RC9/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/PrincipalPermissions.java - qpid - Git at Google

 /*
  *
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  *   http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  * KIND, either express or implied.  See the License for the
  * specific language governing permissions and limitations
  * under the License.
  *
  */
 package org.apache.qpid.server.security.access;

 import org.apache.qpid.framing.AMQShortString;
 import org.apache.qpid.framing.QueueBindBody;
 import org.apache.qpid.framing.QueueDeclareBody;
 import org.apache.qpid.framing.ExchangeDeclareBody;
 import org.apache.qpid.server.queue.AMQQueue;
 import org.apache.qpid.server.exchange.Exchange;

 import java.util.*;
 import java.util.concurrent.ConcurrentHashMap;

 public class PrincipalPermissions
 {

     private static final Object CONSUME_QUEUES_KEY = new Object();
     private static final Object CONSUME_TEMPORARY_KEY = new Object();
     private static final Object CONSUME_OWN_QUEUES_ONLY_KEY = new Object();

     private static final Object CREATE_QUEUES_KEY = new Object();
     private static final Object CREATE_EXCHANGES_KEY = new Object();

     private static final Object CREATE_QUEUE_TEMPORARY_KEY = new Object();
     private static final Object CREATE_QUEUE_QUEUES_KEY = new Object();
     private static final Object CREATE_QUEUE_EXCHANGES_KEY = new Object();

     private static final Object CREATE_QUEUE_EXCHANGES_TEMPORARY_KEY = new Object();
     private static final Object CREATE_QUEUE_EXCHANGES_ROUTINGKEYS_KEY = new Object();

     private static final int PUBLISH_EXCHANGES_KEY = 0;

     private Map _permissions;

     private String _user;


     public PrincipalPermissions(String user)
     {
         _user = user;
         _permissions = new ConcurrentHashMap();
     }

     public void grant(Permission permission, Object... parameters)
     {
         switch (permission)
         {
             case ACCESS:
                 break; // This is a no-op as the existence of this PrincipalPermission object is scoped per VHost for ACCESS
             case BIND:
                 break; // All the details are currently included in the create setup.
             case CONSUME: // Parameters : AMQShortString queueName, Boolean Temporary, Boolean ownQueueOnly
                 Map consumeRights = (Map) _permissions.get(permission);

                 if (consumeRights == null)
                 {
                     consumeRights = new ConcurrentHashMap();
                     _permissions.put(permission, consumeRights);
                 }

                 //if we have parametsre
                 if (parameters.length > 0)
                 {
                     AMQShortString queueName = (AMQShortString) parameters[0];
                     Boolean temporary = (Boolean) parameters[1];
                     Boolean ownQueueOnly = (Boolean) parameters[2];

                     if (temporary)
                     {
                         consumeRights.put(CONSUME_TEMPORARY_KEY, true);
                     }
                     else
                     {
                         consumeRights.put(CONSUME_TEMPORARY_KEY, false);
                     }

                     if (ownQueueOnly)
                     {
                         consumeRights.put(CONSUME_OWN_QUEUES_ONLY_KEY, true);
                     }
                     else
                     {
                         consumeRights.put(CONSUME_OWN_QUEUES_ONLY_KEY, false);
                     }


                     LinkedList queues = (LinkedList) consumeRights.get(CONSUME_QUEUES_KEY);
                     if (queues == null)
                     {
                         queues = new LinkedList();
                         consumeRights.put(CONSUME_QUEUES_KEY, queues);
                     }

                     if (queueName != null)
                     {
                         queues.add(queueName);
                     }
                 }


                 break;
             case CREATE:  // Parameters : Boolean temporary, AMQShortString queueName
                 // , AMQShortString exchangeName , AMQShortString routingKey
                 // || AMQShortString exchangeName , AMQShortString Class

                 Map createRights = (Map) _permissions.get(permission);

                 if (createRights == null)
                 {
                     createRights = new ConcurrentHashMap();
                     _permissions.put(permission, createRights);

                 }

                 //The existence of the empty map mean permission to all.
                 if (parameters.length == 0)
                 {
                     return;
                 }


                 if (parameters[0] instanceof Boolean) //Create Queue :
                 // Boolean temporary, [AMQShortString queueName, AMQShortString exchangeName , AMQShortString routingKey]
                 {
                     Boolean temporary = (Boolean) parameters[0];

