geode-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From hiteshkhame...@apache.org
Subject [15/15] incubator-geode git commit: GEODE-37 Renamed security related stuff
Date Tue, 13 Sep 2016 22:56:17 GMT
GEODE-37 Renamed security related stuff


Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/9d7a6960
Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/9d7a6960
Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/9d7a6960

Branch: refs/heads/feature/GEODE-37_2
Commit: 9d7a6960afedd8991fd6be44e4ca10a0b43b59ce
Parents: 7c20e69
Author: Hitesh Khamesra <hkhamesra@pivotal.io>
Authored: Tue Sep 13 15:56:14 2016 -0700
Committer: Hitesh Khamesra <hkhamesra@pivotal.io>
Committed: Tue Sep 13 15:56:14 2016 -0700

----------------------------------------------------------------------
 .../gemfire/security/AccessControl.java         |  105 -
 .../gemfire/security/AuthInitialize.java        |   97 -
 .../security/AuthenticationFailedException.java |   53 -
 .../AuthenticationRequiredException.java        |   53 -
 .../gemfire/security/Authenticator.java         |   96 -
 .../security/GemFireSecurityException.java      |  132 --
 .../security/NotAuthorizedException.java        |  134 --
 .../com/gemstone/gemfire/security/package.html  |   39 -
 .../apache/geode/security/AccessControl.java    |  105 +
 .../apache/geode/security/AuthInitialize.java   |   97 +
 .../security/AuthenticationFailedException.java |   53 +
 .../AuthenticationRequiredException.java        |   53 +
 .../apache/geode/security/Authenticator.java    |   96 +
 .../security/GemFireSecurityException.java      |  132 ++
 .../geode/security/NotAuthorizedException.java  |  134 ++
 .../java/org/apache/geode/security/package.html |   39 +
 .../security/AbstractSecureServerDUnitTest.java |  162 --
 .../security/ClientAuthenticationDUnitTest.java |   90 -
 .../ClientAuthenticationPart2DUnitTest.java     |   76 -
 .../security/ClientAuthenticationTestCase.java  |  562 -----
 .../security/ClientAuthenticationTestUtils.java |   90 -
 .../security/ClientAuthorizationDUnitTest.java  |  647 ------
 .../security/ClientAuthorizationTestCase.java   | 1325 ------------
 .../security/ClientMultiUserAuthzDUnitTest.java |  345 ----
 .../DeltaClientAuthorizationDUnitTest.java      |  201 --
 .../DeltaClientPostAuthorizationDUnitTest.java  |  284 ---
 .../security/GemFireSecurityExceptionTest.java  |  169 --
 .../security/IntegratedClientAuthDUnitTest.java |   64 -
 ...tedClientContainsKeyAuthDistributedTest.java |   55 -
 ...entDestroyInvalidateAuthDistributedTest.java |   84 -
 ...dClientDestroyRegionAuthDistributedTest.java |   65 -
 ...lientExecuteFunctionAuthDistributedTest.java |   61 -
 ...xecuteRegionFunctionAuthDistributedTest.java |   62 -
 ...tegratedClientGetAllAuthDistributedTest.java |   57 -
 ...tGetClientPRMetaDataAuthDistributedTest.java |   66 -
 ...ientPartitionAttrCmdAuthDistributedTest.java |   52 -
 ...gratedClientGetEntryAuthDistributedTest.java |   76 -
 ...tegratedClientGetPutAuthDistributedTest.java |  116 --
 ...tedClientRegionClearAuthDistributedTest.java |   63 -
 ...ientRegisterInterestAuthDistributedTest.java |  164 --
 ...ratedClientRemoveAllAuthDistributedTest.java |   65 -
 ...IntegratedClientSizeAuthDistributedTest.java |   54 -
 ...ntUnregisterInterestAuthDistributedTest.java |   48 -
 ...edSecurityCacheLifecycleDistributedTest.java |  134 --
 ...edSecurityCacheLifecycleIntegrationTest.java |   74 -
 ...tegratedSecurityPeerAuthDistributedTest.java |  146 --
 .../security/NoShowValue1PostProcessor.java     |   36 -
 .../NoShowValue1PostProcessorDUnitTest.java     |   86 -
 .../security/NotAuthorizedExceptionTest.java    |  200 --
 .../security/P2PAuthenticationDUnitTest.java    |  541 -----
 .../PDXGfshPostProcessorOnRemoteServerTest.java |  159 --
 .../gemfire/security/PDXPostProcessor.java      |   60 -
 .../security/PDXPostProcessorDUnitTest.java     |  233 ---
 .../security/PostProcessorDUnitTest.java        |  126 --
 .../gemfire/security/SecurityTestUtils.java     | 1930 ------------------
 .../gemfire/security/SpySecurityManager.java    |   42 -
 .../generator/AuthzCredentialGenerator.java     |  447 ----
 .../security/generator/CredentialGenerator.java |  333 ---
 .../DummyAuthzCredentialGenerator.java          |  129 --
 .../generator/DummyCredentialGenerator.java     |   89 -
 .../generator/LdapUserCredentialGenerator.java  |  165 --
 .../generator/PKCSCredentialGenerator.java      |  115 --
 .../generator/SSLCredentialGenerator.java       |  123 --
 .../UserPasswordWithExtraPropsAuthInit.java     |   70 -
 .../generator/XmlAuthzCredentialGenerator.java  |  257 ---
 .../security/templates/DummyAuthenticator.java  |   75 -
 .../security/templates/DummyAuthorization.java  |  122 --
 .../templates/FunctionSecurityPrmsHolder.java   |   50 -
 .../templates/LdapUserAuthenticator.java        |  107 -
 .../security/templates/PKCSAuthInit.java        |  120 --
 .../security/templates/PKCSAuthenticator.java   |  158 --
 .../security/templates/PKCSPrincipal.java       |   40 -
 .../security/templates/PKCSPrincipalTest.java   |   50 -
 .../templates/UserPasswordAuthInit.java         |   75 -
 .../security/templates/UsernamePrincipal.java   |   44 -
 .../templates/UsernamePrincipalTest.java        |   50 -
 .../security/templates/XmlAuthorization.java    |  615 ------
 .../security/templates/XmlErrorHandler.java     |   75 -
 .../security/AbstractSecureServerDUnitTest.java |  162 ++
 .../security/ClientAuthenticationDUnitTest.java |   90 +
 .../ClientAuthenticationPart2DUnitTest.java     |   76 +
 .../security/ClientAuthenticationTestCase.java  |  562 +++++
 .../security/ClientAuthenticationTestUtils.java |   90 +
 .../security/ClientAuthorizationDUnitTest.java  |  647 ++++++
 .../security/ClientAuthorizationTestCase.java   | 1325 ++++++++++++
 .../security/ClientMultiUserAuthzDUnitTest.java |  345 ++++
 .../DeltaClientAuthorizationDUnitTest.java      |  201 ++
 .../DeltaClientPostAuthorizationDUnitTest.java  |  284 +++
 .../security/GemFireSecurityExceptionTest.java  |  169 ++
 .../security/IntegratedClientAuthDUnitTest.java |   64 +
 ...tedClientContainsKeyAuthDistributedTest.java |   55 +
 ...entDestroyInvalidateAuthDistributedTest.java |   84 +
 ...dClientDestroyRegionAuthDistributedTest.java |   65 +
 ...lientExecuteFunctionAuthDistributedTest.java |   61 +
 ...xecuteRegionFunctionAuthDistributedTest.java |   62 +
 ...tegratedClientGetAllAuthDistributedTest.java |   57 +
 ...tGetClientPRMetaDataAuthDistributedTest.java |   66 +
 ...ientPartitionAttrCmdAuthDistributedTest.java |   52 +
 ...gratedClientGetEntryAuthDistributedTest.java |   76 +
 ...tegratedClientGetPutAuthDistributedTest.java |  116 ++
 ...tedClientRegionClearAuthDistributedTest.java |   63 +
 ...ientRegisterInterestAuthDistributedTest.java |  164 ++
 ...ratedClientRemoveAllAuthDistributedTest.java |   65 +
 ...IntegratedClientSizeAuthDistributedTest.java |   54 +
 ...ntUnregisterInterestAuthDistributedTest.java |   48 +
 ...edSecurityCacheLifecycleDistributedTest.java |  134 ++
 ...edSecurityCacheLifecycleIntegrationTest.java |   74 +
 ...tegratedSecurityPeerAuthDistributedTest.java |  146 ++
 .../security/NoShowValue1PostProcessor.java     |   36 +
 .../NoShowValue1PostProcessorDUnitTest.java     |   86 +
 .../security/NotAuthorizedExceptionTest.java    |  200 ++
 .../security/P2PAuthenticationDUnitTest.java    |  541 +++++
 .../PDXGfshPostProcessorOnRemoteServerTest.java |  159 ++
 .../apache/geode/security/PDXPostProcessor.java |   60 +
 .../security/PDXPostProcessorDUnitTest.java     |  233 +++
 .../geode/security/PostProcessorDUnitTest.java  |  126 ++
 .../geode/security/SecurityTestUtils.java       | 1930 ++++++++++++++++++
 .../geode/security/SpySecurityManager.java      |   42 +
 .../generator/AuthzCredentialGenerator.java     |  447 ++++
 .../security/generator/CredentialGenerator.java |  333 +++
 .../DummyAuthzCredentialGenerator.java          |  129 ++
 .../generator/DummyCredentialGenerator.java     |   89 +
 .../generator/LdapUserCredentialGenerator.java  |  165 ++
 .../generator/PKCSCredentialGenerator.java      |  115 ++
 .../generator/SSLCredentialGenerator.java       |  123 ++
 .../UserPasswordWithExtraPropsAuthInit.java     |   70 +
 .../generator/XmlAuthzCredentialGenerator.java  |  257 +++
 .../security/templates/DummyAuthenticator.java  |   75 +
 .../security/templates/DummyAuthorization.java  |  122 ++
 .../templates/FunctionSecurityPrmsHolder.java   |   50 +
 .../templates/LdapUserAuthenticator.java        |  107 +
 .../geode/security/templates/PKCSAuthInit.java  |  120 ++
 .../security/templates/PKCSAuthenticator.java   |  158 ++
 .../geode/security/templates/PKCSPrincipal.java |   40 +
 .../security/templates/PKCSPrincipalTest.java   |   50 +
 .../templates/UserPasswordAuthInit.java         |   75 +
 .../security/templates/UsernamePrincipal.java   |   44 +
 .../templates/UsernamePrincipalTest.java        |   50 +
