQQueue queue)
+    public AuthzResult authorisePurge(AMQProtocolSession session, AMQQueue queue)
     {
         PrincipalPermissions principalPermissions = _users.get(session.getAuthorizedID().getName());
         if (principalPermissions == null)
         {
-            return false;
+            return AuthzResult.DENIED;
         }
         else
         {
@@ -409,17 +416,17 @@
         }
     }
 
-    @Override
-    public boolean authoriseUnbind(AMQProtocolSession session, Exchange exch, AMQShortString routingKey, AMQQueue queue)
+    public AuthzResult authoriseUnbind(AMQProtocolSession session, Exchange exch, AMQShortString routingKey, AMQQueue queue)
     {
         PrincipalPermissions principalPermissions = _users.get(session.getAuthorizedID().getName());
         if (principalPermissions == null)
         {
-            return false;
+            return AuthzResult.DENIED;
         }
         else
         {
             return principalPermissions.authorise(Permission.UNBIND);
         }
     }
+
 }

Propchange: qpid/branches/0.5-fix/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/HashedUser.java
            ('svn:mergeinfo' removed)

Modified: qpid/branches/0.5-fix/qpid/java/broker/src/main/java/org/apache/qpid/server/util/NullApplicationRegistry.java
URL: http://svn.apache.org/viewvc/qpid/branches/0.5-fix/qpid/java/broker/src/main/java/org/apache/qpid/server/util/NullApplicationRegistry.java?rev=764412&r1=764411&r2=764412&view=diff
==============================================================================
--- qpid/branches/0.5-fix/qpid/java/broker/src/main/java/org/apache/qpid/server/util/NullApplicationRegistry.java (original)
+++ qpid/branches/0.5-fix/qpid/java/broker/src/main/java/org/apache/qpid/server/util/NullApplicationRegistry.java Mon Apr 13 11:19:27 2009
@@ -27,16 +27,13 @@
 
 import org.apache.commons.configuration.Configuration;
 import org.apache.commons.configuration.MapConfiguration;
-import org.apache.qpid.server.management.ManagedObjectRegistry;
 import org.apache.qpid.server.management.NoopManagedObjectRegistry;
 import org.apache.qpid.server.plugins.PluginManager;
 import org.apache.qpid.server.registry.ApplicationRegistry;
-import org.apache.qpid.server.security.auth.manager.AuthenticationManager;
-import org.apache.qpid.server.security.auth.manager.PrincipalDatabaseAuthenticationManager;
-import org.apache.qpid.server.security.auth.database.PrincipalDatabaseManager;
-import org.apache.qpid.server.security.auth.database.PropertiesPrincipalDatabaseManager;
-import org.apache.qpid.server.security.access.ACLPlugin;
+import org.apache.qpid.server.security.access.ACLManager;
 import org.apache.qpid.server.security.access.plugins.AllowAll;
+import org.apache.qpid.server.security.auth.database.PropertiesPrincipalDatabaseManager;
+import org.apache.qpid.server.security.auth.manager.PrincipalDatabaseAuthenticationManager;
 import org.apache.qpid.server.virtualhost.VirtualHost;
 import org.apache.qpid.server.virtualhost.VirtualHostRegistry;
 
@@ -59,13 +56,13 @@
 
         _databaseManager = new PropertiesPrincipalDatabaseManager("default", users);
 
-        _accessManager = new AllowAll();
+        _accessManager = new ACLManager(_configuration, _pluginManager, AllowAll.FACTORY);
 
         _authenticationManager = new PrincipalDatabaseAuthenticationManager(null, null);
 
         _managedObjectRegistry = new NoopManagedObjectRegistry();
         _virtualHostRegistry = new VirtualHostRegistry();
-        VirtualHost dummyHost = new VirtualHost("test", getConfiguration());
+        VirtualHost dummyHost = new VirtualHost("test", _configuration);
         _virtualHostRegistry.registerVirtualHost(dummyHost);
         _virtualHostRegistry.setDefaultVirtualHostName("test");
         _pluginManager = new PluginManager("");

Modified: qpid/branches/0.5-fix/qpid/java/broker/src/main/java/org/apache/qpid/server/virtualhost/VirtualHost.java
URL: http://svn.apache.org/viewvc/qpid/branches/0.5-fix/qpid/java/broker/src/main/java/org/apache/qpid/server/virtualhost/VirtualHost.java?rev=764412&r1=764411&r2=764412&view=diff
==============================================================================
--- qpid/branches/0.5-fix/qpid/java/broker/src/main/java/org/apache/qpid/server/virtualhost/VirtualHost.java (original)
+++ qpid/branches/0.5-fix/qpid/java/broker/src/main/java/org/apache/qpid/server/virtualhost/VirtualHost.java Mon Apr 13 11:19:27 2009
@@ -20,35 +20,35 @@
  */
 package org.apache.qpid.server.virtualhost;
 
