geode-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From tush...@apache.org
Subject [3/6] incubator-geode git commit: GEODE-77 : Integrated Security Code Merge Review board url : https://reviews.apache.org/r/37209/
Date Thu, 27 Aug 2015 12:27:19 GMT
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d511979e/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/security/ResourceOperationContext.java
----------------------------------------------------------------------
diff --git a/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/security/ResourceOperationContext.java b/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/security/ResourceOperationContext.java
index aa1c38c..3801d66 100644
--- a/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/security/ResourceOperationContext.java
+++ b/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/security/ResourceOperationContext.java
@@ -1,187 +1,421 @@
 package com.gemstone.gemfire.management.internal.security;
 
+import java.util.ArrayList;
+import java.util.Collections;
 import java.util.HashMap;
+import java.util.List;
 import java.util.Map;
 
 import com.gemstone.gemfire.cache.operations.OperationContext;
 
+/**
+ * This is base class for OperationContext for resource (JMX and CLI) operations
+ * 
+ * @author tushark
+ * 
+ * @since 9.0
+ */
 public abstract class ResourceOperationContext extends OperationContext {
-	
-	 public static class ResourceOperationCode {
-		 
-		private static final byte OP_LIST_DS = 1;	
-	    private static final byte OP_READ_DS = 2;
-	    private static final byte OP_SET_DS = 3;
-	    private static final byte OP_ADMIN_DS = 4;
-	    private static final byte OP_CHANGE_ALERT_LEVEL_DS = 5;
-	    private static final byte OP_BACKUP_DS = 6;
-	    private static final byte OP_REMOVE_DISKSTORE_DS = 7;
-	    private static final byte OP_SHUTDOWN_DS = 8;
-	    private static final byte OP_QUERYDATA_DS = 9;
-	    private static final byte OP_REBALANCE_DS = 10;
-	    
-	    private static final byte OP_EXPORT_DATA_REGION = 11;
-	    private static final byte OP_IMPORT_DATA_REGION = 12 ;
-	    private static final byte OP_PUT_REGION = 13;
-	    private static final byte OP_LOCATE_ENTRY_REGION = 14;
-	    
-	    private static final byte OP_PULSE_DASHBOARD = 15;
-	    private static final byte OP_PULSE_DATABROWSER = 16;
-	    private static final byte OP_PULSE_WEBGFSH = 17;
-	    private static final byte OP_PULSE_ADMIN_V1 = 18;
-	    
-	    
-	    private static final ResourceOperationCode[] VALUES = new ResourceOperationCode[20];
-	    private static final Map OperationNameMap = new HashMap();
-	    
-	    public static final ResourceOperationCode LIST_DS = new ResourceOperationCode(ResourceConstants.LIST_DS, OP_LIST_DS);
-	    public static final ResourceOperationCode READ_DS = new ResourceOperationCode(ResourceConstants.READ_DS, OP_READ_DS);
-	    public static final ResourceOperationCode SET_DS = new ResourceOperationCode(ResourceConstants.SET_DS, OP_SET_DS);
-
-	    public static final ResourceOperationCode CHANGE_ALERT_LEVEL_DS = new ResourceOperationCode(ResourceConstants.CHANGE_ALERT_LEVEL_DS, OP_CHANGE_ALERT_LEVEL_DS);
-	    public static final ResourceOperationCode BACKUP_DS = new ResourceOperationCode(ResourceConstants.BACKUP_DS, OP_BACKUP_DS);
-	    public static final ResourceOperationCode REMOVE_DISKSTORE_DS = new ResourceOperationCode(ResourceConstants.REMOVE_DISKSTORE_DS, OP_REMOVE_DISKSTORE_DS);
-	    public static final ResourceOperationCode SHUTDOWN_DS = new ResourceOperationCode(ResourceConstants.SHUTDOWN_DS, OP_SHUTDOWN_DS);
-	    public static final ResourceOperationCode QUERYDATA_DS = new ResourceOperationCode(ResourceConstants.QUERYDATA_DS, OP_QUERYDATA_DS);
-	    public static final ResourceOperationCode REBALANCE_DS = new ResourceOperationCode(ResourceConstants.REBALANCE, OP_REBALANCE_DS);
-	    
-	    public static final ResourceOperationCode EXPORT_DATA_REGION = new ResourceOperationCode(ResourceConstants.EXPORT_DATA, OP_EXPORT_DATA_REGION);
-	    public static final ResourceOperationCode IMPORT_DATA_REGION = new ResourceOperationCode(ResourceConstants.IMPORT_DATA, OP_IMPORT_DATA_REGION);
-	    public static final ResourceOperationCode PUT_REGION = new ResourceOperationCode(ResourceConstants.PUT, OP_PUT_REGION);
-	    public static final ResourceOperationCode LOCATE_ENTRY_REGION = new ResourceOperationCode(ResourceConstants.LOCATE_ENTRY, OP_LOCATE_ENTRY_REGION);	    
-	    
-	    public static final ResourceOperationCode PULSE_DASHBOARD = new ResourceOperationCode(ResourceConstants.PULSE_DASHBOARD, OP_PULSE_DASHBOARD);
-	    public static final ResourceOperationCode PULSE_DATABROWSER = new ResourceOperationCode(ResourceConstants.PULSE_DATABROWSER, OP_PULSE_DATABROWSER);
-	    public static final ResourceOperationCode PULSE_WEBGFSH = new ResourceOperationCode(ResourceConstants.PULSE_WEBGFSH, OP_PULSE_WEBGFSH);
-	    public static final ResourceOperationCode PULSE_ADMIN_V1 = new ResourceOperationCode(ResourceConstants.PULSE_ADMIN_V1, OP_PULSE_ADMIN_V1);
-	    
-	    public static final ResourceOperationCode ADMIN_DS = new ResourceOperationCode(ResourceConstants.ADMIN_DS, OP_ADMIN_DS,
-	    		new ResourceOperationCode[]{
-	          CHANGE_ALERT_LEVEL_DS, 
-	          BACKUP_DS, 
-	          REMOVE_DISKSTORE_DS, 
-	          SHUTDOWN_DS, 
-	          QUERYDATA_DS, 
-	    			REBALANCE_DS, 
-	    			PULSE_DASHBOARD, 
-	    			PULSE_DATABROWSER, 
-	    			PULSE_WEBGFSH, 
-	    			PULSE_ADMIN_V1
-	    		});
-		
-	    
-	    private final String name;
-	    private final byte opCode;
-	    private final ResourceOperationCode[] children;
-	    
-	    private ResourceOperationCode(String name, byte opCode) {
-	      this.name = name;
-	      this.opCode = opCode;
-	      VALUES[opCode] = this;
-	      OperationNameMap.put(name, this);
-	      this.children = null;
-	    }
-	    
-	    private ResourceOperationCode(String name, byte opCode, ResourceOperationCode[] children) {
-		      this.name = name;
-		      this.opCode = opCode;
-		      VALUES[opCode] = this;
-		      OperationNameMap.put(name, this);
-		      this.children = children;
-		}
-	    
-	    
-	    
-	    public ResourceOperationCode[] getChildren() {
-        return children;
+  
+  private boolean isPostOperation=false;
+  private Object opResult = null;
+  
+  public static class ResourceOperationCode {
+    
+    private static final int OP_ALTER_REGION = 1;
+    private static final int OP_ALTER_RUNTIME = 2;
+    private static final int OP_BACKUP_DISKSTORE = 3;
+    private static final int OP_CHANGE_ALERT_LEVEL = 4;
+    private static final int OP_CLOSE_DURABLE_CLIENT = 5;
+    private static final int OP_CLOSE_DURABLE_CQ = 6;
+    private static final int OP_COMPACT_DISKSTORE = 7;
+    private static final int OP_CONFIGURE_PDX = 8;
+    private static final int OP_CREATE_AEQ = 9;
+    private static final int OP_CREATE_DISKSTORE = 10;
+    private static final int OP_CREATE_GW_RECEIVER = 11;
+    private static final int OP_CREATE_GW_SENDER = 12;
+    private static final int OP_CREATE_INDEX = 13;
+    private static final int OP_CREATE_REGION = 14;
+    private static final int OP_DEPLOY = 15;
+    private static final int OP_DESTROY_DISKSTORE = 16;
+    private static final int OP_DESTROY_FUNCTION = 17;
+    private static final int OP_DESTROY_INDEX = 18;
+    private static final int OP_DESTROY_REGION = 19;
+    private static final int OP_EXECUTE_FUNCTION = 20;
+    private static final int OP_EXPORT_CONFIG = 21;
+    private static final int OP_EXPORT_DATA = 22;
+    private static final int OP_EXPORT_LOGS = 23;
+    private static final int OP_EXPORT_OFFLINE_DISKSTORE = 24;
+    private static final int OP_EXPORT_STACKTRACE = 25;
+    private static final int OP_GC = 26;
+    private static final int OP_GET = 27;
+    private static final int OP_IMPORT_CONFIG = 28;
+    private static final int OP_IMPORT_DATA = 29;
+    private static final int OP_LIST_DS = 30;
+    private static final int OP_LOAD_BALANCE_GW_SENDER = 31;
+    private static final int OP_LOCATE_ENTRY = 32;
+    private static final int OP_NETSTAT = 33;
+    private static final int OP_PAUSE_GW_SENDER = 34;
+    private static final int OP_PUT = 35;
+    private static final int OP_QUERY = 36;
+    private static final int OP_REBALANCE = 37;
+    private static final int OP_REMOVE = 38;
+    private static final int OP_RENAME_PDX = 39;
+    private static final int OP_RESUME_GW_SENDER = 40;
+    private static final int OP_REVOKE_MISSING_DISKSTORE = 41;
+    private static final int OP_SHOW_DEADLOCKS = 42;
+    private static final int OP_SHOW_LOG = 43;
+    private static final int OP_SHOW_METRICS = 44;
+    private static final int OP_SHOW_MISSING_DISKSTORES = 45;
+    private static final int OP_SHOW_SUBSCRIPTION_QUEUE_SIZE = 46;
+    private static final int OP_SHUTDOWN = 47;
+    private static final int OP_STOP_GW_RECEIVER = 48;
+    private static final int OP_STOP_GW_SENDER = 49;
+    private static final int OP_UNDEPLOY = 50;
+    private static final int OP_BACKUP_MEMBERS = 51;
+    private static final int OP_ROLL_DISKSTORE = 52;
+    private static final int OP_FORCE_COMPACTION = 53;
+    private static final int OP_FORCE_ROLL = 54;
+    private static final int OP_FLUSH_DISKSTORE = 55;
+    private static final int OP_START_GW_RECEIVER = 56;
+    private static final int OP_START_GW_SENDER = 57;
+    private static final int OP_BECOME_LOCK_GRANTOR = 58;
+    private static final int OP_START_MANAGER = 59;
+    private static final int OP_STOP_MANAGER = 60;
+    private static final int OP_CREATE_MANAGER = 61;
+    private static final int OP_STOP_CONTINUOUS_QUERY = 62;
+    private static final int OP_SET_DISK_USAGE = 63;
+    private static final int OP_CREATE_HDFS_STORE = 64;
+    private static final int OP_ALTER_HDFS_STORE = 65;
+    private static final int OP_DESTROY_HDFS_STORE = 66;
+    
+
+    private static final int OP_PULSE_DASHBOARD = 92;
+    private static final int OP_PULSE_DATABROWSER = 93;
+    private static final int OP_PULSE_WEBGFSH = 94;
+    private static final int OP_PULSE_ADMIN_V1 = 95;
+    
+    private static final int OP_DATA_READ = 96;
+    private static final int OP_DATA_WRITE = 97;
+    private static final int OP_MONITOR = 98;
+    private static final int OP_ADMIN = 99;
+
+    private static final ResourceOperationCode[] VALUES = new ResourceOperationCode[100];
+    private static final Map<String, ResourceOperationCode> OperationNameMap = new HashMap<String, ResourceOperationCode>();
+      
+    
+    public static final ResourceOperationCode ALTER_REGION  = new ResourceOperationCode(ResourceConstants.ALTER_REGION, OP_ALTER_REGION);
+    public static final ResourceOperationCode ALTER_RUNTIME = new ResourceOperationCode(ResourceConstants.ALTER_RUNTIME, OP_ALTER_RUNTIME);
+    public static final ResourceOperationCode BACKUP_DISKSTORE = new ResourceOperationCode(ResourceConstants.BACKUP_DISKSTORE, OP_BACKUP_DISKSTORE);
+    public static final ResourceOperationCode CHANGE_ALERT_LEVEL = new ResourceOperationCode(ResourceConstants.CHANGE_ALERT_LEVEL, OP_CHANGE_ALERT_LEVEL);
+    public static final ResourceOperationCode CLOSE_DURABLE_CLIENT = new ResourceOperationCode(ResourceConstants.CLOSE_DURABLE_CLIENT, OP_CLOSE_DURABLE_CLIENT);
+    public static final ResourceOperationCode CLOSE_DURABLE_CQ = new ResourceOperationCode(ResourceConstants.CLOSE_DURABLE_CQ, OP_CLOSE_DURABLE_CQ);
+    public static final ResourceOperationCode COMPACT_DISKSTORE = new ResourceOperationCode(ResourceConstants.COMPACT_DISKSTORE, OP_COMPACT_DISKSTORE);
+    public static final ResourceOperationCode CONFIGURE_PDX = new ResourceOperationCode(ResourceConstants.CONFIGURE_PDX, OP_CONFIGURE_PDX);
+    public static final ResourceOperationCode CREATE_AEQ = new ResourceOperationCode(ResourceConstants.CREATE_AEQ, OP_CREATE_AEQ);
+    public static final ResourceOperationCode CREATE_DISKSTORE = new ResourceOperationCode(ResourceConstants.CREATE_DISKSTORE, OP_CREATE_DISKSTORE);
+    public static final ResourceOperationCode CREATE_GW_RECEIVER = new ResourceOperationCode(ResourceConstants.CREATE_GW_RECEIVER, OP_CREATE_GW_RECEIVER);
+    public static final ResourceOperationCode CREATE_GW_SENDER = new ResourceOperationCode(ResourceConstants.CREATE_GW_SENDER, OP_CREATE_GW_SENDER);
+    public static final ResourceOperationCode CREATE_INDEX = new ResourceOperationCode(ResourceConstants.CREATE_INDEX, OP_CREATE_INDEX);
+    public static final ResourceOperationCode CREATE_REGION = new ResourceOperationCode(ResourceConstants.CREATE_REGION, OP_CREATE_REGION);
+    public static final ResourceOperationCode DEPLOY = new ResourceOperationCode(ResourceConstants.DEPLOY, OP_DEPLOY);
+    public static final ResourceOperationCode DESTROY_DISKSTORE = new ResourceOperationCode(ResourceConstants.DESTROY_DISKSTORE, OP_DESTROY_DISKSTORE);
+    public static final ResourceOperationCode DESTROY_FUNCTION = new ResourceOperationCode(ResourceConstants.DESTROY_FUNCTION, OP_DESTROY_FUNCTION);
+    public static final ResourceOperationCode DESTROY_INDEX = new ResourceOperationCode(ResourceConstants.DESTROY_INDEX, OP_DESTROY_INDEX);
+    public static final ResourceOperationCode DESTROY_REGION = new ResourceOperationCode(ResourceConstants.DESTROY_REGION, OP_DESTROY_REGION);
+    public static final ResourceOperationCode EXECUTE_FUNCTION = new ResourceOperationCode(ResourceConstants.EXECUTE_FUNCTION, OP_EXECUTE_FUNCTION);
+    public static final ResourceOperationCode EXPORT_CONFIG = new ResourceOperationCode(ResourceConstants.EXPORT_CONFIG, OP_EXPORT_CONFIG);
