geode-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kl...@apache.org
Subject [2/2] incubator-geode git commit: GEODE-1673: fail start if security.json cannot be found
Date Mon, 25 Jul 2016 18:11:27 GMT
GEODE-1673: fail start if security.json cannot be found

* collapse JSONAuthorization into SampleSecurityManager
* update SampleSecurityManager to support file, resource and string json
* cleanup security tests
* add SecurityTest category to security tests

This closes #212


Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/17ede315
Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/17ede315
Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/17ede315

Branch: refs/heads/develop
Commit: 17ede3150f726d0c2ab78d11cde94557ce562953
Parents: 7ca571c
Author: Grace Meilen <gmeilen@pivotal.io>
Authored: Mon Jul 25 11:04:12 2016 -0700
Committer: Kirk Lund <klund@pivotal.io>
Committed: Mon Jul 25 11:06:23 2016 -0700

----------------------------------------------------------------------
 .../internal/InternalDistributedSystem.java     |   2 +-
 .../gms/mgr/GMSMembershipManager.java           |   1 -
 .../internal/security/GeodeSecurityUtil.java    |  58 ++---
 .../security/shiro/CustomAuthRealm.java         |  17 +-
 .../apache/geode/security/GeodePermission.java  |  58 ++---
 .../apache/geode/security/SecurityManager.java  |   4 +-
 .../security/templates/SamplePostProcessor.java |   5 +-
 .../templates/SampleSecurityManager.java        | 261 +++++++++++--------
 .../internal/DistributionConfigJUnitTest.java   |   7 +-
 .../security/GeodeSecurityUtilTest.java         |  23 +-
 .../cli/commands/CliCommandTestBase.java        |  26 +-
 .../security/AccessControlMBeanJUnitTest.java   |  14 +-
 ...CacheServerMBeanAuthenticationJUnitTest.java |   7 +-
 .../CacheServerMBeanAuthorizationJUnitTest.java |  14 +-
 .../CacheServerMBeanShiroJUnitTest.java         |  12 +-
 .../security/CliCommandsSecurityTest.java       |   7 +-
 .../security/DataCommandsSecurityTest.java      |  17 +-
 .../DiskStoreMXBeanSecurityJUnitTest.java       |  14 +-
 .../GatewayReceiverMBeanSecurityTest.java       |  20 +-
 .../GatewaySenderMBeanSecurityTest.java         |  21 +-
 .../security/GeodePermissionJUnitTest.java      |   8 +-
 .../GeodeSecurityUtilCustomRealmJUnitTest.java  |  22 +-
 .../GeodeSecurityUtilWithIniFileJUnitTest.java  |  12 +-
 .../security/GfshCommandsPostProcessorTest.java |  18 +-
 .../security/GfshCommandsSecurityTest.java      |  18 +-
 .../JsonAuthorizationCacheStartRule.java        |  13 +-
 .../LockServiceMBeanAuthorizationJUnitTest.java |  20 +-
 .../security/MBeanSecurityJUnitTest.java        |  50 ++--
 .../security/MBeanServerConnectionRule.java     |   6 +-
 .../ManagerMBeanAuthorizationJUnitTest.java     |  17 +-
 .../security/MemberMBeanSecurityJUnitTest.java  |  14 +-
 .../internal/security/MultiUserDUnitTest.java   |   8 +-
 .../internal/security/ShiroCacheStartRule.java  |  10 +-
 .../internal/security/TestCommand.java          |   5 +-
 ...ractIntegratedClientAuthDistributedTest.java |  17 +-
 ...gratedClientGetEntryAuthDistributedTest.java |   1 -
 ...IntegratedClientSizeAuthDistributedTest.java |   1 -
 ...edSecurityCacheLifecycleDistributedTest.java |   6 +-
 ...edSecurityCacheLifecycleIntegrationTest.java |   1 -
 ...urityNoShowValue1PostProcessorDUnitTest.java |   2 -
 ...tegratedSecurityPeerAuthDistributedTest.java |  28 +-
 ...ntegratedSecurityPostProcessorDUnitTest.java |   2 -
 .../gemfire/security/JSONAuthorization.java     |  54 ----
 .../security/NoShowValue1PostProcessor.java     |   6 +-
 .../gemfire/security/SecurityTestUtils.java     |   2 +-
 .../templates/SampleSecurityManagerTest.java    | 123 +++++++++
 .../geode/security/templates/security.json      |  30 +++
 .../gemfire/tools/pulse/tests/Server.java       |  10 +-
 48 files changed, 618 insertions(+), 474 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/17ede315/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/InternalDistributedSystem.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/InternalDistributedSystem.java b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/InternalDistributedSystem.java
index 32f1bff..013a72d 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/InternalDistributedSystem.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/InternalDistributedSystem.java
@@ -2085,7 +2085,7 @@ public class InternalDistributedSystem
         listener.handleEvent(event, resource);
       } catch(CancelException e) {
         //ignore
-      } catch (ManagementException ex) {
+      } catch (GemFireSecurityException|ManagementException ex) {
         if (event == ResourceEvent.CACHE_CREATE) {
           throw ex;
         } else {

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/17ede315/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/mgr/GMSMembershipManager.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/mgr/GMSMembershipManager.java b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/mgr/GMSMembershipManager.java
index cfd11ed..4ed30a4 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/mgr/GMSMembershipManager.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/mgr/GMSMembershipManager.java
@@ -2070,7 +2070,6 @@ public class GMSMembershipManager implements MembershipManager, Manager
    * 
    * Concurrency: protected by {@link #latestViewLock} ReentrantReadWriteLock
    *
-   * guarded.By latestViewLock
    * @return true if the given member is a zombie
    */
   public boolean isShunned(DistributedMember m) {

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/17ede315/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java
index 0d5e701..19f3325 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java
@@ -14,7 +14,6 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-
 package com.gemstone.gemfire.internal.security;
 
 import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
@@ -58,10 +57,17 @@ public class GeodeSecurityUtil {
 
   private static Logger logger = LogService.getLogger();
 
+  private static PostProcessor postProcessor;
+  private static SecurityManager securityManager;
+  private static boolean isIntegratedSecurity;
+  private static boolean isClientAuthenticator;
+  private static boolean isPeerAuthenticator;
 
   /**
-   * It first looks the shiro subject in AccessControlContext since JMX will use multiple threads to process operations from the same client.
-   * then it looks into Shiro's thead context.
+   * It first looks the shiro subject in AccessControlContext since JMX will
+   * use multiple threads to process operations from the same client, then it
+   * looks into Shiro's thead context.
+   *
    * @return the shiro subject, null if security is not enabled
    */
   public static Subject getSubject() {
@@ -97,8 +103,6 @@ public class GeodeSecurityUtil {
   }
 
   /**
-   * @param username
-   * @param password
    * @return null if security is not enabled, otherwise return a shiro subject
    */
   public static Subject login(String username, String password) {
@@ -153,7 +157,9 @@ public class GeodeSecurityUtil {
   }
 
   /**
-   * this binds the passed-in subject to the executing thread, normally, you would do this:
+   * this binds the passed-in subject to the executing thread, normally, you
+   * would do this:
+   *
    * ThreadState state = null;
    * try{
    *   state = GeodeSecurityUtil.bindSubject(subject);
@@ -269,15 +275,8 @@ public class GeodeSecurityUtil {
     }
   }
 
-  private static PostProcessor postProcessor;
-  private static SecurityManager securityManager;
-  private static boolean isIntegratedSecurity;
-  private static boolean isClientAuthenticator;
-  private static boolean isPeerAuthenticator;
-
   /**
    * initialize Shiro's Security Manager and Security Utilities
-   * @param securityProps
    */
   public static void initSecurity(Properties securityProps) {
     if (securityProps == null) {
@@ -352,8 +351,10 @@ public class GeodeSecurityUtil {
   }
 
   /**
-   * postProcess call already has this logic built in, you don't need to call this everytime you call postProcess.
-   * But if your postProcess is pretty involved with preparations and you need to bypass it entirely, call this first.
+   * postProcess call already has this logic built in, you don't need to call
+   * this everytime you call postProcess. But if your postProcess is pretty
+   * involved with preparations and you need to bypass it entirely, call this
+   * first.
    */
   public static boolean needPostProcess(){
     return (isIntegratedSecurity && postProcessor != null);
@@ -372,13 +373,9 @@ public class GeodeSecurityUtil {
     return postProcessor.processRegionValue((Principal)subject.getPrincipal(), regionName, key,  result);
   }
 
-
   /**
-   * this method would never return null, it either throws an exception or returns an object
-   * @param className
-   * @param expectedClazz
-   * @param <T>
-   * @return the expected object loadded by using the className
+   * this method would never return null, it either throws an exception or
+   * returns an object
    */
   public static <T> T getObjectOfTypeFromClassName(String className, Class<T> expectedClazz) {
     Class actualClass = null;
@@ -403,11 +400,8 @@ public class GeodeSecurityUtil {
   }
 
   /**
-   * this method would never return null, it either throws an exception or returns an object
-   * @param factoryMethodName
-   * @param expectedClazz
-   * @param <T>
-   * @return the expected object loaded by the factory method
+   * this method would never return null, it either throws an exception or
+   * returns an object
    */
   public static <T> T getObjectOfTypeFromFactoryMethod(String factoryMethodName, Class<T> expectedClazz){
     T actualObject = null;
@@ -426,12 +420,11 @@ public class GeodeSecurityUtil {
   }
 
