qpid-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rgodf...@apache.org
Subject svn commit: r1707566 - in /qpid/java/trunk: bdbstore/src/main/java/org/apache/qpid/server/virtualhost/berkeleydb/ broker-core/src/main/java/org/apache/qpid/server/model/ broker-core/src/main/java/org/apache/qpid/server/queue/ broker-core/src/main/java/...
Date Thu, 08 Oct 2015 15:16:37 GMT
Author: rgodfrey
Date: Thu Oct  8 15:16:36 2015
New Revision: 1707566

URL: http://svn.apache.org/viewvc?rev=1707566&view=rev
Log:
QPID-6781 : Performance improvements by caching AccessControllerContext

Removed:
    qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/virtualhost/HouseKeepingTaskTest.java
Modified:
    qpid/java/trunk/bdbstore/src/main/java/org/apache/qpid/server/virtualhost/berkeleydb/BDBHAReplicaVirtualHostImpl.java
    qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/model/VirtualHost.java
    qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/queue/AbstractQueue.java
    qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/queue/QueueRunner.java
    qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/SecurityManager.java
    qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/transport/AbstractAMQPConnection.java
    qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/virtualhost/AbstractVirtualHost.java
    qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/virtualhost/HouseKeepingTask.java
    qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/virtualhostnode/RedirectingVirtualHostImpl.java
    qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/queue/StandardQueueTest.java
    qpid/java/trunk/broker-plugins/amqp-0-10-protocol/src/main/java/org/apache/qpid/server/protocol/v0_10/AMQPConnection_0_10.java
    qpid/java/trunk/broker-plugins/amqp-0-10-protocol/src/main/java/org/apache/qpid/server/protocol/v0_10/ServerConnection.java
    qpid/java/trunk/broker-plugins/amqp-0-10-protocol/src/main/java/org/apache/qpid/server/protocol/v0_10/ServerSession.java
    qpid/java/trunk/broker-plugins/amqp-0-8-protocol/src/main/java/org/apache/qpid/server/protocol/v0_8/AMQChannel.java
    qpid/java/trunk/broker-plugins/amqp-0-8-protocol/src/main/java/org/apache/qpid/server/protocol/v0_8/AMQPConnection_0_8.java
    qpid/java/trunk/broker-plugins/amqp-0-8-protocol/src/main/java/org/apache/qpid/server/protocol/v0_8/BrokerDecoder.java
    qpid/java/trunk/broker-plugins/amqp-1-0-protocol/src/main/java/org/apache/qpid/server/protocol/v1_0/AMQPConnection_1_0.java
    qpid/java/trunk/broker-plugins/amqp-1-0-protocol/src/main/java/org/apache/qpid/server/protocol/v1_0/Connection_1_0.java
    qpid/java/trunk/broker-plugins/amqp-1-0-protocol/src/main/java/org/apache/qpid/server/protocol/v1_0/Session_1_0.java

Modified: qpid/java/trunk/bdbstore/src/main/java/org/apache/qpid/server/virtualhost/berkeleydb/BDBHAReplicaVirtualHostImpl.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/bdbstore/src/main/java/org/apache/qpid/server/virtualhost/berkeleydb/BDBHAReplicaVirtualHostImpl.java?rev=1707566&r1=1707565&r2=1707566&view=diff
==============================================================================
--- qpid/java/trunk/bdbstore/src/main/java/org/apache/qpid/server/virtualhost/berkeleydb/BDBHAReplicaVirtualHostImpl.java (original)
+++ qpid/java/trunk/bdbstore/src/main/java/org/apache/qpid/server/virtualhost/berkeleydb/BDBHAReplicaVirtualHostImpl.java Thu Oct  8 15:16:36 2015
@@ -19,6 +19,7 @@
 
 package org.apache.qpid.server.virtualhost.berkeleydb;
 
+import java.security.AccessControlContext;
 import java.security.Principal;
 import java.util.Collection;
 import java.util.Collections;
@@ -57,8 +58,6 @@ import org.apache.qpid.server.transport.
 import org.apache.qpid.server.txn.DtxRegistry;
 import org.apache.qpid.server.virtualhost.*;
 
-import javax.security.auth.Subject;
-
 /**
   Object that represents the VirtualHost whilst the VirtualHostNode is in the replica role.  The
   real virtualhost will be elsewhere in the group.
@@ -133,7 +132,7 @@ public class BDBHAReplicaVirtualHostImpl
     }
 
     @Override
-    public void executeTask(Runnable task, Subject subject)
+    public void executeTask(final String name, Runnable task, AccessControlContext context)
     {
         throwUnsupportedForReplica();
     }

Modified: qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/model/VirtualHost.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/model/VirtualHost.java?rev=1707566&r1=1707565&r2=1707566&view=diff
==============================================================================
--- qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/model/VirtualHost.java (original)
+++ qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/model/VirtualHost.java Thu Oct  8 15:16:36 2015
@@ -20,6 +20,7 @@
  */
 package org.apache.qpid.server.model;
 
+import java.security.AccessControlContext;
 import java.security.AccessControlException;
 import java.security.Principal;
 import java.util.Collection;
@@ -136,7 +137,7 @@ public interface VirtualHost<X extends V
     @ManagedContextDefault( name = "virtualhost.enabledConnectionValidators")
     String DEFAULT_ENABLED_VALIDATORS = "[]";
 
-    void executeTask(Runnable task, Subject subject);
+    void executeTask(String name, Runnable task, AccessControlContext context);
 
     @ManagedAttribute( defaultValue = "${virtualhost.enabledConnectionValidators}")
     List<String> getEnabledConnectionValidators();

Modified: qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/queue/AbstractQueue.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/queue/AbstractQueue.java?rev=1707566&r1=1707565&r2=1707566&view=diff
==============================================================================
--- qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/queue/AbstractQueue.java (original)
+++ qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/queue/AbstractQueue.java Thu Oct  8 15:16:36 2015
@@ -21,6 +21,7 @@ package org.apache.qpid.server.queue;
 import java.io.IOException;
 import java.io.OutputStream;
 import java.nio.ByteBuffer;
+import java.security.AccessControlContext;
 import java.security.AccessControlException;
 import java.security.AccessController;
 import java.security.Principal;
@@ -142,6 +143,8 @@ public abstract class AbstractQueue<X ex
     private final VirtualHostImpl _virtualHost;
     private final DeletedChildListener _deletedChildListener = new DeletedChildListener();
 
+    private final AccessControlContext _immediateDeliveryContext;
+
     @ManagedAttributeField( beforeSet = "preSetAlternateExchange", afterSet = "postSetAlternateExchange")
     private Exchange _alternateExchange;
 
@@ -282,8 +285,12 @@ public abstract class AbstractQueue<X ex
     {
         super(parentsMap(virtualHost), attributes);
 