+    public static final ResourceOperationCode EXPORT_DATA = new ResourceOperationCode(ResourceConstants.EXPORT_DATA, OP_EXPORT_DATA);
+    public static final ResourceOperationCode EXPORT_LOGS = new ResourceOperationCode(ResourceConstants.EXPORT_LOGS, OP_EXPORT_LOGS);
+    public static final ResourceOperationCode EXPORT_OFFLINE_DISKSTORE = new ResourceOperationCode(ResourceConstants.EXPORT_OFFLINE_DISKSTORE, OP_EXPORT_OFFLINE_DISKSTORE);
+    public static final ResourceOperationCode EXPORT_STACKTRACE = new ResourceOperationCode(ResourceConstants.EXPORT_STACKTRACE, OP_EXPORT_STACKTRACE);
+    public static final ResourceOperationCode GC = new ResourceOperationCode(ResourceConstants.GC, OP_GC);
+    public static final ResourceOperationCode GET = new ResourceOperationCode(ResourceConstants.GET, OP_GET);
+    public static final ResourceOperationCode IMPORT_CONFIG = new ResourceOperationCode(ResourceConstants.IMPORT_CONFIG, OP_IMPORT_CONFIG);
+    public static final ResourceOperationCode IMPORT_DATA = new ResourceOperationCode(ResourceConstants.IMPORT_DATA, OP_IMPORT_DATA);
+    public static final ResourceOperationCode LIST_DS = new ResourceOperationCode(ResourceConstants.LIST_DS, OP_LIST_DS);
+    public static final ResourceOperationCode LOAD_BALANCE_GW_SENDER = new ResourceOperationCode(ResourceConstants.LOAD_BALANCE_GW_SENDER, OP_LOAD_BALANCE_GW_SENDER);
+    public static final ResourceOperationCode LOCATE_ENTRY = new ResourceOperationCode(ResourceConstants.LOCATE_ENTRY, OP_LOCATE_ENTRY);
+    public static final ResourceOperationCode NETSTAT = new ResourceOperationCode(ResourceConstants.NETSTAT, OP_NETSTAT);
+    public static final ResourceOperationCode PAUSE_GW_SENDER = new ResourceOperationCode(ResourceConstants.PAUSE_GW_SENDER, OP_PAUSE_GW_SENDER);
+    public static final ResourceOperationCode PUT = new ResourceOperationCode(ResourceConstants.PUT, OP_PUT);
+    public static final ResourceOperationCode QUERY = new ResourceOperationCode(ResourceConstants.QUERY, OP_QUERY);
+    public static final ResourceOperationCode REBALANCE = new ResourceOperationCode(ResourceConstants.REBALANCE, OP_REBALANCE);
+    public static final ResourceOperationCode REMOVE = new ResourceOperationCode(ResourceConstants.REMOVE, OP_REMOVE);
+    public static final ResourceOperationCode RENAME_PDX = new ResourceOperationCode(ResourceConstants.RENAME_PDX, OP_RENAME_PDX);
+    public static final ResourceOperationCode RESUME_GW_SENDER = new ResourceOperationCode(ResourceConstants.RESUME_GW_SENDER, OP_RESUME_GW_SENDER);
+    public static final ResourceOperationCode REVOKE_MISSING_DISKSTORE = new ResourceOperationCode(ResourceConstants.REVOKE_MISSING_DISKSTORE, OP_REVOKE_MISSING_DISKSTORE);
+    public static final ResourceOperationCode SHOW_DEADLOCKS = new ResourceOperationCode(ResourceConstants.SHOW_DEADLOCKS, OP_SHOW_DEADLOCKS);
+    public static final ResourceOperationCode SHOW_LOG = new ResourceOperationCode(ResourceConstants.SHOW_LOG, OP_SHOW_LOG);
+    public static final ResourceOperationCode SHOW_METRICS = new ResourceOperationCode(ResourceConstants.SHOW_METRICS, OP_SHOW_METRICS);
+    public static final ResourceOperationCode SHOW_MISSING_DISKSTORES = new ResourceOperationCode(ResourceConstants.SHOW_MISSING_DISKSTORES, OP_SHOW_MISSING_DISKSTORES);
+    public static final ResourceOperationCode SHOW_SUBSCRIPTION_QUEUE_SIZE = new ResourceOperationCode(ResourceConstants.SHOW_SUBSCRIPTION_QUEUE_SIZE, OP_SHOW_SUBSCRIPTION_QUEUE_SIZE);
+    public static final ResourceOperationCode SHUTDOWN = new ResourceOperationCode(ResourceConstants.SHUTDOWN, OP_SHUTDOWN);
+    public static final ResourceOperationCode STOP_GW_RECEIVER = new ResourceOperationCode(ResourceConstants.STOP_GW_RECEIVER, OP_STOP_GW_RECEIVER);
+    public static final ResourceOperationCode STOP_GW_SENDER = new ResourceOperationCode(ResourceConstants.STOP_GW_SENDER, OP_STOP_GW_SENDER);
+    public static final ResourceOperationCode UNDEPLOY = new ResourceOperationCode(ResourceConstants.UNDEPLOY, OP_UNDEPLOY);
+    public static final ResourceOperationCode BACKUP_MEMBERS = new ResourceOperationCode(ResourceConstants.BACKUP_MEMBERS, OP_BACKUP_MEMBERS);
+    public static final ResourceOperationCode ROLL_DISKSTORE = new ResourceOperationCode(ResourceConstants.ROLL_DISKSTORE, OP_ROLL_DISKSTORE);
+    public static final ResourceOperationCode FORCE_COMPACTION = new ResourceOperationCode(ResourceConstants.FORCE_COMPACTION, OP_FORCE_COMPACTION);
+    public static final ResourceOperationCode FORCE_ROLL = new ResourceOperationCode(ResourceConstants.FORCE_ROLL, OP_FORCE_ROLL);
+    public static final ResourceOperationCode FLUSH_DISKSTORE = new ResourceOperationCode(ResourceConstants.FLUSH_DISKSTORE, OP_FLUSH_DISKSTORE);
+    public static final ResourceOperationCode START_GW_RECEIVER = new ResourceOperationCode(ResourceConstants.START_GW_RECEIVER, OP_START_GW_RECEIVER);
+    public static final ResourceOperationCode START_GW_SENDER = new ResourceOperationCode(ResourceConstants.START_GW_SENDER, OP_START_GW_SENDER);
+    public static final ResourceOperationCode BECOME_LOCK_GRANTOR = new ResourceOperationCode(ResourceConstants.BECOME_LOCK_GRANTOR, OP_BECOME_LOCK_GRANTOR);
+    public static final ResourceOperationCode START_MANAGER = new ResourceOperationCode(ResourceConstants.START_MANAGER, OP_START_MANAGER);
+    public static final ResourceOperationCode STOP_MANAGER = new ResourceOperationCode(ResourceConstants.STOP_MANAGER, OP_STOP_MANAGER);
+    public static final ResourceOperationCode CREATE_MANAGER = new ResourceOperationCode(ResourceConstants.CREATE_MANAGER, OP_CREATE_MANAGER);
+    public static final ResourceOperationCode STOP_CONTINUOUS_QUERY = new ResourceOperationCode(ResourceConstants.STOP_CONTINUOUS_QUERY, OP_STOP_CONTINUOUS_QUERY);
+    public static final ResourceOperationCode SET_DISK_USAGE = new ResourceOperationCode(ResourceConstants.SET_DISK_USAGE, OP_SET_DISK_USAGE);
+    public static final ResourceOperationCode CREATE_HDFS_STORE = new ResourceOperationCode(ResourceConstants.CREATE_HDFS_STORE, OP_CREATE_HDFS_STORE);
+    public static final ResourceOperationCode ALTER_HDFS_STORE = new ResourceOperationCode(ResourceConstants.ALTER_HDFS_STORE, OP_ALTER_HDFS_STORE);
+    public static final ResourceOperationCode DESTROY_HDFS_STORE = new ResourceOperationCode(ResourceConstants.DESTROY_HDFS_STORE, OP_DESTROY_HDFS_STORE);
+    
+
+    public static final ResourceOperationCode PULSE_DASHBOARD = new ResourceOperationCode(
+        ResourceConstants.PULSE_DASHBOARD, OP_PULSE_DASHBOARD);
+    public static final ResourceOperationCode PULSE_DATABROWSER = new ResourceOperationCode(
+        ResourceConstants.PULSE_DATABROWSER, OP_PULSE_DATABROWSER);
+    public static final ResourceOperationCode PULSE_WEBGFSH = new ResourceOperationCode(
+        ResourceConstants.PULSE_WEBGFSH, OP_PULSE_WEBGFSH);
+    public static final ResourceOperationCode PULSE_ADMIN_V1 = new ResourceOperationCode(
+        ResourceConstants.PULSE_ADMIN_V1, OP_PULSE_ADMIN_V1);
+      
+    public static final ResourceOperationCode DATA_READ = new ResourceOperationCode(ResourceConstants.DATA_READ, 
+        OP_DATA_READ,
+        new ResourceOperationCode[]{ 
+          LIST_DS, 
+          PULSE_DASHBOARD
+    });
+    
+    public static final ResourceOperationCode DATA_WRITE = new ResourceOperationCode(ResourceConstants.DATA_WRITE,
+        OP_DATA_WRITE,
+        new ResourceOperationCode[]{ 
+          DATA_READ, 
+          QUERY, 
+          BECOME_LOCK_GRANTOR, 
+          PUT, 
+          REMOVE, 
+          EXECUTE_FUNCTION, 
+          PULSE_DATABROWSER
+    });
+    
+    public static final ResourceOperationCode MONITOR = new ResourceOperationCode(ResourceConstants.MONITOR,
+        OP_MONITOR,
+        new ResourceOperationCode[] {
+          DATA_READ, 
+          EXPORT_CONFIG,
+          EXPORT_DATA,
+          EXPORT_LOGS,
+          EXPORT_OFFLINE_DISKSTORE,
+          EXPORT_STACKTRACE,
+          SHOW_DEADLOCKS,
+          SHOW_LOG,
+          SHOW_METRICS,
+          SHOW_MISSING_DISKSTORES,
+          SHOW_SUBSCRIPTION_QUEUE_SIZE       
+    });
+    
+    public static final ResourceOperationCode ADMIN = new ResourceOperationCode(ResourceConstants.ADMIN,
+        OP_ADMIN,
+        new ResourceOperationCode[] {
+          DATA_WRITE,
+          MONITOR,
+          ALTER_REGION,
+          ALTER_RUNTIME,
+          BACKUP_DISKSTORE,
+          CHANGE_ALERT_LEVEL,
+          CLOSE_DURABLE_CLIENT,
+          CLOSE_DURABLE_CQ,
+          COMPACT_DISKSTORE,
+          CONFIGURE_PDX,
+          CREATE_AEQ,
+          CREATE_DISKSTORE,
+          CREATE_GW_RECEIVER,
+          CREATE_GW_SENDER,
+          CREATE_INDEX,
+          CREATE_REGION,
+          DEPLOY,
+          DESTROY_DISKSTORE,
+          DESTROY_FUNCTION,
+          DESTROY_INDEX,
+          DESTROY_REGION,
+          GC,
+          GET,
+          IMPORT_CONFIG,
+          IMPORT_DATA,
+          LIST_DS,
+          LOAD_BALANCE_GW_SENDER,
+          LOCATE_ENTRY,
+          NETSTAT,
+          PAUSE_GW_SENDER,
+          REBALANCE,
+          RENAME_PDX,
+          RESUME_GW_SENDER,
+          REVOKE_MISSING_DISKSTORE,
+          SHUTDOWN,
+          STOP_GW_RECEIVER,
+          STOP_GW_SENDER,
+          UNDEPLOY,
+          BACKUP_MEMBERS,
+          ROLL_DISKSTORE,
+          FORCE_COMPACTION,
+          FORCE_ROLL,
+          FLUSH_DISKSTORE,
+          START_GW_RECEIVER,
+          START_GW_SENDER,
+          START_MANAGER,
+          STOP_MANAGER,
+          CREATE_MANAGER,
+          STOP_CONTINUOUS_QUERY,
+          SET_DISK_USAGE,
+          PULSE_WEBGFSH,
+          PULSE_ADMIN_V1
+    });
+    
+      
+    private final String name;
+    private final int opCode;
+    private final List<ResourceOperationCode> children;    
+
+    private ResourceOperationCode(String name, int opCode) {
+      this.name = name;
+      this.opCode = opCode;
+      VALUES[opCode] = this;
+      OperationNameMap.put(name, this);
+      this.children = null;
+    }
+
+    private ResourceOperationCode(String name, int opCode, ResourceOperationCode[] children) {
+      this.name = name;
+      this.opCode = opCode;
+      VALUES[opCode] = this;
+      OperationNameMap.put(name, this);      
+      this.children = new ArrayList<ResourceOperationCode>();
+      for(ResourceOperationCode code : children) {
+        this.children.add(code);
       }
+    }
+      
+    public List<ResourceOperationCode> getChildren() {
+      return Collections.unmodifiableList(children);
+    }
+    
+    public void addChild(ResourceOperationCode code) {
+      this.children.add(code);
+    }
+
+    /**
+     * Returns the <code>OperationCode</code> represented by specified int.
+     */
+    public static ResourceOperationCode fromOrdinal(int opCode) {
+      return VALUES[opCode];
+    }
+
+    /**
+     * Returns the <code>OperationCode</code> represented by specified string.
+     */
+    public static ResourceOperationCode parse(String operationName) {
+      return OperationNameMap.get(operationName);
+    }
+
+    /**
+     * Returns the int representing this operation code.
+     * 
+     * @return a int representing this operation.
+     */
+    public int toOrdinal() {
+      return this.opCode;
+    }
+
+    /**
+     * Returns a string representation for this operation.
+     * 
+     * @return the name of this operation.
+     */
+    @Override
+    final public String toString() {
+      return this.name;
+    }
+
+    /**
+     * Indicates whether other object is same as this one.
+     * 
+     * @return true if other object is same as this one.
+     */
+    @Override
+    final public boolean equals(final Object obj) {
+      if (obj == this) {
+        return true;
+      }
+      if (!(obj instanceof ResourceOperationCode)) {
+        return false;
+      }
+      final ResourceOperationCode other = (ResourceOperationCode) obj;
+      return (other.opCode == this.opCode);
+    }
+
+    /**
+     * Indicates whether other <code>OperationCode</code> is same as this one.
+     * 
+     * @return true if other <code>OperationCode</code> is same as this one.
+     */
+    final public boolean equals(final ResourceOperationCode opCode) {
+      return (opCode != null && opCode.opCode == this.opCode);
+    }
+
+    /**
+     * Returns a hash code value for this <code>OperationCode</code> which is
+     * the same as the int representing its operation type.
+     * 
+     * @return the hashCode of this operation.
+     */
+    @Override
+    final public int hashCode() {
+      return this.opCode;
+    }
+    
+    /**
+     * Returns true if passed operation is same or any one of its
+     * children
+     * 
+     * @param op
+     * @return true if  <code>OperationCode</code> matches 
+     */
+    public boolean allowedOp(ResourceOperationCode op) {
+      if(this.equals(op))
+        return true;
+      else {
+        if(children!=null) {
+          for(ResourceOperationCode child : children) {
+            if(child.allowedOp(op))
+              return true;
+          }
+        }
+      }
+      return false;
+    }
+  }
+
+  public abstract ResourceOperationCode getResourceOperationCode();
+   
+  @Override
+  public boolean isClientUpdate() {
+    return false;
+  }
+  
+  @Override
+  public boolean isPostOperation() {
+    return isPostOperation;
+  }
+
+  public void setPostOperationResult(Object result) {
+    this.isPostOperation = true;
+    this.opResult = result;
+  }
+  
+  public Object getOperationResult() {
+    return this.opResult;
+  }
 
