geode-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jinmeil...@apache.org
Subject incubator-geode git commit: GEODE-17: All JMX Bean access needs JMX:GET permission
Date Wed, 16 Mar 2016 17:25:00 GMT
Repository: incubator-geode
Updated Branches:
  refs/heads/feature/GEODE-17-2 ce4dd4ef7 -> 2f709ffea


GEODE-17: All JMX Bean access needs JMX:GET permission

* added the ResourceOperation annotation to all JMXBean classes
* fix the tests


Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/2f709ffe
Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/2f709ffe
Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/2f709ffe

Branch: refs/heads/feature/GEODE-17-2
Commit: 2f709ffea12ee7f0a9c662f99c8686b7d4ed0293
Parents: ce4dd4e
Author: Jinmei Liao <jiliao@pivotal.io>
Authored: Wed Mar 16 10:24:27 2016 -0700
Committer: Jinmei Liao <jiliao@pivotal.io>
Committed: Wed Mar 16 10:24:27 2016 -0700

----------------------------------------------------------------------
 .../management/AsyncEventQueueMXBean.java       |  4 ++
 .../gemfire/management/CacheServerMXBean.java   |  2 +-
 .../gemfire/management/DiskStoreMXBean.java     |  1 +
 .../DistributedLockServiceMXBean.java           |  8 +++-
 .../management/DistributedRegionMXBean.java     |  4 ++
 .../management/DistributedSystemMXBean.java     |  1 +
 .../management/GatewayReceiverMXBean.java       |  2 +-
 .../gemfire/management/GatewaySenderMXBean.java |  2 +-
 .../gemfire/management/LocatorMXBean.java       |  4 ++
 .../gemfire/management/LockServiceMXBean.java   |  4 +-
 .../gemfire/management/ManagerMXBean.java       |  1 +
 .../gemfire/management/MemberMXBean.java        |  5 +--
 .../gemfire/management/RegionMXBean.java        |  4 ++
 .../management/internal/security/Resource.java  |  1 +
 .../security/AccessControlMBeanJUnitTest.java   |  2 +-
 .../CacheServerMBeanAuthorizationJUnitTest.java | 32 ++++++++--------
 .../GatewaySenderMBeanSecurityTest.java         | 14 +++----
 .../LockServiceMBeanAuthorizationJUnitTest.java | 15 +++++---
 .../security/MemberMBeanSecurityJUnitTest.java  | 39 +++++++++++++-------
 .../internal/security/cacheServer.json          |  4 +-
 20 files changed, 94 insertions(+), 55 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/2f709ffe/geode-core/src/main/java/com/gemstone/gemfire/management/AsyncEventQueueMXBean.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/AsyncEventQueueMXBean.java
b/geode-core/src/main/java/com/gemstone/gemfire/management/AsyncEventQueueMXBean.java
index b4445ac..b69206b 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/AsyncEventQueueMXBean.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/AsyncEventQueueMXBean.java
@@ -17,6 +17,9 @@
 package com.gemstone.gemfire.management;
 
 import com.gemstone.gemfire.cache.asyncqueue.AsyncEventQueue;
+import com.gemstone.gemfire.cache.operations.OperationContext;
+import com.gemstone.gemfire.management.internal.security.Resource;
+import com.gemstone.gemfire.management.internal.security.ResourceOperation;
 
 /**
  * MBean that provides access to an {@link AsyncEventQueue}.
@@ -25,6 +28,7 @@ import com.gemstone.gemfire.cache.asyncqueue.AsyncEventQueue;
  * @since 7.0
  * 
  */
+@ResourceOperation(resource = Resource.JMX, operation = OperationContext.OperationCode.GET)
 public interface AsyncEventQueueMXBean {
 
