geode-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jensde...@apache.org
Subject [3/3] incubator-geode git commit: GEODE-17: WIP adding security tests for CLI commands
Date Fri, 01 Apr 2016 14:05:24 GMT
GEODE-17: WIP adding security tests for CLI commands


Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/65635fe4
Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/65635fe4
Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/65635fe4

Branch: refs/heads/feature/GEODE-17-2
Commit: 65635fe4d67c09c822bed515b3672e25b689e6bb
Parents: 2a817e1
Author: Jens Deppe <jdeppe@pivotal.io>
Authored: Thu Mar 31 13:56:17 2016 -0700
Committer: Jens Deppe <jdeppe@pivotal.io>
Committed: Fri Apr 1 07:04:43 2016 -0700

----------------------------------------------------------------------
 .../cache/operations/OperationContext.java      |   2 +-
 .../internal/cli/commands/ConfigCommands.java   |   4 +-
 .../cli/commands/DiskStoreCommands.java         |   4 +-
 ...ExportImportSharedConfigurationCommands.java |   4 +-
 .../cli/commands/MiscellaneousCommands.java     |  18 +-
 .../internal/cli/commands/PDXCommands.java      |   4 +-
 .../internal/cli/commands/QueueCommands.java    |   2 +-
 .../internal/cli/commands/StatusCommands.java   |   2 +-
 .../security/AllCliCommandsSecurityTest.java    | 178 +++++++++++++++++++
 .../security/MiscCommandsSecurityTest.java      |  61 -------
 .../security/PDXCommandsSecurityTest.java       |  67 -------
 .../security/QueueCommandsSecurityTest.java     |  65 -------
 .../security/ShellCommandsSecurityTest.java     |  77 --------
 .../security/StatusCommandsSecurityTest.java    |  61 -------
 .../security/WanCommandsSecurityTest.java       | 113 ------------
 .../internal/security/cacheServer.json          |  14 +-
 16 files changed, 209 insertions(+), 467 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/65635fe4/geode-core/src/main/java/com/gemstone/gemfire/cache/operations/OperationContext.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/cache/operations/OperationContext.java b/geode-core/src/main/java/com/gemstone/gemfire/cache/operations/OperationContext.java
index f272fda..1708917 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/cache/operations/OperationContext.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/cache/operations/OperationContext.java
@@ -34,7 +34,7 @@ public abstract class OperationContext {
     ASYNC_EVENT_QUEUE,
     CLIENT,
     CLIENT_SERVER,
-    CLUSTER_CONFIGURTION,
+    CLUSTER_CONFIGURATION,
     CONTINUOUS_QUERY,
     DISKSTORE,
     DISTRIBUTED_SYSTEM,

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/65635fe4/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ConfigCommands.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ConfigCommands.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ConfigCommands.java
index 735b522..d5350e0 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ConfigCommands.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ConfigCommands.java
@@ -83,7 +83,7 @@ public class ConfigCommands implements CommandMarker {
 
   @CliCommand(value = { CliStrings.DESCRIBE_CONFIG }, help = CliStrings.DESCRIBE_CONFIG__HELP)
   @CliMetaData(shellOnly = false, relatedTopic = {CliStrings.TOPIC_GEMFIRE_CONFIG})
-  @ResourceOperation(resource = Resource.CLUSTER_CONFIGURTION, operation= OperationCode.LIST)
+  @ResourceOperation(resource = Resource.CLUSTER_CONFIGURATION, operation= OperationCode.LIST)
   public Result describeConfig(
       @CliOption (key = CliStrings.DESCRIBE_CONFIG__MEMBER,
       optionContext = ConverterHint.ALL_MEMBER_IDNAME,
@@ -197,7 +197,7 @@ public class ConfigCommands implements CommandMarker {
    */
   @CliCommand(value = { CliStrings.EXPORT_CONFIG }, help = CliStrings.EXPORT_CONFIG__HELP)
   @CliMetaData(interceptor = "com.gemstone.gemfire.management.internal.cli.commands.ConfigCommands$Interceptor", relatedTopic = {CliStrings.TOPIC_GEMFIRE_CONFIG})
-  @ResourceOperation(resource = Resource.CLUSTER_CONFIGURTION, operation = OperationCode.EXPORT)
+  @ResourceOperation(resource = Resource.CLUSTER_CONFIGURATION, operation = OperationCode.EXPORT)
   public Result exportConfig(
       @CliOption(key = { CliStrings.EXPORT_CONFIG__MEMBER },
                  optionContext = ConverterHint.ALL_MEMBER_IDNAME,

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/65635fe4/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DiskStoreCommands.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DiskStoreCommands.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DiskStoreCommands.java
index acf4c20..82eeaf4 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DiskStoreCommands.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DiskStoreCommands.java
@@ -215,7 +215,7 @@ public class DiskStoreCommands extends AbstractCommandsSupport {
 
   @CliCommand(value = CliStrings.LIST_DISK_STORE, help = CliStrings.LIST_DISK_STORE__HELP)
   @CliMetaData(shellOnly = false, relatedTopic = { CliStrings.TOPIC_GEMFIRE_DISKSTORE })
-  @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation = OperationCode.LIST)
+  @ResourceOperation(resource = Resource.DISKSTORE, operation = OperationCode.LIST)
   public Result listDiskStore() {
     try {
       Set<DistributedMember> dataMembers = getNormalMembers(getCache());
@@ -869,7 +869,7 @@ public class DiskStoreCommands extends AbstractCommandsSupport {
 