+
         _virtualHost = virtualHost;
-        _queueRunner = new QueueRunner(this, _virtualHost.getPrincipal());
+        _immediateDeliveryContext = SecurityManager.getSystemTaskControllerContext("Immediate Delivery", virtualHost.getPrincipal());
+
+        _queueRunner = new QueueRunner(this, SecurityManager.getSystemTaskControllerContext("Queue Delivery",
+                                                                                            virtualHost.getPrincipal()));
     }
 
     @Override
@@ -554,13 +561,13 @@ public abstract class AbstractQueue<X ex
 
     // ------ Getters and Setters
 
-    public void execute(Runnable runnable, Subject subject)
+    public void execute(final String name, Runnable runnable, AccessControlContext context)
     {
         try
         {
             if (_virtualHost.getState() != State.UNAVAILABLE)
             {
-                _virtualHost.executeTask(runnable, subject);
+                _virtualHost.executeTask(name, runnable, context);
             }
         }
         catch (RejectedExecutionException ree)
@@ -1151,17 +1158,16 @@ public abstract class AbstractQueue<X ex
         {
             if (action != null || (exclusiveSub == null  && _queueRunner.isIdle()))
             {
-                Subject.doAs(SecurityManager.getSystemTaskSubject("Immediate Delivery", _virtualHost.getPrincipal()),
-                             new PrivilegedAction<Void>()
-                             {
-                                 @Override
-                                 public Void run()
-                                 {
-                                     tryDeliverStraightThrough(entry);
-                                     return null;
-                                 }
-                             }
-                            );
+                AccessController.doPrivileged(
+                        new PrivilegedAction<Void>()
+                        {
+                            @Override
+                            public Void run()
+                            {
+                                tryDeliverStraightThrough(entry);
+                                return null;
+                            }
+                        }, _immediateDeliveryContext);
             }
 
             if (entry.isAvailable())

Modified: qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/queue/QueueRunner.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/queue/QueueRunner.java?rev=1707566&r1=1707565&r2=1707566&view=diff
==============================================================================
--- qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/queue/QueueRunner.java (original)
+++ qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/queue/QueueRunner.java Thu Oct  8 15:16:36 2015
@@ -20,17 +20,14 @@
  */
 package org.apache.qpid.server.queue;
 
-import java.security.Principal;
+import java.security.AccessControlContext;
 import java.util.concurrent.atomic.AtomicBoolean;
 import java.util.concurrent.atomic.AtomicInteger;
 import java.util.concurrent.atomic.AtomicLong;
 
-import javax.security.auth.Subject;
-
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import org.apache.qpid.server.security.SecurityManager;
 import org.apache.qpid.server.util.ConnectionScopedRuntimeException;
 import org.apache.qpid.transport.TransportException;
 
@@ -56,12 +53,12 @@ public class QueueRunner implements Runn
 
     private final AtomicLong _lastRunAgain = new AtomicLong();
     private final AtomicLong _lastRunTime = new AtomicLong();
-    private final Subject _subject;
+    private final AccessControlContext _context;
 
-    public QueueRunner(AbstractQueue queue, Principal principal)
+    public QueueRunner(AbstractQueue queue, AccessControlContext context)
     {
         _queue = queue;
-        _subject = SecurityManager.getSystemTaskSubject("Queue Delivery", principal);
+        _context = context;
     }
 
     @Override
@@ -97,7 +94,7 @@ public class QueueRunner implements Runn
                 {
                     if(_scheduled.compareAndSet(IDLE, SCHEDULED))
                     {
-                        _queue.execute(QueueRunner.this, _subject);
+                        _queue.execute("Queue Runner["+ _queue.getName()+"]", QueueRunner.this, _context);
                     }
                 }
             }
@@ -115,7 +112,7 @@ public class QueueRunner implements Runn
         _stateChange.set(true);
         if(_scheduled.compareAndSet(IDLE, SCHEDULED))
         {
-            _queue.execute(this, _subject);
+            _queue.execute("Queue Runner["+ _queue.getName()+"]", this, _context);
         }
     }
 

Modified: qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/SecurityManager.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/SecurityManager.java?rev=1707566&r1=1707565&r2=1707566&view=diff
==============================================================================
--- qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/SecurityManager.java (original)
+++ qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/SecurityManager.java Thu Oct  8 15:16:36 2015
@@ -27,9 +27,11 @@ import static org.apache.qpid.server.sec
 import static org.apache.qpid.server.security.access.Operation.PUBLISH;
 import static org.apache.qpid.server.security.access.Operation.PURGE;
 
+import java.security.AccessControlContext;
 import java.security.AccessControlException;
 import java.security.AccessController;
 import java.security.Principal;
+import java.security.PrivilegedAction;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.Set;
@@ -37,6 +39,7 @@ import java.util.concurrent.ConcurrentHa
 import java.util.concurrent.ConcurrentMap;
 
 import javax.security.auth.Subject;
+import javax.security.auth.SubjectDomainCombiner;
 
 import org.apache.qpid.server.model.AccessControlProvider;
 import org.apache.qpid.server.model.Binding;
@@ -113,6 +116,25 @@ public class SecurityManager
         return getSystemSubject(new TaskPrincipal(taskName));
     }
 
+    public static AccessControlContext getSystemTaskControllerContext(String taskName, Principal principal)
+    {
+        final Subject subject = getSystemTaskSubject(taskName, principal);
+        final AccessControlContext acc = AccessController.getContext();
+        return AccessController.doPrivileged
+                (new PrivilegedAction<AccessControlContext>()
+                {
+                    public AccessControlContext run()
+                    {
+                        if (subject == null)
+                            return new AccessControlContext(acc, null);
+                        else
+                            return new AccessControlContext
+                                    (acc,
+                                     new SubjectDomainCombiner(subject));
+                    }
+                });
+    }
+
     public static Subject getSystemTaskSubject(String taskName, Principal principal)
     {
         return getSystemSubject(new TaskPrincipal(taskName), principal);
@@ -161,6 +183,24 @@ public class SecurityManager
         return user;
     }
 