 .../security/templates/XmlAuthorization.java    |  615 ++++++
 .../security/templates/XmlErrorHandler.java     |   75 +
 .../gemfire/security/generator/authz-dummy.xml  |  124 --
 .../gemfire/security/generator/authz-ldap.xml   |   83 -
 .../generator/authz-multiUser-dummy.xml         |  104 -
 .../security/generator/authz-multiUser-ldap.xml |   81 -
 .../security/generator/keys/gemfire1.keystore   |  Bin 1536 -> 0 bytes
 .../security/generator/keys/gemfire10.keystore  |  Bin 1546 -> 0 bytes
 .../security/generator/keys/gemfire11.keystore  |  Bin 1546 -> 0 bytes
 .../security/generator/keys/gemfire2.keystore   |  Bin 1536 -> 0 bytes
 .../security/generator/keys/gemfire3.keystore   |  Bin 1536 -> 0 bytes
 .../security/generator/keys/gemfire4.keystore   |  Bin 1536 -> 0 bytes
 .../security/generator/keys/gemfire5.keystore   |  Bin 1536 -> 0 bytes
 .../security/generator/keys/gemfire6.keystore   |  Bin 1536 -> 0 bytes
 .../security/generator/keys/gemfire7.keystore   |  Bin 1536 -> 0 bytes
 .../security/generator/keys/gemfire8.keystore   |  Bin 1536 -> 0 bytes
 .../security/generator/keys/gemfire9.keystore   |  Bin 1536 -> 0 bytes
 .../generator/keys/ibm/gemfire1.keystore        |  Bin 1426 -> 0 bytes
 .../generator/keys/ibm/gemfire10.keystore       |  Bin 1434 -> 0 bytes
 .../generator/keys/ibm/gemfire11.keystore       |  Bin 1434 -> 0 bytes
 .../generator/keys/ibm/gemfire2.keystore        |  Bin 1434 -> 0 bytes
 .../generator/keys/ibm/gemfire3.keystore        |  Bin 1426 -> 0 bytes
 .../generator/keys/ibm/gemfire4.keystore        |  Bin 1434 -> 0 bytes
 .../generator/keys/ibm/gemfire5.keystore        |  Bin 1434 -> 0 bytes
 .../generator/keys/ibm/gemfire6.keystore        |  Bin 1434 -> 0 bytes
 .../generator/keys/ibm/gemfire7.keystore        |  Bin 1426 -> 0 bytes
 .../generator/keys/ibm/gemfire8.keystore        |  Bin 1434 -> 0 bytes
 .../generator/keys/ibm/gemfire9.keystore        |  Bin 1426 -> 0 bytes
 .../security/generator/keys/ibm/publickeyfile   |  Bin 4535 -> 0 bytes
 .../security/generator/keys/publickeyfile       |  Bin 4535 -> 0 bytes
 .../com/gemstone/gemfire/security/peerAuth.json |   36 -
 .../gemfire/security/templates/authz5_5.dtd     |  105 -
 .../gemfire/security/templates/authz6_0.dtd     |  110 -
 .../geode/security/generator/authz-dummy.xml    |  124 ++
 .../geode/security/generator/authz-ldap.xml     |   83 +
 .../generator/authz-multiUser-dummy.xml         |  104 +
 .../security/generator/authz-multiUser-ldap.xml |   81 +
 .../security/generator/keys/gemfire1.keystore   |  Bin 0 -> 1536 bytes
 .../security/generator/keys/gemfire10.keystore  |  Bin 0 -> 1546 bytes
 .../security/generator/keys/gemfire11.keystore  |  Bin 0 -> 1546 bytes
 .../security/generator/keys/gemfire2.keystore   |  Bin 0 -> 1536 bytes
 .../security/generator/keys/gemfire3.keystore   |  Bin 0 -> 1536 bytes
 .../security/generator/keys/gemfire4.keystore   |  Bin 0 -> 1536 bytes
 .../security/generator/keys/gemfire5.keystore   |  Bin 0 -> 1536 bytes
 .../security/generator/keys/gemfire6.keystore   |  Bin 0 -> 1536 bytes
 .../security/generator/keys/gemfire7.keystore   |  Bin 0 -> 1536 bytes
 .../security/generator/keys/gemfire8.keystore   |  Bin 0 -> 1536 bytes
 .../security/generator/keys/gemfire9.keystore   |  Bin 0 -> 1536 bytes
 .../generator/keys/ibm/gemfire1.keystore        |  Bin 0 -> 1426 bytes
 .../generator/keys/ibm/gemfire10.keystore       |  Bin 0 -> 1434 bytes
 .../generator/keys/ibm/gemfire11.keystore       |  Bin 0 -> 1434 bytes
 .../generator/keys/ibm/gemfire2.keystore        |  Bin 0 -> 1434 bytes
 .../generator/keys/ibm/gemfire3.keystore        |  Bin 0 -> 1426 bytes
 .../generator/keys/ibm/gemfire4.keystore        |  Bin 0 -> 1434 bytes
 .../generator/keys/ibm/gemfire5.keystore        |  Bin 0 -> 1434 bytes
 .../generator/keys/ibm/gemfire6.keystore        |  Bin 0 -> 1434 bytes
 .../generator/keys/ibm/gemfire7.keystore        |  Bin 0 -> 1426 bytes
 .../generator/keys/ibm/gemfire8.keystore        |  Bin 0 -> 1434 bytes
 .../generator/keys/ibm/gemfire9.keystore        |  Bin 0 -> 1426 bytes
 .../security/generator/keys/ibm/publickeyfile   |  Bin 0 -> 4535 bytes
 .../geode/security/generator/keys/publickeyfile |  Bin 0 -> 4535 bytes
 .../org/apache/geode/security/peerAuth.json     |   36 +
 .../geode/security/templates/authz5_5.dtd       |  105 +
 .../geode/security/templates/authz6_0.dtd       |  110 +
 202 files changed, 13531 insertions(+), 13531 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/main/java/com/gemstone/gemfire/security/AccessControl.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/security/AccessControl.java b/geode-core/src/main/java/com/gemstone/gemfire/security/AccessControl.java
deleted file mode 100644
index 3d22864..0000000
--- a/geode-core/src/main/java/com/gemstone/gemfire/security/AccessControl.java
+++ /dev/null
@@ -1,105 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.gemstone.gemfire.security;
-
-import java.security.Principal;
-
-import com.gemstone.gemfire.cache.Cache;
-import com.gemstone.gemfire.cache.CacheCallback;
-import com.gemstone.gemfire.cache.operations.OperationContext;
-import com.gemstone.gemfire.distributed.DistributedMember;
-
-/**
- * Specifies the interface to authorize operations at the cache or region level
- * for clients or servers. Implementations should register name of the static
- * creation function as the <code>security-client-accessor</code> system
- * property with all the servers uniformly in the distributed system for client
- * authorization. When the <code>security-client-accessor-pp</code> property
- * is set then the callback mentioned is invoked after the operation completes
- * successfully and when sending notifications.
- * 
- * When the registration has been done for a client/peer then an object of this
- * class is created for each connection from the client/peer and the
- * <code>authorizeOperation</code> method invoked before/after each operation.
- * 
- * @since GemFire 5.5
- *
- * @deprecated since Geode 1.0, use {@link SecurityManager} instead
- */
-public interface AccessControl extends CacheCallback {
-
-  /**
-   * Initialize the callback for a client/peer having the given principal.
-   * 
-   * This is invoked when a new connection from a client/peer is created with
-   * the host. The callback is expected to store authentication information of
-   * the given principal for the different regions for maximum efficiency when
-   * invoking <code>authorizeOperation</code> in each operation.
-   * 
-   * @param principal
-   *                the principal associated with the authenticated client or
-   *                peer; a null principal implies an unauthenticated client
-   *                which should be handled properly by implementations
-   * @param remoteMember
-   *                the {@link DistributedMember} object for the remote
-   *                authenticated client or peer
-   * @param cache
-   *                reference to the cache object
-   * 
-   * @throws NotAuthorizedException
-   *                 if some exception condition happens during the
-   *                 initialization; in such a case all subsequent client
-   *                 operations on that connection will throw
-   *                 <code>NotAuthorizedException</code>
-   */
-  void init(Principal principal, DistributedMember remoteMember,
-      Cache cache) throws NotAuthorizedException;
-
-  default void init(Principal principal, DistributedMember remoteMember) throws NotAuthorizedException {
-    init(principal, remoteMember, null);
-  }
-
-  default void init(Principal principal) throws NotAuthorizedException {
-    init(principal, null, null);
-  }
-
-  /**
-   * Check if the given operation is allowed for the cache/region.
-   * 
-   * This method is invoked in each cache and region level operation. It is,
-   * therefore, expected that as far as possible relevant information has been
-   * cached in the <code>init</code> call made when the connection was
-   * established so that this call is as quick as possible.
-   * 
-   * @param regionName
-   *                When null then it indicates a cache-level operation (i.e.
-   *                one of {@link com.gemstone.gemfire.cache.operations.OperationContext.OperationCode#REGION_DESTROY} or
-   *                {@link com.gemstone.gemfire.cache.operations.OperationContext.OperationCode#QUERY}, else the name of the region
-   *                for the operation.
-   * @param context
-   *                When invoked before the operation then the data required by
-   *                the operation. When invoked as a post-process filter then it
-   *                contains the result of the operation. The data in the
-   *                context can be possibly modified by the method.
-   * 
-   * @return true if the operation is authorized and false otherwise
-   * 
-   */
-  boolean authorizeOperation(String regionName, OperationContext context);
-
-}