   /**

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/2f709ffe/geode-core/src/main/java/com/gemstone/gemfire/management/CacheServerMXBean.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/CacheServerMXBean.java
b/geode-core/src/main/java/com/gemstone/gemfire/management/CacheServerMXBean.java
index 48148f1..4f4f02c 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/CacheServerMXBean.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/CacheServerMXBean.java
@@ -57,7 +57,7 @@ import static com.gemstone.gemfire.cache.operations.OperationContext.OperationCo
  * @since 7.0
  * 
  */
-@ResourceOperation(resource=Resource.DISTRIBUTED_SYSTEM, operation=OperationCode.LIST_DS)
+@ResourceOperation(resource = Resource.JMX, operation = OperationCode.GET)
 public interface CacheServerMXBean {
 
   /**

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/2f709ffe/geode-core/src/main/java/com/gemstone/gemfire/management/DiskStoreMXBean.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/DiskStoreMXBean.java
b/geode-core/src/main/java/com/gemstone/gemfire/management/DiskStoreMXBean.java
index f30a613..e23bc12 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/DiskStoreMXBean.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/DiskStoreMXBean.java
@@ -31,6 +31,7 @@ import static com.gemstone.gemfire.cache.operations.OperationContext.OperationCo
  * @since 7.0
  * 
  */
+@ResourceOperation(resource = Resource.JMX, operation = OperationCode.GET)
 public interface DiskStoreMXBean {
   
   /**

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/2f709ffe/geode-core/src/main/java/com/gemstone/gemfire/management/DistributedLockServiceMXBean.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/DistributedLockServiceMXBean.java
b/geode-core/src/main/java/com/gemstone/gemfire/management/DistributedLockServiceMXBean.java
index 8efa646..65d8f95 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/DistributedLockServiceMXBean.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/DistributedLockServiceMXBean.java
@@ -16,9 +16,12 @@
  */
 package com.gemstone.gemfire.management;
 
-import java.util.Map;
-
+import com.gemstone.gemfire.cache.operations.OperationContext;
 import com.gemstone.gemfire.distributed.DistributedLockService;
+import com.gemstone.gemfire.management.internal.security.Resource;
+import com.gemstone.gemfire.management.internal.security.ResourceOperation;
+
+import java.util.Map;
 
 /**
  * MBean that provides access to information for a named instance of {@link DistributedLockService}.
@@ -29,6 +32,7 @@ import com.gemstone.gemfire.distributed.DistributedLockService;
  * @since 7.0
  * 
  */
+@ResourceOperation(resource = Resource.JMX, operation = OperationContext.OperationCode.GET)
 public interface DistributedLockServiceMXBean {
 
   /**

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/2f709ffe/geode-core/src/main/java/com/gemstone/gemfire/management/DistributedRegionMXBean.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/DistributedRegionMXBean.java
b/geode-core/src/main/java/com/gemstone/gemfire/management/DistributedRegionMXBean.java
index 1de4712..9d1e739 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/DistributedRegionMXBean.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/DistributedRegionMXBean.java
@@ -20,7 +20,10 @@ import com.gemstone.gemfire.cache.CacheListener;
 import com.gemstone.gemfire.cache.CacheWriter;
 import com.gemstone.gemfire.cache.EvictionAlgorithm;
 import com.gemstone.gemfire.cache.Region;
+import com.gemstone.gemfire.cache.operations.OperationContext;
 import com.gemstone.gemfire.cache.wan.GatewaySender;
+import com.gemstone.gemfire.management.internal.security.Resource;
+import com.gemstone.gemfire.management.internal.security.ResourceOperation;
 
 /**
  * MBean that provides access to information and management functionality for a
@@ -30,6 +33,7 @@ import com.gemstone.gemfire.cache.wan.GatewaySender;
  * @since 7.0
  * 
  */
+@ResourceOperation(resource = Resource.JMX, operation = OperationContext.OperationCode.GET)
 public interface DistributedRegionMXBean {
 