-      /**
-	     * Returns the <code>OperationCode</code> represented by specified byte.
-	     */
-	    public static ResourceOperationCode fromOrdinal(byte opCode) {
-	      return VALUES[opCode];
-	    }
-
-	    /**
-	     * Returns the <code>OperationCode</code> represented by specified string.
-	     */
-	    public static ResourceOperationCode parse(String operationName) {
-	      return (ResourceOperationCode)OperationNameMap.get(operationName);
-	    }
-
-	    /**
-	     * Returns the byte representing this operation code.
-	     * 
-	     * @return a byte representing this operation.
-	     */
-	    public byte toOrdinal() {
-	      return this.opCode;
-	    }
-
-	    /**
-	     * Returns a string representation for this operation.
-	     * 
-	     * @return the name of this operation.
-	     */
-	    @Override
-	    final public String toString() {
-	      return this.name;
-	    }
-
-	    /**
-	     * Indicates whether other object is same as this one.
-	     * 
-	     * @return true if other object is same as this one.
-	     */
-	    @Override
-	    final public boolean equals(final Object obj) {
-	      if (obj == this) {
-	        return true;
-	      }
-	      if (!(obj instanceof ResourceOperationCode)) {
-	        return false;
-	      }
-	      final ResourceOperationCode other = (ResourceOperationCode)obj;
-	      return (other.opCode == this.opCode);
-	    }
-
-	    /**
-	     * Indicates whether other <code>OperationCode</code> is same as this one.
-	     * 
-	     * @return true if other <code>OperationCode</code> is same as this one.
-	     */
-	    final public boolean equals(final ResourceOperationCode opCode) {
-	      return (opCode != null && opCode.opCode == this.opCode);
-	    }
-
-	    /**
-	     * Returns a hash code value for this <code>OperationCode</code> which is
-	     * the same as the byte representing its operation type.
-	     * 
-	     * @return the hashCode of this operation.
-	     */
-	    @Override
-	    final public int hashCode() {
-	      return this.opCode;
-	    }
-
-	    
-	 }
-	
-
-	 public abstract ResourceOperationCode getResourceOperationCode();
-	 
-	 /*
-	@Override
-	public OperationCode getOperationCode() {
-		// TODO Auto-generated method stub
-		return null;
-	}*/
-
-	@Override
-	public boolean isPostOperation() {
-		return false;
-	}
-
-}
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d511979e/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/security/SetAttributesOperationContext.java
----------------------------------------------------------------------
diff --git a/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/security/SetAttributesOperationContext.java b/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/security/SetAttributesOperationContext.java
new file mode 100644
index 0000000..33f4ad9
--- /dev/null
+++ b/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/security/SetAttributesOperationContext.java
@@ -0,0 +1,39 @@
+package com.gemstone.gemfire.management.internal.security;
+
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * Used to encapsulate Context passed AccessControl Plugin for each of the
+ * attributes in attribute list passed to setAttributes call on given MBean  
+ * 
+ * @author tushark
+ * @since 9.0
+ */
+public class SetAttributesOperationContext extends ResourceOperationContext {
+  
+  private Map<String,ResourceOperationContext> contextMap = null;
+  
+  public SetAttributesOperationContext(){
+    contextMap = new HashMap<String,ResourceOperationContext>();
+  }
+  
+  public void addAttribute(String attr, ResourceOperationContext setterContext) {
+    this.contextMap.put(attr, setterContext);
+  }
+  
+  public Map<String,ResourceOperationContext> getAttributesContextMap(){
+    return contextMap;
+  }
+
+  @Override
+  public ResourceOperationCode getResourceOperationCode() {    
+    return null;
+  }
+
+  @Override
+  public OperationCode getOperationCode() {    
+    return null;
+  }
+
+}

