geode-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kl...@apache.org
Subject [02/11] incubator-geode git commit: GEODE-693: refactor security dunit tests
Date Wed, 30 Mar 2016 22:26:00 GMT
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/22ca5ef8/geode-cq/src/test/java/com/gemstone/gemfire/security/ClientPostAuthorizationDUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-cq/src/test/java/com/gemstone/gemfire/security/ClientPostAuthorizationDUnitTest.java b/geode-cq/src/test/java/com/gemstone/gemfire/security/ClientPostAuthorizationDUnitTest.java
index 4381510..ce03ac6 100644
--- a/geode-cq/src/test/java/com/gemstone/gemfire/security/ClientPostAuthorizationDUnitTest.java
+++ b/geode-cq/src/test/java/com/gemstone/gemfire/security/ClientPostAuthorizationDUnitTest.java
@@ -16,6 +16,10 @@
  */
 package com.gemstone.gemfire.security;
 
+import static com.gemstone.gemfire.internal.AvailablePort.*;
+import static com.gemstone.gemfire.security.SecurityTestUtils.*;
+import static com.gemstone.gemfire.test.dunit.LogWriterUtils.*;
+
 import java.util.ArrayList;
 import java.util.Iterator;
 import java.util.List;
@@ -23,11 +27,14 @@ import java.util.Properties;
 import java.util.Random;
 
 import com.gemstone.gemfire.cache.operations.OperationContext.OperationCode;
-import com.gemstone.gemfire.internal.AvailablePort;
 import com.gemstone.gemfire.security.generator.AuthzCredentialGenerator;
 import com.gemstone.gemfire.security.generator.CredentialGenerator;
-import com.gemstone.gemfire.test.dunit.Host;
-import com.gemstone.gemfire.test.dunit.LogWriterUtils;
+import com.gemstone.gemfire.test.junit.Retry;
+import com.gemstone.gemfire.test.junit.categories.DistributedTest;
+import com.gemstone.gemfire.test.junit.rules.RetryRule;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
 
 /**
  * Tests for authorization from client to server. This tests for authorization
@@ -36,83 +43,19 @@ import com.gemstone.gemfire.test.dunit.LogWriterUtils;
  * 
  * @since 5.5
  */
-public class ClientPostAuthorizationDUnitTest extends
-    ClientAuthorizationTestBase {
-
-
-  /** constructor */
-  public ClientPostAuthorizationDUnitTest(String name) {
-    super(name);
-  }
-
-  @Override
-  public final void postSetUp() throws Exception {
-    final Host host = Host.getHost(0);
-    server1 = host.getVM(0);
-    server2 = host.getVM(1);
-    client1 = host.getVM(2);
-    client2 = host.getVM(3);
-
-    server1.invoke(() -> SecurityTestUtil.registerExpectedExceptions( serverExpectedExceptions ));
-    server2.invoke(() -> SecurityTestUtil.registerExpectedExceptions( serverExpectedExceptions ));
-    client2.invoke(() -> SecurityTestUtil.registerExpectedExceptions( clientExpectedExceptions ));
-    SecurityTestUtil.registerExpectedExceptions(clientExpectedExceptions);
-  }
-
-  // Region: Tests
-
-  public void testAllPostOps() {
-
-    OperationWithAction[] allOps = {
-        // Test CREATE and verify with a GET
-        new OperationWithAction(OperationCode.PUT),
-        new OperationWithAction(OperationCode.GET, 2, OpFlags.CHECK_NOKEY, 4),
-        new OperationWithAction(OperationCode.GET, 3, OpFlags.CHECK_NOKEY
-            | OpFlags.CHECK_NOTAUTHZ, 4),
-
-        // OPBLOCK_END indicates end of an operation block that needs to
-        // be executed on each server when doing failover
-        OperationWithAction.OPBLOCK_END,
-
-        // Test UPDATE and verify with a GET
-        new OperationWithAction(OperationCode.PUT, 1, OpFlags.USE_OLDCONN
-            | OpFlags.USE_NEWVAL, 4),
-        new OperationWithAction(OperationCode.GET, 2, OpFlags.USE_OLDCONN
-            | OpFlags.USE_NEWVAL, 4),
-        new OperationWithAction(OperationCode.GET, 3,
-            OpFlags.USE_OLDCONN | OpFlags.CHECK_NOKEY | OpFlags.USE_NEWVAL
-                | OpFlags.CHECK_NOTAUTHZ, 4),
+@Category(DistributedTest.class)
+public class ClientPostAuthorizationDUnitTest extends ClientAuthorizationTestCase {
 
-        OperationWithAction.OPBLOCK_END,
+  @Rule
+  public RetryRule retryRule = new RetryRule();
 
-        // Test UPDATE and verify with a KEY_SET
-        new OperationWithAction(OperationCode.PUT, 1, OpFlags.USE_OLDCONN, 6),
-        new OperationWithAction(OperationCode.KEY_SET, 2, OpFlags.NONE, 6),
-        new OperationWithAction(OperationCode.KEY_SET, 3,
-            OpFlags.CHECK_NOTAUTHZ, 6),
+  @Test
+  @Retry(2)
+  public void testAllPostOps() throws Exception {
+    OperationWithAction[] allOps = allOpsForTestAllPostOps();
 
-        OperationWithAction.OPBLOCK_END,
-
-        // Test UPDATE and verify with a QUERY
-        new OperationWithAction(OperationCode.PUT, 1, OpFlags.USE_OLDCONN
-            | OpFlags.USE_NEWVAL, 7),
-        new OperationWithAction(OperationCode.QUERY, 2, OpFlags.USE_NEWVAL, 7),
-        new OperationWithAction(OperationCode.QUERY, 3, OpFlags.USE_NEWVAL
-            | OpFlags.CHECK_NOTAUTHZ, 7),
-
-        OperationWithAction.OPBLOCK_END,
-
-        // Test UPDATE and verify with a EXECUTE_CQ initial results
-        new OperationWithAction(OperationCode.PUT, 1, OpFlags.USE_OLDCONN, 8),
-        new OperationWithAction(OperationCode.EXECUTE_CQ, 2, OpFlags.NONE, 8),
-        new OperationWithAction(OperationCode.EXECUTE_CQ, 3,
-            OpFlags.CHECK_NOTAUTHZ, 8),
-
-        OperationWithAction.OPBLOCK_END };
-
-    Iterator iter = getDummyGeneratorCombos().iterator();
-    while (iter.hasNext()) {
-      AuthzCredentialGenerator gen = (AuthzCredentialGenerator)iter.next();
+    for (Iterator<AuthzCredentialGenerator> iter = getDummyGeneratorCombos().iterator(); iter.hasNext();) {
+      AuthzCredentialGenerator gen = iter.next();
       CredentialGenerator cGen = gen.getCredentialGenerator();
       Properties extraAuthProps = cGen.getSystemProperties();
       Properties javaProps = cGen.getJavaProperties();
@@ -122,56 +65,45 @@ public class ClientPostAuthorizationDUnitTest extends
       String accessor = gen.getAuthorizationCallback();
       TestAuthzCredentialGenerator tgen = new TestAuthzCredentialGenerator(gen);
 
-      LogWriterUtils.getLogWriter().info("testAllPostOps: Using authinit: " + authInit);
-      LogWriterUtils.getLogWriter().info(
-          "testAllPostOps: Using authenticator: " + authenticator);
-      LogWriterUtils.getLogWriter().info("testAllPostOps: Using accessor: " + accessor);
+      getLogWriter().info("testAllPostOps: Using authinit: " + authInit);
+      getLogWriter().info("testAllPostOps: Using authenticator: " + authenticator);
+      getLogWriter().info("testAllPostOps: Using accessor: " + accessor);
 
       // Start servers with all required properties
-      Properties serverProps = buildProperties(authenticator, accessor, true,
-          extraAuthProps, extraAuthzProps);
+      Properties serverProps = buildProperties(authenticator, accessor, true, extraAuthProps, extraAuthzProps);
+
       // Get ports for the servers
-      Integer port1 = new Integer(AvailablePort
-          .getRandomAvailablePort(AvailablePort.SOCKET));
-      Integer port2 = new Integer(AvailablePort
-          .getRandomAvailablePort(AvailablePort.SOCKET));
+      int port1 = getRandomAvailablePort(SOCKET);
+      int port2 = getRandomAvailablePort(SOCKET);
 
       // Close down any running servers
-      server1.invoke(() -> SecurityTestUtil.closeCache());
-      server2.invoke(() -> SecurityTestUtil.closeCache());
+      server1.invoke(() -> closeCache());
+      server2.invoke(() -> closeCache());
 
       // Perform all the ops on the clients
       List opBlock = new ArrayList();
       Random rnd = new Random();
+
       for (int opNum = 0; opNum < allOps.length; ++opNum) {
-        // Start client with valid credentials as specified in
-        // OperationWithAction
+        // Start client with valid credentials as specified in OperationWithAction
         OperationWithAction currentOp = allOps[opNum];
-        if (currentOp.equals(OperationWithAction.OPBLOCK_END)
-            || currentOp.equals(OperationWithAction.OPBLOCK_NO_FAILOVER)) {
-          // End of current operation block; execute all the operations
-          // on the servers with failover
+        if (currentOp.equals(OperationWithAction.OPBLOCK_END) || currentOp.equals(OperationWithAction.OPBLOCK_NO_FAILOVER)) {
+          // End of current operation block; execute all the operations on the servers with failover
           if (opBlock.size() > 0) {
             // Start the first server and execute the operation block
-            server1.invoke(() -> ClientAuthorizationTestBase.createCacheServer(
-                    SecurityTestUtil.getLocatorPort(), port1, serverProps,
-                    javaProps ));
-            server2.invoke(() -> SecurityTestUtil.closeCache());
-            executeOpBlock(opBlock, port1, port2, authInit, extraAuthProps,
-                extraAuthzProps, tgen, rnd);
+            server1.invoke(() -> createCacheServer(getLocatorPort(), port1, serverProps, javaProps ));
+            server2.invoke(() -> closeCache());
+            executeOpBlock(opBlock, port1, port2, authInit, extraAuthProps, extraAuthzProps, tgen, rnd);
             if (!currentOp.equals(OperationWithAction.OPBLOCK_NO_FAILOVER)) {
               // Failover to the second server and run the block again
-              server2.invoke(() -> ClientAuthorizationTestBase.createCacheServer(
-                      SecurityTestUtil.getLocatorPort(), port2, serverProps,
-                      javaProps ));
-              server1.invoke(() -> SecurityTestUtil.closeCache());
-              executeOpBlock(opBlock, port1, port2, authInit, extraAuthProps,
-                  extraAuthzProps, tgen, rnd);
+              server2.invoke(() -> createCacheServer(getLocatorPort(), port2, serverProps, javaProps ));
+              server1.invoke(() -> closeCache());
+              executeOpBlock(opBlock, port1, port2, authInit, extraAuthProps, extraAuthzProps, tgen, rnd);
             }
             opBlock.clear();
           }
-        }
-        else {
+
+        } else {
           currentOp.setOpNum(opNum);
           opBlock.add(currentOp);
         }
@@ -179,57 +111,134 @@ public class ClientPostAuthorizationDUnitTest extends
     }
   }
 