   /**
-   * this method would never return null, it either throws an exception or returns an object
-   * @param classOrMethod
-   * @param expectedClazz
-   * @param <T>
-   * @return an object of type expectedClazz. This method would never return null. It either returns an non-null
-   * object or throws exception.
+   * this method would never return null, it either throws an exception or
+   * returns an object
+   *
+   * @return an object of type expectedClazz. This method would never return
+   * null. It either returns an non-null object or throws exception.
    */
   public static <T> T getObjectOfType(String classOrMethod, Class<T> expectedClazz) {
     T object = null;
@@ -448,7 +441,6 @@ public class GeodeSecurityUtil {
     return securityManager;
   }
 
-
   public static boolean isClientSecurityRequired() {
     return isClientAuthenticator || isIntegratedSecurity;
   }

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/17ede315/geode-core/src/main/java/com/gemstone/gemfire/internal/security/shiro/CustomAuthRealm.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/security/shiro/CustomAuthRealm.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/security/shiro/CustomAuthRealm.java
index db07fe0..c890dc9 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/security/shiro/CustomAuthRealm.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/security/shiro/CustomAuthRealm.java
@@ -34,18 +34,31 @@ import org.apache.shiro.subject.PrincipalCollection;
 import com.gemstone.gemfire.internal.security.GeodeSecurityUtil;
 import com.gemstone.gemfire.management.internal.security.ResourceConstants;
 
-public class CustomAuthRealm extends AuthorizingRealm{
+public class CustomAuthRealm extends AuthorizingRealm {
 
   private static final String REALM_NAME = "CUSTOMAUTHREALM";
 
   private SecurityManager securityManager = null;
 
+  /**
+   * The caller must invoke {@link org.apache.geode.security.SecurityManager#init(Properties)}
+   * prior to instantiating CustomAuthRealm.
+   *
+   * @param securityManager instance of SecurityManager which has already been initialized
+   */
   public CustomAuthRealm(SecurityManager securityManager) {
     this.securityManager = securityManager;
   }
 
-  public CustomAuthRealm (String authenticatorFactory) {
+  /**
+   * SecurityManager will be constructed and initialized with the provided security properties.
+   *
+   * @param authenticatorFactory name of the SecurityManager implementation to construct
+   * @param securityProperties the security properties to initialize SecurityManager with
+   */
+  public CustomAuthRealm(String authenticatorFactory, Properties securityProperties) {
     this.securityManager = GeodeSecurityUtil.getObjectOfTypeFromClassName(authenticatorFactory, SecurityManager.class);
+    this.securityManager.init(securityProperties);
   }
 
   @Override

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/17ede315/geode-core/src/main/java/org/apache/geode/security/GeodePermission.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/security/GeodePermission.java b/geode-core/src/main/java/org/apache/geode/security/GeodePermission.java
index 9f0ce2d..21cec6b 100644
--- a/geode-core/src/main/java/org/apache/geode/security/GeodePermission.java
+++ b/geode-core/src/main/java/org/apache/geode/security/GeodePermission.java
@@ -14,7 +14,6 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-
 package org.apache.geode.security;
 
 import org.apache.shiro.authz.permission.WildcardPermission;
@@ -42,35 +41,6 @@ public class GeodePermission extends WildcardPermission {
     READ
   }
 
-  /**
-   * Returns
-   * @return the resource, could be either DATA or CLUSTER
-   */
-  public Resource getResource() {
-    return resource;
-  }
-
-  /**
-   * @return the operation, could be either MANAGE, WRITE or READ
-   */
-  public Operation getOperation() {
-    return operation;
-  }
-
-  /**
-   * @return the regionName, could be "*", meaning all regions
-   */
-  public String getRegionName() {
-    return regionName;
-  }
-
-  /**
-   * @return the key, could be "*" meaning all keys.
-   */
-  public String getKey() {
-    return key;
-  }
-
   // these default values are used when creating a lock around an operation
   private Resource resource = Resource.NULL;
   private Operation operation = Operation.NULL;
@@ -113,6 +83,34 @@ public class GeodePermission extends WildcardPermission {
     setParts(this.resource+":"+this.operation+":"+this.regionName+":"+this.key, true);
   }
 
+  /**
+   * Returns the resource, could be either DATA or CLUSTER
+   */
+  public Resource getResource() {
+    return resource;
+  }
+
+  /**
+   * Returns the operation, could be either MANAGE, WRITE or READ
+   */
+  public Operation getOperation() {
+    return operation;
+  }
+
+  /**
+   * returns the regionName, could be "*", meaning all regions
+   */
+  public String getRegionName() {
+    return regionName;
+  }
+
+  /**
+   * returns the key, could be "*" meaning all keys.
+   */
+  public String getKey() {
+    return key;
+  }
+
   @Override
   public String toString() {
     if (ALL_REGIONS.equals(regionName)) {

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/17ede315/geode-core/src/main/java/org/apache/geode/security/SecurityManager.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/security/SecurityManager.java b/geode-core/src/main/java/org/apache/geode/security/SecurityManager.java
index 269ed43..51a6879 100644
--- a/geode-core/src/main/java/org/apache/geode/security/SecurityManager.java
+++ b/geode-core/src/main/java/org/apache/geode/security/SecurityManager.java
@@ -43,13 +43,13 @@ public interface SecurityManager {
 
   /**
    * Verify the credentials provided in the properties
-   * @param props
+   * @param credentials
    *        it contains the security-username and security-password as keys of the properties
    * @return
    *        the authenticated Principal object
    * @throws AuthenticationFailedException
    */
-  Principal authenticate(Properties props) throws AuthenticationFailedException;
+  Principal authenticate(Properties credentials) throws AuthenticationFailedException;
 
   /**
    * Authorize the GeodePermission for a given Principal

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/17ede315/geode-core/src/main/java/org/apache/geode/security/templates/SamplePostProcessor.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/security/templates/SamplePostProcessor.java b/geode-core/src/main/java/org/apache/geode/security/templates/SamplePostProcessor.java
index 5eca744..ce87bf8 100644
--- a/geode-core/src/main/java/org/apache/geode/security/templates/SamplePostProcessor.java
+++ b/geode-core/src/main/java/org/apache/geode/security/templates/SamplePostProcessor.java
@@ -14,7 +14,6 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-
 package org.apache.geode.security.templates;
 
 import java.security.Principal;
@@ -29,11 +28,11 @@ public class SamplePostProcessor implements PostProcessor{
 
   @Override
   public void init(final Properties securityProps) {
-
   }
 
   /**
-   * this simply modifies the value with all the parameter values
+   * This simply modifies the value with all the parameter values
+   *
    * @param principal
    *        The principal that's accessing the value
    * @param regionName

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/17ede315/geode-core/src/main/java/org/apache/geode/security/templates/SampleSecurityManager.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/security/templates/SampleSecurityManager.java b/geode-core/src/main/java/org/apache/geode/security/templates/SampleSecurityManager.java
index dd49f11..97ebe4f 100644
--- a/geode-core/src/main/java/org/apache/geode/security/templates/SampleSecurityManager.java
+++ b/geode-core/src/main/java/org/apache/geode/security/templates/SampleSecurityManager.java
@@ -16,6 +16,8 @@
  */
 package org.apache.geode.security.templates;
 
+import java.io.File;
+import java.io.FileInputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.StringWriter;
@@ -45,19 +47,24 @@ import com.gemstone.gemfire.security.AuthenticationFailedException;
 import com.gemstone.gemfire.security.NotAuthorizedException;
 
 /**
- * This class provides a sample implementation for authentication and authorization via the {@link SecurityManager}
+ * This class provides a sample implementation of {@link SecurityManager} for
+ * authentication and authorization initialized from data provided as JSON.
  *
- * In order to use it, a Geode member must be started with the following properties:
- * <p/>
- * <code>
- *   security-manager = com.gemstone.gemfire.security.examples.SampleSecurityManager
- * </code>
- * <p/>
- * The class is initialized with a JSON file called {@code security.json}. This file must exist on the classpath,
+ * <p>A Geode member must be configured with the following:
+ *
+ * <p>{@code security-manager = com.gemstone.gemfire.security.examples.SampleSecurityManager}
+ *
+ * <p>The class can be initialized with from either a JSON string or a JSON
+ * file
+ *
+ * <p>TODO: example of configuring from in-memory JSON string specified in securityProperties
+ *
+ * <p>TODO: example of configuring from a JSON file specified in securityProperties<br/>
+ * ...called {@code security.json}. This file must exist on the classpath,
  * so members should be started with an appropriate {@code --classpath} option.
- * <p/>
- * The format of the file is as follows:
- * <pre>
+ *
+ * <p>The format of the JSON for configuration is as follows:
+ * <pre><code>
  * {
  *   "roles": [
  *     {
@@ -74,11 +81,11 @@ import com.gemstone.gemfire.security.NotAuthorizedException;
  *       ],
  *       "regions": ["RegionA", "RegionB"]
  *     }
- *   ]
+ *   ],
  *   "users": [
  *     {
  *       "name": "admin",
- *       "password": "secret".
+ *       "password": "secret",
  *       "roles": ["admin"]
  *     },
  *     {
@@ -88,105 +95,177 @@ import com.gemstone.gemfire.security.NotAuthorizedException;
  *     }
  *   ]
  * }
- * </pre>
+ * </code></pre>
  */
 public class SampleSecurityManager implements SecurityManager {
 
