geode-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dschnei...@apache.org
Subject [3/6] incubator-geode git commit: GEODE-851: Cleanup tests in management.internal.security package
Date Fri, 29 Jan 2016 19:59:58 GMT
GEODE-851: Cleanup tests in management.internal.security package


Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/de7afae6
Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/de7afae6
Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/de7afae6

Branch: refs/heads/feature/GEODE-831
Commit: de7afae6b4e173493efe66a01b747b147b7ea5d1
Parents: f13bf0c
Author: Kirk Lund <klund@pivotal.io>
Authored: Mon Jan 25 10:49:59 2016 -0800
Committer: Kirk Lund <klund@pivotal.io>
Committed: Thu Jan 28 15:55:52 2016 -0800

----------------------------------------------------------------------
 ...rDistributedSystemMXBeanIntegrationTest.java |  50 +++
 ...horizeOperationForMBeansIntegrationTest.java | 323 +++++++++++++++
 ...erationForRegionCommandsIntegrationTest.java | 136 +++++++
 .../internal/security/JSONAuthCodeTest.java     | 143 -------
 ...JSONAuthorizationDetailsIntegrationTest.java | 163 ++++++++
 .../security/JSONAuthorizationTest.java         | 168 --------
 ...tionCodesForDataCommandsIntegrationTest.java | 101 +++++
 ...tionCodesForDistributedSystemMXBeanTest.java |  76 ++++
 .../security/ResourceOperationJUnit.java        | 394 -------------------
 9 files changed, 849 insertions(+), 705 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/de7afae6/gemfire-core/src/test/java/com/gemstone/gemfire/management/internal/security/AuthorizeOperationForDistributedSystemMXBeanIntegrationTest.java
----------------------------------------------------------------------
diff --git a/gemfire-core/src/test/java/com/gemstone/gemfire/management/internal/security/AuthorizeOperationForDistributedSystemMXBeanIntegrationTest.java b/gemfire-core/src/test/java/com/gemstone/gemfire/management/internal/security/AuthorizeOperationForDistributedSystemMXBeanIntegrationTest.java
new file mode 100755
index 0000000..4ae0107
--- /dev/null
+++ b/gemfire-core/src/test/java/com/gemstone/gemfire/management/internal/security/AuthorizeOperationForDistributedSystemMXBeanIntegrationTest.java
@@ -0,0 +1,50 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.management.internal.security;
+
+import static org.junit.Assert.*;
+
+import javax.management.remote.JMXPrincipal;
+
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+import com.gemstone.gemfire.management.internal.MBeanJMXAdapter;
+import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
+import com.gemstone.gemfire.util.test.TestUtil;
+
+/**
+ * Tests <code>JSONAuthorization.authorizeOperation(...)</code> for <code>DistributedSystemMXBean</code> operations.
+ */
+@Category(IntegrationTest.class)
+public class AuthorizeOperationForDistributedSystemMXBeanIntegrationTest {
+
+  @Test
+  public void returnsFalseForUnauthorizedUser() throws Exception {    
+    System.setProperty("resource.secDescriptor", TestUtil.getResourcePath(getClass(), "auth1.json")); 
+    JSONAuthorization authorization = JSONAuthorization.create();        
+    authorization.init(new JMXPrincipal("tushark"), null, null);
+    
+    JMXOperationContext context = new JMXOperationContext(MBeanJMXAdapter.getDistributedSystemName(), "queryData");
+    boolean result = authorization.authorizeOperation(null, context);
+    //assertTrue(result); TODO: why is this commented out? looks like this should be true but it isn't
+    
+    context = new JMXOperationContext(MBeanJMXAdapter.getDistributedSystemName(), "changeAlertLevel");
+    result = authorization.authorizeOperation(null,context);
+    assertFalse(result);
+  }
+}

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/de7afae6/gemfire-core/src/test/java/com/gemstone/gemfire/management/internal/security/AuthorizeOperationForMBeansIntegrationTest.java
----------------------------------------------------------------------
diff --git a/gemfire-core/src/test/java/com/gemstone/gemfire/management/internal/security/AuthorizeOperationForMBeansIntegrationTest.java b/gemfire-core/src/test/java/com/gemstone/gemfire/management/internal/security/AuthorizeOperationForMBeansIntegrationTest.java
new file mode 100644
index 0000000..d63947b
--- /dev/null
+++ b/gemfire-core/src/test/java/com/gemstone/gemfire/management/internal/security/AuthorizeOperationForMBeansIntegrationTest.java
@@ -0,0 +1,323 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.management.internal.security;
+
+import static org.junit.Assert.*;
+import static org.assertj.core.api.Assertions.assertThat;
+
+import java.io.Serializable;
+import java.security.Principal;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Properties;
+
+import javax.management.JMX;
+import javax.management.MBeanServerConnection;
+import javax.management.ObjectName;
+import javax.management.remote.JMXConnector;
+import javax.management.remote.JMXConnectorFactory;
+import javax.management.remote.JMXServiceURL;
+
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.contrib.java.lang.system.RestoreSystemProperties;
+import org.junit.experimental.categories.Category;
+import org.junit.rules.TestName;
+
+import com.gemstone.gemfire.LogWriter;
+import com.gemstone.gemfire.cache.Cache;
+import com.gemstone.gemfire.cache.CacheFactory;
+import com.gemstone.gemfire.cache.operations.OperationContext;
+import com.gemstone.gemfire.distributed.DistributedMember;
+import com.gemstone.gemfire.distributed.DistributedSystem;
+import com.gemstone.gemfire.distributed.internal.DistributionConfig;
+import com.gemstone.gemfire.internal.AvailablePort;
+import com.gemstone.gemfire.internal.cache.GemFireCacheImpl;
+import com.gemstone.gemfire.management.DistributedSystemMXBean;
+import com.gemstone.gemfire.management.MemberMXBean;
+import com.gemstone.gemfire.management.internal.MBeanJMXAdapter;
+import com.gemstone.gemfire.management.internal.security.ResourceOperationContext.ResourceOperationCode;
+import com.gemstone.gemfire.security.AccessControl;
+import com.gemstone.gemfire.security.AuthenticationFailedException;
+import com.gemstone.gemfire.security.Authenticator;
+import com.gemstone.gemfire.security.NotAuthorizedException;
+import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
+
+/**
+ * Tests <code>JSONAuthorization.authorizeOperation(...)</code> with GemFire MBeans.
