geode-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jinmeil...@apache.org
Subject [2/2] incubator-geode git commit: GEODE-1647: Add Integrated Security to Peer Authentication
Date Wed, 20 Jul 2016 23:05:46 GMT
GEODE-1647: Add Integrated Security to Peer Authentication

* This closes #210


Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/16b73564
Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/16b73564
Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/16b73564

Branch: refs/heads/develop
Commit: 16b73564f638aea652842dd071d01e1e3d5ad204
Parents: 7c2e219
Author: gmeilen <gracemeilen@gmail.com>
Authored: Mon Jul 18 13:13:11 2016 -0700
Committer: Jinmei Liao <jiliao@pivotal.io>
Committed: Wed Jul 20 16:04:31 2016 -0700

----------------------------------------------------------------------
 .../membership/gms/auth/GMSAuthenticator.java   |  79 +++++-----
 .../gms/interfaces/Authenticator.java           |   6 +-
 .../membership/gms/membership/GMSJoinLeave.java |   2 +-
 .../cache/tier/sockets/AcceptorImpl.java        |   2 +-
 .../internal/cache/tier/sockets/HandShake.java  |   6 +-
 .../gemfire/internal/i18n/LocalizedStrings.java |   4 +-
 .../internal/security/GeodeSecurityUtil.java    |  45 +++---
 .../templates/SampleSecurityManager.java        |   5 +
 .../internal/DistributionConfigJUnitTest.java   |   2 +-
 .../gms/auth/GMSAuthenticatorJUnitTest.java     |  37 +++--
 .../gms/membership/GMSJoinLeaveJUnitTest.java   |   2 +-
 .../cli/commands/CliCommandTestBase.java        |   2 +-
 .../security/AccessControlMBeanJUnitTest.java   |   3 +-
 ...CacheServerMBeanAuthenticationJUnitTest.java |   4 +-
 .../CacheServerMBeanAuthorizationJUnitTest.java |   3 +-
 .../security/CliCommandsSecurityTest.java       |   6 +-
 .../security/DataCommandsSecurityTest.java      |   3 +-
 .../DiskStoreMXBeanSecurityJUnitTest.java       |   3 +-
 .../GatewayReceiverMBeanSecurityTest.java       |   3 +-
 .../GatewaySenderMBeanSecurityTest.java         |   3 +-
 .../GeodeSecurityUtilCustomRealmJUnitTest.java  |   4 +-
 .../security/GfshCommandsPostProcessorTest.java |   3 +-
 .../security/GfshCommandsSecurityTest.java      |   3 +-
 .../internal/security/JSONAuthorization.java    |  48 ------
 .../JsonAuthorizationCacheStartRule.java        |   1 +
 .../LockServiceMBeanAuthorizationJUnitTest.java |   3 +-
 .../security/MBeanSecurityJUnitTest.java        |   3 +-
 .../ManagerMBeanAuthorizationJUnitTest.java     |   3 +-
 .../security/MemberMBeanSecurityJUnitTest.java  |   3 +-
 .../internal/security/MultiUserDUnitTest.java   |   4 +-
 ...ractIntegratedClientAuthDistributedTest.java |   4 +-
 ...edSecurityCacheLifecycleDistributedTest.java |  19 +--
 ...edSecurityCacheLifecycleIntegrationTest.java |  27 +---
 ...tegratedSecurityPeerAuthDistributedTest.java | 146 +++++++++++++++++++
 .../gemfire/security/JSONAuthorization.java     |  54 +++++++
 .../gemfire/security/SpySecurityManager.java    |  43 ++++++
 .../com/gemstone/gemfire/security/peerAuth.json |  36 +++++
 .../gemfire/tools/pulse/tests/Server.java       |   2 +-
 38 files changed, 430 insertions(+), 196 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/auth/GMSAuthenticator.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/auth/GMSAuthenticator.java b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/auth/GMSAuthenticator.java
index f16a722..cf99ea2 100755
--- a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/auth/GMSAuthenticator.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/auth/GMSAuthenticator.java
@@ -19,19 +19,15 @@ package com.gemstone.gemfire.distributed.internal.membership.gms.auth;
 import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
 import static com.gemstone.gemfire.internal.i18n.LocalizedStrings.*;
 
-import java.lang.reflect.Method;
 import java.security.Principal;
 import java.util.Properties;
-import java.util.Set;
 
 import com.gemstone.gemfire.LogWriter;
 import com.gemstone.gemfire.distributed.DistributedMember;
-import com.gemstone.gemfire.distributed.internal.DistributionConfig;
 import com.gemstone.gemfire.distributed.internal.membership.InternalDistributedMember;
 import com.gemstone.gemfire.distributed.internal.membership.NetView;
 import com.gemstone.gemfire.distributed.internal.membership.gms.Services;
 import com.gemstone.gemfire.distributed.internal.membership.gms.interfaces.Authenticator;
-import com.gemstone.gemfire.internal.ClassLoadUtil;
 import com.gemstone.gemfire.internal.i18n.LocalizedStrings;
 import com.gemstone.gemfire.internal.logging.InternalLogWriter;
 import com.gemstone.gemfire.internal.security.GeodeSecurityUtil;
@@ -44,15 +40,13 @@ import com.gemstone.gemfire.security.GemFireSecurityException;
 
 public class GMSAuthenticator implements Authenticator {
 
-  private final static String secPrefix = DistributionConfig.GEMFIRE_PREFIX + "sys.security-";
-  private final static int gemfireSysPrefixLen = (DistributionConfig.GEMFIRE_PREFIX + "sys.").length();
-
   private Services services;
-  private Properties securityProps = getSecurityProps();
+  private Properties securityProps;
 
   @Override
   public void init(Services s) {
     this.services = s;
+    this.securityProps = this.services.getConfig().getDistributionConfig().getSecurityProps();
   }
 
   @Override
@@ -105,57 +99,59 @@ public class GMSAuthenticator implements Authenticator {
    *         this will be removed since return string is used for failure
    */
   @Override
-  public String authenticate(InternalDistributedMember member, Object credentials) throws AuthenticationFailedException {
+  public String authenticate(InternalDistributedMember member, Properties credentials) throws AuthenticationFailedException {
     return authenticate(member, credentials, this.securityProps, this.services.getJoinLeave().getMemberID());
   }
 
   /**
    * Method is package protected to be used in testing.
    */
-  String authenticate(DistributedMember member, Object credentials, Properties secProps, DistributedMember localMember) throws AuthenticationFailedException {
-
-    String authMethod = secProps.getProperty(SECURITY_PEER_AUTHENTICATOR);
-    if (authMethod == null || authMethod.length() == 0) {
+  String authenticate(DistributedMember member, Properties credentials, Properties secProps, DistributedMember localMember) throws AuthenticationFailedException {
+    if(!GeodeSecurityUtil.isPeerSecurityRequired()){
       return null;
     }
 
     InternalLogWriter securityLogWriter = this.services.getSecurityLogWriter();
-    String failMsg = null;
-    if (credentials != null) {
-      try {
-        invokeAuthenticator(authMethod, member, credentials);
-
-      } catch (Exception ex) {
-        securityLogWriter.warning(AUTH_PEER_AUTHENTICATION_FAILED_WITH_EXCEPTION, new Object[] {member, authMethod, ex.getLocalizedMessage()}, ex);
-        failMsg = AUTH_PEER_AUTHENTICATION_FAILED.toLocalizedString(localMember);
-      }
 
-    } else { // No credentials - need to send failure message
-      securityLogWriter.warning(AUTH_PEER_AUTHENTICATION_MISSING_CREDENTIALS, new Object[] {member, authMethod});
-      failMsg = AUTH_PEER_AUTHENTICATION_MISSING_CREDENTIALS.toLocalizedString(member, authMethod);
+    if(credentials == null){
+      securityLogWriter.warning(AUTH_PEER_AUTHENTICATION_MISSING_CREDENTIALS, member);
+      return AUTH_PEER_AUTHENTICATION_MISSING_CREDENTIALS.toLocalizedString(member);
     }
 