-  public SampleSecurityManager() {
-    try {
-      setUpWithJsonFile("security.json");
+  public static final String SECURITY_JSON = "security-json";
+
+  protected static final String DEFAULT_JSON_FILE_NAME = "security.json";
+
+  private Map<String, User> userNameToUser;
+
+  @Override
+  public boolean authorize(final Principal principal, final GeodePermission context) {
+    if (principal == null) return false;
+
+    User user = this.userNameToUser.get(principal.getName());
+    if (user == null) return false; // this user is not authorized to do anything
+
+    // check if the user has this permission defined in the context
+    for (Role role : this.userNameToUser.get(user.name).roles) {
+      for (Permission permitted : role.permissions) {
+        if (permitted.implies(context)) {
+          return true;
+        }
+      }
     }
-    catch (IOException e) {
-      e.printStackTrace();
+
+    return false;
+  }
+
+  @Override
+  public void init(final Properties securityProperties) throws NotAuthorizedException {
+    String jsonPropertyValue = securityProperties.getProperty(SECURITY_JSON);
+    if (jsonPropertyValue == null) {
+      throw new AuthenticationFailedException("SampleSecurityManager: property [" + SECURITY_JSON + "] must be set.");
+    }
+
+    // 1st try to load value as a json resource
+    boolean initialized = initializeFromJsonResource(jsonPropertyValue);
+
+    // 2nd try to load value as a json file
+    if (!initialized) {
+      initialized = initializeFromJsonFile(new File(jsonPropertyValue));
+    }
+
+    // 3rd try to use value as a json string
+    if (!initialized) {
+      initialized = initializeFromJson(jsonPropertyValue);
+    }
+
+    if (!initialized) {
+      throw new AuthenticationFailedException("SampleSecurityManager: unable to read json from \"" + jsonPropertyValue + "\" as specified by [" + SECURITY_JSON + "].");
     }
   }
 
-  public static class Role {
-    List<GeodePermission> permissions = new ArrayList<>();
-    String name;
-    String serverGroup;
+  @Override
+  public Principal authenticate(final Properties credentials) throws AuthenticationFailedException {
+    String user = credentials.getProperty(ResourceConstants.USER_NAME);
+    String password = credentials.getProperty(ResourceConstants.PASSWORD);
+
+    User userObj = this.userNameToUser.get(user);
+    if (userObj == null) {
+      throw new AuthenticationFailedException("SampleSecurityManager: wrong username/password");
+    }
+
+    if (user != null && !userObj.password.equals(password) && !"".equals(user)) {
+      throw new AuthenticationFailedException("SampleSecurityManager: wrong username/password");
+    }
+
+    return new JMXPrincipal(user);
   }
 
-  public static class User {
-    String name;
-    Set<Role> roles = new HashSet<>();
-    String pwd;
+  boolean initializeFromJson(final String json) {//throws IOException {
+    try {
+      ObjectMapper mapper = new ObjectMapper();
+      JsonNode jsonNode = mapper.readTree(json);
+      this.userNameToUser = new HashMap<>();
+      Map<String, Role> roleMap = readRoles(jsonNode);
+      readUsers(this.userNameToUser, jsonNode, roleMap);
+      return true;
+    } catch (IOException ex) {
+      return false;
+    }
   }
 
-  private static Map<String, User> acl = null;
+  boolean initializeFromJsonFile(final File jsonFile) {//throws IOException {
+    try {
+      InputStream input = new FileInputStream(jsonFile);
+      if (input != null) {
+        initializeFromJson(readJsonFromInputStream(input));
+        return true;
+      }
+    } catch (IOException ex) {
+    }
+    return false;
+  }
 
+  boolean initializeFromJsonResource(final String jsonResource) {//throws IOException {
+    try {
+      InputStream input = ClassLoader.getSystemResourceAsStream(jsonResource);
+      if (input != null) {
+        initializeFromJson(readJsonFromInputStream(input));
+        return true;
+      }
+    } catch (IOException ex) {
+    }
+    return false;
+  }
 
-  public static void setUpWithJsonFile(String jsonFileName) throws IOException {
-    InputStream input = ClassLoader.getSystemResourceAsStream(jsonFileName);
-    if (input == null)
-      return;
+  User getUser(final String user) {
+    return this.userNameToUser.get(user);
+  }
 
+  private String readJsonFromInputStream(final InputStream input) throws IOException {
     StringWriter writer = new StringWriter();
     IOUtils.copy(input, writer, "UTF-8");
-    String json = writer.toString();
-    readSecurityDescriptor(json);
+    return writer.toString();
   }
 
-  protected static void readSecurityDescriptor(String json) throws IOException {
-    ObjectMapper mapper = new ObjectMapper();
-    JsonNode jsonNode = mapper.readTree(json);
-    acl = new HashMap<>();
-    Map<String, Role> roleMap = readRoles(jsonNode);
-    readUsers(acl, jsonNode, roleMap);
-  }
-
-  private static void readUsers(Map<String, User> acl, JsonNode node, Map<String, Role> roleMap) {
-    for (JsonNode u : node.get("users")) {
+  private void readUsers(final Map<String, User> rolesToUsers, final JsonNode node, final Map<String, Role> roleMap) {
+    for (JsonNode usersNode : node.get("users")) {
       User user = new User();
-      user.name = u.get("name").asText();
+      user.name = usersNode.get("name").asText();
 
-      if (u.has("password")) {
-        user.pwd = u.get("password").asText();
+      if (usersNode.has("password")) {
+        user.password = usersNode.get("password").asText();
       } else {
-        user.pwd = user.name;
+        user.password = user.name;
       }
 
-      for (JsonNode r : u.get("roles")) {
-        user.roles.add(roleMap.get(r.asText()));
+      for (JsonNode rolesNode : usersNode.get("roles")) {
+        user.roles.add(roleMap.get(rolesNode.asText()));
       }
 
-      acl.put(user.name, user);
+      rolesToUsers.put(user.name, user);
     }
   }
 
-  private static Map<String, Role> readRoles(JsonNode jsonNode) {
+  private Map<String, Role> readRoles(final JsonNode jsonNode) {
     if (jsonNode.get("roles") == null) {
       return Collections.EMPTY_MAP;
     }
-
     Map<String, Role> roleMap = new HashMap<>();
-    for (JsonNode r : jsonNode.get("roles")) {
+    for (JsonNode rolesNode : jsonNode.get("roles")) {
       Role role = new Role();
-      role.name = r.get("name").asText();
+      role.name = rolesNode.get("name").asText();
       String regionNames = null;
       String keys = null;
 
-      JsonNode regions = r.get("regions");
-      if (regions != null) {
-        if (regions.isArray()) {
-          regionNames = StreamSupport.stream(regions.spliterator(), false)
-              .map(JsonNode::asText)
-              .collect(Collectors.joining(","));
+      JsonNode regionsNode = rolesNode.get("regions");
+      if (regionsNode != null) {
+        if (regionsNode.isArray()) {
+          regionNames = StreamSupport.stream(regionsNode.spliterator(), false)
+                                     .map(JsonNode::asText)
+                                     .collect(Collectors.joining(","));
         } else {
-          regionNames = regions.asText();
+          regionNames = regionsNode.asText();
         }
       }
 
-      for (JsonNode op : r.get("operationsAllowed")) {
-        String[] parts = op.asText().split(":");
+      for (JsonNode operationsAllowedNode : rolesNode.get("operationsAllowed")) {
+        String[] parts = operationsAllowedNode.asText().split(":");
         String resourcePart = (parts.length > 0) ? parts[0] : null;
         String operationPart = (parts.length > 1) ? parts[1] : null;
-        if(parts.length>2){
+
+        if (parts.length>2){
           regionNames = parts[2];
         }
-        if(parts.length>3){
+        if (parts.length>3){
           keys = parts[3];
         }
+
         String regionPart = (regionNames != null) ? regionNames : "*";
         String keyPart = (keys !=null) ? keys : "*";
 
@@ -195,54 +274,24 @@ public class SampleSecurityManager implements SecurityManager {
 
       roleMap.put(role.name, role);
 
-      if (r.has("serverGroup")) {
-        role.serverGroup = r.get("serverGroup").asText();
+      if (rolesNode.has("serverGroup")) {
+        role.serverGroup = rolesNode.get("serverGroup").asText();
       }
     }
 
     return roleMap;
   }
-  public static Map<String, User> getAcl() {
-    return acl;
-  }
 
-  @Override
-  public boolean authorize(Principal principal, GeodePermission context) {
-    if (principal == null) return false;
-
-    User user = acl.get(principal.getName());
-    if (user == null) return false; // this user is not authorized to do anything
-
-    // check if the user has this permission defined in the context
-    for (Role role : acl.get(user.name).roles) {
-      for (Permission permitted : role.permissions) {
-        if (permitted.implies(context)) {
-          return true;
-        }
-      }
-    }
-
-    return false;
+  static class Role {
+    List<GeodePermission> permissions = new ArrayList<>();
+    String name;
+    String serverGroup;
   }
 