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/main/java/com/gemstone/gemfire/security/AuthInitialize.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/security/AuthInitialize.java b/geode-core/src/main/java/com/gemstone/gemfire/security/AuthInitialize.java
deleted file mode 100644
index e92772b..0000000
--- a/geode-core/src/main/java/com/gemstone/gemfire/security/AuthInitialize.java
+++ /dev/null
@@ -1,97 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.gemstone.gemfire.security;
-
-import java.util.Properties;
-
-import com.gemstone.gemfire.LogWriter;
-import com.gemstone.gemfire.cache.CacheCallback;
-import com.gemstone.gemfire.distributed.DistributedMember;
-import com.gemstone.gemfire.distributed.DistributedSystem;
-import com.gemstone.gemfire.internal.cache.GemFireCacheImpl;
-
-// TODO Add example usage of this interface and configuration details
-/**
- * Specifies the mechanism to obtain credentials for a client or peer. It is
- * mandatory for clients and peers when running in secure mode and an
- * {@link Authenticator} has been configured on the server/locator side
- * respectively. Implementations should register name of the static creation
- * function (that returns an object of the class) as the
- * <i>security-peer-auth-init</i> system property on peers and as the
- * <i>security-client-auth-init</i> system property on clients.
- * 
- * @since GemFire 5.5
- */
-public interface AuthInitialize extends CacheCallback {
-
-  /**
-   * Initialize the callback for a client/peer. This is invoked when a new
-   * connection from a client/peer is created with the host.
-   * 
-   * @param systemLogger
-   *                {@link LogWriter} for system logs
-   * @param securityLogger
-   *                {@link LogWriter} for security logs
-   * 
-   * @throws AuthenticationFailedException
-   *                 if some exception occurs during the initialization
-   *
-   *  @deprecated since Geode 1.0, use init()
-   */
-  public void init(LogWriter systemLogger, LogWriter securityLogger)
-      throws AuthenticationFailedException;
-
-  /**
-   * @since Geode 1.0. implement this method instead of init with logwriters.
-   * Implementation should use log4j instead of these loggers.
-   */
-  default public void init(){
-    GemFireCacheImpl cache = GemFireCacheImpl.getInstance();
-    init(cache.getLogger(), cache.getSecurityLogger());
-  }
-  /**
-   * Initialize with the given set of security properties and return the
-   * credentials for the peer/client as properties.
-   * 
-   * This method can modify the given set of properties. For example it may
-   * invoke external agents or even interact with the user.
-   * 
-   * Normally it is expected that implementations will filter out <i>security-*</i>
-   * properties that are needed for credentials and return only those.
-   * 
-   * @param securityProps
-   *                the security properties obtained using a call to
-   *                {@link DistributedSystem#getSecurityProperties} that will be
-   *                used for obtaining the credentials
-   * @param server
-   *                the {@link DistributedMember} object of the
-   *                server/group-coordinator to which connection is being
-   *                attempted
-   * @param isPeer
-   *                true when this is invoked for peer initialization and false
-   *                when invoked for client initialization
-   * 
-   * @throws AuthenticationFailedException
-   *                 in case of failure to obtain the credentials
-   * 
-   * @return the credentials to be used for the given <code>server</code>
-   */
-  public Properties getCredentials(Properties securityProps,
-      DistributedMember server, boolean isPeer)
-      throws AuthenticationFailedException;
-}

