geode-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jensde...@apache.org
Subject [1/7] incubator-geode git commit: GEODE-663: add aditional security tests to the open source
Date Mon, 21 Dec 2015 17:21:29 GMT
Repository: incubator-geode
Updated Branches:
  refs/heads/develop 51ce64d81 -> 3720666f0


http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/3720666f/gemfire-core/src/test/java/templates/security/AuthzCredentialGenerator.java
----------------------------------------------------------------------
diff --git a/gemfire-core/src/test/java/templates/security/AuthzCredentialGenerator.java b/gemfire-core/src/test/java/templates/security/AuthzCredentialGenerator.java
deleted file mode 100644
index 0e1ccf6..0000000
--- a/gemfire-core/src/test/java/templates/security/AuthzCredentialGenerator.java
+++ /dev/null
@@ -1,465 +0,0 @@
-
-package templates.security;
-
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- * 
- *   http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-
-import java.security.Principal;
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
-import java.util.Properties;
-
-import com.gemstone.gemfire.cache.operations.OperationContext.OperationCode;
-import com.gemstone.gemfire.security.AccessControl;
-
-/**
- * Encapsulates obtaining authorized and unauthorized credentials for a given
- * operation in a region. Implementations will be for different kinds of
- * authorization scheme and authentication scheme combos.
- * 
- * @author sumedh
- * @since 5.5
- */
-public abstract class AuthzCredentialGenerator {
-
-  /**
-   * Enumeration for various {@link AuthzCredentialGenerator} implementations.
-   * 
-   * The following schemes are supported as of now:
-   * <ul>
-   * <li><code>DummyAuthorization</code> with <code>DummyAuthenticator</code></li>
-   * <li><code>XMLAuthorization</code> with <code>DummyAuthenticator</code></li>
-   * <li><code>XMLAuthorization</code> with <code>LDAPAuthenticator</code></li>
-   * <li><code>XMLAuthorization</code> with <code>PKCSAuthenticator</code></li>
-   * <li><code>XMLAuthorization</code> when using SSL sockets</li>
-   * </ul>
-   * 
-   * To add a new authorization scheme the following needs to be done:
-   * <ul>
-   * <li>Add implementation for {@link AccessControl}.</li>
-   * <li>Choose the authentication schemes that it shall work with from
-   * {@link CredentialGenerator.ClassCode}</li>
-   * <li>Add a new enumeration value for the scheme in this class. Notice the
-   * size of <code>VALUES</code> array and increase that if it is getting
-   * overflowed. Note the methods and fields for existing schemes and add for
-   * the new one in a similar manner.</li>
-   * <li>Add an implementation for {@link AuthzCredentialGenerator}. Note the
-   * {@link AuthzCredentialGenerator#init} method where different authentication
-   * schemes can be passed and initialize differently for the authentication
-   * schemes that shall be handled.</li>
-   * <li>Modify the {@link AuthzCredentialGenerator#create} method to add
-   * creation of an instance of the new implementation for the
-   * <code>ClassCode</code> enumeration value.</li>
-   * </ul>
-   * All dunit tests will automagically start testing the new implementation
-   * after this.
-   * 
-   * @author sumedh
-   * @since 5.5
-   */
-  public static final class ClassCode {
-
-    private static final byte ID_DUMMY = 1;
-
-    private static final byte ID_XML = 2;
-
-    private static byte nextOrdinal = 0;
-
-    private static final ClassCode[] VALUES = new ClassCode[10];
-
-    private static final Map CodeNameMap = new HashMap();
-
-    public static final ClassCode DUMMY = new ClassCode(
-        "templates.security.DummyAuthorization.create", ID_DUMMY);
-
-    public static final ClassCode XML = new ClassCode(
-        "templates.security.XmlAuthorization.create", ID_XML);
-
-    /** The name of this class. */
-    private final String name;
-
-    /** byte used as ordinal to represent this class */
-    private final byte ordinal;
-
-    /**
-     * One of the following: ID_DUMMY, ID_LDAP, ID_PKI
-     */
-    private final byte classType;
-
-    /** Creates a new instance of class code. */
-    private ClassCode(String name, byte classType) {
-      this.name = name;
-      this.classType = classType;
-      this.ordinal = nextOrdinal++;
-      VALUES[this.ordinal] = this;
-      CodeNameMap.put(name, this);
-    }
-
-    public boolean isDummy() {
-      return (this.classType == ID_DUMMY);
-    }
-
-    public boolean isXml() {
-      return (this.classType == ID_XML);
-    }
-
-    /**
-     * Returns the <code>ClassCode</code> represented by specified ordinal.
-     */
-    public static ClassCode fromOrdinal(byte ordinal) {
-      return VALUES[ordinal];
-    }
-
-    /**
-     * Returns the <code>ClassCode</code> represented by specified string.
-     */
-    public static ClassCode parse(String operationName) {
-      return (ClassCode)CodeNameMap.get(operationName);
-    }
-
-    /**
-     * Returns all the possible values.
-     */
-    public static List getAll() {
-      List codes = new ArrayList();
-      Iterator iter = CodeNameMap.values().iterator();
-      while (iter.hasNext()) {
-        codes.add(iter.next());
-      }
-      return codes;
-    }
-
-    /**
-     * Returns the ordinal for this class code.
-     * 
-     * @return the ordinal of this class code.
-     */
-    public byte toOrdinal() {
-      return this.ordinal;
-    }
-
-    /**
-     * Returns a string representation for this class code.
-     * 
-     * @return the name of this class code.
-     */
-    final public String toString() {
-      return this.name;
-    }
-
-    /**
-     * Indicates whether other object is same as this one.
-     * 
-     * @return true if other object is same as this one.
-     */
-    @Override
-    final public boolean equals(final Object obj) {
-      if (obj == this) {
-        return true;
-      }
-      if (!(obj instanceof ClassCode)) {
-        return false;
-      }
-      final ClassCode other = (ClassCode)obj;
-      return (other.ordinal == this.ordinal);
-    }
-
-    /**
-     * Indicates whether other <code>ClassCode</code> is same as this one.
-     * 
-     * @return true if other <code>ClassCode</code> is same as this one.
-     */
-    final public boolean equals(final ClassCode opCode) {
-      return (opCode != null && opCode.ordinal == this.ordinal);
-    }
-
-    /**
-     * Returns a hash code value for this <code>ClassCode</code> which is the
-     * same as its ordinal.
-     * 
-     * @return the ordinal of this <code>ClassCode</code>.
-     */
-    @Override
-    final public int hashCode() {
-      return this.ordinal;
-    }
-
-  }
-
-  /**
-   * The {@link CredentialGenerator} being used.
-   */
-  protected CredentialGenerator cGen;
-
-  /**
-   * A set of system properties that should be added to the gemfire system
-   * properties before using the authorization module.
-   */
-  private Properties sysProps;
-
-  /**
-   * A factory method to create a new instance of an
-   * {@link AuthzCredentialGenerator} for the given {@link ClassCode}. Caller
-   * is supposed to invoke {@link AuthzCredentialGenerator#init} immediately
-   * after obtaining the instance.