-  public void testAllOpsNotifications() {
+  @Test
+  public void testAllOpsNotifications() throws Exception {
+    OperationWithAction[] allOps = allOpsForTestAllOpsNotifications();
+
+    AuthzCredentialGenerator authzGenerator = getXmlAuthzGenerator();
+
+    getLogWriter().info("Executing opblocks with credential generator " + authzGenerator);
+
+    CredentialGenerator credentialGenerator = authzGenerator.getCredentialGenerator();
+    Properties extraAuthProps = credentialGenerator.getSystemProperties();
+    Properties javaProps = credentialGenerator.getJavaProperties();
+    Properties extraAuthzProps = authzGenerator.getSystemProperties();
+    String authenticator = credentialGenerator.getAuthenticator();
+    String authInit = credentialGenerator.getAuthInit();
+    String accessor = authzGenerator.getAuthorizationCallback();
+    TestAuthzCredentialGenerator tgen = new TestAuthzCredentialGenerator(authzGenerator);
+
+    getLogWriter().info("testAllOpsNotifications: Using authinit: " + authInit);
+    getLogWriter().info("testAllOpsNotifications: Using authenticator: " + authenticator);
+    getLogWriter().info("testAllOpsNotifications: Using accessor: " + accessor);
+
+    // Start servers with all required properties
+    Properties serverProps = buildProperties(authenticator, accessor, true, extraAuthProps, extraAuthzProps);
+
+    // Get ports for the servers
+    int port1 = getRandomAvailablePort(SOCKET);
+    int port2 = getRandomAvailablePort(SOCKET);
+
+    // Perform all the ops on the clients
+    List opBlock = new ArrayList();
+    Random rnd = new Random();
+
+    for (int opNum = 0; opNum < allOps.length; ++opNum) {
+      // Start client with valid credentials as specified in OperationWithAction
+      OperationWithAction currentOp = allOps[opNum];
+      if (currentOp.equals(OperationWithAction.OPBLOCK_END) || currentOp.equals(OperationWithAction.OPBLOCK_NO_FAILOVER)) {
+        // End of current operation block; execute all the operations on the servers with failover
+        if (opBlock.size() > 0) {
+          // Start the first server and execute the operation block
+          server1.invoke(() -> createCacheServer(getLocatorPort(), port1, serverProps, javaProps ));
+          server2.invoke(() -> closeCache());
+          executeOpBlock(opBlock, port1, port2, authInit, extraAuthProps, extraAuthzProps, tgen, rnd);
+          if (!currentOp.equals(OperationWithAction.OPBLOCK_NO_FAILOVER)) {
+            // Failover to the second server and run the block again
+            server2.invoke(() -> createCacheServer(getLocatorPort(), port2, serverProps, javaProps ));
+            server1.invoke(() -> closeCache());
+            executeOpBlock(opBlock, port1, port2, authInit, extraAuthProps, extraAuthzProps, tgen, rnd);
+          }
+          opBlock.clear();
+        }
+
+      } else {
+        currentOp.setOpNum(opNum);
+        opBlock.add(currentOp);
+      }
+    }
+  }
+
+  private OperationWithAction[] allOpsForTestAllPostOps() {
+    return new OperationWithAction[] {
+        // Test CREATE and verify with a GET
+        new OperationWithAction(OperationCode.PUT),
+        new OperationWithAction(OperationCode.GET, 2, OpFlags.CHECK_NOKEY, 4),
+        new OperationWithAction(OperationCode.GET, 3, OpFlags.CHECK_NOKEY | OpFlags.CHECK_NOTAUTHZ, 4),
+
+        // OPBLOCK_END indicates end of an operation block that needs to be executed on each server when doing failover
+        OperationWithAction.OPBLOCK_END,
+
+        // Test UPDATE and verify with a GET
+        new OperationWithAction(OperationCode.PUT, 1, OpFlags.USE_OLDCONN | OpFlags.USE_NEWVAL, 4),
+        new OperationWithAction(OperationCode.GET, 2, OpFlags.USE_OLDCONN | OpFlags.USE_NEWVAL, 4),
+        new OperationWithAction(OperationCode.GET, 3, OpFlags.USE_OLDCONN | OpFlags.CHECK_NOKEY | OpFlags.USE_NEWVAL | OpFlags.CHECK_NOTAUTHZ, 4),
+
+        OperationWithAction.OPBLOCK_END,
+
+        // Test UPDATE and verify with a KEY_SET
+        new OperationWithAction(OperationCode.PUT, 1, OpFlags.USE_OLDCONN, 6),
+        new OperationWithAction(OperationCode.KEY_SET, 2, OpFlags.NONE, 6),
+        new OperationWithAction(OperationCode.KEY_SET, 3, OpFlags.CHECK_NOTAUTHZ, 6),
+
+        OperationWithAction.OPBLOCK_END,
+
+        // Test UPDATE and verify with a QUERY
+        new OperationWithAction(OperationCode.PUT, 1, OpFlags.USE_OLDCONN | OpFlags.USE_NEWVAL, 7),
+        new OperationWithAction(OperationCode.QUERY, 2, OpFlags.USE_NEWVAL, 7),
+        new OperationWithAction(OperationCode.QUERY, 3, OpFlags.USE_NEWVAL | OpFlags.CHECK_NOTAUTHZ, 7),
+
+        OperationWithAction.OPBLOCK_END,
+
+        // Test UPDATE and verify with a EXECUTE_CQ initial results
+        new OperationWithAction(OperationCode.PUT, 1, OpFlags.USE_OLDCONN, 8),
+        new OperationWithAction(OperationCode.EXECUTE_CQ, 2, OpFlags.NONE, 8),
+        new OperationWithAction(OperationCode.EXECUTE_CQ, 3, OpFlags.CHECK_NOTAUTHZ, 8),
 
-    OperationWithAction[] allOps = {
+        OperationWithAction.OPBLOCK_END
+    };
+  }
+
+  private OperationWithAction[] allOpsForTestAllOpsNotifications() {
+    return new OperationWithAction[]{
         // Test CREATE and verify with a GET
-        new OperationWithAction(OperationCode.REGISTER_INTEREST,
-            OperationCode.GET, 2, OpFlags.USE_REGEX
-                | OpFlags.REGISTER_POLICY_NONE, 8),
-        new OperationWithAction(OperationCode.REGISTER_INTEREST,
-            OperationCode.GET, 3, OpFlags.USE_REGEX
-                | OpFlags.REGISTER_POLICY_NONE | OpFlags.USE_NOTAUTHZ, 8),
+        new OperationWithAction(OperationCode.REGISTER_INTEREST, OperationCode.GET, 2, OpFlags.USE_REGEX | OpFlags.REGISTER_POLICY_NONE, 8),
+        new OperationWithAction(OperationCode.REGISTER_INTEREST, OperationCode.GET, 3, OpFlags.USE_REGEX | OpFlags.REGISTER_POLICY_NONE | OpFlags.USE_NOTAUTHZ, 8),
         new OperationWithAction(OperationCode.PUT),
-        new OperationWithAction(OperationCode.GET, 2, OpFlags.USE_OLDCONN
-            | OpFlags.LOCAL_OP, 4),
-        new OperationWithAction(OperationCode.GET, 3, OpFlags.USE_OLDCONN
-            | OpFlags.LOCAL_OP | OpFlags.CHECK_FAIL, 4),
+        new OperationWithAction(OperationCode.GET, 2, OpFlags.USE_OLDCONN | OpFlags.LOCAL_OP, 4),
+        new OperationWithAction(OperationCode.GET, 3, OpFlags.USE_OLDCONN | OpFlags.LOCAL_OP | OpFlags.CHECK_FAIL, 4),
 
-        // OPBLOCK_END indicates end of an operation block that needs to
-        // be executed on each server when doing failover
+        // OPBLOCK_END indicates end of an operation block that needs to be executed on each server when doing failover
         OperationWithAction.OPBLOCK_END,
 
         // Test UPDATE and verify with a GET
-        new OperationWithAction(OperationCode.REGISTER_INTEREST,
-            OperationCode.GET, 2, OpFlags.USE_REGEX
-                | OpFlags.REGISTER_POLICY_NONE, 8),
-        new OperationWithAction(OperationCode.REGISTER_INTEREST,
-            OperationCode.GET, 3, OpFlags.USE_REGEX
-                | OpFlags.REGISTER_POLICY_NONE | OpFlags.USE_NOTAUTHZ, 8),
-        new OperationWithAction(OperationCode.PUT, 1, OpFlags.USE_OLDCONN
-            | OpFlags.USE_NEWVAL, 4),
-        new OperationWithAction(OperationCode.GET, 2, OpFlags.USE_OLDCONN
-            | OpFlags.LOCAL_OP | OpFlags.USE_NEWVAL, 4),
-        new OperationWithAction(OperationCode.GET, 3, OpFlags.USE_OLDCONN
-            | OpFlags.LOCAL_OP | OpFlags.USE_NEWVAL | OpFlags.CHECK_FAIL, 4),
+        new OperationWithAction(OperationCode.REGISTER_INTEREST, OperationCode.GET, 2, OpFlags.USE_REGEX | OpFlags.REGISTER_POLICY_NONE, 8),
+        new OperationWithAction(OperationCode.REGISTER_INTEREST, OperationCode.GET, 3, OpFlags.USE_REGEX | OpFlags.REGISTER_POLICY_NONE | OpFlags.USE_NOTAUTHZ, 8),
+        new OperationWithAction(OperationCode.PUT, 1, OpFlags.USE_OLDCONN | OpFlags.USE_NEWVAL, 4),
+        new OperationWithAction(OperationCode.GET, 2, OpFlags.USE_OLDCONN | OpFlags.LOCAL_OP | OpFlags.USE_NEWVAL, 4),
+        new OperationWithAction(OperationCode.GET, 3, OpFlags.USE_OLDCONN | OpFlags.LOCAL_OP | OpFlags.USE_NEWVAL | OpFlags.CHECK_FAIL, 4),
 