   @CliCommand(value = CliStrings.DESCRIBE_DISK_STORE, help = CliStrings.DESCRIBE_DISK_STORE__HELP)
   @CliMetaData(shellOnly = false, relatedTopic = { CliStrings.TOPIC_GEMFIRE_DISKSTORE })
-  @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation = OperationCode.LIST)
+  @ResourceOperation(resource = Resource.DISKSTORE, operation = OperationCode.LIST)
   public Result describeDiskStore(@CliOption(key = CliStrings.DESCRIBE_DISK_STORE__MEMBER, mandatory = true, optionContext = ConverterHint.MEMBERIDNAME, help = CliStrings.DESCRIBE_DISK_STORE__MEMBER__HELP)
                                   final String memberName,
                                   @CliOption(key = CliStrings.DESCRIBE_DISK_STORE__NAME, mandatory = true, optionContext = ConverterHint.DISKSTORE_ALL, help = CliStrings.DESCRIBE_DISK_STORE__NAME__HELP)

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/65635fe4/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ExportImportSharedConfigurationCommands.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ExportImportSharedConfigurationCommands.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ExportImportSharedConfigurationCommands.java
index 19b93cf..a5316d8 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ExportImportSharedConfigurationCommands.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ExportImportSharedConfigurationCommands.java
@@ -64,7 +64,7 @@ public class ExportImportSharedConfigurationCommands extends AbstractCommandsSup
 
   @CliCommand(value = { CliStrings.EXPORT_SHARED_CONFIG }, help = CliStrings.EXPORT_SHARED_CONFIG__HELP)
   @CliMetaData(interceptor = "com.gemstone.gemfire.management.internal.cli.commands.ExportImportSharedConfigurationCommands$ExportInterceptor",  readsSharedConfiguration=true, relatedTopic = {CliStrings.TOPIC_GEMFIRE_CONFIG})
-  @ResourceOperation(resource = Resource.CLUSTER_CONFIGURTION, operation = OperationCode.EXPORT)
+  @ResourceOperation(resource = Resource.CLUSTER_CONFIGURATION, operation = OperationCode.EXPORT)
   public Result exportSharedConfig(
       @CliOption(key = { CliStrings.EXPORT_SHARED_CONFIG__FILE}, 
       mandatory = true,
@@ -115,7 +115,7 @@ public class ExportImportSharedConfigurationCommands extends AbstractCommandsSup
 
   @CliCommand(value = { CliStrings.IMPORT_SHARED_CONFIG }, help = CliStrings.IMPORT_SHARED_CONFIG__HELP)
   @CliMetaData(interceptor = "com.gemstone.gemfire.management.internal.cli.commands.ExportImportSharedConfigurationCommands$ImportInterceptor", writesToSharedConfiguration=true, relatedTopic = {CliStrings.TOPIC_GEMFIRE_CONFIG})
-  @ResourceOperation(resource = Resource.CLUSTER_CONFIGURTION, operation = OperationCode.IMPORT)
+  @ResourceOperation(resource = Resource.CLUSTER_CONFIGURATION, operation = OperationCode.IMPORT)
   @SuppressWarnings("unchecked")
   public Result importSharedConfig(
       @CliOption(key = { CliStrings.IMPORT_SHARED_CONFIG__ZIP},

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/65635fe4/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/MiscellaneousCommands.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/MiscellaneousCommands.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/MiscellaneousCommands.java
index 00ebf94..632c719 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/MiscellaneousCommands.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/MiscellaneousCommands.java
@@ -185,7 +185,7 @@ public class MiscellaneousCommands implements CommandMarker {
   @CliCommand(value = CliStrings.SHUTDOWN, help = CliStrings.SHUTDOWN__HELP)
   @CliMetaData(relatedTopic = { CliStrings.TOPIC_GEMFIRE_LIFECYCLE },
       interceptor = "com.gemstone.gemfire.management.internal.cli.commands.MiscellaneousCommands$Interceptor")
-  @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation = OperationCode.SHUTDOWN)
+  @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation = OperationCode.MANAGE)
   public Result shutdown(
       @CliOption(key = CliStrings.SHUTDOWN__TIMEOUT, unspecifiedDefaultValue = DEFAULT_TIME_OUT,
           help = CliStrings.SHUTDOWN__TIMEOUT__HELP) int userSpecifiedTimeout,
@@ -326,7 +326,7 @@ public class MiscellaneousCommands implements CommandMarker {
 
   @CliCommand(value = CliStrings.GC, help = CliStrings.GC__HELP)
   @CliMetaData(relatedTopic = { CliStrings.TOPIC_GEMFIRE_DEBUG_UTIL })
-  @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation = OperationCode.GC)
+  @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation = OperationCode.MANAGE)
   public Result gc(
       @CliOption(key = CliStrings.GC__GROUP, unspecifiedDefaultValue = CliMetaData.ANNOTATION_NULL_VALUE, help = CliStrings.GC__GROUP__HELP)
       String[] groups,
@@ -417,7 +417,7 @@ public class MiscellaneousCommands implements CommandMarker {
 
   @CliCommand(value = CliStrings.NETSTAT, help = CliStrings.NETSTAT__HELP)
   @CliMetaData(relatedTopic = { CliStrings.TOPIC_GEMFIRE_DEBUG_UTIL })
-  @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation = OperationCode.NETSTAT)
+  @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation = OperationCode.MANAGE)
   //TODO : Verify the auto-completion for multiple values.
   public Result netstat(
       @CliOption(key = CliStrings.NETSTAT__MEMBER,
@@ -571,7 +571,7 @@ public class MiscellaneousCommands implements CommandMarker {
 
   @CliCommand(value = CliStrings.SHOW_DEADLOCK, help = CliStrings.SHOW_DEADLOCK__HELP)
   @CliMetaData(shellOnly = false, relatedTopic = { CliStrings.TOPIC_GEMFIRE_DEBUG_UTIL })
-  @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation = OperationCode.SHOW_DEADLOCKS)
+  @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation = OperationCode.LIST)
   public Result showDeadlock(
       @CliOption(key = CliStrings.SHOW_DEADLOCK__DEPENDENCIES__FILE,
       help = CliStrings.SHOW_DEADLOCK__DEPENDENCIES__FILE__HELP,
@@ -621,7 +621,7 @@ public class MiscellaneousCommands implements CommandMarker {
 