-   * 
-   * @param classCode
-   *                the <code>ClassCode</code> of the
-   *                <code>AuthzCredentialGenerator</code> implementation
-   * 
-   * @return an instance of <code>AuthzCredentialGenerator</code> for the
-   *         given class code
-   */
-  public static AuthzCredentialGenerator create(ClassCode classCode) {
-    switch (classCode.classType) {
-      case ClassCode.ID_DUMMY:
-        return new DummyAuthzCredentialGenerator();
-      case ClassCode.ID_XML:
-        return new XmlAuthzCredentialGenerator();
-      default:
-        return null;
-    }
-  }
-
-  /**
-   * Initialize the authorized credential generator.
-   * 
-   * @param cGen
-   *                an instance of {@link CredentialGenerator} of the credential
-   *                implementation for which to obtain authorized/unauthorized
-   *                credentials.
-   * 
-   * @return false when the given {@link CredentialGenerator} is incompatible
-   *         with this authorization module.
-   */
-  public boolean init(CredentialGenerator cGen) {
-    this.cGen = cGen;
-    try {
-      this.sysProps = init();
-    }
-    catch (IllegalArgumentException ex) {
-      return false;
-    }
-    return true;
-  }
-
-  /**
-   * 
-   * @return A set of extra properties that should be added to Gemfire system
-   *         properties when not null.
-   */
-  public Properties getSystemProperties() {
-    return this.sysProps;
-  }
-
-  /**
-   * Get the {@link CredentialGenerator} being used by this instance.
-   */
-  public CredentialGenerator getCredentialGenerator() {
-    return this.cGen;
-  }
-
-  /**
-   * The {@link ClassCode} of the particular implementation.
-   * 
-   * @return the <code>ClassCode</code>
-   */
-  public abstract ClassCode classCode();
-
-  /**
-   * The name of the {@link AccessControl} factory function that should be used
-   * as the authorization module on the server side.
-   * 
-   * @return name of the <code>AccessControl</code> factory function
-   */
-  public abstract String getAuthorizationCallback();
-
-  /**
-   * Get a set of credentials generated using the given index allowed to perform
-   * the given {@link OperationCode}s for the given regions.
-   * 
-   * @param opCodes
-   *                the list of {@link OperationCode}s of the operations
-   *                requiring authorization; should not be null
-   * @param regionNames
-   *                list of the region names requiring authorization; a value of
-   *                null indicates all regions
-   * @param index
-   *                used to generate multiple such credentials by passing
-   *                different values for this
-   * 
-   * @return the set of credentials authorized to perform the given operation in
-   *         the given regions
-   */
-  public Properties getAllowedCredentials(OperationCode[] opCodes,
-      String[] regionNames, int index) {
-
-    int numTries = getNumPrincipalTries(opCodes, regionNames);
-    if (numTries <= 0) {
-      numTries = 1;
-    }
-    for (int tries = 0; tries < numTries; tries++) {
-      Principal principal = getAllowedPrincipal(opCodes, regionNames,
-          (index + tries) % numTries);
-      try {
-        return this.cGen.getValidCredentials(principal);
-      }
-      catch (IllegalArgumentException ex) {
-      }
-    }
-    return null;
-  }
-
-  /**
-   * Get a set of credentials generated using the given index not allowed to
-   * perform the given {@link OperationCode}s for the given regions. The
-   * credentials are required to be valid for authentication.
-   * 
-   * @param opCode
-   *                the {@link OperationCode}s of the operations requiring
-   *                authorization failure; should not be null
-   * @param regionNames
-   *                list of the region names requiring authorization failure; a
-   *                value of null indicates all regions
-   * @param index
-   *                used to generate multiple such credentials by passing
-   *                different values for this
-   * 
-   * @return the set of credentials that are not authorized to perform the given
-   *         operation in the given region
-   */
-  public Properties getDisallowedCredentials(OperationCode[] opCodes,
-      String[] regionNames, int index) {
-
-    // This may not be very correct since we use the value of
-    // getNumPrincipalTries() but is used to avoid adding another method.
-    // Also something like getNumDisallowedPrincipals() will be normally always
-    // infinite, and the number here is just to perform some number of tries
-    // before giving up.
-    int numTries = getNumPrincipalTries(opCodes, regionNames);
-    if (numTries <= 0) {
-      numTries = 1;
-    }
-    for (int tries = 0; tries < numTries; tries++) {
-      Principal principal = getDisallowedPrincipal(opCodes, regionNames,
-          (index + tries) % numTries);
-      try {
-        return this.cGen.getValidCredentials(principal);
-      }
-      catch (IllegalArgumentException ex) {
-      }
-    }
-    return null;
-  }
-
-  /**
-   * Initialize the authorized credential generator.
-   * 
-   * Required to be implemented by concrete classes that implement this abstract
-   * class.
-   * 
-   * @return A set of extra properties that should be added to Gemfire system
-   *         properties when not null.
-   * 
-   * @throws IllegalArgumentException
-   *                 when the {@link CredentialGenerator} is incompatible with
-   *                 this authorization module.
-   */
-  protected abstract Properties init() throws IllegalArgumentException;
-
-  /**
-   * Get the number of tries to be done for obtaining valid credentials for the
-   * given operations in the given region. It is required that
-   * {@link #getAllowedPrincipal} method returns valid principals for values of
-   * <code>index</code> from 0 through (n-1) where <code>n</code> is the
-   * value returned by this method. It is recommended that the principals so
-   * returned be unique for efficiency.
-   * 
-   * This will be used by {@link #getAllowedCredentials} to step through
-   * different principals and obtain a set of valid credentials.
-   * 
-   * Required to be implemented by concrete classes that implement this abstract
-   * class.
-   * 
-   * @param opCodes
-   *                the {@link OperationCode}s of the operations requiring
-   *                authorization
-   * @param regionNames
-   *                list of the region names requiring authorization; a value of
-   *                null indicates all regions
-   * @param index
-   *                used to generate multiple such credentials by passing
-   *                different values for this
-   * 
-   * @return the number of principals allowed to perform the given operation in
-   *         the given region
-   */
-  protected abstract int getNumPrincipalTries(OperationCode[] opCodes,
-      String[] regionNames);
-
-  /**
-   * Get a {@link Principal} generated using the given index allowed to perform
-   * the given {@link OperationCode}s for the given region.
-   * 
-   * Required to be implemented by concrete classes that implement this abstract
-   * class.
-   * 
-   * @param opCodes
-   *                the {@link OperationCode}s of the operations requiring
-   *                authorization
-   * @param regionNames
-   *                list of the region names requiring authorization; a value of
-   *                null indicates all regions
-   * @param index
-   *                used to generate multiple such principals by passing
-   *                different values for this
-   * 
-   * @return the {@link Principal} authorized to perform the given operation in
-   *         the given region
-   */
-  protected abstract Principal getAllowedPrincipal(OperationCode[] opCodes,
-      String[] regionNames, int index);
-
-  /**
-   * Get a {@link Principal} generated using the given index not allowed to
-   * perform the given {@link OperationCode}s for the given region.
-   * 
-   * Required to be implemented by concrete classes that implement this abstract
-   * class.