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d511979e/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/AbstractCommandsController.java
----------------------------------------------------------------------
diff --git a/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/AbstractCommandsController.java b/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/AbstractCommandsController.java
index 73ce926..0aa614f 100644
--- a/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/AbstractCommandsController.java
+++ b/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/AbstractCommandsController.java
@@ -8,35 +8,53 @@
 
 package com.gemstone.gemfire.management.internal.web.controllers;
 
+import static com.gemstone.gemfire.management.internal.security.ResourceConstants.ACCESS_DENIED_MESSAGE;
+
 import java.io.PrintWriter;
 import java.io.StringWriter;
 import java.lang.management.ManagementFactory;
 import java.net.URI;
+import java.security.Principal;
 import java.util.Collection;
 import java.util.HashMap;
 import java.util.Iterator;
 import java.util.Map;
+import java.util.Properties;
 import java.util.Set;
+
 import javax.management.JMX;
 import javax.management.MBeanServer;
 import javax.management.MalformedObjectNameException;
 import javax.management.ObjectName;
 import javax.management.Query;
 import javax.management.QueryExp;
+import javax.management.remote.JMXPrincipal;
+import javax.security.auth.Subject;
 
+import com.gemstone.gemfire.GemFireConfigException;
+import com.gemstone.gemfire.cache.CacheFactory;
+import com.gemstone.gemfire.internal.cache.GemFireCacheImpl;
 import com.gemstone.gemfire.internal.lang.StringUtils;
 import com.gemstone.gemfire.internal.logging.LogService;
 import com.gemstone.gemfire.internal.logging.log4j.LogMarker;
 import com.gemstone.gemfire.internal.util.ArrayUtils;
 import com.gemstone.gemfire.management.DistributedSystemMXBean;
+import com.gemstone.gemfire.management.ManagementService;
 import com.gemstone.gemfire.management.MemberMXBean;
 import com.gemstone.gemfire.management.internal.MBeanJMXAdapter;
 import com.gemstone.gemfire.management.internal.ManagementConstants;
+import com.gemstone.gemfire.management.internal.SystemManagementService;
 import com.gemstone.gemfire.management.internal.cli.shell.Gfsh;
 import com.gemstone.gemfire.management.internal.cli.util.CommandStringBuilder;
+import com.gemstone.gemfire.management.internal.security.CLIOperationContext;
+import com.gemstone.gemfire.management.internal.security.MBeanServerWrapper;
+import com.gemstone.gemfire.management.internal.security.ResourceConstants;
+import com.gemstone.gemfire.management.internal.security.ResourceOperationContext;
 import com.gemstone.gemfire.management.internal.web.controllers.support.EnvironmentVariablesHandlerInterceptor;
 import com.gemstone.gemfire.management.internal.web.controllers.support.MemberMXBeanAdapter;
 import com.gemstone.gemfire.management.internal.web.util.UriUtils;
+import com.gemstone.gemfire.security.AccessControl;
+import com.gemstone.gemfire.security.Authenticator;
 
 import org.apache.logging.log4j.Logger;
 import org.springframework.beans.propertyeditors.StringArrayPropertyEditor;
@@ -46,6 +64,7 @@ import org.springframework.web.bind.WebDataBinder;
 import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.springframework.web.bind.annotation.InitBinder;
 import org.springframework.web.bind.annotation.ResponseBody;
+import org.springframework.web.bind.annotation.ResponseStatus;
 import org.springframework.web.context.request.WebRequest;
 import org.springframework.web.servlet.support.ServletUriComponentsBuilder;
 
@@ -71,6 +90,27 @@ public abstract class AbstractCommandsController {
   protected static final String REST_API_VERSION = "/v1";
 
   private MemberMXBean managingMemberMXBeanProxy;
+  
+
+  
+  private Class accessControlKlass;
+  
+  private GemFireCacheImpl cache;
+  
+  // Convert a predefined exception to an HTTP Status code
+  @ResponseStatus(value=HttpStatus.UNAUTHORIZED, reason="Not authenticated")  // 401
+  @ExceptionHandler(com.gemstone.gemfire.security.AuthenticationFailedException.class)
+  public void authenticate() {
+    
+  }
+  
+  // Convert a predefined exception to an HTTP Status code
+  @ResponseStatus(value=HttpStatus.FORBIDDEN, reason="Access Denied")  // 403
+  @ExceptionHandler(java.lang.SecurityException.class)
+  public void authorize() {
+   
+  }
+  
 
   /**
    * Asserts the argument is valid, as determined by the caller passing the result of an evaluated expression to this
@@ -401,8 +441,8 @@ public abstract class AbstractCommandsController {
       final DistributedSystemMXBean distributedSystemMXBean = JMX.newMXBeanProxy(platformMBeanServer,
         MBeanJMXAdapter.getDistributedSystemName(), DistributedSystemMXBean.class);
 
-      //managingMemberMXBeanProxy = createMemberMXBeanForManagerUsingAdapter(platformMBeanServer,
-      //  distributedSystemMXBean.getMemberObjectName());
+      /*managingMemberMXBeanProxy = createMemberMXBeanForManagerUsingAdapter(platformMBeanServer,
+      distributedSystemMXBean.getMemberObjectName());*/
 
       managingMemberMXBeanProxy = createMemberMXBeanForManagerUsingProxy(platformMBeanServer,
         distributedSystemMXBean.getMemberObjectName());
@@ -410,6 +450,15 @@ public abstract class AbstractCommandsController {
 
     return managingMemberMXBeanProxy;
   }
+  
+  protected synchronized ObjectName getMemberObjectName() {
+    final MBeanServer platformMBeanServer = getMBeanServer();
+
+    final DistributedSystemMXBean distributedSystemMXBean = JMX.newMXBeanProxy(platformMBeanServer,
+        MBeanJMXAdapter.getDistributedSystemName(), DistributedSystemMXBean.class);
+
+    return distributedSystemMXBean.getMemberObjectName();
+  }
 
   /**
    * Creates an Adapter using the Platform MBeanServer and ObjectName to invoke operations on the GemFire Manager's
@@ -449,7 +498,6 @@ public abstract class AbstractCommandsController {
    */
   protected Map<String, String> getEnvironment() {
     final Map<String, String> environment = new HashMap<String, String>();
-
     environment.putAll(EnvironmentVariablesHandlerInterceptor.getEnvironment());
     environment.put(Gfsh.ENV_APP_NAME, Gfsh.GFSH_APP_NAME);
 
@@ -505,6 +553,13 @@ public abstract class AbstractCommandsController {
   protected String processCommand(final String command) {
     return processCommand(command, getEnvironment(), null);
   }
+  
+  protected String processCommandWithCredentials(final String command, Properties credentials) {
+    if (credentials != null) {
+      EnvironmentVariablesHandlerInterceptor.CREDENTIALS.set(credentials);
+    }
+    return processCommand(command, getEnvironment(), null);
+  }
 
   /**
    * Executes the specified command as entered by the user using the GemFire Shell (Gfsh).  Note, Gfsh performs
@@ -522,6 +577,13 @@ public abstract class AbstractCommandsController {
   protected String processCommand(final String command, final byte[][] fileData) {
     return processCommand(command, getEnvironment(), fileData);
   }
+  
+  protected String processCommandWithCredentials(final String command, final byte[][] fileData, Properties credentials) {
+    if (credentials != null) {
+      EnvironmentVariablesHandlerInterceptor.CREDENTIALS.set(credentials);
+    }
+    return processCommand(command, getEnvironment(), fileData);
+  }
 
   /**
    * Executes the specified command as entered by the user using the GemFire Shell (Gfsh).  Note, Gfsh performs
@@ -556,11 +618,42 @@ public abstract class AbstractCommandsController {
    * @see com.gemstone.gemfire.management.MemberMXBean#processCommand(String, java.util.Map, Byte[][])
    */
   protected String processCommand(final String command, final Map<String, String> environment, final byte[][] fileData) {
-    logger.info(LogMarker.CONFIG, "Processing Command ({}) with Environment ({}) having File Data ({})...",
-        command, environment, (fileData != null));
+    logger.info(LogMarker.CONFIG, "Processing Command ({}) with Environment ({}) having File Data ({})...", command,
+        environment, (fileData != null));
+
+    ResourceOperationContext ctx = authorize(command);
+
+    String result =  getManagingMemberMXBean().processCommand(command, environment, ArrayUtils.toByteArray(fileData));
+    
+    ctx = postAuthorize(command, ctx, result);
+    
+    return result;
+  }
+
+  protected ResourceOperationContext authorize(final String command) {
+
     