+    public static AccessControlContext getAccessControlContextFromSubject(final Subject subject)
+    {
+        final AccessControlContext acc = AccessController.getContext();
+        return AccessController.doPrivileged
+                (new PrivilegedAction<AccessControlContext>()
+                {
+                    public AccessControlContext run()
+                    {
+                        if (subject == null)
+                            return new AccessControlContext(acc, null);
+                        else
+                            return new AccessControlContext
+                                    (acc,
+                                     new SubjectDomainCombiner(subject));
+                    }
+                });
+    }
+
 
     private static final class SystemPrincipal implements Principal
     {

Modified: qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/transport/AbstractAMQPConnection.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/transport/AbstractAMQPConnection.java?rev=1707566&r1=1707565&r2=1707566&view=diff
==============================================================================
--- qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/transport/AbstractAMQPConnection.java (original)
+++ qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/transport/AbstractAMQPConnection.java Thu Oct  8 15:16:36 2015
@@ -21,6 +21,7 @@
 package org.apache.qpid.server.transport;
 
 import java.net.SocketAddress;
+import java.security.AccessControlContext;
 import java.security.AccessController;
 import java.security.Principal;
 import java.security.PrivilegedAction;
@@ -95,6 +96,7 @@ public abstract class AbstractAMQPConnec
     private final AtomicBoolean _modelClosing = new AtomicBoolean();
     private volatile long _lastReadTime;
     private volatile long _lastWriteTime;
+    private volatile AccessControlContext _accessControllerContext;
 
     public AbstractAMQPConnection(Broker<?> broker,
                                   NetworkConnection network,
@@ -114,6 +116,8 @@ public abstract class AbstractAMQPConnec
         _connectionId = connectionId;
         _aggregateTicker = aggregateTicker;
         _subject.getPrincipals().add(new ConnectionPrincipal(this));
+        updateAccessControllerContext();
+
         _messagesDelivered = new StatisticsCounter("messages-delivered-" + getConnectionId());
         _dataDelivered = new StatisticsCounter("data-delivered-" + getConnectionId());
         _messagesReceived = new StatisticsCounter("messages-received-" + getConnectionId());
@@ -505,6 +509,17 @@ public abstract class AbstractAMQPConnec
         return getMessageDeliveryStatistics().getTotal();
     }
 
+    public AccessControlContext getAccessControllerContext()
+    {
+        return _accessControllerContext;
+    }
+
+    public final void updateAccessControllerContext()
+    {
+        _accessControllerContext = org.apache.qpid.server.security.SecurityManager.getAccessControlContextFromSubject(
+                getSubject());
+    }
+
     public abstract List<? extends AMQSessionModel<?>> getSessionModels();
 
     @Override

Modified: qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/virtualhost/AbstractVirtualHost.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/virtualhost/AbstractVirtualHost.java?rev=1707566&r1=1707565&r2=1707566&view=diff
==============================================================================
--- qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/virtualhost/AbstractVirtualHost.java (original)
+++ qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/virtualhost/AbstractVirtualHost.java Thu Oct  8 15:16:36 2015
@@ -23,6 +23,7 @@ package org.apache.qpid.server.virtualho
 import static java.util.Collections.newSetFromMap;
 
 import java.io.File;
+import java.security.AccessControlContext;
 import java.security.Principal;
 import java.security.PrivilegedAction;
 import java.util.ArrayList;
@@ -109,6 +110,8 @@ public abstract class AbstractVirtualHos
 
     private final Set<AMQPConnection<?>> _connections = newSetFromMap(new ConcurrentHashMap<AMQPConnection<?>, Boolean>());
     private final Set<VirtualHostConnectionListener> _connectionAssociationListeners = new CopyOnWriteArraySet<>();
+    private final AccessControlContext _housekeepingJobContext;
+    private final AccessControlContext _fileSystemSpaceCheckerJobContext;
 
     private static enum BlockingType { STORE, FILESYSTEM };
 
@@ -222,6 +225,10 @@ public abstract class AbstractVirtualHos
         _messagesReceived = new StatisticsCounter("messages-received-" + getName());
         _dataReceived = new StatisticsCounter("bytes-received-" + getName());
         _principal = new VirtualHostPrincipal(this);
+
+        _housekeepingJobContext = SecurityManager.getSystemTaskControllerContext("Housekeeping["+getName()+"]", _principal);
+        _fileSystemSpaceCheckerJobContext = SecurityManager.getSystemTaskControllerContext("FileSystemSpaceChecker["+getName()+"]", _principal);
+
         _fileSystemSpaceChecker = new FileSystemSpaceChecker();
 
         addChangeListener(new TargetSizeAssigningListener());
@@ -617,9 +624,9 @@ public abstract class AbstractVirtualHos
     }
 
     @Override
-    public void executeTask(final Runnable task, Subject subject)
+    public void executeTask(final String name, final Runnable task, AccessControlContext context)
     {
-        _houseKeepingTaskExecutor.execute(new HouseKeepingTask(this, subject)
+        _houseKeepingTaskExecutor.execute(new HouseKeepingTask(name, this, context)
         {
             @Override
             public void execute()
@@ -1198,7 +1205,7 @@ public abstract class AbstractVirtualHos
     {
         public VirtualHostHouseKeepingTask()
         {
-            super(AbstractVirtualHost.this);
+            super("Housekeeping["+AbstractVirtualHost.this.getName()+"]",AbstractVirtualHost.this,_housekeepingJobContext);
         }
 
         public void execute()
@@ -2073,8 +2080,7 @@ public abstract class AbstractVirtualHos
 
         public FileSystemSpaceChecker()
         {
-            super(AbstractVirtualHost.this);
-
+            super("FileSystemSpaceChecker["+AbstractVirtualHost.this.getName()+"]",AbstractVirtualHost.this,_fileSystemSpaceCheckerJobContext);
         }
 
         @Override

Modified: qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/virtualhost/HouseKeepingTask.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/virtualhost/HouseKeepingTask.java?rev=1707566&r1=1707565&r2=1707566&view=diff
==============================================================================
--- qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/virtualhost/HouseKeepingTask.java (original)
+++ qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/virtualhost/HouseKeepingTask.java Thu Oct  8 15:16:36 2015
@@ -20,33 +20,33 @@
  */
 package org.apache.qpid.server.virtualhost;
 
+import java.security.AccessControlContext;
+import java.security.AccessController;
 import java.security.PrivilegedAction;
 
-import javax.security.auth.Subject;
-
 import org.apache.qpid.server.model.VirtualHost;
 import org.apache.qpid.server.security.SecurityManager;
 
 public abstract class HouseKeepingTask implements Runnable
 {
     private final String _name;
-    private final Subject _subject;
+    private final AccessControlContext _accessControlContext;
 
     public HouseKeepingTask(VirtualHost vhost)
     {
-        this(vhost, null);
+        this(null, vhost, null);
     }
 
-    public HouseKeepingTask(VirtualHost vhost, Subject subject)
+    public HouseKeepingTask(String name, VirtualHost vhost, AccessControlContext context)
     {
-        _name = vhost.getName() + ":" + this.getClass().getSimpleName();
-        if (subject == null)
+        _name = name == null ? vhost.getName() + ":" + this.getClass().getSimpleName() : name;
+        if (context == null)
         {
-            _subject = SecurityManager.getSystemTaskSubject(_name, vhost.getPrincipal());
+            _accessControlContext = SecurityManager.getSystemTaskControllerContext(_name, vhost.getPrincipal());
         }
         else
         {
-            _subject = subject;
+            _accessControlContext = context;
         }
     }
 