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/main/java/com/gemstone/gemfire/security/AuthenticationFailedException.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/security/AuthenticationFailedException.java b/geode-core/src/main/java/com/gemstone/gemfire/security/AuthenticationFailedException.java
deleted file mode 100644
index 3ab728f..0000000
--- a/geode-core/src/main/java/com/gemstone/gemfire/security/AuthenticationFailedException.java
+++ /dev/null
@@ -1,53 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.gemstone.gemfire.security;
-
-/**
- * Thrown if authentication of this client/peer fails.
- * 
- * @since GemFire 5.5
- */
-public class AuthenticationFailedException extends GemFireSecurityException {
-private static final long serialVersionUID = -8202866472279088879L;
-
-  // TODO Derive from SecurityException
-  /**
-   * Constructs instance of <code>AuthenticationFailedException</code> with
-   * error message.
-   * 
-   * @param message
-   *                the error message
-   */
-  public AuthenticationFailedException(String message) {
-    super(message);
-  }
-
-  /**
-   * Constructs instance of <code>AuthenticationFailedException</code> with
-   * error message and cause.
-   * 
-   * @param message
-   *                the error message
-   * @param cause
-   *                a <code>Throwable</code> that is a cause of this exception
-   */
-  public AuthenticationFailedException(String message, Throwable cause) {
-    super(message, cause);
-  }
-
-}

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/main/java/com/gemstone/gemfire/security/AuthenticationRequiredException.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/security/AuthenticationRequiredException.java b/geode-core/src/main/java/com/gemstone/gemfire/security/AuthenticationRequiredException.java
deleted file mode 100644
index f67af39..0000000
--- a/geode-core/src/main/java/com/gemstone/gemfire/security/AuthenticationRequiredException.java
+++ /dev/null
@@ -1,53 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.gemstone.gemfire.security;
-
-/**
- * Thrown if the distributed system is in secure mode and this client/peer has
- * not set the security credentials.
- * 
- * @since GemFire 5.5
- */
-public class AuthenticationRequiredException extends GemFireSecurityException {
-private static final long serialVersionUID = 4675976651103154919L;
-
-  /**
-   * Constructs instance of <code>NotAuthenticatedException</code> with error
-   * message.
-   * 
-   * @param message
-   *                the error message
-   */
-  public AuthenticationRequiredException(String message) {
-    super(message);
-  }
-
-  /**
-   * Constructs instance of <code>NotAuthenticatedException</code> with error
-   * message and cause.
-   * 
-   * @param message
-   *                the error message
-   * @param cause
-   *                a <code>Throwable</code> that is a cause of this exception
-   */
-  public AuthenticationRequiredException(String message, Throwable cause) {
-    super(message, cause);
-  }
-
-}

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/main/java/com/gemstone/gemfire/security/Authenticator.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/security/Authenticator.java b/geode-core/src/main/java/com/gemstone/gemfire/security/Authenticator.java
deleted file mode 100644
index f66f092..0000000
--- a/geode-core/src/main/java/com/gemstone/gemfire/security/Authenticator.java
+++ /dev/null
@@ -1,96 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.gemstone.gemfire.security;
-
-import java.security.Principal;
-import java.util.Properties;
-
-import com.gemstone.gemfire.LogWriter;
-import com.gemstone.gemfire.cache.CacheCallback;
-import com.gemstone.gemfire.distributed.DistributedMember;
-import com.gemstone.gemfire.distributed.DistributedSystem;
-
-/**
- * Specifies the mechanism to verify credentials for a client or peer.
- * Implementations should register name of the static creation function as the
- * <code>security-peer-authenticator</code> system property with all the
- * locators in the distributed system for peer authentication, and as
- * <code>security-client-authenticator</code> for client authentication. For
- * P2P an object is initialized on the group coordinator for each member during
- * the {@link DistributedSystem#connect(Properties)} call of a new member. For
- * client-server, an object of this class is created for each connection during
- * the client-server handshake.
- * 
- * The static creation function should have the following signature:
- * <code>public static Authenticator [method-name]();</code> i.e. it should be
- * a zero argument function.
- * 
- * @since GemFire 5.5
- *
- * @deprecated since Geode 1.0, use {@link SecurityManager} instead
- */
-public interface Authenticator extends CacheCallback {
-
-  /**
-   * Initialize the callback for a client/peer. This is invoked when a new
-   * connection from a client/peer is created with the host.
-   * 
-   * @param securityProps
-   *                the security properties obtained using a call to
-   *                {@link DistributedSystem#getSecurityProperties}
-   * @param systemLogger
-   *                {@link LogWriter} for system logs
-   * @param securityLogger
-   *                {@link LogWriter} for security logs
-   * 
-   * @throws AuthenticationFailedException
-   *                 if some exception occurs during the initialization
-   */
-  void init(Properties securityProps, LogWriter systemLogger,
-      LogWriter securityLogger) throws AuthenticationFailedException;
-
-  default void init(Properties securityProps)  throws AuthenticationFailedException{
-    init(securityProps, null, null);
-  }
-
-  /**
-   * Verify the credentials provided in the properties for the client/peer as
-   * specified in member ID and returns the principal associated with the
-   * client/peer.
-   * 
-   * @param props
-   *                the credentials of the client/peer as a set of property
-   *                key/values
-   * @param member
-   *                the {@link DistributedMember} object of the connecting
-   *                client/peer member. NULL when invoked locally on the 
-   *                member initiating the authentication request.
-   * 
-   * @return the principal for the client/peer when authentication succeeded
-   * 
-   * @throws AuthenticationFailedException
-   *                 If the authentication of the client/peer fails.
-   */
-  Principal authenticate(Properties props, DistributedMember member)
-      throws AuthenticationFailedException;
-
-  default Principal authenticate(Properties props) throws AuthenticationFailedException{
-    return authenticate(props, null);
-  }
-
-}

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/main/java/com/gemstone/gemfire/security/GemFireSecurityException.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/security/GemFireSecurityException.java b/geode-core/src/main/java/com/gemstone/gemfire/security/GemFireSecurityException.java
deleted file mode 100644
index 049137d..0000000
--- a/geode-core/src/main/java/com/gemstone/gemfire/security/GemFireSecurityException.java
+++ /dev/null
@@ -1,132 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.security;
-
-import java.io.IOException;
-import java.io.ObjectOutputStream;
-import java.io.Serializable;
-import javax.naming.NamingException;
-
-import com.gemstone.gemfire.GemFireException;
-
-/**
- * The base class for all com.gemstone.gemfire.security package related
- * exceptions.
- * 
- * @since GemFire 5.5
- */
-public class GemFireSecurityException extends GemFireException {
-
-  private static final long serialVersionUID = 3814254578203076926L;
-
-  private Throwable cause;
-
-  /**
-   * Constructs a new exception with the specified detail message.
-   *
-   * @param  message the detail message (which is saved for later retrieval
-   *         by the {@link #getMessage()} method).  (A <tt>null</tt> value
-   *         is permitted.)
-   */
-  public GemFireSecurityException(final String message) {
-    this(message, null);
-  }
-
-  /**
-   * Constructs a new exception with the specified cause.
-   *
-   * <p>Note that the detail message associated with {@code cause} <i>is</i>
-   * automatically used as this exception's detail message.
-   *
-   * @param  cause the cause (which is saved for later retrieval by the
-   *         {@link #getCause()} method).  (A <tt>null</tt> value is
-   *         permitted, and indicates that the cause is nonexistent or
-   *         unknown.)
-   */
-  public GemFireSecurityException(final Throwable cause) {
-    this(cause != null ? cause.getMessage() : null, cause);
-  }
-
-  /**
-   * Constructs a new exception with the specified detail message and cause.
-   *
-   * <p>If {@code message} is null, then the detail message associated with
-   * {@code cause} <i>is</i> automatically used as this exception's detail
-   * message.
-   *
-   * @param  message the detail message (which is saved for later retrieval
-   *         by the {@link #getMessage()} method).  (A <tt>null</tt> value
-   *         is permitted.)
-   * @param  cause the cause (which is saved for later retrieval by the
-   *         {@link #getCause()} method).  (A <tt>null</tt> value is
-   *         permitted, and indicates that the cause is nonexistent or
-   *         unknown.)
-   */
-  public GemFireSecurityException(final String message, final Throwable cause) {
-    super(message != null ? message : (cause != null ? cause.getMessage() : null));
-    this.cause = cause;
-  }
-
-  @Override
-  public final synchronized Throwable getCause() {
-    return (this.cause == this ? null : this.cause);
-  }
-
-  /**
-   * Returns true if the provided {@code object} implements {@code Serializable}.
-   *
-   * @param  object the {@code object} to test for implementing {@code Serializable}.
-   * @return true if the provided {@code object} implements {@code Serializable}.
-   */
-  protected final boolean isSerializable(final Object object) {
-    if (object == null) {
-      return true;
-    }
-    return Serializable.class.isInstance(object);
-  }
-
-  /**
-   * Returns {@link NamingException#getResolvedObj()} if the {@code cause}
-   * is a {@code NamingException}. Returns <tt>null</tt> for any other type
-   * of {@code cause}.
-   *
-   * @return {@code NamingException#getResolvedObj()} if the {@code cause}
-   *         is a {@code NamingException}.
-   */
-  protected final Object getResolvedObj() {
-    final Throwable thisCause = this.cause;
-    if (thisCause != null && NamingException.class.isInstance(thisCause)) {
-      return ((NamingException) thisCause).getResolvedObj();
-    }
-    return null;
-  }
-
-  private synchronized void writeObject(final ObjectOutputStream out) throws IOException {
-    final Object resolvedObj = getResolvedObj();
-    if (isSerializable(resolvedObj)) {
-      out.defaultWriteObject();
-    } else {
-      final NamingException namingException = (NamingException) getCause();
-      namingException.setResolvedObj(null);
-      try {
-        out.defaultWriteObject();
-      } finally {
-        namingException.setResolvedObj(resolvedObj);
-      }
-    }
-  }
-}