-  @Override
-  public void init(Properties props) throws NotAuthorizedException {
+  static class User {
+    String name;
+    Set<Role> roles = new HashSet<>();
+    String password;
   }
 
-  @Override
-  public Principal authenticate(Properties props) throws AuthenticationFailedException {
-    String user = props.getProperty(ResourceConstants.USER_NAME);
-    String pwd = props.getProperty(ResourceConstants.PASSWORD);
-
-    User userObj = acl.get(user);
-    if (userObj == null) {
-      throw new AuthenticationFailedException("Wrong username/password");
-    }
-
-    if (user != null && !userObj.pwd.equals(pwd) && !"".equals(user)) {
-      throw new AuthenticationFailedException("Wrong username/password");
-    }
-
-    return new JMXPrincipal(user);
-  }
 }

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/17ede315/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/DistributionConfigJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/DistributionConfigJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/DistributionConfigJUnitTest.java
index c4b3a4d..36783ed 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/DistributionConfigJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/DistributionConfigJUnitTest.java
@@ -31,6 +31,7 @@ import java.util.Map;
 import java.util.Properties;
 
 import org.apache.geode.security.templates.SamplePostProcessor;
+import org.apache.geode.security.templates.SampleSecurityManager;
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.experimental.categories.Category;
@@ -38,7 +39,6 @@ import org.junit.experimental.categories.Category;
 import com.gemstone.gemfire.InternalGemFireException;
 import com.gemstone.gemfire.UnmodifiableException;
 import com.gemstone.gemfire.internal.ConfigSource;
-import com.gemstone.gemfire.security.JSONAuthorization;
 import com.gemstone.gemfire.test.junit.categories.UnitTest;
 
 @Category(UnitTest.class)
@@ -326,11 +326,10 @@ public class DistributionConfigJUnitTest {
     assertTrue(config.isAttributeModifiable(JMX_MANAGER_HTTP_PORT));
   }
 
-
   @Test
   public void testSecurityProps(){
     Properties props = new Properties();
-    props.put(SECURITY_MANAGER, JSONAuthorization.class.getName());
+    props.put(SECURITY_MANAGER, SampleSecurityManager.class.getName());
     props.put(SECURITY_POST_PROCESSOR, SamplePostProcessor.class.getName());
     props.put(SECURITY_LOG_LEVEL, "config");
     // add another non-security property to verify it won't get put in the security properties
@@ -343,7 +342,7 @@ public class DistributionConfigJUnitTest {
   @Test
   public void testSecurityPropsWithNoSetter(){
     Properties props = new Properties();
-    props.put(SECURITY_MANAGER, JSONAuthorization.class.getName());
+    props.put(SECURITY_MANAGER, SampleSecurityManager.class.getName());
     props.put(SECURITY_POST_PROCESSOR, SamplePostProcessor.class.getName());
     props.put(SECURITY_LOG_LEVEL, "config");
     // add another non-security property to verify it won't get put in the security properties

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/17ede315/geode-core/src/test/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtilTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtilTest.java b/geode-core/src/test/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtilTest.java
index 272b04f..bdd1ec6 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtilTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtilTest.java
@@ -16,13 +16,13 @@
  */
 package com.gemstone.gemfire.internal.security;
 
-
 import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
 import static org.assertj.core.api.Java6Assertions.*;
 import static org.junit.Assert.*;
 
 import java.util.Properties;
 
+import org.apache.geode.security.templates.SampleSecurityManager;
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.experimental.categories.Category;
@@ -32,15 +32,17 @@ import com.gemstone.gemfire.test.junit.categories.UnitTest;
 
 @Category(UnitTest.class)
 public class GeodeSecurityUtilTest {
-  Properties properties;
+
+  private Properties properties;
+
   @Before
-  public void before(){
+  public void before() {
     properties = new Properties();
     GeodeSecurityUtil.initSecurity(properties);
   }
 
   @Test
-  public void testGetObjectFromConstructor(){
+  public void testGetObjectFromConstructor() {
     String string = GeodeSecurityUtil.getObjectOfType(String.class.getName(), String.class);
     assertNotNull(string);
     CharSequence charSequence = GeodeSecurityUtil.getObjectOfType(String.class.getName(), CharSequence.class);
@@ -58,7 +60,7 @@ public class GeodeSecurityUtilTest {
   }
 
   @Test
-  public void testGetObjectFromFactoryMethod(){
+  public void testGetObjectFromFactoryMethod() {
     String string = GeodeSecurityUtil.getObjectOfType(Factories.class.getName()+".getString", String.class);
     assertNotNull(string);
     CharSequence charSequence = GeodeSecurityUtil.getObjectOfType(Factories.class.getName()+".getString", String.class);
@@ -82,6 +84,7 @@ public class GeodeSecurityUtilTest {
   @Test
   public void testInitWithSecurityManager() {
     properties.setProperty(SECURITY_MANAGER, "org.apache.geode.security.templates.SampleSecurityManager");
+    properties.setProperty(SampleSecurityManager.SECURITY_JSON, "org/apache/geode/security/templates/security.json");
     GeodeSecurityUtil.initSecurity(properties);
     assertTrue(GeodeSecurityUtil.isClientSecurityRequired());
     assertTrue(GeodeSecurityUtil.isIntegratedSecurity());
@@ -89,8 +92,7 @@ public class GeodeSecurityUtilTest {
   }
 
   @Test
-  public void testInitWithClientAuthenticator()
-  {
+  public void testInitWithClientAuthenticator() {
     properties.setProperty(SECURITY_CLIENT_AUTHENTICATOR, "org.abc.test");
     GeodeSecurityUtil.initSecurity(properties);
     assertTrue(GeodeSecurityUtil.isClientSecurityRequired());
@@ -99,8 +101,7 @@ public class GeodeSecurityUtilTest {
   }
 
   @Test
-  public void testInitWithPeerAuthenticator()
-  {
+  public void testInitWithPeerAuthenticator() {
     properties.setProperty(SECURITY_PEER_AUTHENTICATOR, "org.abc.test");
     GeodeSecurityUtil.initSecurity(properties);
     assertFalse(GeodeSecurityUtil.isClientSecurityRequired());
@@ -109,8 +110,7 @@ public class GeodeSecurityUtilTest {
   }
 
   @Test
-  public void testInitWithShiroAuthenticator()
-  {
+  public void testInitWithShiroAuthenticator() {
     properties.setProperty(SECURITY_SHIRO_INIT, "shiro.ini");
     GeodeSecurityUtil.initSecurity(properties);
     assertTrue(GeodeSecurityUtil.isClientSecurityRequired());
@@ -119,6 +119,7 @@ public class GeodeSecurityUtilTest {
   }
 
   private static class Factories{
+
     public static String getString(){
       return new String();
     }

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/17ede315/geode-core/src/test/java/com/gemstone/gemfire/management/internal/cli/commands/CliCommandTestBase.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/cli/commands/CliCommandTestBase.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/cli/commands/CliCommandTestBase.java
index 163f9b5..a6627d5 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/cli/commands/CliCommandTestBase.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/cli/commands/CliCommandTestBase.java
@@ -29,6 +29,7 @@ import java.util.Properties;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
+import org.apache.geode.security.templates.SampleSecurityManager;
 import org.junit.Rule;
 import org.junit.rules.TemporaryFolder;
 
@@ -42,31 +43,33 @@ import com.gemstone.gemfire.management.internal.cli.parser.CommandTarget;
 import com.gemstone.gemfire.management.internal.cli.result.CommandResult;
 import com.gemstone.gemfire.management.internal.cli.shell.Gfsh;
 import com.gemstone.gemfire.management.internal.cli.util.CommandStringBuilder;
-import com.gemstone.gemfire.security.JSONAuthorization;
 import com.gemstone.gemfire.test.dunit.Host;
 import com.gemstone.gemfire.test.dunit.IgnoredException;
 import com.gemstone.gemfire.test.dunit.cache.internal.JUnit4CacheTestCase;
+import com.gemstone.gemfire.test.dunit.rules.DistributedRestoreSystemProperties;
 
 /**
  * Base class for all the CLI/gfsh command dunit tests.
  */
 public abstract class CliCommandTestBase extends JUnit4CacheTestCase {
 
-  private static final long serialVersionUID = 1L;
+  public static final String USE_HTTP_SYSTEM_PROPERTY = "useHTTP";
+
+  private boolean useHttpOnConnect = Boolean.getBoolean(USE_HTTP_SYSTEM_PROPERTY);
 
   private ManagementService managementService;
 
   private transient HeadlessGfsh shell;
 
-  public static final String USE_HTTP_SYSTEM_PROPERTY = "useHTTP";
-  private boolean useHttpOnConnect = Boolean.getBoolean(USE_HTTP_SYSTEM_PROPERTY);
-
   protected transient int httpPort;
   protected transient int jmxPort;
   protected transient String jmxHost;
   protected transient String gfshDir;
 
   @Rule
+  public transient DistributedRestoreSystemProperties restoreSystemProperties = new DistributedRestoreSystemProperties();
+
+  @Rule
   public transient TemporaryFolder temporaryFolder = new TemporaryFolder();
 