                     AMQShortString queueName = parameters.length > 1 ? (AMQShortString) parameters[1] : null;
                     AMQShortString exchangeName = parameters.length > 2 ? (AMQShortString) parameters[2] : null;
                     //Set the routingkey to the specified value or the queueName if present
                     AMQShortString routingKey = parameters.length > 3 ? (AMQShortString) parameters[3] : queueName;

                     // Get the queues map
                     Map create_queues = (Map) createRights.get(CREATE_QUEUES_KEY);

                     if (create_queues == null)
                     {
                         create_queues = new ConcurrentHashMap();
                         createRights.put(CREATE_QUEUES_KEY, create_queues);
                     }

                     //Allow all temp queues to be created
                     create_queues.put(CREATE_QUEUE_TEMPORARY_KEY, temporary);

                     //Create empty list of queues
                     Map create_queues_queues = (Map) create_queues.get(CREATE_QUEUE_QUEUES_KEY);

                     if (create_queues_queues == null)
                     {
                         create_queues_queues = new ConcurrentHashMap();
                         create_queues.put(CREATE_QUEUE_QUEUES_KEY, create_queues_queues);
                     }

                     // We are granting CREATE rights to all temporary queues only
                     if (parameters.length == 1)
                     {
                         return;
                     }

                     // if we have a queueName then we need to store any associated exchange / rk bindings
                     if (queueName != null)
                     {
                         Map queue = (Map) create_queues_queues.get(queueName);
                         if (queue == null)
                         {
                             queue = new ConcurrentHashMap();
                             create_queues_queues.put(queueName, queue);
                         }

                         if (exchangeName != null)
                         {
                             queue.put(exchangeName, routingKey);
                         }

                         //If no exchange is specified then the presence of the queueName in the map says any exchange is ok
                     }

                     // Store the exchange that we are being granted rights to. This will be used as part of binding

                     //Lookup the list of exchanges
                     Map create_queues_exchanges = (Map) create_queues.get(CREATE_QUEUE_EXCHANGES_KEY);

                     if (create_queues_exchanges == null)
                     {
                         create_queues_exchanges = new ConcurrentHashMap();
                         create_queues.put(CREATE_QUEUE_EXCHANGES_KEY, create_queues_exchanges);
                     }

                     //if we have an exchange
                     if (exchangeName != null)
                     {
                         //Retrieve the list of permitted exchanges.
                         Map exchanges = (Map) create_queues_exchanges.get(exchangeName);

                         if (exchanges == null)
                         {
                             exchanges = new ConcurrentHashMap();
                             create_queues_exchanges.put(exchangeName, exchanges);
                         }

                         //Store the temporary setting CREATE_QUEUE_EXCHANGES_ROUTINGKEYS_KEY
                         exchanges.put(CREATE_QUEUE_EXCHANGES_TEMPORARY_KEY, temporary);

                         //Store the binding details of queue/rk for this exchange.
                         if (queueName != null)
                         {
                             //Retrieve the list of permitted routingKeys.
                             Map rKeys = (Map) exchanges.get(exchangeName);

                             if (rKeys == null)
                             {
                                 rKeys = new ConcurrentHashMap();
                                 exchanges.put(CREATE_QUEUE_EXCHANGES_ROUTINGKEYS_KEY, rKeys);
                             }

                             rKeys.put(queueName, routingKey);
                         }
                     }
                 }
                 else // Create Exchange : AMQShortString exchangeName , AMQShortString Class
                 {
                     Map create_exchanges = (Map) createRights.get(CREATE_EXCHANGES_KEY);

                     if (create_exchanges == null)
                     {
                         create_exchanges = new ConcurrentHashMap();
                         createRights.put(CREATE_EXCHANGES_KEY, create_exchanges);
                     }

                     //Should perhaps error if parameters[0] is null;
                     AMQShortString exchangeName = parameters.length > 0 ? (AMQShortString) parameters[0] : null;
                     AMQShortString className = parameters.length > 1 ? (AMQShortString) parameters[1] : null;