   /**

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/2f709ffe/geode-core/src/main/java/com/gemstone/gemfire/management/DistributedSystemMXBean.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/DistributedSystemMXBean.java
b/geode-core/src/main/java/com/gemstone/gemfire/management/DistributedSystemMXBean.java
index 8af5df7..a53b3fb 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/DistributedSystemMXBean.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/DistributedSystemMXBean.java
@@ -74,6 +74,7 @@ import static com.gemstone.gemfire.cache.operations.OperationContext.OperationCo
  * @since 7.0
  *
  */
+@ResourceOperation(resource = Resource.JMX, operation = OperationCode.GET)
 public interface DistributedSystemMXBean {
 
   /**

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/2f709ffe/geode-core/src/main/java/com/gemstone/gemfire/management/GatewayReceiverMXBean.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/GatewayReceiverMXBean.java
b/geode-core/src/main/java/com/gemstone/gemfire/management/GatewayReceiverMXBean.java
index 7e16123..68ab2fd 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/GatewayReceiverMXBean.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/GatewayReceiverMXBean.java
@@ -30,7 +30,7 @@ import static com.gemstone.gemfire.cache.operations.OperationContext.OperationCo
  * @since 7.0
  * 
  */
-
+@ResourceOperation(resource = Resource.JMX, operation = OperationCode.GET)
 public interface GatewayReceiverMXBean {
 
   /**

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/2f709ffe/geode-core/src/main/java/com/gemstone/gemfire/management/GatewaySenderMXBean.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/GatewaySenderMXBean.java
b/geode-core/src/main/java/com/gemstone/gemfire/management/GatewaySenderMXBean.java
index 88f9fac..80d4ea8 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/GatewaySenderMXBean.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/GatewaySenderMXBean.java
@@ -28,7 +28,7 @@ import static com.gemstone.gemfire.cache.operations.OperationContext.OperationCo
  * @since 7.0
  *
  */
-@ResourceOperation(resource = Resource.GATEWAY_SENDER, operation = OperationCode.GET)
+@ResourceOperation(resource = Resource.JMX, operation = OperationCode.GET)
 public interface GatewaySenderMXBean {
 
   /**

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/2f709ffe/geode-core/src/main/java/com/gemstone/gemfire/management/LocatorMXBean.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/LocatorMXBean.java b/geode-core/src/main/java/com/gemstone/gemfire/management/LocatorMXBean.java
index 96ffe0f..4412f0b 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/LocatorMXBean.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/LocatorMXBean.java
@@ -16,7 +16,10 @@
  */
 package com.gemstone.gemfire.management;
 
+import com.gemstone.gemfire.cache.operations.OperationContext;
 import com.gemstone.gemfire.distributed.Locator;
+import com.gemstone.gemfire.management.internal.security.Resource;
+import com.gemstone.gemfire.management.internal.security.ResourceOperation;
 
 /**
  * MBean that provides access to information and management functionality for a
@@ -25,6 +28,7 @@ import com.gemstone.gemfire.distributed.Locator;
  * @author rishim
  * @since 7.0
  */
+@ResourceOperation(resource = Resource.JMX, operation = OperationContext.OperationCode.GET)
 public interface LocatorMXBean {
 
   /**

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/2f709ffe/geode-core/src/main/java/com/gemstone/gemfire/management/LockServiceMXBean.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/LockServiceMXBean.java
b/geode-core/src/main/java/com/gemstone/gemfire/management/LockServiceMXBean.java
index f6a10a7..e733567 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/LockServiceMXBean.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/LockServiceMXBean.java
@@ -28,11 +28,11 @@ import static com.gemstone.gemfire.cache.operations.OperationContext.OperationCo
  * MBean that provides access to information and management functionality for a
  * {@link DLockService}.  Since any number of DLockService objects can be created
  * by a member there may be 0 or more instances of this MBean available.
- * 
- * @author rishim
+ *
  * @since 7.0
  * 
  */
+@ResourceOperation(resource = Resource.JMX, operation = OperationCode.GET)
 public interface LockServiceMXBean {
 