+import java.util.Timer;
+import java.util.TimerTask;
+
 import javax.management.NotCompliantMBeanException;
 
 import org.apache.commons.configuration.Configuration;
 import org.apache.commons.configuration.PropertiesConfiguration;
 import org.apache.log4j.Logger;
+import org.apache.qpid.AMQException;
 import org.apache.qpid.server.AMQBrokerManagerMBean;
+import org.apache.qpid.server.configuration.Configurator;
 import org.apache.qpid.server.connection.ConnectionRegistry;
 import org.apache.qpid.server.connection.IConnectionRegistry;
-import org.apache.qpid.server.security.access.ACLPlugin;
-import org.apache.qpid.server.security.access.ACLManager;
-import org.apache.qpid.server.security.access.Accessable;
-import org.apache.qpid.server.security.auth.manager.PrincipalDatabaseAuthenticationManager;
-import org.apache.qpid.server.security.auth.manager.AuthenticationManager;
-import org.apache.qpid.server.configuration.Configurator;
 import org.apache.qpid.server.exchange.DefaultExchangeFactory;
 import org.apache.qpid.server.exchange.DefaultExchangeRegistry;
 import org.apache.qpid.server.exchange.ExchangeFactory;
 import org.apache.qpid.server.exchange.ExchangeRegistry;
 import org.apache.qpid.server.management.AMQManagedObject;
 import org.apache.qpid.server.management.ManagedObject;
+import org.apache.qpid.server.queue.AMQQueue;
 import org.apache.qpid.server.queue.DefaultQueueRegistry;
 import org.apache.qpid.server.queue.QueueRegistry;
-import org.apache.qpid.server.queue.AMQQueue;
 import org.apache.qpid.server.registry.ApplicationRegistry;
+import org.apache.qpid.server.security.access.ACLManager;
+import org.apache.qpid.server.security.access.Accessable;
+import org.apache.qpid.server.security.access.plugins.SimpleXML;
+import org.apache.qpid.server.security.auth.manager.AuthenticationManager;
+import org.apache.qpid.server.security.auth.manager.PrincipalDatabaseAuthenticationManager;
 import org.apache.qpid.server.store.MessageStore;
-import org.apache.qpid.AMQException;
-
-import java.util.Timer;
-import java.util.TimerTask;
 
 public class VirtualHost implements Accessable
 {
@@ -73,7 +73,7 @@
 
     private AuthenticationManager _authenticationManager;
 
-    private ACLPlugin _accessManager;
+    private ACLManager _accessManager;
 
     private final Timer _houseKeepingTimer;
      
@@ -183,8 +183,9 @@
 
         _authenticationManager = new PrincipalDatabaseAuthenticationManager(name, hostConfig);
 
-        _accessManager = ACLManager.loadACLManager(name, hostConfig);
-
+        _accessManager = ApplicationRegistry.getInstance().getAccessManager();
+        _accessManager.configureHostPlugins(hostConfig);
+        
         _brokerMBean = new AMQBrokerManagerMBean(_virtualHostMBean);
         _brokerMBean.register();
         initialiseHouseKeeping(hostConfig);
@@ -258,7 +259,6 @@
         return instance;
     }
 
-
     public String getName()
     {
         return _name;
@@ -294,7 +294,7 @@
         return _authenticationManager;
     }
 
-    public ACLPlugin getAccessManager()
+    public ACLManager getAccessManager()
     {
         return _accessManager;
     }                                                                   

Modified: qpid/branches/0.5-fix/qpid/java/broker/src/test/java/org/apache/qpid/server/plugins/PluginTest.java
URL: http://svn.apache.org/viewvc/qpid/branches/0.5-fix/qpid/java/broker/src/test/java/org/apache/qpid/server/plugins/PluginTest.java?rev=764412&r1=764411&r2=764412&view=diff
==============================================================================
--- qpid/branches/0.5-fix/qpid/java/broker/src/test/java/org/apache/qpid/server/plugins/PluginTest.java (original)
+++ qpid/branches/0.5-fix/qpid/java/broker/src/test/java/org/apache/qpid/server/plugins/PluginTest.java Mon Apr 13 11:19:27 2009
@@ -48,7 +48,6 @@
     {
         PluginManager manager = new PluginManager("/path/to/nowhere");
         Map<String, ExchangeType<?>> exchanges = manager.getExchanges();
-        assertNull("Exchanges found", exchanges);
-    } 
-    
+        assertEquals("Exchanges found", 0, exchanges.size());
+    }
 }

