qpid-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rgodf...@apache.org
Subject svn commit: r1752293 - in /qpid/java/trunk: broker-core/src/main/java/org/apache/qpid/server/model/ broker-core/src/main/java/org/apache/qpid/server/security/ broker-core/src/main/java/org/apache/qpid/server/security/access/ broker-core/src/main/java/o...
Date Tue, 12 Jul 2016 13:48:50 GMT
Author: rgodfrey
Date: Tue Jul 12 13:48:50 2016
New Revision: 1752293

URL: http://svn.apache.org/viewvc?rev=1752293&view=rev
Log:
QPID-7318 : Allow virtual hosts to add acl rules specific to the vhost

Added:
    qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/model/VirtualHostAccessControlProvider.java   (with props)
    qpid/java/trunk/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/plugins/RuleBasedVirtualHostAccessControlProvider.java
      - copied, changed from r1752049, qpid/java/trunk/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/plugins/RuleBasedAccessControlProvider.java
    qpid/java/trunk/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/plugins/RuleBasedVirtualHostAccessControlProviderImpl.java
      - copied, changed from r1752049, qpid/java/trunk/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/plugins/RuleBasedAccessControlProviderImpl.java
    qpid/java/trunk/systests/src/test/java/org/apache/qpid/systest/rest/acl/VirtualHostAccessControlProviderRestTest.java
      - copied, changed from r1752049, qpid/java/trunk/systests/src/test/java/org/apache/qpid/systest/rest/acl/QueueRestACLTest.java
Modified:
    qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/model/BrokerModel.java
    qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/CompoundAccessControl.java
    qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/access/Operation.java
    qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/virtualhost/AbstractVirtualHost.java
    qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/logging/VirtualHostLoggerTest.java
    qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/model/BrokerTestHelper.java
    qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/model/VirtualHostTest.java
    qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/virtualhost/AbstractVirtualHostTest.java
    qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/virtualhost/VirtualHostQueueCreationTest.java
    qpid/java/trunk/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/config/LegacyAccessControlAdapter.java
    qpid/java/trunk/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/plugins/ACLFileAccessControlProviderImpl.java
    qpid/java/trunk/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/plugins/AbstractRuleBasedAccessControlProvider.java
    qpid/java/trunk/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/plugins/RuleBasedAccessControlProviderImpl.java
    qpid/java/trunk/systests/src/main/java/org/apache/qpid/test/utils/TestBrokerConfiguration.java

Modified: qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/model/BrokerModel.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/model/BrokerModel.java?rev=1752293&r1=1752292&r2=1752293&view=diff
==============================================================================
--- qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/model/BrokerModel.java (original)
+++ qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/model/BrokerModel.java Tue Jul 12 13:48:50 2016
@@ -92,6 +92,7 @@ public final class BrokerModel extends M
         addRelationship(VirtualHostNode.class, RemoteReplicationNode.class);
 
         addRelationship(VirtualHost.class, VirtualHostLogger.class);
+        addRelationship(VirtualHost.class, VirtualHostAccessControlProvider.class);
         addRelationship(VirtualHost.class, Exchange.class);
         addRelationship(VirtualHost.class, Queue.class);
 

Added: qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/model/VirtualHostAccessControlProvider.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/model/VirtualHostAccessControlProvider.java?rev=1752293&view=auto
==============================================================================
--- qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/model/VirtualHostAccessControlProvider.java (added)
+++ qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/model/VirtualHostAccessControlProvider.java Tue Jul 12 13:48:50 2016
@@ -0,0 +1,57 @@
+/*
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.qpid.server.model;
+
+import java.util.Comparator;
+
+import org.apache.qpid.server.security.AccessControl;
+
+@ManagedObject( creatable = false )
+public interface VirtualHostAccessControlProvider<X extends VirtualHostAccessControlProvider<X>>  extends ConfiguredObject<X>, Comparable<VirtualHostAccessControlProvider>
+{
+    String PRIORITY = "priority";
+
+    Comparator<VirtualHostAccessControlProvider> VIRTUAL_HOST_ACCESS_CONTROL_POVIDER_COMPARATOR = new Comparator<VirtualHostAccessControlProvider>()
+    {
+        @Override
+        public int compare(final VirtualHostAccessControlProvider o1, final VirtualHostAccessControlProvider o2)
+        {
+            if(o1.getPriority() < o2.getPriority())
+            {
+                return -1;
+            }
+            else if (o1.getPriority() > o2.getPriority())
+            {
+                return 1;
+            }
+            else
+            {
+                return o1.getName().compareTo(o2.getName());
+            }
+        }
+    };
+
+
+    @ManagedAttribute(defaultValue = "10")
+    int getPriority();
+
+    AccessControl getAccessControl();
+}

Propchange: qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/model/VirtualHostAccessControlProvider.java
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/CompoundAccessControl.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/CompoundAccessControl.java?rev=1752293&r1=1752292&r2=1752293&view=diff
==============================================================================
--- qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/CompoundAccessControl.java (original)
+++ qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/CompoundAccessControl.java Tue Jul 12 13:48:50 2016
@@ -29,6 +29,9 @@ import java.util.concurrent.atomic.Atomi
 
 import javax.security.auth.Subject;
 
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
 import org.apache.qpid.server.model.ConfiguredObject;
 import org.apache.qpid.server.security.access.Operation;
 
@@ -102,7 +105,6 @@ public class CompoundAccessControl imple
             }
         }
 
-
         return Result.DEFER;
     }
 

Modified: qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/access/Operation.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/access/Operation.java?rev=1752293&r1=1752292&r2=1752293&view=diff
==============================================================================
--- qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/access/Operation.java (original)
+++ qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/access/Operation.java Tue Jul 12 13:48:50 2016
@@ -113,4 +113,10 @@ public final class Operation
     {
         return Objects.hash(getType(), getName());
     }
+
+    @Override
+    public String toString()
+    {
+        return "Operation[" +_type + (_name.equals(_type.name()) ? "" : ("("+_name+")")) + "]";
+    }
 }

Modified: qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/virtualhost/AbstractVirtualHost.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/virtualhost/AbstractVirtualHost.java?rev=1752293&r1=1752292&r2=1752293&view=diff
==============================================================================
--- qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/virtualhost/AbstractVirtualHost.java (original)
+++ qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/virtualhost/AbstractVirtualHost.java Tue Jul 12 13:48:50 2016
@@ -31,6 +31,7 @@ import java.util.Collection;
 import java.util.Collections;
 import java.util.EnumSet;
 import java.util.HashMap;
+import java.util.HashSet;
 import java.util.Iterator;
 import java.util.LinkedHashMap;
 import java.util.List;
@@ -78,6 +79,10 @@ import org.apache.qpid.server.protocol.A
 import org.apache.qpid.server.protocol.LinkRegistry;
 import org.apache.qpid.server.protocol.LinkRegistryImpl;
 import org.apache.qpid.server.queue.QueueEntry;
+import org.apache.qpid.server.security.AccessControl;
+import org.apache.qpid.server.security.CompoundAccessControl;
+import org.apache.qpid.server.security.Result;
+import org.apache.qpid.server.security.SecurityToken;
 import org.apache.qpid.server.security.access.Operation;
 import org.apache.qpid.server.stats.StatisticsCounter;
 import org.apache.qpid.server.store.ConfiguredObjectRecord;
@@ -164,6 +169,50 @@ public abstract class AbstractVirtualHos
 
     private final VirtualHostPrincipal _principal;
 
+    private ConfigurationChangeListener _accessControlProviderListener = new AccessControlProviderListener();
+
+    private final AccessControl _accessControl;
+
+
+    private final AccessControl<SecurityToken> _systemUserAllowed = new AccessControl<SecurityToken>()
+    {
+        @Override
+        public Result getDefault()
+        {
+            return Result.DEFER;
+        }
+
+        @Override
+        public SecurityToken newToken()
+        {
+            return null;
+        }
+
+        @Override
+        public SecurityToken newToken(final Subject subject)
+        {
+            return null;
+        }
+
+        @Override
+        public Result authorise(final SecurityToken token,
+                                final Operation operation,
+                                final ConfiguredObject<?> configuredObject)
+        {
+            return isSystemProcess() ? Result.ALLOWED : Result.DEFER;
+        }
+
+        @Override
+        public Result authorise(final SecurityToken token,
+                                final Operation operation,
+                                final ConfiguredObject<?> configuredObject,
+                                final Map<String, Object> arguments)
+        {
+            return isSystemProcess() ? Result.ALLOWED : Result.DEFER;
+        }
+    };
+
+
     @ManagedAttributeField
     private boolean _queue_deadLetterQueueEnabled;
 