@@ -57,7 +57,7 @@ public abstract class HouseKeepingTask i
 
         try
         {
-            Subject.doAs(_subject, new PrivilegedAction<Object>()
+            AccessController.doPrivileged(new PrivilegedAction<Object>()
             {
                 @Override
                 public Object run()
@@ -65,7 +65,7 @@ public abstract class HouseKeepingTask i
                     execute();
                     return null;
                 }
-            });
+            }, _accessControlContext);
         }
         finally
         {

Modified: qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/virtualhostnode/RedirectingVirtualHostImpl.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/virtualhostnode/RedirectingVirtualHostImpl.java?rev=1707566&r1=1707565&r2=1707566&view=diff
==============================================================================
--- qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/virtualhostnode/RedirectingVirtualHostImpl.java (original)
+++ qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/virtualhostnode/RedirectingVirtualHostImpl.java Thu Oct  8 15:16:36 2015
@@ -20,6 +20,7 @@
  */
 package org.apache.qpid.server.virtualhostnode;
 
+import java.security.AccessControlContext;
 import java.security.Principal;
 import java.util.Collection;
 import java.util.Collections;
@@ -58,8 +59,6 @@ import org.apache.qpid.server.transport.
 import org.apache.qpid.server.txn.DtxRegistry;
 import org.apache.qpid.server.virtualhost.*;
 
-import javax.security.auth.Subject;
-
 @ManagedObject( category = false, type = RedirectingVirtualHostImpl.TYPE, register = false )
 class RedirectingVirtualHostImpl
     extends AbstractConfiguredObject<RedirectingVirtualHostImpl>
@@ -134,7 +133,7 @@ class RedirectingVirtualHostImpl
     }
 
     @Override
-    public void executeTask(Runnable task, Subject subject)
+    public void executeTask(final String name, Runnable task, AccessControlContext context)
     {
         throwUnsupportedForRedirector();
     }

Modified: qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/queue/StandardQueueTest.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/queue/StandardQueueTest.java?rev=1707566&r1=1707565&r2=1707566&view=diff
==============================================================================
--- qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/queue/StandardQueueTest.java (original)
+++ qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/queue/StandardQueueTest.java Thu Oct  8 15:16:36 2015
@@ -20,6 +20,8 @@
  */
 package org.apache.qpid.server.queue;
 
+import java.security.AccessControlContext;
+import java.security.AccessController;
 import java.security.Principal;
 import java.util.Arrays;
 import java.util.EnumSet;
@@ -219,7 +221,7 @@ public class StandardQueueTest extends A
                                          ConsumerImpl.Option.SEES_REQUEUES));
 
         // process queue
-        testQueue.processQueue(new QueueRunner(testQueue, mock(Principal.class))
+        testQueue.processQueue(new QueueRunner(testQueue, AccessController.getContext())
         {
             public void run()
             {

Modified: qpid/java/trunk/broker-plugins/amqp-0-10-protocol/src/main/java/org/apache/qpid/server/protocol/v0_10/AMQPConnection_0_10.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-plugins/amqp-0-10-protocol/src/main/java/org/apache/qpid/server/protocol/v0_10/AMQPConnection_0_10.java?rev=1707566&r1=1707565&r2=1707566&view=diff
==============================================================================
--- qpid/java/trunk/broker-plugins/amqp-0-10-protocol/src/main/java/org/apache/qpid/server/protocol/v0_10/AMQPConnection_0_10.java (original)
+++ qpid/java/trunk/broker-plugins/amqp-0-10-protocol/src/main/java/org/apache/qpid/server/protocol/v0_10/AMQPConnection_0_10.java Thu Oct  8 15:16:36 2015
@@ -23,6 +23,7 @@ package org.apache.qpid.server.protocol.
 import java.net.InetSocketAddress;
 import java.net.SocketAddress;
 import java.nio.ByteBuffer;
+import java.security.AccessController;
 import java.security.Principal;
 import java.security.PrivilegedAction;
 import java.util.List;
@@ -109,23 +110,25 @@ public class AMQPConnection_0_10 extends
         _connection.addFrameSizeObserver(_inputHandler);
         _network = network;
 
-        Subject.doAs(getSubject(), new PrivilegedAction<Object>()
+        AccessController.doPrivileged(new PrivilegedAction<Object>()
         {
             @Override
             public Object run()
             {
-                _connection.getEventLogger().message(ConnectionMessages.OPEN(null, null, null, null, false, false, false, false));
+                _connection.getEventLogger()
+                        .message(ConnectionMessages.OPEN(null, null, null, null, false, false, false, false));
 
                 _connection.setNetworkConnection(_network);
                 _disassembler = new ServerDisassembler(wrapSender(_network.getSender()), Constant.MIN_MAX_FRAME_SIZE);
                 _connection.setSender(_disassembler);
                 _connection.addFrameSizeObserver(_disassembler);
                 // FIXME Two log messages to maintain compatibility with earlier protocol versions
-                _connection.getEventLogger().message(ConnectionMessages.OPEN(null, "0-10", null, null, false, true, false, false));
+                _connection.getEventLogger()
+                        .message(ConnectionMessages.OPEN(null, "0-10", null, null, false, true, false, false));
 
                 return null;
             }
-        });
+        }, getAccessControllerContext());
     }
 
     @Override
@@ -189,7 +192,7 @@ public class AMQPConnection_0_10 extends
 
     public void received(final QpidByteBuffer buf)
     {
-        Subject.doAs(_connection.getAuthorizedSubject(), new PrivilegedAction<Object>()
+        AccessController.doPrivileged(new PrivilegedAction<Object>()
         {
             @Override
             public Object run()
@@ -217,7 +220,7 @@ public class AMQPConnection_0_10 extends
                 }
                 return null;
             }
-        });
+        }, getAccessControllerContext());
     }
 
     @Override
@@ -232,16 +235,16 @@ public class AMQPConnection_0_10 extends
 
     public void readerIdle()
     {
-        Subject.doAs(_connection.getAuthorizedSubject(), new PrivilegedAction<Object>()
+        AccessController.doPrivileged(new PrivilegedAction<Object>()
+        {
+            @Override
+            public Object run()
             {
-                @Override
-                public Object run()
-                {
-                    _connection.getEventLogger().message(ConnectionMessages.IDLE_CLOSE());
-                    _network.close();
-                    return null;
-                }
-            });
+                _connection.getEventLogger().message(ConnectionMessages.IDLE_CLOSE());
+                _network.close();
+                return null;
+            }
+        }, getAccessControllerContext());
 
     }
 
@@ -255,7 +258,7 @@ public class AMQPConnection_0_10 extends
     {
         try
         {
-            Subject.doAs(_connection.getAuthorizedSubject(), new PrivilegedAction<Void>()
+            AccessController.doPrivileged(new PrivilegedAction<Void>()
             {
                 @Override
                 public Void run()
@@ -267,7 +270,7 @@ public class AMQPConnection_0_10 extends
                     }
                     return null;
                 }
-            });
+            }, getAccessControllerContext());
         }
         finally
         {