-   * 
-   * @param opCodes
-   *                the {@link OperationCode}s of the operations requiring
-   *                authorization failure
-   * @param regionNames
-   *                list of the region names requiring authorization failure; a
-   *                value of null indicates all regions
-   * @param index
-   *                used to generate multiple such principals by passing
-   *                different values for this
-   * 
-   * @return a {@link Principal} not authorized to perform the given operation
-   *         in the given region
-   */
-  protected abstract Principal getDisallowedPrincipal(OperationCode[] opCodes,
-      String[] regionNames, int index);
-}

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/3720666f/gemfire-core/src/test/java/templates/security/CredentialGenerator.java
----------------------------------------------------------------------
diff --git a/gemfire-core/src/test/java/templates/security/CredentialGenerator.java b/gemfire-core/src/test/java/templates/security/CredentialGenerator.java
deleted file mode 100644
index 99d7e18..0000000
--- a/gemfire-core/src/test/java/templates/security/CredentialGenerator.java
+++ /dev/null
@@ -1,343 +0,0 @@
-
-package templates.security;
-
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- * 
- *   http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-
-import java.security.Principal;
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
-import java.util.Properties;
-
-import com.gemstone.gemfire.security.AuthInitialize;
-import com.gemstone.gemfire.security.Authenticator;
-
-/**
- * Encapsulates obtaining valid and invalid credentials. Implementations will be
- * for different kinds of authentication schemes.
- * 
- * @author sumedh
- * @since 5.5
- */
-public abstract class CredentialGenerator {
-
-  /**
-   * Enumeration for various {@link CredentialGenerator} implementations.
-   * 
-   * The following schemes are supported as of now:
-   * <code>DummyAuthenticator</code>, <code>LdapUserAuthenticator</code>,
-   * <code>PKCSAuthenticator</code>. In addition SSL socket mode with mutual
-   * authentication is also supported.
-   * 
-   * To add a new authentication scheme the following needs to be done:
-   * <ul>
-   * <li>Add implementations for {@link AuthInitialize} and
-   * {@link Authenticator} classes for clients/peers.</li>
-   * <li>Add a new enumeration value for the scheme in this class. Notice the
-   * size of <code>VALUES</code> array and increase that if it is getting
-   * overflowed. Note the methods and fields for existing schemes and add for
-   * the new one in a similar manner.</li>
-   * <li>Add an implementation for {@link CredentialGenerator}.</li>
-   * <li>Modify the {@link CredentialGenerator.Factory#create} method to add
-   * creation of an instance of the new implementation for the
-   * <code>ClassCode</code> enumeration value.</li>
-   * </ul>
-   * All security dunit tests will automagically start testing the new
-   * implementation after this.
-   * 
-   * @author sumedh
-   * @since 5.5
-   */
-  public static final class ClassCode {
-
-    private static final byte ID_DUMMY = 1;
-
-    private static final byte ID_LDAP = 2;
-
-    private static final byte ID_PKCS = 3;
-
-    private static final byte ID_SSL = 4;
-
-    private static byte nextOrdinal = 0;
-
-    private static final ClassCode[] VALUES = new ClassCode[10];
-
-    private static final Map CodeNameMap = new HashMap();
-
-    public static final ClassCode DUMMY = new ClassCode(
-        "templates.security.DummyAuthenticator.create", ID_DUMMY);
-
-    public static final ClassCode LDAP = new ClassCode(
-        "templates.security.LdapUserAuthenticator.create", ID_LDAP);
-
-    public static final ClassCode PKCS = new ClassCode(
-        "templates.security.PKCSAuthenticator.create", ID_PKCS);
-
-    public static final ClassCode SSL = new ClassCode("SSL", ID_SSL);
-
-    /** The name of this class. */
-    private final String name;
-
-    /** byte used as ordinal to represent this class */
-    private final byte ordinal;
-
-    /**
-     * One of the following: ID_DUMMY, ID_LDAP, ID_PKCS
-     */
-    private final byte classType;
-
-    /** Creates a new instance of class code. */
-    private ClassCode(String name, byte classType) {
-      this.name = name;
-      this.classType = classType;
-      this.ordinal = nextOrdinal++;
-      VALUES[this.ordinal] = this;
-      CodeNameMap.put(name, this);
-    }
-
-    public boolean isDummy() {
-      return (this.classType == ID_DUMMY);
-    }
-
-    public boolean isLDAP() {
-      return (this.classType == ID_LDAP);
-    }
-
-    public boolean isPKCS() {
-      return (this.classType == ID_PKCS);
-    }
-
-    public boolean isSSL() {
-      return (this.classType == ID_SSL);
-    }
-
-    /**
-     * Returns the <code>ClassCode</code> represented by specified ordinal.
-     */
-    public static ClassCode fromOrdinal(byte ordinal) {
-      return VALUES[ordinal];
-    }
-
-    /**
-     * Returns the <code>ClassCode</code> represented by specified string.
-     */
-    public static ClassCode parse(String operationName) {
-      return (ClassCode)CodeNameMap.get(operationName);
-    }
-
-    /**
-     * Returns all the possible values.
-     */
-    public static List getAll() {
-      List codes = new ArrayList();
-      Iterator iter = CodeNameMap.values().iterator();
-      while (iter.hasNext()) {
-        codes.add(iter.next());
-      }
-      return codes;
-    }
-
-    /**
-     * Returns the ordinal for this operation code.
-     * 
-     * @return the ordinal of this operation.
-     */
-    public byte toOrdinal() {
-      return this.ordinal;
-    }
-
-    /**
-     * Returns a string representation for this operation.
-     * 
-     * @return the name of this operation.
-     */
-    final public String toString() {
-      return this.name;
-    }
-
-    /**
-     * Indicates whether other object is same as this one.
-     * 
-     * @return true if other object is same as this one.
-     */
-    @Override
-    final public boolean equals(final Object obj) {
-      if (obj == this) {
-        return true;
-      }
-      if (!(obj instanceof ClassCode)) {
-        return false;
-      }
-      final ClassCode other = (ClassCode)obj;
-      return (other.ordinal == this.ordinal);
-    }
-
-    /**
-     * Indicates whether other <code>ClassCode</code> is same as this one.
-     * 
-     * @return true if other <code>ClassCode</code> is same as this one.
-     */
-    final public boolean equals(final ClassCode opCode) {
-      return (opCode != null && opCode.ordinal == this.ordinal);
-    }
-
-    /**
-     * Returns a hash code value for this <code>ClassCode</code> which is the
-     * same as its ordinal.
-     * 
-     * @return the ordinal of this operation.
-     */
-    @Override
-    final public int hashCode() {
-      return this.ordinal;
-    }
-
-  }
-
-  /**
-   * A set of properties that should be added to the Gemfire system properties
-   * before using the authentication module.
-   */
-  private Properties sysProps = null;
-
-  /**
-   * A set of properties that should be added to the java system properties
-   * before using the authentication module.
-   */
-  protected Properties javaProps = null;
-
-  /**
-   * A factory method to create a new instance of an {@link CredentialGenerator}
-   * for the given {@link ClassCode}. Caller is supposed to invoke
-   * {@link CredentialGenerator#init} immediately after obtaining the instance.
-   * 
-   * @param classCode
-   *                the <code>ClassCode</code> of the
-   *                <code>CredentialGenerator</code> implementation
-   * 
-   * @return an instance of <code>CredentialGenerator</code> for the given
-   *         class code
-   */
-  public static CredentialGenerator create(ClassCode classCode) {
-    switch (classCode.classType) {
-      // Removing dummy one to reduce test run times
-      // case ClassCode.ID_DUMMY:
-      // return new DummyCredentialGenerator();
-      case ClassCode.ID_LDAP:
-        return new LdapUserCredentialGenerator();
-        // case ClassCode.ID_SSL:ΓΈ
-        // return new SSLCredentialGenerator();
-      case ClassCode.ID_PKCS:
-        return new PKCSCredentialGenerator();
-      default:
-        return null;
-    }
-  }
-
-  /**
-   * Initialize the credential generator.