+    String failMsg = null;
+    try {
+      if(GeodeSecurityUtil.isIntegratedSecurity()){
+        String username = credentials.getProperty("security-username");
+        String password = credentials.getProperty("security-password");
+        GeodeSecurityUtil.login(username, password);
+      }
+      else {
+        invokeAuthenticator(secProps, member, credentials);
+      }
+    } catch (Exception ex) {
+      securityLogWriter.warning(AUTH_PEER_AUTHENTICATION_FAILED_WITH_EXCEPTION, new Object[] {
+        member, ex.getLocalizedMessage()
+      }, ex);
+      failMsg = AUTH_PEER_AUTHENTICATION_FAILED.toLocalizedString(localMember);
+    }
     return failMsg;
   }
 
+
   /**
    * Method is package protected to be used in testing.
    */
-  Principal invokeAuthenticator(String authMethod, DistributedMember member, Object credentials) throws AuthenticationFailedException {
+  Principal invokeAuthenticator(Properties securityProps, DistributedMember member, Properties credentials) throws AuthenticationFailedException {
+      String authMethod = securityProps.getProperty(SECURITY_PEER_AUTHENTICATOR);
     com.gemstone.gemfire.security.Authenticator auth = null;
-
     try {
-      Method getter = ClassLoadUtil.methodFromName(authMethod);
-      auth = (com.gemstone.gemfire.security.Authenticator) getter.invoke(null, (Object[]) null);
-      if (auth == null) {
-        throw new AuthenticationFailedException(HandShake_AUTHENTICATOR_INSTANCE_COULD_NOT_BE_OBTAINED.toLocalizedString());
-      }
+      auth = GeodeSecurityUtil.getObjectOfTypeFromFactoryMethod(authMethod, com.gemstone.gemfire.security.Authenticator .class);
 
       LogWriter logWriter = this.services.getLogWriter();
       LogWriter securityLogWriter = this.services.getSecurityLogWriter();
 
       auth.init(this.securityProps, logWriter, securityLogWriter); // this.securityProps contains security-ldap-basedn but security-ldap-baseDomainName is expected
-      return auth.authenticate((Properties) credentials, member);
+      return auth.authenticate(credentials, member);
 
     } catch (GemFireSecurityException gse) {
       throw gse;
@@ -173,10 +169,10 @@ public class GMSAuthenticator implements Authenticator {
    *
    * @param  member
    *         the target distributed member
-   * @return the credential object
+   * @return the credentials
    */
   @Override
-  public Object getCredentials(InternalDistributedMember member) {
+  public Properties getCredentials(InternalDistributedMember member) {
     try {
       return getCredentials(member, securityProps);
 
@@ -217,16 +213,11 @@ public class GMSAuthenticator implements Authenticator {
     return credentials;
   }
 
+  /**
+   * For testing only.
+   */
   Properties getSecurityProps() {
-    Properties props = new Properties();
-    Set keys = System.getProperties().keySet();
-    for (Object key: keys) {
-      String propKey = (String) key;
-      if (propKey.startsWith(secPrefix)) {
-        props.setProperty(propKey.substring(gemfireSysPrefixLen), System.getProperty(propKey));
-      }
-    }
-    return props;
+    return this.securityProps;
   }
 
   @Override

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/interfaces/Authenticator.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/interfaces/Authenticator.java b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/interfaces/Authenticator.java
index fe96127..9660267 100755
--- a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/interfaces/Authenticator.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/interfaces/Authenticator.java
@@ -16,12 +16,14 @@
  */
 package com.gemstone.gemfire.distributed.internal.membership.gms.interfaces;
 
+import java.util.Properties;
+
 import com.gemstone.gemfire.distributed.internal.membership.InternalDistributedMember;
 import com.gemstone.gemfire.security.AuthenticationFailedException;
 
 public interface Authenticator extends Service {
 
-  String authenticate(InternalDistributedMember m, Object credentials) throws AuthenticationFailedException;
+  String authenticate(InternalDistributedMember m, Properties credentials) throws AuthenticationFailedException;
 
-  Object getCredentials(InternalDistributedMember m);
+  Properties getCredentials(InternalDistributedMember m);
 }

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/membership/GMSJoinLeave.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/membership/GMSJoinLeave.java b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/membership/GMSJoinLeave.java
index e5cac2d..4b82fa0 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/membership/GMSJoinLeave.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/membership/GMSJoinLeave.java
@@ -476,7 +476,7 @@ public class GMSJoinLeave implements JoinLeave, MessageHandler {
     Object creds = incomingRequest.getCredentials();
     String rejection = null;
     try {
-      rejection = services.getAuthenticator().authenticate(incomingRequest.getMemberID(), creds);
+      rejection = services.getAuthenticator().authenticate(incomingRequest.getMemberID(), (Properties)creds);
     } catch (Exception e) {
       rejection = e.getMessage();
     }

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/AcceptorImpl.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/AcceptorImpl.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/AcceptorImpl.java
index 43f90d5..4f952a8 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/AcceptorImpl.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/AcceptorImpl.java
@@ -638,7 +638,7 @@ public class AcceptorImpl extends Acceptor implements Runnable
       this.hsPool = tmp_hsPool;
     }
 
-    isAuthenticationRequired = GeodeSecurityUtil.isSecurityRequired();
+    isAuthenticationRequired = GeodeSecurityUtil.isClientSecurityRequired();
 
     isIntegratedSecurity = GeodeSecurityUtil.isIntegratedSecurity();
 

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/HandShake.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/HandShake.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/HandShake.java
index 2dcf8e7..e501531 100755
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/HandShake.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/HandShake.java
@@ -899,7 +899,7 @@ public class HandShake implements ClientHandShake
       throws GemFireSecurityException, IOException {
 
     Properties credentials = null;
-    boolean requireAuthentication = GeodeSecurityUtil.isSecurityRequired();
+    boolean requireAuthentication = GeodeSecurityUtil.isClientSecurityRequired();
     try {
       byte secureMode = dis.readByte();
       if (secureMode == CREDENTIALS_NONE) {
@@ -1161,7 +1161,7 @@ public class HandShake implements ClientHandShake
     // non-blank setting for DH symmetric algo, or this is a server
     // that has authenticator defined.
     if ((dhSKAlgo != null && dhSKAlgo.length() > 0)
-        || GeodeSecurityUtil.isSecurityRequired()) {
+        || GeodeSecurityUtil.isClientSecurityRequired()) {
       KeyPairGenerator keyGen = KeyPairGenerator.getInstance("DH");
       DHParameterSpec dhSpec = new DHParameterSpec(dhP, dhG, dhL);
       keyGen.initialize(dhSpec);
@@ -1632,7 +1632,7 @@ public class HandShake implements ClientHandShake
       DataOutputStream dos, DistributedSystem system)
       throws GemFireSecurityException, IOException {
 
-    boolean requireAuthentication = GeodeSecurityUtil.isSecurityRequired();
+    boolean requireAuthentication = GeodeSecurityUtil.isClientSecurityRequired();
     Properties credentials = null;
     try {
       byte secureMode = dis.readByte();

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/main/java/com/gemstone/gemfire/internal/i18n/LocalizedStrings.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/i18n/LocalizedStrings.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/i18n/LocalizedStrings.java
index be1ff17..2254a89 100755
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/i18n/LocalizedStrings.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/i18n/LocalizedStrings.java
@@ -3731,9 +3731,9 @@ public class LocalizedStrings {
   public static final StringId Network_partition_detected = new StringId(6607, "Exiting due to possible network partition event due to loss of {0} cache processes: {1}");
   
   // GMSAuthenticator
-  public static final StringId AUTH_PEER_AUTHENTICATION_FAILED_WITH_EXCEPTION = new StringId(6608, "Authentication failed for [{0}] using Authenticator [{1}]. {2}");
+  public static final StringId AUTH_PEER_AUTHENTICATION_FAILED_WITH_EXCEPTION = new StringId(6608, "Authentication failed for [{0}]. {1}");
   public static final StringId AUTH_PEER_AUTHENTICATION_FAILED = new StringId(6609, "Authentication failed. See coordinator [{0}] logs for details.");
-  public static final StringId AUTH_PEER_AUTHENTICATION_MISSING_CREDENTIALS = new StringId(6610, "Failed to find credentials from [{0}] using Authenticator [{1}]");
+  public static final StringId AUTH_PEER_AUTHENTICATION_MISSING_CREDENTIALS = new StringId(6610, "Failed to find credentials from [{0}]");
   public static final StringId AUTH_FAILED_TO_ACQUIRE_AUTHINITIALIZE_INSTANCE = new StringId(6611, "AuthInitialize instance could not be obtained");
   public static final StringId AUTH_FAILED_TO_OBTAIN_CREDENTIALS_IN_0_USING_AUTHINITIALIZE_1_2 = new StringId(6612, "Failed to obtain credentials using AuthInitialize [{1}]. {2}");
   public static final StringId DistributedSystem_BACKUP_ALREADY_IN_PROGRESS = new StringId(6613, "A backup is already in progress.");