Modified: qpid/branches/0.5-fix/qpid/java/broker/src/test/java/org/apache/qpid/server/queue/MockAMQQueue.java
URL: http://svn.apache.org/viewvc/qpid/branches/0.5-fix/qpid/java/broker/src/test/java/org/apache/qpid/server/queue/MockAMQQueue.java?rev=764412&r1=764411&r2=764412&view=diff
==============================================================================
--- qpid/branches/0.5-fix/qpid/java/broker/src/test/java/org/apache/qpid/server/queue/MockAMQQueue.java (original)
+++ qpid/branches/0.5-fix/qpid/java/broker/src/test/java/org/apache/qpid/server/queue/MockAMQQueue.java Mon Apr 13 11:19:27 2009
@@ -40,10 +40,21 @@
 public class MockAMQQueue implements AMQQueue
 {
     private boolean _deleted = false;
+    private AMQShortString _name;
+
+    public MockAMQQueue(String name)
+    {
+       _name = new AMQShortString(name);
+    }
+
+    public MockAMQQueue()
+    {
+       
+    }
 
     public AMQShortString getName()
     {
-        return null;  //To change body of implemented methods use File | Settings | File Templates.
+        return _name;
     }
 
     public boolean isDurable()

Modified: qpid/branches/0.5-fix/qpid/java/broker/src/test/java/org/apache/qpid/server/security/access/PrincipalPermissionsTest.java
URL: http://svn.apache.org/viewvc/qpid/branches/0.5-fix/qpid/java/broker/src/test/java/org/apache/qpid/server/security/access/PrincipalPermissionsTest.java?rev=764412&r1=764411&r2=764412&view=diff
==============================================================================
--- qpid/branches/0.5-fix/qpid/java/broker/src/test/java/org/apache/qpid/server/security/access/PrincipalPermissionsTest.java (original)
+++ qpid/branches/0.5-fix/qpid/java/broker/src/test/java/org/apache/qpid/server/security/access/PrincipalPermissionsTest.java Mon Apr 13 11:19:27 2009
@@ -31,6 +31,7 @@
 import org.apache.qpid.server.exchange.DirectExchange;
 import org.apache.qpid.server.queue.AMQQueue;
 import org.apache.qpid.server.queue.AMQQueueFactory;
+import org.apache.qpid.server.security.access.ACLPlugin.AuthzResult;
 import org.apache.qpid.server.store.SkeletonMessageStore;
 import org.apache.qpid.server.virtualhost.VirtualHost;
 
@@ -79,7 +80,7 @@
     public void testPrincipalPermissions()
     {
         assertNotNull(_perms);
-        assertTrue(_perms.authorise(Permission.ACCESS, (Object[]) null));
+        assertEquals(AuthzResult.ALLOWED, _perms.authorise(Permission.ACCESS, (Object[]) null));
     }
 
     // FIXME: test has been disabled since the permissions assume that the user has tried to create
@@ -89,9 +90,9 @@
         QueueBindBodyImpl bind = new QueueBindBodyImpl(_ticket, _queueName, _exchangeName, _routingKey, _nowait, _arguments);
         Object[] args = new Object[]{bind, _exchange, _queue, _routingKey};
         
-        assertFalse(_perms.authorise(Permission.BIND, args));
+        assertEquals(AuthzResult.DENIED, _perms.authorise(Permission.BIND, args));
         _perms.grant(Permission.BIND, (Object[]) null);
-        assertTrue(_perms.authorise(Permission.BIND, args));
+        assertEquals(AuthzResult.ALLOWED, _perms.authorise(Permission.BIND, args));
     }
 
     public void testQueueCreate()
@@ -99,9 +100,9 @@
         Object[] grantArgs = new Object[]{_temporary , _queueName, _exchangeName, _routingKey};
         Object[] authArgs = new Object[]{_autoDelete, _queueName};
         
-        assertFalse(_perms.authorise(Permission.CREATEQUEUE, authArgs));
+        assertEquals(AuthzResult.DENIED, _perms.authorise(Permission.CREATEQUEUE, authArgs));
         _perms.grant(Permission.CREATEQUEUE, grantArgs);
-        assertTrue(_perms.authorise(Permission.CREATEQUEUE, authArgs));
+        assertEquals(AuthzResult.ALLOWED, _perms.authorise(Permission.CREATEQUEUE, authArgs));
     }
     
     
@@ -114,9 +115,9 @@
         Object[] authArgs = new Object[]{exchangeDeclare};
         Object[] grantArgs = new Object[]{_exchangeName, _exchangeType};
         