@@ -234,6 +283,17 @@ public abstract class AbstractVirtualHos
         _dataReceived = new StatisticsCounter("bytes-received-" + getName());
         _principal = new VirtualHostPrincipal(this);
 
+        if (_broker.getParent(SystemConfig.class).isManagementMode())
+        {
+            _accessControl = AccessControl.ALWAYS_ALLOWED;
+        }
+        else
+        {
+            _accessControl =  new CompoundAccessControl(
+                    Collections.<AccessControl<?>>emptyList(), Result.DEFER
+            );
+        }
+
         _housekeepingJobContext = getSystemTaskControllerContext("Housekeeping["+getName()+"]", _principal);
         _fileSystemSpaceCheckerJobContext = getSystemTaskControllerContext("FileSystemSpaceChecker["+getName()+"]", _principal);
 
@@ -242,6 +302,36 @@ public abstract class AbstractVirtualHos
         addChangeListener(new TargetSizeAssigningListener());
     }
 
+    private void updateAccessControl()
+    {
+        if(!_broker.getParent(SystemConfig.class).isManagementMode())
+        {
+            List<VirtualHostAccessControlProvider> children = new ArrayList<>(getChildren(VirtualHostAccessControlProvider.class));
+            _logger.debug("Updating access control list with {} provider children", children.size());
+            Collections.sort(children, VirtualHostAccessControlProvider.VIRTUAL_HOST_ACCESS_CONTROL_POVIDER_COMPARATOR);
+
+            List<AccessControl<?>> accessControls = new ArrayList<>(children.size()+2);
+            accessControls.add(_systemUserAllowed);
+            for(VirtualHostAccessControlProvider prov : children)
+            {
+                if(prov.getState() == State.ERRORED)
+                {
+                    accessControls.clear();
+                    accessControls.add(AccessControl.ALWAYS_DENIED);
+                    break;
+                }
+                else if(prov.getState() == State.ACTIVE)
+                {
+                    accessControls.add(prov.getAccessControl());
+                }
+
+            }
+            accessControls.add(getParentAccessControl());
+            ((CompoundAccessControl)_accessControl).setAccessControls(accessControls);
+
+        }
+    }
+
     public void onValidate()
     {
         super.onValidate();
@@ -312,6 +402,24 @@ public abstract class AbstractVirtualHos
         }
     }
 
+    @Override
+    protected AccessControl getAccessControl()
+    {
+        return _accessControl;
+    }
+
+    private AccessControl getParentAccessControl()
+    {
+        return super.getAccessControl();
+    }
+
+    @Override
+    protected void postResolveChildren()
+    {
+        super.postResolveChildren();
+        addChangeListener(_accessControlProviderListener);
+    }
+
     private void validateNodeAutoCreationPolicy(final NodeAutoCreationPolicy policy)
     {
         String pattern = policy.getPattern();
@@ -603,7 +711,7 @@ public abstract class AbstractVirtualHos
         {
             throw new UnsupportedOperationException();
         }
-        else if(childClass == VirtualHostLogger.class)
+        else if(childClass == VirtualHostLogger.class || childClass == VirtualHostAccessControlProvider.class)
         {
             return getObjectFactory().createAsync(childClass, attributes, this);
         }
@@ -1902,6 +2010,9 @@ public abstract class AbstractVirtualHos
                                                                      threadPoolKeepAliveTimeout,
                                                                      connectionThreadFactory);
         _networkConnectionScheduler.start();
+
+        updateAccessControl();
+
         MessageStore messageStore = getMessageStore();
         messageStore.openMessageStore(this);
 
@@ -2149,4 +2260,66 @@ public abstract class AbstractVirtualHos
     {
         return !(_systemNodeSources.isEmpty() && getChildren(Queue.class).isEmpty());
     }
+
+    private final class AccessControlProviderListener implements ConfigurationChangeListener
+    {
+        private final Set<ConfiguredObject<?>> _bulkChanges = new HashSet<>();
+
+        @Override
+        public void stateChanged(final ConfiguredObject<?> object, final State oldState, final State newState)
+        {
+
+        }
+
+        @Override
+        public void childAdded(final ConfiguredObject<?> object, final ConfiguredObject<?> child)
+        {
+            if(object.getCategoryClass() == VirtualHost.class && child.getCategoryClass() == VirtualHostAccessControlProvider.class)
+            {
+                child.addChangeListener(this);
+                AbstractVirtualHost.this.updateAccessControl();
+            }
+        }
+
+        @Override
+        public void childRemoved(final ConfiguredObject<?> object, final ConfiguredObject<?> child)
+        {
+            if(object.getCategoryClass() == VirtualHost.class && child.getCategoryClass() == VirtualHostAccessControlProvider.class)
+            {
+                AbstractVirtualHost.this.updateAccessControl();
+            }
+        }
+
+        @Override
+        public void attributeSet(final ConfiguredObject<?> object,
+                                 final String attributeName,
+                                 final Object oldAttributeValue,
+                                 final Object newAttributeValue)
+        {
+            if(object.getCategoryClass() == VirtualHostAccessControlProvider.class && !_bulkChanges.contains(object))
+            {
+                AbstractVirtualHost.this.updateAccessControl();
+            }
+        }
+
+        @Override
+        public void bulkChangeStart(final ConfiguredObject<?> object)
+        {
+            if(object.getCategoryClass() == VirtualHostAccessControlProvider.class)
+            {
+                _bulkChanges.add(object);
+            }
+        }
+
+        @Override
+        public void bulkChangeEnd(final ConfiguredObject<?> object)
+        {
+            if(object.getCategoryClass() == VirtualHostAccessControlProvider.class)
+            {
+                _bulkChanges.remove(object);
+                AbstractVirtualHost.this.updateAccessControl();
+            }
+        }
+    }
+
 }

Modified: qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/logging/VirtualHostLoggerTest.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/logging/VirtualHostLoggerTest.java?rev=1752293&r1=1752292&r2=1752293&view=diff
==============================================================================
--- qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/logging/VirtualHostLoggerTest.java (original)
+++ qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/logging/VirtualHostLoggerTest.java Tue Jul 12 13:48:50 2016
@@ -35,6 +35,7 @@ import ch.qos.logback.classic.spi.ILoggi
 import ch.qos.logback.core.Appender;
 
 import org.apache.qpid.server.model.BrokerTestHelper;
+import org.apache.qpid.server.security.AccessControl;
 import org.apache.qpid.server.store.DurableConfigurationStore;
 import org.apache.qpid.server.store.preferences.PreferenceStore;
 import org.apache.qpid.util.FileUtils;
@@ -83,13 +84,15 @@ public class VirtualHostLoggerTest  exte
 
         Principal systemPrincipal = mock(Principal.class);
 
-        Broker broker = BrokerTestHelper.mockWithSystemPrincipal(Broker.class, systemPrincipal);
+        AccessControl accessControlMock = BrokerTestHelper.createAccessControlMock();
+        Broker broker = BrokerTestHelper.mockWithSystemPrincipalAndAccessControl(Broker.class, systemPrincipal,
+                                                                                 accessControlMock);
         when(broker.getModel()).thenReturn(model);
         when(broker.getChildExecutor()).thenReturn(_taskExecutor);
         when(broker.getParent(SystemConfig.class)).thenReturn(systemConfig);
         doReturn(Broker.class).when(broker).getCategoryClass();
 
-        VirtualHostNode node =  BrokerTestHelper.mockWithSystemPrincipal(VirtualHostNode.class, systemPrincipal);
+        VirtualHostNode node =  BrokerTestHelper.mockWithSystemPrincipalAndAccessControl(VirtualHostNode.class, systemPrincipal, accessControlMock);
         when(node.getModel()).thenReturn(model);
         when(node.getChildExecutor()).thenReturn(_taskExecutor);
         when(node.getParent(Broker.class)).thenReturn(broker);