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java
index d439b19..ead82e5 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java
@@ -65,7 +65,7 @@ public class GeodeSecurityUtil {
    * @return the shiro subject, null if security is not enabled
    */
   public static Subject getSubject() {
-    if (!isIntegratedSecure) {
+    if (!isIntegratedSecurity) {
       return null;
     }
 
@@ -102,7 +102,7 @@ public class GeodeSecurityUtil {
    * @return null if security is not enabled, otherwise return a shiro subject
    */
   public static Subject login(String username, String password) {
-    if (!isIntegratedSecure) {
+    if (!isIntegratedSecurity) {
       return null;
     }
 
@@ -271,8 +271,9 @@ public class GeodeSecurityUtil {
 
   private static PostProcessor postProcessor;
   private static SecurityManager securityManager;
-  private static boolean isSecure;
-  private static boolean isIntegratedSecure;
+  private static boolean isIntegratedSecurity;
+  private static boolean isClientAuthenticator;
+  private static boolean isPeerAuthenticator;
 
   /**
    * initialize Shiro's Security Manager and Security Utilities
@@ -286,6 +287,7 @@ public class GeodeSecurityUtil {
     String shiroConfig = securityProps.getProperty(SECURITY_SHIRO_INIT);
     String securityConfig = securityProps.getProperty(SECURITY_MANAGER);
     String clientAuthenticatorConfig = securityProps.getProperty(SECURITY_CLIENT_AUTHENTICATOR);
+    String peerAuthenticatorConfig = securityProps.getProperty(SECURITY_PEER_AUTHENTICATOR);
 
     if (!StringUtils.isBlank(shiroConfig)) {
       IniSecurityManagerFactory factory = new IniSecurityManagerFactory("classpath:" + shiroConfig);
@@ -299,8 +301,7 @@ public class GeodeSecurityUtil {
 
       org.apache.shiro.mgt.SecurityManager securityManager = factory.getInstance();
       SecurityUtils.setSecurityManager(securityManager);
-      isSecure = true;
-      isIntegratedSecure = true;
+      isIntegratedSecurity = true;
     }
     // only set up shiro realm if user has implemented SecurityManager
     else if (!StringUtils.isBlank(securityConfig)) {
@@ -309,17 +310,18 @@ public class GeodeSecurityUtil {
       Realm realm = new CustomAuthRealm(securityManager);
       org.apache.shiro.mgt.SecurityManager shiroManager = new DefaultSecurityManager(realm);
       SecurityUtils.setSecurityManager(shiroManager);
-      isSecure = true;
-      isIntegratedSecure = true;
+      isIntegratedSecurity = true;
     }
     else if( !StringUtils.isBlank(clientAuthenticatorConfig)) {
-      isSecure = true;
-      isIntegratedSecure = false;
+      isClientAuthenticator = true;
+    }
+    else if (!StringUtils.isBlank(peerAuthenticatorConfig)) {
+      isPeerAuthenticator = true;
     }
     else {
-      SecurityUtils.setSecurityManager(null);
-      isSecure = false;
-      isIntegratedSecure = false;
+      isIntegratedSecurity = false;
+      isClientAuthenticator = false;
+      isPeerAuthenticator = false;
     }
 
     // this initializes the post processor
@@ -344,8 +346,9 @@ public class GeodeSecurityUtil {
       postProcessor = null;
     }
     ThreadContext.remove();
-    isSecure = false;
-    isIntegratedSecure = false;
+    isIntegratedSecurity = false;
+    isClientAuthenticator = false;
+    isPeerAuthenticator = false;
   }
 
   /**
@@ -353,7 +356,7 @@ public class GeodeSecurityUtil {
    * But if your postProcess is pretty involved with preparations and you need to bypass it entirely, call this first.
    */
   public static boolean needPostProcess(){
-    return (isIntegratedSecure && postProcessor != null);
+    return (isIntegratedSecurity && postProcessor != null);
   }
 
   public static Object postProcess(String regionPath, Object key, Object result){
@@ -446,12 +449,16 @@ public class GeodeSecurityUtil {
   }
 
 
-  public static boolean isSecurityRequired(){
-    return isSecure;
+  public static boolean isClientSecurityRequired() {
+    return isClientAuthenticator || isIntegratedSecurity;
+  }
+
+  public static boolean isPeerSecurityRequired() {
+    return isPeerAuthenticator || isIntegratedSecurity;
   }
 
   public static boolean isIntegratedSecurity(){
-    return isIntegratedSecure;
+    return isIntegratedSecurity;
   }
 
 }

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/main/java/org/apache/geode/security/templates/SampleSecurityManager.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/security/templates/SampleSecurityManager.java b/geode-core/src/main/java/org/apache/geode/security/templates/SampleSecurityManager.java
index f0275e4..dd49f11 100644
--- a/geode-core/src/main/java/org/apache/geode/security/templates/SampleSecurityManager.java
+++ b/geode-core/src/main/java/org/apache/geode/security/templates/SampleSecurityManager.java
@@ -21,6 +21,7 @@ import java.io.InputStream;
 import java.io.StringWriter;
 import java.security.Principal;
 import java.util.ArrayList;
+import java.util.Collections;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.List;
@@ -154,6 +155,10 @@ public class SampleSecurityManager implements SecurityManager {
   }
 
   private static Map<String, Role> readRoles(JsonNode jsonNode) {
+    if (jsonNode.get("roles") == null) {
+      return Collections.EMPTY_MAP;
+    }
+
     Map<String, Role> roleMap = new HashMap<>();
     for (JsonNode r : jsonNode.get("roles")) {
       Role role = new Role();

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/DistributionConfigJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/DistributionConfigJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/DistributionConfigJUnitTest.java
index d2b0d51..c4b3a4d 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/DistributionConfigJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/DistributionConfigJUnitTest.java
@@ -38,7 +38,7 @@ import org.junit.experimental.categories.Category;
 import com.gemstone.gemfire.InternalGemFireException;
 import com.gemstone.gemfire.UnmodifiableException;
 import com.gemstone.gemfire.internal.ConfigSource;
-import com.gemstone.gemfire.management.internal.security.JSONAuthorization;
+import com.gemstone.gemfire.security.JSONAuthorization;
 import com.gemstone.gemfire.test.junit.categories.UnitTest;
 
 @Category(UnitTest.class)

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/membership/gms/auth/GMSAuthenticatorJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/membership/gms/auth/GMSAuthenticatorJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/membership/gms/auth/GMSAuthenticatorJUnitTest.java
index d52b261..18152b0 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/membership/gms/auth/GMSAuthenticatorJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/membership/gms/auth/GMSAuthenticatorJUnitTest.java
@@ -32,8 +32,10 @@ import org.junit.experimental.categories.Category;
 import com.gemstone.gemfire.LogWriter;
 import com.gemstone.gemfire.distributed.DistributedMember;
 import com.gemstone.gemfire.distributed.internal.DistributionConfig;
+import com.gemstone.gemfire.distributed.internal.membership.gms.ServiceConfig;
 import com.gemstone.gemfire.distributed.internal.membership.gms.Services;
 import com.gemstone.gemfire.internal.logging.InternalLogWriter;
+import com.gemstone.gemfire.internal.security.GeodeSecurityUtil;
 import com.gemstone.gemfire.security.AuthInitialize;
 import com.gemstone.gemfire.security.AuthenticationFailedException;
 import com.gemstone.gemfire.security.Authenticator;
@@ -46,6 +48,7 @@ public class GMSAuthenticatorJUnitTest {
 
   private String prefix;
   private Properties props;
+  protected Properties securityProps;
   private Services services;
   private GMSAuthenticator authenticator;
   private DistributedMember member;
@@ -57,27 +60,26 @@ public class GMSAuthenticatorJUnitTest {
   public void setUp() throws Exception {
     prefix = getClass().getName() + "$";
     props = new Properties();
+    securityProps = new Properties();
     authenticator = new GMSAuthenticator();
 
     services = mock(Services.class);
     InternalLogWriter securityLog = mock(InternalLogWriter.class);
     when(services.getSecurityLogWriter()).thenReturn(mock(InternalLogWriter.class));
 