+ */
+@Category(IntegrationTest.class)
+@SuppressWarnings("deprecation")
+public class AuthorizeOperationForMBeansIntegrationTest {
+
+  private GemFireCacheImpl cache;
+  private DistributedSystem ds;
+  private int jmxManagerPort = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET);
+  private JMXConnector jmxConnector;
+  private MBeanServerConnection mbeanServer;
+
+  @Rule
+  public TestName testName = new TestName();
+  
+  @Rule
+  public RestoreSystemProperties restoreSystemProperties = new RestoreSystemProperties();
+
+  @Before
+  public void setUp() throws Exception {
+    System.setProperty("resource-auth-accessor", TestAccessControl.class.getName());
+    System.setProperty("resource-authenticator", TestAuthenticator.class.getName());
+    
+    Properties properties = new Properties();
+    properties.put("name", this.testName.getMethodName());
+    properties.put(DistributionConfig.LOCATORS_NAME, "");
+    properties.put(DistributionConfig.MCAST_PORT_NAME, "0");
+    properties.put(DistributionConfig.JMX_MANAGER_NAME, "true");
+    properties.put(DistributionConfig.JMX_MANAGER_START_NAME, "true");
+    properties.put(DistributionConfig.JMX_MANAGER_PORT_NAME, String.valueOf(this.jmxManagerPort));
+    properties.put(DistributionConfig.HTTP_SERVICE_PORT_NAME, "0");
+    
+    this.ds = DistributedSystem.connect(properties);
+    this.cache = (GemFireCacheImpl) CacheFactory.create(ds);
+
+    this.jmxConnector = getGemfireMBeanServer(this.jmxManagerPort, "tushark", "tushark");
+    this.mbeanServer = this.jmxConnector.getMBeanServerConnection();
+  }
+
+  @After
+  public void tearDown() throws Exception {
+    if (this.jmxConnector != null) {
+      this.jmxConnector.close();
+      this.jmxConnector = null;
+    }
+    if (this.cache != null) {
+      this.cache.close();
+      this.cache = null;
+    }
+    if (this.ds != null) {
+      this.ds.disconnect();
+      this.ds = null;
+    }
+  }
+
+  /**
+   * This is testing a sampling of operations for DistributedSystemMXBean and AccessControlMXBean
+   */
+  @Test
+  public void operationsShouldBeCoveredByAuthorization() throws Exception {
+    ObjectName objectName = MBeanJMXAdapter.getDistributedSystemName();
+    
+    checkListCacheServerObjectNames(objectName);
+    checkAlertLevel(objectName);
+    checkAccessControlMXBean();
+    checkBackUpMembers(objectName);
+    checkShutDownAllMembers(objectName);
+    checkCLIContext(this.mbeanServer);
+  }
+  
+  private void checkListCacheServerObjectNames(final ObjectName objectName) throws Exception {
+    Object cacheServerObjectNames = this.mbeanServer.invoke(objectName, "listCacheServerObjectNames", null, null);
+    assertThat(cacheServerObjectNames).isNotNull().isInstanceOf(ObjectName[].class);
+    assertThat((ObjectName[])cacheServerObjectNames).hasSize(0); // this isn't really testing much since there are no CacheServers
+  }
+  
+  private void checkAlertLevel(final ObjectName objectName) throws Exception {
+    // attribute AlertLevel
+    String oldLevel = (String) this.mbeanServer.getAttribute(objectName, "AlertLevel");
+    assertThat(oldLevel).isEqualTo("severe");
+    
+    // operation changeAlertLevel
+    this.mbeanServer.invoke(
+        objectName, 
+        "changeAlertLevel", 
+        new Object[] { "warning" },
+        new String[] { String.class.getName() }
+    );
+    String newLevel = (String) this.mbeanServer.getAttribute(objectName, "AlertLevel");
+    assertThat(newLevel).isEqualTo("warning");
+  }
+  
+  private void checkAccessControlMXBean() throws Exception {
+    final ResourceOperationCode resourceOperationCodes[] = { 
+        ResourceOperationCode.LIST_DS, 
+        ResourceOperationCode.READ_DS, 
+        ResourceOperationCode.CHANGE_ALERT_LEVEL_DS,
+        ResourceOperationCode.LOCATE_ENTRY_REGION 
+    };
+    
+    ObjectName objectName = new ObjectName(ManagementInterceptor.OBJECT_NAME_ACCESSCONTROL);
+    for (ResourceOperationCode resourceOperationCode : resourceOperationCodes) {
+      boolean isAuthorizedForOperation = (Boolean) this.mbeanServer.invoke(
+          objectName, 
+          "authorize", 
+          new Object[] { resourceOperationCode.toString() },
+          new String[] { String.class.getName() }
+      );
+      assertThat(isAuthorizedForOperation).isTrue();
+    }
+
+    boolean isAuthorizedForAllOperations = (Boolean) mbeanServer.invoke(
+        objectName, 
+        "authorize", 
+        new Object[] { ResourceOperationCode.ADMIN_DS.toString() },
+        new String[] { String.class.getName() }
+    );
+    assertThat(isAuthorizedForAllOperations).isFalse();
+  }
+
+  private void checkBackUpMembers(final ObjectName objectName) throws Exception {
+    try {
+      this.mbeanServer.invoke(
+          objectName, 
+          "backupAllMembers", 
+          new Object[] { "targetPath", "baseLinePath" },
+          new String[] { String.class.getCanonicalName(), String.class.getCanonicalName() });
+      fail("Should not be authorized for backupAllMembers");
+    } catch (SecurityException expected) {
+      // expected
+    }
+  }
+  
+  private void checkShutDownAllMembers(final ObjectName objectName) throws Exception {
+    try {
+      this.mbeanServer.invoke(
+          objectName, 
+          "shutDownAllMembers", 
+          null, 
+          null
+      );
+      fail("Should not be authorized for shutDownAllMembers");
+    } catch (SecurityException expected) {
+      // expected
+    }
+  }
+  
+  private void checkCLIContext(MBeanServerConnection mbeanServer) {
+    ObjectName objectName = MBeanJMXAdapter.getDistributedSystemName();
+    DistributedSystemMXBean proxy = JMX.newMXBeanProxy(mbeanServer, objectName, DistributedSystemMXBean.class);
+    ObjectName managerMemberObjectName = proxy.getMemberObjectName();
+    MemberMXBean memberMXBeanProxy = JMX.newMXBeanProxy(mbeanServer, managerMemberObjectName, MemberMXBean.class);
+
+    Map<String, String> map = new HashMap<String, String>();
+    map.put("APP", "GFSH");
+    String result = memberMXBeanProxy.processCommand("locate entry --key=k1 --region=/region1", map);
+    
+    assertThat(result).isNotNull().doesNotContain(SecurityException.class.getSimpleName());
+  }
+
+  private JMXConnector getGemfireMBeanServer(final int port, final String user, final String pwd) throws Exception {
+    JMXServiceURL url = new JMXServiceURL("service:jmx:rmi:///jndi/rmi://:" + port + "/jmxrmi");
+    if (user != null) { // TODO: why isn't this deterministic? need to create 2nd test without a user?
+      Map<String, String[]> env = new HashMap<String, String[]>();
+      String[] creds = { user, pwd };
+      env.put(JMXConnector.CREDENTIALS, creds);
+      JMXConnector jmxc = JMXConnectorFactory.connect(url, env);
+      return jmxc;
+    } else {
+      JMXConnector jmxc = JMXConnectorFactory.connect(url, null);
+      return jmxc;
+    }
+  }
+
+  /**
+   * Fake Principal for testing.
+   */
+  @SuppressWarnings("serial")
+  public static class TestUsernamePrincipal implements Principal, Serializable {
+
+    private final String userName;
+
+    public TestUsernamePrincipal(final String userName) {
+      this.userName = userName;
+    }
+
+    @Override
+    public String getName() {
+      return this.userName;
+    }
+
+    @Override
+    public String toString() {
+      return this.userName;
+    }
+  }
+
+  /**
+   * Fake Authenticator for testing.
+   */
+  public static class TestAuthenticator implements Authenticator {
+
+    @Override
+    public void close() {
+    }
+
+    @Override
+    public void init(final Properties securityProps, final LogWriter systemLogger, final LogWriter securityLogger) throws AuthenticationFailedException {
+    }
+
+    @Override
+    public Principal authenticate(final Properties props, final DistributedMember member) throws AuthenticationFailedException {
+      String user = props.getProperty(ManagementInterceptor.USER_NAME);
+      String pwd = props.getProperty(ManagementInterceptor.PASSWORD);
+      if (user != null && !user.equals(pwd) && !"".equals(user)) {
+        throw new AuthenticationFailedException("Wrong username/password");
+      }
+      return new TestUsernamePrincipal(user);
+    }
+  }
+
+  /**
+   * Fake AccessControl for testing.