Modified: qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/model/BrokerTestHelper.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/model/BrokerTestHelper.java?rev=1752293&r1=1752292&r2=1752293&view=diff
==============================================================================
--- qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/model/BrokerTestHelper.java (original)
+++ qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/model/BrokerTestHelper.java Tue Jul 12 13:48:50 2016
@@ -23,6 +23,7 @@ package org.apache.qpid.server.model;
 import static org.apache.bcel.Constants.ACC_INTERFACE;
 import static org.apache.bcel.Constants.ACC_PUBLIC;
 import static org.apache.bcel.Constants.ACC_SUPER;
+import static org.mockito.Matchers.any;
 import static org.mockito.Matchers.eq;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.when;
@@ -44,6 +45,9 @@ import org.apache.qpid.server.configurat
 import org.apache.qpid.server.logging.EventLogger;
 import org.apache.qpid.server.protocol.AMQSessionModel;
 import org.apache.qpid.server.security.AccessControl;
+import org.apache.qpid.server.security.Result;
+import org.apache.qpid.server.security.SecurityToken;
+import org.apache.qpid.server.security.access.Operation;
 import org.apache.qpid.server.store.DurableConfigurationStore;
 import org.apache.qpid.server.store.preferences.PreferenceStore;
 import org.apache.qpid.server.transport.AMQPConnection;
@@ -99,6 +103,21 @@ public class BrokerTestHelper
 
     public static Broker<?> createBrokerMock()
     {
+        return createBrokerMock(createAccessControlMock());
+    }
+
+    public static AccessControl createAccessControlMock()
+    {
+        AccessControl mock = mock(AccessControl.class);
+        when(mock.authorise(any(SecurityToken.class), any(Operation.class), any(ConfiguredObject.class))).thenReturn(
+                Result.DEFER);
+        when(mock.authorise(any(SecurityToken.class), any(Operation.class), any(ConfiguredObject.class), any(Map.class))).thenReturn(Result.DEFER);
+        when(mock.getDefault()).thenReturn(Result.ALLOWED);
+        return mock;
+    }
+
+    private static Broker<?> createBrokerMock(AccessControl accessControl)
+    {
         ConfiguredObjectFactory objectFactory = new ConfiguredObjectFactoryImpl(BrokerModel.getInstance());
         EventLogger eventLogger = new EventLogger();
 
@@ -108,7 +127,7 @@ public class BrokerTestHelper
         when(systemConfig.getModel()).thenReturn(objectFactory.getModel());
         when(systemConfig.getCategoryClass()).thenReturn(SystemConfig.class);
 
-        Broker broker = mockWithSystemPrincipal(Broker.class, SYSTEM_PRINCIPAL);
+        Broker broker = mockWithSystemPrincipalAndAccessControl(Broker.class, SYSTEM_PRINCIPAL, accessControl);
         when(broker.getConnection_sessionCountLimit()).thenReturn(1);
         when(broker.getConnection_closeWhenNoRoute()).thenReturn(false);
         when(broker.getId()).thenReturn(UUID.randomUUID());
@@ -139,17 +158,16 @@ public class BrokerTestHelper
 
     public static VirtualHost<?> createVirtualHost(Map<String, Object> attributes)
     {
-
-        Broker<?> broker = createBrokerMock();
-        return createVirtualHost(attributes, broker, false);
+        Broker<?> broker = createBrokerMock(createAccessControlMock());
+        return createVirtualHost(attributes, broker, false, createAccessControlMock());
     }
 
     private static VirtualHost<?> createVirtualHost(final Map<String, Object> attributes,
-                                                        final Broker<?> broker, boolean defaultVHN)
+                                                        final Broker<?> broker, boolean defaultVHN, AccessControl accessControl)
     {
         ConfiguredObjectFactory objectFactory = broker.getObjectFactory();
 
-        VirtualHostNode virtualHostNode = mockWithSystemPrincipal(VirtualHostNode.class, SYSTEM_PRINCIPAL);
+        VirtualHostNode virtualHostNode = mockWithSystemPrincipalAndAccessControl(VirtualHostNode.class, SYSTEM_PRINCIPAL, accessControl);
         String virtualHostNodeName = String.format("%s_%s", attributes.get(VirtualHostNode.NAME), "_node");
         when(virtualHostNode.getName()).thenReturn( virtualHostNodeName);
         when(virtualHostNode.getTaskExecutor()).thenReturn(TASK_EXECUTOR);
@@ -185,16 +203,21 @@ public class BrokerTestHelper
 
     public static VirtualHost<?> createVirtualHost(String name) throws Exception
     {
-        return createVirtualHost(name, createBrokerMock(), false);
+        return createVirtualHost(name, createBrokerMock(createAccessControlMock()), false, createAccessControlMock());
     }
 
     public static VirtualHost<?> createVirtualHost(String name, Broker<?> broker, boolean defaultVHN) throws Exception
     {
+        return createVirtualHost(name, broker, defaultVHN, createAccessControlMock());
+    }
+
+    private static VirtualHost<?> createVirtualHost(String name, Broker<?> broker, boolean defaultVHN, AccessControl accessControl) throws Exception
+    {
         Map<String,Object> attributes = new HashMap<>();
         attributes.put(org.apache.qpid.server.model.VirtualHost.TYPE, TestMemoryVirtualHost.VIRTUAL_HOST_TYPE);
         attributes.put(org.apache.qpid.server.model.VirtualHost.NAME, name);
 
-        return createVirtualHost(attributes, broker, defaultVHN);
+        return createVirtualHost(attributes, broker, defaultVHN, accessControl);
     }
 
     public static AMQSessionModel<?> createSession(int channelId, AMQPConnection<?> connection)

Modified: qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/model/VirtualHostTest.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/model/VirtualHostTest.java?rev=1752293&r1=1752292&r2=1752293&view=diff
==============================================================================
--- qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/model/VirtualHostTest.java (original)
+++ qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/model/VirtualHostTest.java Tue Jul 12 13:48:50 2016
@@ -74,7 +74,7 @@ import org.apache.qpid.test.utils.QpidTe
 
 public class VirtualHostTest extends QpidTestCase
 {
-    private final AccessControl _mockAccessControl = mock(AccessControl.class);
+    private final AccessControl _mockAccessControl = BrokerTestHelper.createAccessControlMock();
     private Broker _broker;
     private TaskExecutor _taskExecutor;
     private VirtualHostNode _virtualHostNode;

Modified: qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/virtualhost/AbstractVirtualHostTest.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/virtualhost/AbstractVirtualHostTest.java?rev=1752293&r1=1752292&r2=1752293&view=diff
==============================================================================
--- qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/virtualhost/AbstractVirtualHostTest.java (original)
+++ qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/virtualhost/AbstractVirtualHostTest.java Tue Jul 12 13:48:50 2016
@@ -55,6 +55,7 @@ import org.apache.qpid.server.model.Stat
 import org.apache.qpid.server.model.SystemConfig;
 import org.apache.qpid.server.model.VirtualHost;
 import org.apache.qpid.server.model.VirtualHostNode;
+import org.apache.qpid.server.security.AccessControl;
 import org.apache.qpid.server.store.DurableConfigurationStore;
 import org.apache.qpid.server.store.MessageStore;
 import org.apache.qpid.server.store.preferences.PreferenceStore;
@@ -76,7 +77,10 @@ public class AbstractVirtualHostTest ext
         SystemConfig systemConfig = mock(SystemConfig.class);
         when(systemConfig.getEventLogger()).thenReturn(mock(EventLogger.class));
         when(systemConfig.createPreferenceStore()).thenReturn(mock(PreferenceStore.class));
-        Broker<?> broker = mock(Broker.class);
+        AccessControl accessControlMock = BrokerTestHelper.createAccessControlMock();
+        Principal systemPrincipal = mock(Principal.class);
+        Broker<?> broker = BrokerTestHelper.mockWithSystemPrincipalAndAccessControl(Broker.class, systemPrincipal,
+                                                                                    accessControlMock);
         when(broker.getParent(SystemConfig.class)).thenReturn(systemConfig);
         when(broker.getModel()).thenReturn(BrokerModel.getInstance());
 
@@ -85,7 +89,8 @@ public class AbstractVirtualHostTest ext
         when(broker.getTaskExecutor()).thenReturn(_taskExecutor);
         when(broker.getChildExecutor()).thenReturn(_taskExecutor);
 
-        _node = BrokerTestHelper.mockWithSystemPrincipal(VirtualHostNode.class, mock(Principal.class));
+        _node = BrokerTestHelper.mockWithSystemPrincipalAndAccessControl(VirtualHostNode.class,
+                                                                         systemPrincipal, accessControlMock);
         when(_node.getParent(Broker.class)).thenReturn(broker);
         when(_node.getModel()).thenReturn(BrokerModel.getInstance());
         when(_node.getTaskExecutor()).thenReturn(_taskExecutor);