   @Override
@@ -97,7 +100,6 @@ public abstract class CliCommandTestBase extends JUnit4CacheTestCase {
    * cache). When adding regions, functions, keys, whatever to your cache for tests, you'll need to use
    * Host.getHost(0).getVM(0).invoke(new SerializableRunnable() { public void run() { ... } } in order to have this
    * setup run in the same VM as the manager.
-   * <p>
    *
    * @param props the Properties used when creating the cache for this default setup.
    * @return the default testable GemFire shell.
@@ -117,10 +119,6 @@ public abstract class CliCommandTestBase extends JUnit4CacheTestCase {
   }
 
   /**
-   *
-   * @param vm
-   * @param props
-   * @param jsonFile
    * @return an object array, result[0] is jmxHost(String), result[1] is jmxPort, result[2] is httpPort
    */
   protected Object[] setUpJMXManagerOnVM(int vm, final Properties props, String jsonFile) {
@@ -139,6 +137,10 @@ public abstract class CliCommandTestBase extends JUnit4CacheTestCase {
         localProps.setProperty(NAME, "Manager");
       }
 
+      if (jsonFile!=null) {
+        localProps.setProperty(SampleSecurityManager.SECURITY_JSON, jsonFile);
+      }
+
       final int[] ports = AvailablePortHelper.getRandomAvailableTCPPorts(2);
 
       jmxPort = ports[0];
@@ -153,10 +155,6 @@ public abstract class CliCommandTestBase extends JUnit4CacheTestCase {
       getSystem(localProps);
       verifyManagementServiceStarted(getCache());
 
-      if(jsonFile!=null){
-        JSONAuthorization.setUpWithJsonFile(jsonFile);
-      }
-
       IgnoredException.addIgnoredException("org.eclipse.jetty.io.EofException");
       IgnoredException.addIgnoredException("java.nio.channels.ClosedChannelException");
 

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/17ede315/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/AccessControlMBeanJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/AccessControlMBeanJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/AccessControlMBeanJUnitTest.java
index 6c626fc..6124e31 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/AccessControlMBeanJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/AccessControlMBeanJUnitTest.java
@@ -16,27 +16,28 @@
  */
 package com.gemstone.gemfire.management.internal.security;
 
-import static com.gemstone.gemfire.security.JSONAuthorization.*;
 import static org.assertj.core.api.Assertions.*;
 
-import com.gemstone.gemfire.internal.AvailablePort;
-import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
-
 import org.junit.Before;
 import org.junit.ClassRule;
 import org.junit.Rule;
 import org.junit.Test;
 import org.junit.experimental.categories.Category;
 
-@Category(IntegrationTest.class)
+import com.gemstone.gemfire.internal.AvailablePort;
+import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
+import com.gemstone.gemfire.test.junit.categories.SecurityTest;
+
+@Category({ IntegrationTest.class, SecurityTest.class })
 public class AccessControlMBeanJUnitTest {
+
   private static int jmxManagerPort = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET);
 
   private AccessControlMXBean bean;
 
   @ClassRule
   public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule(
-      jmxManagerPort, CACHE_SERVER_JSON);
+      jmxManagerPort, "com/gemstone/gemfire/management/internal/security/cacheServer.json");
 
   @Rule
   public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort);
@@ -48,7 +49,6 @@ public class AccessControlMBeanJUnitTest {
 
   /**
    * Test that any authenticated user can access this method
-   * @throws Exception
    */
   @Test
   @JMXConnectionConfiguration(user = "stranger", password = "1234567")

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/17ede315/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanAuthenticationJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanAuthenticationJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanAuthenticationJUnitTest.java
index 6857e18..53fce5f 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanAuthenticationJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanAuthenticationJUnitTest.java
@@ -16,8 +16,6 @@
  */
 package com.gemstone.gemfire.management.internal.security;
 
-import static com.gemstone.gemfire.security.JSONAuthorization.*;
-
 import org.junit.Before;
 import org.junit.ClassRule;
 import org.junit.Rule;
@@ -30,13 +28,14 @@ import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
 
 @Category(IntegrationTest.class)
 public class CacheServerMBeanAuthenticationJUnitTest {
+
   private static int jmxManagerPort = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET);
 
   private CacheServerMXBean bean;
 
   @ClassRule
   public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule(
-      jmxManagerPort, CACHE_SERVER_JSON);
+      jmxManagerPort, "com/gemstone/gemfire/management/internal/security/cacheServer.json");
 
   @Rule
   public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort);
@@ -46,7 +45,7 @@ public class CacheServerMBeanAuthenticationJUnitTest {
     bean = connectionRule.getProxyMBean(CacheServerMXBean.class, "GemFire:service=CacheServer,*");
   }
 
-  @Test()
+  @Test
   @JMXConnectionConfiguration(user = "data-admin", password = "1234567")
   public void testAllAccess() throws Exception {
     bean.removeIndex("foo");

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/17ede315/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanAuthorizationJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanAuthorizationJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanAuthorizationJUnitTest.java
index 39094fb..aba0b58 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanAuthorizationJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanAuthorizationJUnitTest.java
@@ -16,27 +16,29 @@
  */
 package com.gemstone.gemfire.management.internal.security;
 
-import static com.gemstone.gemfire.security.JSONAuthorization.*;
 import static org.assertj.core.api.Assertions.*;
 
-import com.gemstone.gemfire.internal.AvailablePort;
-import com.gemstone.gemfire.management.CacheServerMXBean;
-import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
 import org.junit.Before;
 import org.junit.ClassRule;
 import org.junit.Rule;
 import org.junit.Test;
 import org.junit.experimental.categories.Category;
 
-@Category(IntegrationTest.class)
+import com.gemstone.gemfire.internal.AvailablePort;
+import com.gemstone.gemfire.management.CacheServerMXBean;
+import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
+import com.gemstone.gemfire.test.junit.categories.SecurityTest;
+
+@Category({ IntegrationTest.class, SecurityTest.class })
 public class CacheServerMBeanAuthorizationJUnitTest {
+
   private static int jmxManagerPort = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET);
 
   private CacheServerMXBean bean;
 
   @ClassRule
   public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule(
-      jmxManagerPort, CACHE_SERVER_JSON);
+      jmxManagerPort, "com/gemstone/gemfire/management/internal/security/cacheServer.json");
 
   @Rule
   public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort);

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/17ede315/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanShiroJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanShiroJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanShiroJUnitTest.java
index 85a55a7..d53dc0e 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanShiroJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanShiroJUnitTest.java
@@ -18,17 +18,20 @@ package com.gemstone.gemfire.management.internal.security;
 
 import static org.assertj.core.api.Assertions.*;
 
-import com.gemstone.gemfire.internal.AvailablePort;
-import com.gemstone.gemfire.management.CacheServerMXBean;
-import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
 import org.junit.Before;
 import org.junit.ClassRule;
 import org.junit.Rule;
 import org.junit.Test;
 import org.junit.experimental.categories.Category;
 
-@Category(IntegrationTest.class)
+import com.gemstone.gemfire.internal.AvailablePort;
+import com.gemstone.gemfire.management.CacheServerMXBean;
+import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
+import com.gemstone.gemfire.test.junit.categories.SecurityTest;
+
+@Category({ IntegrationTest.class, SecurityTest.class })
 public class CacheServerMBeanShiroJUnitTest {
+
   private static int jmxManagerPort = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET);
 
   private CacheServerMXBean bean;
@@ -57,7 +60,6 @@ public class CacheServerMBeanShiroJUnitTest {
     bean.showClientQueueDetails("foo");
   }
 
-
   @Test
   @JMXConnectionConfiguration(user = "guest", password = "guest")
   public void testNoAccess() throws Exception {

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/17ede315/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CliCommandsSecurityTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CliCommandsSecurityTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CliCommandsSecurityTest.java
index af26147..56078e1 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CliCommandsSecurityTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CliCommandsSecurityTest.java
@@ -16,8 +16,6 @@
  */
 package com.gemstone.gemfire.management.internal.security;
 
-import static com.gemstone.gemfire.security.JSONAuthorization.*;
-import static org.assertj.core.api.AssertionsForClassTypes.fail;
 import static org.junit.Assert.*;
 
 import java.util.List;
@@ -35,8 +33,9 @@ import com.gemstone.gemfire.security.NotAuthorizedException;
 import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
 import com.gemstone.gemfire.test.junit.categories.SecurityTest;
 
-@Category({IntegrationTest.class, SecurityTest.class})
+@Category({ IntegrationTest.class, SecurityTest.class })
 public class CliCommandsSecurityTest {
+
   private static int jmxManagerPort = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET);
 
   private MemberMXBean bean;
@@ -45,7 +44,7 @@ public class CliCommandsSecurityTest {
 
   @ClassRule
   public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule(
-      jmxManagerPort, CACHE_SERVER_JSON);
+      jmxManagerPort, "com/gemstone/gemfire/management/internal/security/cacheServer.json");
 
   @Rule
   public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort);

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/17ede315/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/DataCommandsSecurityTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/DataCommandsSecurityTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/DataCommandsSecurityTest.java
index 73da024..eea9f06 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/DataCommandsSecurityTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/DataCommandsSecurityTest.java
@@ -17,28 +17,29 @@
 package com.gemstone.gemfire.management.internal.security;
 
 import static org.assertj.core.api.Assertions.*;
-import static com.gemstone.gemfire.security.JSONAuthorization.*;
 