         OperationWithAction.OPBLOCK_END,
 
-        // Test DESTROY and verify with GET that keys should not exist
+        // Test DESTROY and verify with GET that KEYS should not exist
         new OperationWithAction(OperationCode.PUT, 3, OpFlags.NONE, 8),
-        new OperationWithAction(OperationCode.REGISTER_INTEREST,
-            OperationCode.GET, 2, OpFlags.USE_REGEX, 8),
-        new OperationWithAction(OperationCode.REGISTER_INTEREST, 3,
-            OpFlags.USE_REGEX | OpFlags.USE_OLDCONN | OpFlags.REGISTER_POLICY_NONE, 8),
-        // registerInterest now clears the keys, so a dummy put to add
-        // those keys back for the case when updates should not come
+        new OperationWithAction(OperationCode.REGISTER_INTEREST, OperationCode.GET, 2, OpFlags.USE_REGEX, 8),
+        new OperationWithAction(OperationCode.REGISTER_INTEREST, 3, OpFlags.USE_REGEX | OpFlags.USE_OLDCONN | OpFlags.REGISTER_POLICY_NONE, 8),
+        // registerInterest now clears the KEYS, so a dummy put to add those KEYS back for the case when updates should not come
         new OperationWithAction(OperationCode.PUT, 3, OpFlags.USE_OLDCONN, 8),
-        new OperationWithAction(OperationCode.DESTROY, 1, OpFlags.USE_OLDCONN,
-            4),
-        new OperationWithAction(OperationCode.GET, 2, OpFlags.USE_OLDCONN
-            | OpFlags.LOCAL_OP | OpFlags.CHECK_FAIL, 4),
-        new OperationWithAction(OperationCode.GET, 3, OpFlags.USE_OLDCONN
-            | OpFlags.LOCAL_OP, 4),
+        new OperationWithAction(OperationCode.DESTROY, 1, OpFlags.USE_OLDCONN, 4),
+        new OperationWithAction(OperationCode.GET, 2, OpFlags.USE_OLDCONN | OpFlags.LOCAL_OP | OpFlags.CHECK_FAIL, 4),
+        new OperationWithAction(OperationCode.GET, 3, OpFlags.USE_OLDCONN | OpFlags.LOCAL_OP, 4),
         // Repopulate the region
         new OperationWithAction(OperationCode.PUT, 1, OpFlags.USE_OLDCONN, 8),
 
@@ -237,152 +246,46 @@ public class ClientPostAuthorizationDUnitTest extends
 
         // Do REGION_CLEAR and check with GET
         new OperationWithAction(OperationCode.PUT, 3, OpFlags.NONE, 8),
-        new OperationWithAction(OperationCode.REGISTER_INTEREST,
-            OperationCode.GET, 2, OpFlags.USE_ALL_KEYS, 1),
-        new OperationWithAction(OperationCode.REGISTER_INTEREST, 3,
-            OpFlags.USE_ALL_KEYS | OpFlags.USE_OLDCONN | OpFlags.REGISTER_POLICY_NONE, 1),
-        // registerInterest now clears the keys, so a dummy put to add
-        // those keys back for the case when updates should not come
+        new OperationWithAction(OperationCode.REGISTER_INTEREST, OperationCode.GET, 2, OpFlags.USE_ALL_KEYS, 1),
+        new OperationWithAction(OperationCode.REGISTER_INTEREST, 3, OpFlags.USE_ALL_KEYS | OpFlags.USE_OLDCONN | OpFlags.REGISTER_POLICY_NONE, 1),
+        // registerInterest now clears the KEYS, so a dummy put to add those KEYS back for the case when updates should not come
         new OperationWithAction(OperationCode.PUT, 3, OpFlags.USE_OLDCONN, 8),
-        new OperationWithAction(OperationCode.REGION_CLEAR, 1,
-            OpFlags.USE_OLDCONN, 1),
-        new OperationWithAction(OperationCode.GET, 2, OpFlags.USE_OLDCONN
-            | OpFlags.LOCAL_OP | OpFlags.CHECK_FAIL, 8),
-        new OperationWithAction(OperationCode.GET, 3, OpFlags.USE_OLDCONN
-            | OpFlags.LOCAL_OP, 8),
+        new OperationWithAction(OperationCode.REGION_CLEAR, 1, OpFlags.USE_OLDCONN, 1),
+        new OperationWithAction(OperationCode.GET, 2, OpFlags.USE_OLDCONN | OpFlags.LOCAL_OP | OpFlags.CHECK_FAIL, 8),
+        new OperationWithAction(OperationCode.GET, 3, OpFlags.USE_OLDCONN | OpFlags.LOCAL_OP, 8),
         // Repopulate the region
         new OperationWithAction(OperationCode.PUT, 1, OpFlags.USE_OLDCONN, 8),
 
         OperationWithAction.OPBLOCK_END,
 
         // Do REGION_CREATE and check with CREATE/GET
-        new OperationWithAction(OperationCode.REGISTER_INTEREST,
-            OperationCode.GET, 2, OpFlags.USE_ALL_KEYS | OpFlags.ENABLE_DRF, 1),
-        new OperationWithAction(OperationCode.REGISTER_INTEREST,
-            OperationCode.GET, 3, OpFlags.USE_ALL_KEYS | OpFlags.ENABLE_DRF
-                | OpFlags.USE_NOTAUTHZ | OpFlags.REGISTER_POLICY_NONE, 1),
-        new OperationWithAction(OperationCode.REGION_CREATE, 1,
-            OpFlags.ENABLE_DRF, 1),
-        new OperationWithAction(OperationCode.PUT, 1, OpFlags.USE_OLDCONN
-            | OpFlags.USE_SUBREGION, 4),
-        new OperationWithAction(OperationCode.GET, 2, OpFlags.USE_OLDCONN
-            | OpFlags.LOCAL_OP | OpFlags.USE_SUBREGION
-            | OpFlags.NO_CREATE_SUBREGION, 4),
-        new OperationWithAction(OperationCode.GET, 3, OpFlags.USE_OLDCONN
-            | OpFlags.LOCAL_OP | OpFlags.USE_SUBREGION
-            | OpFlags.NO_CREATE_SUBREGION | OpFlags.CHECK_NOREGION, 4),
+        new OperationWithAction(OperationCode.REGISTER_INTEREST, OperationCode.GET, 2, OpFlags.USE_ALL_KEYS | OpFlags.ENABLE_DRF, 1),
+        new OperationWithAction(OperationCode.REGISTER_INTEREST, OperationCode.GET, 3, OpFlags.USE_ALL_KEYS | OpFlags.ENABLE_DRF | OpFlags.USE_NOTAUTHZ | OpFlags.REGISTER_POLICY_NONE, 1),
+        new OperationWithAction(OperationCode.REGION_CREATE, 1, OpFlags.ENABLE_DRF, 1),
+        new OperationWithAction(OperationCode.PUT, 1, OpFlags.USE_OLDCONN | OpFlags.USE_SUBREGION, 4),
+        new OperationWithAction(OperationCode.GET, 2, OpFlags.USE_OLDCONN | OpFlags.LOCAL_OP | OpFlags.USE_SUBREGION | OpFlags.NO_CREATE_SUBREGION, 4),
+        new OperationWithAction(OperationCode.GET, 3, OpFlags.USE_OLDCONN | OpFlags.LOCAL_OP | OpFlags.USE_SUBREGION | OpFlags.NO_CREATE_SUBREGION | OpFlags.CHECK_NOREGION, 4),
 
         // Do REGION_DESTROY of the sub-region and check with GET
-        new OperationWithAction(OperationCode.REGION_DESTROY, 1,
-            OpFlags.USE_OLDCONN | OpFlags.USE_SUBREGION, 1),
-        new OperationWithAction(OperationCode.GET, 2, OpFlags.USE_OLDCONN
-            | OpFlags.LOCAL_OP | OpFlags.USE_SUBREGION
-            | OpFlags.NO_CREATE_SUBREGION | OpFlags.CHECK_NOREGION, 4),
-        new OperationWithAction(OperationCode.GET, 2, OpFlags.USE_OLDCONN
-            | OpFlags.USE_SUBREGION | OpFlags.CHECK_NOKEY
-            | OpFlags.CHECK_EXCEPTION, 4),
-        new OperationWithAction(OperationCode.GET, 3, OpFlags.USE_OLDCONN
-            | OpFlags.LOCAL_OP | OpFlags.USE_SUBREGION
-            | OpFlags.NO_CREATE_SUBREGION | OpFlags.CHECK_NOREGION, 4),
-        new OperationWithAction(OperationCode.GET, 3, OpFlags.USE_OLDCONN
-            | OpFlags.USE_SUBREGION | OpFlags.CHECK_NOKEY
-            | OpFlags.CHECK_EXCEPTION, 4),
+        new OperationWithAction(OperationCode.REGION_DESTROY, 1, OpFlags.USE_OLDCONN | OpFlags.USE_SUBREGION, 1),
+        new OperationWithAction(OperationCode.GET, 2, OpFlags.USE_OLDCONN | OpFlags.LOCAL_OP | OpFlags.USE_SUBREGION | OpFlags.NO_CREATE_SUBREGION | OpFlags.CHECK_NOREGION, 4),
+        new OperationWithAction(OperationCode.GET, 2, OpFlags.USE_OLDCONN | OpFlags.USE_SUBREGION | OpFlags.CHECK_NOKEY | OpFlags.CHECK_EXCEPTION, 4),
+        new OperationWithAction(OperationCode.GET, 3, OpFlags.USE_OLDCONN | OpFlags.LOCAL_OP | OpFlags.USE_SUBREGION | OpFlags.NO_CREATE_SUBREGION | OpFlags.CHECK_NOREGION, 4),
+        new OperationWithAction(OperationCode.GET, 3, OpFlags.USE_OLDCONN | OpFlags.USE_SUBREGION | OpFlags.CHECK_NOKEY | OpFlags.CHECK_EXCEPTION, 4),
 