Modified: qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/virtualhost/VirtualHostQueueCreationTest.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/virtualhost/VirtualHostQueueCreationTest.java?rev=1752293&r1=1752292&r2=1752293&view=diff
==============================================================================
--- qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/virtualhost/VirtualHostQueueCreationTest.java (original)
+++ qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/virtualhost/VirtualHostQueueCreationTest.java Tue Jul 12 13:48:50 2016
@@ -47,6 +47,7 @@ import org.apache.qpid.server.model.Virt
 import org.apache.qpid.server.queue.PriorityQueue;
 import org.apache.qpid.server.queue.PriorityQueueImpl;
 import org.apache.qpid.server.queue.StandardQueueImpl;
+import org.apache.qpid.server.security.AccessControl;
 import org.apache.qpid.server.store.DurableConfigurationStore;
 import org.apache.qpid.server.store.preferences.PreferenceStore;
 import org.apache.qpid.test.utils.QpidTestCase;
@@ -73,7 +74,10 @@ public class VirtualHostQueueCreationTes
         when(context.getEventLogger()).thenReturn(eventLogger);
         when(context.createPreferenceStore()).thenReturn(mock(PreferenceStore.class));
 
-        Broker broker = mock(Broker.class);
+        Principal systemPrincipal = mock(Principal.class);
+        AccessControl accessControl = BrokerTestHelper.createAccessControlMock();
+
+        Broker broker = BrokerTestHelper.mockWithSystemPrincipalAndAccessControl(Broker.class, systemPrincipal, accessControl);
         when(broker.getObjectFactory()).thenReturn(objectFactory);
         when(broker.getCategoryClass()).thenReturn(Broker.class);
         when(broker.getParent(SystemConfig.class)).thenReturn(context);
@@ -81,7 +85,7 @@ public class VirtualHostQueueCreationTes
         when(broker.getTaskExecutor()).thenReturn(_taskExecutor);
         when(broker.getChildExecutor()).thenReturn(_taskExecutor);
 
-        _virtualHostNode = BrokerTestHelper.mockWithSystemPrincipal(VirtualHostNode.class, mock(Principal.class));
+        _virtualHostNode = BrokerTestHelper.mockWithSystemPrincipalAndAccessControl(VirtualHostNode.class, systemPrincipal, accessControl);
         when(_virtualHostNode.getParent(Broker.class)).thenReturn(broker);
         when(_virtualHostNode.getConfigurationStore()).thenReturn(mock(DurableConfigurationStore.class));
         when(_virtualHostNode.getObjectFactory()).thenReturn(objectFactory);

Modified: qpid/java/trunk/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/config/LegacyAccessControlAdapter.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/config/LegacyAccessControlAdapter.java?rev=1752293&r1=1752292&r2=1752293&view=diff
==============================================================================
--- qpid/java/trunk/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/config/LegacyAccessControlAdapter.java (original)
+++ qpid/java/trunk/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/config/LegacyAccessControlAdapter.java Tue Jul 12 13:48:50 2016
@@ -182,6 +182,7 @@ class LegacyAccessControlAdapter
         return VirtualHost.class.isAssignableFrom(category) ||
                VirtualHostLogger.class.isAssignableFrom(category) ||
                VirtualHostLogInclusionRule.class.isAssignableFrom(category) ||
+               VirtualHostAccessControlProvider.class.isAssignableFrom(category) ||
                Connection.class.isAssignableFrom(category);
     }
 

Modified: qpid/java/trunk/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/plugins/ACLFileAccessControlProviderImpl.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/plugins/ACLFileAccessControlProviderImpl.java?rev=1752293&r1=1752292&r2=1752293&view=diff
==============================================================================
--- qpid/java/trunk/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/plugins/ACLFileAccessControlProviderImpl.java (original)
+++ qpid/java/trunk/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/plugins/ACLFileAccessControlProviderImpl.java Tue Jul 12 13:48:50 2016
@@ -23,14 +23,20 @@ package org.apache.qpid.server.security.
 import java.util.Map;
 
 import org.apache.qpid.server.logging.messages.AccessControlMessages;
+
+import com.google.common.util.concurrent.Futures;
+import com.google.common.util.concurrent.ListenableFuture;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 import org.apache.qpid.server.configuration.IllegalConfigurationException;
+import org.apache.qpid.server.model.AccessControlProvider;
 import org.apache.qpid.server.model.Broker;
 import org.apache.qpid.server.model.BrokerModel;
 import org.apache.qpid.server.model.ManagedAttributeField;
 import org.apache.qpid.server.model.ManagedObjectFactoryConstructor;
+import org.apache.qpid.server.model.State;
+import org.apache.qpid.server.model.StateTransition;
 import org.apache.qpid.server.security.access.Operation;
 import org.apache.qpid.server.security.access.config.AclFileParser;
 import org.apache.qpid.server.security.access.config.RuleBasedAccessControl;
@@ -47,6 +53,8 @@ public class ACLFileAccessControlProvide
         Handler.register();
     }
 
+    private final Broker _broker;
+
     @ManagedAttributeField( afterSet = "reloadAclFile")
     private String _path;
 
@@ -54,12 +62,13 @@ public class ACLFileAccessControlProvide
     public ACLFileAccessControlProviderImpl(Map<String, Object> attributes, Broker broker)
     {
         super(attributes, broker);
+        _broker = broker;
     }
 
     @Override
     protected RuleBasedAccessControl createRuleBasedAccessController()
     {
-        return new RuleBasedAccessControl(AclFileParser.parse(getPath(), getBroker()), getBroker().getModel());
+        return new RuleBasedAccessControl(AclFileParser.parse(getPath(), this), getModel());
     }
 
     @Override
@@ -89,10 +98,40 @@ public class ACLFileAccessControlProvide
         }
     }
 
+    @StateTransition(currentState = {State.UNINITIALIZED, State.QUIESCED, State.ERRORED}, desiredState = State.ACTIVE)
+    @SuppressWarnings("unused")
+    private ListenableFuture<Void> activate()
+    {
+
+        try
+        {
+            recreateAccessController();
+            setState(_broker.isManagementMode() ? State.QUIESCED : State.ACTIVE);
+        }
+        catch (RuntimeException e)
+        {
+            setState(State.ERRORED);
+            if (_broker.isManagementMode())
+            {
+                LOGGER.warn("Failed to activate ACL provider: " + getName(), e);
+            }
+            else
+            {
+                throw e;
+            }
+        }
+        return Futures.immediateFuture(null);
+    }
+
     @Override
     public String getPath()
     {
         return _path;
     }
 
+    public int compareTo(final AccessControlProvider o)
+    {
+        return ACCESS_CONTROL_POVIDER_COMPARATOR.compare(this, o);
+    }
+
 }

Modified: qpid/java/trunk/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/plugins/AbstractRuleBasedAccessControlProvider.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/plugins/AbstractRuleBasedAccessControlProvider.java?rev=1752293&r1=1752292&r2=1752293&view=diff
==============================================================================
--- qpid/java/trunk/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/plugins/AbstractRuleBasedAccessControlProvider.java (original)
+++ qpid/java/trunk/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/plugins/AbstractRuleBasedAccessControlProvider.java Tue Jul 12 13:48:50 2016
@@ -29,10 +29,12 @@ import org.slf4j.LoggerFactory;
 
 import org.apache.qpid.server.configuration.IllegalConfigurationException;
 import org.apache.qpid.server.logging.EventLogger;
+import org.apache.qpid.server.logging.EventLoggerProvider;
 import org.apache.qpid.server.logging.messages.AccessControlMessages;
 import org.apache.qpid.server.model.AbstractConfiguredObject;
 import org.apache.qpid.server.model.AccessControlProvider;
 import org.apache.qpid.server.model.Broker;
+import org.apache.qpid.server.model.ConfiguredObject;
 import org.apache.qpid.server.model.ManagedAttributeField;
 import org.apache.qpid.server.model.ManagedObjectFactoryConstructor;
 import org.apache.qpid.server.model.State;
@@ -42,7 +44,7 @@ import org.apache.qpid.server.security.a
 import org.apache.qpid.server.util.urlstreamhandler.data.Handler;
 
 public abstract class AbstractRuleBasedAccessControlProvider<X extends AbstractRuleBasedAccessControlProvider<X>>
-        extends AbstractConfiguredObject<X> implements AccessControlProvider<X>
+        extends AbstractConfiguredObject<X> implements EventLoggerProvider
 {
     private static final Logger LOGGER = LoggerFactory.getLogger(AbstractRuleBasedAccessControlProvider.class);
 