-import com.gemstone.gemfire.internal.AvailablePort;
-import com.gemstone.gemfire.management.MemberMXBean;
-import com.gemstone.gemfire.security.GemFireSecurityException;
-import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
-import com.gemstone.gemfire.test.junit.categories.SecurityTest;
 import org.junit.Before;
 import org.junit.ClassRule;
 import org.junit.Rule;
 import org.junit.Test;
 import org.junit.experimental.categories.Category;
 
-@Category({IntegrationTest.class, SecurityTest.class})
+import com.gemstone.gemfire.internal.AvailablePort;
+import com.gemstone.gemfire.management.MemberMXBean;
+import com.gemstone.gemfire.security.GemFireSecurityException;
+import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
+import com.gemstone.gemfire.test.junit.categories.SecurityTest;
+
+@Category({ IntegrationTest.class, SecurityTest.class })
 public class DataCommandsSecurityTest {
+
   private static int jmxManagerPort = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET);
 
   private MemberMXBean bean;
 
   @ClassRule
   public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule(
-      jmxManagerPort, CACHE_SERVER_JSON);
+      jmxManagerPort, "com/gemstone/gemfire/management/internal/security/cacheServer.json");
 
   @Rule
   public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort);

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/17ede315/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/DiskStoreMXBeanSecurityJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/DiskStoreMXBeanSecurityJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/DiskStoreMXBeanSecurityJUnitTest.java
index 2d8099d..185c984 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/DiskStoreMXBeanSecurityJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/DiskStoreMXBeanSecurityJUnitTest.java
@@ -17,11 +17,7 @@
 package com.gemstone.gemfire.management.internal.security;
 
 import static org.assertj.core.api.Assertions.*;
-import static com.gemstone.gemfire.security.JSONAuthorization.*;
 
-import com.gemstone.gemfire.internal.AvailablePort;
-import com.gemstone.gemfire.management.DiskStoreMXBean;
-import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
 import org.junit.Before;
 import org.junit.BeforeClass;
 import org.junit.ClassRule;
@@ -29,15 +25,21 @@ import org.junit.Rule;
 import org.junit.Test;
 import org.junit.experimental.categories.Category;
 
-@Category(IntegrationTest.class)
+import com.gemstone.gemfire.internal.AvailablePort;
+import com.gemstone.gemfire.management.DiskStoreMXBean;
+import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
+import com.gemstone.gemfire.test.junit.categories.SecurityTest;
+
+@Category({ IntegrationTest.class, SecurityTest.class })
 public class DiskStoreMXBeanSecurityJUnitTest {
+
   private static int jmxManagerPort = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET);
 
   private DiskStoreMXBean bean;
 
   @ClassRule
   public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule(
-      jmxManagerPort, CACHE_SERVER_JSON);
+      jmxManagerPort, "com/gemstone/gemfire/management/internal/security/cacheServer.json");
 
   @Rule
   public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort);

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/17ede315/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewayReceiverMBeanSecurityTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewayReceiverMBeanSecurityTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewayReceiverMBeanSecurityTest.java
index 8bc55f0..b339094 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewayReceiverMBeanSecurityTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewayReceiverMBeanSecurityTest.java
@@ -18,15 +18,9 @@ package com.gemstone.gemfire.management.internal.security;
 
 import static org.assertj.core.api.Assertions.*;
 import static org.mockito.Mockito.*;
-import static com.gemstone.gemfire.security.JSONAuthorization.*;
 
 import javax.management.ObjectName;
 
-import com.gemstone.gemfire.internal.AvailablePort;
-import com.gemstone.gemfire.management.GatewayReceiverMXBean;
-import com.gemstone.gemfire.management.ManagementService;
-import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
-
 import org.junit.AfterClass;
 import org.junit.Before;
 import org.junit.BeforeClass;
@@ -35,18 +29,26 @@ import org.junit.Rule;
 import org.junit.Test;
 import org.junit.experimental.categories.Category;
 
-@Category(IntegrationTest.class)
+import com.gemstone.gemfire.internal.AvailablePort;
+import com.gemstone.gemfire.management.GatewayReceiverMXBean;
+import com.gemstone.gemfire.management.ManagementService;
+import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
+import com.gemstone.gemfire.test.junit.categories.SecurityTest;
+
+@Category({ IntegrationTest.class, SecurityTest.class })
 public class GatewayReceiverMBeanSecurityTest {
+
   private static int jmxManagerPort = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET);
 
-  private GatewayReceiverMXBean bean;
   private static GatewayReceiverMXBean mock = mock(GatewayReceiverMXBean.class);
   private static ObjectName mockBeanName = null;
   private static ManagementService service = null;
 
+  private GatewayReceiverMXBean bean;
+
   @ClassRule
   public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule(
-      jmxManagerPort, CACHE_SERVER_JSON);
+      jmxManagerPort, "com/gemstone/gemfire/management/internal/security/cacheServer.json");
 
   @Rule
   public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort);

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/17ede315/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewaySenderMBeanSecurityTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewaySenderMBeanSecurityTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewaySenderMBeanSecurityTest.java
index fe4f624..e65adfb 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewaySenderMBeanSecurityTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewaySenderMBeanSecurityTest.java
@@ -18,15 +18,9 @@ package com.gemstone.gemfire.management.internal.security;
 
 import static org.assertj.core.api.Assertions.*;
 import static org.mockito.Mockito.*;
-import static com.gemstone.gemfire.security.JSONAuthorization.*;
 
 import javax.management.ObjectName;
 
-import com.gemstone.gemfire.internal.AvailablePort;
-import com.gemstone.gemfire.management.GatewaySenderMXBean;
-import com.gemstone.gemfire.management.ManagementService;
-import com.gemstone.gemfire.management.internal.beans.GatewaySenderMBean;
-import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
 import org.junit.AfterClass;
 import org.junit.Before;
 import org.junit.BeforeClass;
@@ -35,18 +29,27 @@ import org.junit.Rule;
 import org.junit.Test;
 import org.junit.experimental.categories.Category;
 
-@Category(IntegrationTest.class)
+import com.gemstone.gemfire.internal.AvailablePort;
+import com.gemstone.gemfire.management.GatewaySenderMXBean;
+import com.gemstone.gemfire.management.ManagementService;
+import com.gemstone.gemfire.management.internal.beans.GatewaySenderMBean;
+import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
+import com.gemstone.gemfire.test.junit.categories.SecurityTest;
+
+@Category({ IntegrationTest.class, SecurityTest.class })
 public class GatewaySenderMBeanSecurityTest {
+
   private static int jmxManagerPort = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET);
 
-  private GatewaySenderMXBean bean;
   private static GatewaySenderMBean mock = mock(GatewaySenderMBean.class);
   private static ObjectName mockBeanName = null;
   private static ManagementService service = null;
 
+  private GatewaySenderMXBean bean;
+
   @ClassRule
   public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule(
-      jmxManagerPort, CACHE_SERVER_JSON);
+      jmxManagerPort, "com/gemstone/gemfire/management/internal/security/cacheServer.json");
 
   @Rule
   public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort);

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/17ede315/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodePermissionJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodePermissionJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodePermissionJUnitTest.java
index a955dae..104ea5e 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodePermissionJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodePermissionJUnitTest.java
@@ -14,7 +14,6 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-
 package com.gemstone.gemfire.management.internal.security;
 
 import static org.junit.Assert.*;
@@ -22,13 +21,14 @@ import static org.junit.Assert.*;
 import org.apache.geode.security.GeodePermission;
 import org.apache.geode.security.GeodePermission.Operation;
 import org.apache.geode.security.GeodePermission.Resource;
-import com.gemstone.gemfire.test.junit.categories.UnitTest;
-
 import org.apache.shiro.authz.permission.WildcardPermission;
 import org.junit.Test;
 import org.junit.experimental.categories.Category;
 
-@Category(UnitTest.class)
+import com.gemstone.gemfire.test.junit.categories.SecurityTest;
+import com.gemstone.gemfire.test.junit.categories.UnitTest;
+
+@Category({ UnitTest.class, SecurityTest.class })
 public class GeodePermissionJUnitTest {
 
   private GeodePermission context;

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/17ede315/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilCustomRealmJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilCustomRealmJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilCustomRealmJUnitTest.java
index dd9961d..78168bf 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilCustomRealmJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilCustomRealmJUnitTest.java
@@ -14,30 +14,30 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-
 package com.gemstone.gemfire.management.internal.security;
 
 import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
-import static com.gemstone.gemfire.security.JSONAuthorization.*;
 
+import org.apache.geode.security.templates.SampleSecurityManager;
 import org.junit.BeforeClass;
 import org.junit.experimental.categories.Category;
 
 import com.gemstone.gemfire.internal.security.GeodeSecurityUtil;
-import com.gemstone.gemfire.security.JSONAuthorization;
-import com.gemstone.gemfire.test.junit.categories.UnitTest;
+import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
+import com.gemstone.gemfire.test.junit.categories.SecurityTest;
 