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/main/java/com/gemstone/gemfire/security/NotAuthorizedException.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/security/NotAuthorizedException.java b/geode-core/src/main/java/com/gemstone/gemfire/security/NotAuthorizedException.java
deleted file mode 100644
index 2e834f8..0000000
--- a/geode-core/src/main/java/com/gemstone/gemfire/security/NotAuthorizedException.java
+++ /dev/null
@@ -1,134 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.security;
-
-import java.io.IOException;
-import java.io.ObjectOutputStream;
-import java.security.Principal;
-import javax.naming.NamingException;
-
-/**
- * Thrown when a client/peer is unauthorized to perform a requested operation.
- * 
- * @since GemFire 5.5
- */
-public class NotAuthorizedException extends GemFireSecurityException {
-
-  private static final long serialVersionUID = 419215768216387745L;
-
-  private Principal principal = null;
-
-  /**
-   * Constructs a new exception with the specified detail message and
-   * principal.
-   *
-   * @param  message the detail message (which is saved for later retrieval
-   *         by the {@link #getMessage()} method).  (A <tt>null</tt> value
-   *         is permitted.)
-   */
-  public NotAuthorizedException(final String message) {
-    this(message, null, null);
-  }
-
-  /**
-   * Constructs a new exception with the specified detail message and cause.
-   *
-   * <p>If {@code message} is null, then the detail message associated with
-   * {@code cause} <i>is</i> automatically used as this exception's detail
-   * message.
-   *
-   * @param  message the detail message (which is saved for later retrieval
-   *         by the {@link #getMessage()} method).  (A <tt>null</tt> value
-   *         is permitted.)
-   * @param  cause the cause (which is saved for later retrieval by the
-   *         {@link #getCause()} method).  (A <tt>null</tt> value is
-   *         permitted, and indicates that the cause is nonexistent or
-   *         unknown.)
-   */
-  public NotAuthorizedException(final String message, final Throwable cause) {
-    this(message, cause, null);
-  }
-
-  /**
-   * Constructs a new exception with the specified detail message and
-   * principal.
-   *
-   * @param  message the detail message (which is saved for later retrieval
-   *         by the {@link #getMessage()} method).  (A <tt>null</tt> value
-   *         is permitted.)
-   * @param  principal the principal for which authorization failed.
-   *         (A <tt>null</tt> value is permitted.)
-   */
-  public NotAuthorizedException(final String message, final Principal principal) {
-    this(message, null, principal);
-  }
-
-  /**
-   * Constructs a new exception with the specified detail message, cause and
-   * principal.
-   *
-   * <p>If {@code message} is null, then the detail message associated with
-   * {@code cause} <i>is</i> automatically used as this exception's detail
-   * message.
-   *
-   * @param  message the detail message (which is saved for later retrieval
-   *         by the {@link #getMessage()} method).  (A <tt>null</tt> value
-   *         is permitted.)
-   * @param  cause the cause (which is saved for later retrieval by the
-   *         {@link #getCause()} method).  (A <tt>null</tt> value is
-   *         permitted, and indicates that the cause is nonexistent or
-   *         unknown.)
-   * @param  principal the principal for which authorization failed.
-   *         (A <tt>null</tt> value is permitted.)
-   */
-  public NotAuthorizedException(final String message, final Throwable cause, final Principal principal) {
-    super(message, cause);
-    this.principal = principal;
-  }
-
-  /**
-   * Returns the {@code principal} for which authorization failed.
-   *
-   * @return the {@code principal} for which authorization failed.
-   */
-  public synchronized Principal getPrincipal() {
-    return this.principal;
-  }
-
-  private synchronized void writeObject(final ObjectOutputStream out) throws IOException {
-    final Principal thisPrincipal = this.principal;
-    if (!isSerializable(thisPrincipal)) {
-      this.principal = null;
-    }
-
-    final Object resolvedObj = getResolvedObj();
-    NamingException namingException = null;
-    if (!isSerializable(resolvedObj)) {
-      namingException = (NamingException) getCause();
-      namingException.setResolvedObj(null);
-    }
-
-    try {
-      out.defaultWriteObject();
-    } finally {
-      this.principal = thisPrincipal;
-      if (namingException != null) {
-        namingException.setResolvedObj(resolvedObj);
-      }
-    }
-  }
-}

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/main/java/com/gemstone/gemfire/security/package.html
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/security/package.html b/geode-core/src/main/java/com/gemstone/gemfire/security/package.html
deleted file mode 100644
index 7772765..0000000
--- a/geode-core/src/main/java/com/gemstone/gemfire/security/package.html
+++ /dev/null
@@ -1,39 +0,0 @@
-<!--
-Licensed to the Apache Software Foundation (ASF) under one or more
-contributor license agreements.  See the NOTICE file distributed with
-this work for additional information regarding copyright ownership.
-The ASF licenses this file to You under the Apache License, Version 2.0
-(the "License"); you may not use this file except in compliance with
-the License.  You may obtain a copy of the License at
-
-     http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
--->
-<HTML>
-<BODY>
-
-<P>Provides an API for plugging in authentication and authorization
-for members of a distributed system and clients.
-
-<H3>GemFire security framework</H3>
-The security framework tackles two requirements: authentication of nodes
-and authorization for operations. The authentication piece deals with
-authentication of nodes in a peer-to-peer network as well as of the clients
-that connect to the servers.
-
-<P>
-<I>
-It is not our plan to provide a sophisticated security infrastructure
-built into GemFire. Most enterprise customers have their own authentication
-and entitlement management infrastructure and our plan is make sure the
-framework allows application administrators to delegate the responsibility
-to external providers.
-</I>
-
-</BODY>
-</HTML>