-        assertFalse(_perms.authorise(Permission.CREATEEXCHANGE, authArgs));
+        assertEquals(AuthzResult.DENIED, _perms.authorise(Permission.CREATEEXCHANGE, authArgs));
         _perms.grant(Permission.CREATEEXCHANGE, grantArgs);
-        assertTrue(_perms.authorise(Permission.CREATEEXCHANGE, authArgs));
+        assertEquals(AuthzResult.ALLOWED, _perms.authorise(Permission.CREATEEXCHANGE, authArgs));
     }
     
     public void testConsume()
@@ -128,7 +129,7 @@
          * assertFalse(_perms.authorise(Permission.CONSUME, authArgs));
          */
         _perms.grant(Permission.CONSUME, grantArgs);
-        assertTrue(_perms.authorise(Permission.CONSUME, authArgs));
+        assertEquals(AuthzResult.ALLOWED, _perms.authorise(Permission.CONSUME, authArgs));
     }
     
     public void testPublish()
@@ -136,9 +137,9 @@
         Object[] authArgs = new Object[]{_exchange, _routingKey};
         Object[] grantArgs = new Object[]{_exchange.getName(), _routingKey};
         
-        assertFalse(_perms.authorise(Permission.PUBLISH, authArgs));
+        assertEquals(AuthzResult.DENIED, _perms.authorise(Permission.PUBLISH, authArgs));
         _perms.grant(Permission.PUBLISH, grantArgs);
-        assertTrue(_perms.authorise(Permission.PUBLISH, authArgs));
+        assertEquals(AuthzResult.ALLOWED, _perms.authorise(Permission.PUBLISH, authArgs));
     }
     
 }

Propchange: qpid/branches/0.5-fix/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/database/HashedUserTest.java
            ('svn:mergeinfo' removed)

Modified: qpid/branches/0.5-fix/qpid/java/broker/src/test/java/org/apache/qpid/server/util/TestApplicationRegistry.java
URL: http://svn.apache.org/viewvc/qpid/branches/0.5-fix/qpid/java/broker/src/test/java/org/apache/qpid/server/util/TestApplicationRegistry.java?rev=764412&r1=764411&r2=764412&view=diff
==============================================================================
--- qpid/branches/0.5-fix/qpid/java/broker/src/test/java/org/apache/qpid/server/util/TestApplicationRegistry.java (original)
+++ qpid/branches/0.5-fix/qpid/java/broker/src/test/java/org/apache/qpid/server/util/TestApplicationRegistry.java Mon Apr 13 11:19:27 2009
@@ -26,6 +26,7 @@
 import org.apache.qpid.server.management.NoopManagedObjectRegistry;
 import org.apache.qpid.server.queue.QueueRegistry;
 import org.apache.qpid.server.registry.ApplicationRegistry;
+import org.apache.qpid.server.security.access.ACLManager;
 import org.apache.qpid.server.security.access.ACLPlugin;
 import org.apache.qpid.server.security.access.plugins.AllowAll;
 import org.apache.qpid.server.security.auth.database.PropertiesPrincipalDatabaseManager;
@@ -66,7 +67,7 @@
 
         _databaseManager = new PropertiesPrincipalDatabaseManager("default", users);
 
-        _accessManager = new AllowAll();
+        _accessManager = new ACLManager(_configuration, _pluginManager, AllowAll.FACTORY);
 
         _authenticationManager = new PrincipalDatabaseAuthenticationManager(null, null);
 
@@ -108,7 +109,7 @@
         return Arrays.asList(hosts);
     }
 
-    public void setAccessManager(ACLPlugin newManager)
+    public void setAccessManager(ACLManager newManager)
     {
         _accessManager = newManager;
     }

Propchange: qpid/branches/0.5-fix/qpid/java/lib/org.osgi.core_1.0.0.jar
            ('svn:mergeinfo' removed)

Propchange: qpid/branches/0.5-fix/qpid/java/management/client/src/main/java/org/apache/qpid/management/
            ('svn:mergeinfo' removed)

Propchange: qpid/branches/0.5-fix/qpid/java/management/client/src/test/java/org/apache/qpid/management/
            ('svn:mergeinfo' removed)

Propchange: qpid/branches/0.5-fix/qpid/java/management/eclipse-plugin/src/main/resources/macosx/Contents/MacOS/qpidmc
            ('svn:mergeinfo' removed)

Propchange: qpid/branches/0.5-fix/qpid/java/systests/src/main/java/org/apache/qpid/client/MultipleJCAProviderRegistrationTest.java
            ('svn:mergeinfo' removed)

Propchange: qpid/branches/0.5-fix/qpid/ruby/ext/sasl/extconf.rb
            ('svn:mergeinfo' removed)



---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project:      http://qpid.apache.org
Use/Interact: mailto:commits-subscribe@qpid.apache.org


Mime
View raw message