         OperationWithAction.OPBLOCK_END,
 
         // Do REGION_DESTROY of the region and check with GET
         new OperationWithAction(OperationCode.PUT, 3, OpFlags.NONE, 8),
-        new OperationWithAction(OperationCode.REGISTER_INTEREST,
-            OperationCode.GET, 2, OpFlags.USE_ALL_KEYS, 1),
-        new OperationWithAction(OperationCode.REGISTER_INTEREST, 3,
-            OpFlags.USE_ALL_KEYS | OpFlags.USE_OLDCONN | OpFlags.REGISTER_POLICY_NONE, 1),
-        // registerInterest now clears the keys, so a dummy put to add
-        // those keys back for the case when updates should not come
+        new OperationWithAction(OperationCode.REGISTER_INTEREST, OperationCode.GET, 2, OpFlags.USE_ALL_KEYS, 1),
+        new OperationWithAction(OperationCode.REGISTER_INTEREST, 3, OpFlags.USE_ALL_KEYS | OpFlags.USE_OLDCONN | OpFlags.REGISTER_POLICY_NONE, 1),
+        // registerInterest now clears the KEYS, so a dummy put to add those KEYS back for the case when updates should not come
         new OperationWithAction(OperationCode.PUT, 3, OpFlags.USE_OLDCONN, 8),
-        new OperationWithAction(OperationCode.REGION_DESTROY, 1, OpFlags.NONE,
-            1),
-        new OperationWithAction(OperationCode.GET, 2, OpFlags.USE_OLDCONN
-            | OpFlags.LOCAL_OP | OpFlags.CHECK_NOREGION, 4),
-        new OperationWithAction(OperationCode.GET, 3, OpFlags.USE_OLDCONN
-            | OpFlags.LOCAL_OP, 4),
-
-        OperationWithAction.OPBLOCK_NO_FAILOVER };
-
-      AuthzCredentialGenerator gen = getXmlAuthzGenerator();
-      LogWriterUtils.getLogWriter().info("Executing opblocks with credential generator " + gen);
-      CredentialGenerator cGen = gen.getCredentialGenerator();
-      Properties extraAuthProps = cGen.getSystemProperties();
-      Properties javaProps = cGen.getJavaProperties();
-      Properties extraAuthzProps = gen.getSystemProperties();
-      String authenticator = cGen.getAuthenticator();
-      String authInit = cGen.getAuthInit();
-      String accessor = gen.getAuthorizationCallback();
-      TestAuthzCredentialGenerator tgen = new TestAuthzCredentialGenerator(gen);
-
-      LogWriterUtils.getLogWriter().info(
-          "testAllOpsNotifications: Using authinit: " + authInit);
-      LogWriterUtils.getLogWriter().info(
-          "testAllOpsNotifications: Using authenticator: " + authenticator);
-      LogWriterUtils.getLogWriter().info(
-          "testAllOpsNotifications: Using accessor: " + accessor);
-
-      // Start servers with all required properties
-      Properties serverProps = buildProperties(authenticator, accessor, true,
-          extraAuthProps, extraAuthzProps);
-      // Get ports for the servers
-      Integer port1 = new Integer(AvailablePort
-          .getRandomAvailablePort(AvailablePort.SOCKET));
-      Integer port2 = new Integer(AvailablePort
-          .getRandomAvailablePort(AvailablePort.SOCKET));
-
-      // Perform all the ops on the clients
-      List opBlock = new ArrayList();
-      Random rnd = new Random();
-      for (int opNum = 0; opNum < allOps.length; ++opNum) {
-        // Start client with valid credentials as specified in
-        // OperationWithAction
-        OperationWithAction currentOp = allOps[opNum];
-        if (currentOp.equals(OperationWithAction.OPBLOCK_END)
-            || currentOp.equals(OperationWithAction.OPBLOCK_NO_FAILOVER)) {
-          // End of current operation block; execute all the operations
-          // on the servers with failover
-          if (opBlock.size() > 0) {
-            // Start the first server and execute the operation block
-            server1.invoke(() -> ClientAuthorizationTestBase.createCacheServer(
-                    SecurityTestUtil.getLocatorPort(), port1, serverProps,
-                    javaProps ));
-            server2.invoke(() -> SecurityTestUtil.closeCache());
-            executeOpBlock(opBlock, port1, port2, authInit, extraAuthProps,
-                extraAuthzProps, tgen, rnd);
-            if (!currentOp.equals(OperationWithAction.OPBLOCK_NO_FAILOVER)) {
-              // Failover to the second server and run the block again
-              server2.invoke(() -> ClientAuthorizationTestBase.createCacheServer(
-                      SecurityTestUtil.getLocatorPort(), port2, serverProps,
-                      javaProps ));
-              server1.invoke(() -> SecurityTestUtil.closeCache());
-              executeOpBlock(opBlock, port1, port2, authInit, extraAuthProps,
-                  extraAuthzProps, tgen, rnd);
-            }
-            opBlock.clear();
-          }
-        }
-        else {
-          currentOp.setOpNum(opNum);
-          opBlock.add(currentOp);
-        }
-      }
-  }
+        new OperationWithAction(OperationCode.REGION_DESTROY, 1, OpFlags.NONE, 1),
+        new OperationWithAction(OperationCode.GET, 2, OpFlags.USE_OLDCONN | OpFlags.LOCAL_OP | OpFlags.CHECK_NOREGION, 4),
+        new OperationWithAction(OperationCode.GET, 3, OpFlags.USE_OLDCONN | OpFlags.LOCAL_OP, 4),
 
-  // End Region: Tests
-
-  @Override
-  public final void preTearDown() throws Exception {
-    // close the clients first
-    client1.invoke(() -> SecurityTestUtil.closeCache());
-    client2.invoke(() -> SecurityTestUtil.closeCache());
-    SecurityTestUtil.closeCache();
-    // then close the servers
-    server1.invoke(() -> SecurityTestUtil.closeCache());
-    server2.invoke(() -> SecurityTestUtil.closeCache());
+        OperationWithAction.OPBLOCK_NO_FAILOVER
+    };
   }
 }