   /**

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/2f709ffe/geode-core/src/main/java/com/gemstone/gemfire/management/ManagerMXBean.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/ManagerMXBean.java b/geode-core/src/main/java/com/gemstone/gemfire/management/ManagerMXBean.java
index 8ae28c3..c65dc3e 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/ManagerMXBean.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/ManagerMXBean.java
@@ -32,6 +32,7 @@ import static com.gemstone.gemfire.cache.operations.OperationContext.OperationCo
  * @since 7.0
  * 
  */
+@ResourceOperation(resource = Resource.JMX, operation = OperationCode.GET)
 public interface ManagerMXBean {
 
   /**

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/2f709ffe/geode-core/src/main/java/com/gemstone/gemfire/management/MemberMXBean.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/MemberMXBean.java b/geode-core/src/main/java/com/gemstone/gemfire/management/MemberMXBean.java
index 4e95664..f36cc7c 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/MemberMXBean.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/MemberMXBean.java
@@ -136,10 +136,10 @@ import static com.gemstone.gemfire.cache.operations.OperationContext.OperationCo
  * <td>Locator is Started in the VM</td>
  * </tr>
  * </table>
- * 
- * @author rishim
+
  * @since 7.0
  */
+@ResourceOperation(resource = Resource.JMX, operation = OperationCode.GET)
 public interface MemberMXBean {
 
   /**
@@ -283,7 +283,6 @@ public interface MemberMXBean {
   /**
    * Returns the status.
    */
-  @ResourceOperation(resource = Resource.MEMBER, operation = OperationCode.STATUS)
   public String status();
 
   /**

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/2f709ffe/geode-core/src/main/java/com/gemstone/gemfire/management/RegionMXBean.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/RegionMXBean.java b/geode-core/src/main/java/com/gemstone/gemfire/management/RegionMXBean.java
index dbeb148..0b17f0f 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/RegionMXBean.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/RegionMXBean.java
@@ -20,6 +20,9 @@ import com.gemstone.gemfire.cache.CacheListener;
 import com.gemstone.gemfire.cache.CacheWriter;
 import com.gemstone.gemfire.cache.EvictionAlgorithm;
 import com.gemstone.gemfire.cache.Region;
+import com.gemstone.gemfire.cache.operations.OperationContext;
+import com.gemstone.gemfire.management.internal.security.Resource;
+import com.gemstone.gemfire.management.internal.security.ResourceOperation;
 
 /**
  * MBean that provides access to information and management functionality for a
@@ -31,6 +34,7 @@ import com.gemstone.gemfire.cache.Region;
  * @since 7.0
  *
  */
+@ResourceOperation(resource = Resource.JMX, operation = OperationContext.OperationCode.GET)
 public interface RegionMXBean {
 
   /**

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/2f709ffe/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/Resource.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/Resource.java
b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/Resource.java
index 4570501..51018cd 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/Resource.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/Resource.java
@@ -29,6 +29,7 @@ public enum Resource {
   GATEWAY_RECEIVER,
   GATEWAY_SENDER,
   INDEX,
+  JMX,
   LOCATOR,
   LOCK_SERVICE,
   MANAGER,

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/2f709ffe/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/AccessControlMBeanJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/AccessControlMBeanJUnitTest.java
b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/AccessControlMBeanJUnitTest.java
index fef306a..6f8cfbf 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/AccessControlMBeanJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/AccessControlMBeanJUnitTest.java
@@ -51,7 +51,7 @@ public class AccessControlMBeanJUnitTest {
   @Test
   @JMXConnectionConfiguration(user = "user", password = "1234567")
   public void testAnyAccess() throws Exception {
-    assertThat(bean.authorize("DISTRIBUTED_SYSTEM", "LIST_DS")).isEqualTo(true);
+    assertThat(bean.authorize("JMX", "GET")).isEqualTo(true);
     assertThat(bean.authorize("INDEX", "DESTROY")).isEqualTo(false);
   }
 