+   */
+  public static class TestAccessControl implements AccessControl {
+
+    private Principal principal;
+
+    @Override
+    public void close() {
+    }
+
+    @Override
+    public void init(final Principal principal, final DistributedMember remoteMember, final Cache cache) throws NotAuthorizedException {
+      this.principal = principal;
+    }
+
+    @Override
+    public boolean authorizeOperation(String regionName, OperationContext context) {
+      if (principal.getName().equals("tushark")) {
+        ResourceOperationCode authorizedOps[] = { 
+            ResourceOperationCode.LIST_DS, 
+            ResourceOperationCode.READ_DS, 
+            ResourceOperationCode.CHANGE_ALERT_LEVEL_DS,
+            ResourceOperationCode.LOCATE_ENTRY_REGION 
+        };
+
+        ResourceOperationContext ctx = (ResourceOperationContext) context;
+        boolean found = false;
+        for (ResourceOperationCode code : authorizedOps) {
+          if (ctx.getResourceOperationCode().equals(code)) {
+            found = true;
+            break;
+          }
+        }
+        return found;
+      }
+      return false;
+    }
+  }
+}

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/de7afae6/gemfire-core/src/test/java/com/gemstone/gemfire/management/internal/security/AuthorizeOperationForRegionCommandsIntegrationTest.java
----------------------------------------------------------------------
diff --git a/gemfire-core/src/test/java/com/gemstone/gemfire/management/internal/security/AuthorizeOperationForRegionCommandsIntegrationTest.java b/gemfire-core/src/test/java/com/gemstone/gemfire/management/internal/security/AuthorizeOperationForRegionCommandsIntegrationTest.java
new file mode 100644
index 0000000..ecc4c72
--- /dev/null
+++ b/gemfire-core/src/test/java/com/gemstone/gemfire/management/internal/security/AuthorizeOperationForRegionCommandsIntegrationTest.java
@@ -0,0 +1,136 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.management.internal.security;
+
+import static org.junit.Assert.*;
+
+import java.lang.management.ManagementFactory;
+import java.util.Properties;
+import java.util.Set;
+
+import javax.management.MBeanServer;
+import javax.management.ObjectName;
+import javax.management.remote.JMXPrincipal;
+
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Ignore;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.contrib.java.lang.system.RestoreSystemProperties;
+import org.junit.experimental.categories.Category;
+import org.junit.rules.TestName;
+
+import com.gemstone.gemfire.cache.CacheFactory;
+import com.gemstone.gemfire.distributed.DistributedSystem;
+import com.gemstone.gemfire.distributed.internal.DistributionConfig;
+import com.gemstone.gemfire.internal.AvailablePort;
+import com.gemstone.gemfire.internal.cache.GemFireCacheImpl;
+import com.gemstone.gemfire.util.test.TestUtil;
+import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
+
+/**
+ * Tests <code>JSONAuthorization.authorizeOperation(...)</code> for Region commands.
+ */
+@Category(IntegrationTest.class)
+@SuppressWarnings("deprecation")
+public class AuthorizeOperationForRegionCommandsIntegrationTest {
+  
+  private GemFireCacheImpl cache;
+  private DistributedSystem ds;
+  private int jmxManagerPort = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET);
+
+  @Rule
+  public TestName testName = new TestName();
+  
+  @Rule
+  public RestoreSystemProperties restoreSystemProperties = new RestoreSystemProperties();
+  
+  @Before
+  public void setUp() {
+    System.setProperty("resource.secDescriptor", TestUtil.getResourcePath(getClass(), "auth3.json"));
+    System.setProperty("resource-auth-accessor", JSONAuthorization.class.getCanonicalName());
+    System.setProperty("resource-authenticator", JSONAuthorization.class.getCanonicalName());
+
+    Properties properties = new Properties();
+    properties.put("name", testName.getMethodName());
+    properties.put(DistributionConfig.LOCATORS_NAME, "");
+    properties.put(DistributionConfig.MCAST_PORT_NAME, "0");
+    properties.put(DistributionConfig.JMX_MANAGER_NAME, "true");
+    properties.put(DistributionConfig.JMX_MANAGER_START_NAME, "true");
+    properties.put(DistributionConfig.JMX_MANAGER_PORT_NAME, String.valueOf(this.jmxManagerPort));
+    properties.put(DistributionConfig.HTTP_SERVICE_PORT_NAME, "0");
+    
+    this.ds = DistributedSystem.connect(properties);
+    this.cache = (GemFireCacheImpl) CacheFactory.create(ds);
+  }
+
+  @After
+  public void tearDown() {
+    if (cache != null) {
+      cache.close();
+      cache = null;
+    }
+    if (ds != null) {
+      ds.disconnect();
+      ds = null;
+    }
+  }
+  
+  @Ignore("Test was never implemented")
+  @Test
+  public void testInheritRole() {
+  }
+  
+  @Ignore("Test was dead-coded")
+  @Test
+  public void testUserMultipleRole() throws Exception {
+  }
+  
+  @Test
+  public void testAuthorizeOperationWithRegionOperations() throws Exception {
+    JSONAuthorization authorization = JSONAuthorization.create();       
+    authorization.init(new JMXPrincipal("tushark"), null, null);
+    
+    checkAccessControlMBean();
+    
+    CLIOperationContext cliContext = new CLIOperationContext("locate entry --key=k1 --region=region1");
+    boolean result = authorization.authorizeOperation(null, cliContext);
+    assertTrue(result);
+
+    cliContext = new CLIOperationContext("locate entry --key=k1 --region=secureRegion");
+    result = authorization.authorizeOperation(null, cliContext);
+    //assertFalse(result); //this is failing due to logic issue TODO: why is this commented out?
+
+    authorization.init(new JMXPrincipal("avinash"), null, null);
+    result = authorization.authorizeOperation(null, cliContext);
+    assertTrue(result);
+
+    cliContext = new CLIOperationContext("locate entry --key=k1 --region=region1");
+    result = authorization.authorizeOperation(null, cliContext);
+    assertTrue(result);
+  }
+
+  private void checkAccessControlMBean() throws Exception {
+    ObjectName name = new ObjectName(ManagementInterceptor.OBJECT_NAME_ACCESSCONTROL);
+    MBeanServer platformMBeanServer = ManagementFactory.getPlatformMBeanServer();
+    Set<ObjectName> names = platformMBeanServer.queryNames(name, null);
+    assertFalse(names.isEmpty());
+    assertEquals(1, names.size());
+    assertEquals(name,names.iterator().next());
+  }
+}

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/de7afae6/gemfire-core/src/test/java/com/gemstone/gemfire/management/internal/security/JSONAuthCodeTest.java
----------------------------------------------------------------------
diff --git a/gemfire-core/src/test/java/com/gemstone/gemfire/management/internal/security/JSONAuthCodeTest.java b/gemfire-core/src/test/java/com/gemstone/gemfire/management/internal/security/JSONAuthCodeTest.java
deleted file mode 100644
index c408116..0000000
--- a/gemfire-core/src/test/java/com/gemstone/gemfire/management/internal/security/JSONAuthCodeTest.java
+++ /dev/null
@@ -1,143 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.management.internal.security;
-
-import static org.junit.Assert.*;
-
-import java.lang.management.ManagementFactory;
-import java.util.Properties;
-import java.util.Set;
-
-import javax.management.MBeanServer;
-import javax.management.ObjectName;
-import javax.management.remote.JMXPrincipal;
-
-import org.junit.After;
-import org.junit.Before;
-import org.junit.Ignore;
-import org.junit.Rule;
-import org.junit.Test;
-import org.junit.contrib.java.lang.system.RestoreSystemProperties;
-import org.junit.experimental.categories.Category;
-
-import com.gemstone.gemfire.cache.CacheFactory;
-import com.gemstone.gemfire.distributed.DistributedSystem;
-import com.gemstone.gemfire.distributed.internal.DistributionConfig;
-import com.gemstone.gemfire.internal.AvailablePort;
-import com.gemstone.gemfire.internal.cache.GemFireCacheImpl;
-import com.gemstone.gemfire.management.internal.MBeanJMXAdapter;
-import com.gemstone.gemfire.util.test.TestUtil;
-import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
-
-@Category(IntegrationTest.class)
-public class JSONAuthCodeTest {
-  
-  private GemFireCacheImpl cache;
-  private DistributedSystem ds;
-
-  @Rule
-  public RestoreSystemProperties restoreSystemProperties = new RestoreSystemProperties();
-  
-  @Before
-  public void setUp() {
-    System.setProperty(DistributedSystem.PROPERTIES_FILE_PROPERTY, getClass().getSimpleName() + ".properties");
-  }
-
-  @After
-  public void tearDown() {
-    if (cache != null) {
-      cache.close();
-      cache = null;
-    }
-    if (ds != null) {
-      ds.disconnect();
-      ds = null;
-    }
-  }
-  
-  @Test
-  public void testSimpleUserAndRole() throws Exception {    