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/22ca5ef8/geode-cq/src/test/java/com/gemstone/gemfire/security/MultiUserAPIDUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-cq/src/test/java/com/gemstone/gemfire/security/MultiUserAPIDUnitTest.java b/geode-cq/src/test/java/com/gemstone/gemfire/security/MultiUserAPIDUnitTest.java
new file mode 100644
index 0000000..9e04f5f
--- /dev/null
+++ b/geode-cq/src/test/java/com/gemstone/gemfire/security/MultiUserAPIDUnitTest.java
@@ -0,0 +1,314 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.security;
+
+import static com.gemstone.gemfire.distributed.internal.DistributionConfig.*;
+import static com.gemstone.gemfire.security.SecurityTestUtils.*;
+import static com.gemstone.gemfire.test.dunit.Assert.*;
+import static com.gemstone.gemfire.test.dunit.LogWriterUtils.*;
+
+import java.io.IOException;
+import java.util.Properties;
+import javax.net.ssl.SSLException;
+import javax.net.ssl.SSLHandshakeException;
+
+import com.gemstone.gemfire.cache.Region;
+import com.gemstone.gemfire.cache.client.Pool;
+import com.gemstone.gemfire.cache.execute.FunctionService;
+import com.gemstone.gemfire.cache.query.CqAttributesFactory;
+import com.gemstone.gemfire.cache.query.CqException;
+import com.gemstone.gemfire.cache.query.CqQuery;
+import com.gemstone.gemfire.cache.query.Query;
+import com.gemstone.gemfire.internal.cache.GemFireCacheImpl;
+import com.gemstone.gemfire.internal.cache.PoolManagerImpl;
+import com.gemstone.gemfire.security.generator.CredentialGenerator;
+import com.gemstone.gemfire.security.generator.DummyCredentialGenerator;
+import com.gemstone.gemfire.test.junit.categories.DistributedTest;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+@Category(DistributedTest.class)
+public class MultiUserAPIDUnitTest extends ClientAuthorizationTestCase {
+
+  private static final String[] serverIgnoredExceptions = {
+      AuthenticationRequiredException.class.getName(),
+      AuthenticationFailedException.class.getName(),
+      GemFireSecurityException.class.getName(),
+      ClassNotFoundException.class.getName(),
+      IOException.class.getName(),
+      SSLException.class.getName(),
+      SSLHandshakeException.class.getName()};
+
+  private static final String[] clientIgnoredExceptions = {
+      AuthenticationRequiredException.class.getName(),
+      AuthenticationFailedException.class.getName(),
+      SSLHandshakeException.class.getName()};
+
+  @Test
+  public void testSingleUserUnsupportedAPIs() {
+    // Start servers
+    // Start clients with multiuser-authentication set to false
+    setUpVMs(new DummyCredentialGenerator(), false);
+    client1.invoke(() -> verifyDisallowedOps(false));
+  }
+
+  @Test
+  public void testMultiUserUnsupportedAPIs() {
+    // Start servers.
+    // Start clients with multiuser-authentication set to true.
+    setUpVMs(new DummyCredentialGenerator(), true);
+    client1.invoke(() -> verifyDisallowedOps(true));
+  }
+
+  private void verifyDisallowedOps(final boolean multiUserMode) throws Exception {
+    String op = "unknown";
+    boolean success = false;
+
+    if (!multiUserMode) {
+      success = false;
+
+      try {
+        // Attempt cache.createAuthenticatedCacheView() and expect an exception, fail otherwise
+        op = "Pool.createSecureUserCache()";
+        GemFireCacheImpl.getInstance().createAuthenticatedView(new Properties(), "testPool");
+      } catch (IllegalStateException uoe) {
+        getLogWriter().info(op + ": Got expected exception: " + uoe);
+        success = true;
+      }
+
+      if (!success) {
+        fail("Did not get exception while doing " + op);
+      }
+
+    } else { // multiuser mode
+      Region realRegion = GemFireCacheImpl.getInstance().getRegion(SecurityTestUtils.REGION_NAME);
+      Region proxyRegion = SecurityTestUtils.getProxyCaches(0).getRegion(SecurityTestUtils.REGION_NAME);
+      Pool pool = PoolManagerImpl.getPMI().find("testPool");
+
+      for (int i = 0; i <= 27; i++) {
+        success = false;
+        try {
+          switch (i) {
+            // Attempt (real) Region.create/put/get/containsKeyOnServer/destroy/
+            // destroyRegion/clear/remove/registerInterest/unregisterInterest()
+            // and expect an exception, fail otherwise.
+            case 0:
+              op = "Region.create()";
+              realRegion.create("key", "value");
+              break;
+            case 1:
+              op = "Region.put()";
+              realRegion.put("key", "value");
+              break;
+            case 2:
+              op = "Region.get()";
+              realRegion.get("key");
+              break;
+            case 3:
+              op = "Region.containsKeyOnServer()";
+              realRegion.containsKeyOnServer("key");
+              break;
+            case 4:
+              op = "Region.remove()";
+              realRegion.remove("key");
+              break;
+            case 5:
+              op = "Region.destroy()";
+              realRegion.destroy("key");
+              break;
+            case 6:
+              op = "Region.destroyRegion()";
+              realRegion.destroyRegion();
+              break;
+            case 7:
+              op = "Region.registerInterest()";
+              realRegion.registerInterest("key");
+              break;
+            // case 8:
+            // op = "Region.unregisterInterest()";
+            // realRegion.unregisterInterest("key");
+            // break;
+            case 8:
+              op = "Region.clear()";
+              realRegion.clear();
+              break;
+            // Attempt ProxyRegion.createSubregion/forceRolling/
+            // getAttributesMutator/registerInterest/loadSnapShot/saveSnapshot/
+            // setUserAttribute/unregisterInterest/writeToDisk
+            // and expect an exception, fail otherwise.
+            case 9:
+              op = "ProxyRegion.createSubregion()";
+              proxyRegion.createSubregion("subregion", null);
+              break;
+            case 10:
+              op = "ProxyRegion.forceRolling()";
+              proxyRegion.forceRolling();
+              break;
+            case 11:
+              op = "ProxyRegion.getAttributesMutator()";
+              proxyRegion.getAttributesMutator();
+              break;
+            case 12:
+              op = "ProxyRegion.registerInterest()";
+              proxyRegion.registerInterest("key");
+              break;
+            case 13:
+              op = "ProxyRegion.loadSnapshot()";
+              proxyRegion.loadSnapshot(null);
+              break;
+            case 14:
+              op = "ProxyRegion.saveSnapshot()";
+              proxyRegion.saveSnapshot(null);
+              break;
+            case 15:
+              op = "ProxyRegion.setUserAttribute()";
+              proxyRegion.setUserAttribute(null);
+              break;
+            case 16:
+              op = "ProxyRegion.unregisterInterestRegex()";
+              proxyRegion.unregisterInterestRegex("*");
+              break;
+            // Attempt FunctionService.onRegion/onServer/s(pool) and expect an
+            // exception, fail otherwise.
+            case 17:
+              op = "FunctionService.onRegion()";
+              FunctionService.onRegion(realRegion);
+              break;
+            case 18:
+              op = "FunctionService.onServer(pool)";
+              FunctionService.onServer(pool);
+              break;
+            case 19:
+              op = "FunctionService.onServers(pool)";
+              FunctionService.onServers(pool);
+              break;
+            // Attempt
+            // QueryService.newQuery().execute()/newCq().execute/executeWithInitialResults()
+            case 20:
+              op = "QueryService.newQuery.execute()";
+              Query query = pool.getQueryService().newQuery("SELECT * FROM /" + SecurityTestUtils.REGION_NAME);
+              query.execute();
+              break;
+            case 21:
+              op = "QueryService.newCq.execute()";
+              CqQuery cqQuery = pool.getQueryService().newCq("SELECT * FROM /" + SecurityTestUtils.REGION_NAME, new CqAttributesFactory().create());
+              try {
+                cqQuery.execute();
+              } catch (CqException ce) {
+                throw (Exception)ce.getCause();
+              }
+              break;
+            case 22:
+              op = "QueryService.newCq.executeWithInitialResults()";
+              cqQuery = pool.getQueryService().newCq("SELECT * FROM /" + SecurityTestUtils.REGION_NAME, new CqAttributesFactory().create());
+              try {
+                cqQuery.executeWithInitialResults();
+              } catch (CqException ce) {
+                throw (Exception)ce.getCause();
+              }
+              break;
+            // Attempt ProxyQueryService.getIndex/createIndex/removeIndex() and
+            // expect an exception, fail otherwise.
+            case 23:
+              op = "ProxyQueryService().getIndexes()";
+              SecurityTestUtils.getProxyCaches(0).getQueryService().getIndexes(null);
+              break;
+            case 24:
+              op = "ProxyQueryService().createIndex()";
+              SecurityTestUtils.getProxyCaches(0).getQueryService().createIndex(null, null, null );
+              break;
+            case 25:
+              op = "ProxyQueryService().removeIndexes()";
+              SecurityTestUtils.getProxyCaches(0).getQueryService().removeIndexes();
+              break;
+            case 26:
+              op = "ProxyRegion.localDestroy()";
+              proxyRegion.localDestroy("key");
+              break;
+            case 27:
+              op = "ProxyRegion.localInvalidate()";
+              proxyRegion.localInvalidate("key");
+              break;
+            default:
+              fail("Unknown op code: " + i);
+              break;
+          }
+
+        } catch (UnsupportedOperationException uoe) {
+          getLogWriter().info(op + ": Got expected exception: " + uoe);
+          success = true;
+        }
+        if (!success) {
+          fail("Did not get exception while doing " + op);
+        }
+      }
+    }
+  }
+
+  private void setUpVMs(final CredentialGenerator gen, final boolean multiUser) {
+    Properties extraProps = gen.getSystemProperties();
+    Properties javaProps = gen.getJavaProperties();
+    String authenticator = gen.getAuthenticator();
+    String authInit = gen.getAuthInit();
+
+    getLogWriter().info("testValidCredentials: Using scheme: " + gen.classCode());
+    getLogWriter().info("testValidCredentials: Using authenticator: " + authenticator);
+    getLogWriter().info("testValidCredentials: Using authinit: " + authInit);
+
+    // Start the servers
+    int locPort1 = SecurityTestUtils.getLocatorPort();
+    int locPort2 = SecurityTestUtils.getLocatorPort();
+    String locString = SecurityTestUtils.getAndClearLocatorString();
+
+    int port1 = server1.invoke(() -> createCacheServer(locPort1, locString, authenticator, extraProps, javaProps));
+    int port2 = server2.invoke(() -> createCacheServer(locPort2, locString, authenticator, extraProps, javaProps));
+
+    // Start the clients with valid credentials
+    Properties credentials1 = gen.getValidCredentials(1);
+    Properties javaProps1 = gen.getJavaProperties();
+    getLogWriter().info("testValidCredentials: For first client credentials: " + credentials1 + " : " + javaProps1);
+
+    Properties credentials2 = gen.getValidCredentials(2);
+    Properties javaProps2 = gen.getJavaProperties();
+    getLogWriter().info("testValidCredentials: For second client credentials: " + credentials2 + " : " + javaProps2);
+
+    client1.invoke(() -> createCacheClient(authInit, credentials1, javaProps1, port1, port2, 0, multiUser, NO_EXCEPTION));
+  }
+
+  private int createCacheServer(final int dsPort, final String locatorString, final String authenticator, final Properties extraProps, final Properties javaProps) {
+    Properties authProps = new Properties();
+    if (extraProps != null) {
+      authProps.putAll(extraProps);
+    }
+
+    if (authenticator != null) {
+      authProps.setProperty(SECURITY_CLIENT_AUTHENTICATOR_NAME, authenticator);
+    }
+
+    return SecurityTestUtils.createCacheServer(authProps, javaProps, dsPort, locatorString, 0, NO_EXCEPTION);
+  }
+
+  // a
+  protected static void createCacheClient(final String authInit, final Properties authProps, final Properties javaProps, final int[] ports, final int numConnections, final boolean multiUserMode, final int expectedResult) {
+    SecurityTestUtils.createCacheClient(authInit, authProps, javaProps, ports, numConnections, multiUserMode, expectedResult); // invokes SecurityTestUtils 2
+  }
+
+  // b
+  private void createCacheClient(final String authInit, final Properties authProps, final Properties javaProps, final int port1, final int port2, final int numConnections, final boolean multiUserMode, final int expectedResult) {
+    createCacheClient(authInit, authProps, javaProps, new int[] {port1, port2}, numConnections, multiUserMode, expectedResult); // invokes a
+  }
+}