 /**
- * this test and ShiroUtilWithIniFileJunitTest uses the same test body, but initialize the SecurityUtils differently.
- * If you change shiro-ini.json, remmber to change the shiro.ini to match the changes as well.
+ * Integration tests for {@link GeodeSecurityUtil} using shiro-ini.json.
+ *
+ * @see GeodeSecurityUtilWithIniFileJUnitTest
  */
-
-@Category(UnitTest.class)
+@Category({ IntegrationTest.class, SecurityTest.class })
 public class GeodeSecurityUtilCustomRealmJUnitTest extends GeodeSecurityUtilWithIniFileJUnitTest {
+
   @BeforeClass
-  public static void beforeClass() throws Exception{
-    props.put(SECURITY_MANAGER, JSONAuthorization.class.getName());
-    JSONAuthorization.setUpWithJsonFile(SHIRO_INI_JSON);
+  public static void beforeClass() throws Exception {
+    props.put(SampleSecurityManager.SECURITY_JSON, "com/gemstone/gemfire/management/internal/security/shiro-ini.json");
+    props.put(SECURITY_MANAGER, SampleSecurityManager.class.getName());
     GeodeSecurityUtil.initSecurity(props);
   }
 

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/17ede315/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilWithIniFileJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilWithIniFileJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilWithIniFileJUnitTest.java
index 6496076..ec0d393 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilWithIniFileJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilWithIniFileJUnitTest.java
@@ -14,7 +14,6 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-
 package com.gemstone.gemfire.management.internal.security;
 
 import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
@@ -22,23 +21,24 @@ import static org.assertj.core.api.Assertions.*;
 
 import java.util.Properties;
 
+import org.apache.geode.security.GeodePermission;
 import org.junit.BeforeClass;
 import org.junit.Test;
 import org.junit.experimental.categories.Category;
 
 import com.gemstone.gemfire.internal.security.GeodeSecurityUtil;
 import com.gemstone.gemfire.security.GemFireSecurityException;
-import org.apache.geode.security.GeodePermission;
+import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
 import com.gemstone.gemfire.test.junit.categories.SecurityTest;
-import com.gemstone.gemfire.test.junit.categories.UnitTest;
 
 /**
- * this test and ShiroUtilCustomRealmJUunitTest uses the same test body, but initialize the SecurityUtils differently.
- * If you change shiro.ini, remmber to change the shiro-ini.json to match the changes as well.
+ * Integration tests for {@link GeodeSecurityUtil} using shiro.ini
  */
-@Category({UnitTest.class, SecurityTest.class})
+@Category({ IntegrationTest.class, SecurityTest.class })
 public class GeodeSecurityUtilWithIniFileJUnitTest {
+
   protected static Properties props = new Properties();
+
   @BeforeClass
   public static void beforeClass() throws Exception{
     props.setProperty(SECURITY_SHIRO_INIT, "shiro.ini");

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/17ede315/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshCommandsPostProcessorTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshCommandsPostProcessorTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshCommandsPostProcessorTest.java
index 8b96e8b..44db600 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshCommandsPostProcessorTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshCommandsPostProcessorTest.java
@@ -14,12 +14,11 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-
 package com.gemstone.gemfire.management.internal.security;
 
-import static com.gemstone.gemfire.internal.Assert.assertTrue;
-import static com.gemstone.gemfire.security.JSONAuthorization.*;
+import static com.gemstone.gemfire.internal.Assert.*;
 
+import org.apache.geode.security.templates.SamplePostProcessor;
 import org.junit.Before;
 import org.junit.ClassRule;
 import org.junit.Rule;
@@ -28,25 +27,22 @@ import org.junit.experimental.categories.Category;
 
 import com.gemstone.gemfire.internal.AvailablePortHelper;
 import com.gemstone.gemfire.management.internal.cli.HeadlessGfsh;
-import org.apache.geode.security.templates.SamplePostProcessor;
 import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
+import com.gemstone.gemfire.test.junit.categories.SecurityTest;
 
-@Category(IntegrationTest.class)
+@Category({ IntegrationTest.class, SecurityTest.class })
 public class GfshCommandsPostProcessorTest {
+
   protected static int jmxPort = AvailablePortHelper.getRandomAvailableTCPPort();
 
   private HeadlessGfsh gfsh = null;
 
   @ClassRule
   public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule(
-      jmxPort, CACHE_SERVER_JSON, SamplePostProcessor.class);
+      jmxPort, "com/gemstone/gemfire/management/internal/security/cacheServer.json", SamplePostProcessor.class);
 
   @Rule
-  public GfshShellConnectionRule gfshConnection;
-
-  public GfshCommandsPostProcessorTest(){
-    gfshConnection = new GfshShellConnectionRule(jmxPort);
-  }
+  public GfshShellConnectionRule gfshConnection = new GfshShellConnectionRule(jmxPort);
 
   @Before
   public void before(){

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/17ede315/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshCommandsSecurityTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshCommandsSecurityTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshCommandsSecurityTest.java
index 603088e..8d6c54d 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshCommandsSecurityTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshCommandsSecurityTest.java
@@ -14,11 +14,9 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-
 package com.gemstone.gemfire.management.internal.security;
 
 import static org.junit.Assert.*;
-import static com.gemstone.gemfire.security.JSONAuthorization.*;
 
 import java.util.List;
 
@@ -37,9 +35,11 @@ import com.gemstone.gemfire.management.internal.cli.result.CommandResult;
 import com.gemstone.gemfire.management.internal.cli.result.ErrorResultData;
 import com.gemstone.gemfire.management.internal.cli.result.ResultBuilder;
 import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
+import com.gemstone.gemfire.test.junit.categories.SecurityTest;
 
-@Category(IntegrationTest.class)
+@Category({ IntegrationTest.class, SecurityTest.class })
 public class GfshCommandsSecurityTest {
+
   protected static int[] ports = AvailablePortHelper.getRandomAvailableTCPPorts(2);
   protected static int jmxPort = ports[0];
   protected static int httpPort = ports[1];
@@ -48,15 +48,10 @@ public class GfshCommandsSecurityTest {
 
   @ClassRule
   public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule(
-      jmxPort, httpPort, CACHE_SERVER_JSON);
+      jmxPort, httpPort, "com/gemstone/gemfire/management/internal/security/cacheServer.json");
 
   @Rule
-  public GfshShellConnectionRule gfshConnection;
-
-  public GfshCommandsSecurityTest(){
-    gfshConnection = new GfshShellConnectionRule(jmxPort, httpPort, false);
-  }
-
+  public GfshShellConnectionRule gfshConnection = new GfshShellConnectionRule(jmxPort, httpPort, false);
 
   @Before
   public void before(){
@@ -129,7 +124,6 @@ public class GfshCommandsSecurityTest {
     runCommandsWithAndWithout("DATA:MANAGE:RegionA");
   }
 
-
   private void runCommandsWithAndWithout(String permission) throws Exception{
     List<TestCommand> allPermitted = TestCommand.getPermittedCommands(new WildcardPermission(permission, true));
     for(TestCommand permitted:allPermitted) {
@@ -184,6 +178,4 @@ public class GfshCommandsSecurityTest {
     gfsh.executeCommand("query --query=\"select * from /region1\"");
   }
 
-
-
 }

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/17ede315/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/JsonAuthorizationCacheStartRule.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/JsonAuthorizationCacheStartRule.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/JsonAuthorizationCacheStartRule.java
index 1d4fb40..81cf92f 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/JsonAuthorizationCacheStartRule.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/JsonAuthorizationCacheStartRule.java
@@ -20,13 +20,14 @@ import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
 
 import java.util.Properties;
 
+import org.apache.geode.security.templates.SampleSecurityManager;
 import org.junit.rules.ExternalResource;
 
 import com.gemstone.gemfire.cache.Cache;
 import com.gemstone.gemfire.cache.CacheFactory;
-import com.gemstone.gemfire.security.JSONAuthorization;
 
 public class JsonAuthorizationCacheStartRule extends ExternalResource {
+
   private Cache cache;
   private int jmxManagerPort = 0;
   private int httpPort = 0;
@@ -39,7 +40,6 @@ public class JsonAuthorizationCacheStartRule extends ExternalResource {
     this.postProcessor = postProcessor;
   }
 
-
   public JsonAuthorizationCacheStartRule(int jmxManagerPort, String jsonFile) {
     this.jmxManagerPort = jmxManagerPort;
     this.jsonFile = jsonFile;
@@ -53,6 +53,7 @@ public class JsonAuthorizationCacheStartRule extends ExternalResource {
 
   protected void before() throws Throwable {
     Properties properties = new Properties();
+    properties.put(SampleSecurityManager.SECURITY_JSON, jsonFile);
     properties.put(NAME, JsonAuthorizationCacheStartRule.class.getSimpleName());
     properties.put(LOCATORS, "");
     properties.put(MCAST_PORT, "0");
@@ -60,20 +61,18 @@ public class JsonAuthorizationCacheStartRule extends ExternalResource {
     properties.put(JMX_MANAGER_START, "true");
     properties.put(JMX_MANAGER_PORT, String.valueOf(jmxManagerPort));
     properties.put(HTTP_SERVICE_PORT, String.valueOf(httpPort));
-    properties.put(SECURITY_MANAGER, JSONAuthorization.class.getName());
+    properties.put(SECURITY_MANAGER, SampleSecurityManager.class.getName());
 
-    if(postProcessor!=null){
+    if (postProcessor!=null) {
       properties.put(SECURITY_POST_PROCESSOR, postProcessor.getName());
     }
 