-    return getManagingMemberMXBean().processCommand(command, environment, ArrayUtils.toByteArray(fileData));
+    SystemManagementService service = (SystemManagementService) ManagementService
+        .getExistingManagementService(CacheFactory.getAnyInstance());
+    Properties credentials = EnvironmentVariablesHandlerInterceptor.CREDENTIALS.get();
+    CLIOperationContext context = new CLIOperationContext(command);
+    service.getAuthManager().authorize(credentials, context);
+    return context;
+  }
+  
+  protected ResourceOperationContext postAuthorize(final String command, ResourceOperationContext context, Object result) {
+
+    context.setPostOperationResult(result);
+    SystemManagementService service = (SystemManagementService) ManagementService
+        .getExistingManagementService(CacheFactory.getAnyInstance());
+    Properties credentials = EnvironmentVariablesHandlerInterceptor.CREDENTIALS.get();
+
+    service.getAuthManager().postAuthorize(credentials, context);
+    return context;
   }
+  
+  
+
 
   /**
    * The MemberMXBeanProxy class is a proxy for the MemberMXBean interface transforming an operation on the member

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d511979e/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/ConfigCommandsController.java
----------------------------------------------------------------------
diff --git a/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/ConfigCommandsController.java b/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/ConfigCommandsController.java
index 517d942..04197c5 100644
--- a/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/ConfigCommandsController.java
+++ b/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/ConfigCommandsController.java
@@ -8,11 +8,13 @@
 package com.gemstone.gemfire.management.internal.web.controllers;
 
 import java.io.IOException;
+import java.util.Properties;
 import java.util.concurrent.Callable;
 
 import com.gemstone.gemfire.internal.lang.StringUtils;
 import com.gemstone.gemfire.management.internal.cli.i18n.CliStrings;
 import com.gemstone.gemfire.management.internal.cli.util.CommandStringBuilder;
+import com.gemstone.gemfire.management.internal.web.controllers.support.EnvironmentVariablesHandlerInterceptor;
 import com.gemstone.gemfire.management.internal.web.util.ConvertUtils;
 
 import org.springframework.http.HttpStatus;
@@ -160,9 +162,11 @@ public class ConfigCommandsController extends AbstractMultiPartCommandsControlle
       command.addOption(CliStrings.EXPORT_CONFIG__DIR, decode(directory));
     }
 
+    final Properties credentials = EnvironmentVariablesHandlerInterceptor.CREDENTIALS.get();
+    
     return new Callable<ResponseEntity<String>>() {
       @Override public ResponseEntity<String> call() throws Exception {
-        return new ResponseEntity<String>(processCommand(command.toString()), HttpStatus.OK);
+        return new ResponseEntity<String>(processCommandWithCredentials(command.toString(), credentials), HttpStatus.OK);
       }
     };
   }
@@ -179,9 +183,11 @@ public class ConfigCommandsController extends AbstractMultiPartCommandsControlle
       command.addOption(CliStrings.EXPORT_SHARED_CONFIG__DIR, directory);
     }
 
+    final Properties credentials = EnvironmentVariablesHandlerInterceptor.CREDENTIALS.get();
+    
     return new Callable<ResponseEntity<String>>() {
       @Override public ResponseEntity<String> call() throws Exception {
-        return new ResponseEntity<String>(processCommand(command.toString()), HttpStatus.OK);
+        return new ResponseEntity<String>(processCommandWithCredentials(command.toString(), credentials), HttpStatus.OK);
       }
     };
   }
@@ -195,9 +201,11 @@ public class ConfigCommandsController extends AbstractMultiPartCommandsControlle
 
     command.addOption(CliStrings.IMPORT_SHARED_CONFIG__ZIP, zipFileName);
 
+    final Properties credentials = EnvironmentVariablesHandlerInterceptor.CREDENTIALS.get();
+    
     return new Callable<ResponseEntity<String>>() {
       @Override public ResponseEntity<String> call() throws Exception {
-        return new ResponseEntity<String>(processCommand(command.toString(), ConvertUtils.convert(zipFileResources)), HttpStatus.OK);
+        return new ResponseEntity<String>(processCommandWithCredentials(command.toString(), ConvertUtils.convert(zipFileResources), credentials), HttpStatus.OK);
       }
     };
   }

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d511979e/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/DataCommandsController.java
----------------------------------------------------------------------
diff --git a/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/DataCommandsController.java b/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/DataCommandsController.java
index 6767ec1..d11a380 100644
--- a/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/DataCommandsController.java
+++ b/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/DataCommandsController.java
@@ -7,11 +7,13 @@
  */
 package com.gemstone.gemfire.management.internal.web.controllers;
 
+import java.util.Properties;
 import java.util.concurrent.Callable;
 
 import com.gemstone.gemfire.internal.lang.StringUtils;
 import com.gemstone.gemfire.management.internal.cli.i18n.CliStrings;
 import com.gemstone.gemfire.management.internal.cli.util.CommandStringBuilder;
+import com.gemstone.gemfire.management.internal.web.controllers.support.EnvironmentVariablesHandlerInterceptor;
 
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
@@ -129,9 +131,11 @@ public class DataCommandsController extends AbstractCommandsController {
     command.addOption(CliStrings.EXPORT_DATA__REGION, decode(regionNamePath));
     command.addOption(CliStrings.EXPORT_DATA__FILE, decode(file));
 
+    final Properties credentials = EnvironmentVariablesHandlerInterceptor.CREDENTIALS.get();
+    
     return new Callable<ResponseEntity<String>>() {
       @Override public ResponseEntity<String> call() throws Exception {
-        return new ResponseEntity<String>(processCommand(command.toString()), HttpStatus.OK);
+        return new ResponseEntity<String>(processCommandWithCredentials(command.toString(), credentials), HttpStatus.OK);
       }
     };
   }
@@ -147,9 +151,11 @@ public class DataCommandsController extends AbstractCommandsController {
     command.addOption(CliStrings.IMPORT_DATA__REGION, decode(regionNamePath));
     command.addOption(CliStrings.IMPORT_DATA__FILE, decode(file));
 
+    final Properties credentials = EnvironmentVariablesHandlerInterceptor.CREDENTIALS.get();
+    
     return new Callable<ResponseEntity<String>>() {
       @Override public ResponseEntity<String> call() throws Exception {
-        return new ResponseEntity<String>(processCommand(command.toString()), HttpStatus.OK);
+        return new ResponseEntity<String>(processCommandWithCredentials(command.toString(), credentials), HttpStatus.OK);
       }
     };
   }
@@ -194,9 +200,11 @@ public class DataCommandsController extends AbstractCommandsController {
     command.addOption(CliStrings.QUERY__STEPNAME, stepName);
     command.addOption(CliStrings.QUERY__INTERACTIVE, String.valueOf(Boolean.TRUE.equals(interactive)));
 
+    final Properties credentials = EnvironmentVariablesHandlerInterceptor.CREDENTIALS.get();
+    
     return new Callable<ResponseEntity<String>>() {
       @Override public ResponseEntity<String> call() throws Exception {
-        return new ResponseEntity<String>(processCommand(command.toString()), HttpStatus.OK);
+        return new ResponseEntity<String>(processCommandWithCredentials(command.toString(), credentials), HttpStatus.OK);
       }
     };
   }
@@ -222,9 +230,11 @@ public class DataCommandsController extends AbstractCommandsController {
     command.addOption(CliStrings.REBALANCE__SIMULATE, String.valueOf(simulate));
     command.addOption(CliStrings.REBALANCE__TIMEOUT, String.valueOf(timeout));
 
+    final Properties credentials = EnvironmentVariablesHandlerInterceptor.CREDENTIALS.get();
+    
     return new Callable<ResponseEntity<String>>() {
       public ResponseEntity<String> call() throws Exception {
-        return new ResponseEntity<String>(processCommand(command.toString()), HttpStatus.OK);
+        return new ResponseEntity<String>(processCommandWithCredentials(command.toString(), credentials), HttpStatus.OK);
       }
     };
   }

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d511979e/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/DiskStoreCommandsController.java
----------------------------------------------------------------------
diff --git a/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/DiskStoreCommandsController.java b/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/DiskStoreCommandsController.java
index 2df3432..3cbffe4 100644
--- a/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/DiskStoreCommandsController.java
+++ b/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/DiskStoreCommandsController.java
@@ -7,11 +7,14 @@
  */
 package com.gemstone.gemfire.management.internal.web.controllers;
 
+import java.util.Properties;
 import java.util.concurrent.Callable;
 
 import com.gemstone.gemfire.internal.lang.StringUtils;
 import com.gemstone.gemfire.management.internal.cli.i18n.CliStrings;
 import com.gemstone.gemfire.management.internal.cli.util.CommandStringBuilder;
+import com.gemstone.gemfire.management.internal.security.CLIOperationContext;
+import com.gemstone.gemfire.management.internal.web.controllers.support.EnvironmentVariablesHandlerInterceptor;
 
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
@@ -60,9 +63,11 @@ public class DiskStoreCommandsController extends AbstractCommandsController {
       command.addOption(CliStrings.BACKUP_DISK_STORE__BASELINEDIR, decode(baselineDir));
     }
 
+    final Properties credentials = EnvironmentVariablesHandlerInterceptor.CREDENTIALS.get();
+
     return new Callable<ResponseEntity<String>>() {
       @Override public ResponseEntity<String> call() throws Exception {
-        return new ResponseEntity<String>(processCommand(command.toString()), HttpStatus.OK);
+        return new ResponseEntity<String>(processCommandWithCredentials(command.toString(), credentials), HttpStatus.OK);
       }
     };
   }
@@ -79,9 +84,11 @@ public class DiskStoreCommandsController extends AbstractCommandsController {
       command.addOption(CliStrings.COMPACT_DISK_STORE__GROUP, StringUtils.concat(groups, StringUtils.COMMA_DELIMITER));
     }
 
+    final Properties credentials = EnvironmentVariablesHandlerInterceptor.CREDENTIALS.get();
+    
     return new Callable<ResponseEntity<String>>() {
       @Override public ResponseEntity<String> call() throws Exception {
-        return new ResponseEntity<String>(processCommand(command.toString()), HttpStatus.OK);
+        return new ResponseEntity<String>(processCommandWithCredentials(command.toString(), credentials), HttpStatus.OK);
       }
     };
   }

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d511979e/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/FunctionCommandsController.java
----------------------------------------------------------------------
diff --git a/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/FunctionCommandsController.java b/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/FunctionCommandsController.java
index de81543..3001778 100644
--- a/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/FunctionCommandsController.java
+++ b/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/FunctionCommandsController.java
@@ -7,11 +7,13 @@
  */
 package com.gemstone.gemfire.management.internal.web.controllers;
 
+import java.util.Properties;
 import java.util.concurrent.Callable;
 
 import com.gemstone.gemfire.internal.lang.StringUtils;
 import com.gemstone.gemfire.management.internal.cli.i18n.CliStrings;
 import com.gemstone.gemfire.management.internal.cli.util.CommandStringBuilder;
+import com.gemstone.gemfire.management.internal.web.controllers.support.EnvironmentVariablesHandlerInterceptor;
 
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
@@ -102,9 +104,12 @@ public class FunctionCommandsController extends AbstractCommandsController {
       command.addOption(CliStrings.EXECUTE_FUNCTION__RESULTCOLLECTOR, resultCollector);
     }
 