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/22ca5ef8/geode-cq/src/test/java/com/gemstone/gemfire/security/MultiUserDurableCQAuthzDUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-cq/src/test/java/com/gemstone/gemfire/security/MultiUserDurableCQAuthzDUnitTest.java b/geode-cq/src/test/java/com/gemstone/gemfire/security/MultiUserDurableCQAuthzDUnitTest.java
new file mode 100644
index 0000000..632a997
--- /dev/null
+++ b/geode-cq/src/test/java/com/gemstone/gemfire/security/MultiUserDurableCQAuthzDUnitTest.java
@@ -0,0 +1,387 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.security;
+
+import static com.gemstone.gemfire.internal.AvailablePort.*;
+import static com.gemstone.gemfire.security.SecurityTestUtils.*;
+import static com.gemstone.gemfire.test.dunit.Assert.*;
+import static com.gemstone.gemfire.test.dunit.Invoke.*;
+import static com.gemstone.gemfire.test.dunit.LogWriterUtils.*;
+
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Properties;
+import java.util.Random;
+
+import com.gemstone.gemfire.cache.Region;
+import com.gemstone.gemfire.cache.operations.OperationContext.OperationCode;
+import com.gemstone.gemfire.cache.query.CqAttributes;
+import com.gemstone.gemfire.cache.query.CqAttributesFactory;
+import com.gemstone.gemfire.cache.query.CqException;
+import com.gemstone.gemfire.cache.query.CqExistsException;
+import com.gemstone.gemfire.cache.query.CqListener;
+import com.gemstone.gemfire.cache.query.CqQuery;
+import com.gemstone.gemfire.cache.query.QueryService;
+import com.gemstone.gemfire.cache.query.RegionNotFoundException;
+import com.gemstone.gemfire.cache.query.SelectResults;
+import com.gemstone.gemfire.cache.query.cq.dunit.CqQueryTestListener;
+import com.gemstone.gemfire.cache.query.internal.cq.ClientCQImpl;
+import com.gemstone.gemfire.internal.cache.GemFireCacheImpl;
+import com.gemstone.gemfire.security.generator.AuthzCredentialGenerator;
+import com.gemstone.gemfire.security.generator.CredentialGenerator;
+import com.gemstone.gemfire.test.dunit.SerializableRunnable;
+import com.gemstone.gemfire.test.junit.categories.DistributedTest;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+@Category(DistributedTest.class)
+public class MultiUserDurableCQAuthzDUnitTest extends ClientAuthorizationTestCase {
+
+  private final Map<String, String> cqNameToQueryStrings = new HashMap<>();
+
+  @Override
+  public final void preSetUpClientAuthorizationTestBase() throws Exception {
+    getSystem();
+    invokeInEveryVM(new SerializableRunnable("getSystem") {
+      public void run() {
+        getSystem();
+      }
+    });
+  }
+
+  @Override
+  public final void postSetUpClientAuthorizationTestBase() throws Exception {
+    cqNameToQueryStrings.put("CQ_0", "SELECT * FROM ");
+    cqNameToQueryStrings.put("CQ_1", "SELECT * FROM ");
+  }
+
+  @Override
+  public final void postTearDownClientAuthorizationTestBase() throws Exception {
+    cqNameToQueryStrings.clear();
+  }
+
+  @Test
+  public void testCQForDurableClientsWithDefaultClose() throws Exception {
+    /*
+     *  1. Start a server.
+     *  2. Start a durable client in mulituser secure mode.
+     *  3. Create two users registering unique durable CQs on server.
+     *  4. Invoke GemFireCache.close() at client.
+     *  5. Put some events on server satisfying both the CQs.
+     *  6. Up the client and the two users.
+     *  7. Confirm that the users receive the events which were enqueued at server while they were away.
+     *  8. Same for ProxyCache.close()
+     */
+    int numOfUsers = 2;
+    int numOfPuts = 5;
+    boolean[] postAuthzAllowed = new boolean[] {true, true};
+
+    doTest(numOfUsers, numOfPuts, postAuthzAllowed, getXmlAuthzGenerator(), null);
+  }
+
+  @Test
+  public void testCQForDurableClientsWithCloseKeepAliveTrue() throws Exception {
+    /*
+     *  1. Start a server.
+     *  2. Start a durable client in mulituser secure mode.
+     *  3. Create two users registering unique durable CQs on server.
+     *  4. Invoke GemFireCache.close(false) at client.
+     *  5. Put some events on server satisfying both the CQs.
+     *  6. Up the client and the two users.
+     *  7. Observer the behaviour.
+     *  8. Same for ProxyCache.close(false)
+     */
+    int numOfUsers = 2;
+    int numOfPuts = 5;
+    boolean[] postAuthzAllowed = new boolean[] {true, true};
+
+    doTest(numOfUsers, numOfPuts, postAuthzAllowed, getXmlAuthzGenerator(), true);
+  }
+
+  @Test
+  public void testCQForDurableClientsWithCloseKeepAliveFalse() throws Exception {
+    /*
+     *  1. Start a server.
+     *  2. Start a durable client in mulituser secure mode.
+     *  3. Create two users registering unique durable CQs on server.
+     *  4. Invoke GemFireCache.close(true) at client.
+     *  5. Put some events on server satisfying both the CQs.
+     *  6. Up the client and the two users.
+     *  7. Observer the behaviour.
+     *  8. Same for ProxyCache.close(true)
+     */
+    int numOfUsers = 2;
+    int numOfPuts = 5;
+    boolean[] postAuthzAllowed = new boolean[] {true, true};
+
+    doTest(numOfUsers, numOfPuts, postAuthzAllowed, getXmlAuthzGenerator(), false);
+  }
+
+  /**
+   * WARNING: "final Boolean keepAlive" is treated as a ternary value: null, true, false
+   */
+  private void doTest(int numOfUsers, int numOfPuts, boolean[] postAuthzAllowed, final AuthzCredentialGenerator authzGenerator, final Boolean keepAlive) throws Exception {
+    CredentialGenerator credentialGenerator = authzGenerator.getCredentialGenerator();
+    Properties extraAuthProps = credentialGenerator.getSystemProperties();
+    Properties javaProps = credentialGenerator.getJavaProperties();
+    Properties extraAuthzProps = authzGenerator.getSystemProperties();
+    String authenticator = credentialGenerator.getAuthenticator();
+    String accessor = authzGenerator.getAuthorizationCallback();
+    String authInit = credentialGenerator.getAuthInit();
+    TestAuthzCredentialGenerator tgen = new TestAuthzCredentialGenerator(authzGenerator);
+
+    Properties serverProps = buildProperties(authenticator, accessor, true, extraAuthProps, extraAuthzProps);
+
+    Properties opCredentials;
+    credentialGenerator = tgen.getCredentialGenerator();
+    final Properties javaProps2 = credentialGenerator != null ? credentialGenerator.getJavaProperties() : null;
+
+    int[] indices = new int[numOfPuts];
+    for (int index = 0; index < numOfPuts; ++index) {
+      indices[index] = index;
+    }
+
+    Random random = new Random();
+    Properties[] authProps = new Properties[numOfUsers];
+    String durableClientId = "multiuser_durable_client_1";
+
+    Properties client2Credentials = null;
+
+    for (int i = 0; i < numOfUsers; i++) {
+      int rand = random.nextInt(100) + 1;
+      if (postAuthzAllowed[i]) {
+        opCredentials = tgen.getAllowedCredentials(
+            new OperationCode[] {OperationCode.EXECUTE_CQ, OperationCode.GET}, // For callback, GET should be allowed
+            new String[] {regionName},
+            indices,
+            rand);
+
+      } else {
+        opCredentials = tgen.getDisallowedCredentials(
+            new OperationCode[] {OperationCode.GET}, // For callback, GET should be disallowed
+            new String[] {regionName},
+            indices,
+            rand);
+      }
+
+      authProps[i] = concatProperties(new Properties[] {opCredentials, extraAuthProps, extraAuthzProps});
+
+      if (client2Credentials == null) {
+        client2Credentials = tgen.getAllowedCredentials(
+            new OperationCode[] {OperationCode.PUT},
+            new String[] {regionName},
+            indices,
+            rand);
+      }
+    }
+
+    // Get ports for the servers
+    int port1 = getRandomAvailablePort(SOCKET);
+    int port2 = getRandomAvailablePort(SOCKET);
+    int locatorPort = getRandomAvailablePort(SOCKET);
+
+    // Close down any running servers
+    server1.invoke(() -> closeCache());