-   * 
-   * @throws IllegalArgumentException
-   *                 when there is a problem during initialization
-   */
-  public void init() throws IllegalArgumentException {
-    this.sysProps = initialize();
-  }
-
-  /**
-   * Initialize the credential generator. This is provided separately from the
-   * {@link #init} method for convenience of implementations so that they do not
-   * need to store in {@link #sysProps}. The latter is convenient for the users
-   * who do not need to store these properties rather can obtain it later by
-   * invoking {@link #getSystemProperties}
-   * 
-   * Required to be implemented by concrete classes that implement this abstract
-   * class.
-   * 
-   * @return A set of extra properties that should be added to Gemfire system
-   *         properties when not null.
-   * 
-   * @throws IllegalArgumentException
-   *                 when there is a problem during initialization
-   */
-  protected abstract Properties initialize() throws IllegalArgumentException;
-
-  /**
-   * 
-   * @return A set of extra properties that should be added to Gemfire system
-   *         properties when not null.
-   */
-  public Properties getSystemProperties() {
-    return this.sysProps;
-  }
-
-  /**
-   * 
-   * @return A set of extra properties that should be added to Gemfire system
-   *         properties when not null.
-   */
-  public Properties getJavaProperties() {
-    return this.javaProps;
-  }
-
-  /**
-   * The {@link ClassCode} of this particular implementation.
-   * 
-   * @return the <code>ClassCode</code>
-   */
-  public abstract ClassCode classCode();
-
-  /**
-   * The name of the {@link AuthInitialize} factory function that should be used
-   * in conjunction with the credentials generated by this generator.
-   * 
-   * @return name of the <code>AuthInitialize</code> factory function
-   */
-  public abstract String getAuthInit();
-
-  /**
-   * The name of the {@link Authenticator} factory function that should be used
-   * in conjunction with the credentials generated by this generator.
-   * 
-   * @return name of the <code>Authenticator</code> factory function
-   */
-  public abstract String getAuthenticator();
-
-  /**
-   * Get a set of valid credentials generated using the given index.
-   */
-  public abstract Properties getValidCredentials(int index);
-
-  /**
-   * Get a set of valid credentials for the given {@link Principal}.
-   * 
-   * @return credentials for the given <code>Principal</code> or null if none
-   *         possible.
-   */
-  public abstract Properties getValidCredentials(Principal principal);
-
-  /**
-   * Get a set of invalid credentials generated using the given index.
-   */
-  public abstract Properties getInvalidCredentials(int index);
-}

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/3720666f/gemfire-core/src/test/java/templates/security/DummyAuthzCredentialGenerator.java
----------------------------------------------------------------------
diff --git a/gemfire-core/src/test/java/templates/security/DummyAuthzCredentialGenerator.java b/gemfire-core/src/test/java/templates/security/DummyAuthzCredentialGenerator.java
deleted file mode 100644
index 5c27d60..0000000
--- a/gemfire-core/src/test/java/templates/security/DummyAuthzCredentialGenerator.java
+++ /dev/null
@@ -1,142 +0,0 @@
-
-package templates.security;
-
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- * 
- *   http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-
-import java.security.Principal;
-import java.util.HashSet;
-import java.util.Properties;
-import java.util.Set;
-
-import com.gemstone.gemfire.cache.operations.OperationContext.OperationCode;
-
-public class DummyAuthzCredentialGenerator extends AuthzCredentialGenerator {
-
-  public static final byte READER_ROLE = 1;
-
-  public static final byte WRITER_ROLE = 2;
-
-  public static final byte ADMIN_ROLE = 3;
-
-  private static Set readerOpsSet;
-
-  private static Set writerOpsSet;
-
-  static {
-
-    readerOpsSet = new HashSet();
-    for (int index = 0; index < DummyAuthorization.READER_OPS.length; index++) {
-      readerOpsSet.add(DummyAuthorization.READER_OPS[index]);
-    }
-    writerOpsSet = new HashSet();
-    for (int index = 0; index < DummyAuthorization.WRITER_OPS.length; index++) {
-      writerOpsSet.add(DummyAuthorization.WRITER_OPS[index]);
-    }
-  }
-
-  public DummyAuthzCredentialGenerator() {
-  }
-
-  protected Properties init() throws IllegalArgumentException {
-
-    if (!this.cGen.classCode().isDummy()) {
-      throw new IllegalArgumentException(
-          "DummyAuthorization module only works with DummyAuthenticator");
-    }
-    return null;
-  }
-
-  public ClassCode classCode() {
-    return ClassCode.DUMMY;
-  }
-
-  public String getAuthorizationCallback() {
-    return "templates.security.DummyAuthorization.create";
-  }
-
-  public static byte getRequiredRole(OperationCode[] opCodes) {
-
-    byte roleType = ADMIN_ROLE;
-    boolean requiresReader = true;
-    boolean requiresWriter = true;
-
-    for (int opNum = 0; opNum < opCodes.length; opNum++) {
-      if (requiresReader && !readerOpsSet.contains(opCodes[opNum])) {
-        requiresReader = false;
-      }
-      if (requiresWriter && !writerOpsSet.contains(opCodes[opNum])) {
-        requiresWriter = false;
-      }
-    }
-    if (requiresReader) {
-      roleType = READER_ROLE;
-    }
-    else if (requiresWriter) {
-      roleType = WRITER_ROLE;
-    }
-    return roleType;
-  }
-
-  private Principal getPrincipal(byte roleType, int index) {
-
-    String[] admins = new String[] { "root", "admin", "administrator" };
-    switch (roleType) {
-      case READER_ROLE:
-        return new UsernamePrincipal("reader" + index);
-      case WRITER_ROLE:
-        return new UsernamePrincipal("writer" + index);
-      default:
-        return new UsernamePrincipal(admins[index % admins.length]);
-    }
-  }
-
-  protected Principal getAllowedPrincipal(OperationCode[] opCodes,
-      String[] regionNames, int index) {
-
-    byte roleType = getRequiredRole(opCodes);
-    return getPrincipal(roleType, index);
-  }
-
-  protected Principal getDisallowedPrincipal(OperationCode[] opCodes,
-      String[] regionNames, int index) {
-
-    byte roleType = getRequiredRole(opCodes);
-    byte disallowedRoleType;
-    switch (roleType) {
-      case READER_ROLE:
-        disallowedRoleType = WRITER_ROLE;
-        break;
-      case WRITER_ROLE:
-        disallowedRoleType = READER_ROLE;
-        break;
-      default:
-        disallowedRoleType = READER_ROLE;
-        break;
-    }
-    return getPrincipal(disallowedRoleType, index);
-  }
-
-  protected int getNumPrincipalTries(OperationCode[] opCodes,
-      String[] regionNames) {
-    return 5;
-  }
-
-}