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/2f709ffe/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanAuthorizationJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanAuthorizationJUnitTest.java
b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanAuthorizationJUnitTest.java
index 60a49ad..7fa36a3 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanAuthorizationJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanAuthorizationJUnitTest.java
@@ -48,14 +48,14 @@ public class CacheServerMBeanAuthorizationJUnitTest {
   @Test
   @JMXConnectionConfiguration(user = "superuser", password = "1234567")
   public void testAllAccess() throws Exception {
-    cacheServerMXBean.removeIndex("foo"); // "INDEX:DESTROY",
-    cacheServerMXBean.executeContinuousQuery("bar"); // CONTNUOUS_QUERY:EXECUTE
-    cacheServerMXBean.fetchLoadProbe(); // DISTRIBUTED_SYSTEM:LIST_DS
-    cacheServerMXBean.getActiveCQCount(); // DISTRIBUTED_SYSTEM:LIST_DS
-    cacheServerMXBean.stopContinuousQuery("bar"); // CONTINUOUS_QUERY:STOP
-    cacheServerMXBean.closeAllContinuousQuery("bar"); // CONTINUOUS_QUERY:STOP
-    cacheServerMXBean.isRunning(); // DISTRIBUTED_SYSTEM:LIST_DS
-    cacheServerMXBean.showClientQueueDetails("foo"); // DISTRIBUTED_SYSTEM:LIST_DS
+    cacheServerMXBean.removeIndex("foo");
+    cacheServerMXBean.executeContinuousQuery("bar");
+    cacheServerMXBean.fetchLoadProbe();
+    cacheServerMXBean.getActiveCQCount();
+    cacheServerMXBean.stopContinuousQuery("bar");
+    cacheServerMXBean.closeAllContinuousQuery("bar");
+    cacheServerMXBean.isRunning();
+    cacheServerMXBean.showClientQueueDetails("foo");
   }
 
   @Test
@@ -69,13 +69,13 @@ public class CacheServerMBeanAuthorizationJUnitTest {
   @Test
   @JMXConnectionConfiguration(user = "stranger", password = "1234567")
   public void testNoAccess() throws Exception {
-    assertThatThrownBy(() -> cacheServerMXBean.removeIndex("foo")).isInstanceOf(SecurityException.class);
-    assertThatThrownBy(() -> cacheServerMXBean.executeContinuousQuery("bar")).isInstanceOf(SecurityException.class);
-    assertThatThrownBy(() -> cacheServerMXBean.fetchLoadProbe()).isInstanceOf(SecurityException.class);
-    assertThatThrownBy(() -> cacheServerMXBean.getActiveCQCount()).isInstanceOf(SecurityException.class);
-    assertThatThrownBy(() -> cacheServerMXBean.stopContinuousQuery("bar")).isInstanceOf(SecurityException.class);
-    assertThatThrownBy(() -> cacheServerMXBean.closeAllContinuousQuery("bar")).isInstanceOf(SecurityException.class);
-    assertThatThrownBy(() -> cacheServerMXBean.isRunning()).isInstanceOf(SecurityException.class);
-    assertThatThrownBy(() -> cacheServerMXBean.showClientQueueDetails("bar")).isInstanceOf(SecurityException.class);
+    assertThatThrownBy(() -> cacheServerMXBean.removeIndex("foo")).isInstanceOf(SecurityException.class).hasMessageContaining("INDEX:DESTROY");
+    assertThatThrownBy(() -> cacheServerMXBean.executeContinuousQuery("bar")).isInstanceOf(SecurityException.class).hasMessageContaining("CONTINUOUS_QUERY:EXECUTE");
+    assertThatThrownBy(() -> cacheServerMXBean.fetchLoadProbe()).isInstanceOf(SecurityException.class).hasMessageContaining("JMX:GET");
+    assertThatThrownBy(() -> cacheServerMXBean.getActiveCQCount()).isInstanceOf(SecurityException.class).hasMessageContaining("JMX:GET");
+    assertThatThrownBy(() -> cacheServerMXBean.stopContinuousQuery("bar")).isInstanceOf(SecurityException.class).hasMessageContaining("ONTINUOUS_QUERY:STOP");
+    assertThatThrownBy(() -> cacheServerMXBean.closeAllContinuousQuery("bar")).isInstanceOf(SecurityException.class).hasMessageContaining("ONTINUOUS_QUERY:STOP");
+    assertThatThrownBy(() -> cacheServerMXBean.isRunning()).isInstanceOf(SecurityException.class).hasMessageContaining("JMX:GET");
+    assertThatThrownBy(() -> cacheServerMXBean.showClientQueueDetails("bar")).isInstanceOf(SecurityException.class).hasMessageContaining("JMX:GET");
   }
 }