-    System.setProperty("resource.secDescriptor", TestUtil.getResourcePath(getClass(), "auth1.json")); 
-    JSONAuthorization authorization = JSONAuthorization.create();        
-    authorization.init(new JMXPrincipal("tushark"), null, null);
-    
-    JMXOperationContext context = new JMXOperationContext(MBeanJMXAdapter.getDistributedSystemName(), "queryData");
-    boolean result = authorization.authorizeOperation(null, context);
-    //assertTrue(result);
-    
-    context = new JMXOperationContext(MBeanJMXAdapter.getDistributedSystemName(), "changeAlertLevel");
-    result = authorization.authorizeOperation(null,context);
-    assertFalse(result);
-  }
-
-  @Ignore("Test was never implemented")
-  @Test
-  public void testInheritRole() {
-  }
-  
-  @Ignore("Test was dead-coded")
-  @Test
-  public void testUserMultipleRole() throws Exception {
-  }
-  
-  @Test
-  public void testCLIAuthForRegion() throws Exception {
-    System.setProperty("resource.secDescriptor", TestUtil.getResourcePath(getClass(), "auth3.json")); 
-    JSONAuthorization authorization = JSONAuthorization.create();       
-    authorization.init(new JMXPrincipal("tushark"), null, null);
-    
-    System.setProperty("resource-auth-accessor", JSONAuthorization.class.getCanonicalName());
-    System.setProperty("resource-authenticator", JSONAuthorization.class.getCanonicalName());
-    Properties pr = new Properties();
-    pr.put("name", "testJMXOperationContext");
-    pr.put(DistributionConfig.JMX_MANAGER_NAME, "true");
-    pr.put(DistributionConfig.JMX_MANAGER_START_NAME, "true");
-    int port = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET);
-    pr.put(DistributionConfig.JMX_MANAGER_PORT_NAME, String.valueOf(port));
-    pr.put(DistributionConfig.HTTP_SERVICE_PORT_NAME, "0");
-    ds = DistributedSystem.connect(pr);
-    cache = (GemFireCacheImpl) CacheFactory.create(ds);
-    
-    checkAccessControlMBean();
-    CLIOperationContext cliContext = new CLIOperationContext("locate entry --key=k1 --region=region1");
-    boolean result = authorization.authorizeOperation(null, cliContext);
-    assertTrue(result);
-
-    cliContext = new CLIOperationContext("locate entry --key=k1 --region=secureRegion");
-    result = authorization.authorizeOperation(null, cliContext);
-    System.out.println("Result for secureRegion=" + result);
-    //assertFalse(result); //this is failing due to logic issue
-
-    authorization.init(new JMXPrincipal("avinash"), null, null);
-    result = authorization.authorizeOperation(null, cliContext);
-    assertTrue(result);
-
-    cliContext = new CLIOperationContext("locate entry --key=k1 --region=region1");
-    result = authorization.authorizeOperation(null, cliContext);
-    assertTrue(result);
-  }
-
-  private void checkAccessControlMBean() throws Exception {
-    ObjectName name = new ObjectName(ManagementInterceptor.OBJECT_NAME_ACCESSCONTROL);
-    MBeanServer platformMBeanServer = ManagementFactory.getPlatformMBeanServer();
-    Set<ObjectName> names = platformMBeanServer.queryNames(name, null);
-    assertFalse(names.isEmpty());
-    assertEquals(1, names.size());
-    assertEquals(name,names.iterator().next());
-  }
-
-}

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/de7afae6/gemfire-core/src/test/java/com/gemstone/gemfire/management/internal/security/JSONAuthorizationDetailsIntegrationTest.java
----------------------------------------------------------------------
diff --git a/gemfire-core/src/test/java/com/gemstone/gemfire/management/internal/security/JSONAuthorizationDetailsIntegrationTest.java b/gemfire-core/src/test/java/com/gemstone/gemfire/management/internal/security/JSONAuthorizationDetailsIntegrationTest.java
new file mode 100644
index 0000000..877f34e
--- /dev/null
+++ b/gemfire-core/src/test/java/com/gemstone/gemfire/management/internal/security/JSONAuthorizationDetailsIntegrationTest.java
@@ -0,0 +1,163 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.management.internal.security;
+
+import static org.junit.Assert.*;
+
+import java.io.File;
+import java.io.FileReader;
+import java.io.IOException;
+import java.util.Map;
+
+import org.json.JSONException;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+import com.gemstone.gemfire.management.internal.security.JSONAuthorization.User;
+import com.gemstone.gemfire.util.test.TestUtil;
+import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
+
+/**
+ * Tests JSONAuthorization with JSON loaded from files.
+ */
+@Category(IntegrationTest.class)
+public class JSONAuthorizationDetailsIntegrationTest {
+
+  @Test
+  public void testSimpleUserAndRole() throws Exception {
+    String json = readFile(TestUtil.getResourcePath(getClass(), "testSimpleUserAndRole.json"));
+    new JSONAuthorization(json); // static side effect
+    Map<String, User> acl = JSONAuthorization.getAcl();
+    assertNotNull(acl);
+    assertEquals(1, acl.size());
+    User user = acl.get("tushark");
+    assertNotNull(user);
+    assertNotNull(user.roles);
+    assertEquals(1, user.roles.length);
+    assertEquals("jmxReader", user.roles[0].name);
+    assertEquals(1, user.roles[0].permissions.length);
+    assertEquals("QUERY", user.roles[0].permissions[0]);
+  }
+
+  @Test
+  public void testUserAndRoleRegionServerGroup() throws Exception {
+    String json = readFile(TestUtil.getResourcePath(getClass(), "testUserAndRoleRegionServerGroup.json"));
+    new JSONAuthorization(json); // static side effect
+    Map<String, User> acl = JSONAuthorization.getAcl();
+    
+    assertNotNull(acl);
+    assertEquals(1, acl.size());
+    User user = acl.get("tushark");
+    assertNotNull(user);
+    assertNotNull(user.roles);
+    assertEquals(1, user.roles.length);
+    assertEquals("jmxReader", user.roles[0].name);
+    assertEquals(1, user.roles[0].permissions.length);
+    assertEquals("QUERY", user.roles[0].permissions[0]);
+
+    assertEquals("secureRegion", user.roles[0].regionName);
+    assertEquals("SG2", user.roles[0].serverGroup);
+  }
+
+  @Test
+  public void testUserMultipleRole() throws Exception {
+    String json = readFile(TestUtil.getResourcePath(getClass(), "testUserMultipleRole.json"));
+    new JSONAuthorization(json); // static side effect
+    Map<String, User> acl = JSONAuthorization.getAcl();
+    
+    assertNotNull(acl);
+    assertEquals(1, acl.size());
+    User user = acl.get("tushark");
+    assertNotNull(user);
+    assertNotNull(user.roles);
+    assertEquals(2, user.roles.length);
+
+    JSONAuthorization.Role role = user.roles[0];
+    assertEquals("jmxReader", role.name);
+
+    assertEquals(1, role.permissions.length);
+    assertEquals("QUERY", role.permissions[0]);
+
+    role = user.roles[1];
+    assertNotEquals("jmxReader", role.name);
+
+    assertEquals(7, role.permissions.length);
+    assertEquals("sysMonitors", role.name);
+    assertTrue(contains(role.permissions, "CMD_EXORT_LOGS"));
+    assertTrue(contains(role.permissions, "CMD_STACK_TRACES"));
+    assertTrue(contains(role.permissions, "CMD_GC"));
+    assertTrue(contains(role.permissions, "CMD_NETSTAT"));
+    assertTrue(contains(role.permissions, "CMD_SHOW_DEADLOCKS"));
+    assertTrue(contains(role.permissions, "CMD_SHOW_LOG"));
+    assertTrue(contains(role.permissions, "SHOW_METRICS"));
+  }
+
+  @Test
+  public void testInheritRole() throws Exception {
+    String json = readFile(TestUtil.getResourcePath(getClass(), "testInheritRole.json"));
+    new JSONAuthorization(json); // static side effect
+    Map<String, User> acl = JSONAuthorization.getAcl();
+    
+    assertNotNull(acl);
+    assertEquals(3, acl.size());
+    User user = acl.get("tushark");
+    assertNotNull(user);
+    assertNotNull(user.roles);
+    assertEquals(1, user.roles.length);
+    assertEquals("jmxReader", user.roles[0].name);
+    assertEquals(1, user.roles[0].permissions.length);
+    assertEquals("QUERY", user.roles[0].permissions[0]);
+
+    User admin1 = acl.get("admin1");
+    assertNotNull(admin1);
+    assertNotNull(admin1.roles);
+    assertEquals(1, admin1.roles.length);
+    assertEquals("adminSG1", admin1.roles[0].name);
+    assertEquals("SG1", admin1.roles[0].serverGroup);
+    assertEquals(1, admin1.roles[0].permissions.length);
+    assertEquals("CMD_SHUTDOWN", admin1.roles[0].permissions[0]);
+
+    User admin2 = acl.get("admin2");
+    assertNotNull(admin2);
+    assertNotNull(admin2.roles);
+    assertEquals(1, admin2.roles.length);
+    assertEquals("adminSG2", admin2.roles[0].name);
+    assertEquals("SG2", admin2.roles[0].serverGroup);
+    assertEquals(2, admin2.roles[0].permissions.length);
+    assertTrue(contains(admin2.roles[0].permissions, "CHANGE_LOG_LEVEL"));