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/3720666f/gemfire-core/src/test/java/templates/security/DummyCredentialGenerator.java
----------------------------------------------------------------------
diff --git a/gemfire-core/src/test/java/templates/security/DummyCredentialGenerator.java b/gemfire-core/src/test/java/templates/security/DummyCredentialGenerator.java
deleted file mode 100644
index af6c6eb..0000000
--- a/gemfire-core/src/test/java/templates/security/DummyCredentialGenerator.java
+++ /dev/null
@@ -1,90 +0,0 @@
-
-package templates.security;
-
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- * 
- *   http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-
-import java.security.Principal;
-import java.util.Properties;
-
-public class DummyCredentialGenerator extends CredentialGenerator {
-
-  public DummyCredentialGenerator() {
-  }
-
-  protected Properties initialize() throws IllegalArgumentException {
-    return null;
-  }
-
-  public ClassCode classCode() {
-    return ClassCode.DUMMY;
-  }
-
-  public String getAuthInit() {
-    return "templates.security.UserPasswordAuthInit.create";
-  }
-
-  public String getAuthenticator() {
-    return "templates.security.DummyAuthenticator.create";
-  }
-
-  public Properties getValidCredentials(int index) {
-
-    String[] validGroups = new String[] { "admin", "user", "reader", "writer" };
-    String[] admins = new String[] { "root", "admin", "administrator" };
-
-    Properties props = new Properties();
-    int groupNum = (index % validGroups.length);
-    String userName;
-    if (groupNum == 0) {
-      userName = admins[index % admins.length];
-    }
-    else {
-      userName = validGroups[groupNum] + (index / validGroups.length);
-    }
-    props.setProperty(UserPasswordAuthInit.USER_NAME, userName);
-    props.setProperty(UserPasswordAuthInit.PASSWORD, userName);
-    return props;
-  }
-
-  public Properties getValidCredentials(Principal principal) {
-
-    String userName = principal.getName();
-    if (DummyAuthenticator.testValidName(userName)) {
-      Properties props = new Properties();
-      props.setProperty(UserPasswordAuthInit.USER_NAME, userName);
-      props.setProperty(UserPasswordAuthInit.PASSWORD, userName);
-      return props;
-    }
-    else {
-      throw new IllegalArgumentException("Dummy: [" + userName
-          + "] is not a valid user");
-    }
-  }
-
-  public Properties getInvalidCredentials(int index) {
-
-    Properties props = new Properties();
-    props.setProperty(UserPasswordAuthInit.USER_NAME, "invalid" + index);
-    props.setProperty(UserPasswordAuthInit.PASSWORD, "none");
-    return props;
-  }
-
-}

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/3720666f/gemfire-core/src/test/java/templates/security/LdapUserCredentialGenerator.java
----------------------------------------------------------------------
diff --git a/gemfire-core/src/test/java/templates/security/LdapUserCredentialGenerator.java b/gemfire-core/src/test/java/templates/security/LdapUserCredentialGenerator.java
deleted file mode 100644
index 816df63..0000000
--- a/gemfire-core/src/test/java/templates/security/LdapUserCredentialGenerator.java
+++ /dev/null
@@ -1,158 +0,0 @@
-
-package templates.security;
-
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- * 
- *   http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-
-import java.security.Principal;
-import java.util.Properties;
-
-import com.gemstone.gemfire.distributed.internal.DistributionConfig;
-import com.gemstone.gemfire.internal.cache.tier.sockets.HandShake;
-import com.gemstone.gemfire.util.test.TestUtil;
-
-import java.util.Random;
-
-public class LdapUserCredentialGenerator extends CredentialGenerator {
-
-  private static final String USER_PREFIX = "gemfire";
-
-  private static boolean enableServerAuthentication = false;
-
-  private boolean serverAuthEnabled = false;
-
-  private static final Random prng = new Random();
-
-  private static final String[] algos = new String[] { "", "DESede", "AES:128",
-      "Blowfish:128" };
-
-  public LdapUserCredentialGenerator() {
-    // Toggle server authentication enabled for each test
-    // This is done instead of running all the tests with both
-    // server auth enabled/disabled to reduce test run time.
-    enableServerAuthentication = !enableServerAuthentication;
-    serverAuthEnabled = enableServerAuthentication;
-  }
-
-  @Override
-  protected Properties initialize() throws IllegalArgumentException {
-
-    Properties extraProps = new Properties();
-    String ldapServer = System.getProperty("gf.ldap.server", "ldap");
-    String ldapBaseDN = System.getProperty("gf.ldap.basedn", "ou=ldapTesting,dc=pune,dc=gemstone,dc=com");
-    String ldapUseSSL = System.getProperty("gf.ldap.usessl");
-    extraProps.setProperty(LdapUserAuthenticator.LDAP_SERVER_NAME, ldapServer);
-    extraProps.setProperty(LdapUserAuthenticator.LDAP_BASEDN_NAME, ldapBaseDN);
-    if (ldapUseSSL != null && ldapUseSSL.length() > 0) {
-      extraProps.setProperty(LdapUserAuthenticator.LDAP_SSL_NAME, ldapUseSSL);
-    }
-    if (serverAuthEnabled) {
-      String keyStoreFile = TestUtil.getResourcePath(LdapUserCredentialGenerator.class, PKCSCredentialGenerator.keyStoreDir + "/gemfire1.keystore");
-      extraProps.setProperty(HandShake.PRIVATE_KEY_FILE_PROP, keyStoreFile);
-      extraProps.setProperty(HandShake.PRIVATE_KEY_ALIAS_PROP, "gemfire1");
-      extraProps.setProperty(HandShake.PRIVATE_KEY_PASSWD_PROP, "gemfire");
-    }
-    return extraProps;
-  }
-
-  @Override
-  public ClassCode classCode() {
-    return ClassCode.LDAP;
-  }
-
-  @Override
-  public String getAuthInit() {
-    return "templates.security.UserPasswordAuthInit.create";
-  }
-
-  @Override
-  public String getAuthenticator() {
-    return "templates.security.LdapUserAuthenticator.create";
-  }
-
-  @Override
-  public Properties getValidCredentials(int index) {
-
-    Properties props = new Properties();
-    props.setProperty(UserPasswordAuthInit.USER_NAME, USER_PREFIX
-        + ((index % 10) + 1));
-    props.setProperty(UserPasswordAuthInit.PASSWORD, USER_PREFIX
-        + ((index % 10) + 1));
-    props.setProperty(DistributionConfig.SECURITY_CLIENT_DHALGO_NAME,
-        algos[prng.nextInt(algos.length)]);
-    if (serverAuthEnabled) {
-      String keyStoreFile = TestUtil.getResourcePath(PKCSCredentialGenerator.class, PKCSCredentialGenerator.keyStoreDir + "/publickeyfile");
-      props.setProperty(HandShake.PUBLIC_KEY_FILE_PROP, keyStoreFile);
-      props.setProperty(HandShake.PUBLIC_KEY_PASSWD_PROP, "gemfire");
-    }
-    return props;
-  }
-
-  @Override
-  public Properties getValidCredentials(Principal principal) {
-
-    Properties props = null;
-    String userName = principal.getName();