@@ -52,28 +54,21 @@ public abstract class AbstractRuleBasedA
     }
 
     private volatile RuleBasedAccessControl _accessControl;
-    private final Broker _broker;
     private final EventLogger _eventLogger;
 
     @ManagedAttributeField
     private int _priority;
 
-    public AbstractRuleBasedAccessControlProvider(Map<String, Object> attributes, Broker broker)
+    public AbstractRuleBasedAccessControlProvider(Map<String, Object> attributes, ConfiguredObject<?> parent)
     {
-        super(parentsMap(broker), attributes);
+        super(parentsMap(parent), attributes);
 
 
-        _broker = broker;
-        _eventLogger = _broker.getEventLogger();
+        _eventLogger = ((EventLoggerProvider)parent).getEventLogger();
         _eventLogger.message(AccessControlMessages.CREATE(getName()));
     }
 
-    protected final Broker getBroker()
-    {
-        return _broker;
-    }
-
-    protected final EventLogger getEventLogger()
+    public final EventLogger getEventLogger()
     {
         return _eventLogger;
     }
@@ -112,31 +107,6 @@ public abstract class AbstractRuleBasedA
     }
 
 
-    @StateTransition(currentState = {State.UNINITIALIZED, State.QUIESCED, State.ERRORED}, desiredState = State.ACTIVE)
-    @SuppressWarnings("unused")
-    private ListenableFuture<Void> activate()
-    {
-
-        try
-        {
-            recreateAccessController();
-            setState(_broker.isManagementMode() ? State.QUIESCED : State.ACTIVE);
-        }
-        catch (RuntimeException e)
-        {
-            setState(State.ERRORED);
-            if (_broker.isManagementMode())
-            {
-                LOGGER.warn("Failed to activate ACL provider: " + getName(), e);
-            }
-            else
-            {
-                throw e;
-            }
-        }
-        return Futures.immediateFuture(null);
-    }
-
     protected final void recreateAccessController()
     {
         _accessControl = createRuleBasedAccessController();
@@ -179,15 +149,9 @@ public abstract class AbstractRuleBasedA
         return _accessControl;
     }
 
-    @Override
     public final int getPriority()
     {
         return _priority;
     }
 
-    @Override
-    public int compareTo(final AccessControlProvider o)
-    {
-        return ACCESS_CONTROL_POVIDER_COMPARATOR.compare(this, o);
-    }
 }

Modified: qpid/java/trunk/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/plugins/RuleBasedAccessControlProviderImpl.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/plugins/RuleBasedAccessControlProviderImpl.java?rev=1752293&r1=1752292&r2=1752293&view=diff
==============================================================================
--- qpid/java/trunk/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/plugins/RuleBasedAccessControlProviderImpl.java (original)
+++ qpid/java/trunk/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/plugins/RuleBasedAccessControlProviderImpl.java Tue Jul 12 13:48:50 2016
@@ -28,15 +28,20 @@ import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 
+import com.google.common.util.concurrent.Futures;
+import com.google.common.util.concurrent.ListenableFuture;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import org.apache.qpid.server.model.AccessControlProvider;
 import org.apache.qpid.server.model.Broker;
 import org.apache.qpid.server.model.Content;
 import org.apache.qpid.server.model.CustomRestHeaders;
 import org.apache.qpid.server.model.ManagedAttributeField;
 import org.apache.qpid.server.model.ManagedObjectFactoryConstructor;
 import org.apache.qpid.server.model.RestContentHeader;
+import org.apache.qpid.server.model.State;
+import org.apache.qpid.server.model.StateTransition;
 import org.apache.qpid.server.security.Result;
 import org.apache.qpid.server.security.access.config.ObjectProperties;
 import org.apache.qpid.server.security.access.config.ObjectType;
@@ -61,6 +66,8 @@ public class RuleBasedAccessControlProvi
         Handler.register();
     }
 
+    private final Broker _broker;
+
     @ManagedAttributeField
     private Result _defaultResult;
     @ManagedAttributeField
@@ -71,6 +78,7 @@ public class RuleBasedAccessControlProvi
     public RuleBasedAccessControlProviderImpl(Map<String, Object> attributes, Broker broker)
     {
         super(attributes, broker);
+        _broker = broker;
     }
 
 
@@ -96,7 +104,7 @@ public class RuleBasedAccessControlProvi
                                              new AclRulePredicates(configuredRule.getAttributes())),
                                configuredRule.getOutcome()));
         }
-        return new RuleBasedAccessControl(new RuleSet(getBroker(), rules, _defaultResult), getModel());
+        return new RuleBasedAccessControl(new RuleSet(this, rules, _defaultResult), getModel());
     }
 
     @Override
@@ -111,10 +119,35 @@ public class RuleBasedAccessControlProvi
         return _rules;
     }
 
+    @StateTransition(currentState = {State.UNINITIALIZED, State.QUIESCED, State.ERRORED}, desiredState = State.ACTIVE)
+    @SuppressWarnings("unused")
+    private ListenableFuture<Void> activate()
+    {
+
+        try
+        {
+            recreateAccessController();
+            setState(_broker.isManagementMode() ? State.QUIESCED : State.ACTIVE);
+        }
+        catch (RuntimeException e)
+        {
+            setState(State.ERRORED);
+            if (_broker.isManagementMode())
+            {
+                LOGGER.warn("Failed to activate ACL provider: " + getName(), e);
+            }
+            else
+            {
+                throw e;
+            }
+        }
+        return Futures.immediateFuture(null);
+    }
+
     @Override
     public void loadFromFile(final String path)
     {
-        RuleSet ruleSet = AclFileParser.parse(path, getBroker());
+        RuleSet ruleSet = AclFileParser.parse(path, this);
         List<AclRule> aclRules = new ArrayList<>();
         for(Rule rule : ruleSet.getAllRules())
         {
@@ -221,4 +254,10 @@ public class RuleBasedAccessControlProvi
 
         }
     }
+
+    public int compareTo(final AccessControlProvider o)
+    {
+        return ACCESS_CONTROL_POVIDER_COMPARATOR.compare(this, o);
+    }
+
 }

Copied: qpid/java/trunk/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/plugins/RuleBasedVirtualHostAccessControlProvider.java (from r1752049, qpid/java/trunk/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/plugins/RuleBasedAccessControlProvider.java)
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/plugins/RuleBasedVirtualHostAccessControlProvider.java?p2=qpid/java/trunk/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/plugins/RuleBasedVirtualHostAccessControlProvider.java&p1=qpid/java/trunk/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/plugins/RuleBasedAccessControlProvider.java&r1=1752049&r2=1752293&rev=1752293&view=diff
==============================================================================
--- qpid/java/trunk/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/plugins/RuleBasedAccessControlProvider.java (original)
+++ qpid/java/trunk/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/plugins/RuleBasedVirtualHostAccessControlProvider.java Tue Jul 12 13:48:50 2016
@@ -29,24 +29,24 @@ import org.apache.qpid.server.model.Mana
 import org.apache.qpid.server.model.ManagedObject;
 import org.apache.qpid.server.model.ManagedOperation;
 import org.apache.qpid.server.model.Param;
+import org.apache.qpid.server.model.VirtualHostAccessControlProvider;
 import org.apache.qpid.server.security.Result;
-import org.apache.qpid.server.security.access.RuleOutcome;
 
-@ManagedObject( category = false, type= RuleBasedAccessControlProvider.RULE_BASED_TYPE)
-public interface RuleBasedAccessControlProvider<X extends RuleBasedAccessControlProvider<X>> extends AccessControlProvider<X>
+@ManagedObject( category = false, type= RuleBasedVirtualHostAccessControlProvider.RULE_BASED_TYPE)
+public interface RuleBasedVirtualHostAccessControlProvider<X extends RuleBasedVirtualHostAccessControlProvider<X>> extends VirtualHostAccessControlProvider<X>
 {
     String RULE_BASED_TYPE = "RuleBased";
     String DEFAULT_RESULT= "defaultResult";
     String RULES = "rules";
 
-    @ManagedAttribute( mandatory = true, defaultValue = "DENIED", validValues = { "ALLOWED", "DENIED" })
+    @ManagedAttribute( mandatory = true, defaultValue = "DEFER", validValues = { "ALLOWED", "DENIED", "DEFER" })
     Result getDefaultResult();
 
-    @ManagedAttribute( mandatory = true, defaultValue = "[ { \"identity\" : \"ALL\", \"objectType\" : \"ALL\", \"operation\" : \"ALL\", \"attributes\" : {}, \"outcome\" : \"ALLOW\"} ]")
+    @ManagedAttribute( mandatory = true, defaultValue = "[ ]")
     List<AclRule> getRules();
 