+    assertTrue(contains(admin2.roles[0].permissions, "CMD_SHUTDOWN"));
+  }
+
+  private String readFile(String name) throws IOException, JSONException {
+    File file = new File(name);
+    FileReader reader = new FileReader(file);
+    char[] buffer = new char[(int) file.length()];
+    reader.read(buffer);
+    String json = new String(buffer);
+    reader.close();
+    return json;
+  }
+
+  private boolean contains(String[] permissions, String string) {
+    for (String str : permissions) {
+      if (str.equals(string)) {
+        return true;
+      }
+    }
+    return false;
+  }
+}

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/de7afae6/gemfire-core/src/test/java/com/gemstone/gemfire/management/internal/security/JSONAuthorizationTest.java
----------------------------------------------------------------------
diff --git a/gemfire-core/src/test/java/com/gemstone/gemfire/management/internal/security/JSONAuthorizationTest.java b/gemfire-core/src/test/java/com/gemstone/gemfire/management/internal/security/JSONAuthorizationTest.java
deleted file mode 100644
index bfd8152..0000000
--- a/gemfire-core/src/test/java/com/gemstone/gemfire/management/internal/security/JSONAuthorizationTest.java
+++ /dev/null
@@ -1,168 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.management.internal.security;
-
-import java.io.File;
-import java.io.FileReader;
-import java.io.IOException;
-import java.util.Map;
-
-import junit.framework.TestCase;
-
-import org.json.JSONException;
-import org.junit.experimental.categories.Category;
-
-import com.gemstone.gemfire.management.internal.security.JSONAuthorization.User;
-import com.gemstone.gemfire.util.test.TestUtil;
-import com.gemstone.gemfire.test.junit.categories.UnitTest;
-
-@Category(UnitTest.class)
-public class JSONAuthorizationTest extends TestCase {
-  
-  public static String makePath(String[] strings) {
-    StringBuilder sb = new StringBuilder();
-    for(int i=0;i<strings.length;i++){
-      sb.append(strings[i]);      
-      sb.append(File.separator);
-    }
-    return sb.toString();
-  }
-	
-	public void testSimpleUserAndRole() throws IOException, JSONException {
-		String json = readFile(TestUtil.getResourcePath(getClass(), "testSimpleUserAndRole.json"));
-		JSONAuthorization authorization = new JSONAuthorization(json);		
-		Map<String, User> acl = authorization.getAcl();
-		assertNotNull(acl);
-		assertEquals(1, acl.size());		
-		User user = acl.get("tushark");
-		assertNotNull(user);
-		assertNotNull(user.roles);
-		assertEquals(1,user.roles.length);
-		assertEquals("jmxReader", user.roles[0].name);
-		assertEquals(1, user.roles[0].permissions.length);
-		assertEquals("QUERY", user.roles[0].permissions[0]);
-	}
-	
-	
-	public void testUserAndRoleRegionServerGroup() throws IOException, JSONException {
-		String json = readFile(TestUtil.getResourcePath(getClass(), "testUserAndRoleRegionServerGroup.json"));
-		JSONAuthorization authorization = new JSONAuthorization(json);		
-		Map<String, User> acl = authorization.getAcl();
-		assertNotNull(acl);
-		assertEquals(1, acl.size());		
-		User user = acl.get("tushark");
-		assertNotNull(user);
-		assertNotNull(user.roles);
-		assertEquals(1,user.roles.length);
-		assertEquals("jmxReader", user.roles[0].name);
-		assertEquals(1, user.roles[0].permissions.length);
-		assertEquals("QUERY", user.roles[0].permissions[0]);
-		
-		assertEquals("secureRegion", user.roles[0].regionName);
-		assertEquals("SG2", user.roles[0].serverGroup);
-	}
-	
-	public void testUserMultipleRole()throws IOException, JSONException {
-		String json = readFile(TestUtil.getResourcePath(getClass(), "testUserMultipleRole.json"));
-		JSONAuthorization authorization = new JSONAuthorization(json);		
-		Map<String, User> acl = authorization.getAcl();
-		assertNotNull(acl);
-		assertEquals(1, acl.size());		
-		User user = acl.get("tushark");
-		assertNotNull(user);
-		assertNotNull(user.roles);
-		assertEquals(2,user.roles.length);
-		
-		JSONAuthorization.Role role = user.roles[0];
-		if(role.name.equals("jmxReader")){			
-			assertEquals(1, role.permissions.length);
-			assertEquals("QUERY", role.permissions[0]);
-		} else {
-			assertEquals(7, role.permissions.length);
-			assertEquals("sysMonitors", role.name);
-		}		
-		
-		role = user.roles[1];
-		if(role.name.equals("jmxReader")){			
-			assertEquals(1, role.permissions.length);
-			assertEquals("QUERY", role.permissions[0]);
-		} else {
-			assertEquals(7, role.permissions.length);
-			assertEquals("sysMonitors", role.name);
-			assertTrue(contains(role.permissions, "CMD_EXORT_LOGS"));
-			assertTrue(contains(role.permissions, "CMD_STACK_TRACES"));
-			assertTrue(contains(role.permissions, "CMD_GC"));
-			assertTrue(contains(role.permissions, "CMD_NETSTAT"));
-			assertTrue(contains(role.permissions, "CMD_SHOW_DEADLOCKS")); 
-			assertTrue(contains(role.permissions, "CMD_SHOW_LOG")); 
-			assertTrue(contains(role.permissions, "SHOW_METRICS"));
-		}		
-	}
-	
-	private boolean contains(String[] permissions, String string) {
-		for(String str : permissions)
-			if(str.equals(string))
-					return true;
-		return false;
-	}
-
-
-	public void testInheritRole() throws IOException, JSONException {
-		String json = readFile(TestUtil.getResourcePath(getClass(), "testInheritRole.json"));
-		JSONAuthorization authorization = new JSONAuthorization(json);		
-		Map<String, User> acl = authorization.getAcl();
-		assertNotNull(acl);
-		assertEquals(3, acl.size());		
-		User user = acl.get("tushark");
-		assertNotNull(user);
-		assertNotNull(user.roles);
-		assertEquals(1,user.roles.length);
-		assertEquals("jmxReader", user.roles[0].name);
-		assertEquals(1, user.roles[0].permissions.length);
-		assertEquals("QUERY", user.roles[0].permissions[0]);
-		
-		User admin1 = acl.get("admin1");
-		assertNotNull(admin1);
-		assertNotNull(admin1.roles);
-		assertEquals(1,admin1.roles.length);
-		assertEquals("adminSG1", admin1.roles[0].name);
-		assertEquals("SG1", admin1.roles[0].serverGroup);
-		assertEquals(1, admin1.roles[0].permissions.length);
-		assertEquals("CMD_SHUTDOWN", admin1.roles[0].permissions[0]);
-		
-		User admin2 = acl.get("admin2");
-		assertNotNull(admin2);
-		assertNotNull(admin2.roles);
-		assertEquals(1,admin2.roles.length);
-		assertEquals("adminSG2", admin2.roles[0].name);
-		assertEquals("SG2", admin2.roles[0].serverGroup);
-		assertEquals(2, admin2.roles[0].permissions.length);
-		assertTrue(contains(admin2.roles[0].permissions, "CHANGE_LOG_LEVEL"));
-		assertTrue(contains(admin2.roles[0].permissions, "CMD_SHUTDOWN"));
-	}
-	
-	private String readFile(String name) throws IOException, JSONException {
-		File file = new File(name);
-		FileReader reader = new FileReader(file);
-		char[] buffer = new char[(int) file.length()];
-		reader.read(buffer);
-		String json = new String(buffer);
-		reader.close();
-		return json;
-	}
-
-}

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/de7afae6/gemfire-core/src/test/java/com/gemstone/gemfire/management/internal/security/OperationCodesForDataCommandsIntegrationTest.java
----------------------------------------------------------------------
diff --git a/gemfire-core/src/test/java/com/gemstone/gemfire/management/internal/security/OperationCodesForDataCommandsIntegrationTest.java b/gemfire-core/src/test/java/com/gemstone/gemfire/management/internal/security/OperationCodesForDataCommandsIntegrationTest.java
new file mode 100755
index 0000000..b8c1c9d
--- /dev/null
+++ b/gemfire-core/src/test/java/com/gemstone/gemfire/management/internal/security/OperationCodesForDataCommandsIntegrationTest.java
@@ -0,0 +1,101 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.management.internal.security;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+import java.io.IOException;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Properties;
+
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.contrib.java.lang.system.RestoreSystemProperties;
+import org.junit.experimental.categories.Category;
+import org.junit.rules.TestName;
+
+import com.gemstone.gemfire.cache.CacheFactory;
+import com.gemstone.gemfire.distributed.DistributedSystem;
+import com.gemstone.gemfire.distributed.internal.DistributionConfig;
+import com.gemstone.gemfire.internal.cache.GemFireCacheImpl;
+import com.gemstone.gemfire.management.internal.security.ResourceOperationContext.ResourceOperationCode;
+import com.gemstone.gemfire.management.internal.security.AuthorizeOperationForMBeansIntegrationTest.TestAccessControl;
+import com.gemstone.gemfire.management.internal.security.AuthorizeOperationForMBeansIntegrationTest.TestAuthenticator;
+import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
+
+/**
+ * Tests operation codes for data commands.