-    if (userName != null && userName.startsWith(USER_PREFIX)) {
-      boolean isValid;
-      try {
-        int suffix = Integer.parseInt(userName.substring(USER_PREFIX.length()));
-        isValid = (suffix >= 1 && suffix <= 10);
-      }
-      catch (Exception ex) {
-        isValid = false;
-      }
-      if (isValid) {
-        props = new Properties();
-        props.setProperty(UserPasswordAuthInit.USER_NAME, userName);
-        props.setProperty(UserPasswordAuthInit.PASSWORD, userName);
-      }
-    }
-    if (props == null) {
-      throw new IllegalArgumentException("LDAP: [" + userName
-          + "] not a valid user");
-    }
-    props.setProperty(DistributionConfig.SECURITY_CLIENT_DHALGO_NAME,
-        algos[prng.nextInt(algos.length)]);
-    if (serverAuthEnabled) {
-      String keyStoreFile = TestUtil.getResourcePath(PKCSCredentialGenerator.class, PKCSCredentialGenerator.keyStoreDir + "/publickeyfile");
-      props.setProperty(HandShake.PUBLIC_KEY_FILE_PROP, keyStoreFile);
-      props.setProperty(HandShake.PUBLIC_KEY_PASSWD_PROP, "gemfire");
-    }
-    return props;
-  }
-
-  @Override
-  public Properties getInvalidCredentials(int index) {
-
-    Properties props = new Properties();
-    props.setProperty(UserPasswordAuthInit.USER_NAME, "invalid" + index);
-    props.setProperty(UserPasswordAuthInit.PASSWORD, "none");
-    props.setProperty(DistributionConfig.SECURITY_CLIENT_DHALGO_NAME,
-        algos[prng.nextInt(algos.length)]);
-    if (serverAuthEnabled) {
-      String keyStoreFile = TestUtil.getResourcePath(PKCSCredentialGenerator.class, PKCSCredentialGenerator.keyStoreDir + "/publickeyfile");
-      props.setProperty(HandShake.PUBLIC_KEY_FILE_PROP, keyStoreFile);
-      props.setProperty(HandShake.PUBLIC_KEY_PASSWD_PROP, "gemfire");
-    }
-    return props;
-  }
-
-}

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/3720666f/gemfire-core/src/test/java/templates/security/PKCSCredentialGenerator.java
----------------------------------------------------------------------
diff --git a/gemfire-core/src/test/java/templates/security/PKCSCredentialGenerator.java b/gemfire-core/src/test/java/templates/security/PKCSCredentialGenerator.java
deleted file mode 100644
index fa4bf04..0000000
--- a/gemfire-core/src/test/java/templates/security/PKCSCredentialGenerator.java
+++ /dev/null
@@ -1,110 +0,0 @@
-
-package templates.security;
-
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- * 
- *   http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-
-import java.security.Principal;
-import java.security.Provider;
-import java.security.Security;
-import java.util.Properties;
-
-import com.gemstone.gemfire.util.test.TestUtil;
-
-/**
- * @author kneeraj
- * 
- */
-public class PKCSCredentialGenerator extends CredentialGenerator {
-
-  public static String keyStoreDir = getKeyStoreDir();
-
-  public static boolean usesIBMJSSE;
-
-  // Checks if the current JVM uses only IBM JSSE providers.
-  private static boolean usesIBMProviders() {
-    Provider[] providers = Security.getProviders();
-    for (int index = 0; index < providers.length; ++index) {
-      if (!providers[index].getName().toLowerCase().startsWith("ibm")) {
-        return false;
-      }
-    }
-    return true;
-  }
-
-  private static String getKeyStoreDir() {
-    usesIBMJSSE = usesIBMProviders();
-    if (usesIBMJSSE) {
-      return "/lib/keys/ibm";
-    }
-    else {
-      return "/lib/keys";
-    }
-  }
-
-  public ClassCode classCode() {
-    return ClassCode.PKCS;
-  }
-
-  public String getAuthInit() {
-    return "templates.security.PKCSAuthInit.create";
-  }
-
-  public String getAuthenticator() {
-    return "templates.security.PKCSAuthenticator.create";
-  }
-
-  public Properties getInvalidCredentials(int index) {
-    Properties props = new Properties();
-    String keyStoreFile = TestUtil.getResourcePath(PKCSCredentialGenerator.class, keyStoreDir + "/gemfire11.keystore");
-    props.setProperty(PKCSAuthInit.KEYSTORE_FILE_PATH, keyStoreFile);
-    props.setProperty(PKCSAuthInit.KEYSTORE_ALIAS, "gemfire11");
-    props.setProperty(PKCSAuthInit.KEYSTORE_PASSWORD, "gemfire");
-    return props;
-  }
-
-  public Properties getValidCredentials(int index) {
-    Properties props = new Properties();
-    int aliasnum = (index % 10) + 1;
-    String keyStoreFile = TestUtil.getResourcePath(PKCSCredentialGenerator.class, keyStoreDir + "/gemfire" + aliasnum + ".keystore");
-    props.setProperty(PKCSAuthInit.KEYSTORE_FILE_PATH, keyStoreFile);
-    props.setProperty(PKCSAuthInit.KEYSTORE_ALIAS, "gemfire" + aliasnum);
-    props.setProperty(PKCSAuthInit.KEYSTORE_PASSWORD, "gemfire");
-    return props;
-  }
-
-  public Properties getValidCredentials(Principal principal) {
-    Properties props = new Properties();
-    String keyStoreFile = TestUtil.getResourcePath(PKCSCredentialGenerator.class, keyStoreDir + principal.getName() + ".keystore");
-    props.setProperty(PKCSAuthInit.KEYSTORE_FILE_PATH, keyStoreFile);
-    props.setProperty(PKCSAuthInit.KEYSTORE_ALIAS, principal.getName());
-    props.setProperty(PKCSAuthInit.KEYSTORE_PASSWORD, "gemfire");
-    return props;
-  }
-
-  protected Properties initialize() throws IllegalArgumentException {
-    Properties props = new Properties();
-    String keyStoreFile = TestUtil.getResourcePath(PKCSCredentialGenerator.class, keyStoreDir + "/publickeyfile");
-    props.setProperty(PKCSAuthenticator.PUBLIC_KEY_FILE, keyStoreFile);
-    props.setProperty(PKCSAuthenticator.PUBLIC_KEYSTORE_PASSWORD, "gemfire");
-    return props;
-  }
-
-}

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/3720666f/gemfire-core/src/test/java/templates/security/SSLCredentialGenerator.java
----------------------------------------------------------------------
diff --git a/gemfire-core/src/test/java/templates/security/SSLCredentialGenerator.java b/gemfire-core/src/test/java/templates/security/SSLCredentialGenerator.java
deleted file mode 100644
index 09367a2..0000000
--- a/gemfire-core/src/test/java/templates/security/SSLCredentialGenerator.java
+++ /dev/null
@@ -1,116 +0,0 @@
-
-package templates.security;
-
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- * 
- *   http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-
-import java.io.File;
-import java.io.IOException;
-import java.security.Principal;
-import java.util.Properties;
-
-import com.gemstone.gemfire.security.AuthenticationFailedException;
-
-public class SSLCredentialGenerator extends CredentialGenerator {
-
-  private File findTrustedJKS() {
-    File ssldir = new File(System.getProperty("JTESTS") + "/ssl");
-    return new File(ssldir, "trusted.keystore");
-  }
-
-  private File findUntrustedJKS() {
-    File ssldir = new File(System.getProperty("JTESTS") + "/ssl");