+    
+    final Properties credentials = EnvironmentVariablesHandlerInterceptor.CREDENTIALS.get();
+    
     return new Callable<ResponseEntity<String>>() {
       @Override public ResponseEntity<String> call() throws Exception {
-        return new ResponseEntity<String>(processCommand(command.toString()), HttpStatus.OK);
+        return new ResponseEntity<String>(processCommandWithCredentials(command.toString(), credentials), HttpStatus.OK);
       }
     };
   }

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d511979e/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/MiscellaneousCommandsController.java
----------------------------------------------------------------------
diff --git a/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/MiscellaneousCommandsController.java b/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/MiscellaneousCommandsController.java
index 66d344f..67c4b11 100644
--- a/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/MiscellaneousCommandsController.java
+++ b/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/MiscellaneousCommandsController.java
@@ -7,11 +7,13 @@
  */
 package com.gemstone.gemfire.management.internal.web.controllers;
 
+import java.util.Properties;
 import java.util.concurrent.Callable;
 
 import com.gemstone.gemfire.internal.lang.StringUtils;
 import com.gemstone.gemfire.management.internal.cli.i18n.CliStrings;
 import com.gemstone.gemfire.management.internal.cli.util.CommandStringBuilder;
+import com.gemstone.gemfire.management.internal.web.controllers.support.EnvironmentVariablesHandlerInterceptor;
 
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
@@ -78,10 +80,12 @@ public class MiscellaneousCommandsController extends AbstractCommandsController
     if (hasValue(endTime)) {
       command.addOption(CliStrings.EXPORT_LOGS__ENDTIME, endTime);
     }
-
+    
+    final Properties credentials = EnvironmentVariablesHandlerInterceptor.CREDENTIALS.get();
+    
     return new Callable<ResponseEntity<String>>() {
       @Override public ResponseEntity<String> call() throws Exception {
-        return new ResponseEntity<String>(processCommand(command.toString()), HttpStatus.OK);
+        return new ResponseEntity<String>(processCommandWithCredentials(command.toString(), credentials), HttpStatus.OK);
       }
     };
   }

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d511979e/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/WanCommandsController.java
----------------------------------------------------------------------
diff --git a/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/WanCommandsController.java b/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/WanCommandsController.java
index 97f9bbe..6e2bb40 100644
--- a/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/WanCommandsController.java
+++ b/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/WanCommandsController.java
@@ -257,7 +257,7 @@ public class WanCommandsController extends AbstractCommandsController {
                                     @RequestParam(value = CliStrings.RESUME_GATEWAYSENDER__GROUP, required = false) final String[] groups,
                                     @RequestParam(value = CliStrings.RESUME_GATEWAYSENDER__MEMBER, required = false) final String[] members)
   {
-    CommandStringBuilder command = new CommandStringBuilder(CliStrings.RESUME_GATEWAYSENDER__ID);
+    CommandStringBuilder command = new CommandStringBuilder(CliStrings.RESUME_GATEWAYSENDER);
 
     command.addOption(CliStrings.RESUME_GATEWAYSENDER__ID, decode(gatewaySenderId));
 

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d511979e/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/WanCommandsController.java.rej
----------------------------------------------------------------------
diff --git a/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/WanCommandsController.java.rej b/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/WanCommandsController.java.rej
new file mode 100644
index 0000000..f8ce82a
--- /dev/null
+++ b/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/WanCommandsController.java.rej
@@ -0,0 +1,10 @@
+diff a/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/WanCommandsController.java b/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/WanCommandsController.java	(rejected hunks)
+@@ -298,7 +298,7 @@ public class WanCommandsController extends AbstractCommandsController {
+                                    @RequestParam(value = CliStrings.START_GATEWAYSENDER__GROUP, required = false) final String[] groups,
+                                    @RequestParam(value = CliStrings.START_GATEWAYSENDER__MEMBER, required = false) final String[] members)
+   {
+-    CommandStringBuilder command = new CommandStringBuilder(CliStrings.START_GATEWAYRECEIVER);
++    CommandStringBuilder command = new CommandStringBuilder(CliStrings.START_GATEWAYSENDER);
+ 
+     command.addOption(CliStrings.START_GATEWAYSENDER__ID, gatewaySenderId);
+ 

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d511979e/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/support/EnvironmentVariablesHandlerInterceptor.java
----------------------------------------------------------------------
diff --git a/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/support/EnvironmentVariablesHandlerInterceptor.java b/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/support/EnvironmentVariablesHandlerInterceptor.java
index 8ebed02..47a58d7 100644
--- a/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/support/EnvironmentVariablesHandlerInterceptor.java
+++ b/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/support/EnvironmentVariablesHandlerInterceptor.java
@@ -7,15 +7,47 @@
  */
 package com.gemstone.gemfire.management.internal.web.controllers.support;
 
+import java.lang.reflect.Method;
+import java.security.Principal;
 import java.util.Collections;
 import java.util.Enumeration;
 import java.util.HashMap;
+import java.util.Iterator;
 import java.util.Map;
+import java.util.Properties;
+import java.util.Set;
+import java.util.Map.Entry;
+
+import javax.management.remote.JMXPrincipal;
+import javax.security.auth.Subject;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
 
+import com.gemstone.gemfire.GemFireConfigException;
+import com.gemstone.gemfire.cache.Cache;
+import com.gemstone.gemfire.cache.CacheFactory;
+import com.gemstone.gemfire.distributed.DistributedMember;
+import com.gemstone.gemfire.distributed.DistributedSystem;
+import com.gemstone.gemfire.distributed.internal.DistributionConfig;
+import com.gemstone.gemfire.internal.ClassLoadUtil;
+import com.gemstone.gemfire.internal.cache.GemFireCacheImpl;
+import com.gemstone.gemfire.internal.i18n.LocalizedStrings;
+import com.gemstone.gemfire.internal.logging.InternalLogWriter;
+import com.gemstone.gemfire.internal.logging.LogService;
+import com.gemstone.gemfire.management.ManagementService;
+import com.gemstone.gemfire.management.internal.SystemManagementService;
+import com.gemstone.gemfire.management.internal.security.CLIOperationContext;
+import com.gemstone.gemfire.management.internal.security.MBeanServerWrapper;
+import com.gemstone.gemfire.management.internal.security.ResourceConstants;
+import com.gemstone.gemfire.security.AccessControl;
+import com.gemstone.gemfire.security.AuthenticationFailedException;
+import com.gemstone.gemfire.security.AuthenticationRequiredException;
+import com.gemstone.gemfire.security.Authenticator;
+
+import org.apache.logging.log4j.Logger;
+
 /**
  * The GetEnvironmentHandlerInterceptor class handles extracting Gfsh environment variables encoded in the HTTP request
  * message as request parameters.
@@ -29,6 +61,16 @@ import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
 @SuppressWarnings("unused")
 public class EnvironmentVariablesHandlerInterceptor extends HandlerInterceptorAdapter {
 
+  private static final Logger logger = LogService.getLogger();
+  
+  private Cache cache;
+  
+  private Authenticator auth = null;
+  
+  
+  public static final ThreadLocal<Properties> CREDENTIALS = new ThreadLocal<Properties>();
+  
+   
   private static final ThreadLocal<Map<String, String>> ENV = new ThreadLocal<Map<String, String>>() {
     @Override
     protected Map<String, String> initialValue() {
@@ -37,6 +79,8 @@ public class EnvironmentVariablesHandlerInterceptor extends HandlerInterceptorAd
   };
 
   protected static final String ENVIRONMENT_VARIABLE_REQUEST_PARAMETER_PREFIX = "vf.gf.env.";
+  
+  protected static final String SECURITY_VARIABLE_REQUEST_HEADER_PREFIX = "security-";
 
   public static Map<String, String> getEnvironment() {
     return ENV.get();
@@ -46,6 +90,7 @@ public class EnvironmentVariablesHandlerInterceptor extends HandlerInterceptorAd
   public boolean preHandle(final HttpServletRequest request, final HttpServletResponse response, final Object handler)
     throws Exception
   {
+    
     final Map<String, String> requestParameterValues = new HashMap<String, String>();
 
     for (Enumeration<String> requestParameters = request.getParameterNames(); requestParameters.hasMoreElements(); ) {
@@ -56,11 +101,52 @@ public class EnvironmentVariablesHandlerInterceptor extends HandlerInterceptorAd
           request.getParameter(requestParameter));
       }
     }
+    
+ 
+    
+    for (Enumeration<String> requestHeaders = request.getHeaderNames(); requestHeaders.hasMoreElements();) {
 
+      final String requestHeader = requestHeaders.nextElement();
+
+      if (requestHeader.startsWith(SECURITY_VARIABLE_REQUEST_HEADER_PREFIX)) {
+        requestParameterValues.put(requestHeader, request.getHeader(requestHeader));
+      }
+
+    }
+    
+    securityCheck(requestParameterValues);
+    
     ENV.set(requestParameterValues);
 
     return true;
   }
+  
+
+  
+  protected void securityCheck(final Map<String, String> environment) {
+
+    Properties credentials = new Properties();
+
+    Iterator<Entry<String, String>> it = environment.entrySet().iterator();
+    while (it.hasNext()) {
+      Entry<String, String> entry = it.next();
+      if (entry.getKey().startsWith(SECURITY_VARIABLE_REQUEST_HEADER_PREFIX)) {
+        credentials.put(entry.getKey(), entry.getValue());
+      }
+
+    }
+    GemFireCacheImpl instance = GemFireCacheImpl.getInstance();
+    if(instance != null){
+      SystemManagementService service = (SystemManagementService) ManagementService
+          .getExistingManagementService(instance);
+      service.getAuthManager().verifyCredentials(credentials);
+      CREDENTIALS.set(credentials);
+    }
+
+
+  }
+
+  
 
   @Override
   public void afterCompletion(final HttpServletRequest request,

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d511979e/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/http/support/SimpleHttpRequester.java
----------------------------------------------------------------------
diff --git a/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/http/support/SimpleHttpRequester.java b/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/http/support/SimpleHttpRequester.java
index 8bd9d37..7a83271 100644
--- a/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/http/support/SimpleHttpRequester.java
+++ b/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/http/support/SimpleHttpRequester.java
@@ -7,13 +7,33 @@
  */
 package com.gemstone.gemfire.management.internal.web.http.support;
 
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.InputStreamReader;
+import java.net.URI;
+import java.util.Map;
+import java.util.Properties;
 import java.util.Set;
 
+import org.springframework.http.HttpEntity;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpMethod;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+import org.springframework.http.client.ClientHttpRequest;
+import org.springframework.http.client.ClientHttpResponse;
 import org.springframework.http.client.SimpleClientHttpRequestFactory;
+import org.springframework.web.client.RequestCallback;
+import org.springframework.web.client.ResponseErrorHandler;
+import org.springframework.web.client.RestClientException;
 import org.springframework.web.client.RestTemplate;
 
+import com.gemstone.gemfire.internal.lang.StringUtils;
+import com.gemstone.gemfire.internal.util.IOUtils;
+import com.gemstone.gemfire.management.internal.cli.shell.Gfsh;
+import com.gemstone.gemfire.management.internal.security.ResourceConstants;
+
+
 /**
  * The SimpleHttpRequester class is a Adapter/facade for the Spring RestTemplate class for abstracting HTTP requests
  * and operations.
@@ -29,13 +49,18 @@ public class SimpleHttpRequester {
   protected static final int DEFAULT_CONNECT_TIMEOUT = (30 * 1000); // 30 seconds
 
   private final RestTemplate restTemplate;
+  
+  private String user;
+  
+  private String pwd;
 