+ */
+@Category(IntegrationTest.class)
+@SuppressWarnings("deprecation")
+public class OperationCodesForDataCommandsIntegrationTest {
+
+  private GemFireCacheImpl cache;
+  private DistributedSystem ds;
+  private Map<String, ResourceOperationCode> commands = new HashMap<String, ResourceOperationCode>();
+  
+  @Rule
+  public TestName testName = new TestName();
+  
+  @Rule
+  public RestoreSystemProperties restoreSystemProperties = new RestoreSystemProperties();
+
+  @Before
+  public void setUp() {
+    System.setProperty("resource-auth-accessor", TestAccessControl.class.getName());
+    System.setProperty("resource-authenticator", TestAuthenticator.class.getName());
+    
+    Properties properties = new Properties();
+    properties.put("name", testName.getMethodName());
+    properties.put(DistributionConfig.LOCATORS_NAME, "");
+    properties.put(DistributionConfig.MCAST_PORT_NAME, "0");
+    properties.put(DistributionConfig.HTTP_SERVICE_PORT_NAME, "0");
+    
+    this.ds = DistributedSystem.connect(properties);
+    this.cache = (GemFireCacheImpl) CacheFactory.create(ds);
+
+    this.commands.put("put --key=k1 --value=v1 --region=/region1", ResourceOperationCode.PUT_REGION);    
+    this.commands.put("locate entry --key=k1 --region=/region1", ResourceOperationCode.LOCATE_ENTRY_REGION);
+    this.commands.put("query --query=\"select * from /region1\"", ResourceOperationCode.QUERYDATA_DS);
+    this.commands.put("export data --region=value --file=value --member=value", ResourceOperationCode.EXPORT_DATA_REGION);
+    this.commands.put("import data --region=value --file=value --member=value", ResourceOperationCode.IMPORT_DATA_REGION);
+    this.commands.put("rebalance", ResourceOperationCode.REBALANCE_DS);
+  }
+
+  @After
+  public void tearDown() throws IOException {
+    if (this.cache != null) {
+      this.cache.close();
+      this.cache = null;
+    }
+    if (this.ds != null) {
+      this.ds.disconnect();
+      this.ds = null;
+    }
+  }
+  
+  @Test
+  public void commandsShouldMapToCorrectResourceCodes() throws Exception {
+    for (String command : this.commands.keySet()) {
+      CLIOperationContext ctx = new CLIOperationContext(command);
+      assertThat(ctx.getResourceOperationCode()).isEqualTo(this.commands.get(command));
+    }
+  }
+}

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/de7afae6/gemfire-core/src/test/java/com/gemstone/gemfire/management/internal/security/OperationCodesForDistributedSystemMXBeanTest.java
----------------------------------------------------------------------
diff --git a/gemfire-core/src/test/java/com/gemstone/gemfire/management/internal/security/OperationCodesForDistributedSystemMXBeanTest.java b/gemfire-core/src/test/java/com/gemstone/gemfire/management/internal/security/OperationCodesForDistributedSystemMXBeanTest.java
new file mode 100755
index 0000000..8b7edbf
--- /dev/null
+++ b/gemfire-core/src/test/java/com/gemstone/gemfire/management/internal/security/OperationCodesForDistributedSystemMXBeanTest.java
@@ -0,0 +1,76 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.management.internal.security;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+import javax.management.ObjectName;
+
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+import com.gemstone.gemfire.cache.operations.OperationContext.OperationCode;
+import com.gemstone.gemfire.management.internal.MBeanJMXAdapter;
+import com.gemstone.gemfire.management.internal.security.ResourceOperationContext.ResourceOperationCode;
+import com.gemstone.gemfire.test.junit.categories.UnitTest;
+
+/**
+ * Tests operation codes for DistributedSystemMXBean operations.