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/main/java/org/apache/geode/security/AccessControl.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/security/AccessControl.java b/geode-core/src/main/java/org/apache/geode/security/AccessControl.java
new file mode 100644
index 0000000..3d22864
--- /dev/null
+++ b/geode-core/src/main/java/org/apache/geode/security/AccessControl.java
@@ -0,0 +1,105 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.gemstone.gemfire.security;
+
+import java.security.Principal;
+
+import com.gemstone.gemfire.cache.Cache;
+import com.gemstone.gemfire.cache.CacheCallback;
+import com.gemstone.gemfire.cache.operations.OperationContext;
+import com.gemstone.gemfire.distributed.DistributedMember;
+
+/**
+ * Specifies the interface to authorize operations at the cache or region level
+ * for clients or servers. Implementations should register name of the static
+ * creation function as the <code>security-client-accessor</code> system
+ * property with all the servers uniformly in the distributed system for client
+ * authorization. When the <code>security-client-accessor-pp</code> property
+ * is set then the callback mentioned is invoked after the operation completes
+ * successfully and when sending notifications.
+ * 
+ * When the registration has been done for a client/peer then an object of this
+ * class is created for each connection from the client/peer and the
+ * <code>authorizeOperation</code> method invoked before/after each operation.
+ * 
+ * @since GemFire 5.5
+ *
+ * @deprecated since Geode 1.0, use {@link SecurityManager} instead
+ */
+public interface AccessControl extends CacheCallback {
+
+  /**
+   * Initialize the callback for a client/peer having the given principal.
+   * 
+   * This is invoked when a new connection from a client/peer is created with
+   * the host. The callback is expected to store authentication information of
+   * the given principal for the different regions for maximum efficiency when
+   * invoking <code>authorizeOperation</code> in each operation.
+   * 
+   * @param principal
+   *                the principal associated with the authenticated client or
+   *                peer; a null principal implies an unauthenticated client
+   *                which should be handled properly by implementations
+   * @param remoteMember
+   *                the {@link DistributedMember} object for the remote
+   *                authenticated client or peer
+   * @param cache
+   *                reference to the cache object
+   * 
+   * @throws NotAuthorizedException
+   *                 if some exception condition happens during the
+   *                 initialization; in such a case all subsequent client
+   *                 operations on that connection will throw
+   *                 <code>NotAuthorizedException</code>
+   */
+  void init(Principal principal, DistributedMember remoteMember,
+      Cache cache) throws NotAuthorizedException;
+
+  default void init(Principal principal, DistributedMember remoteMember) throws NotAuthorizedException {
+    init(principal, remoteMember, null);
+  }
+
+  default void init(Principal principal) throws NotAuthorizedException {
+    init(principal, null, null);
+  }
+
+  /**
+   * Check if the given operation is allowed for the cache/region.
+   * 
+   * This method is invoked in each cache and region level operation. It is,
+   * therefore, expected that as far as possible relevant information has been
+   * cached in the <code>init</code> call made when the connection was
+   * established so that this call is as quick as possible.
+   * 
+   * @param regionName
+   *                When null then it indicates a cache-level operation (i.e.
+   *                one of {@link com.gemstone.gemfire.cache.operations.OperationContext.OperationCode#REGION_DESTROY} or
+   *                {@link com.gemstone.gemfire.cache.operations.OperationContext.OperationCode#QUERY}, else the name of the region
+   *                for the operation.
+   * @param context
+   *                When invoked before the operation then the data required by
+   *                the operation. When invoked as a post-process filter then it
+   *                contains the result of the operation. The data in the
+   *                context can be possibly modified by the method.
+   * 
+   * @return true if the operation is authorized and false otherwise
+   * 
+   */
+  boolean authorizeOperation(String regionName, OperationContext context);
+
+}

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/main/java/org/apache/geode/security/AuthInitialize.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/security/AuthInitialize.java b/geode-core/src/main/java/org/apache/geode/security/AuthInitialize.java
new file mode 100644
index 0000000..e92772b
--- /dev/null
+++ b/geode-core/src/main/java/org/apache/geode/security/AuthInitialize.java
@@ -0,0 +1,97 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.gemstone.gemfire.security;
+
+import java.util.Properties;
+
+import com.gemstone.gemfire.LogWriter;
+import com.gemstone.gemfire.cache.CacheCallback;
+import com.gemstone.gemfire.distributed.DistributedMember;
+import com.gemstone.gemfire.distributed.DistributedSystem;
+import com.gemstone.gemfire.internal.cache.GemFireCacheImpl;
+
+// TODO Add example usage of this interface and configuration details
+/**
+ * Specifies the mechanism to obtain credentials for a client or peer. It is
+ * mandatory for clients and peers when running in secure mode and an
+ * {@link Authenticator} has been configured on the server/locator side
+ * respectively. Implementations should register name of the static creation
+ * function (that returns an object of the class) as the
+ * <i>security-peer-auth-init</i> system property on peers and as the
+ * <i>security-client-auth-init</i> system property on clients.
+ * 
+ * @since GemFire 5.5
+ */
+public interface AuthInitialize extends CacheCallback {
+
+  /**
+   * Initialize the callback for a client/peer. This is invoked when a new
+   * connection from a client/peer is created with the host.
+   * 
+   * @param systemLogger
+   *                {@link LogWriter} for system logs
+   * @param securityLogger
+   *                {@link LogWriter} for security logs
+   * 
+   * @throws AuthenticationFailedException
+   *                 if some exception occurs during the initialization
+   *
+   *  @deprecated since Geode 1.0, use init()
+   */
+  public void init(LogWriter systemLogger, LogWriter securityLogger)
+      throws AuthenticationFailedException;
+
+  /**
+   * @since Geode 1.0. implement this method instead of init with logwriters.
+   * Implementation should use log4j instead of these loggers.
+   */
+  default public void init(){
+    GemFireCacheImpl cache = GemFireCacheImpl.getInstance();
+    init(cache.getLogger(), cache.getSecurityLogger());
+  }
+  /**
+   * Initialize with the given set of security properties and return the
+   * credentials for the peer/client as properties.
+   * 
+   * This method can modify the given set of properties. For example it may
+   * invoke external agents or even interact with the user.
+   * 
+   * Normally it is expected that implementations will filter out <i>security-*</i>
+   * properties that are needed for credentials and return only those.
+   * 
+   * @param securityProps
+   *                the security properties obtained using a call to
+   *                {@link DistributedSystem#getSecurityProperties} that will be
+   *                used for obtaining the credentials
+   * @param server
+   *                the {@link DistributedMember} object of the
+   *                server/group-coordinator to which connection is being
+   *                attempted
+   * @param isPeer
+   *                true when this is invoked for peer initialization and false
+   *                when invoked for client initialization
+   * 
+   * @throws AuthenticationFailedException
+   *                 in case of failure to obtain the credentials
+   * 
+   * @return the credentials to be used for the given <code>server</code>
+   */
+  public Properties getCredentials(Properties securityProps,
+      DistributedMember server, boolean isPeer)
+      throws AuthenticationFailedException;
+}

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/main/java/org/apache/geode/security/AuthenticationFailedException.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/security/AuthenticationFailedException.java b/geode-core/src/main/java/org/apache/geode/security/AuthenticationFailedException.java
new file mode 100644
index 0000000..3ab728f
--- /dev/null
+++ b/geode-core/src/main/java/org/apache/geode/security/AuthenticationFailedException.java
@@ -0,0 +1,53 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.gemstone.gemfire.security;
+
+/**
+ * Thrown if authentication of this client/peer fails.
+ * 
+ * @since GemFire 5.5
+ */
+public class AuthenticationFailedException extends GemFireSecurityException {
+private static final long serialVersionUID = -8202866472279088879L;
+
+  // TODO Derive from SecurityException
+  /**
+   * Constructs instance of <code>AuthenticationFailedException</code> with
+   * error message.
+   * 
+   * @param message
+   *                the error message
+   */
+  public AuthenticationFailedException(String message) {
+    super(message);
+  }
+
+  /**
+   * Constructs instance of <code>AuthenticationFailedException</code> with
+   * error message and cause.
+   * 
+   * @param message
+   *                the error message
+   * @param cause
+   *                a <code>Throwable</code> that is a cause of this exception
+   */
+  public AuthenticationFailedException(String message, Throwable cause) {
+    super(message, cause);
+  }
+
+}