   @CliCommand(value = CliStrings.SHOW_LOG, help = CliStrings.SHOW_LOG_HELP)
   @CliMetaData(shellOnly = false, relatedTopic = { CliStrings.TOPIC_GEMFIRE_DEBUG_UTIL })
-  @ResourceOperation(resource = Resource.MEMBER, operation = OperationCode.SHOW_LOG)
+  @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation = OperationCode.LIST)
   public Result showLog(
       @CliOption(key = CliStrings.SHOW_LOG_MEMBER, optionContext = ConverterHint.ALL_MEMBER_IDNAME, unspecifiedDefaultValue = CliMetaData.ANNOTATION_NULL_VALUE, help = CliStrings.SHOW_LOG_MEMBER_HELP, mandatory = true) String memberNameOrId,
       @CliOption(key = CliStrings.SHOW_LOG_LINE_NUM, unspecifiedDefaultValue = "0", help = CliStrings.SHOW_LOG_LINE_NUM_HELP, mandatory = false) int numberOfLines) {
@@ -769,7 +769,7 @@ public class MiscellaneousCommands implements CommandMarker {
   }
   @CliCommand(value = CliStrings.EXPORT_LOGS, help = CliStrings.EXPORT_LOGS__HELP)
   @CliMetaData(shellOnly = false, relatedTopic = { CliStrings.TOPIC_GEMFIRE_SERVER, CliStrings.TOPIC_GEMFIRE_DEBUG_UTIL })
-  @ResourceOperation(resource = Resource.MEMBER, operation = OperationCode.EXPORT_LOGS)
+  @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation = OperationCode.LIST)
   public Result exportLogs(
       @CliOption(key = CliStrings.EXPORT_LOGS__DIR,
           help = CliStrings.EXPORT_LOGS__DIR__HELP, mandatory=true) String dirName,
@@ -991,7 +991,7 @@ public class MiscellaneousCommands implements CommandMarker {
    */
   @CliCommand(value = CliStrings.EXPORT_STACKTRACE, help = CliStrings.EXPORT_STACKTRACE__HELP)
   @CliMetaData(shellOnly = false, relatedTopic = { CliStrings.TOPIC_GEMFIRE_DEBUG_UTIL })
-  @ResourceOperation(resource = Resource.MEMBER, operation = OperationCode.EXPORT_STACKTRACE)
+  @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation = OperationCode.LIST)
   public Result exportStackTrace(
       @CliOption(key = CliStrings.EXPORT_STACKTRACE__MEMBER,
       optionContext = ConverterHint.ALL_MEMBER_IDNAME,
@@ -1092,7 +1092,7 @@ public class MiscellaneousCommands implements CommandMarker {
 
   @CliCommand(value = CliStrings.SHOW_METRICS, help = CliStrings.SHOW_METRICS__HELP)
   @CliMetaData(shellOnly = false, relatedTopic = { CliStrings.TOPIC_GEMFIRE_STATISTICS })
-  @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation= OperationCode.SHOW_METRICS)
+  @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation= OperationCode.LIST)
   public Result showMetrics(
       @CliOption(key = { CliStrings.SHOW_METRICS__MEMBER }, optionContext = ConverterHint.ALL_MEMBER_IDNAME, help = CliStrings.SHOW_METRICS__MEMBER__HELP) String memberNameOrId,
       @CliOption(key = { CliStrings.SHOW_METRICS__REGION }, optionContext = ConverterHint.REGIONPATH, help = CliStrings.SHOW_METRICS__REGION__HELP) String regionName,
@@ -1996,7 +1996,7 @@ public class MiscellaneousCommands implements CommandMarker {
   
   @CliCommand(value = CliStrings.CHANGE_LOGLEVEL, help = CliStrings.CHANGE_LOGLEVEL__HELP)
   @CliMetaData(relatedTopic = { CliStrings.TOPIC_CHANGELOGLEVEL })
-  @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation = OperationCode.ALTER_RUNTIME)
+  @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation = OperationCode.MANAGE)
   public Result changeLogLevel(
       @CliOption(key = CliStrings.CHANGE_LOGLEVEL__MEMBER, unspecifiedDefaultValue = "", help = CliStrings.CHANGE_LOGLEVEL__MEMBER__HELP) String[] memberIds, 
       @CliOption(key = CliStrings.CHANGE_LOGLEVEL__GROUPS, unspecifiedDefaultValue = "", help = CliStrings.CHANGE_LOGLEVEL__GROUPS__HELP) String[] grps,

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/65635fe4/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/PDXCommands.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/PDXCommands.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/PDXCommands.java
index d4b709b..1c3dd84 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/PDXCommands.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/PDXCommands.java
@@ -53,7 +53,7 @@ public class PDXCommands extends AbstractCommandsSupport{
 
   @CliCommand (value = CliStrings.CONFIGURE_PDX, help = CliStrings.CONFIGURE_PDX__HELP)
   @CliMetaData (relatedTopic = CliStrings.TOPIC_GEMFIRE_REGION, writesToSharedConfiguration = true)
-  @ResourceOperation( resource=Resource.PDX, operation = OperationCode.CONFIGURE)
+  @ResourceOperation( resource=Resource.PDX, operation = OperationCode.MANAGE)
   public Result configurePDX(
       @CliOption (key = CliStrings.CONFIGURE_PDX__READ__SERIALIZED,
       unspecifiedDefaultValue = CliMetaData.ANNOTATION_NULL_VALUE,
@@ -175,7 +175,7 @@ public class PDXCommands extends AbstractCommandsSupport{
 