     @ManagedOperation
-    void loadFromFile(@Param(name = "path")String path);
+    void loadFromFile(@Param(name = "path") String path);
 
     @ManagedOperation(nonModifying = true)
     Content extractRules();

Copied: qpid/java/trunk/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/plugins/RuleBasedVirtualHostAccessControlProviderImpl.java (from r1752049, qpid/java/trunk/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/plugins/RuleBasedAccessControlProviderImpl.java)
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/plugins/RuleBasedVirtualHostAccessControlProviderImpl.java?p2=qpid/java/trunk/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/plugins/RuleBasedVirtualHostAccessControlProviderImpl.java&p1=qpid/java/trunk/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/plugins/RuleBasedAccessControlProviderImpl.java&r1=1752049&r2=1752293&rev=1752293&view=diff
==============================================================================
--- qpid/java/trunk/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/plugins/RuleBasedAccessControlProviderImpl.java (original)
+++ qpid/java/trunk/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/plugins/RuleBasedVirtualHostAccessControlProviderImpl.java Tue Jul 12 13:48:50 2016
@@ -24,37 +24,53 @@ import java.io.IOException;
 import java.io.OutputStream;
 import java.nio.charset.StandardCharsets;
 import java.util.ArrayList;
+import java.util.EnumSet;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
+import java.util.Set;
 
+import com.google.common.util.concurrent.Futures;
+import com.google.common.util.concurrent.ListenableFuture;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 import org.apache.qpid.server.model.Broker;
+import org.apache.qpid.server.model.ConfiguredObject;
 import org.apache.qpid.server.model.Content;
 import org.apache.qpid.server.model.CustomRestHeaders;
 import org.apache.qpid.server.model.ManagedAttributeField;
 import org.apache.qpid.server.model.ManagedObjectFactoryConstructor;
 import org.apache.qpid.server.model.RestContentHeader;
+import org.apache.qpid.server.model.State;
+import org.apache.qpid.server.model.StateTransition;
+import org.apache.qpid.server.model.SystemConfig;
+import org.apache.qpid.server.model.VirtualHost;
+import org.apache.qpid.server.model.VirtualHostAccessControlProvider;
 import org.apache.qpid.server.security.Result;
-import org.apache.qpid.server.security.access.config.ObjectProperties;
-import org.apache.qpid.server.security.access.config.ObjectType;
-import org.apache.qpid.server.security.access.config.LegacyOperation;
 import org.apache.qpid.server.security.access.RuleOutcome;
 import org.apache.qpid.server.security.access.config.AclAction;
 import org.apache.qpid.server.security.access.config.AclFileParser;
 import org.apache.qpid.server.security.access.config.AclRulePredicates;
+import org.apache.qpid.server.security.access.config.LegacyOperation;
+import org.apache.qpid.server.security.access.config.ObjectProperties;
+import org.apache.qpid.server.security.access.config.ObjectType;
 import org.apache.qpid.server.security.access.config.Rule;
 import org.apache.qpid.server.security.access.config.RuleBasedAccessControl;
 import org.apache.qpid.server.security.access.config.RuleSet;
 import org.apache.qpid.server.util.urlstreamhandler.data.Handler;
 
-public class RuleBasedAccessControlProviderImpl
-        extends AbstractRuleBasedAccessControlProvider<RuleBasedAccessControlProviderImpl>
-        implements RuleBasedAccessControlProvider<RuleBasedAccessControlProviderImpl>
+public class RuleBasedVirtualHostAccessControlProviderImpl
+        extends AbstractRuleBasedAccessControlProvider<RuleBasedVirtualHostAccessControlProviderImpl>
+        implements RuleBasedVirtualHostAccessControlProvider<RuleBasedVirtualHostAccessControlProviderImpl>
 {
-    private static final Logger LOGGER = LoggerFactory.getLogger(RuleBasedAccessControlProviderImpl.class);
+    private static final EnumSet<ObjectType> ALLOWED_OBJECT_TYPES = EnumSet.of(ObjectType.ALL,
+                                                                               ObjectType.QUEUE,
+                                                                               ObjectType.EXCHANGE,
+                                                                               ObjectType.VIRTUALHOST,
+                                                                               ObjectType.METHOD);
+
+    private static final Logger LOGGER = LoggerFactory.getLogger(RuleBasedVirtualHostAccessControlProviderImpl.class);
 
     static
     {
@@ -68,9 +84,9 @@ public class RuleBasedAccessControlProvi
 
 
     @ManagedObjectFactoryConstructor
-    public RuleBasedAccessControlProviderImpl(Map<String, Object> attributes, Broker broker)
+    public RuleBasedVirtualHostAccessControlProviderImpl(Map<String, Object> attributes, VirtualHost<?> virtualHost)
     {
-        super(attributes, broker);
+        super(attributes, virtualHost);
     }
 
 
@@ -85,6 +101,22 @@ public class RuleBasedAccessControlProvi
     }
 
     @Override
+    protected void validateChange(final ConfiguredObject<?> proxyForValidation, final Set<String> changedAttributes)
+    {
+        super.validateChange(proxyForValidation, changedAttributes);
+        if(changedAttributes.contains(RULES))
+        {
+            for(AclRule rule : ((RuleBasedVirtualHostAccessControlProvider<?>)proxyForValidation).getRules())
+            {
+                if(!ALLOWED_OBJECT_TYPES.contains(rule.getObjectType()))
+                {
+                    throw new IllegalArgumentException("Cannot use the object type " + rule.getObjectType() + " only the following object types are allowed: " + ALLOWED_OBJECT_TYPES);
+                }
+            }
+        }
+    }
+
+    @Override
     protected RuleBasedAccessControl createRuleBasedAccessController()
     {
         List<Rule> rules = new ArrayList<>();
@@ -96,7 +128,7 @@ public class RuleBasedAccessControlProvi
                                              new AclRulePredicates(configuredRule.getAttributes())),
                                configuredRule.getOutcome()));
         }
-        return new RuleBasedAccessControl(new RuleSet(getBroker(), rules, _defaultResult), getModel());
+        return new RuleBasedAccessControl(new RuleSet(this, rules, _defaultResult), getModel());
     }
 
     @Override
@@ -111,10 +143,36 @@ public class RuleBasedAccessControlProvi
         return _rules;
     }
 
+    @StateTransition(currentState = {State.UNINITIALIZED, State.QUIESCED, State.ERRORED}, desiredState = State.ACTIVE)
+    @SuppressWarnings("unused")
+    private ListenableFuture<Void> activate()
+    {
+
+        final boolean isManagementMode = getModel().getAncestor(SystemConfig.class, this).isManagementMode();
+        try
+        {
+            recreateAccessController();
+            setState(isManagementMode ? State.QUIESCED : State.ACTIVE);
+        }
+        catch (RuntimeException e)
+        {
+            setState(State.ERRORED);
+            if (isManagementMode)
+            {
+                LOGGER.warn("Failed to activate ACL provider: " + getName(), e);
+            }
+            else
+            {
+                throw e;
+            }
+        }
+        return Futures.immediateFuture(null);
+    }
+
     @Override
     public void loadFromFile(final String path)
     {
-        RuleSet ruleSet = AclFileParser.parse(path, getBroker());
+        RuleSet ruleSet = AclFileParser.parse(path, this);
         List<AclRule> aclRules = new ArrayList<>();
         for(Rule rule : ruleSet.getAllRules())
         {
@@ -126,6 +184,12 @@ public class RuleBasedAccessControlProvi
         setAttributes(attrs);
     }
 
+    @Override
+    public int compareTo(final VirtualHostAccessControlProvider o)
+    {
+        return VIRTUAL_HOST_ACCESS_CONTROL_POVIDER_COMPARATOR.compare(this, o);
+    }
+
     public static class AclRuleImpl implements AclRule
     {
         private final Rule _rule;
@@ -221,4 +285,5 @@ public class RuleBasedAccessControlProvi
 