-    JSONAuthorization.setUpWithJsonFile(jsonFile);
-
     cache = new CacheFactory(properties).create();
     cache.addCacheServer().start();
     cache.createRegionFactory().create("region1");
   }
 
-  public Cache getCache(){
+  public Cache getCache() {
     return cache;
   }
 

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/17ede315/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/LockServiceMBeanAuthorizationJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/LockServiceMBeanAuthorizationJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/LockServiceMBeanAuthorizationJUnitTest.java
index 44e414c..8258f81 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/LockServiceMBeanAuthorizationJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/LockServiceMBeanAuthorizationJUnitTest.java
@@ -17,14 +17,7 @@
 package com.gemstone.gemfire.management.internal.security;
 
 import static org.assertj.core.api.Assertions.*;
-import static com.gemstone.gemfire.security.JSONAuthorization.*;
 
-import com.gemstone.gemfire.cache.Cache;
-import com.gemstone.gemfire.distributed.internal.InternalDistributedSystem;
-import com.gemstone.gemfire.distributed.internal.locks.DLockService;
-import com.gemstone.gemfire.internal.AvailablePort;
-import com.gemstone.gemfire.management.LockServiceMXBean;
-import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
 import org.junit.AfterClass;
 import org.junit.Before;
 import org.junit.BeforeClass;
@@ -33,15 +26,24 @@ import org.junit.Rule;
 import org.junit.Test;
 import org.junit.experimental.categories.Category;
 
-@Category(IntegrationTest.class)
+import com.gemstone.gemfire.cache.Cache;
+import com.gemstone.gemfire.distributed.internal.InternalDistributedSystem;
+import com.gemstone.gemfire.distributed.internal.locks.DLockService;
+import com.gemstone.gemfire.internal.AvailablePort;
+import com.gemstone.gemfire.management.LockServiceMXBean;
+import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
+import com.gemstone.gemfire.test.junit.categories.SecurityTest;
+
+@Category({ IntegrationTest.class, SecurityTest.class })
 public class LockServiceMBeanAuthorizationJUnitTest {
+
   private static int jmxManagerPort = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET);
 
   private LockServiceMXBean lockServiceMBean;
 
   @ClassRule
   public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule(
-      jmxManagerPort, CACHE_SERVER_JSON);
+      jmxManagerPort, "com/gemstone/gemfire/management/internal/security/cacheServer.json");
 
   @Rule
   public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort);

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/17ede315/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MBeanSecurityJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MBeanSecurityJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MBeanSecurityJUnitTest.java
index 1d6c95d..1d77375 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MBeanSecurityJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MBeanSecurityJUnitTest.java
@@ -16,17 +16,11 @@
  */
 package com.gemstone.gemfire.management.internal.security;
 
-import com.gemstone.gemfire.internal.AvailablePort;
-import com.gemstone.gemfire.management.ManagementException;
-import com.gemstone.gemfire.management.ManagementService;
-import com.gemstone.gemfire.management.MemberMXBean;
-import com.gemstone.gemfire.management.internal.MBeanJMXAdapter;
-import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
-import org.junit.ClassRule;
-import org.junit.Rule;
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-import static com.gemstone.gemfire.security.JSONAuthorization.*;
+import static org.assertj.core.api.Assertions.*;
+import static org.mockito.Mockito.*;
+
+import java.io.IOException;
+import java.util.Set;
 
 import javax.management.DynamicMBean;
 import javax.management.MBeanServer;
@@ -35,25 +29,31 @@ import javax.management.MalformedObjectNameException;
 import javax.management.ObjectInstance;
 import javax.management.ObjectName;
 import javax.management.ReflectionException;
-import java.io.IOException;
-import java.util.Set;
 
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
-import static org.mockito.Mockito.mock;
+import org.junit.ClassRule;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+import com.gemstone.gemfire.internal.AvailablePort;
+import com.gemstone.gemfire.management.ManagementException;
+import com.gemstone.gemfire.management.ManagementService;
+import com.gemstone.gemfire.management.MemberMXBean;
+import com.gemstone.gemfire.management.internal.MBeanJMXAdapter;
+import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
+import com.gemstone.gemfire.test.junit.categories.SecurityTest;
 
-@Category(IntegrationTest.class)
+@Category({ IntegrationTest.class, SecurityTest.class })
 public class MBeanSecurityJUnitTest {
 
   private static int jmxManagerPort = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET);
 
   @ClassRule
-  public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule(jmxManagerPort, CACHE_SERVER_JSON);
+  public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule(jmxManagerPort, "com/gemstone/gemfire/management/internal/security/cacheServer.json");
 
   @Rule
   public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort);
 
-
   /**
    * No user can call createBean or unregisterBean of GemFire Domain
    */
@@ -75,9 +75,9 @@ public class MBeanSecurityJUnitTest {
     ).isInstanceOf(ReflectionException.class);
   }
 
-  /*
-  * looks like everyone can query for beans, but the AccessControlMXBean is filtered from the result
-  */
+  /**
+   * looks like everyone can query for beans, but the AccessControlMXBean is filtered from the result
+   */
   @Test
   @JMXConnectionConfiguration(user = "stranger", password = "1234567")
   public void testQueryBean() throws MalformedObjectNameException, IOException {
@@ -89,8 +89,8 @@ public class MBeanSecurityJUnitTest {
     assertThat(objects.size()).isEqualTo(1);
   }
 
-  /*
-  * These calls does not go through the MBeanServerWrapper authentication, therefore is not throwing the SecurityExceptions
+  /**
+   * These calls does not go through the MBeanServerWrapper authentication, therefore is not throwing the SecurityExceptions
    */
   @Test
   public void testLocalCalls() throws Exception{
@@ -103,8 +103,6 @@ public class MBeanSecurityJUnitTest {
     assertThatThrownBy(
         () -> adapter.registerMBean(mock(DynamicMBean.class), new ObjectName("MockDomain", "name", "mock"), false)
     ).isInstanceOf(ManagementException.class);
-
-
   }
 
   @Test

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/17ede315/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MBeanServerConnectionRule.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MBeanServerConnectionRule.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MBeanServerConnectionRule.java
index 51cc6b8..2ca4b19 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MBeanServerConnectionRule.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MBeanServerConnectionRule.java
@@ -22,6 +22,7 @@ import java.io.IOException;
 import java.util.HashMap;
 import java.util.Map;
 import java.util.Set;
+
 import javax.management.JMX;
 import javax.management.MBeanServerConnection;
 import javax.management.MalformedObjectNameException;
@@ -33,13 +34,13 @@ import javax.management.remote.JMXConnector;
 import javax.management.remote.JMXConnectorFactory;
 import javax.management.remote.JMXServiceURL;
 
-import com.gemstone.gemfire.test.junit.rules.DescribedExternalResource;
 import org.junit.runner.Description;
 
+import com.gemstone.gemfire.test.junit.rules.DescribedExternalResource;
+
 /**
  * Class which eases the creation of MBeans for security testing. When combined with {@link JMXConnectionConfiguration}
  * it allows for the creation of per-test connections with different user/password combinations.
- *
  */
 public class MBeanServerConnectionRule extends DescribedExternalResource {
 
@@ -96,7 +97,6 @@ public class MBeanServerConnectionRule extends DescribedExternalResource {
     return getProxyMBean(null, beanQueryName);
   }
 
-
   public MBeanServerConnection getMBeanServerConnection() throws IOException {
     return con;
   }

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/17ede315/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/ManagerMBeanAuthorizationJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/ManagerMBeanAuthorizationJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/ManagerMBeanAuthorizationJUnitTest.java
index 635daa6..4df20e7 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/ManagerMBeanAuthorizationJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/ManagerMBeanAuthorizationJUnitTest.java
@@ -18,15 +18,11 @@ package com.gemstone.gemfire.management.internal.security;
 
 import static org.assertj.core.api.Assertions.*;
 import static org.mockito.Mockito.*;
-import static com.gemstone.gemfire.security.JSONAuthorization.*;
 
 import java.lang.management.ManagementFactory;
+
 import javax.management.ObjectName;
 
-import com.gemstone.gemfire.internal.AvailablePort;
-import com.gemstone.gemfire.management.ManagerMXBean;
-import com.gemstone.gemfire.management.internal.beans.ManagerMBean;
-import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
 import org.junit.Before;
 import org.junit.BeforeClass;
 import org.junit.ClassRule;
@@ -34,15 +30,22 @@ import org.junit.Rule;
 import org.junit.Test;
 import org.junit.experimental.categories.Category;
 
-@Category(IntegrationTest.class)
+import com.gemstone.gemfire.internal.AvailablePort;
+import com.gemstone.gemfire.management.ManagerMXBean;
+import com.gemstone.gemfire.management.internal.beans.ManagerMBean;
+import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
+import com.gemstone.gemfire.test.junit.categories.SecurityTest;
+
+@Category({ IntegrationTest.class, SecurityTest.class })
 public class ManagerMBeanAuthorizationJUnitTest {
+
   private static int jmxManagerPort = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET);
 
   private ManagerMXBean managerMXBean;
 
   @ClassRule
   public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule(
-      jmxManagerPort, CACHE_SERVER_JSON);
+      jmxManagerPort, "com/gemstone/gemfire/management/internal/security/cacheServer.json");
 
   @Rule
   public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort);



Mime
View raw message