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/2f709ffe/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewaySenderMBeanSecurityTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewaySenderMBeanSecurityTest.java
b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewaySenderMBeanSecurityTest.java
index b553898..a934a09 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewaySenderMBeanSecurityTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewaySenderMBeanSecurityTest.java
@@ -88,13 +88,13 @@ public class GatewaySenderMBeanSecurityTest {
   @Test
   @JMXConnectionConfiguration(user = "stranger", password = "1234567")
   public void testNoAccess() throws Exception {
-    assertThatThrownBy(() -> bean.getAlertThreshold()).hasMessageStartingWith("Access
Denied: Not authorized for GATEWAY_SENDER:GET");
-    assertThatThrownBy(() -> bean.getAverageDistributionTimePerBatch()).hasMessageStartingWith("Access
Denied: Not authorized for GATEWAY_SENDER:GET");
-    assertThatThrownBy(() -> bean.getBatchSize()).hasMessageStartingWith("Access Denied:
Not authorized for GATEWAY_SENDER:GET");
-    assertThatThrownBy(() -> bean.getMaximumQueueMemory()).hasMessageStartingWith("Access
Denied: Not authorized for GATEWAY_SENDER:GET");
-    assertThatThrownBy(() -> bean.getOrderPolicy()).hasMessageStartingWith("Access Denied:
Not authorized for GATEWAY_SENDER:GET");
-    assertThatThrownBy(() -> bean.isBatchConflationEnabled()).hasMessageStartingWith("Access
Denied: Not authorized for GATEWAY_SENDER:GET");
-    assertThatThrownBy(() -> bean.isManualStart()).hasMessageStartingWith("Access Denied:
Not authorized for GATEWAY_SENDER:GET");
+    assertThatThrownBy(() -> bean.getAlertThreshold()).hasMessageStartingWith("Access
Denied: Not authorized for JMX:GET");
+    assertThatThrownBy(() -> bean.getAverageDistributionTimePerBatch()).hasMessageStartingWith("Access
Denied: Not authorized for JMX:GET");
+    assertThatThrownBy(() -> bean.getBatchSize()).hasMessageStartingWith("Access Denied:
Not authorized for JMX:GET");
+    assertThatThrownBy(() -> bean.getMaximumQueueMemory()).hasMessageStartingWith("Access
Denied: Not authorized for JMX:GET");
+    assertThatThrownBy(() -> bean.getOrderPolicy()).hasMessageStartingWith("Access Denied:
Not authorized for JMX:GET");
+    assertThatThrownBy(() -> bean.isBatchConflationEnabled()).hasMessageStartingWith("Access
Denied: Not authorized for JMX:GET");
+    assertThatThrownBy(() -> bean.isManualStart()).hasMessageStartingWith("Access Denied:
Not authorized for JMX:GET");
     assertThatThrownBy(() -> bean.pause()).hasMessageStartingWith("Access Denied: Not
authorized for GATEWAY_SENDER:PAUSE");
     assertThatThrownBy(() -> bean.rebalance()).hasMessageStartingWith("Access Denied:
Not authorized for GATEWAY_SENDER:REBALANCE");
     assertThatThrownBy(() -> bean.resume()).hasMessageStartingWith("Access Denied: Not
authorized for GATEWAY_SENDER:RESUME");