         }
     }
+
 }

Modified: qpid/java/trunk/systests/src/main/java/org/apache/qpid/test/utils/TestBrokerConfiguration.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/systests/src/main/java/org/apache/qpid/test/utils/TestBrokerConfiguration.java?rev=1752293&r1=1752292&r2=1752293&view=diff
==============================================================================
--- qpid/java/trunk/systests/src/main/java/org/apache/qpid/test/utils/TestBrokerConfiguration.java (original)
+++ qpid/java/trunk/systests/src/main/java/org/apache/qpid/test/utils/TestBrokerConfiguration.java Tue Jul 12 13:48:50 2016
@@ -51,6 +51,8 @@ import org.apache.qpid.server.model.adap
 import org.apache.qpid.server.plugin.PluggableFactoryLoader;
 import org.apache.qpid.server.plugin.SystemConfigFactory;
 import org.apache.qpid.server.security.access.plugins.ACLFileAccessControlProvider;
+import org.apache.qpid.server.security.access.plugins.AclRule;
+import org.apache.qpid.server.security.access.plugins.RuleBasedAccessControlProvider;
 import org.apache.qpid.server.store.AbstractMemoryStore;
 import org.apache.qpid.server.store.ConfiguredObjectRecord;
 import org.apache.qpid.server.store.ConfiguredObjectRecordConverter;
@@ -76,6 +78,7 @@ public class TestBrokerConfiguration
     public static final String ENTRY_NAME_SSL_TRUSTSTORE = "systestsTrustStore";
     public static final String ENTRY_NAME_GROUP_FILE = "groupFile";
     public static final String ENTRY_NAME_ACL_FILE = "aclFile";
+    public static final String ENTRY_NAME_ACL_RULES = "aclRules";
     private final TaskExecutor _taskExecutor;
     private final String _storeType;
 
@@ -339,6 +342,17 @@ public class TestBrokerConfiguration
         return addObjectConfiguration(AccessControlProvider.class, attributes);
     }
 
+    public UUID addAclRuleConfiguration(AclRule[] aclRules)
+    {
+        Map<String, Object> attributes = new HashMap<String, Object>();
+        attributes.put(AccessControlProvider.NAME, ENTRY_NAME_ACL_RULES);
+        attributes.put(AccessControlProvider.TYPE, RuleBasedAccessControlProvider.RULE_BASED_TYPE);
+        attributes.put(RuleBasedAccessControlProvider.RULES, aclRules);
+
+        return addObjectConfiguration(AccessControlProvider.class, attributes);
+    }
+
+
     private boolean setObjectAttributes(ConfiguredObjectRecord entry, Map<String, Object> attributes)
     {
         Map<String, Object> newAttributes = new HashMap<String, Object>(entry.getAttributes());

Copied: qpid/java/trunk/systests/src/test/java/org/apache/qpid/systest/rest/acl/VirtualHostAccessControlProviderRestTest.java (from r1752049, qpid/java/trunk/systests/src/test/java/org/apache/qpid/systest/rest/acl/QueueRestACLTest.java)
URL: http://svn.apache.org/viewvc/qpid/java/trunk/systests/src/test/java/org/apache/qpid/systest/rest/acl/VirtualHostAccessControlProviderRestTest.java?p2=qpid/java/trunk/systests/src/test/java/org/apache/qpid/systest/rest/acl/VirtualHostAccessControlProviderRestTest.java&p1=qpid/java/trunk/systests/src/test/java/org/apache/qpid/systest/rest/acl/QueueRestACLTest.java&r1=1752049&r2=1752293&rev=1752293&view=diff
==============================================================================
--- qpid/java/trunk/systests/src/test/java/org/apache/qpid/systest/rest/acl/QueueRestACLTest.java (original)
+++ qpid/java/trunk/systests/src/test/java/org/apache/qpid/systest/rest/acl/VirtualHostAccessControlProviderRestTest.java Tue Jul 12 13:48:50 2016
@@ -20,20 +20,43 @@
  */
 package org.apache.qpid.systest.rest.acl;
 
+
+
+import static org.apache.qpid.server.security.access.RuleOutcome.*;
+import static org.apache.qpid.server.security.access.config.LegacyOperation.*;
+import static org.apache.qpid.server.security.access.config.ObjectType.*;
+
+import java.util.Collections;
 import java.util.HashMap;
 import java.util.Map;
 
 import javax.servlet.http.HttpServletResponse;
 
+import org.apache.qpid.server.model.ConfiguredObject;
 import org.apache.qpid.server.model.Queue;
-import org.apache.qpid.server.security.acl.AbstractACLTestCase;
+import org.apache.qpid.server.model.VirtualHostAccessControlProvider;
+import org.apache.qpid.server.security.access.Operation;
+import org.apache.qpid.server.security.access.RuleOutcome;
+import org.apache.qpid.server.security.access.config.LegacyOperation;
+import org.apache.qpid.server.security.access.config.ObjectProperties;
+import org.apache.qpid.server.security.access.config.ObjectType;
+import org.apache.qpid.server.security.access.plugins.AclRule;
+import org.apache.qpid.server.security.access.plugins.RuleBasedVirtualHostAccessControlProvider;
 import org.apache.qpid.systest.rest.QpidRestTestCase;
 import org.apache.qpid.test.utils.TestBrokerConfiguration;
 
-public class QueueRestACLTest extends QpidRestTestCase
+public class VirtualHostAccessControlProviderRestTest extends QpidRestTestCase
 {
-    private static final String ALLOWED_USER = "user1";
-    private static final String DENIED_USER = "user2";
+    private static final String ADMIN = "admin";
+
+    private static final String USER1 = "user1";
+    private static final String USER2 = "user2";
+    private static final String USER3 = "user3";
+    private static final String USER4 = "user4";
+    private static final String USER5 = "user5";
+    private static final String USER6 = "user6";
+
+
     private String _queueUrl;
     private String _queueName;
 
@@ -43,6 +66,28 @@ public class QueueRestACLTest extends Qp
         super.setUp();
         _queueName = getTestName();
         _queueUrl = "queue/test/test/" + _queueName;
+
+        getRestTestHelper().setUsernameAndPassword(ADMIN, ADMIN);
+        final Map<String, Object> attributes = new HashMap<>();
+        attributes.put(ConfiguredObject.NAME, "rules");
+        attributes.put(ConfiguredObject.TYPE, RuleBasedVirtualHostAccessControlProvider.RULE_BASED_TYPE);
+        final AclRule[] rules = {
+                new TestAclRule(USER1, ObjectType.QUEUE, CREATE, DENY_LOG),
+                new TestAclRule(USER3, ObjectType.QUEUE, CREATE, ALLOW_LOG),
+                new TestAclRule(USER4, ObjectType.QUEUE, CREATE, ALLOW_LOG),
+
+                new TestAclRule(USER1, ObjectType.QUEUE, UPDATE, DENY_LOG),
+                new TestAclRule(USER3, ObjectType.QUEUE, UPDATE, ALLOW_LOG),
+                new TestAclRule(USER4, ObjectType.QUEUE, UPDATE, ALLOW_LOG),
+
+                new TestAclRule(USER1, ObjectType.QUEUE, DELETE, DENY_LOG),
+                new TestAclRule(USER3, ObjectType.QUEUE, DELETE, ALLOW_LOG),
+                new TestAclRule(USER4, ObjectType.QUEUE, DELETE, ALLOW_LOG),
+
+        };
+        attributes.put(RuleBasedVirtualHostAccessControlProvider.RULES, rules);
+        getRestTestHelper().submitRequest(VirtualHostAccessControlProvider.class.getSimpleName().toLowerCase() + "/test/test/rules", "PUT", attributes);
+
     }
 
     @Override
@@ -50,113 +95,87 @@ public class QueueRestACLTest extends Qp
     {
         super.customizeConfiguration();
         final TestBrokerConfiguration defaultBrokerConfiguration = getDefaultBrokerConfiguration();
-        defaultBrokerConfiguration.configureTemporaryPasswordFile(ALLOWED_USER, DENIED_USER);
+        defaultBrokerConfiguration.configureTemporaryPasswordFile(ADMIN, USER1, USER2, USER3, USER4, USER5, USER6);
+        final AclRule[] rules = {
+                new TestAclRule(ADMIN, ObjectType.ALL, LegacyOperation.ALL, ALLOW_LOG),
 