-    return new File(ssldir, "untrusted.keystore");
-  }
-
-  private Properties getValidJavaSSLProperties() {
-    File jks = findTrustedJKS();
-    try {
-      Properties props = new Properties();
-      props.setProperty("javax.net.ssl.trustStore", jks.getCanonicalPath());
-      props.setProperty("javax.net.ssl.trustStorePassword", "password");
-      props.setProperty("javax.net.ssl.keyStore", jks.getCanonicalPath());
-      props.setProperty("javax.net.ssl.keyStorePassword", "password");
-      return props;
-    }
-    catch (IOException ex) {
-      throw new AuthenticationFailedException(
-          "SSL: Exception while opening the key store: " + ex);
-    }
-  }
-
-  private Properties getInvalidJavaSSLProperties() {
-    File jks = findUntrustedJKS();
-    try {
-      Properties props = new Properties();
-      props.setProperty("javax.net.ssl.trustStore", jks.getCanonicalPath());
-      props.setProperty("javax.net.ssl.trustStorePassword", "password");
-      props.setProperty("javax.net.ssl.keyStore", jks.getCanonicalPath());
-      props.setProperty("javax.net.ssl.keyStorePassword", "password");
-      return props;
-    }
-    catch (IOException ex) {
-      throw new AuthenticationFailedException(
-          "SSL: Exception while opening the key store: " + ex);
-    }
-  }
-
-  private Properties getSSLProperties() {
-    Properties props = new Properties();
-    props.setProperty("ssl-enabled", "true");
-    props.setProperty("ssl-require-authentication", "true");
-    props.setProperty("ssl-ciphers", "SSL_RSA_WITH_RC4_128_MD5");
-    props.setProperty("ssl-protocols", "TLSv1");
-    return props;
-  }
-
-  protected Properties initialize() throws IllegalArgumentException {
-    this.javaProps = getValidJavaSSLProperties();
-    return getSSLProperties();
-  }
-
-  public ClassCode classCode() {
-    return ClassCode.SSL;
-  }
-
-  public String getAuthInit() {
-    return null;
-  }
-
-  public String getAuthenticator() {
-    return null;
-  }
-
-  public Properties getValidCredentials(int index) {
-    this.javaProps = getValidJavaSSLProperties();
-    return getSSLProperties();
-  }
-
-  public Properties getValidCredentials(Principal principal) {
-    this.javaProps = getValidJavaSSLProperties();
-    return getSSLProperties();
-  }
-
-  public Properties getInvalidCredentials(int index) {
-    this.javaProps = getInvalidJavaSSLProperties();
-    return getSSLProperties();
-  }
-
-}

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/3720666f/gemfire-core/src/test/java/templates/security/UserPasswordWithExtraPropsAuthInit.java
----------------------------------------------------------------------
diff --git a/gemfire-core/src/test/java/templates/security/UserPasswordWithExtraPropsAuthInit.java b/gemfire-core/src/test/java/templates/security/UserPasswordWithExtraPropsAuthInit.java
deleted file mode 100644
index 56dbf7d..0000000
--- a/gemfire-core/src/test/java/templates/security/UserPasswordWithExtraPropsAuthInit.java
+++ /dev/null
@@ -1,76 +0,0 @@
-
-package templates.security;
-
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- * 
- *   http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-
-import java.util.Properties;
-import java.util.Iterator;
-
-import com.gemstone.gemfire.distributed.DistributedMember;
-import com.gemstone.gemfire.security.AuthInitialize;
-import com.gemstone.gemfire.security.AuthenticationFailedException;
-
-/**
- * An {@link AuthInitialize} implementation that obtains the user name and
- * password as the credentials from the given set of properties. If 
- * keep-extra-props property exits, it will copy rest of the
- * properties provided in getCredential props argument will also be 
- * copied as new credentials.
- * 
- * @author Soubhik
- * @since 5.5
- */
-public class UserPasswordWithExtraPropsAuthInit extends UserPasswordAuthInit {
-
-  public static final String EXTRA_PROPS = "security-keep-extra-props";
-
-  public static final String SECURITY_PREFIX = "security-";
-  
-  public static AuthInitialize create() {
-    return new UserPasswordWithExtraPropsAuthInit();
-  }
-
-  public UserPasswordWithExtraPropsAuthInit() {
-    super();
-  }
-
-  public Properties getCredentials(Properties props, DistributedMember server,
-      boolean isPeer) throws AuthenticationFailedException {
-
-    Properties newProps = super.getCredentials(props, server, isPeer);
-    String extraProps = props.getProperty(EXTRA_PROPS);
-    if(extraProps != null) {
-    	for(Iterator it = props.keySet().iterator(); it.hasNext();) {
-    		String key = (String)it.next();
-    		if( key.startsWith(SECURITY_PREFIX) && 
-    		    key.equalsIgnoreCase(USER_NAME) == false &&
-    		    key.equalsIgnoreCase(PASSWORD) == false &&
-    		    key.equalsIgnoreCase(EXTRA_PROPS) == false) {
-    			newProps.setProperty(key, props.getProperty(key));
-    		}
-    	}
-    	this.securitylog.fine("got everything and now have: "
-          + newProps.keySet().toString());
-    }
-    return newProps;
-  }
-
-}

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/3720666f/gemfire-core/src/test/java/templates/security/XmlAuthzCredentialGenerator.java
----------------------------------------------------------------------
diff --git a/gemfire-core/src/test/java/templates/security/XmlAuthzCredentialGenerator.java b/gemfire-core/src/test/java/templates/security/XmlAuthzCredentialGenerator.java
deleted file mode 100644
index 6b3f171..0000000
--- a/gemfire-core/src/test/java/templates/security/XmlAuthzCredentialGenerator.java
+++ /dev/null
@@ -1,262 +0,0 @@
-
-package templates.security;
-
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- * 
- *   http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-
-import java.security.Principal;
-import java.util.HashSet;
-import java.util.Properties;
-import java.util.Set;
-
-import com.gemstone.gemfire.cache.operations.OperationContext.OperationCode;
-import com.gemstone.gemfire.util.test.TestUtil;
-
-public class XmlAuthzCredentialGenerator extends AuthzCredentialGenerator {
-
-  private static final String dummyXml = "authz-dummy.xml";
-
-  private static final String ldapXml = "authz-ldap.xml";
-
-  private static final String pkcsXml = "authz-pkcs.xml";
-
-  private static final String sslXml = "authz-ssl.xml";
-
-  private static final String[] QUERY_REGIONS = { "/Portfolios", "/Positions",
-      "/AuthRegion" };
-
-  public static OperationCode[] READER_OPS = { OperationCode.GET,
-      OperationCode.REGISTER_INTEREST, OperationCode.UNREGISTER_INTEREST,
-      OperationCode.KEY_SET, OperationCode.CONTAINS_KEY, OperationCode.EXECUTE_FUNCTION };
-
-  public static OperationCode[] WRITER_OPS = { OperationCode.PUT,
-      OperationCode.DESTROY, OperationCode.INVALIDATE, OperationCode.REGION_CLEAR };
-