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/2f709ffe/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/LockServiceMBeanAuthorizationJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/LockServiceMBeanAuthorizationJUnitTest.java
b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/LockServiceMBeanAuthorizationJUnitTest.java
index 9803083..c0e1a8b 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/LockServiceMBeanAuthorizationJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/LockServiceMBeanAuthorizationJUnitTest.java
@@ -18,13 +18,10 @@ package com.gemstone.gemfire.management.internal.security;
 
 import com.gemstone.gemfire.cache.Cache;
 import com.gemstone.gemfire.cache.CacheFactory;
-import com.gemstone.gemfire.distributed.DistributedLockService;
 import com.gemstone.gemfire.distributed.internal.InternalDistributedSystem;
 import com.gemstone.gemfire.distributed.internal.locks.DLockService;
 import com.gemstone.gemfire.internal.AvailablePort;
-import com.gemstone.gemfire.management.CacheServerMXBean;
 import com.gemstone.gemfire.management.LockServiceMXBean;
-import com.gemstone.gemfire.test.dunit.Host;
 import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
 import org.junit.AfterClass;
 import org.junit.Before;
@@ -68,7 +65,11 @@ public class LockServiceMBeanAuthorizationJUnitTest {
   @Test
   @JMXConnectionConfiguration(user = "superuser", password = "1234567")
   public void testAllAccess() throws Exception {
-    lockServiceMBean.becomeLockGrantor(); // "INDEX:DESTROY",
+    lockServiceMBean.becomeLockGrantor();
+    lockServiceMBean.fetchGrantorMember();
+    lockServiceMBean.getMemberCount();
+    lockServiceMBean.isDistributed();
+    lockServiceMBean.listThreadsHoldingLock();
   }
 
   @Test
@@ -81,6 +82,10 @@ public class LockServiceMBeanAuthorizationJUnitTest {
   @Test
   @JMXConnectionConfiguration(user = "stranger", password = "1234567")
   public void testNoAccess() throws Exception {
-    assertThatThrownBy(() -> lockServiceMBean.becomeLockGrantor()).isInstanceOf(SecurityException.class);
+    assertThatThrownBy(() -> lockServiceMBean.becomeLockGrantor()).isInstanceOf(SecurityException.class).hasMessageContaining("LOCK_SERVICE:BECOME_LOCK_GRANTOR");
+    assertThatThrownBy(() -> lockServiceMBean.fetchGrantorMember()).isInstanceOf(SecurityException.class).hasMessageContaining("JMX:GET");
+    assertThatThrownBy(() -> lockServiceMBean.getMemberCount()).isInstanceOf(SecurityException.class).hasMessageContaining("JMX:GET");
+    assertThatThrownBy(() -> lockServiceMBean.isDistributed()).isInstanceOf(SecurityException.class).hasMessageContaining("JMX:GET");
+    assertThatThrownBy(() -> lockServiceMBean.listThreadsHoldingLock()).isInstanceOf(SecurityException.class).hasMessageContaining("JMX:GET");
   }
 }