   @CliCommand (value = CliStrings.PDX_RENAME, help = CliStrings.PDX_RENAME__HELP)
   @CliMetaData(shellOnly=true, relatedTopic={CliStrings.TOPIC_GEMFIRE_DISKSTORE})
-  @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation = OperationCode.RENAME)
+  @ResourceOperation(resource = Resource.PDX, operation = OperationCode.MANAGE)
   public Result pdxRename(
       @CliOption (key = CliStrings.PDX_RENAME_OLD,
       mandatory=true,

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/65635fe4/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/QueueCommands.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/QueueCommands.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/QueueCommands.java
index 1693a37..f77c4c0 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/QueueCommands.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/QueueCommands.java
@@ -62,7 +62,7 @@ public class QueueCommands implements CommandMarker {
 
   @CliCommand(value = CliStrings.CREATE_ASYNC_EVENT_QUEUE, help = CliStrings.CREATE_ASYNC_EVENT_QUEUE__HELP)
   @CliMetaData(writesToSharedConfiguration = true)
-  @ResourceOperation(resource = Resource.ASYNC_EVENT_QUEUE, operation = OperationCode.CREATE)
+  @ResourceOperation(resource = Resource.ASYNC_EVENT_QUEUE, operation = OperationCode.MANAGE)
   public Result createAsyncEventQueue(
       @CliOption(key = CliStrings.CREATE_ASYNC_EVENT_QUEUE__ID, 
                  mandatory = true,

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/65635fe4/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/StatusCommands.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/StatusCommands.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/StatusCommands.java
index cab80fe..2671ba4 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/StatusCommands.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/StatusCommands.java
@@ -48,7 +48,7 @@ public class StatusCommands extends AbstractCommandsSupport implements CommandMa
   @SuppressWarnings("unchecked")
   @CliCommand (value = CliStrings.STATUS_SHARED_CONFIG, help = CliStrings.STATUS_SHARED_CONFIG_HELP)
   @CliMetaData (relatedTopic = CliStrings.TOPIC_GEMFIRE_LOCATOR)
-  @ResourceOperation(resource = Resource.CLUSTER_CONFIGURTION, operation = OperationCode.STATUS)
+  @ResourceOperation(resource = Resource.CLUSTER_CONFIGURATION, operation = OperationCode.STATUS)
   public Result statusSharedConfiguration() {
     final GemFireCacheImpl cache = GemFireCacheImpl.getInstance();
     final Set<DistributedMember> locators = new HashSet<DistributedMember>(cache.getDistributionManager().getAllHostedLocatorsWithSharedConfiguration().keySet());