+  private Map<String,String> securityProperties;
   /**
    * Default constructor to create an instance of the SimpleHttpRequester class using the default connection timeout
    * of 30 seconds.
    */
-  public SimpleHttpRequester() {
-    this(DEFAULT_CONNECT_TIMEOUT);
+  public SimpleHttpRequester(Gfsh gfsh,Map<String,String> securityProperties) {
+    this(gfsh, DEFAULT_CONNECT_TIMEOUT, securityProperties);
   }
 
   /**
@@ -44,12 +69,54 @@ public class SimpleHttpRequester {
    * @param connectTimeout an integer value specifying the timeout value in milliseconds for establishing the HTTP
    * connection to the HTTP server.
    */
-  public SimpleHttpRequester(final int connectTimeout) {
+  public SimpleHttpRequester(final Gfsh gfsh, final int connectTimeout, Map<String,String> securityProperties) {
     final SimpleClientHttpRequestFactory clientHttpRequestFactory = new SimpleClientHttpRequestFactory();
 
     clientHttpRequestFactory.setConnectTimeout(connectTimeout);
 
+    this.securityProperties = securityProperties;
     this.restTemplate = new RestTemplate(clientHttpRequestFactory);
+
+    this.restTemplate.setErrorHandler(new ResponseErrorHandler() {
+      @Override
+      public boolean hasError(final ClientHttpResponse response) throws IOException {
+        final HttpStatus status = response.getStatusCode();
+
+        switch (status) {
+        case BAD_REQUEST: // 400 *
+        case UNAUTHORIZED: // 401
+        case FORBIDDEN: // 403
+        case NOT_FOUND: // 404 *
+        case METHOD_NOT_ALLOWED: // 405 *
+        case NOT_ACCEPTABLE: // 406 *
+        case REQUEST_TIMEOUT: // 408
+        case CONFLICT: // 409
+        case REQUEST_ENTITY_TOO_LARGE: // 413
+        case REQUEST_URI_TOO_LONG: // 414
+        case UNSUPPORTED_MEDIA_TYPE: // 415 *
+        case TOO_MANY_REQUESTS: // 429
+        case INTERNAL_SERVER_ERROR: // 500 *
+        case NOT_IMPLEMENTED: // 501
+        case BAD_GATEWAY: // 502 ?
+        case SERVICE_UNAVAILABLE: // 503
+          return true;
+        default:
+          return false;
+        }
+      }
+
+      @Override
+      public void handleError(final ClientHttpResponse response) throws IOException {
+        final String message = String.format("The HTTP request failed with: %1$d - %2$s", response.getRawStatusCode(),
+            response.getStatusText());
+        
+        throw new RuntimeException(message);
+
+      }
+
+     
+    });
+
   }
 
   /**
@@ -118,7 +185,7 @@ public class SimpleHttpRequester {
   }
 
   /**
-   * Performs an HTTP PUT operation on the requested resource identified/located by the specified URL.
+   * Performs an HTTP PUT operation on the requested resource identifiedR/located by the specified URL.
    * <p/>
    * @param url a String value identifying or locating the resource intended for the HTTP operation.
    * @param urlVariables an array of variables to substitute in the URI/URL template.
@@ -127,5 +194,35 @@ public class SimpleHttpRequester {
   public void put(final String url, final Object requestBody, final Object... urlVariables) {
     getRestTemplate().put(url, requestBody, urlVariables);
   }
+  
+  /**
+   * Performs an HTTP GET operation on the requested resource identified/located
+   * by the specified URL.
+   * <p/>
+   * 
+   * @param url
+   *          a String value identifying or locating the resource intended for
+   *          the HTTP operation.
+   * @param urlVariables
+   *          an array of variables to substitute in the URI/URL template.
+   * @see org.springframework.web.client.RestTemplate#getForObject(String,
+   *      Class, Object...)
+   */
+  public <T> T exchange(final String url, final Class<T> responseType, final Object... urlVariables) {
+    ResponseEntity<T> response = getRestTemplate().exchange(url, HttpMethod.GET, getRequestEntity(), responseType);
+    return response.getBody();
+  }
+
+  protected HttpEntity<?> getRequestEntity() {
+    HttpHeaders requestHeaders = new HttpHeaders();  
+    if(this.securityProperties != null){
+      requestHeaders.setAll(securityProperties);
+    }
+
+    HttpEntity<?> requestEntity = new HttpEntity(requestHeaders);
+
+    return requestEntity;
+
+  }
 
 }

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d511979e/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/shell/AbstractHttpOperationInvoker.java
----------------------------------------------------------------------
diff --git a/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/shell/AbstractHttpOperationInvoker.java b/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/shell/AbstractHttpOperationInvoker.java
index dac1271..d84f744 100644
--- a/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/shell/AbstractHttpOperationInvoker.java
+++ b/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/shell/AbstractHttpOperationInvoker.java
@@ -14,12 +14,15 @@ import java.io.InputStreamReader;
 import java.net.URI;
 import java.util.Arrays;
 import java.util.Collections;
+import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
+import java.util.Map.Entry;
 import java.util.Set;
 import java.util.concurrent.Executors;
 import java.util.concurrent.ScheduledExecutorService;
 import java.util.concurrent.TimeUnit;
+
 import javax.management.ObjectName;
 import javax.management.QueryExp;
 
@@ -31,6 +34,7 @@ import com.gemstone.gemfire.management.DistributedSystemMXBean;
 import com.gemstone.gemfire.management.internal.MBeanJMXAdapter;
 import com.gemstone.gemfire.management.internal.ManagementConstants;
 import com.gemstone.gemfire.management.internal.cli.shell.Gfsh;
+import com.gemstone.gemfire.management.internal.security.ResourceConstants;
 import com.gemstone.gemfire.management.internal.web.domain.Link;
 import com.gemstone.gemfire.management.internal.web.domain.QueryParameterSource;
 import com.gemstone.gemfire.management.internal.web.http.ClientHttpRequest;
@@ -105,6 +109,9 @@ public abstract class AbstractHttpOperationInvoker implements HttpOperationInvok
 
   // the base URL of the GemFire Manager's embedded HTTP service and REST API interface
   private final String baseUrl;
+  
+  
+  protected Map<String,String> securityProperties;
 
   /**
    * Default, public, no-arg constructor to create an instance of the AbstractHttpOperationInvoker class 
@@ -124,11 +131,11 @@ public abstract class AbstractHttpOperationInvoker implements HttpOperationInvok
    * @param gfsh a reference to the instance of the GemFire shell (Gfsh) using this HTTP-based OperationInvoker for
    * command processing.
    * @throws AssertionError if the reference to the Gfsh instance is null.
-   * @see #AbstractHttpOperationInvoker(com.gemstone.gemfire.management.internal.cli.shell.Gfsh, String)
+   * @see #AbstractHttpOperationInvoker(com.gemstone.gemfire.management.internal.cli.shell.Gfsh, String, Map)
    * @see com.gemstone.gemfire.management.internal.cli.shell.Gfsh
    */
-  public AbstractHttpOperationInvoker(final Gfsh gfsh) {
-    this(gfsh, REST_API_URL);
+  public AbstractHttpOperationInvoker(final Gfsh gfsh, Map<String,String> securityProperties) {
+    this(gfsh, REST_API_URL, securityProperties);
   }
 
   /**
@@ -143,12 +150,13 @@ public abstract class AbstractHttpOperationInvoker implements HttpOperationInvok
    * @throws AssertionError if the reference to the Gfsh instance is null.
    * @see com.gemstone.gemfire.management.internal.cli.shell.Gfsh
    */
-  public AbstractHttpOperationInvoker(final Gfsh gfsh, final String baseUrl) {
+  public AbstractHttpOperationInvoker(final Gfsh gfsh, final String baseUrl, Map<String,String> securityProperties) {
     assertNotNull(gfsh, "The reference to the GemFire shell (Gfsh) cannot be null!");
 
     this.gfsh = gfsh;
     this.baseUrl = StringUtils.defaultIfBlank(baseUrl, REST_API_URL);
-
+    this.securityProperties = securityProperties;
+  
     // constructs an instance of a single-threaded, scheduled Executor to send periodic HTTP requests to the Manager's
     // HTTP service or Web Service to assess the "alive" state
     this.executorService = Executors.newSingleThreadScheduledExecutor();
@@ -194,11 +202,12 @@ public abstract class AbstractHttpOperationInvoker implements HttpOperationInvok
         final String message = String.format("The HTTP request failed with: %1$d - %2$s", response.getRawStatusCode(),
           response.getStatusText());
 
-        gfsh.logSevere(message, null);
+        //gfsh.logSevere(message, null);
 
         if (gfsh.getDebug()) {
           gfsh.logSevere(readBody(response), null);
         }
+        throw new RuntimeException(message);
       }
 
       private String readBody(final ClientHttpResponse response) throws IOException {
@@ -350,6 +359,14 @@ public abstract class AbstractHttpOperationInvoker implements HttpOperationInvok
     final ClientHttpRequest request = new ClientHttpRequest(link);
     request.addHeaderValues(HttpHeader.USER_AGENT.getName(), USER_AGENT_HTTP_REQUEST_HEADER_VALUE);
     request.getHeaders().setAccept(getAcceptableMediaTypes());
+    
+    if(this.securityProperties != null){
+      Iterator<Entry<String, String>> it = this.securityProperties.entrySet().iterator();
+      while(it.hasNext()){
+        Entry<String,String> entry= it.next();
+        request.addHeaderValues(entry.getKey(), entry.getValue());
+      }
+    }
     return request;
   }
 
@@ -551,6 +568,8 @@ public abstract class AbstractHttpOperationInvoker implements HttpOperationInvok
       printInfo("HTTP response headers: %1$s", response.getHeaders());
       printInfo("HTTP response status: %1$d - %2$s", response.getStatusCode().value(),
         response.getStatusCode().getReasonPhrase());
+      
+      printInfo("HTTP response body: ", response.getBody());
     }
 
     return response;
@@ -788,5 +807,5 @@ public abstract class AbstractHttpOperationInvoker implements HttpOperationInvok
   public String toString() {
     return String.format("GemFire Manager HTTP service @ %1$s", getBaseUrl());
   }
-
+  
 }