                     //Store the exchangeName / class mapping if the mapping is null
                     createRights.put(exchangeName, className);
                 }
                 break;
             case DELETE:
                 break;

             case PUBLISH: // Parameters : Exchange exchange, AMQShortString routingKey
                 Map publishRights = (Map) _permissions.get(permission);

                 if (publishRights == null)
                 {
                     publishRights = new ConcurrentHashMap();
                     _permissions.put(permission, publishRights);
                 }

                 if (parameters == null || parameters.length == 0)
                 {
                     //If we have no parameters then allow publish to all destinations
                     // this is signified by having a null value for publish_exchanges
                 }
                 else
                 {
                     Map publish_exchanges = (Map) publishRights.get(PUBLISH_EXCHANGES_KEY);

                     if (publish_exchanges == null)
                     {
                         publish_exchanges = new ConcurrentHashMap();
                         publishRights.put(PUBLISH_EXCHANGES_KEY, publish_exchanges);
                     }


                     HashSet routingKeys = (HashSet) publish_exchanges.get(parameters[0]);

                     // Check to see if we have a routing key
                     if (parameters.length == 2)
                     {
                         if (routingKeys == null)
                         {
                             routingKeys = new HashSet<AMQShortString>();
                         }
                         //Add routing key to permitted publish destinations
                         routingKeys.add(parameters[1]);
                     }

                     // Add the updated routingkey list or null if all values allowed
                     publish_exchanges.put(parameters[0], routingKeys);
                 }
                 break;
             case PURGE:
                 break;
             case UNBIND:
                 break;
         }

     }

     public boolean authorise(Permission permission, Object... parameters)
     {

         switch (permission)
         {
             case ACCESS:
                 return true; // This is here for completeness but the SimpleXML ACLManager never calls it.
                 // The existence of this user specific PP can be validated in the map SimpleXML maintains.
             case BIND: // Parameters : QueueBindMethod , Exchange , AMQQueue, AMQShortString routingKey

                 Exchange exchange = (Exchange) parameters[1];

                 AMQQueue bind_queueName = (AMQQueue) parameters[2];
                 AMQShortString routingKey = (AMQShortString) parameters[3];

                 //Get all Create Rights for this user
                 Map bindCreateRights = (Map) _permissions.get(Permission.CREATE);

                 //Look up the Queue Creation Rights
                 Map bind_create_queues = (Map) bindCreateRights.get(CREATE_QUEUES_KEY);

                 //Lookup the list of queues
                 Map bind_create_queues_queues = (Map) bindCreateRights.get(CREATE_QUEUE_QUEUES_KEY);

                 // Check and see if we have a queue white list to check
                 if (bind_create_queues_queues != null)
                 {
                     //There a white list for queues
                     Map exchangeDetails = (Map) bind_create_queues_queues.get(bind_queueName);

                     if (exchangeDetails == null) //Then all queue can be bound to all exchanges.
                     {
                         return true;
                     }

                     // Check to see if we have a white list of routingkeys to check
                     Map rkeys = (Map) exchangeDetails.get(exchange.getName());

                     // if keys is null then any rkey is allowed on this exchange
                     if (rkeys == null)
                     {
                         // There is no routingkey white list
                         return true;
                     }
                     else
                     {
                         // We have routingKeys so a match must be found to allowed binding
                         Iterator keys = rkeys.keySet().iterator();

                         boolean matched = false;
                         while (keys.hasNext() && !matched)
                         {
                             AMQShortString rkey = (AMQShortString) keys.next();
                             if (rkey.endsWith("*"))
                             {
                                 matched = routingKey.startsWith(rkey.subSequence(0, rkey.length() - 1).toString());
                             }
                             else
                             {
                                 matched = routingKey.equals(rkey);
                             }
                         }


                         return matched;
                     }


                 }
                 else
                 {
                     //There a is no white list for queues

                     // So can allow all queues to be bound
                     //  but we should first check and see if we have a temp queue and validate that we are allowed
                     //  to bind temp queues.

                     //Check to see if we have a temporary queue
                     if (bind_queueName.isAutoDelete())
                     {
                         // Check and see if we have an exchange white list.
                         Map bind_exchanges = (Map) bind_create_queues.get(CREATE_QUEUE_EXCHANGES_KEY);

                         // If the exchange exists then we must check to see if temporary queues are allowed here
                         if (bind_exchanges != null)
                         {
                             // Check to see if the requested exchange is allowed.
                             Map exchangeDetails = (Map) bind_exchanges.get(exchange.getName());

                             return (Boolean) exchangeDetails.get(CREATE_QUEUE_EXCHANGES_TEMPORARY_KEY);
                         }

                         //no white list so all allowed, drop through to return true below.
                     }

                     // not a temporary queue and no white list so all allowed.
                     return true;
                 }

             case CREATE:// Paramters : QueueDeclareBody || ExchangeDeclareBody

                 Map createRights = (Map) _permissions.get(permission);