-    authenticator.init(services);
+    DistributionConfig distributionConfig = mock(DistributionConfig.class);
+    when(distributionConfig.getSecurityProps()).thenReturn(securityProps);
 
-    member = mock(DistributedMember.class);
-  }
+    ServiceConfig serviceConfig = mock(ServiceConfig.class);
+    when(serviceConfig.getDistributionConfig()).thenReturn(distributionConfig);
 
-  @Test
-  public void testGetSecurityProps() throws Exception {
-    props.setProperty(DistributionConfig.GEMFIRE_PREFIX + "sys."+SECURITY_PEER_AUTH_INIT, "dummy1");
-    props.setProperty(DistributionConfig.GEMFIRE_PREFIX + "sys."+SECURITY_PEER_AUTHENTICATOR, "dummy2");
-    props.setProperty("security-auth-init", "dummy3");
-    System.setProperties(props);
-    Properties secProps = authenticator.getSecurityProps();
-    assertEquals("wrong size", 2, secProps.size());
-    assertEquals("wrong value", "dummy1", secProps.getProperty(SECURITY_PEER_AUTH_INIT));
-    assertEquals("wrong value", "dummy2", secProps.getProperty(SECURITY_PEER_AUTHENTICATOR));
+    services = mock(Services.class);
+    when(services.getSecurityLogWriter()).thenReturn(securityLog);
+    when(services.getConfig()).thenReturn(serviceConfig);
+
+    authenticator.init(services);
+    GeodeSecurityUtil.initSecurity(securityProps);
+    member = mock(DistributedMember.class);
   }
 
   @Test
@@ -141,6 +143,7 @@ public class GMSAuthenticatorJUnitTest {
   @Test
   public void testAuthenticatorNormal() throws Exception {
     props.setProperty(SECURITY_PEER_AUTHENTICATOR, prefix + "TestAuthenticator4.create");
+    GeodeSecurityUtil.initSecurity(props);
     TestAuthenticator4 auth = new TestAuthenticator4();
     assertFalse(auth.isClosed());
     TestAuthenticator4.setAuthenticator(auth);
@@ -159,6 +162,7 @@ public class GMSAuthenticatorJUnitTest {
   @Test
   public void testAuthenticatorWithEmptyAuth() throws Exception {
     props.setProperty(SECURITY_PEER_AUTHENTICATOR, "");
+    GeodeSecurityUtil.initSecurity(props);
     String result = authenticator.authenticate(member, props, props, member);
     assertNull(result);
   }
@@ -166,34 +170,39 @@ public class GMSAuthenticatorJUnitTest {
   @Test
   public void testAuthenticatorWithNotExistAuth() throws Exception {
     props.setProperty(SECURITY_PEER_AUTHENTICATOR, prefix + "NotExistAuth.create");
+    GeodeSecurityUtil.initSecurity(props);
     verifyNegativeAuthenticate(props, props, "Authentication failed. See coordinator");
   }
 
   @Test
   public void testAuthenticatorWithNullAuth() throws Exception {
     props.setProperty(SECURITY_PEER_AUTHENTICATOR, prefix + "TestAuthenticator1.create");
+    GeodeSecurityUtil.initSecurity(props);
     verifyNegativeAuthenticate(props, props, "Authentication failed. See coordinator");
   }
 
   @Test
   public void testAuthenticatorWithNullCredential() throws Exception {
     props.setProperty(SECURITY_PEER_AUTHENTICATOR, prefix + "TestAuthenticator1.create");
+    GeodeSecurityUtil.initSecurity(props);
     verifyNegativeAuthenticate(null, props, "Failed to find credentials from");
   }
 
   @Test
   public void testAuthenticatorWithAuthInitFailure() throws Exception {
     props.setProperty(SECURITY_PEER_AUTHENTICATOR, prefix + "TestAuthenticator2.create");
+    GeodeSecurityUtil.initSecurity(props);
     verifyNegativeAuthenticate(props, props, "Authentication failed. See coordinator");
   }
 
   @Test
   public void testAuthenticatorWithAuthFailure() throws Exception {
     props.setProperty(SECURITY_PEER_AUTHENTICATOR, prefix + "TestAuthenticator3.create");
+    GeodeSecurityUtil.initSecurity(props);
     verifyNegativeAuthenticate(props, props, "Authentication failed. See coordinator");
   }
 
-  void verifyNegativeAuthenticate(Object credential, Properties props, String expectedError) throws Exception {
+  void verifyNegativeAuthenticate(Properties credential, Properties props, String expectedError) throws Exception {
     String result = authenticator.authenticate(member, credential, props, member);
     assertTrue(result, result.startsWith(expectedError));
   }

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/membership/gms/membership/GMSJoinLeaveJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/membership/gms/membership/GMSJoinLeaveJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/membership/gms/membership/GMSJoinLeaveJUnitTest.java
index 732d7a1..35298ac 100755
--- a/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/membership/gms/membership/GMSJoinLeaveJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/membership/gms/membership/GMSJoinLeaveJUnitTest.java
@@ -67,7 +67,7 @@ public class GMSJoinLeaveJUnitTest {
   private InternalDistributedMember gmsJoinLeaveMemberId;
   private InternalDistributedMember[] mockMembers;
   private InternalDistributedMember mockOldMember;
-  private Object credentials = new Object();
+  private Properties credentials = new Properties();
   private Messenger messenger;
   private GMSJoinLeave gmsJoinLeave;
   private Manager manager;

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/test/java/com/gemstone/gemfire/management/internal/cli/commands/CliCommandTestBase.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/cli/commands/CliCommandTestBase.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/cli/commands/CliCommandTestBase.java
index 75d88aa..163f9b5 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/cli/commands/CliCommandTestBase.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/cli/commands/CliCommandTestBase.java
@@ -42,7 +42,7 @@ import com.gemstone.gemfire.management.internal.cli.parser.CommandTarget;
 import com.gemstone.gemfire.management.internal.cli.result.CommandResult;
 import com.gemstone.gemfire.management.internal.cli.shell.Gfsh;
 import com.gemstone.gemfire.management.internal.cli.util.CommandStringBuilder;
-import com.gemstone.gemfire.management.internal.security.JSONAuthorization;
+import com.gemstone.gemfire.security.JSONAuthorization;
 import com.gemstone.gemfire.test.dunit.Host;
 import com.gemstone.gemfire.test.dunit.IgnoredException;
 import com.gemstone.gemfire.test.dunit.cache.internal.JUnit4CacheTestCase;

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/AccessControlMBeanJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/AccessControlMBeanJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/AccessControlMBeanJUnitTest.java
index ac5c65a..6c626fc 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/AccessControlMBeanJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/AccessControlMBeanJUnitTest.java
@@ -16,6 +16,7 @@
  */
 package com.gemstone.gemfire.management.internal.security;
 
+import static com.gemstone.gemfire.security.JSONAuthorization.*;
 import static org.assertj.core.api.Assertions.*;
 
 import com.gemstone.gemfire.internal.AvailablePort;
@@ -35,7 +36,7 @@ public class AccessControlMBeanJUnitTest {
 
   @ClassRule
   public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule(
-      jmxManagerPort, "cacheServer.json");
+      jmxManagerPort, CACHE_SERVER_JSON);
 
   @Rule
   public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort);

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanAuthenticationJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanAuthenticationJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanAuthenticationJUnitTest.java
index f38f2fc..6857e18 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanAuthenticationJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanAuthenticationJUnitTest.java
@@ -16,6 +16,8 @@
  */
 package com.gemstone.gemfire.management.internal.security;
 
+import static com.gemstone.gemfire.security.JSONAuthorization.*;
+
 import org.junit.Before;
 import org.junit.ClassRule;
 import org.junit.Rule;
@@ -34,7 +36,7 @@ public class CacheServerMBeanAuthenticationJUnitTest {
 