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d511979e/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/shell/RestHttpOperationInvoker.java
----------------------------------------------------------------------
diff --git a/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/shell/RestHttpOperationInvoker.java b/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/shell/RestHttpOperationInvoker.java
index 0dfbdbd..320214d 100644
--- a/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/shell/RestHttpOperationInvoker.java
+++ b/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/shell/RestHttpOperationInvoker.java
@@ -11,8 +11,10 @@ package com.gemstone.gemfire.management.internal.web.shell;
 import java.io.IOException;
 import java.util.ArrayList;
 import java.util.HashMap;
+import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
+import java.util.Map.Entry;
 
 import com.gemstone.gemfire.internal.lang.Filter;
 import com.gemstone.gemfire.internal.lang.Initable;
@@ -22,6 +24,7 @@ import com.gemstone.gemfire.internal.util.CollectionUtils;
 import com.gemstone.gemfire.management.internal.cli.CommandRequest;
 import com.gemstone.gemfire.management.internal.cli.i18n.CliStrings;
 import com.gemstone.gemfire.management.internal.cli.shell.Gfsh;
+import com.gemstone.gemfire.management.internal.security.ResourceConstants;
 import com.gemstone.gemfire.management.internal.web.domain.Link;
 import com.gemstone.gemfire.management.internal.web.domain.LinkIndex;
 import com.gemstone.gemfire.management.internal.web.http.ClientHttpRequest;
@@ -65,6 +68,7 @@ public class RestHttpOperationInvoker extends AbstractHttpOperationInvoker imple
   // the LinkIndex containing Links to all GemFire REST API web service endpoints
   private final LinkIndex linkIndex;
 
+
   /**
    * Constructs an instance of the RestHttpOperationInvoker class initialized with the given link index containing links
    * referencing all REST API web service endpoints.  This constructor should only be used for testing purposes.
@@ -87,12 +91,12 @@ public class RestHttpOperationInvoker extends AbstractHttpOperationInvoker imple
    * 
    * @param linkIndex the LinkIndex containing Links to all REST API web service endpoints in GemFire' REST interface.
    * @param gfsh a reference to the instance of the GemFire shell using this OperationInvoker to process commands.
-   * @see #RestHttpOperationInvoker(com.gemstone.gemfire.management.internal.web.domain.LinkIndex, com.gemstone.gemfire.management.internal.cli.shell.Gfsh, String)
+   * @see #RestHttpOperationInvoker(com.gemstone.gemfire.management.internal.web.domain.LinkIndex, com.gemstone.gemfire.management.internal.cli.shell.Gfsh,  Map)
    * @see com.gemstone.gemfire.management.internal.cli.shell.Gfsh
    * @see com.gemstone.gemfire.management.internal.web.domain.LinkIndex
    */
-  public RestHttpOperationInvoker(final LinkIndex linkIndex, final Gfsh gfsh) {
-    this(linkIndex, gfsh, CliStrings.CONNECT__DEFAULT_BASE_URL);
+  public RestHttpOperationInvoker(final LinkIndex linkIndex, final Gfsh gfsh, Map<String,String> securityProperties) {
+    this(linkIndex, gfsh, CliStrings.CONNECT__DEFAULT_BASE_URL, securityProperties);
   }
 
   /**
@@ -108,11 +112,12 @@ public class RestHttpOperationInvoker extends AbstractHttpOperationInvoker imple
    * @see com.gemstone.gemfire.management.internal.web.domain.LinkIndex
    * @see com.gemstone.gemfire.management.internal.cli.shell.Gfsh
    */
-  public RestHttpOperationInvoker(final LinkIndex linkIndex, final Gfsh gfsh, final String baseUrl) {
-    super(gfsh, baseUrl);
+  public RestHttpOperationInvoker(final LinkIndex linkIndex, final Gfsh gfsh, final String baseUrl, Map<String,String> securityProperties) {
+    super(gfsh, baseUrl, securityProperties);
     assertNotNull(linkIndex, "The Link Index resolving commands to REST API web service endpoints cannot be null!");
     this.linkIndex = linkIndex;
-    this.httpOperationInvoker = new SimpleHttpOperationInvoker(gfsh, baseUrl);
+    this.httpOperationInvoker = new SimpleHttpOperationInvoker(gfsh, baseUrl, securityProperties);
+
   }
 
   /**
@@ -142,6 +147,14 @@ public class RestHttpOperationInvoker extends AbstractHttpOperationInvoker imple
             httpRequest.getHeaders().setAccept(getAcceptableMediaTypes());
             httpRequest.getHeaders().setContentLength(0l);
 
+            if(securityProperties != null){
+              Iterator<Entry<String, String>> it = securityProperties.entrySet().iterator();
+              while(it.hasNext()){
+                Entry<String,String> entry= it.next();
+                httpRequest.getHeaders().add(entry.getKey(), entry.getValue());
+              }
+            }
+
             ClientHttpResponse httpResponse = httpRequest.execute();
 
             if (HttpStatus.NOT_FOUND.equals(httpResponse.getStatusCode())) {
@@ -229,6 +242,7 @@ public class RestHttpOperationInvoker extends AbstractHttpOperationInvoker imple
       }
     }
 
+    
     if (command.getFileData() != null) {
       request.addParameterValues(RESOURCES_REQUEST_PARAMETER, (Object[]) ConvertUtils.convert(command.getFileData()));
     }

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d511979e/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/shell/SimpleHttpOperationInvoker.java
----------------------------------------------------------------------
diff --git a/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/shell/SimpleHttpOperationInvoker.java b/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/shell/SimpleHttpOperationInvoker.java
index a122339..3f5f18b 100644
--- a/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/shell/SimpleHttpOperationInvoker.java
+++ b/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/shell/SimpleHttpOperationInvoker.java
@@ -9,6 +9,7 @@
 package com.gemstone.gemfire.management.internal.web.shell;
 
 import java.net.URI;
+import java.util.Map;
 
 import com.gemstone.gemfire.management.internal.cli.CommandRequest;
 import com.gemstone.gemfire.management.internal.cli.shell.Gfsh;
@@ -54,11 +55,11 @@ public class SimpleHttpOperationInvoker extends AbstractHttpOperationInvoker {
    * using HTTP processing.
    * 
    * @param gfsh a reference to the instance of the GemFire shell using this OperationInvoker to process commands.
-   * @see #SimpleHttpOperationInvoker(com.gemstone.gemfire.management.internal.cli.shell.Gfsh, String)
+   * @see #SimpleHttpOperationInvoker(com.gemstone.gemfire.management.internal.cli.shell.Gfsh, String, Map)
    * @see com.gemstone.gemfire.management.internal.cli.shell.Gfsh
    */
-  public SimpleHttpOperationInvoker(final Gfsh gfsh) {
-    this(gfsh, REST_API_URL);
+  public SimpleHttpOperationInvoker(final Gfsh gfsh, Map<String,String> securityProperties) {
+    this(gfsh, REST_API_URL, securityProperties);
   }
 
   /**
@@ -71,8 +72,8 @@ public class SimpleHttpOperationInvoker extends AbstractHttpOperationInvoker {
    * @param baseUrl the base URL to the GemFire Manager's HTTP service.
    * @see com.gemstone.gemfire.management.internal.cli.shell.Gfsh
    */
-  public SimpleHttpOperationInvoker(final Gfsh gfsh, final String baseUrl) {
-    super(gfsh, baseUrl);
+  public SimpleHttpOperationInvoker(final Gfsh gfsh, final String baseUrl, Map<String,String> securityProperties) {
+    super(gfsh, baseUrl, securityProperties);
   }
 
   /**

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d511979e/gemfire-core/src/main/java/com/gemstone/gemfire/security/GeodeTokenService.java
----------------------------------------------------------------------
diff --git a/gemfire-core/src/main/java/com/gemstone/gemfire/security/GeodeTokenService.java b/gemfire-core/src/main/java/com/gemstone/gemfire/security/GeodeTokenService.java
new file mode 100644
index 0000000..2eb2d9a
--- /dev/null
+++ b/gemfire-core/src/main/java/com/gemstone/gemfire/security/GeodeTokenService.java
@@ -0,0 +1,101 @@
+/**
+ * 
+ */
+package com.gemstone.gemfire.security;
+
+import java.security.Principal;
+import java.util.Random;
+
+import com.gemstone.gemfire.cache.Cache;
+import com.gemstone.gemfire.cache.CacheFactory;
+import com.gemstone.gemfire.cache.ExpirationAction;
+import com.gemstone.gemfire.cache.ExpirationAttributes;
+import com.gemstone.gemfire.cache.Region;
+import com.gemstone.gemfire.cache.RegionFactory;
+import com.gemstone.gemfire.cache.RegionShortcut;
+
+/**
+ * This implementation provides a simple token service, generating and managing
+ * string tokens based on <code>java.util.Random</code>. The generated tokens
+ * are stored in a Geode <code>Region</code>. Older or idle tokens are expired
+ * periodically.
+ * <p>
+ * A new token is issued with each invocation of
+ * {@link GeodeTokenService#validateToken(String, Principal)}.
+ */
+public class GeodeTokenService implements TokenService {
+
+  private Region<String, Principal> tokenStore;
+
+  private Random tokenGenerator = null;
+
+  private int seedBase;
+  
+  private long firstToken;
+
+  public GeodeTokenService() {
+    // Create a region with expiration attributes.
+    Cache cache = CacheFactory.getAnyInstance();
+    RegionFactory<String, Principal> rf = cache.createRegionFactory(RegionShortcut.REPLICATE);
+
+    // Remove a token after 30 minutes.
+    rf.setEntryTimeToLive(new ExpirationAttributes(30*60, ExpirationAction.DESTROY));
+    // Remove idle tokens after 5 minutes.
+    rf.setEntryIdleTimeout(new ExpirationAttributes(5*60, ExpirationAction.DESTROY));
+    
+    this.tokenStore = rf.create("geode_token_store");
+
+    this.seedBase = cache.getDistributedSystem().getDistributedMember().hashCode();
+    initializeTokenGenerator();
+  }
+
+  private void initializeTokenGenerator() {
+    this.tokenGenerator = new Random(this.seedBase + System.currentTimeMillis());
+    this.firstToken = this.tokenGenerator.nextLong();
+  }
+
+  public static GeodeTokenService create() {
+    return new GeodeTokenService();
+  }
+
+  @Override
+  public String generateToken(Principal principal) {
+    String token = generateTokenString(principal);
+    this.tokenStore.put(token, principal);
+    return token;
+  }
+
+  @Override
+  public String validateToken(String token, Principal principal)
+      throws AuthenticationRequiredException, AuthenticationFailedException {
+    Principal savedPrincipal = this.tokenStore.get(token);
+
+    if (savedPrincipal != null && savedPrincipal.equals(principal)) {
+      // I know this guy. Refresh the token for this client.
+      this.tokenStore.remove(token);
+      token = generateTokenString(savedPrincipal);
+      this.tokenStore.put(token, savedPrincipal);
+      return token;
+    }
+
+    this.tokenStore.remove(token);
+    String msg = "Authentication failed.";
+
+    throw savedPrincipal == null ? new AuthenticationRequiredException(msg)
+        : new AuthenticationFailedException(msg);
+  }
+
+  private synchronized String generateTokenString(Principal principal) {
+    long token = this.tokenGenerator.nextLong();
+    if (token == this.firstToken) {
+      // We have run out of tokens. Re-initialise the token generator.
+      initializeTokenGenerator();
+      // Invalidate all the existing tokens and force authenticated REST clients
+      // to re-authenticate themselves.
+      this.tokenStore.clear();
+      token = this.tokenGenerator.nextLong();
+    }
+    return String.valueOf(token);
+  }
+
+}



Mime
View raw message