                 // If there are no create rights then deny request
                 if (createRights == null)
                 {
                     return false;
                 }

                 if (parameters.length == 1)
                 {
                     if (parameters[0] instanceof QueueDeclareBody)
                     {
                         QueueDeclareBody body = (QueueDeclareBody) parameters[0];

                         //Look up the Queue Creation Rights
                         Map create_queues = (Map) createRights.get(CREATE_QUEUES_KEY);

                         //Lookup the list of queues allowed to be created
                         Map create_queues_queues = (Map) create_queues.get(CREATE_QUEUE_QUEUES_KEY);


                         AMQShortString queueName = body.getQueue();


                         if (body.getAutoDelete())// we have a temporary queue
                         {
                             return (Boolean) create_queues.get(CREATE_QUEUE_TEMPORARY_KEY);
                         }
                         else
                         {
                             // If there is a white list then check
                             return create_queues_queues == null || create_queues_queues.containsKey(queueName);
                         }

                     }
                     else if (parameters[0] instanceof ExchangeDeclareBody)
                     {
                         ExchangeDeclareBody body = (ExchangeDeclareBody) parameters[0];

                         AMQShortString exchangeName = body.getExchange();

                         Map create_exchanges = (Map) createRights.get(CREATE_EXCHANGES_KEY);

                         // If the exchange list is doesn't exist then all is allowed else check the valid exchanges
                         return create_exchanges == null || create_exchanges.containsKey(exchangeName);
                     }
                 }
                 break;
             case CONSUME: // Parameters :  AMQQueue

                 if (parameters.length == 1 && parameters[0] instanceof AMQQueue)
                 {
                     AMQQueue queue = ((AMQQueue) parameters[0]);
                     Map queuePermissions = (Map) _permissions.get(permission);

                     List queues = (List) queuePermissions.get(CONSUME_QUEUES_KEY);

                     Boolean temporayQueues = (Boolean) queuePermissions.get(CONSUME_TEMPORARY_KEY);
                     Boolean ownQueuesOnly = (Boolean) queuePermissions.get(CONSUME_OWN_QUEUES_ONLY_KEY);

                     // If user is allowed to publish to temporary queues and this is a temp queue then allow it.
                     if (temporayQueues)
                     {
                         if (queue.isAutoDelete())
                         // This will allow consumption from any temporary queue including ones not owned by this user.
                         // Of course the exclusivity will not be broken.
                         {
                             // if not limited to ownQueuesOnly then ok else check queue Owner.
                             return !ownQueuesOnly || queue.getOwner().equals(_user);
                         }
                         else
                         {
                             return false;
                         }
                     }

                     // if queues are white listed then ensure it is ok
                     if (queues != null)
                     {
                         // if no queues are listed then ALL are ok othereise it must be specified.
                         if (ownQueuesOnly)
                         {
                             if (queue.getOwner().equals(_user))
                             {
                                 return queues.size() == 0 || queues.contains(queue.getName());
                             }
                             else
                             {
                                 return false;
                             }
                         }

                         // If we are
                         return queues.size() == 0 || queues.contains(queue.getName());
                     }
                 }

                 // Can't authenticate without the right parameters
                 return false;
             case DELETE:
                 break;

             case PUBLISH: // Parameters : Exchange exchange, AMQShortString routingKey
                 Map publishRights = (Map) _permissions.get(permission);

                 if (publishRights == null)
                 {
                     return false;
                 }

                 Map exchanges = (Map) publishRights.get(PUBLISH_EXCHANGES_KEY);

                 // Having no exchanges listed gives full publish rights to all exchanges
                 if (exchanges == null)
                 {
                     return true;
                 }
                 // Otherwise exchange must be listed in the white list

                 // If the map doesn't have the exchange then it isn't allowed
                 if (!exchanges.containsKey(parameters[0]))
                 {
                     return false;
                 }
                 else
                 {

                     // Get valid routing keys
                     HashSet routingKeys = (HashSet) exchanges.get(parameters[0]);

                     // Having no routingKeys in the map then all are allowed.
                     if (routingKeys == null)
                     {
                         return true;
                     }
                     else
                     {
                         // We have routingKeys so a match must be found to allowed binding
                         Iterator keys = routingKeys.iterator();


                         AMQShortString publishRKey = (AMQShortString)parameters[1];