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/main/java/org/apache/geode/security/AuthenticationRequiredException.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/security/AuthenticationRequiredException.java b/geode-core/src/main/java/org/apache/geode/security/AuthenticationRequiredException.java
new file mode 100644
index 0000000..f67af39
--- /dev/null
+++ b/geode-core/src/main/java/org/apache/geode/security/AuthenticationRequiredException.java
@@ -0,0 +1,53 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.gemstone.gemfire.security;
+
+/**
+ * Thrown if the distributed system is in secure mode and this client/peer has
+ * not set the security credentials.
+ * 
+ * @since GemFire 5.5
+ */
+public class AuthenticationRequiredException extends GemFireSecurityException {
+private static final long serialVersionUID = 4675976651103154919L;
+
+  /**
+   * Constructs instance of <code>NotAuthenticatedException</code> with error
+   * message.
+   * 
+   * @param message
+   *                the error message
+   */
+  public AuthenticationRequiredException(String message) {
+    super(message);
+  }
+
+  /**
+   * Constructs instance of <code>NotAuthenticatedException</code> with error
+   * message and cause.
+   * 
+   * @param message
+   *                the error message
+   * @param cause
+   *                a <code>Throwable</code> that is a cause of this exception
+   */
+  public AuthenticationRequiredException(String message, Throwable cause) {
+    super(message, cause);
+  }
+
+}

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/main/java/org/apache/geode/security/Authenticator.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/security/Authenticator.java b/geode-core/src/main/java/org/apache/geode/security/Authenticator.java
new file mode 100644
index 0000000..f66f092
--- /dev/null
+++ b/geode-core/src/main/java/org/apache/geode/security/Authenticator.java
@@ -0,0 +1,96 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.gemstone.gemfire.security;
+
+import java.security.Principal;
+import java.util.Properties;
+
+import com.gemstone.gemfire.LogWriter;
+import com.gemstone.gemfire.cache.CacheCallback;
+import com.gemstone.gemfire.distributed.DistributedMember;
+import com.gemstone.gemfire.distributed.DistributedSystem;
+
+/**
+ * Specifies the mechanism to verify credentials for a client or peer.
+ * Implementations should register name of the static creation function as the
+ * <code>security-peer-authenticator</code> system property with all the
+ * locators in the distributed system for peer authentication, and as
+ * <code>security-client-authenticator</code> for client authentication. For
+ * P2P an object is initialized on the group coordinator for each member during
+ * the {@link DistributedSystem#connect(Properties)} call of a new member. For
+ * client-server, an object of this class is created for each connection during
+ * the client-server handshake.
+ * 
+ * The static creation function should have the following signature:
+ * <code>public static Authenticator [method-name]();</code> i.e. it should be
+ * a zero argument function.
+ * 
+ * @since GemFire 5.5
+ *
+ * @deprecated since Geode 1.0, use {@link SecurityManager} instead
+ */
+public interface Authenticator extends CacheCallback {
+
+  /**
+   * Initialize the callback for a client/peer. This is invoked when a new
+   * connection from a client/peer is created with the host.
+   * 
+   * @param securityProps
+   *                the security properties obtained using a call to
+   *                {@link DistributedSystem#getSecurityProperties}
+   * @param systemLogger
+   *                {@link LogWriter} for system logs
+   * @param securityLogger
+   *                {@link LogWriter} for security logs
+   * 
+   * @throws AuthenticationFailedException
+   *                 if some exception occurs during the initialization
+   */
+  void init(Properties securityProps, LogWriter systemLogger,
+      LogWriter securityLogger) throws AuthenticationFailedException;
+
+  default void init(Properties securityProps)  throws AuthenticationFailedException{
+    init(securityProps, null, null);
+  }
+
+  /**
+   * Verify the credentials provided in the properties for the client/peer as
+   * specified in member ID and returns the principal associated with the
+   * client/peer.
+   * 
+   * @param props
+   *                the credentials of the client/peer as a set of property
+   *                key/values
+   * @param member
+   *                the {@link DistributedMember} object of the connecting
+   *                client/peer member. NULL when invoked locally on the 
+   *                member initiating the authentication request.
+   * 
+   * @return the principal for the client/peer when authentication succeeded
+   * 
+   * @throws AuthenticationFailedException
+   *                 If the authentication of the client/peer fails.
+   */
+  Principal authenticate(Properties props, DistributedMember member)
+      throws AuthenticationFailedException;
+
+  default Principal authenticate(Properties props) throws AuthenticationFailedException{
+    return authenticate(props, null);
+  }
+
+}

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/main/java/org/apache/geode/security/GemFireSecurityException.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/security/GemFireSecurityException.java b/geode-core/src/main/java/org/apache/geode/security/GemFireSecurityException.java
new file mode 100644
index 0000000..049137d
--- /dev/null
+++ b/geode-core/src/main/java/org/apache/geode/security/GemFireSecurityException.java
@@ -0,0 +1,132 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.security;
+
+import java.io.IOException;
+import java.io.ObjectOutputStream;
+import java.io.Serializable;
+import javax.naming.NamingException;
+
+import com.gemstone.gemfire.GemFireException;
+
+/**
+ * The base class for all com.gemstone.gemfire.security package related
+ * exceptions.
+ * 
+ * @since GemFire 5.5
+ */
+public class GemFireSecurityException extends GemFireException {
+
+  private static final long serialVersionUID = 3814254578203076926L;
+
+  private Throwable cause;
+
+  /**
+   * Constructs a new exception with the specified detail message.
+   *
+   * @param  message the detail message (which is saved for later retrieval
+   *         by the {@link #getMessage()} method).  (A <tt>null</tt> value
+   *         is permitted.)
+   */
+  public GemFireSecurityException(final String message) {
+    this(message, null);
+  }
+
+  /**
+   * Constructs a new exception with the specified cause.
+   *
+   * <p>Note that the detail message associated with {@code cause} <i>is</i>
+   * automatically used as this exception's detail message.
+   *
+   * @param  cause the cause (which is saved for later retrieval by the
+   *         {@link #getCause()} method).  (A <tt>null</tt> value is
+   *         permitted, and indicates that the cause is nonexistent or
+   *         unknown.)
+   */
+  public GemFireSecurityException(final Throwable cause) {
+    this(cause != null ? cause.getMessage() : null, cause);
+  }
+
+  /**
+   * Constructs a new exception with the specified detail message and cause.
+   *
+   * <p>If {@code message} is null, then the detail message associated with
+   * {@code cause} <i>is</i> automatically used as this exception's detail
+   * message.
+   *
+   * @param  message the detail message (which is saved for later retrieval
+   *         by the {@link #getMessage()} method).  (A <tt>null</tt> value
+   *         is permitted.)
+   * @param  cause the cause (which is saved for later retrieval by the
+   *         {@link #getCause()} method).  (A <tt>null</tt> value is
+   *         permitted, and indicates that the cause is nonexistent or
+   *         unknown.)
+   */
+  public GemFireSecurityException(final String message, final Throwable cause) {
+    super(message != null ? message : (cause != null ? cause.getMessage() : null));
+    this.cause = cause;
+  }
+
+  @Override
+  public final synchronized Throwable getCause() {
+    return (this.cause == this ? null : this.cause);
+  }
+
+  /**
+   * Returns true if the provided {@code object} implements {@code Serializable}.
+   *
+   * @param  object the {@code object} to test for implementing {@code Serializable}.
+   * @return true if the provided {@code object} implements {@code Serializable}.
+   */
+  protected final boolean isSerializable(final Object object) {
+    if (object == null) {
+      return true;
+    }
+    return Serializable.class.isInstance(object);
+  }
+
+  /**
+   * Returns {@link NamingException#getResolvedObj()} if the {@code cause}
+   * is a {@code NamingException}. Returns <tt>null</tt> for any other type
+   * of {@code cause}.
+   *
+   * @return {@code NamingException#getResolvedObj()} if the {@code cause}
+   *         is a {@code NamingException}.
+   */
+  protected final Object getResolvedObj() {
+    final Throwable thisCause = this.cause;
+    if (thisCause != null && NamingException.class.isInstance(thisCause)) {
+      return ((NamingException) thisCause).getResolvedObj();
+    }
+    return null;
+  }
+
+  private synchronized void writeObject(final ObjectOutputStream out) throws IOException {
+    final Object resolvedObj = getResolvedObj();
+    if (isSerializable(resolvedObj)) {
+      out.defaultWriteObject();
+    } else {
+      final NamingException namingException = (NamingException) getCause();
+      namingException.setResolvedObj(null);
+      try {
+        out.defaultWriteObject();
+      } finally {
+        namingException.setResolvedObj(resolvedObj);
+      }
+    }
+  }
+}