-        AbstractACLTestCase.writeACLFileUtil(this, "ACL ALLOW-LOG ALL ACCESS MANAGEMENT",
-                "ACL ALLOW-LOG " + ALLOWED_USER + " CREATE QUEUE",
-                "ACL DENY-LOG " + DENIED_USER + " CREATE QUEUE",
-                "ACL ALLOW-LOG " + ALLOWED_USER + " UPDATE QUEUE",
-                "ACL DENY-LOG " + DENIED_USER + " UPDATE QUEUE",
-                "ACL ALLOW-LOG " + ALLOWED_USER + " DELETE QUEUE",
-                "ACL DENY-LOG " + DENIED_USER + " DELETE QUEUE",
-                "ACL DENY-LOG ALL ALL");
+                new TestAclRule("ALL", MANAGEMENT, ACCESS, ALLOW_LOG),
+                new TestAclRule(USER1, ObjectType.QUEUE, CREATE, ALLOW_LOG),
+                new TestAclRule(USER2, ObjectType.QUEUE, CREATE, DENY_LOG),
+                new TestAclRule(USER3, ObjectType.QUEUE, CREATE, DENY_LOG),
+                new TestAclRule(USER5, ObjectType.QUEUE, CREATE, ALLOW_LOG),
 
-    }
+                new TestAclRule(USER1, ObjectType.QUEUE, UPDATE, ALLOW_LOG),
+                new TestAclRule(USER2, ObjectType.QUEUE, UPDATE, DENY_LOG),
+                new TestAclRule(USER3, ObjectType.QUEUE, UPDATE, DENY_LOG),
+                new TestAclRule(USER5, ObjectType.QUEUE, UPDATE, ALLOW_LOG),
 
-    public void testCreateQueueAllowed() throws Exception
-    {
-        getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
+                new TestAclRule(USER1, ObjectType.QUEUE, DELETE, ALLOW_LOG),
+                new TestAclRule(USER2, ObjectType.QUEUE, DELETE, DENY_LOG),
+                new TestAclRule(USER3, ObjectType.QUEUE, DELETE, DENY_LOG),
+                new TestAclRule(USER5, ObjectType.QUEUE, DELETE, ALLOW_LOG)
 
-        int responseCode = createQueue();
-        assertEquals("Queue creation should be allowed", 201, responseCode);
+        };
+        defaultBrokerConfiguration.addAclRuleConfiguration(rules);
 
-        assertQueueExists();
     }
 
-    public void testCreateQueueDenied() throws Exception
+    public void testCreateAndDeleteQueueAllowedFromBrokerRule() throws Exception
     {
-        getRestTestHelper().setUsernameAndPassword(DENIED_USER, DENIED_USER);
-
-        int responseCode = createQueue();
-        assertEquals("Queue creation should be denied", 403, responseCode);
+        assertCreateAndDeleteQueueSucceeds(USER5);
+    }
 
-        assertQueueDoesNotExist();
+    public void testCreateDeleteQueueAllowedFromVirtualHostRule() throws Exception
+    {
+        assertCreateAndDeleteQueueSucceeds(USER4);
     }
 
-    public void testDeleteQueueAllowed() throws Exception
+    public void testCreateDeleteQueueAllowedFromVirtualHostOverridingBrokerRule() throws Exception
     {
-        getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
+        assertCreateAndDeleteQueueSucceeds(USER3);
+    }
 
-        int responseCode = createQueue();
-        assertEquals("Queue creation should be allowed", 201, responseCode);
+    public void testCreateQueueDeniedFromVirtualHostRule() throws Exception
+    {
+        assertCreateQueueDenied(USER1);
+    }
 
-        assertQueueExists();
+    public void testCreateQueueDeniedFromBrokerRule() throws Exception
+    {
+        assertCreateQueueDenied(USER2);
+    }
 
-        responseCode = getRestTestHelper().submitRequest(_queueUrl, "DELETE");
-        assertEquals("Queue deletion should be allowed", 200, responseCode);
 
-        assertQueueDoesNotExist();
+    public void testCreateQueueDeniedFromDefault() throws Exception
+    {
+        assertCreateQueueDenied(USER6);
     }
 
-    public void testDeleteQueueDenied() throws Exception
+    public void assertCreateAndDeleteQueueSucceeds(final String username) throws Exception
     {
-        getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
+        getRestTestHelper().setUsernameAndPassword(username, username);
 
         int responseCode = createQueue();
         assertEquals("Queue creation should be allowed", 201, responseCode);
 
         assertQueueExists();
 
-        getRestTestHelper().setUsernameAndPassword(DENIED_USER, DENIED_USER);
         responseCode = getRestTestHelper().submitRequest(_queueUrl, "DELETE");
-        assertEquals("Queue deletion should be denied", 403, responseCode);
+        assertEquals("Queue deletion should be allowed", 200, responseCode);
 
-        assertQueueExists();
+        assertQueueDoesNotExist();
     }
 
 
 
-    public void testSetQueueAttributesAllowed() throws Exception
-    {
-        getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
-
-        int responseCode = createQueue();
-
-        assertQueueExists();
-
-        Map<String, Object> attributes = new HashMap<String, Object>();
-        attributes.put(Queue.NAME, _queueName);
-        attributes.put(Queue.QUEUE_FLOW_CONTROL_SIZE_BYTES, 100000);
-        attributes.put(Queue.QUEUE_FLOW_RESUME_SIZE_BYTES, 80000);
-
-        responseCode = getRestTestHelper().submitRequest(_queueUrl, "PUT", attributes);
-        assertEquals("Setting of queue attribites should be allowed", 200, responseCode);
-
-        Map<String, Object> queueData = getRestTestHelper().getJsonAsSingletonList(_queueUrl);
-        assertEquals("Unexpected " + Queue.QUEUE_FLOW_CONTROL_SIZE_BYTES, 100000, queueData.get(Queue.QUEUE_FLOW_CONTROL_SIZE_BYTES) );
-        assertEquals("Unexpected " + Queue.QUEUE_FLOW_RESUME_SIZE_BYTES, 80000, queueData.get(Queue.QUEUE_FLOW_RESUME_SIZE_BYTES) );
-    }
-
-    public void testSetQueueAttributesDenied() throws Exception
+    public void assertCreateQueueDenied(String username) throws Exception
     {
-        getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
+        getRestTestHelper().setUsernameAndPassword(username, username);
 
         int responseCode = createQueue();
-        assertQueueExists();
-
-        getRestTestHelper().setUsernameAndPassword(DENIED_USER, DENIED_USER);
-
-        Map<String, Object> attributes = new HashMap<String, Object>();
-        attributes.put(Queue.NAME, _queueName);
-        attributes.put(Queue.QUEUE_FLOW_CONTROL_SIZE_BYTES, 100000);
-        attributes.put(Queue.QUEUE_FLOW_RESUME_SIZE_BYTES, 80000);
-
-        responseCode = getRestTestHelper().submitRequest(_queueUrl, "PUT", attributes);
-        assertEquals("Setting of queue attribites should be allowed", 403, responseCode);
+        assertEquals("Queue creation should be denied", 403, responseCode);
 
-        Map<String, Object> queueData = getRestTestHelper().getJsonAsSingletonList(_queueUrl);
-        assertEquals("Unexpected " + Queue.QUEUE_FLOW_CONTROL_SIZE_BYTES, 0, queueData.get(Queue.QUEUE_FLOW_CONTROL_SIZE_BYTES) );
-        assertEquals("Unexpected " + Queue.QUEUE_FLOW_RESUME_SIZE_BYTES, 0, queueData.get(Queue.QUEUE_FLOW_RESUME_SIZE_BYTES) );
+        assertQueueDoesNotExist();
     }
 
     private int createQueue() throws Exception
@@ -182,4 +201,53 @@ public class QueueRestACLTest extends Qp
         int expectedResponseCode = exists ? HttpServletResponse.SC_OK : HttpServletResponse.SC_NOT_FOUND;
         getRestTestHelper().submitRequest(_queueUrl, "GET", expectedResponseCode);
     }
+
+    public static class TestAclRule implements AclRule
+    {
+        private String _identity;
+        private ObjectType _objectType;
+        private LegacyOperation _operation;
+        private RuleOutcome _outcome;
+
+        public TestAclRule(final String identity,
+                           final ObjectType objectType,
+                           final LegacyOperation operation,
+                           final RuleOutcome outcome)
+        {
+            _identity = identity;
+            _objectType = objectType;
+            _operation = operation;
+            _outcome = outcome;
+        }
+
+        @Override
+        public String getIdentity()
+        {
+            return _identity;
+        }
+
+        @Override
+        public ObjectType getObjectType()
+        {
+            return _objectType;
+        }
+
+        @Override
+        public LegacyOperation getOperation()
+        {
+            return _operation;
+        }
+
+        @Override
+        public Map<ObjectProperties.Property, String> getAttributes()
+        {
+            return Collections.emptyMap();
+        }
+
+        @Override
+        public RuleOutcome getOutcome()
+        {
+            return _outcome;
+        }
+    }
 }



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org


Mime
View raw message