                         boolean matched = false;
                         while (keys.hasNext() && !matched)
                         {
                             AMQShortString rkey = (AMQShortString) keys.next();

                             if (rkey.endsWith("*"))
                             {
                                 matched = publishRKey.startsWith(rkey.subSequence(0, rkey.length() - 1));
                             }
                             else
                             {
                                 matched = publishRKey.equals(rkey);
                             }
                         }
                         return matched;
                     }
                 }
             case PURGE:
                 break;
             case UNBIND:
                 break;

         }

         return false;
     }
 }
	/*
	*
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing,
	* software distributed under the License is distributed on an
	* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	* KIND, either express or implied. See the License for the
	* specific language governing permissions and limitations
	* under the License.
	*
	*/
	package org.apache.qpid.server.security.access;

	import org.apache.qpid.framing.AMQShortString;
	import org.apache.qpid.framing.QueueBindBody;
	import org.apache.qpid.framing.QueueDeclareBody;
	import org.apache.qpid.framing.ExchangeDeclareBody;
	import org.apache.qpid.server.queue.AMQQueue;
	import org.apache.qpid.server.exchange.Exchange;

	import java.util.*;
	import java.util.concurrent.ConcurrentHashMap;

	public class PrincipalPermissions
	{

	private static final Object CONSUME_QUEUES_KEY = new Object();
	private static final Object CONSUME_TEMPORARY_KEY = new Object();
	private static final Object CONSUME_OWN_QUEUES_ONLY_KEY = new Object();

	private static final Object CREATE_QUEUES_KEY = new Object();
	private static final Object CREATE_EXCHANGES_KEY = new Object();

	private static final Object CREATE_QUEUE_TEMPORARY_KEY = new Object();
	private static final Object CREATE_QUEUE_QUEUES_KEY = new Object();
	private static final Object CREATE_QUEUE_EXCHANGES_KEY = new Object();

	private static final Object CREATE_QUEUE_EXCHANGES_TEMPORARY_KEY = new Object();
	private static final Object CREATE_QUEUE_EXCHANGES_ROUTINGKEYS_KEY = new Object();

	private static final int PUBLISH_EXCHANGES_KEY = 0;

	private Map _permissions;

	private String _user;


	public PrincipalPermissions(String user)
	{
	_user = user;
	_permissions = new ConcurrentHashMap();
	}

	public void grant(Permission permission, Object... parameters)
	{
	switch (permission)
	{
	case ACCESS:
	break; // This is a no-op as the existence of this PrincipalPermission object is scoped per VHost for ACCESS
	case BIND:
	break; // All the details are currently included in the create setup.
	case CONSUME: // Parameters : AMQShortString queueName, Boolean Temporary, Boolean ownQueueOnly
	Map consumeRights = (Map) _permissions.get(permission);

	if (consumeRights == null)
	{
	consumeRights = new ConcurrentHashMap();
	_permissions.put(permission, consumeRights);
	}

	//if we have parametsre
	if (parameters.length > 0)
	{
	AMQShortString queueName = (AMQShortString) parameters[0];
	Boolean temporary = (Boolean) parameters[1];
	Boolean ownQueueOnly = (Boolean) parameters[2];

	if (temporary)
	{
	consumeRights.put(CONSUME_TEMPORARY_KEY, true);
	}
	else
	{
	consumeRights.put(CONSUME_TEMPORARY_KEY, false);
	}

	if (ownQueueOnly)
	{
	consumeRights.put(CONSUME_OWN_QUEUES_ONLY_KEY, true);
	}
	else
	{
	consumeRights.put(CONSUME_OWN_QUEUES_ONLY_KEY, false);
	}


	LinkedList queues = (LinkedList) consumeRights.get(CONSUME_QUEUES_KEY);
	if (queues == null)
	{
	queues = new LinkedList();
	consumeRights.put(CONSUME_QUEUES_KEY, queues);
	}

	if (queueName != null)
	{
	queues.add(queueName);
	}
	}


	break;
	case CREATE: // Parameters : Boolean temporary, AMQShortString queueName
	// , AMQShortString exchangeName , AMQShortString routingKey
	// \|\| AMQShortString exchangeName , AMQShortString Class

	Map createRights = (Map) _permissions.get(permission);

	if (createRights == null)
	{
	createRights = new ConcurrentHashMap();
	_permissions.put(permission, createRights);