Modified: qpid/java/trunk/broker-plugins/amqp-0-10-protocol/src/main/java/org/apache/qpid/server/protocol/v0_10/ServerConnection.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-plugins/amqp-0-10-protocol/src/main/java/org/apache/qpid/server/protocol/v0_10/ServerConnection.java?rev=1707566&r1=1707565&r2=1707566&view=diff
==============================================================================
--- qpid/java/trunk/broker-plugins/amqp-0-10-protocol/src/main/java/org/apache/qpid/server/protocol/v0_10/ServerConnection.java (original)
+++ qpid/java/trunk/broker-plugins/amqp-0-10-protocol/src/main/java/org/apache/qpid/server/protocol/v0_10/ServerConnection.java Thu Oct  8 15:16:36 2015
@@ -26,6 +26,8 @@ import static org.apache.qpid.server.log
 import static org.apache.qpid.transport.Connection.State.CLOSING;
 
 import java.net.SocketAddress;
+import java.security.AccessControlContext;
+import java.security.AccessController;
 import java.security.Principal;
 import java.security.PrivilegedAction;
 import java.text.MessageFormat;
@@ -191,6 +193,7 @@ public class ServerConnection extends Co
             _messageCompressionThreshold = Integer.MAX_VALUE;
         }
         _amqpConnection.getSubject().getPrincipals().add(_virtualHost.getPrincipal());
+        _amqpConnection.updateAccessControllerContext();
     }
 
     public AmqpPort<?> getPort()
@@ -258,27 +261,27 @@ public class ServerConnection extends Co
     public void received(final ProtocolEvent event)
     {
         _lastIoTime.set(System.currentTimeMillis());
-        Subject subject;
+        AccessControlContext context;
         if (event.isConnectionControl())
         {
-            subject = _amqpConnection.getSubject();
+            context = _amqpConnection.getAccessControllerContext();
         }
         else
         {
             ServerSession channel = (ServerSession) getSession(event.getChannel());
             if (channel != null)
             {
-                subject = channel.getAuthorizedSubject();
+                context = channel.getAccessControllerContext();
             }
             else
             {
-                subject = _amqpConnection.getSubject();
+                context = _amqpConnection.getAccessControllerContext();
             }
         }
 
         if(!_ignoreAllButConnectionCloseOk || (event instanceof ConnectionCloseOk))
         {
-            Subject.doAs(subject, new PrivilegedAction<Void>()
+            AccessController.doPrivileged(new PrivilegedAction<Void>()
             {
                 @Override
                 public Void run()
@@ -286,7 +289,7 @@ public class ServerConnection extends Co
                     ServerConnection.super.received(event);
                     return null;
                 }
-            });
+            }, context);
         }
     }
 
@@ -441,7 +444,7 @@ public class ServerConnection extends Co
         else
         {
             getAuthorizedSubject().getPrincipals().addAll(authorizedSubject.getPrincipals());
-
+            _amqpConnection.updateAccessControllerContext();
             _authorizedPrincipal = AuthenticatedPrincipal.getAuthenticatedPrincipalFromSubject(authorizedSubject);
         }
     }

Modified: qpid/java/trunk/broker-plugins/amqp-0-10-protocol/src/main/java/org/apache/qpid/server/protocol/v0_10/ServerSession.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-plugins/amqp-0-10-protocol/src/main/java/org/apache/qpid/server/protocol/v0_10/ServerSession.java?rev=1707566&r1=1707565&r2=1707566&view=diff
==============================================================================
--- qpid/java/trunk/broker-plugins/amqp-0-10-protocol/src/main/java/org/apache/qpid/server/protocol/v0_10/ServerSession.java (original)
+++ qpid/java/trunk/broker-plugins/amqp-0-10-protocol/src/main/java/org/apache/qpid/server/protocol/v0_10/ServerSession.java Thu Oct  8 15:16:36 2015
@@ -23,6 +23,7 @@ package org.apache.qpid.server.protocol.
 import static org.apache.qpid.server.logging.subjects.LogSubjectFormat.CHANNEL_FORMAT;
 import static org.apache.qpid.util.Serial.gt;
 
+import java.security.AccessControlContext;
 import java.security.AccessController;
 import java.security.Principal;
 import java.security.PrivilegedAction;
@@ -74,7 +75,7 @@ import org.apache.qpid.server.protocol.A
 import org.apache.qpid.server.protocol.CapacityChecker;
 import org.apache.qpid.server.protocol.ConsumerListener;
 import org.apache.qpid.server.queue.AMQQueue;
-import org.apache.qpid.server.security.AuthorizationHolder;
+import org.apache.qpid.server.security.*;
 import org.apache.qpid.server.store.MessageStore;
 import org.apache.qpid.server.store.StoreException;
 import org.apache.qpid.server.transport.AMQPConnection;
@@ -128,6 +129,7 @@ public class ServerSession extends Sessi
 
     private final UUID _id = UUID.randomUUID();
     private final Subject _subject = new Subject();
+    private final AccessControlContext _accessControllerContext;
     private long _createTime = System.currentTimeMillis();
 
     private final Set<Object> _blockingEntities = Collections.synchronizedSet(new HashSet<Object>());
@@ -189,6 +191,7 @@ public class ServerSession extends Sessi
 
         _subject.getPrincipals().addAll(((ServerConnection) connection).getAuthorizedSubject().getPrincipals());
         _subject.getPrincipals().add(new SessionPrincipal(this));
+        _accessControllerContext = org.apache.qpid.server.security.SecurityManager.getAccessControlContextFromSubject(_subject);
 
         _transactionTimeoutHelper = new TransactionTimeoutHelper(_logSubject, new CloseAction()
         {
@@ -205,6 +208,11 @@ public class ServerSession extends Sessi
 
     }
 
+    public AccessControlContext getAccessControllerContext()
+    {
+        return _accessControllerContext;
+    }
+
     protected void setState(final State state)
     {
         if(runningAsSubject())
@@ -233,7 +241,7 @@ public class ServerSession extends Sessi
 
     private <T> T runAsSubject(final PrivilegedAction<T> privilegedAction)
     {
-        return Subject.doAs(getAuthorizedSubject(), privilegedAction);
+        return AccessController.doPrivileged(privilegedAction, getAccessControllerContext());
     }
 
     private boolean runningAsSubject()

