summaryrefslogtreecommitdiff
path: root/qpid/java
diff options
context:
space:
mode:
authorRobert Gemmell <robbie@apache.org>2010-09-18 21:18:19 +0000
committerRobert Gemmell <robbie@apache.org>2010-09-18 21:18:19 +0000
commit8d2d2765dbd55647aee0fad8db3bafecf99062d3 (patch)
tree1f01d4a53216dbfbdd7f8130fc9394f1873a4eb6 /qpid/java
parent4a54b75b21fc7bff044b2c7730521bfec61c989b (diff)
downloadqpid-python-8d2d2765dbd55647aee0fad8db3bafecf99062d3.tar.gz
QPID-2870: move the authorisation check outside the AtomicBoolean wrapped queue deletion process to prevent an unauthorised attempt from barring all future deletion attempts
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk@998545 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'qpid/java')
-rw-r--r--qpid/java/broker/src/main/java/org/apache/qpid/server/queue/SimpleAMQQueue.java11
1 files changed, 6 insertions, 5 deletions
diff --git a/qpid/java/broker/src/main/java/org/apache/qpid/server/queue/SimpleAMQQueue.java b/qpid/java/broker/src/main/java/org/apache/qpid/server/queue/SimpleAMQQueue.java
index fc04e1382e..112f682fdc 100644
--- a/qpid/java/broker/src/main/java/org/apache/qpid/server/queue/SimpleAMQQueue.java
+++ b/qpid/java/broker/src/main/java/org/apache/qpid/server/queue/SimpleAMQQueue.java
@@ -1357,13 +1357,14 @@ public class SimpleAMQQueue implements AMQQueue, Subscription.StateListener
// TODO list all thrown exceptions
public int delete() throws AMQSecurityException, AMQException
{
+ // Check access
+ if (!_virtualHost.getSecurityManager().authoriseDelete(this))
+ {
+ throw new AMQSecurityException("Permission denied: " + getName());
+ }
+
if (!_deleted.getAndSet(true))
{
- // Check access
- if (!_virtualHost.getSecurityManager().authoriseDelete(this))
- {
- throw new AMQSecurityException("Permission denied: " + getName());
- }
for (Binding b : getBindings())
{
View Lorry Controller Status