	}

	//The existence of the empty map mean permission to all.
	if (parameters.length == 0)
	{
	return;
	}


	if (parameters[0] instanceof Boolean) //Create Queue :
	// Boolean temporary, [AMQShortString queueName, AMQShortString exchangeName , AMQShortString routingKey]
	{
	Boolean temporary = (Boolean) parameters[0];

	AMQShortString queueName = parameters.length > 1 ? (AMQShortString) parameters[1] : null;
	AMQShortString exchangeName = parameters.length > 2 ? (AMQShortString) parameters[2] : null;
	//Set the routingkey to the specified value or the queueName if present
	AMQShortString routingKey = parameters.length > 3 ? (AMQShortString) parameters[3] : queueName;

	// Get the queues map
	Map create_queues = (Map) createRights.get(CREATE_QUEUES_KEY);

	if (create_queues == null)
	{
	create_queues = new ConcurrentHashMap();
	createRights.put(CREATE_QUEUES_KEY, create_queues);
	}

	//Allow all temp queues to be created
	create_queues.put(CREATE_QUEUE_TEMPORARY_KEY, temporary);

	//Create empty list of queues
	Map create_queues_queues = (Map) create_queues.get(CREATE_QUEUE_QUEUES_KEY);

	if (create_queues_queues == null)
	{
	create_queues_queues = new ConcurrentHashMap();
	create_queues.put(CREATE_QUEUE_QUEUES_KEY, create_queues_queues);
	}

	// We are granting CREATE rights to all temporary queues only
	if (parameters.length == 1)
	{
	return;
	}

	// if we have a queueName then we need to store any associated exchange / rk bindings
	if (queueName != null)
	{
	Map queue = (Map) create_queues_queues.get(queueName);
	if (queue == null)
	{
	queue = new ConcurrentHashMap();
	create_queues_queues.put(queueName, queue);
	}

	if (exchangeName != null)
	{
	queue.put(exchangeName, routingKey);
	}

	//If no exchange is specified then the presence of the queueName in the map says any exchange is ok
	}

	// Store the exchange that we are being granted rights to. This will be used as part of binding

	//Lookup the list of exchanges
	Map create_queues_exchanges = (Map) create_queues.get(CREATE_QUEUE_EXCHANGES_KEY);

	if (create_queues_exchanges == null)
	{
	create_queues_exchanges = new ConcurrentHashMap();
	create_queues.put(CREATE_QUEUE_EXCHANGES_KEY, create_queues_exchanges);
	}

	//if we have an exchange
	if (exchangeName != null)
	{
	//Retrieve the list of permitted exchanges.
	Map exchanges = (Map) create_queues_exchanges.get(exchangeName);

	if (exchanges == null)
	{
	exchanges = new ConcurrentHashMap();
	create_queues_exchanges.put(exchangeName, exchanges);
	}

	//Store the temporary setting CREATE_QUEUE_EXCHANGES_ROUTINGKEYS_KEY
	exchanges.put(CREATE_QUEUE_EXCHANGES_TEMPORARY_KEY, temporary);

	//Store the binding details of queue/rk for this exchange.
	if (queueName != null)
	{
	//Retrieve the list of permitted routingKeys.
	Map rKeys = (Map) exchanges.get(exchangeName);

	if (rKeys == null)
	{
	rKeys = new ConcurrentHashMap();
	exchanges.put(CREATE_QUEUE_EXCHANGES_ROUTINGKEYS_KEY, rKeys);
	}

	rKeys.put(queueName, routingKey);
	}
	}
	}
	else // Create Exchange : AMQShortString exchangeName , AMQShortString Class
	{
	Map create_exchanges = (Map) createRights.get(CREATE_EXCHANGES_KEY);

	if (create_exchanges == null)
	{
	create_exchanges = new ConcurrentHashMap();
	createRights.put(CREATE_EXCHANGES_KEY, create_exchanges);
	}

	//Should perhaps error if parameters[0] is null;
	AMQShortString exchangeName = parameters.length > 0 ? (AMQShortString) parameters[0] : null;
	AMQShortString className = parameters.length > 1 ? (AMQShortString) parameters[1] : null;