Modified: qpid/java/trunk/broker-plugins/amqp-0-8-protocol/src/main/java/org/apache/qpid/server/protocol/v0_8/AMQChannel.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-plugins/amqp-0-8-protocol/src/main/java/org/apache/qpid/server/protocol/v0_8/AMQChannel.java?rev=1707566&r1=1707565&r2=1707566&view=diff
==============================================================================
--- qpid/java/trunk/broker-plugins/amqp-0-8-protocol/src/main/java/org/apache/qpid/server/protocol/v0_8/AMQChannel.java (original)
+++ qpid/java/trunk/broker-plugins/amqp-0-8-protocol/src/main/java/org/apache/qpid/server/protocol/v0_8/AMQChannel.java Thu Oct  8 15:16:36 2015
@@ -22,7 +22,9 @@ package org.apache.qpid.server.protocol.
 
 import static org.apache.qpid.transport.util.Functions.hex;
 
+import java.security.AccessControlContext;
 import java.security.AccessControlException;
+import java.security.AccessController;
 import java.security.PrivilegedAction;
 import java.util.ArrayList;
 import java.util.Collection;
@@ -57,7 +59,6 @@ import org.apache.qpid.framing.*;
 import org.apache.qpid.protocol.AMQConstant;
 import org.apache.qpid.server.TransactionTimeoutHelper;
 import org.apache.qpid.server.TransactionTimeoutHelper.CloseAction;
-import org.apache.qpid.server.configuration.BrokerProperties;
 import org.apache.qpid.server.connection.SessionPrincipal;
 import org.apache.qpid.server.consumer.ConsumerImpl;
 import org.apache.qpid.server.consumer.ConsumerTarget;
@@ -137,6 +138,7 @@ public class AMQChannel
 
     private final Pre0_10CreditManager _creditManager;
     private final FlowCreditManager _noAckCreditManager;
+    private final AccessControlContext _accessControllerContext;
 
     /**
      * The delivery tag is unique per channel. This is pre-incremented before putting into the deliver frame so that
@@ -203,7 +205,7 @@ public class AMQChannel
 
     private final CapacityCheckAction _capacityCheckAction = new CapacityCheckAction();
     private final ImmediateAction _immediateAction = new ImmediateAction();
-    private Subject _subject;
+    private final Subject _subject;
     private final CopyOnWriteArrayList<Consumer<?>> _consumers = new CopyOnWriteArrayList<Consumer<?>>();
     private final ConfigurationChangeListener _consumerClosedListener = new ConsumerClosedListener();
     private final CopyOnWriteArrayList<ConsumerListener> _consumerListeners = new CopyOnWriteArrayList<ConsumerListener>();
@@ -239,6 +241,9 @@ public class AMQChannel
                                connection.getAuthorizedSubject().getPublicCredentials(),
                                connection.getAuthorizedSubject().getPrivateCredentials());
         _subject.getPrincipals().add(new SessionPrincipal(this));
+
+        _accessControllerContext = org.apache.qpid.server.security.SecurityManager.getAccessControlContextFromSubject(_subject);
+
         _maxUncommittedInMemorySize = connection.getVirtualHost().getContextValue(Long.class, Connection.MAX_UNCOMMITTED_IN_MEMORY_SIZE);
         _messageAuthorizationRequired = connection.getVirtualHost().getContextValue(Boolean.class, Broker.BROKER_MSG_AUTH);
         _logSubject = new ChannelLogSubject(this);
@@ -267,7 +272,7 @@ public class AMQChannel
             }
         }, getVirtualHost());
 
-        Subject.doAs(_subject, new PrivilegedAction<Object>()
+        AccessController.doPrivileged((new PrivilegedAction<Object>()
         {
             @Override
             public Object run()
@@ -276,10 +281,15 @@ public class AMQChannel
 
                 return null;
             }
-        });
+        }),_accessControllerContext);
 
     }
 
+    public AccessControlContext getAccessControllerContext()
+    {
+        return _accessControllerContext;
+    }
+
     private boolean performGet(final MessageSource queue,
                                final boolean acks)
             throws MessageSource.ExistingConsumerPreventsExclusive,

Modified: qpid/java/trunk/broker-plugins/amqp-0-8-protocol/src/main/java/org/apache/qpid/server/protocol/v0_8/AMQPConnection_0_8.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-plugins/amqp-0-8-protocol/src/main/java/org/apache/qpid/server/protocol/v0_8/AMQPConnection_0_8.java?rev=1707566&r1=1707565&r2=1707566&view=diff
==============================================================================
--- qpid/java/trunk/broker-plugins/amqp-0-8-protocol/src/main/java/org/apache/qpid/server/protocol/v0_8/AMQPConnection_0_8.java (original)
+++ qpid/java/trunk/broker-plugins/amqp-0-8-protocol/src/main/java/org/apache/qpid/server/protocol/v0_8/AMQPConnection_0_8.java Thu Oct  8 15:16:36 2015
@@ -27,6 +27,7 @@ import java.lang.reflect.Proxy;
 import java.net.InetSocketAddress;
 import java.net.SocketAddress;
 import java.security.AccessControlException;
+import java.security.AccessController;
 import java.security.Principal;
 import java.security.PrivilegedAction;
 import java.util.ArrayList;
@@ -62,6 +63,7 @@ import org.apache.qpid.properties.Connec
 import org.apache.qpid.protocol.AMQConstant;
 import org.apache.qpid.server.model.Protocol;
 import org.apache.qpid.server.protocol.ConnectionClosingTicker;
+import org.apache.qpid.server.security.*;
 import org.apache.qpid.server.transport.AbstractAMQPConnection;
 import org.apache.qpid.server.transport.ProtocolEngine;
 import org.apache.qpid.server.configuration.BrokerProperties;
@@ -76,7 +78,6 @@ import org.apache.qpid.server.model.Stat
 import org.apache.qpid.server.model.Transport;
 import org.apache.qpid.server.model.port.AmqpPort;
 import org.apache.qpid.server.protocol.AMQSessionModel;
-import org.apache.qpid.server.security.SubjectCreator;
 import org.apache.qpid.server.security.auth.AuthenticatedPrincipal;
 import org.apache.qpid.server.security.auth.SubjectAuthenticationResult;
 import org.apache.qpid.server.store.StoreException;
@@ -188,6 +189,8 @@ public class AMQPConnection_0_8
                               AggregateTicker aggregateTicker)
     {
         super(broker, network, port, transport, protocol, connectionId, aggregateTicker);
+
+
         _maxNoOfChannels = broker.getConnection_sessionCountLimit();
         _decoder = new BrokerDecoder(this);
         _binaryDataLimit = getBroker().getContextKeys(false).contains(BROKER_DEBUG_BINARY_DATA_LENGTH)
@@ -250,7 +253,7 @@ public class AMQPConnection_0_8
 
     private <T> T runAsSubject(PrivilegedAction<T> action)
     {
-        return Subject.doAs(getAuthorizedSubject(), action);
+        return AccessController.doPrivileged(action, getAccessControllerContext());
     }
 