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/65635fe4/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/AllCliCommandsSecurityTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/AllCliCommandsSecurityTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/AllCliCommandsSecurityTest.java
new file mode 100644
index 0000000..99364a4
--- /dev/null
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/AllCliCommandsSecurityTest.java
@@ -0,0 +1,178 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.management.internal.security;
+
+import com.gemstone.gemfire.cache.operations.OperationContext.OperationCode;
+import com.gemstone.gemfire.cache.operations.OperationContext.Resource;
+import com.gemstone.gemfire.internal.AvailablePort;
+import com.gemstone.gemfire.management.MemberMXBean;
+import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
+import org.junit.Before;
+import org.junit.ClassRule;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.junit.Assert.assertNull;
+
+@Category(IntegrationTest.class)
+public class AllCliCommandsSecurityTest {
+  private static int jmxManagerPort = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET);
+
+  private MemberMXBean bean;
+
+  private static class Permission {
+    private final Resource resource;
+    private final OperationCode operationCode;
+
+    Permission(Resource resource, OperationCode operationCode) {
+      this.resource = resource;
+      this.operationCode = operationCode;
+    }
+
+    @Override
+    public String toString() {
+      String result = resource.toString() + ":" + operationCode.toString();
+      return result;
+    }
+  }
+
+  private static final Permission ASYNC_EVENT_QUEUE_MANAGE = new Permission(Resource.ASYNC_EVENT_QUEUE, OperationCode.MANAGE);
+  private static final Permission ASYNC_EVENT_QUEUE_LIST = new Permission(Resource.ASYNC_EVENT_QUEUE, OperationCode.LIST);
+  private static final Permission CLUSTER_CONFIGURATION_STATUS = new Permission(Resource.CLUSTER_CONFIGURATION, OperationCode.STATUS);
+  private static final Permission DISKSTORE_MANAGE = new Permission(Resource.DISKSTORE, OperationCode.MANAGE);
+  private static final Permission DISKSTORE_LIST = new Permission(Resource.DISKSTORE, OperationCode.LIST);
+  private static final Permission DISTRIBUTED_SYSTEM_ALL = new Permission(Resource.DISTRIBUTED_SYSTEM, OperationCode.ALL);
+  private static final Permission DISTRIBUTED_SYSTEM_LIST = new Permission(Resource.DISTRIBUTED_SYSTEM, OperationCode.LIST);
+  private static final Permission DISTRIBUTED_SYSTEM_MANAGE = new Permission(Resource.DISTRIBUTED_SYSTEM, OperationCode.MANAGE);
+  private static final Permission GATEWAY_MANAGE = new Permission(Resource.GATEWAY, OperationCode.MANAGE);
+  private static final Permission GATEWAY_LIST = new Permission(Resource.GATEWAY, OperationCode.LIST);
+  private static final Permission PDX_MANAGE = new Permission(Resource.PDX, OperationCode.MANAGE);
+
+  private Map<String, Permission> commandPermission = new HashMap<>();
+
+
+  public AllCliCommandsSecurityTest() {
+
+    // Config Commands
+    commandPermission.put("status cluster-config-service", CLUSTER_CONFIGURATION_STATUS);
+
+    // Diskstore Commands
+    commandPermission.put("backup disk-store --dir=foo", DISKSTORE_MANAGE);
+    commandPermission.put("list disk-stores", DISKSTORE_LIST);
+    commandPermission.put("create disk-store --name=foo --dir=bar", DISKSTORE_MANAGE);
+    commandPermission.put("compact disk-store --name=foo", DISKSTORE_MANAGE);
+    commandPermission.put("compact offline-disk-store --name=foo --disk-dirs=bar", DISKSTORE_MANAGE);
+    commandPermission.put("upgrade offline-disk-store --name=foo --disk-dirs=bar", DISKSTORE_MANAGE);
+    commandPermission.put("describe disk-store --name=foo --member=baz", DISKSTORE_LIST);
+    commandPermission.put("revoke missing-disk-store --id=foo", DISKSTORE_MANAGE);
+    commandPermission.put("show missing-disk-stores", DISKSTORE_MANAGE);
+    commandPermission.put("describe offline-disk-store --name=foo --disk-dirs=bar", DISKSTORE_LIST);
+    commandPermission.put("export offline-disk-store --name=foo --disk-dirs=bar --dir=baz", DISKSTORE_MANAGE);
+    commandPermission.put("validate offline-disk-store --name=foo --disk-dirs=bar", DISKSTORE_MANAGE);
+//    commandPermission.put("alter offline-disk-store --name=foo --region=xyz --disk-dirs=bar", DISKSTORE_MANAGE);
+    commandPermission.put("destroy disk-store --name=foo", DISKSTORE_MANAGE);
+
+    // Misc Commands
+    commandPermission.put("change loglevel --loglevel=severe --member=server1", DISTRIBUTED_SYSTEM_MANAGE);
+    commandPermission.put("export logs --dir=data/logs", DISTRIBUTED_SYSTEM_LIST);
+    commandPermission.put("export stack-traces --file=stack.txt", DISTRIBUTED_SYSTEM_LIST);
+    commandPermission.put("gc", DISTRIBUTED_SYSTEM_MANAGE);
+    commandPermission.put("netstat --member=server1", DISTRIBUTED_SYSTEM_MANAGE);
+    commandPermission.put("show dead-locks --file=deadlocks.txt", DISTRIBUTED_SYSTEM_LIST);
+    commandPermission.put("show log --member=locator1 --lines=5", DISTRIBUTED_SYSTEM_LIST);
+    commandPermission.put("show metrics", DISTRIBUTED_SYSTEM_LIST);
+//    commandPermission.put("shutdown", DISTRIBUTED_SYSTEM_MANAGE);
+
+    // PDX Commands
+    commandPermission.put("configure pdx --read-serialized=true", PDX_MANAGE);
+    commandPermission.put("pdx rename --old=com.gemstone --new=com.pivotal --disk-store=ds1 --disk-dirs=/diskDir1", PDX_MANAGE);
+
+    // Queue Commands
+    commandPermission.put("create async-event-queue --id=myAEQ --listener=myApp.myListener", ASYNC_EVENT_QUEUE_MANAGE);
+    commandPermission.put("list async-event-queues", ASYNC_EVENT_QUEUE_LIST);
+
+    // Shell Commands
+    commandPermission.put("connect", DISTRIBUTED_SYSTEM_ALL);
+    commandPermission.put("debug --state=on", DISTRIBUTED_SYSTEM_ALL);
+    commandPermission.put("describe connection", DISTRIBUTED_SYSTEM_ALL);
+    commandPermission.put("echo --string=\"Hello World!\"", DISTRIBUTED_SYSTEM_ALL);
+    commandPermission.put("encrypt password --password=value", DISTRIBUTED_SYSTEM_ALL);
+    commandPermission.put("version", DISTRIBUTED_SYSTEM_ALL);
+    commandPermission.put("sleep", DISTRIBUTED_SYSTEM_ALL);
+    commandPermission.put("sh ls", DISTRIBUTED_SYSTEM_ALL);
+    commandPermission.put("disconnect", DISTRIBUTED_SYSTEM_ALL);
+
+    // WAN Commands
+    commandPermission.put("create gateway-sender --id=sender1 --remote-distributed-system-id=2", GATEWAY_MANAGE);
+    commandPermission.put("start gateway-sender --id=sender1", GATEWAY_MANAGE);
+    commandPermission.put("pause gateway-sender --id=sender1", GATEWAY_MANAGE);
+    commandPermission.put("resume gateway-sender --id=sender1", GATEWAY_MANAGE);
+    commandPermission.put("stop gateway-sender --id=sender1", GATEWAY_MANAGE);
+    commandPermission.put("load-balance gateway-sender --id=sender1", GATEWAY_MANAGE);
+    commandPermission.put("list gateways", GATEWAY_LIST);
+    commandPermission.put("create gateway-receiver", GATEWAY_MANAGE);
+    commandPermission.put("start gateway-receiver", GATEWAY_MANAGE);
+    commandPermission.put("stop gateway-receiver", GATEWAY_MANAGE);
+    commandPermission.put("status gateway-receiver", GATEWAY_LIST);
+  }
+
+  @ClassRule
+  public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule(
+      jmxManagerPort, "cacheServer.json");
+
+  @Rule
+  public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort);
+
+  @Before
+  public void setUp() throws Exception {
+    bean = connectionRule.getProxyMBean(MemberMXBean.class);
+  }
+
+  @Test
+  @JMXConnectionConfiguration(user = "adminUser", password = "1234567")
+  public void testAdminUser() throws Exception {
+    for (String cmd : commandPermission.keySet()) {
+      try {
+        bean.processCommand(cmd);
+      } catch (Throwable t) {
+        assertNull(String.format("Error evaluating command: '%s'", cmd), t);
+      }
+    }
+  }
+
+  // dataUser has all the permissions granted, but not to region2 (only to region1)
+  @Test
+  @JMXConnectionConfiguration(user = "dataUser", password = "1234567")
+  public void testNoAccess(){
+    for (Map.Entry<String, Permission> e : commandPermission.entrySet()) {
+      try {
+        assertThatThrownBy(() -> bean.processCommand(e.getKey()))
+            .hasMessageStartingWith("Access Denied: Not authorized for " + e.getValue())
+            .isInstanceOf(SecurityException.class);
+      } catch (Throwable t) {
+        assertNull(String.format("Command should have failed: '%s'", e.getKey(), t));
+      }
+    }
+
+  }
+
+}