+ */
+@Category(UnitTest.class)
+public class OperationCodesForDistributedSystemMXBeanTest {
+
+  private final String[] distributedSystemMXBeanOperations = {
+      "listCacheServerObjectNames", 
+      "viewRemoteClusterStatus", 
+      "getTotalHeapSize", 
+      "setQueryCollectionsDepth", 
+      "getQueryCollectionsDepth",
+      "changeAlertLevel", 
+      "backupAllMembers", 
+      "revokeMissingDiskStores", 
+      "shutDownAllMembers", 
+      "queryData", 
+      "queryDataForCompressedResult",
+      "setQueryResultSetLimit"
+  };
+
+  private final ResourceOperationCode[] distributedSystemResourceOperationCodes = {
+      ResourceOperationCode.LIST_DS, 
+      ResourceOperationCode.LIST_DS, 
+      ResourceOperationCode.READ_DS,
+      ResourceOperationCode.QUERYDATA_DS, 
+      ResourceOperationCode.READ_DS, 
+      ResourceOperationCode.CHANGE_ALERT_LEVEL_DS, 
+      ResourceOperationCode.BACKUP_DS,
+      ResourceOperationCode.REMOVE_DISKSTORE_DS, 
+      ResourceOperationCode.SHUTDOWN_DS, 
+      ResourceOperationCode.QUERYDATA_DS, 
+      ResourceOperationCode.QUERYDATA_DS,
+      ResourceOperationCode.QUERYDATA_DS 
+  };
+  
+  @Test
+  public void operationsShouldMapToCodes() {
+    ObjectName objectName = MBeanJMXAdapter.getDistributedSystemName();
+    for (int i = 0; i < distributedSystemMXBeanOperations.length; i++) {
+      JMXOperationContext context = new JMXOperationContext(objectName, distributedSystemMXBeanOperations[i]);
+      assertThat(context.getResourceOperationCode()).isEqualTo(distributedSystemResourceOperationCodes[i]);
+      assertThat(context.getOperationCode()).isEqualTo(OperationCode.RESOURCE);
+    }
+  }
+}

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/de7afae6/gemfire-core/src/test/java/com/gemstone/gemfire/management/internal/security/ResourceOperationJUnit.java
----------------------------------------------------------------------
diff --git a/gemfire-core/src/test/java/com/gemstone/gemfire/management/internal/security/ResourceOperationJUnit.java b/gemfire-core/src/test/java/com/gemstone/gemfire/management/internal/security/ResourceOperationJUnit.java
deleted file mode 100644
index 0d680e6..0000000
--- a/gemfire-core/src/test/java/com/gemstone/gemfire/management/internal/security/ResourceOperationJUnit.java
+++ /dev/null
@@ -1,394 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.management.internal.security;
-
-import java.io.IOException;
-import java.io.Serializable;
-import java.net.MalformedURLException;
-import java.security.Principal;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.Properties;
-
-import javax.management.AttributeNotFoundException;
-import javax.management.InstanceNotFoundException;
-import javax.management.JMX;
-import javax.management.MBeanException;
-import javax.management.MBeanServerConnection;
-import javax.management.MalformedObjectNameException;
-import javax.management.ObjectName;
-import javax.management.ReflectionException;
-import javax.management.remote.JMXConnector;
-import javax.management.remote.JMXConnectorFactory;
-import javax.management.remote.JMXServiceURL;
-
-import org.junit.experimental.categories.Category;
-
-import junit.framework.TestCase;
-
-import com.gemstone.gemfire.LogWriter;
-import com.gemstone.gemfire.cache.Cache;
-import com.gemstone.gemfire.cache.CacheFactory;
-import com.gemstone.gemfire.cache.operations.OperationContext;
-import com.gemstone.gemfire.cache.operations.OperationContext.OperationCode;
-import com.gemstone.gemfire.distributed.DistributedMember;
-import com.gemstone.gemfire.distributed.DistributedSystem;
-import com.gemstone.gemfire.distributed.internal.DistributionConfig;
-import com.gemstone.gemfire.internal.AvailablePort;
-import com.gemstone.gemfire.internal.cache.GemFireCacheImpl;
-import com.gemstone.gemfire.management.DistributedSystemMXBean;
-import com.gemstone.gemfire.management.MemberMXBean;
-import com.gemstone.gemfire.management.internal.MBeanJMXAdapter;
-import com.gemstone.gemfire.management.internal.security.ResourceOperationContext.ResourceOperationCode;
-import com.gemstone.gemfire.security.AccessControl;
-import com.gemstone.gemfire.security.AuthenticationFailedException;
-import com.gemstone.gemfire.security.Authenticator;
-import com.gemstone.gemfire.security.NotAuthorizedException;
-import com.gemstone.gemfire.test.junit.categories.UnitTest;
-
-@Category(UnitTest.class)
-public class ResourceOperationJUnit  extends TestCase {
-	
-	public static class TestUsernamePrincipal implements Principal,
-			Serializable {
-
-		private final String userName;
-
-		public TestUsernamePrincipal(String userName) {
-			this.userName = userName;
-		}
-
-		public String getName() {
-			return this.userName;
-		}
-
-		@Override
-		public String toString() {
-			return this.userName;
-		}
-
-	}
-
-	public static class TestAuthenticator implements Authenticator {
-
-		@Override
-		public void close() {
-
-		}
-
-		@Override
-		public void init(Properties securityProps, LogWriter systemLogger,
-				LogWriter securityLogger) throws AuthenticationFailedException {
-
-		}
-
-		@Override
-		public Principal authenticate(Properties props, DistributedMember member)
-				throws AuthenticationFailedException {
-			String user = props.getProperty(ManagementInterceptor.USER_NAME);
-			String pwd = props.getProperty(ManagementInterceptor.PASSWORD);
-			if (user!=null && !user.equals(pwd) && !"".equals(user))
-				throw new AuthenticationFailedException(
-						"Wrong username/password");
-			System.out.println("Authentication successful!! for " + user);
-			return new TestUsernamePrincipal(user);
-		}
-
-	}
-	
-	public static class TestAccessControl implements AccessControl {
-
-		private Principal principal=null;
-		@Override
-		public void close() {
-			
-		}
-
-		@Override
-		public void init(Principal principal, DistributedMember remoteMember,
-				Cache cache) throws NotAuthorizedException {
-			this.principal = principal;
-		}
-
-		@Override
-		public boolean authorizeOperation(String regionName,
-				OperationContext context) {
-			if(principal.getName().equals("tushark")) {				
-				ResourceOperationCode authorizedOps[] = {
-						ResourceOperationCode.LIST_DS,
-						ResourceOperationCode.READ_DS,
-						ResourceOperationCode.CHANGE_ALERT_LEVEL_DS,
-						ResourceOperationCode.LOCATE_ENTRY_REGION
-				};
-				
-				System.out.println("Context received " + context);
-				
-				//if(context instanceof JMXOperationContext) {
-					ResourceOperationContext ctx = (ResourceOperationContext)context;
-					System.out.println("Checking for code " + ctx.getResourceOperationCode());
-					boolean found = false;
-					for(ResourceOperationCode code : authorizedOps) {
-						if(ctx.getResourceOperationCode().equals(code)){
-							found =true;
-							System.out.println("found code " + code.toString());
-							break;
-						}							
-					}
-					if(found)
-						return true;
-					System.out.println("Did not find code " + ctx.getResourceOperationCode());
-					return false;
-				//}
-			}			
-			return false;
-		}
-		
-	}
-	
-	public void testJMXOperationContext() {		
-		System.setProperty("resource-auth-accessor", "com.gemstone.gemfire.management.internal.security.ResourceOperationJUnit$TestAccessControl");
-		System.setProperty("resource-authenticator", "com.gemstone.gemfire.management.internal.security.ResourceOperationJUnit$TestAuthenticator");
-		GemFireCacheImpl cache = null;
-		DistributedSystem ds = null;
-		Properties pr = new Properties();
-		pr.put("name", "testJMXOperationContext");
-		pr.put(DistributionConfig.JMX_MANAGER_NAME, "true");
-		pr.put(DistributionConfig.JMX_MANAGER_START_NAME, "true");
-		int port = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET);
-		pr.put(DistributionConfig.JMX_MANAGER_PORT_NAME, String.valueOf(port));
-		pr.put(DistributionConfig.HTTP_SERVICE_PORT_NAME, "0");
-		ds = getSystem(pr);
-		cache = (GemFireCacheImpl) CacheFactory.create(ds);
-		ObjectName name = MBeanJMXAdapter.getDistributedSystemName();
-		
-		String[] methods = {
-				"listCacheServerObjectNames",
-				"viewRemoteClusterStatus",