     @Override
@@ -292,7 +295,7 @@ public class AMQPConnection_0_8
 
     public void received(final QpidByteBuffer msg)
     {
-        Subject.doAs(getSubject(), new PrivilegedAction<Void>()
+        AccessController.doPrivileged(new PrivilegedAction<Void>()
         {
             @Override
             public Void run()
@@ -322,7 +325,7 @@ public class AMQPConnection_0_8
                 }
                 return null;
             }
-        });
+        }, getAccessControllerContext());
 
     }
 
@@ -823,6 +826,8 @@ public class AMQPConnection_0_8
             _messageCompressionThreshold = Integer.MAX_VALUE;
         }
         getSubject().getPrincipals().add(virtualHost.getPrincipal());
+
+        updateAccessControllerContext();
     }
 
     public ProtocolOutputConverter getProtocolOutputConverter()
@@ -841,6 +846,8 @@ public class AMQPConnection_0_8
         getSubject().getPrivateCredentials().addAll(authorizedSubject.getPrivateCredentials());
         getSubject().getPublicCredentials().addAll(authorizedSubject.getPublicCredentials());
 
+        updateAccessControllerContext();
+
     }
 
     public Subject getAuthorizedSubject()
@@ -915,7 +922,7 @@ public class AMQPConnection_0_8
 
     public void readerIdle()
     {
-        Subject.doAs(getSubject(), new PrivilegedAction<Object>()
+        AccessController.doPrivileged(new PrivilegedAction<Object>()
         {
             @Override
             public Object run()
@@ -924,7 +931,7 @@ public class AMQPConnection_0_8
                 _network.close();
                 return null;
             }
-        });
+        }, getAccessControllerContext());
     }
 
     public synchronized void writerIdle()

Modified: qpid/java/trunk/broker-plugins/amqp-0-8-protocol/src/main/java/org/apache/qpid/server/protocol/v0_8/BrokerDecoder.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-plugins/amqp-0-8-protocol/src/main/java/org/apache/qpid/server/protocol/v0_8/BrokerDecoder.java?rev=1707566&r1=1707565&r2=1707566&view=diff
==============================================================================
--- qpid/java/trunk/broker-plugins/amqp-0-8-protocol/src/main/java/org/apache/qpid/server/protocol/v0_8/BrokerDecoder.java (original)
+++ qpid/java/trunk/broker-plugins/amqp-0-8-protocol/src/main/java/org/apache/qpid/server/protocol/v0_8/BrokerDecoder.java Thu Oct  8 15:16:36 2015
@@ -21,6 +21,8 @@
 package org.apache.qpid.server.protocol.v0_8;
 
 import java.io.IOException;
+import java.security.AccessControlContext;
+import java.security.AccessController;
 import java.security.PrivilegedActionException;
 import java.security.PrivilegedExceptionAction;
 
@@ -58,21 +60,21 @@ public class BrokerDecoder extends Serve
         {
             startTime = System.currentTimeMillis();
         }
-        Subject subject;
+        AccessControlContext context;
         AMQChannel channel = _connection.getChannel(channelId);
         if(channel == null)
         {
-            subject = _connection.getSubject();
+            context = _connection.getAccessControllerContext();
         }
         else
         {
             _connection.channelRequiresSync(channel);
 
-            subject = channel.getSubject();
+            context = channel.getAccessControllerContext();
         }
         try
         {
-            Subject.doAs(subject, new PrivilegedExceptionAction<Object>()
+            AccessController.doPrivileged(new PrivilegedExceptionAction<Object>()
             {
                 @Override
                 public Void run() throws IOException, AMQFrameDecodingException
@@ -80,7 +82,8 @@ public class BrokerDecoder extends Serve
                     doProcessFrame(channelId, type, bodySize, in);
                     return null;
                 }
-            });
+            }, context);
+
             if(_logger.isDebugEnabled())
             {
                 _logger.debug("Frame handled in " + (System.currentTimeMillis() - startTime) + " ms.");

Modified: qpid/java/trunk/broker-plugins/amqp-1-0-protocol/src/main/java/org/apache/qpid/server/protocol/v1_0/AMQPConnection_1_0.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-plugins/amqp-1-0-protocol/src/main/java/org/apache/qpid/server/protocol/v1_0/AMQPConnection_1_0.java?rev=1707566&r1=1707565&r2=1707566&view=diff
==============================================================================
--- qpid/java/trunk/broker-plugins/amqp-1-0-protocol/src/main/java/org/apache/qpid/server/protocol/v1_0/AMQPConnection_1_0.java (original)
+++ qpid/java/trunk/broker-plugins/amqp-1-0-protocol/src/main/java/org/apache/qpid/server/protocol/v1_0/AMQPConnection_1_0.java Thu Oct  8 15:16:36 2015
@@ -22,6 +22,7 @@ package org.apache.qpid.server.protocol.
 
 import java.net.SocketAddress;
 import java.nio.ByteBuffer;
+import java.security.AccessController;
 import java.security.Principal;
 import java.security.PrivilegedAction;
 import java.util.LinkedHashMap;
@@ -444,7 +445,7 @@ public class AMQPConnection_1_0 extends
                 case FRAME:
                     if (msg.hasRemaining())
                     {
-                        Subject.doAs(_connection.getSubject(), new PrivilegedAction<Void>()
+                        AccessController.doPrivileged(new PrivilegedAction<Void>()
                         {
                             @Override
                             public Void run()
@@ -452,7 +453,7 @@ public class AMQPConnection_1_0 extends
                                 _frameHandler = _frameHandler.parse(msg);
                                 return null;
                             }
-                        });
+                        }, getAccessControllerContext());
 
                     }
             }

Modified: qpid/java/trunk/broker-plugins/amqp-1-0-protocol/src/main/java/org/apache/qpid/server/protocol/v1_0/Connection_1_0.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-plugins/amqp-1-0-protocol/src/main/java/org/apache/qpid/server/protocol/v1_0/Connection_1_0.java?rev=1707566&r1=1707565&r2=1707566&view=diff
==============================================================================
--- qpid/java/trunk/broker-plugins/amqp-1-0-protocol/src/main/java/org/apache/qpid/server/protocol/v1_0/Connection_1_0.java (original)
+++ qpid/java/trunk/broker-plugins/amqp-1-0-protocol/src/main/java/org/apache/qpid/server/protocol/v1_0/Connection_1_0.java Thu Oct  8 15:16:36 2015
@@ -22,6 +22,7 @@ package org.apache.qpid.server.protocol.
 
 import static org.apache.qpid.server.logging.subjects.LogSubjectFormat.CONNECTION_FORMAT;
 