   @ClassRule
   public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule(
-      jmxManagerPort, "cacheServer.json");
+      jmxManagerPort, CACHE_SERVER_JSON);
 
   @Rule
   public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort);

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanAuthorizationJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanAuthorizationJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanAuthorizationJUnitTest.java
index 3ded1dc..39094fb 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanAuthorizationJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanAuthorizationJUnitTest.java
@@ -16,6 +16,7 @@
  */
 package com.gemstone.gemfire.management.internal.security;
 
+import static com.gemstone.gemfire.security.JSONAuthorization.*;
 import static org.assertj.core.api.Assertions.*;
 
 import com.gemstone.gemfire.internal.AvailablePort;
@@ -35,7 +36,7 @@ public class CacheServerMBeanAuthorizationJUnitTest {
 
   @ClassRule
   public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule(
-      jmxManagerPort, "cacheServer.json");
+      jmxManagerPort, CACHE_SERVER_JSON);
 
   @Rule
   public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort);

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CliCommandsSecurityTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CliCommandsSecurityTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CliCommandsSecurityTest.java
index abcafaf..af26147 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CliCommandsSecurityTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CliCommandsSecurityTest.java
@@ -16,6 +16,7 @@
  */
 package com.gemstone.gemfire.management.internal.security;
 
+import static com.gemstone.gemfire.security.JSONAuthorization.*;
 import static org.assertj.core.api.AssertionsForClassTypes.fail;
 import static org.junit.Assert.*;
 
@@ -34,9 +35,6 @@ import com.gemstone.gemfire.security.NotAuthorizedException;
 import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
 import com.gemstone.gemfire.test.junit.categories.SecurityTest;
 
-/**
- */
-
 @Category({IntegrationTest.class, SecurityTest.class})
 public class CliCommandsSecurityTest {
   private static int jmxManagerPort = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET);
@@ -47,7 +45,7 @@ public class CliCommandsSecurityTest {
 
   @ClassRule
   public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule(
-      jmxManagerPort, "cacheServer.json");
+      jmxManagerPort, CACHE_SERVER_JSON);
 
   @Rule
   public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort);

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/DataCommandsSecurityTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/DataCommandsSecurityTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/DataCommandsSecurityTest.java
index 01575b1..73da024 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/DataCommandsSecurityTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/DataCommandsSecurityTest.java
@@ -17,6 +17,7 @@
 package com.gemstone.gemfire.management.internal.security;
 
 import static org.assertj.core.api.Assertions.*;
+import static com.gemstone.gemfire.security.JSONAuthorization.*;
 
 import com.gemstone.gemfire.internal.AvailablePort;
 import com.gemstone.gemfire.management.MemberMXBean;
@@ -37,7 +38,7 @@ public class DataCommandsSecurityTest {
 
   @ClassRule
   public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule(
-      jmxManagerPort, "cacheServer.json");
+      jmxManagerPort, CACHE_SERVER_JSON);
 
   @Rule
   public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort);

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/DiskStoreMXBeanSecurityJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/DiskStoreMXBeanSecurityJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/DiskStoreMXBeanSecurityJUnitTest.java
index 05d3e3d..2d8099d 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/DiskStoreMXBeanSecurityJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/DiskStoreMXBeanSecurityJUnitTest.java
@@ -17,6 +17,7 @@
 package com.gemstone.gemfire.management.internal.security;
 
 import static org.assertj.core.api.Assertions.*;
+import static com.gemstone.gemfire.security.JSONAuthorization.*;
 
 import com.gemstone.gemfire.internal.AvailablePort;
 import com.gemstone.gemfire.management.DiskStoreMXBean;
@@ -36,7 +37,7 @@ public class DiskStoreMXBeanSecurityJUnitTest {
 
   @ClassRule
   public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule(
-      jmxManagerPort, "cacheServer.json");
+      jmxManagerPort, CACHE_SERVER_JSON);
 
   @Rule
   public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort);

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewayReceiverMBeanSecurityTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewayReceiverMBeanSecurityTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewayReceiverMBeanSecurityTest.java
index 6c97694..8bc55f0 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewayReceiverMBeanSecurityTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewayReceiverMBeanSecurityTest.java
@@ -18,6 +18,7 @@ package com.gemstone.gemfire.management.internal.security;
 
 import static org.assertj.core.api.Assertions.*;
 import static org.mockito.Mockito.*;
+import static com.gemstone.gemfire.security.JSONAuthorization.*;
 
 import javax.management.ObjectName;
 
@@ -45,7 +46,7 @@ public class GatewayReceiverMBeanSecurityTest {
 
   @ClassRule
   public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule(
-      jmxManagerPort, "cacheServer.json");
+      jmxManagerPort, CACHE_SERVER_JSON);
 
   @Rule
   public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort);

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewaySenderMBeanSecurityTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewaySenderMBeanSecurityTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewaySenderMBeanSecurityTest.java
index 4806464..fe4f624 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewaySenderMBeanSecurityTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewaySenderMBeanSecurityTest.java
@@ -18,6 +18,7 @@ package com.gemstone.gemfire.management.internal.security;
 
 import static org.assertj.core.api.Assertions.*;
 import static org.mockito.Mockito.*;
+import static com.gemstone.gemfire.security.JSONAuthorization.*;
 
 import javax.management.ObjectName;
 
@@ -45,7 +46,7 @@ public class GatewaySenderMBeanSecurityTest {
 
   @ClassRule
   public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule(
-      jmxManagerPort, "cacheServer.json");
+      jmxManagerPort, CACHE_SERVER_JSON);
 
   @Rule
   public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort);

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilCustomRealmJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilCustomRealmJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilCustomRealmJUnitTest.java
index 5627c9e..dd9961d 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilCustomRealmJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilCustomRealmJUnitTest.java
@@ -18,11 +18,13 @@
 package com.gemstone.gemfire.management.internal.security;
 
 import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
+import static com.gemstone.gemfire.security.JSONAuthorization.*;
 
 import org.junit.BeforeClass;
 import org.junit.experimental.categories.Category;
 
 import com.gemstone.gemfire.internal.security.GeodeSecurityUtil;
+import com.gemstone.gemfire.security.JSONAuthorization;
 import com.gemstone.gemfire.test.junit.categories.UnitTest;
 
 /**
@@ -35,7 +37,7 @@ public class GeodeSecurityUtilCustomRealmJUnitTest extends GeodeSecurityUtilWith
   @BeforeClass
   public static void beforeClass() throws Exception{
     props.put(SECURITY_MANAGER, JSONAuthorization.class.getName());
-    JSONAuthorization.setUpWithJsonFile("shiro-ini.json");
+    JSONAuthorization.setUpWithJsonFile(SHIRO_INI_JSON);
     GeodeSecurityUtil.initSecurity(props);
   }
 

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshCommandsPostProcessorTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshCommandsPostProcessorTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshCommandsPostProcessorTest.java
index 07bd1c1..8b96e8b 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshCommandsPostProcessorTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshCommandsPostProcessorTest.java
@@ -18,6 +18,7 @@
 package com.gemstone.gemfire.management.internal.security;
 
 import static com.gemstone.gemfire.internal.Assert.assertTrue;
+import static com.gemstone.gemfire.security.JSONAuthorization.*;
 
 import org.junit.Before;
 import org.junit.ClassRule;
@@ -38,7 +39,7 @@ public class GfshCommandsPostProcessorTest {
 
   @ClassRule
   public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule(
-      jmxPort, "cacheServer.json", SamplePostProcessor.class);
+      jmxPort, CACHE_SERVER_JSON, SamplePostProcessor.class);
 
   @Rule
   public GfshShellConnectionRule gfshConnection;

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshCommandsSecurityTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshCommandsSecurityTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshCommandsSecurityTest.java
index 6d42aa8..603088e 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshCommandsSecurityTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshCommandsSecurityTest.java
@@ -18,6 +18,7 @@
 package com.gemstone.gemfire.management.internal.security;
 
 import static org.junit.Assert.*;
+import static com.gemstone.gemfire.security.JSONAuthorization.*;
 
 import java.util.List;
 