+    server2.invoke(() -> closeCache());
+
+    server1.invoke(() -> createServerCache(serverProps, javaProps, locatorPort, port1));
+    client1.invoke(() -> createClientCache(javaProps2, authInit, authProps, new int[] {port1, port2}, numOfUsers, durableClientId, postAuthzAllowed));
+
+    client1.invoke(() -> createCQ(numOfUsers, true));
+    client1.invoke(() -> executeCQ(numOfUsers, new boolean[] {false, false}, numOfPuts, new String[numOfUsers]));
+    client1.invoke(() -> readyForEvents());
+
+    if (keepAlive == null) {
+      client1.invoke(() -> closeCache());
+    } else {
+      client1.invoke(() -> closeCache(keepAlive));
+    }
+
+    server1.invoke(() -> doPuts(numOfPuts, true/* put last key */));
+
+    client1.invoke(() -> createClientCache(javaProps2, authInit, authProps, new int[] {port1, port2}, numOfUsers, durableClientId, postAuthzAllowed));
+    client1.invoke(() -> createCQ(numOfUsers, true));
+    client1.invoke(() ->executeCQ(numOfUsers, new boolean[] {false, false}, numOfPuts, new String[numOfUsers]));
+    client1.invoke(() -> readyForEvents());
+
+    if (!postAuthzAllowed[0] || keepAlive == null || !keepAlive) {
+      // Don't wait as no user is authorized to receive cq events.
+      Thread.sleep(1000); // TODO: use Awaitility
+    } else {
+      client1.invoke(() -> waitForLastKey(0, true));
+    }
+
+    int numOfCreates = keepAlive == null ? 0 : (keepAlive ? numOfPuts + 1/* last key */ : 0);
+    client1.invoke(() -> checkCQListeners(numOfUsers, postAuthzAllowed, numOfCreates, 0));
+    client1.invoke(() -> proxyCacheClose(new int[] {0, 1}, keepAlive));
+    client1.invoke(() -> createProxyCache(new int[] {0, 1}, authProps));
+    client1.invoke(() -> createCQ(numOfUsers, true));
+    client1.invoke(() -> executeCQ(numOfUsers, new boolean[] {false, false}, numOfPuts, new String[numOfUsers]));
+
+    server1.invoke(() -> doPuts(numOfPuts, true/* put last key */));
+
+    if (!postAuthzAllowed[0] || keepAlive == null || !keepAlive) {
+      // Don't wait as no user is authorized to receive cq events.
+      Thread.sleep(1000); // TODO: use Awaitility
+    } else {
+      client1.invoke(() -> waitForLastKey(0, false));
+    }
+
+    int numOfUpdates = numOfPuts + 1;
+    client1.invoke(() -> checkCQListeners(numOfUsers, postAuthzAllowed, 0, numOfUpdates));
+  }
+
+  private void createServerCache(final Properties serverProps, final Properties javaProps, final int locatorPort, final int serverPort) {
+    SecurityTestUtils.createCacheServer(serverProps, javaProps, locatorPort, null, serverPort, true, NO_EXCEPTION);
+  }
+
+  private void readyForEvents() {
+    GemFireCacheImpl.getInstance().readyForEvents();
+  }
+
+  /**
+   * NOTE: "final boolean[] postAuthzAllowed" is never used
+   */
+  private void createClientCache(final Properties javaProps, final String authInit, final Properties[] authProps, final int ports[], final int numOfUsers, final String durableId, final boolean[] postAuthzAllowed) {
+    createCacheClientForMultiUserMode(numOfUsers, authInit, authProps, javaProps, ports, 0, false, durableId, NO_EXCEPTION);
+  }
+
+  private void createCQ(final int num, final boolean isDurable) throws CqException, CqExistsException {
+    for (int i = 0; i < num; i++) {
+      QueryService cqService = getProxyCaches(i).getQueryService();
+      String cqName = "CQ_" + i;
+      String queryStr = cqNameToQueryStrings.get(cqName) + getProxyCaches(i).getRegion(regionName).getFullPath();
+
+      // Create CQ Attributes.
+      CqAttributesFactory cqf = new CqAttributesFactory();
+      CqListener[] cqListeners = {new CqQueryTestListener(getLogWriter())};
+      ((CqQueryTestListener)cqListeners[0]).cqName = cqName;
+
+      cqf.initCqListeners(cqListeners);
+      CqAttributes cqa = cqf.create();
+
+      // Create CQ.
+      CqQuery cq1 = cqService.newCq(cqName, queryStr, cqa, isDurable);
+      assertTrue("newCq() state mismatch", cq1.getState().isStopped());
+    }
+  }
+
+  private void executeCQ(final int num, final boolean[] initialResults, final int expectedResultsSize, final String[] expectedErr) throws CqException, RegionNotFoundException {
+    for (int i = 0; i < num; i++) {
+      try {
+        if (expectedErr[i] != null) {
+          getLogWriter().info("<ExpectedException action=add>" + expectedErr[i]+ "</ExpectedException>");
+        }
+
+        CqQuery cq1 = null;
+        String cqName = "CQ_" + i;
+        String queryStr = cqNameToQueryStrings.get(cqName) + getProxyCaches(i).getRegion(regionName).getFullPath();
+        QueryService cqService = getProxyCaches(i).getQueryService();
+
+        // Get CqQuery object.
+        cq1 = cqService.getCq(cqName);
+        if (cq1 == null) {
+          getLogWriter().info("Failed to get CqQuery object for CQ name: " + cqName);
+          fail("Failed to get CQ " + cqName);
+
+        } else {
+          getLogWriter().info("Obtained CQ, CQ name: " + cq1.getName());
+          assertTrue("newCq() state mismatch", cq1.getState().isStopped());
+        }
+
+        if (initialResults[i]) {
+          SelectResults cqResults = null;
+
+          cqResults = cq1.executeWithInitialResults();
+
+          getLogWriter().info("initial result size = " + cqResults.size());
+          assertTrue("executeWithInitialResults() state mismatch", cq1
+              .getState().isRunning());
+          if (expectedResultsSize >= 0) {
+            assertEquals("unexpected results size", expectedResultsSize, cqResults.size());
+          }
+
+        } else {
+          cq1.execute();
+          assertTrue("execute() state mismatch", cq1.getState().isRunning());
+        }
+
+      } finally {
+        if (expectedErr[i] != null) {
+          getLogWriter().info("<ExpectedException action=remove>" + expectedErr[i]+ "</ExpectedException>");
+        }
+      }
+    }
+  }
+
+  private void doPuts(final int num, final boolean putLastKey) {
+    Region region = GemFireCacheImpl.getInstance().getRegion(regionName);
+    for (int i = 0; i < num; i++) {
+      region.put("CQ_key"+i, "CQ_value"+i);
+    }
+    if (putLastKey) {
+      region.put("LAST_KEY", "LAST_KEY");
+    }
+  }
+
+  private void waitForLastKey(final int cqIndex, final boolean isCreate) {
+    String cqName = "CQ_" + cqIndex;
+    QueryService qService = getProxyCaches(cqIndex).getQueryService();
+    ClientCQImpl cqQuery = (ClientCQImpl)qService.getCq(cqName);
+    if (isCreate) {
+      ((CqQueryTestListener)cqQuery.getCqListeners()[cqIndex]).waitForCreated("LAST_KEY");
+    } else {
+      ((CqQueryTestListener)cqQuery.getCqListeners()[cqIndex]).waitForUpdated("LAST_KEY");
+    }
+  }
+
+  private void checkCQListeners(final int numOfUsers, final boolean[] expectedListenerInvocation, final int createEventsSize, final int updateEventsSize) {
+    for (int i = 0; i < numOfUsers; i++) {
+      String cqName = "CQ_" + i;
+      QueryService qService = getProxyCaches(i).getQueryService();
+      ClientCQImpl cqQuery = (ClientCQImpl)qService.getCq(cqName);
+
+      if (expectedListenerInvocation[i]) {
+        for (CqListener listener : cqQuery.getCqListeners()) {
+          assertEquals(createEventsSize, ((CqQueryTestListener)listener).getCreateEventCount());
+          assertEquals(updateEventsSize, ((CqQueryTestListener)listener).getUpdateEventCount());
+        }
+
+      } else {
+        for (CqListener listener : cqQuery.getCqListeners()) {
+          assertEquals(0, ((CqQueryTestListener)listener).getTotalEventCount());
+        }
+      }
+    }
+  }
+
+  /**
+   * WARNING: "final Boolean keepAliveFlags" is treated as a ternary: null, true, false
+   */
+  private void proxyCacheClose(final int[] userIndices, final Boolean keepAliveFlags) {
+    if (keepAliveFlags != null) {
+      for (int i : userIndices) {
+        getProxyCaches(i).close(keepAliveFlags);
+      }
+
+    } else {
+      for (int i : userIndices) {
+        getProxyCaches(i).close();
+      }
+    }
+  }
+}