-				"getTotalHeapSize",
-				"setQueryCollectionsDepth",
-				"getQueryCollectionsDepth",
-				"changeAlertLevel",
-				"backupAllMembers",
-				"revokeMissingDiskStores",
-				"shutDownAllMembers",
-				"queryData",
-				"queryDataForCompressedResult",
-				"setQueryResultSetLimit",				
-		};
-		
-		ResourceOperationCode expectedCodes[] = {
-				ResourceOperationCode.LIST_DS,
-				ResourceOperationCode.LIST_DS,
-				ResourceOperationCode.READ_DS,
-				ResourceOperationCode.QUERYDATA_DS,
-				ResourceOperationCode.READ_DS,
-				ResourceOperationCode.CHANGE_ALERT_LEVEL_DS,
-				ResourceOperationCode.BACKUP_DS,
-				ResourceOperationCode.REMOVE_DISKSTORE_DS,
-				ResourceOperationCode.SHUTDOWN_DS,
-				ResourceOperationCode.QUERYDATA_DS,
-				ResourceOperationCode.QUERYDATA_DS,
-				ResourceOperationCode.QUERYDATA_DS
-		};
-				
-		for(int i=0;i<methods.length;i++) {
-			String methodName = methods[i];
-			JMXOperationContext context = new JMXOperationContext(name, methodName);
-			assertEquals(expectedCodes[i],
-					context.getResourceOperationCode());
-			assertEquals(OperationCode.RESOURCE, context.getOperationCode());
-		}
-		
-		JMXConnector cs = getGemfireMBeanServer(port, "tushark", "tushark");;
-		MBeanServerConnection mbeanServer =null;
-		try {
-			mbeanServer = cs.getMBeanServerConnection();
-			mbeanServer.invoke(MBeanJMXAdapter.getDistributedSystemName(), "listCacheServerObjectNames", null, null);
-			String oldLevel = (String)mbeanServer.getAttribute(MBeanJMXAdapter.getDistributedSystemName(), "AlertLevel");
-			System.out.println("Old Level = " + oldLevel);
-			mbeanServer.invoke(MBeanJMXAdapter.getDistributedSystemName(), "changeAlertLevel", new Object[]{"WARNING"},new String[]{
-				String.class.getCanonicalName()
-			});
-			String newLevel = (String)mbeanServer.getAttribute(MBeanJMXAdapter.getDistributedSystemName(), "AlertLevel");
-			System.out.println("New Level = " + newLevel);
-			
-			
-			//Checking accessControlMXBean
-			System.out.println("Checking access via AccessControlMbean");			
-			ResourceOperationCode authorizedOps[] = {
-          ResourceOperationCode.LIST_DS,
-          ResourceOperationCode.READ_DS,
-          ResourceOperationCode.CHANGE_ALERT_LEVEL_DS,
-          ResourceOperationCode.LOCATE_ENTRY_REGION
-      };
-			ObjectName accControlON = new ObjectName(ManagementInterceptor.OBJECT_NAME_ACCESSCONTROL);
-			for(ResourceOperationCode c : authorizedOps) {
-			  boolean result = (Boolean) mbeanServer.invoke(accControlON, "authorize"
-	          , new Object[]{ResourceOperationCode.CHANGE_ALERT_LEVEL_DS.toString()}
-	          , new String[]{String.class.getCanonicalName()}); 
-	      assertTrue(result);
-			}
-			
-			boolean result = (Boolean) mbeanServer.invoke(accControlON, "authorize"
-          , new Object[]{ResourceOperationCode.ADMIN_DS.toString()}
-          , new String[]{String.class.getCanonicalName()}); 
-      assertFalse(result);			
-			
-		} catch (InstanceNotFoundException e1) {
-		  e1.printStackTrace();
-			fail("Error while invoking JMXRMI " + e1.getMessage());
-		} catch (MBeanException e1) {
-		  e1.printStackTrace();
-			fail("Error while invoking JMXRMI " + e1.getMessage());
-		} catch (ReflectionException e1) {
-			fail("Error while invoking JMXRMI " + e1.getMessage());
-		} catch (IOException e1) {
-			fail("Error while invoking JMXRMI " + e1.getMessage());
-		} catch (AttributeNotFoundException e) {
-			fail("Error while invoking JMXRMI" + e.getMessage());
-		} catch (MalformedObjectNameException e) {
-		  fail("Error while invoking JMXRMI" + e.getMessage());
-    }
-		
-		try {
-			mbeanServer.invoke(MBeanJMXAdapter.getDistributedSystemName(),
-					"backupAllMembers", 
-					new Object[]{"targetPath","baseLinePath"}, 
-					new String[]{String.class.getCanonicalName(), String.class.getCanonicalName()});
-			fail("Should not be authorized for backupAllMembers");
-		} catch (SecurityException e) {
-			//expected
-		} catch(Exception e){
-		  e.printStackTrace();
-			fail("Unexpected exception : " + e.getMessage());
-		}
-		
-		try {
-			mbeanServer.invoke(MBeanJMXAdapter.getDistributedSystemName(),
-					"shutDownAllMembers",null,null);
-			fail("Should not be authorized for shutDownAllMembers");
-		} catch (SecurityException e) {
-			//expected
-		} catch(Exception e){
-			fail("Unexpected exception : " + e.getMessage());
-		}
-		
-		checkCLIContext(mbeanServer);
-		
-		try {
-			cs.close();
-		} catch (IOException e) {
-			fail("Unexpected exception : " + e.getMessage());
-		}
-		
-		
-		
-		
-		cache.close();
-		ds.disconnect();
-	}
-	
-  private void checkCLIContext(MBeanServerConnection mbeanServer) {
-    DistributedSystemMXBean proxy = JMX.newMXBeanProxy(mbeanServer, MBeanJMXAdapter.getDistributedSystemName(),
-        DistributedSystemMXBean.class);
-    ObjectName managerMemberObjectName = proxy.getMemberObjectName();
-    MemberMXBean memberMXBeanProxy = JMX.newMXBeanProxy(mbeanServer, managerMemberObjectName, MemberMXBean.class);
-    try {
-      Map<String,String> map = new HashMap<String,String>();
-      map.put("APP","GFSH");
-      String result = memberMXBeanProxy.processCommand("locate entry --key=k1 --region=/region1", map);
-      System.out.println("Result = " + result);
-    } catch (Exception e) {
-      System.out.println("Excpetion e " + e.getMessage());
-      e.printStackTrace();
-    }
-  }
-
-	public void testCLIOperationContext() {	
-		System.setProperty("resource-auth-accessor", "com.gemstone.gemfire.management.internal.security.ResourceOperationJUnit$TestAccessControl");
-		System.setProperty("resource-authenticator", "com.gemstone.gemfire.management.internal.security.ResourceOperationJUnit$TestAuthenticator");
-		GemFireCacheImpl cache = null;
-		DistributedSystem ds = null;
-		Properties pr = new Properties();
-		pr.put("name", "testJMXOperationContext");
-		pr.put(DistributionConfig.JMX_MANAGER_NAME, "true");
-		pr.put(DistributionConfig.JMX_MANAGER_START_NAME, "true");
-		int port = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET);
-		pr.put(DistributionConfig.JMX_MANAGER_PORT_NAME, String.valueOf(port));
-		pr.put(DistributionConfig.HTTP_SERVICE_PORT_NAME, "0");
-		ds = getSystem(pr);
-		cache = (GemFireCacheImpl) CacheFactory.create(ds);
-		
-		String[] commands = {
-				"put --key=k1 --value=v1 --region=/region1",
-				"locate entry --key=k1 --region=/region1",
-				"query --query=\"select * from /region1\"",
-				"export data --region=value --file=value --member=value",
-				"import data --region=value --file=value --member=value",
-				"rebalance"
-		};
-		
-		ResourceOperationCode expectedCodes[] = {
-				ResourceOperationCode.PUT_REGION,
-				ResourceOperationCode.LOCATE_ENTRY_REGION,
-				ResourceOperationCode.QUERYDATA_DS,
-				ResourceOperationCode.EXPORT_DATA_REGION,
-				ResourceOperationCode.IMPORT_DATA_REGION,
-				ResourceOperationCode.REBALANCE_DS
-		};
-		
-		for(int i=0;i<commands.length;i++){
-			CLIOperationContext ctx = new CLIOperationContext(commands[i]);
-			System.out.println("Context " + ctx);
-			assertEquals(expectedCodes[i],ctx.getResourceOperationCode());
-		}
-		
-		cache.close();
-		ds.disconnect();
-	}
-	
-	
-	
-	private JMXConnector getGemfireMBeanServer(int port, String user, String pwd) {
-		JMXServiceURL url;
-		try {
-			url = new JMXServiceURL("service:jmx:rmi:///jndi/rmi://:"+ port +"/jmxrmi");
-			if(user!=null){
-				Map env = new HashMap();
-			    String[] creds = {user, pwd};
-			    env.put(JMXConnector.CREDENTIALS, creds);
-			    JMXConnector jmxc =  JMXConnectorFactory.connect(url,env);
-			    return jmxc;
-			} else {
-				JMXConnector jmxc = JMXConnectorFactory.connect(url, null);
-				return jmxc;
-			}
-		} catch (MalformedURLException e) {
-			fail("Error connecting to port=" + port  + " " + e.getMessage());
-		} catch (IOException e) {
-			fail("Error connecting to port=" + port  + " " + e.getMessage());
-		}
-		return null;
-	}
-
-
-
-	private static DistributedSystem getSystem(Properties properties) {
-	    return DistributedSystem.connect(properties);
-	  }
-
-}


Mime
View raw message