diff --git a/server/resources/META-INF/cloudstack/core/spring-server-core-managers-context.xml b/server/resources/META-INF/cloudstack/core/spring-server-core-managers-context.xml
index fc1c7e23b92..09abcb767b4 100644
--- a/server/resources/META-INF/cloudstack/core/spring-server-core-managers-context.xml
+++ b/server/resources/META-INF/cloudstack/core/spring-server-core-managers-context.xml
@@ -74,6 +74,7 @@
+
diff --git a/server/src/com/cloud/network/NetworkModelImpl.java b/server/src/com/cloud/network/NetworkModelImpl.java
index 4267967f5ab..f84eccd9afe 100755
--- a/server/src/com/cloud/network/NetworkModelImpl.java
+++ b/server/src/com/cloud/network/NetworkModelImpl.java
@@ -34,6 +34,7 @@ import javax.naming.ConfigurationException;
import org.apache.log4j.Logger;
+import org.apache.cloudstack.acl.SecurityChecker;
import org.apache.cloudstack.acl.ControlledEntity.ACLType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.framework.config.dao.ConfigurationDao;
@@ -219,6 +220,16 @@ public class NetworkModelImpl extends ManagerBase implements NetworkModel {
static HashMap> s_serviceToImplementedProvidersMap = new HashMap>();
static HashMap s_providerToNetworkElementMap = new HashMap();
+ List _securityCheckers;
+
+ public List getSecurityCheckers() {
+ return _securityCheckers;
+ }
+
+ public void setSecurityCheckers(List securityCheckers) {
+ _securityCheckers = securityCheckers;
+ }
+
/**
*
*/
@@ -1586,7 +1597,15 @@ public class NetworkModelImpl extends ManagerBase implements NetworkModel {
+ ", permission denied");
}
} else {
- _accountMgr.checkAccess(owner, accessType, network);
+ // Go through IAM (SecurityCheckers)
+ for (SecurityChecker checker : _securityCheckers) {
+ if (checker.checkAccess(owner, accessType, null, network)) {
+ if (s_logger.isDebugEnabled()) {
+ s_logger.debug("Access to " + network + " granted to " + owner + " by " + checker.getName());
+ }
+ break;
+ }
+ }
}
}