	//Store the exchangeName / class mapping if the mapping is null
	createRights.put(exchangeName, className);
	}
	break;
	case DELETE:
	break;

	case PUBLISH: // Parameters : Exchange exchange, AMQShortString routingKey
	Map publishRights = (Map) _permissions.get(permission);

	if (publishRights == null)
	{
	publishRights = new ConcurrentHashMap();
	_permissions.put(permission, publishRights);
	}

	if (parameters == null \|\| parameters.length == 0)
	{
	//If we have no parameters then allow publish to all destinations
	// this is signified by having a null value for publish_exchanges
	}
	else
	{
	Map publish_exchanges = (Map) publishRights.get(PUBLISH_EXCHANGES_KEY);

	if (publish_exchanges == null)
	{
	publish_exchanges = new ConcurrentHashMap();
	publishRights.put(PUBLISH_EXCHANGES_KEY, publish_exchanges);
	}


	HashSet routingKeys = (HashSet) publish_exchanges.get(parameters[0]);

	// Check to see if we have a routing key
	if (parameters.length == 2)
	{
	if (routingKeys == null)
	{
	routingKeys = new HashSet<AMQShortString>();
	}
	//Add routing key to permitted publish destinations
	routingKeys.add(parameters[1]);
	}

	// Add the updated routingkey list or null if all values allowed
	publish_exchanges.put(parameters[0], routingKeys);
	}
	break;
	case PURGE:
	break;
	case UNBIND:
	break;
	}

	}

	public boolean authorise(Permission permission, Object... parameters)
	{

	switch (permission)
	{
	case ACCESS:
	return true; // This is here for completeness but the SimpleXML ACLManager never calls it.
	// The existence of this user specific PP can be validated in the map SimpleXML maintains.
	case BIND: // Parameters : QueueBindMethod , Exchange , AMQQueue, AMQShortString routingKey

	Exchange exchange = (Exchange) parameters[1];

	AMQQueue bind_queueName = (AMQQueue) parameters[2];
	AMQShortString routingKey = (AMQShortString) parameters[3];

	//Get all Create Rights for this user
	Map bindCreateRights = (Map) _permissions.get(Permission.CREATE);

	//Look up the Queue Creation Rights
	Map bind_create_queues = (Map) bindCreateRights.get(CREATE_QUEUES_KEY);

	//Lookup the list of queues
	Map bind_create_queues_queues = (Map) bindCreateRights.get(CREATE_QUEUE_QUEUES_KEY);

	// Check and see if we have a queue white list to check
	if (bind_create_queues_queues != null)
	{
	//There a white list for queues
	Map exchangeDetails = (Map) bind_create_queues_queues.get(bind_queueName);

	if (exchangeDetails == null) //Then all queue can be bound to all exchanges.
	{
	return true;
	}

	// Check to see if we have a white list of routingkeys to check
	Map rkeys = (Map) exchangeDetails.get(exchange.getName());

	// if keys is null then any rkey is allowed on this exchange
	if (rkeys == null)
	{
	// There is no routingkey white list
	return true;
	}
	else
	{
	// We have routingKeys so a match must be found to allowed binding
	Iterator keys = rkeys.keySet().iterator();

	boolean matched = false;
	while (keys.hasNext() && !matched)
	{
	AMQShortString rkey = (AMQShortString) keys.next();
	if (rkey.endsWith("*"))
	{
	matched = routingKey.startsWith(rkey.subSequence(0, rkey.length() - 1).toString());
	}
	else
	{
	matched = routingKey.equals(rkey);
	}
	}


	return matched;
	}


	}
	else
	{
	//There a is no white list for queues

	// So can allow all queues to be bound
	// but we should first check and see if we have a temp queue and validate that we are allowed
	// to bind temp queues.

	//Check to see if we have a temporary queue
	if (bind_queueName.isAutoDelete())
	{
	// Check and see if we have an exchange white list.
	Map bind_exchanges = (Map) bind_create_queues.get(CREATE_QUEUE_EXCHANGES_KEY);

	// If the exchange exists then we must check to see if temporary queues are allowed here
	if (bind_exchanges != null)
	{
	// Check to see if the requested exchange is allowed.
	Map exchangeDetails = (Map) bind_exchanges.get(exchange.getName());

	return (Boolean) exchangeDetails.get(CREATE_QUEUE_EXCHANGES_TEMPORARY_KEY);
	}

	//no white list so all allowed, drop through to return true below.
	}

	// not a temporary queue and no white list so all allowed.
	return true;
	}

	case CREATE:// Paramters : QueueDeclareBody \|\| ExchangeDeclareBody

	Map createRights = (Map) _permissions.get(permission);