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/65635fe4/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MiscCommandsSecurityTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MiscCommandsSecurityTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MiscCommandsSecurityTest.java
deleted file mode 100644
index 65eb801..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MiscCommandsSecurityTest.java
+++ /dev/null
@@ -1,61 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.management.internal.security;
-
-import com.gemstone.gemfire.internal.AvailablePort;
-import com.gemstone.gemfire.management.MemberMXBean;
-import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
-import org.junit.Before;
-import org.junit.ClassRule;
-import org.junit.Rule;
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-
-@Category(IntegrationTest.class)
-public class MiscCommandsSecurityTest {
-  private static int jmxManagerPort = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET);
-
-  private MemberMXBean bean;
-
-  @ClassRule
-  public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule(
-      jmxManagerPort, "cacheServer.json");
-
-  @Rule
-  public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort);
-
-  @Before
-  public void setUp() throws Exception {
-    bean = connectionRule.getProxyMBean(MemberMXBean.class);
-  }
-
-  private static String[] commands = {};
-
-  @JMXConnectionConfiguration(user = "superuser", password = "1234567")
-  @Test
-  public void testAllAccess(){
-    bean.processCommand("change loglevel --loglevel=severe --members=server1");
-    bean.processCommand("export logs --dir=data/logs");
-    bean.processCommand("export stack-traces --file=stack.txt");
-    bean.processCommand("gc");
-    bean.processCommand("netstat --member=server1");
-    bean.processCommand("show dead-locks --file=deadlocks.txt");
-    bean.processCommand("show log --member=locator1 --lines=5");
-    bean.processCommand("show metrics");
-    bean.processCommand("shutdown");
-  }
-}

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/65635fe4/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/PDXCommandsSecurityTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/PDXCommandsSecurityTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/PDXCommandsSecurityTest.java
deleted file mode 100644
index 721f29d..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/PDXCommandsSecurityTest.java
+++ /dev/null
@@ -1,67 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.management.internal.security;
-
-import com.gemstone.gemfire.internal.AvailablePort;
-import com.gemstone.gemfire.management.MemberMXBean;
-import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
-import org.junit.Before;
-import org.junit.ClassRule;
-import org.junit.Rule;
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
-
-@Category(IntegrationTest.class)
-public class PDXCommandsSecurityTest {
-  private static int jmxManagerPort = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET);
-
-  private MemberMXBean bean;
-
-  @ClassRule
-  public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule(
-      jmxManagerPort, "cacheServer.json");
-
-  @Rule
-  public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort);
-
-  @Before
-  public void setUp() throws Exception {
-    bean = connectionRule.getProxyMBean(MemberMXBean.class);
-  }
-
-  @JMXConnectionConfiguration(user = "superuser", password = "1234567")
-  @Test
-  public void testAllAccess(){
-    bean.processCommand("configure pdx --read-serialized=true");
-    bean.processCommand("pdx rename --old=com.gemstone --new=com.pivotal --disk-store=ds1 --disk-dirs=/diskDir1");
-  }
-
-  // stranger has no permission granted
-  @JMXConnectionConfiguration(user = "stranger", password = "1234567")
-  @Test
-  public void testNoAccess(){
-    assertThatThrownBy(() -> bean.processCommand("configure pdx --read-serialized=true"))
-        .isInstanceOf(SecurityException.class)
-        .hasMessageContaining("PDX:CONFIGURE");
-    assertThatThrownBy(() -> bean.processCommand("pdx rename --old=com.gemstone --new=com.pivotal --disk-store=ds1 --disk-dirs=/diskDir1"))
-        .isInstanceOf(SecurityException.class)
-        .hasMessageContaining("DISTRIBUTED_SYSTEM:RENAME");
-  }
-
-}

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/65635fe4/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/QueueCommandsSecurityTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/QueueCommandsSecurityTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/QueueCommandsSecurityTest.java
deleted file mode 100644
index e9baa41..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/QueueCommandsSecurityTest.java
+++ /dev/null
@@ -1,65 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.management.internal.security;
-
-import com.gemstone.gemfire.internal.AvailablePort;
-import com.gemstone.gemfire.management.MemberMXBean;
-import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
-import org.junit.Before;
-import org.junit.ClassRule;
-import org.junit.Rule;
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
-
-@Category(IntegrationTest.class)
-public class QueueCommandsSecurityTest {
-  private static int jmxManagerPort = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET);
-
-  private MemberMXBean bean;
-
-  @ClassRule
-  public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule(
-      jmxManagerPort, "cacheServer.json");
-
-  @Rule
-  public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort);
-
-  @Before
-  public void setUp() throws Exception {
-    bean = connectionRule.getProxyMBean(MemberMXBean.class);
-  }
-
-  @JMXConnectionConfiguration(user = "superuser", password = "1234567")
-  @Test
-  public void testAllAccess(){
-    bean.processCommand("create async-event-queue --id=myAEQ --listener=myApp.myListener");
-    bean.processCommand("list async-event-queues");
-  }
-
-  // stranger has no permission granted
-  @JMXConnectionConfiguration(user = "stranger", password = "1234567")
-  @Test
-  public void testNoAccess(){
-    assertThatThrownBy(() -> bean.processCommand("create async-event-queue --id=myAEQ --listener=myApp.myListener"))
-        .isInstanceOf(SecurityException.class).hasMessageContaining("ASYNC_EVENT_QUEUE:CREATE");
-    assertThatThrownBy(() -> bean.processCommand("list async-event-queues"))
-        .isInstanceOf(SecurityException.class).hasMessageContaining("ASYNC_EVENT_QUEUE:LIST");
-  }
-
-}