@@ -47,7 +48,7 @@ public class GfshCommandsSecurityTest {
 
   @ClassRule
   public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule(
-      jmxPort, httpPort, "cacheServer.json");
+      jmxPort, httpPort, CACHE_SERVER_JSON);
 
   @Rule
   public GfshShellConnectionRule gfshConnection;

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/JSONAuthorization.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/JSONAuthorization.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/JSONAuthorization.java
deleted file mode 100644
index b97cf85..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/JSONAuthorization.java
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.management.internal.security;
-
-import java.io.File;
-import java.io.FileReader;
-import java.io.IOException;
-
-import org.apache.geode.security.templates.SampleSecurityManager;
-import com.gemstone.gemfire.util.test.TestUtil;
-
-/**
- * Used by test code. when using this class for security-manager, you will need explicitly call setUpWithJsonFile
- * to initialize the acl (access control list).
- */
-public class JSONAuthorization extends SampleSecurityManager {
-
-  /**
-   * Override the child class's implemention to look for jsonFile in the same package as this class instead of
-   * in the classpath
-   * @param jsonFileName
-   * @throws IOException
-   */
-  public static void setUpWithJsonFile(String jsonFileName) throws IOException {
-    String filePath = TestUtil.getResourcePath(JSONAuthorization.class, jsonFileName);
-    File file = new File(filePath);
-    FileReader reader = new FileReader(file);
-    char[] buffer = new char[(int) file.length()];
-    reader.read(buffer);
-    String json = new String(buffer);
-    reader.close();
-    readSecurityDescriptor(json);
-  }
-}

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/JsonAuthorizationCacheStartRule.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/JsonAuthorizationCacheStartRule.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/JsonAuthorizationCacheStartRule.java
index d64e2ee..1d4fb40 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/JsonAuthorizationCacheStartRule.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/JsonAuthorizationCacheStartRule.java
@@ -24,6 +24,7 @@ import org.junit.rules.ExternalResource;
 
 import com.gemstone.gemfire.cache.Cache;
 import com.gemstone.gemfire.cache.CacheFactory;
+import com.gemstone.gemfire.security.JSONAuthorization;
 
 public class JsonAuthorizationCacheStartRule extends ExternalResource {
   private Cache cache;

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/LockServiceMBeanAuthorizationJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/LockServiceMBeanAuthorizationJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/LockServiceMBeanAuthorizationJUnitTest.java
index f07358b..44e414c 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/LockServiceMBeanAuthorizationJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/LockServiceMBeanAuthorizationJUnitTest.java
@@ -17,6 +17,7 @@
 package com.gemstone.gemfire.management.internal.security;
 
 import static org.assertj.core.api.Assertions.*;
+import static com.gemstone.gemfire.security.JSONAuthorization.*;
 
 import com.gemstone.gemfire.cache.Cache;
 import com.gemstone.gemfire.distributed.internal.InternalDistributedSystem;
@@ -40,7 +41,7 @@ public class LockServiceMBeanAuthorizationJUnitTest {
 
   @ClassRule
   public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule(
-      jmxManagerPort, "cacheServer.json");
+      jmxManagerPort, CACHE_SERVER_JSON);
 
   @Rule
   public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort);

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MBeanSecurityJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MBeanSecurityJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MBeanSecurityJUnitTest.java
index 6f8ee34..1d6c95d 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MBeanSecurityJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MBeanSecurityJUnitTest.java
@@ -26,6 +26,7 @@ import org.junit.ClassRule;
 import org.junit.Rule;
 import org.junit.Test;
 import org.junit.experimental.categories.Category;
+import static com.gemstone.gemfire.security.JSONAuthorization.*;
 
 import javax.management.DynamicMBean;
 import javax.management.MBeanServer;
@@ -47,7 +48,7 @@ public class MBeanSecurityJUnitTest {
   private static int jmxManagerPort = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET);
 
   @ClassRule
-  public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule(jmxManagerPort, "cacheServer.json");
+  public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule(jmxManagerPort, CACHE_SERVER_JSON);
 
   @Rule
   public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort);

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/ManagerMBeanAuthorizationJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/ManagerMBeanAuthorizationJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/ManagerMBeanAuthorizationJUnitTest.java
index 425c467..635daa6 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/ManagerMBeanAuthorizationJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/ManagerMBeanAuthorizationJUnitTest.java
@@ -18,6 +18,7 @@ package com.gemstone.gemfire.management.internal.security;
 
 import static org.assertj.core.api.Assertions.*;
 import static org.mockito.Mockito.*;
+import static com.gemstone.gemfire.security.JSONAuthorization.*;
 
 import java.lang.management.ManagementFactory;
 import javax.management.ObjectName;
@@ -41,7 +42,7 @@ public class ManagerMBeanAuthorizationJUnitTest {
 
   @ClassRule
   public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule(
-      jmxManagerPort, "cacheServer.json");
+      jmxManagerPort, CACHE_SERVER_JSON);
 
   @Rule
   public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort);

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MemberMBeanSecurityJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MemberMBeanSecurityJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MemberMBeanSecurityJUnitTest.java
index e32b6ca..4ee5b13 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MemberMBeanSecurityJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MemberMBeanSecurityJUnitTest.java
@@ -16,6 +16,7 @@
  */
 package com.gemstone.gemfire.management.internal.security;
 
+import static com.gemstone.gemfire.security.JSONAuthorization.*;
 import static org.assertj.core.api.Assertions.*;
 
 import com.gemstone.gemfire.internal.AvailablePort;
@@ -35,7 +36,7 @@ public class MemberMBeanSecurityJUnitTest {
 
   @ClassRule
   public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule(
-      jmxManagerPort, "cacheServer.json");
+      jmxManagerPort, CACHE_SERVER_JSON);
 
   @Rule
   public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort);

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MultiUserDUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MultiUserDUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MultiUserDUnitTest.java
index 1c55a3c..e86cf61 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MultiUserDUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MultiUserDUnitTest.java
@@ -19,12 +19,14 @@ package com.gemstone.gemfire.management.internal.security;
 
 import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
 import static org.junit.Assert.*;
+import static com.gemstone.gemfire.security.JSONAuthorization.*;
 
 import java.io.IOException;
 import java.util.List;
 import java.util.Properties;
 import java.util.concurrent.TimeUnit;
 
+import com.gemstone.gemfire.security.JSONAuthorization;
 import com.jayway.awaitility.Awaitility;
 import org.json.JSONException;
 import org.junit.Test;
@@ -54,7 +56,7 @@ public class MultiUserDUnitTest extends CliCommandTestBase {
     properties.put(SECURITY_MANAGER, JSONAuthorization.class.getName());
 
     // set up vm_0 the secure jmx manager
-    Object[] results = setUpJMXManagerOnVM(0, properties, "cacheServer.json");
+    Object[] results = setUpJMXManagerOnVM(0, properties, CACHE_SERVER_JSON);
     String gfshDir = this.gfshDir;
 
     // set up vm_1 as a gfsh vm, data-reader will login and log out constantly in this vm until the test is done.