	// If there are no create rights then deny request
	if (createRights == null)
	{
	return false;
	}

	if (parameters.length == 1)
	{
	if (parameters[0] instanceof QueueDeclareBody)
	{
	QueueDeclareBody body = (QueueDeclareBody) parameters[0];

	//Look up the Queue Creation Rights
	Map create_queues = (Map) createRights.get(CREATE_QUEUES_KEY);

	//Lookup the list of queues allowed to be created
	Map create_queues_queues = (Map) create_queues.get(CREATE_QUEUE_QUEUES_KEY);


	AMQShortString queueName = body.getQueue();


	if (body.getAutoDelete())// we have a temporary queue
	{
	return (Boolean) create_queues.get(CREATE_QUEUE_TEMPORARY_KEY);
	}
	else
	{
	// If there is a white list then check
	return create_queues_queues == null \|\| create_queues_queues.containsKey(queueName);
	}

	}
	else if (parameters[0] instanceof ExchangeDeclareBody)
	{
	ExchangeDeclareBody body = (ExchangeDeclareBody) parameters[0];

	AMQShortString exchangeName = body.getExchange();

	Map create_exchanges = (Map) createRights.get(CREATE_EXCHANGES_KEY);

	// If the exchange list is doesn't exist then all is allowed else check the valid exchanges
	return create_exchanges == null \|\| create_exchanges.containsKey(exchangeName);
	}
	}
	break;
	case CONSUME: // Parameters : AMQQueue

	if (parameters.length == 1 && parameters[0] instanceof AMQQueue)
	{
	AMQQueue queue = ((AMQQueue) parameters[0]);
	Map queuePermissions = (Map) _permissions.get(permission);

	List queues = (List) queuePermissions.get(CONSUME_QUEUES_KEY);

	Boolean temporayQueues = (Boolean) queuePermissions.get(CONSUME_TEMPORARY_KEY);
	Boolean ownQueuesOnly = (Boolean) queuePermissions.get(CONSUME_OWN_QUEUES_ONLY_KEY);

	// If user is allowed to publish to temporary queues and this is a temp queue then allow it.
	if (temporayQueues)
	{
	if (queue.isAutoDelete())
	// This will allow consumption from any temporary queue including ones not owned by this user.
	// Of course the exclusivity will not be broken.
	{
	// if not limited to ownQueuesOnly then ok else check queue Owner.
	return !ownQueuesOnly \|\| queue.getOwner().equals(_user);
	}
	else
	{
	return false;
	}
	}

	// if queues are white listed then ensure it is ok
	if (queues != null)
	{
	// if no queues are listed then ALL are ok othereise it must be specified.
	if (ownQueuesOnly)
	{
	if (queue.getOwner().equals(_user))
	{
	return queues.size() == 0 \|\| queues.contains(queue.getName());
	}
	else
	{
	return false;
	}
	}

	// If we are
	return queues.size() == 0 \|\| queues.contains(queue.getName());
	}
	}

	// Can't authenticate without the right parameters
	return false;
	case DELETE:
	break;

	case PUBLISH: // Parameters : Exchange exchange, AMQShortString routingKey
	Map publishRights = (Map) _permissions.get(permission);

	if (publishRights == null)
	{
	return false;
	}

	Map exchanges = (Map) publishRights.get(PUBLISH_EXCHANGES_KEY);

	// Having no exchanges listed gives full publish rights to all exchanges
	if (exchanges == null)
	{
	return true;
	}
	// Otherwise exchange must be listed in the white list

	// If the map doesn't have the exchange then it isn't allowed
	if (!exchanges.containsKey(parameters[0]))
	{
	return false;
	}
	else
	{

	// Get valid routing keys
	HashSet routingKeys = (HashSet) exchanges.get(parameters[0]);

	// Having no routingKeys in the map then all are allowed.
	if (routingKeys == null)
	{
	return true;
	}
	else
	{
	// We have routingKeys so a match must be found to allowed binding
	Iterator keys = routingKeys.iterator();


	AMQShortString publishRKey = (AMQShortString)parameters[1];

	boolean matched = false;
	while (keys.hasNext() && !matched)
	{
	AMQShortString rkey = (AMQShortString) keys.next();

	if (rkey.endsWith("*"))
	{
	matched = publishRKey.startsWith(rkey.subSequence(0, rkey.length() - 1));
	}
	else
	{
	matched = publishRKey.equals(rkey);
	}
	}
	return matched;
	}
	}
	case PURGE:
	break;
	case UNBIND:
	break;

	}

	return false;
	}
	}