+import java.security.AccessController;
 import java.security.Principal;
 import java.security.PrivilegedAction;
 import java.text.MessageFormat;
@@ -154,6 +155,7 @@ public class Connection_1_0 implements C
                 setUserPrincipal(user);
             }
             _amqpConnection.getSubject().getPrincipals().add(_vhost.getPrincipal());
+            _amqpConnection.updateAccessControllerContext();
             if(AuthenticatedPrincipal.getOptionalAuthenticatedPrincipalFromSubject(_amqpConnection.getSubject()) == null)
             {
                 final Error err = new Error();
@@ -175,6 +177,7 @@ public class Connection_1_0 implements C
         _amqpConnection.getSubject().getPrincipals().addAll(authSubject.getPrincipals());
         _amqpConnection.getSubject().getPublicCredentials().addAll(authSubject.getPublicCredentials());
         _amqpConnection.getSubject().getPrivateCredentials().addAll(authSubject.getPrivateCredentials());
+        _amqpConnection.updateAccessControllerContext();
     }
 
     public void remoteSessionCreation(SessionEndpoint endpoint)
@@ -189,7 +192,7 @@ public class Connection_1_0 implements C
                 @Override
                 public void remoteLinkCreation(final LinkEndpoint endpoint)
                 {
-                    Subject.doAs(session.getSubject(), new PrivilegedAction<Object>()
+                    AccessController.doPrivileged(new PrivilegedAction<Object>()
                     {
                         @Override
                         public Object run()
@@ -197,13 +200,13 @@ public class Connection_1_0 implements C
                             session.remoteLinkCreation(endpoint);
                             return null;
                         }
-                    });
+                    }, session.getAccessControllerContext());
                 }
 
                 @Override
                 public void remoteEnd(final End end)
                 {
-                    Subject.doAs(session.getSubject(), new PrivilegedAction<Object>()
+                    AccessController.doPrivileged(new PrivilegedAction<Object>()
                     {
                         @Override
                         public Object run()
@@ -211,7 +214,7 @@ public class Connection_1_0 implements C
                             session.remoteEnd(end);
                             return null;
                         }
-                    });
+                    }, session.getAccessControllerContext());
                 }
             });
         }

Modified: qpid/java/trunk/broker-plugins/amqp-1-0-protocol/src/main/java/org/apache/qpid/server/protocol/v1_0/Session_1_0.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-plugins/amqp-1-0-protocol/src/main/java/org/apache/qpid/server/protocol/v1_0/Session_1_0.java?rev=1707566&r1=1707565&r2=1707566&view=diff
==============================================================================
--- qpid/java/trunk/broker-plugins/amqp-1-0-protocol/src/main/java/org/apache/qpid/server/protocol/v1_0/Session_1_0.java (original)
+++ qpid/java/trunk/broker-plugins/amqp-1-0-protocol/src/main/java/org/apache/qpid/server/protocol/v1_0/Session_1_0.java Thu Oct  8 15:16:36 2015
@@ -22,7 +22,9 @@ package org.apache.qpid.server.protocol.
 
 import static org.apache.qpid.server.logging.subjects.LogSubjectFormat.CHANNEL_FORMAT;
 
+import java.security.AccessControlContext;
 import java.security.AccessControlException;
+import java.security.AccessController;
 import java.security.PrivilegedAction;
 import java.text.MessageFormat;
 import java.util.ArrayList;
@@ -85,6 +87,7 @@ import org.apache.qpid.server.protocol.A
 import org.apache.qpid.server.protocol.ConsumerListener;
 import org.apache.qpid.server.protocol.LinkRegistry;
 import org.apache.qpid.server.queue.AMQQueue;
+import org.apache.qpid.server.security.*;
 import org.apache.qpid.server.transport.AMQPConnection;
 import org.apache.qpid.server.txn.AutoCommitTransaction;
 import org.apache.qpid.server.txn.ServerTransaction;
@@ -99,6 +102,7 @@ public class Session_1_0 implements Sess
     private static final Logger _logger = LoggerFactory.getLogger(Session_1_0.class);
     private static final Symbol LIFETIME_POLICY = Symbol.valueOf("lifetime-policy");
     private final SessionEndpoint _endpoint;
+    private final AccessControlContext _accessControllerContext;
     private AutoCommitTransaction _transaction;
 
     private final LinkedHashMap<Integer, ServerTransaction> _openTransactions =
@@ -126,6 +130,12 @@ public class Session_1_0 implements Sess
         _connection = connection;
         _subject.getPrincipals().addAll(connection.getSubject().getPrincipals());
         _subject.getPrincipals().add(new SessionPrincipal(this));
+        _accessControllerContext = org.apache.qpid.server.security.SecurityManager.getAccessControlContextFromSubject(_subject);
+    }
+
+    public AccessControlContext getAccessControllerContext()
+    {
+        return _accessControllerContext;
     }
 
     public void remoteLinkCreation(final LinkEndpoint endpoint)
@@ -800,7 +810,7 @@ public class Session_1_0 implements Sess
         @Override
         public void messageTransfer(final Transfer xfr)
         {
-            Subject.doAs(_subject, new PrivilegedAction<Object>()
+            AccessController.doPrivileged(new PrivilegedAction<Object>()
             {
                 @Override
                 public Object run()
@@ -808,13 +818,13 @@ public class Session_1_0 implements Sess
                     _linkListener.messageTransfer(xfr);
                     return null;
                 }
-            });
+            }, _accessControllerContext);
         }
 
         @Override
         public void remoteDetached(final LinkEndpoint endpoint, final Detach detach)
         {
-            Subject.doAs(_subject, new PrivilegedAction<Object>()
+            AccessController.doPrivileged(new PrivilegedAction<Object>()
             {
                 @Override
                 public Object run()
@@ -822,7 +832,7 @@ public class Session_1_0 implements Sess
                     _linkListener.remoteDetached(endpoint, detach);
                     return null;
                 }
-            });
+            }, _accessControllerContext);
         }
     }
 
@@ -838,7 +848,7 @@ public class Session_1_0 implements Sess
         @Override
         public void flowStateChanged()
         {
-            Subject.doAs(_subject, new PrivilegedAction<Object>()
+            AccessController.doPrivileged(new PrivilegedAction<Object>()
             {
                 @Override
                 public Object run()
@@ -846,13 +856,13 @@ public class Session_1_0 implements Sess
                     _previousLink.flowStateChanged();
                     return null;
                 }
-            });
+            }, _accessControllerContext);
         }
 
         @Override
         public void remoteDetached(final LinkEndpoint endpoint, final Detach detach)
         {
-            Subject.doAs(_subject, new PrivilegedAction<Object>()
+            AccessController.doPrivileged(new PrivilegedAction<Object>()
             {
                 @Override
                 public Object run()
@@ -860,7 +870,7 @@ public class Session_1_0 implements Sess
                     _previousLink.remoteDetached(endpoint, detach);
                     return null;
                 }
-            });
+            }, _accessControllerContext);
         }
     }
 



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org


Mime
View raw message