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/test/java/com/gemstone/gemfire/security/AbstractIntegratedClientAuthDistributedTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/AbstractIntegratedClientAuthDistributedTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/AbstractIntegratedClientAuthDistributedTest.java
index 10c316a..feee478 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/AbstractIntegratedClientAuthDistributedTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/security/AbstractIntegratedClientAuthDistributedTest.java
@@ -17,6 +17,7 @@
 package com.gemstone.gemfire.security;
 
 import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
+import static com.gemstone.gemfire.security.JSONAuthorization.*;
 import static org.assertj.core.api.Assertions.*;
 import static org.junit.Assert.*;
 
@@ -32,7 +33,6 @@ import com.gemstone.gemfire.cache.client.ClientCache;
 import com.gemstone.gemfire.cache.client.ClientCacheFactory;
 import com.gemstone.gemfire.cache.client.ClientRegionShortcut;
 import com.gemstone.gemfire.cache.server.CacheServer;
-import com.gemstone.gemfire.management.internal.security.JSONAuthorization;
 import com.gemstone.gemfire.security.templates.UserPasswordAuthInit;
 import com.gemstone.gemfire.test.dunit.Host;
 import com.gemstone.gemfire.test.dunit.Invoke;
@@ -56,7 +56,7 @@ public class AbstractIntegratedClientAuthDistributedTest extends JUnit4CacheTest
     this.client2 = host.getVM(2);
     this.client3 = host.getVM(3);
 
-    JSONAuthorization.setUpWithJsonFile("clientServer.json");
+    JSONAuthorization.setUpWithJsonFile(CLIENT_SERVER_JSON);
 
     Properties props = new Properties();
     props.setProperty(SECURITY_MANAGER, JSONAuthorization.class.getName());

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityCacheLifecycleDistributedTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityCacheLifecycleDistributedTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityCacheLifecycleDistributedTest.java
index 9f06482..dc63f2f 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityCacheLifecycleDistributedTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityCacheLifecycleDistributedTest.java
@@ -16,11 +16,10 @@
  */
 package com.gemstone.gemfire.security;
 
-
 import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
+import static com.gemstone.gemfire.security.JSONAuthorization.*;
 import static org.assertj.core.api.Assertions.*;
 
-import java.security.Principal;
 import java.util.Properties;
 
 import org.junit.Test;
@@ -29,8 +28,6 @@ import org.junit.experimental.categories.Category;
 import com.gemstone.gemfire.cache.server.CacheServer;
 import com.gemstone.gemfire.internal.AvailablePort;
 import com.gemstone.gemfire.internal.security.GeodeSecurityUtil;
-import com.gemstone.gemfire.management.internal.security.JSONAuthorization;
-import com.gemstone.gemfire.security.IntegratedSecurityCacheLifecycleIntegrationTest.SpySecurityManager;
 import com.gemstone.gemfire.test.dunit.DistributedTestUtils;
 import com.gemstone.gemfire.test.dunit.Host;
 import com.gemstone.gemfire.test.dunit.NetworkUtils;
@@ -41,13 +38,14 @@ import com.gemstone.gemfire.test.junit.categories.SecurityTest;
 
 @Category({DistributedTest.class, SecurityTest.class})
 public class IntegratedSecurityCacheLifecycleDistributedTest extends JUnit4CacheTestCase {
+
   private VM locator;
 
   @Override
   public final void postSetUp() throws Exception {
     Host host = Host.getHost(0);
     locator = host.getVM(0);
-    JSONAuthorization.setUpWithJsonFile("clientServer.json");
+    JSONAuthorization.setUpWithJsonFile(CLIENT_SERVER_JSON);
     int locatorPort = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET);
     String locators =  NetworkUtils.getServerHostName(host) + "[" + locatorPort + "]";
 
@@ -55,21 +53,19 @@ public class IntegratedSecurityCacheLifecycleDistributedTest extends JUnit4Cache
       DistributedTestUtils.deleteLocatorStateFile(locatorPort);
 
       final Properties properties = new Properties();
+//      properties.setProperty(LOCATORS, locators);
       properties.setProperty(MCAST_PORT, "0");
-      properties.setProperty(START_LOCATOR, locators);
       properties.setProperty(SECURITY_MANAGER, SpySecurityManager.class.getName());
+      properties.setProperty(START_LOCATOR, locators);
       properties.setProperty(USE_CLUSTER_CONFIGURATION, "false");
       getSystem(properties);
       getCache();
     });
 
     final Properties properties = new Properties();
+    properties.setProperty(LOCATORS, locators);
     properties.setProperty(MCAST_PORT, "0");
     properties.setProperty(SECURITY_MANAGER, SpySecurityManager.class.getName());
-    properties.setProperty(LOCATORS, locators);
-    properties.setProperty(JMX_MANAGER, "false");
-    properties.setProperty(JMX_MANAGER_PORT, "0");
-    properties.setProperty(JMX_MANAGER_START, "false");
     properties.setProperty(USE_CLUSTER_CONFIGURATION, "false");
     getSystem(properties);
 
@@ -95,8 +91,7 @@ public class IntegratedSecurityCacheLifecycleDistributedTest extends JUnit4Cache
   }
 
   private void verifyInitCloseInvoked() {
-    SpySecurityManager ssm = (SpySecurityManager) GeodeSecurityUtil
-      .getSecurityManager();
+    SpySecurityManager ssm = (SpySecurityManager) GeodeSecurityUtil.getSecurityManager();
     assertThat(ssm.initInvoked).isEqualTo(1);
     getCache().close();
     assertThat(ssm.closeInvoked).isEqualTo(1);

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityCacheLifecycleIntegrationTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityCacheLifecycleIntegrationTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityCacheLifecycleIntegrationTest.java
index 712329d..228a8d6 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityCacheLifecycleIntegrationTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityCacheLifecycleIntegrationTest.java
@@ -14,13 +14,12 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-
 package com.gemstone.gemfire.security;
 
 import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
 import static org.assertj.core.api.Assertions.*;
+import static org.mockito.Mockito.*;
 
-import java.security.Principal;
 import java.util.Properties;
 
 import com.gemstone.gemfire.cache.Cache;
@@ -29,8 +28,6 @@ import com.gemstone.gemfire.internal.security.GeodeSecurityUtil;
 import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
 import com.gemstone.gemfire.test.junit.categories.SecurityTest;
 
-import org.apache.geode.security.GeodePermission;
-import org.apache.geode.security.SecurityManager;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
@@ -38,6 +35,7 @@ import org.junit.experimental.categories.Category;
 
 @Category({IntegrationTest.class, SecurityTest.class})
 public class IntegratedSecurityCacheLifecycleIntegrationTest {
+
   private Properties securityProps;
   private Cache cache;
 
@@ -52,7 +50,6 @@ public class IntegratedSecurityCacheLifecycleIntegrationTest {
     props.setProperty(LOCATORS, "");
 
     cache = new CacheFactory(props).create();
-
   }
 
   @After
@@ -70,24 +67,4 @@ public class IntegratedSecurityCacheLifecycleIntegrationTest {
     assertThat(ssm.closeInvoked).isEqualTo(1);
   }
 
-  public static class SpySecurityManager implements SecurityManager {
-
-    public int initInvoked = 0;
-    public int closeInvoked = 0;
-
-    @Override
-    public void init(final Properties securityProps) {
-      initInvoked++;
-    }
-
-    @Override
-    public Principal authenticate(final Properties props) throws AuthenticationFailedException {
-      return null;
-    }
-
-    @Override
-    public void close() {
-      closeInvoked++;
-    }
-  }
 }