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/65635fe4/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/ShellCommandsSecurityTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/ShellCommandsSecurityTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/ShellCommandsSecurityTest.java
deleted file mode 100644
index 4d08d1a..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/ShellCommandsSecurityTest.java
+++ /dev/null
@@ -1,77 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.management.internal.security;
-
-import com.gemstone.gemfire.internal.AvailablePort;
-import com.gemstone.gemfire.management.MemberMXBean;
-import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
-import org.junit.Before;
-import org.junit.ClassRule;
-import org.junit.Rule;
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
-
-@Category(IntegrationTest.class)
-public class ShellCommandsSecurityTest {
-  private static int jmxManagerPort = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET);
-
-  private MemberMXBean bean;
-
-  @ClassRule
-  public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule(
-      jmxManagerPort, "cacheServer.json");
-
-  @Rule
-  public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort);
-
-  @Before
-  public void setUp() throws Exception {
-    bean = connectionRule.getProxyMBean(MemberMXBean.class);
-  }
-
-  @JMXConnectionConfiguration(user = "superuser", password = "1234567")
-  @Test
-  public void testAllAccess(){
-    bean.processCommand("connect");
-    bean.processCommand("debug --state=on");
-    bean.processCommand("describe connection");
-    bean.processCommand("echo --string=\"Hello World!\"");
-    bean.processCommand("encrypt password --password=value");
-    bean.processCommand("version");
-    bean.processCommand("sleep");
-    bean.processCommand("sh ls");
-    bean.processCommand("disconnect");
-  }
-
-  // stranger has no permission granted
-  @JMXConnectionConfiguration(user = "stranger", password = "1234567")
-  @Test
-  public void testNoAccess(){
-    assertThatThrownBy(() -> bean.processCommand("connect")).isInstanceOf(SecurityException.class).hasMessageContaining("DISTRIBUTED_SYSTEM:ALL");
-    assertThatThrownBy(() -> bean.processCommand("debug --state=on")).isInstanceOf(SecurityException.class).hasMessageContaining("DISTRIBUTED_SYSTEM:ALL");
-    assertThatThrownBy(() -> bean.processCommand("describe connection")).isInstanceOf(SecurityException.class).hasMessageContaining("DISTRIBUTED_SYSTEM:ALL");
-    assertThatThrownBy(() -> bean.processCommand("disconnect")).isInstanceOf(SecurityException.class).hasMessageContaining("DISTRIBUTED_SYSTEM:ALL");
-    assertThatThrownBy(() -> bean.processCommand("echo --string=\"Hello World!\"")).isInstanceOf(SecurityException.class).hasMessageContaining("DISTRIBUTED_SYSTEM:ALL");
-    assertThatThrownBy(() -> bean.processCommand("encrypt password --password=value")).isInstanceOf(SecurityException.class).hasMessageContaining("DISTRIBUTED_SYSTEM:ALL");
-    assertThatThrownBy(() -> bean.processCommand("version")).isInstanceOf(SecurityException.class).hasMessageContaining("DISTRIBUTED_SYSTEM:ALL");
-    assertThatThrownBy(() -> bean.processCommand("sleep")).isInstanceOf(SecurityException.class).hasMessageContaining("DISTRIBUTED_SYSTEM:ALL");
-    assertThatThrownBy(() -> bean.processCommand("sh ls")).isInstanceOf(SecurityException.class).hasMessageContaining("DISTRIBUTED_SYSTEM:ALL");
-  }
-
-}

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/65635fe4/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/StatusCommandsSecurityTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/StatusCommandsSecurityTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/StatusCommandsSecurityTest.java
deleted file mode 100644
index 10101dd..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/StatusCommandsSecurityTest.java
+++ /dev/null
@@ -1,61 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.management.internal.security;
-
-import com.gemstone.gemfire.internal.AvailablePort;
-import com.gemstone.gemfire.management.MemberMXBean;
-import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
-import org.junit.Before;
-import org.junit.ClassRule;
-import org.junit.Rule;
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
-
-@Category(IntegrationTest.class)
-public class StatusCommandsSecurityTest {
-  private static int jmxManagerPort = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET);
-
-  private MemberMXBean bean;
-
-  @ClassRule
-  public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule(
-      jmxManagerPort, "cacheServer.json");
-
-  @Rule
-  public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort);
-
-  @Before
-  public void setUp() throws Exception {
-    bean = connectionRule.getProxyMBean(MemberMXBean.class);
-  }
-
-  @JMXConnectionConfiguration(user = "superuser", password = "1234567")
-  @Test
-  public void testAllAccess(){
-    bean.processCommand("status cluster-config-service");
-  }
-
-  // stranger has no permission granted
-  @JMXConnectionConfiguration(user = "stranger", password = "1234567")
-  @Test
-  public void testNoAccess(){
-    assertThatThrownBy(() -> bean.processCommand("status cluster-config-service")).isInstanceOf(SecurityException.class).hasMessageContaining("CLUSTER_CONFIGURTION:STATUS");
-  }
-
-}