-  public static OperationCode[] QUERY_OPS = { OperationCode.QUERY,
-      OperationCode.EXECUTE_CQ, OperationCode.STOP_CQ, OperationCode.CLOSE_CQ };
-
-  private static final byte READER_ROLE = 1;
-
-  private static final byte WRITER_ROLE = 2;
-
-  private static final byte QUERY_ROLE = 3;
-
-  private static final byte ADMIN_ROLE = 4;
-
-  private static Set readerOpsSet;
-
-  private static Set writerOpsSet;
-
-  private static Set queryOpsSet;
-
-  private static Set queryRegionSet;
-
-  static {
-
-    readerOpsSet = new HashSet();
-    for (int index = 0; index < READER_OPS.length; index++) {
-      readerOpsSet.add(READER_OPS[index]);
-    }
-    writerOpsSet = new HashSet();
-    for (int index = 0; index < WRITER_OPS.length; index++) {
-      writerOpsSet.add(WRITER_OPS[index]);
-    }
-    queryOpsSet = new HashSet();
-    for (int index = 0; index < QUERY_OPS.length; index++) {
-      queryOpsSet.add(QUERY_OPS[index]);
-    }
-    queryRegionSet = new HashSet();
-    for (int index = 0; index < QUERY_REGIONS.length; index++) {
-      queryRegionSet.add(QUERY_REGIONS[index]);
-    }
-  }
-
-  public XmlAuthzCredentialGenerator() {
-  }
-
-  protected Properties init() throws IllegalArgumentException {
-
-    Properties sysProps = new Properties();
-    String dirName = "/lib/";
-    if (this.cGen.classCode().isDummy()) {
-      String xmlFilename = TestUtil.getResourcePath(XmlAuthzCredentialGenerator.class, dirName + dummyXml);
-      sysProps.setProperty(XmlAuthorization.DOC_URI_PROP_NAME, xmlFilename);
-    }
-    else if (this.cGen.classCode().isLDAP()) {
-      String xmlFilename = TestUtil.getResourcePath(XmlAuthzCredentialGenerator.class, dirName + ldapXml);
-      sysProps.setProperty(XmlAuthorization.DOC_URI_PROP_NAME, xmlFilename);
-    }
-    // else if (this.cGen.classCode().isPKCS()) {
-    // sysProps
-    // .setProperty(XmlAuthorization.DOC_URI_PROP_NAME, dirName + pkcsXml);
-    // }
-    // else if (this.cGen.classCode().isSSL()) {
-    // sysProps
-    // .setProperty(XmlAuthorization.DOC_URI_PROP_NAME, dirName + sslXml);
-    // }
-    else {
-      throw new IllegalArgumentException(
-          "No XML defined for XmlAuthorization module to work with "
-              + this.cGen.getAuthenticator());
-    }
-    return sysProps;
-  }
-
-  public ClassCode classCode() {
-    return ClassCode.XML;
-  }
-
-  public String getAuthorizationCallback() {
-    return "templates.security.XmlAuthorization.create";
-  }
-
-  private Principal getDummyPrincipal(byte roleType, int index) {
-
-    String[] admins = new String[] { "root", "admin", "administrator" };
-    int numReaders = 3;
-    int numWriters = 3;
-
-    switch (roleType) {
-      case READER_ROLE:
-        return new UsernamePrincipal("reader" + (index % numReaders));
-      case WRITER_ROLE:
-        return new UsernamePrincipal("writer" + (index % numWriters));
-      case QUERY_ROLE:
-        return new UsernamePrincipal("reader" + ((index % 2) + 3));
-      default:
-        return new UsernamePrincipal(admins[index % admins.length]);
-    }
-  }
-
-  private Principal getLdapPrincipal(byte roleType, int index) {
-
-    final String userPrefix = "gemfire";
-    final int[] readerIndices = { 3, 4, 5 };
-    final int[] writerIndices = { 6, 7, 8 };
-    final int[] queryIndices = { 9, 10 };
-    final int[] adminIndices = { 1, 2 };
-
-    switch (roleType) {
-      case READER_ROLE:
-        int readerIndex = readerIndices[index % readerIndices.length];
-        return new UsernamePrincipal(userPrefix + readerIndex);
-      case WRITER_ROLE:
-        int writerIndex = writerIndices[index % writerIndices.length];
-        return new UsernamePrincipal(userPrefix + writerIndex);
-      case QUERY_ROLE:
-        int queryIndex = queryIndices[index % queryIndices.length];
-        return new UsernamePrincipal(userPrefix + queryIndex);
-      default:
-        int adminIndex = adminIndices[index % adminIndices.length];
-        return new UsernamePrincipal(userPrefix + adminIndex);
-    }
-  }
-
-  private byte getRequiredRole(OperationCode[] opCodes, String[] regionNames) {
-
-    byte roleType = ADMIN_ROLE;
-    boolean requiresReader = true;
-    boolean requiresWriter = true;
-    boolean requiresQuery = true;
-
-    for (int opNum = 0; opNum < opCodes.length; opNum++) {
-      OperationCode opCode = opCodes[opNum];
-      if (requiresReader && !readerOpsSet.contains(opCode)) {
-        requiresReader = false;
-      }
-      if (requiresWriter && !writerOpsSet.contains(opCode)) {
-        requiresWriter = false;
-      }
-      if (requiresQuery && !queryOpsSet.contains(opCode)) {
-        requiresQuery = false;
-      }
-    }
-    if (requiresReader) {
-      roleType = READER_ROLE;
-    }
-    else if (requiresWriter) {
-      roleType = WRITER_ROLE;
-    }
-    else if (requiresQuery) {
-      if (regionNames != null && regionNames.length > 0) {
-        for (int index = 0; index < regionNames.length; index++) {
-          String regionName = XmlAuthorization
-              .normalizeRegionName(regionNames[index]);
-          if (requiresQuery && !queryRegionSet.contains(regionName)) {
-            requiresQuery = false;
-            break;
-          }
-        }
-        if (requiresQuery) {
-          roleType = QUERY_ROLE;
-        }
-      }
-    }
-    return roleType;
-  }
-
-  protected Principal getAllowedPrincipal(OperationCode[] opCodes,
-      String[] regionNames, int index) {
-
-    if (this.cGen.classCode().isDummy()) {
-      byte roleType = getRequiredRole(opCodes, regionNames);
-      return getDummyPrincipal(roleType, index);
-    }
-    else if (this.cGen.classCode().isLDAP()) {
-      byte roleType = getRequiredRole(opCodes, regionNames);
-      return getLdapPrincipal(roleType, index);
-    }
-    return null;
-  }
-
-  protected Principal getDisallowedPrincipal(OperationCode[] opCodes,
-      String[] regionNames, int index) {
-
-    byte roleType = getRequiredRole(opCodes, regionNames);
-    byte disallowedRoleType = READER_ROLE;
-    switch (roleType) {
-      case READER_ROLE:
-        disallowedRoleType = WRITER_ROLE;
-        break;
-      case WRITER_ROLE:
-        disallowedRoleType = READER_ROLE;
-        break;
-      case QUERY_ROLE:
-        disallowedRoleType = READER_ROLE;
-        break;
-      case ADMIN_ROLE:
-        disallowedRoleType = READER_ROLE;
-        break;
-    }
-    if (this.cGen.classCode().isDummy()) {
-      return getDummyPrincipal(disallowedRoleType, index);
-    }
-    else if (this.cGen.classCode().isLDAP()) {
-      return getLdapPrincipal(disallowedRoleType, index);
-    }
-    return null;
-  }
-
-  protected int getNumPrincipalTries(OperationCode[] opCodes,
-      String[] regionNames) {
-    return 5;
-  }
-
-}


Mime
View raw message