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/2f709ffe/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MemberMBeanSecurityJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MemberMBeanSecurityJUnitTest.java
b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MemberMBeanSecurityJUnitTest.java
index b310d2d..33136f3 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MemberMBeanSecurityJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MemberMBeanSecurityJUnitTest.java
@@ -48,24 +48,35 @@ public class MemberMBeanSecurityJUnitTest {
   @Test
   @JMXConnectionConfiguration(user = "superuser", password = "1234567")
   public void testAllAccess() throws Exception {
-    bean.shutDownMember();  // MEMBER:SHUTDOWN
-    bean.compactAllDiskStores(); // DISKSTORE:COMPACT
-    bean.createManager(); // MANAGER:CREATE
-    bean.fetchJvmThreads(); // DEFAULT:LIST_DS
-    bean.getName(); // DEFAULT:LIST_DS
-    bean.getDiskStores(); // DEFAULT:LIST_DS
-    bean.hasGatewayReceiver(); // DEFAULT:LIST_DS
-    bean.isCacheServer(); // DEFAULT:LIST_DS
-    bean.isServer(); // DEFAULT:LIST_DS
-    bean.listConnectedGatewayReceivers(); // DEFAULT:LIST_DS
-    bean.processCommand("create region --name=Region_A"); // REGION:CREATE
-    bean.showJVMMetrics(); // DEFAULT:LIST_DS
-    bean.status(); // DEFAULT:LIST_DS
+    bean.shutDownMember();
+    bean.compactAllDiskStores();
+    bean.createManager();
+    bean.fetchJvmThreads();
+    bean.getName();
+    bean.getDiskStores();
+    bean.hasGatewayReceiver();
+    bean.isCacheServer();
+    bean.isServer();
+    bean.listConnectedGatewayReceivers();
+    bean.processCommand("create region --name=Region_A");
+    bean.showJVMMetrics();
+    bean.status();
   }
 
   @Test
   @JMXConnectionConfiguration(user = "stranger", password = "1234567")
   public void testNoAccess() throws Exception {
-    assertThatThrownBy(() -> bean.shutDownMember()).isInstanceOf(SecurityException.class);
+    assertThatThrownBy(() -> bean.shutDownMember()).isInstanceOf(SecurityException.class).hasMessageContaining("MEMBER:SHUTDOWN");
+    assertThatThrownBy(() -> bean.createManager()).hasMessageContaining("MANAGER:CREATE");
+    assertThatThrownBy(() -> bean.fetchJvmThreads()).hasMessageContaining("JMX:GET");
+    assertThatThrownBy(() -> bean.getName()).hasMessageContaining("JMX:GET");
+    assertThatThrownBy(() -> bean.getDiskStores()).hasMessageContaining("JMX:GET");
+    assertThatThrownBy(() -> bean.hasGatewayReceiver()).hasMessageContaining("JMX:GET");
+    assertThatThrownBy(() -> bean.isCacheServer()).hasMessageContaining("JMX:GET");
+    assertThatThrownBy(() -> bean.isServer()).hasMessageContaining("JMX:GET");
+    assertThatThrownBy(() -> bean.listConnectedGatewayReceivers()).hasMessageContaining("JMX:GET");
+    assertThatThrownBy(() -> bean.processCommand("create region --name=Region_A")).hasMessageContaining("REGION:CREATE");
+    assertThatThrownBy(() -> bean.showJVMMetrics()).hasMessageContaining("JMX:GET");
+    assertThatThrownBy(() -> bean.status()).hasMessageContaining("JMX:GET");
   }
 }

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/2f709ffe/geode-core/src/test/resources/com/gemstone/gemfire/management/internal/security/cacheServer.json
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/com/gemstone/gemfire/management/internal/security/cacheServer.json
b/geode-core/src/test/resources/com/gemstone/gemfire/management/internal/security/cacheServer.json
index c1e552d..99a0ba3 100644
--- a/geode-core/src/test/resources/com/gemstone/gemfire/management/internal/security/cacheServer.json
+++ b/geode-core/src/test/resources/com/gemstone/gemfire/management/internal/security/cacheServer.json
@@ -20,7 +20,7 @@
         "REGION:GET",
         "REGION:DELETE",
         "LOCK_SERVICE:BECOME_LOCK_GRANTOR",
-        "GATEWAY_SENDER:GET",
+        "JMX:GET",
         "GATEWAY_SENDER:PAUSE",
         "GATEWAY_SENDER:REBALANCE",
         "GATEWAY_SENDER:RESUME",
@@ -36,7 +36,7 @@
     {
       "name": "something",
       "operationsAllowed": [
-        "DISTRIBUTED_SYSTEM:LIST_DS"
+        "JMX:GET"
       ]
     },
     {


Mime
View raw message