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/65635fe4/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/WanCommandsSecurityTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/WanCommandsSecurityTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/WanCommandsSecurityTest.java
deleted file mode 100644
index 8c73e8a..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/WanCommandsSecurityTest.java
+++ /dev/null
@@ -1,113 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.management.internal.security;
-
-import com.gemstone.gemfire.internal.AvailablePort;
-import com.gemstone.gemfire.management.MemberMXBean;
-import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
-import org.junit.Before;
-import org.junit.ClassRule;
-import org.junit.Rule;
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
-
-@Category(IntegrationTest.class)
-public class WanCommandsSecurityTest {
-  private static int jmxManagerPort = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET);
-
-  private MemberMXBean bean;
-
-  @ClassRule
-  public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule(
-      jmxManagerPort, "cacheServer.json");
-
-  @Rule
-  public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort);
-
-  @Before
-  public void setUp() throws Exception {
-    bean = connectionRule.getProxyMBean(MemberMXBean.class);
-  }
-
-  @Test
-  @JMXConnectionConfiguration(user = "adminUser", password = "1234567")
-  public void testAdminUser() throws Exception {
-    bean.processCommand("create gateway-sender --id=sender1 --remote-distributed-system-id=2");
-    bean.processCommand("start gateway-sender --id=sender1");
-    bean.processCommand("pause gateway-sender --id=sender1");
-    bean.processCommand("resume gateway-sender --id=sender1");
-    bean.processCommand("stop gateway-sender --id=sender1");
-    bean.processCommand("load-balance gateway-sender --id=sender1");
-    bean.processCommand("list gateways");
-    bean.processCommand("create gateway-receiver");
-    bean.processCommand("start gateway-receiver");
-    bean.processCommand("stop gateway-receiver");
-    bean.processCommand("status gateway-receiver");
-  }
-
-  // dataUser has all the permissions granted, but not to region2 (only to region1)
-  @Test
-  @JMXConnectionConfiguration(user = "dataUser", password = "1234567")
-  public void testNoAccess(){
-    assertThatThrownBy(() -> bean.processCommand("create gateway-sender --id=sender1 --remote-distributed-system-id=2"))
-        .isInstanceOf(SecurityException.class)
-        .hasMessageStartingWith("Access Denied: Not authorized for GATEWAY:MANAGE");
-
-    assertThatThrownBy(() -> bean.processCommand("start gateway-sender --id=sender1"))
-        .isInstanceOf(SecurityException.class)
-        .hasMessageStartingWith("Access Denied: Not authorized for GATEWAY:MANAGE");
-
-    assertThatThrownBy(() -> bean.processCommand("pause gateway-sender --id=sender1"))
-        .isInstanceOf(SecurityException.class)
-        .hasMessageStartingWith("Access Denied: Not authorized for GATEWAY:MANAGE");
-
-    assertThatThrownBy(() -> bean.processCommand("resume gateway-sender --id=sender1"))
-        .isInstanceOf(SecurityException.class)
-        .hasMessageStartingWith("Access Denied: Not authorized for GATEWAY:MANAGE");
-
-    assertThatThrownBy(() -> bean.processCommand("stop gateway-sender --id=sender1"))
-        .isInstanceOf(SecurityException.class)
-        .hasMessageStartingWith("Access Denied: Not authorized for GATEWAY:MANAGE");
-
-    assertThatThrownBy(() -> bean.processCommand("load-balance gateway-sender --id=sender1"))
-        .isInstanceOf(SecurityException.class)
-        .hasMessageStartingWith("Access Denied: Not authorized for GATEWAY:MANAGE");
-
-    assertThatThrownBy(() -> bean.processCommand("list gateways"))
-        .isInstanceOf(SecurityException.class)
-        .hasMessageStartingWith("Access Denied: Not authorized for GATEWAY:LIST");
-
-    assertThatThrownBy(() -> bean.processCommand("create gateway-receiver"))
-        .isInstanceOf(SecurityException.class)
-        .hasMessageStartingWith("Access Denied: Not authorized for GATEWAY:MANAGE");
-
-    assertThatThrownBy(() -> bean.processCommand("start gateway-receiver"))
-        .isInstanceOf(SecurityException.class)
-        .hasMessageStartingWith("Access Denied: Not authorized for GATEWAY:MANAGE");
-
-    assertThatThrownBy(() -> bean.processCommand("stop gateway-receiver"))
-        .isInstanceOf(SecurityException.class)
-        .hasMessageStartingWith("Access Denied: Not authorized for GATEWAY:MANAGE");
-
-    assertThatThrownBy(() -> bean.processCommand("status gateway-receiver"))
-        .isInstanceOf(SecurityException.class)
-        .hasMessageStartingWith("Access Denied: Not authorized for GATEWAY:LIST");
-  }
-
-}

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/65635fe4/geode-core/src/test/resources/com/gemstone/gemfire/management/internal/security/cacheServer.json
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/com/gemstone/gemfire/management/internal/security/cacheServer.json b/geode-core/src/test/resources/com/gemstone/gemfire/management/internal/security/cacheServer.json
index 0f8df37..dc613e0 100644
--- a/geode-core/src/test/resources/com/gemstone/gemfire/management/internal/security/cacheServer.json
+++ b/geode-core/src/test/resources/com/gemstone/gemfire/management/internal/security/cacheServer.json
@@ -3,8 +3,17 @@
     {
       "name": "admin",
       "operationsAllowed": [
+        "ASYNC_EVENT_QUEUE:LIST",
+        "ASYNC_EVENT_QUEUE:MANAGE",
+        "CLUSTER_CONFIGURATION:STATUS",
+        "DISKSTORE:LIST",
+        "DISKSTORE:MANAGE",
+        "DISTRIBUTED_SYSTEM:ALL",
+        "DISTRIBUTED_SYSTEM:LIST",
+        "DISTRIBUTED_SYSTEM:MANAGE",
         "GATEWAY:LIST",
-        "GATEWAY:MANAGE"
+        "GATEWAY:MANAGE",
+        "PDX:MANAGE"
       ]
     },
     {
@@ -43,7 +52,7 @@
         "MANAGER:SET_PULSE_URL",
         "MANAGER:START",
         "MANAGER:STOP",
-        "CLUSTER_CONFIGURTION:STATUS",
+        "CLUSTER_CONFIGURATION:STATUS",
         "DISTRIBUTED_SYSTEM:ALL",
         "DISTRIBUTED_SYSTEM:RENAME",
         "DISTRIBUTED_SYSTEM:GC",
@@ -72,7 +81,6 @@
     {
       "name": "dataUsers",
       "operationsAllowed": [
-        "DISTRIBUTED_SYSTEM:LIST",
         "REGION:GET",
         "REGION:REBALANCE",
         "REGION:EXPORT",


Mime
View raw message