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityPeerAuthDistributedTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityPeerAuthDistributedTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityPeerAuthDistributedTest.java
new file mode 100644
index 0000000..a5e0aa0
--- /dev/null
+++ b/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityPeerAuthDistributedTest.java
@@ -0,0 +1,146 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.security;
+
+import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
+import static com.gemstone.gemfire.security.JSONAuthorization.*;
+import static com.gemstone.gemfire.test.dunit.Invoke.*;
+import static org.assertj.core.api.Assertions.*;
+
+import java.util.Properties;
+
+import com.gemstone.gemfire.internal.AvailablePort;
+import com.gemstone.gemfire.security.templates.UserPasswordAuthInit;
+import com.gemstone.gemfire.test.dunit.DistributedTestUtils;
+import com.gemstone.gemfire.test.dunit.Host;
+import com.gemstone.gemfire.test.dunit.NetworkUtils;
+import com.gemstone.gemfire.test.dunit.VM;
+import com.gemstone.gemfire.test.dunit.cache.internal.JUnit4CacheTestCase;
+import com.gemstone.gemfire.test.junit.categories.DistributedTest;
+import com.gemstone.gemfire.test.junit.categories.SecurityTest;
+
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+@Category({ DistributedTest.class, SecurityTest.class })
+public class IntegratedSecurityPeerAuthDistributedTest extends JUnit4CacheTestCase{
+
+  private static SpyJSONAuthorization spyJSONAuthorization;
+
+  private VM locator;
+  private VM server1;
+  private VM server2;
+
+  private String locators;
+
+  @Override
+  public final void postSetUp() throws Exception {
+    Host host = Host.getHost(0);
+    locator = host.getVM(0);
+    server1 = host.getVM(1);
+    server2 = host.getVM(2);
+
+    int locatorPort = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET);
+    locators =  NetworkUtils.getServerHostName(host) + "[" + locatorPort + "]";
+
+    locator.invoke(() -> {
+      JSONAuthorization.setUpWithJsonFile(PEER_AUTH_JSON);
+      spyJSONAuthorization = new SpyJSONAuthorization();
+
+      DistributedTestUtils.deleteLocatorStateFile(locatorPort);
+
+      final Properties properties = createProperties(locators);
+      properties.setProperty(UserPasswordAuthInit.USER_NAME, "locator1");
+      properties.setProperty(UserPasswordAuthInit.PASSWORD, "1234567");
+      properties.setProperty(START_LOCATOR, locators);
+
+      getSystem(properties);
+      getCache();
+    });
+
+    server1.invoke(()-> {
+      JSONAuthorization.setUpWithJsonFile(PEER_AUTH_JSON);
+      spyJSONAuthorization = new SpyJSONAuthorization();
+
+      final Properties properties = createProperties(locators);
+      properties.setProperty(UserPasswordAuthInit.USER_NAME, "server1");
+      properties.setProperty(UserPasswordAuthInit.PASSWORD, "1234567");
+
+      getSystem(properties);
+      getCache();
+    });
+
+    server2.invoke(()-> {
+      JSONAuthorization.setUpWithJsonFile(PEER_AUTH_JSON);
+      spyJSONAuthorization = new SpyJSONAuthorization();
+
+      final Properties properties = createProperties(locators);
+      properties.setProperty(UserPasswordAuthInit.USER_NAME, "server2");
+      properties.setProperty(UserPasswordAuthInit.PASSWORD, "1234567");
+
+      getSystem(properties);
+      getCache();
+    });
+  }
+
+  @Test
+  public void initAndCloseTest() throws Exception {
+    JSONAuthorization.setUpWithJsonFile(PEER_AUTH_JSON);
+    spyJSONAuthorization = new SpyJSONAuthorization();
+
+    final Properties properties = createProperties(locators);
+    properties.setProperty(UserPasswordAuthInit.USER_NAME, "stranger");
+    properties.setProperty(UserPasswordAuthInit.PASSWORD, "1234567");
+
+    assertThatThrownBy(() -> getSystem(properties)).isExactlyInstanceOf(AuthenticationFailedException.class);
+  }
+
+  @Override
+  public void postTearDownCacheTestCase() throws Exception {
+    closeAllCache();
+    spyJSONAuthorization = null;
+    invokeInEveryVM(() -> { spyJSONAuthorization = null; });
+  }
+
+  private static Properties createProperties(String locators) {
+    Properties allProperties = new Properties();
+    allProperties.setProperty(LOCATORS, locators);
+    allProperties.setProperty(MCAST_PORT, "0");
+    allProperties.setProperty(SECURITY_MANAGER, SpyJSONAuthorization.class.getName());
+    allProperties.setProperty(SECURITY_PEER_AUTH_INIT, UserPasswordAuthInit.class.getName() + ".create");
+    allProperties.setProperty(USE_CLUSTER_CONFIGURATION, "false");
+    return allProperties;
+  }
+
+  public static class SpyJSONAuthorization extends JSONAuthorization {
+
+    static int initInvoked = 0;
+    static int closeInvoked = 0;
+
+    @Override
+    public void init(final Properties securityProps) {
+      initInvoked++;
+      super.init(securityProps);
+    }
+
+    @Override
+    public void close() {
+      closeInvoked++;
+      super.close();
+    }
+  }
+}

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/test/java/com/gemstone/gemfire/security/JSONAuthorization.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/JSONAuthorization.java b/geode-core/src/test/java/com/gemstone/gemfire/security/JSONAuthorization.java
new file mode 100644
index 0000000..bf7990a
--- /dev/null
+++ b/geode-core/src/test/java/com/gemstone/gemfire/security/JSONAuthorization.java
@@ -0,0 +1,54 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.security;
+
+import java.io.File;
+import java.io.FileReader;
+import java.io.IOException;
+
+import org.apache.geode.security.templates.SampleSecurityManager;
+import com.gemstone.gemfire.util.test.TestUtil;
+
+/**
+ * Used by test code. when using this class for security-manager, you will need explicitly call setUpWithJsonFile
+ * to initialize the acl (access control list).
+ */
+public class JSONAuthorization extends SampleSecurityManager {
+
+  public static String AUTH1_JSON = "/com/gemstone/gemfire/management/internal/security/auth1.json";
+  public static String AUTH2_JSON = "/com/gemstone/gemfire/management/internal/security/auth2.json";
+  public static String AUTH3_JSON = "/com/gemstone/gemfire/management/internal/security/auth3.json";
+  public static String CACHE_SERVER_JSON = "/com/gemstone/gemfire/management/internal/security/cacheServer.json";
+  public static String CLIENT_SERVER_JSON = "/com/gemstone/gemfire/management/internal/security/clientServer.json";
+  public static String SHIRO_INI_JSON = "/com/gemstone/gemfire/management/internal/security/shiro-ini.json";
+  public static String PEER_AUTH_JSON = "/com/gemstone/gemfire/security/peerAuth.json";
+
+  /**
+   * Override the child class's implemention to look for jsonFile in the same package as this class instead of
+   * in the classpath
+   */
+  public static void setUpWithJsonFile(String jsonFileName) throws IOException {
+    String filePath = TestUtil.getResourcePath(JSONAuthorization.class, jsonFileName);
+    File file = new File(filePath);
+    FileReader reader = new FileReader(file);
+    char[] buffer = new char[(int) file.length()];
+    reader.read(buffer);
+    String json = new String(buffer);
+    reader.close();
+    readSecurityDescriptor(json);
+  }
+}

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/test/java/com/gemstone/gemfire/security/SpySecurityManager.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/SpySecurityManager.java b/geode-core/src/test/java/com/gemstone/gemfire/security/SpySecurityManager.java
new file mode 100644
index 0000000..6d04a0d
--- /dev/null
+++ b/geode-core/src/test/java/com/gemstone/gemfire/security/SpySecurityManager.java
@@ -0,0 +1,43 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.security;
+
+import java.security.Principal;
+import java.util.Properties;
+
+import org.apache.geode.security.SecurityManager;
+
+public class SpySecurityManager implements SecurityManager {
+
+  public int initInvoked = 0;
+  public int closeInvoked = 0;
+
+  @Override
+  public void init(final Properties securityProps) {
+    initInvoked++;
+  }
+
+  @Override
+  public Principal authenticate(final Properties props) throws AuthenticationFailedException {
+    return null;
+  }
+
+  @Override
+  public void close() {
+    closeInvoked++;
+  }
+}

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/test/resources/com/gemstone/gemfire/security/peerAuth.json
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/com/gemstone/gemfire/security/peerAuth.json b/geode-core/src/test/resources/com/gemstone/gemfire/security/peerAuth.json
new file mode 100644
index 0000000..9bd8936
--- /dev/null
+++ b/geode-core/src/test/resources/com/gemstone/gemfire/security/peerAuth.json
@@ -0,0 +1,36 @@
+{
+  "users": [
+    {
+      "name": "locator1",
+      "password": "1234567",
+      "roles": [
+      ]
+    },
+    {
+      "name": "server1",
+      "password": "1234567",
+      "roles": [
+      ]
+    },
+    {
+      "name": "server2",
+      "password": "1234567",
+      "roles": [
+      ]
+    }
+  ]
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/Server.java
----------------------------------------------------------------------
diff --git a/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/Server.java b/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/Server.java
index 7385e7f..8f47145 100644
--- a/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/Server.java
+++ b/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/Server.java
@@ -46,7 +46,7 @@ import org.apache.shiro.realm.Realm;
 import com.gemstone.gemfire.internal.security.shiro.CustomAuthRealm;
 import com.gemstone.gemfire.internal.security.shiro.JMXShiroAuthenticator;
 import com.gemstone.gemfire.management.internal.security.AccessControlMBean;
-import com.gemstone.gemfire.management.internal.security.JSONAuthorization;
+import com.gemstone.gemfire.security.JSONAuthorization;
 import com.gemstone.gemfire.management.internal.security.MBeanServerWrapper;
 import com.gemstone.gemfire.management.internal.security.ResourceConstants;
 


Mime
View raw message