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/22ca5ef8/geode-cq/src/test/java/com/gemstone/gemfire/security/MultiuserAPIDUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-cq/src/test/java/com/gemstone/gemfire/security/MultiuserAPIDUnitTest.java b/geode-cq/src/test/java/com/gemstone/gemfire/security/MultiuserAPIDUnitTest.java
deleted file mode 100644
index c5a1afe..0000000
--- a/geode-cq/src/test/java/com/gemstone/gemfire/security/MultiuserAPIDUnitTest.java
+++ /dev/null
@@ -1,381 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.security;
-
-import com.gemstone.gemfire.security.generator.CredentialGenerator;
-import com.gemstone.gemfire.security.generator.DummyCredentialGenerator;
-import hydra.Log;
-
-import java.io.IOException;
-import java.util.Properties;
-
-import javax.net.ssl.SSLException;
-import javax.net.ssl.SSLHandshakeException;
-
-import com.gemstone.gemfire.cache.Region;
-import com.gemstone.gemfire.cache.client.Pool;
-import com.gemstone.gemfire.cache.execute.FunctionService;
-import com.gemstone.gemfire.cache.query.CqAttributesFactory;
-import com.gemstone.gemfire.cache.query.CqException;
-import com.gemstone.gemfire.cache.query.CqQuery;
-import com.gemstone.gemfire.cache.query.Query;
-import com.gemstone.gemfire.distributed.internal.DistributionConfig;
-import com.gemstone.gemfire.internal.cache.GemFireCacheImpl;
-import com.gemstone.gemfire.internal.cache.PoolManagerImpl;
-import com.gemstone.gemfire.test.dunit.Assert;
-import com.gemstone.gemfire.test.dunit.Host;
-import com.gemstone.gemfire.test.dunit.LogWriterUtils;
-import com.gemstone.gemfire.test.dunit.VM;
-
-public class MultiuserAPIDUnitTest extends ClientAuthorizationTestBase {
-
-  /** constructor */
-  public MultiuserAPIDUnitTest(String name) {
-    super(name);
-  }
-
-  private VM server1 = null;
-
-  private VM server2 = null;
-
-  private VM client1 = null;
-
-  private VM client2 = null;
-
-  private static final String[] serverExpectedExceptions = {
-      AuthenticationRequiredException.class.getName(),
-      AuthenticationFailedException.class.getName(),
-      GemFireSecurityException.class.getName(),
-      ClassNotFoundException.class.getName(), IOException.class.getName(),
-      SSLException.class.getName(), SSLHandshakeException.class.getName()};
-
-  private static final String[] clientExpectedExceptions = {
-      AuthenticationRequiredException.class.getName(),
-      AuthenticationFailedException.class.getName(),
-      SSLHandshakeException.class.getName()};
-
-  @Override
-  public final void postSetUp() throws Exception {
-    final Host host = Host.getHost(0);
-    server1 = host.getVM(0);
-    server2 = host.getVM(1);
-    client1 = host.getVM(2);
-    client2 = host.getVM(3);
-
-    server1.invoke(() -> SecurityTestUtil.registerExpectedExceptions(serverExpectedExceptions));
-    server2.invoke(() -> SecurityTestUtil.registerExpectedExceptions(serverExpectedExceptions));
-    client1.invoke(() -> SecurityTestUtil.registerExpectedExceptions(clientExpectedExceptions));
-    client2.invoke(() -> SecurityTestUtil.registerExpectedExceptions(clientExpectedExceptions));
-  }
-
-  public static Integer createCacheServer(Object dsPort, Object locatorString,
-      Object authenticator, Object extraProps, Object javaProps) {
-
-    Properties authProps;
-    if (extraProps == null) {
-      authProps = new Properties();
-    } else {
-      authProps = (Properties)extraProps;
-    }
-    if (authenticator != null) {
-      authProps.setProperty(
-          DistributionConfig.SECURITY_CLIENT_AUTHENTICATOR_NAME, authenticator
-              .toString());
-    }
-    return SecurityTestUtil.createCacheServer(authProps, javaProps,
-        (Integer)dsPort, (String)locatorString, null, new Integer(
-            SecurityTestUtil.NO_EXCEPTION));
-  }
-
-  private static void createCacheClient(Object authInit, Properties authProps,
-      Properties javaProps, Integer[] ports, Object numConnections,
-      Boolean multiUserMode, Integer expectedResult) {
-
-    String authInitStr = (authInit == null ? null : authInit.toString());
-    SecurityTestUtil.createCacheClient(authInitStr, authProps, javaProps,
-        ports, numConnections, multiUserMode.toString(), expectedResult);
-  }
-
-  public static void createCacheClient(Object authInit, Object authProps,
-      Object javaProps, Integer port1, Integer port2, Object numConnections,
-      Boolean multiUserMode, Integer expectedResult) {
-
-    createCacheClient(authInit, (Properties)authProps, (Properties)javaProps,
-        new Integer[] {port1, port2}, numConnections, multiUserMode,
-        expectedResult);
-  }
-
-  public static void registerAllInterest() {
-    Region region = SecurityTestUtil.getCache().getRegion(
-        SecurityTestUtil.regionName);
-    assertNotNull(region);
-    region.registerInterestRegex(".*");
-  }
-
-  private void setUpVMs(CredentialGenerator gen, Boolean multiUser) {
-    Properties extraProps = gen.getSystemProperties();
-    Properties javaProps = gen.getJavaProperties();
-    String authenticator = gen.getAuthenticator();
-    String authInit = gen.getAuthInit();
-
-    LogWriterUtils.getLogWriter().info(
-        "testValidCredentials: Using scheme: " + gen.classCode());
-    LogWriterUtils.getLogWriter().info(
-        "testValidCredentials: Using authenticator: " + authenticator);
-    LogWriterUtils.getLogWriter().info("testValidCredentials: Using authinit: " + authInit);
-
-    // Start the servers
-    Integer locPort1 = SecurityTestUtil.getLocatorPort();
-    Integer locPort2 = SecurityTestUtil.getLocatorPort();
-    String locString = SecurityTestUtil.getLocatorString();
-    Integer port1 = (Integer)server1.invoke(() -> MultiuserAPIDUnitTest.createCacheServer(locPort1, locString, authenticator,
-            extraProps, javaProps));
-    Integer port2 = (Integer)server2.invoke(() -> MultiuserAPIDUnitTest.createCacheServer(locPort2, locString, authenticator,
-            extraProps, javaProps));
-
-    // Start the clients with valid credentials
-    Properties credentials1 = gen.getValidCredentials(1);
-    Properties javaProps1 = gen.getJavaProperties();
-    LogWriterUtils.getLogWriter().info(
-        "testValidCredentials: For first client credentials: " + credentials1
-            + " : " + javaProps1);
-    Properties credentials2 = gen.getValidCredentials(2);
-    Properties javaProps2 = gen.getJavaProperties();
-    LogWriterUtils.getLogWriter().info(
-        "testValidCredentials: For second client credentials: " + credentials2
-            + " : " + javaProps2);
-    client1.invoke(() -> MultiuserAPIDUnitTest.createCacheClient(authInit, credentials1, javaProps1, port1, port2, null,
-            multiUser, new Integer(SecurityTestUtil.NO_EXCEPTION)));
-  }
-
-  public void testSingleUserUnsupportedAPIs() {
-      // Start servers
-      // Start clients with multiuser-authentication set to false
-      setUpVMs(new DummyCredentialGenerator(), Boolean.FALSE);
-      client1.invoke(() -> MultiuserAPIDUnitTest.verifyDisallowedOps(Boolean.FALSE));
-  }
-
-  public void testMultiUserUnsupportedAPIs() {
-      // Start servers.
-      // Start clients with multiuser-authentication set to true.
-      setUpVMs(new DummyCredentialGenerator(), Boolean.TRUE);
-      client1.invoke(() -> MultiuserAPIDUnitTest.verifyDisallowedOps(Boolean.TRUE));
-  }
-
-  public static void verifyDisallowedOps(Boolean multiuserMode) {
-    String op = "unknown";
-    boolean success = false;
-    if (!multiuserMode) {
-      success = false;
-      try {
-        // Attempt cache.createAuthenticatedCacheView() and expect an exception, fail otherwise
-        op = "Pool.createSecureUserCache()";
-        GemFireCacheImpl.getInstance().createAuthenticatedView(new Properties(), "testPool");
-      } catch (IllegalStateException uoe) {
-        Log.getLogWriter().info(op + ": Got expected exception: " + uoe);
-        success = true;
-      } catch (Exception e) {
-        Assert.fail("Got unexpected exception while doing " + op, e);
-      }
-      if (!success) {
-        fail("Did not get exception while doing " + op);
-      }
-    } else { // multiuser mode
-      Region realRegion = GemFireCacheImpl.getInstance().getRegion(
-          SecurityTestUtil.regionName);
-      Region proxyRegion = SecurityTestUtil.proxyCaches[0]
-          .getRegion(SecurityTestUtil.regionName);
-      Pool pool = PoolManagerImpl.getPMI().find("testPool");
-      for (int i = 0; i <= 27; i++) {
-        success = false;
-        try {
-          switch (i) {
-            // Attempt (real) Region.create/put/get/containsKeyOnServer/destroy/
-            // destroyRegion/clear/remove/registerInterest/unregisterInterest()
-            // and expect an exception, fail otherwise.
-            case 0:
-              op = "Region.create()";
-              realRegion.create("key", "value");
-              break;
-            case 1:
-              op = "Region.put()";
-              realRegion.put("key", "value");
-              break;
-            case 2:
-              op = "Region.get()";
-              realRegion.get("key");
-              break;
-            case 3:
-              op = "Region.containsKeyOnServer()";
-              realRegion.containsKeyOnServer("key");
-              break;
-            case 4:
-              op = "Region.remove()";
-              realRegion.remove("key");
-              break;
-            case 5:
-              op = "Region.destroy()";
-              realRegion.destroy("key");
-              break;
-            case 6:
-              op = "Region.destroyRegion()";
-              realRegion.destroyRegion();
-              break;
-            case 7:
-              op = "Region.registerInterest()";
-              realRegion.registerInterest("key");
-              break;
-            // case 8:
-            // op = "Region.unregisterInterest()";
-            // realRegion.unregisterInterest("key");
-            // break;
-            case 8:
-              op = "Region.clear()";
-              realRegion.clear();
-              break;
-            // Attempt ProxyRegion.createSubregion/forceRolling/
-            // getAttributesMutator/registerInterest/loadSnapShot/saveSnapshot/
-            // setUserAttribute/unregisterInterest/writeToDisk
-            // and expect an exception, fail otherwise.
-            case 9:
-              op = "ProxyRegion.createSubregion()";
-              proxyRegion.createSubregion("subregion",
-                  null);
-              break;
-            case 10:
-              op = "ProxyRegion.forceRolling()";
-              proxyRegion.forceRolling();
-              break;
-            case 11:
-              op = "ProxyRegion.getAttributesMutator()";
-              proxyRegion.getAttributesMutator();
-              break;
-            case 12:
-              op = "ProxyRegion.registerInterest()";
-              proxyRegion.registerInterest("key");
-              break;
-            case 13:
-              op = "ProxyRegion.loadSnapshot()";
-              proxyRegion.loadSnapshot(null);
-              break;
-            case 14:
-              op = "ProxyRegion.saveSnapshot()";
-              proxyRegion.saveSnapshot(null);
-              break;
-            case 15:
-              op = "ProxyRegion.setUserAttribute()";
-              proxyRegion.setUserAttribute(null);
-              break;
-            case 16:
-              op = "ProxyRegion.unregisterInterestRegex()";
-              proxyRegion.unregisterInterestRegex("*");
-              break;
-            // Attempt FunctionService.onRegion/onServer/s(pool) and expect an
-            // exception, fail otherwise.
-            case 17:
-              op = "FunctionService.onRegion()";
-              FunctionService.onRegion(realRegion);
-              break;
-            case 18:
-              op = "FunctionService.onServer(pool)";
-              FunctionService.onServer(pool);
-              break;
-            case 19:
-              op = "FunctionService.onServers(pool)";
-              FunctionService.onServers(pool);
-              break;
-            // Attempt
-            // QueryService.newQuery().execute()/newCq().execute/executeWithInitialResults()
-            case 20:
-              op = "QueryService.newQuery.execute()";
-              Query query = pool.getQueryService().newQuery(
-                  "SELECT * FROM /" + SecurityTestUtil.regionName);
-              query.execute();
-              break;
-            case 21:
-              op = "QueryService.newCq.execute()";
-              CqQuery cqQuery = pool.getQueryService().newCq(
-                  "SELECT * FROM /" + SecurityTestUtil.regionName,
-                  new CqAttributesFactory().create());
-              try {
-                cqQuery.execute();
-              } catch (CqException ce) {
-                throw (Exception)ce.getCause();
-              }
-              break;
-            case 22:
-              op = "QueryService.newCq.executeWithInitialResults()";
-              cqQuery = pool.getQueryService().newCq(
-                  "SELECT * FROM /" + SecurityTestUtil.regionName,
-                  new CqAttributesFactory().create());
-              try {
-                cqQuery.executeWithInitialResults();
-              } catch (CqException ce) {
-                throw (Exception)ce.getCause();
-              }
-              break;
-            // Attempt ProxyQueryService.getIndex/createIndex/removeIndex() and
-            // expect an exception, fail otherwise.
-            case 23:
-              op = "ProxyQueryService().getIndexes()";
-              SecurityTestUtil.proxyCaches[0].getQueryService()
-                  .getIndexes(null);
-              break;
-            case 24:
-              op = "ProxyQueryService().createIndex()";
-              SecurityTestUtil.proxyCaches[0].getQueryService().createIndex(
-                  null, null, null );
-              break;
-            case 25:
-              op = "ProxyQueryService().removeIndexes()";
-              SecurityTestUtil.proxyCaches[0].getQueryService().removeIndexes();
-              break;
-            case 26:
-              op = "ProxyRegion.localDestroy()";
-              proxyRegion.localDestroy("key");
-              break;
-            case 27:
-              op = "ProxyRegion.localInvalidate()";
-              proxyRegion.localInvalidate("key");
-              break;
-            default:
-              fail("Unknown op code: " + i);
-              break;
-          }
-        } catch (UnsupportedOperationException uoe) {
-          Log.getLogWriter().info(op + ": Got expected exception: " + uoe);
-          success = true;
-        } catch (Exception e) {
-          Assert.fail("Got unexpected exception while doing " + op, e);
-        }
-        if (!success) {
-          fail("Did not get exception while doing " + op);
-        }
-      }
-    }
-  }
-
-  @Override
-  public final void preTearDown() throws Exception {
-    // close the clients first
-    client1.invoke(() -> SecurityTestUtil.closeCache());
-    client2.invoke(() -> SecurityTestUtil.closeCache());
-    // then close the servers
-    server1.invoke(() -> SecurityTestUtil.closeCache());
-    server2.invoke(() -> SecurityTestUtil.closeCache());
-  }
-}


Mime
View raw message