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/main/java/org/apache/geode/security/NotAuthorizedException.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/security/NotAuthorizedException.java b/geode-core/src/main/java/org/apache/geode/security/NotAuthorizedException.java
new file mode 100644
index 0000000..2e834f8
--- /dev/null
+++ b/geode-core/src/main/java/org/apache/geode/security/NotAuthorizedException.java
@@ -0,0 +1,134 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.security;
+
+import java.io.IOException;
+import java.io.ObjectOutputStream;
+import java.security.Principal;
+import javax.naming.NamingException;
+
+/**
+ * Thrown when a client/peer is unauthorized to perform a requested operation.
+ * 
+ * @since GemFire 5.5
+ */
+public class NotAuthorizedException extends GemFireSecurityException {
+
+  private static final long serialVersionUID = 419215768216387745L;
+
+  private Principal principal = null;
+
+  /**
+   * Constructs a new exception with the specified detail message and
+   * principal.
+   *
+   * @param  message the detail message (which is saved for later retrieval
+   *         by the {@link #getMessage()} method).  (A <tt>null</tt> value
+   *         is permitted.)
+   */
+  public NotAuthorizedException(final String message) {
+    this(message, null, null);
+  }
+
+  /**
+   * Constructs a new exception with the specified detail message and cause.
+   *
+   * <p>If {@code message} is null, then the detail message associated with
+   * {@code cause} <i>is</i> automatically used as this exception's detail
+   * message.
+   *
+   * @param  message the detail message (which is saved for later retrieval
+   *         by the {@link #getMessage()} method).  (A <tt>null</tt> value
+   *         is permitted.)
+   * @param  cause the cause (which is saved for later retrieval by the
+   *         {@link #getCause()} method).  (A <tt>null</tt> value is
+   *         permitted, and indicates that the cause is nonexistent or
+   *         unknown.)
+   */
+  public NotAuthorizedException(final String message, final Throwable cause) {
+    this(message, cause, null);
+  }
+
+  /**
+   * Constructs a new exception with the specified detail message and
+   * principal.
+   *
+   * @param  message the detail message (which is saved for later retrieval
+   *         by the {@link #getMessage()} method).  (A <tt>null</tt> value
+   *         is permitted.)
+   * @param  principal the principal for which authorization failed.
+   *         (A <tt>null</tt> value is permitted.)
+   */
+  public NotAuthorizedException(final String message, final Principal principal) {
+    this(message, null, principal);
+  }
+
+  /**
+   * Constructs a new exception with the specified detail message, cause and
+   * principal.
+   *
+   * <p>If {@code message} is null, then the detail message associated with
+   * {@code cause} <i>is</i> automatically used as this exception's detail
+   * message.
+   *
+   * @param  message the detail message (which is saved for later retrieval
+   *         by the {@link #getMessage()} method).  (A <tt>null</tt> value
+   *         is permitted.)
+   * @param  cause the cause (which is saved for later retrieval by the
+   *         {@link #getCause()} method).  (A <tt>null</tt> value is
+   *         permitted, and indicates that the cause is nonexistent or
+   *         unknown.)
+   * @param  principal the principal for which authorization failed.
+   *         (A <tt>null</tt> value is permitted.)
+   */
+  public NotAuthorizedException(final String message, final Throwable cause, final Principal principal) {
+    super(message, cause);
+    this.principal = principal;
+  }
+
+  /**
+   * Returns the {@code principal} for which authorization failed.
+   *
+   * @return the {@code principal} for which authorization failed.
+   */
+  public synchronized Principal getPrincipal() {
+    return this.principal;
+  }
+
+  private synchronized void writeObject(final ObjectOutputStream out) throws IOException {
+    final Principal thisPrincipal = this.principal;
+    if (!isSerializable(thisPrincipal)) {
+      this.principal = null;
+    }
+
+    final Object resolvedObj = getResolvedObj();
+    NamingException namingException = null;
+    if (!isSerializable(resolvedObj)) {
+      namingException = (NamingException) getCause();
+      namingException.setResolvedObj(null);
+    }
+
+    try {
+      out.defaultWriteObject();
+    } finally {
+      this.principal = thisPrincipal;
+      if (namingException != null) {
+        namingException.setResolvedObj(resolvedObj);
+      }
+    }
+  }
+}

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/main/java/org/apache/geode/security/package.html
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/security/package.html b/geode-core/src/main/java/org/apache/geode/security/package.html
new file mode 100644
index 0000000..7772765
--- /dev/null
+++ b/geode-core/src/main/java/org/apache/geode/security/package.html
@@ -0,0 +1,39 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one or more
+contributor license agreements.  See the NOTICE file distributed with
+this work for additional information regarding copyright ownership.
+The ASF licenses this file to You under the Apache License, Version 2.0
+(the "License"); you may not use this file except in compliance with
+the License.  You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<HTML>
+<BODY>
+
+<P>Provides an API for plugging in authentication and authorization
+for members of a distributed system and clients.
+
+<H3>GemFire security framework</H3>
+The security framework tackles two requirements: authentication of nodes
+and authorization for operations. The authentication piece deals with
+authentication of nodes in a peer-to-peer network as well as of the clients
+that connect to the servers.
+
+<P>
+<I>
+It is not our plan to provide a sophisticated security infrastructure
+built into GemFire. Most enterprise customers have their own authentication
+and entitlement management infrastructure and our plan is make sure the
+framework allows application administrators to delegate the responsibility
+to external providers.
+</I>
+
+</BODY>
+</HTML>

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/AbstractSecureServerDUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/AbstractSecureServerDUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/AbstractSecureServerDUnitTest.java
deleted file mode 100644
index fd38814..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/AbstractSecureServerDUnitTest.java
+++ /dev/null
@@ -1,162 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.security;
-
-import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
-import static org.assertj.core.api.Assertions.*;
-
-import java.util.HashMap;
-import java.util.Map;
-import java.util.Map.Entry;
-import java.util.Properties;
-
-import org.apache.geode.security.templates.SampleSecurityManager;
-import org.assertj.core.api.ThrowableAssert.ThrowingCallable;
-import org.junit.Before;
-
-import com.gemstone.gemfire.cache.Cache;
-import com.gemstone.gemfire.cache.CacheFactory;
-import com.gemstone.gemfire.cache.Region;
-import com.gemstone.gemfire.cache.RegionShortcut;
-import com.gemstone.gemfire.cache.client.ClientCache;
-import com.gemstone.gemfire.cache.client.ClientCacheFactory;
-import com.gemstone.gemfire.cache.client.ClientRegionShortcut;
-import com.gemstone.gemfire.cache.server.CacheServer;
-import com.gemstone.gemfire.distributed.*;
-import com.gemstone.gemfire.security.templates.UserPasswordAuthInit;
-import com.gemstone.gemfire.test.dunit.Host;
-import com.gemstone.gemfire.test.dunit.Invoke;
-import com.gemstone.gemfire.test.dunit.VM;
-import com.gemstone.gemfire.test.dunit.cache.internal.JUnit4CacheTestCase;
-
-public class AbstractSecureServerDUnitTest extends JUnit4CacheTestCase {
-
-  protected static final String REGION_NAME = "AuthRegion";
-
-  protected VM client1 = null;
-  protected VM client2 = null;
-  protected VM client3 = null;
-  protected int serverPort;
-
-  // child classes can customize these parameters
-  protected Class postProcessor = null;
-  protected boolean pdxPersistent = false;
-  protected int jmxPort = 0;
-  protected int restPort = 0;
-  protected Map<String, Object> values;
-  protected volatile Properties dsProperties;
-
-  public AbstractSecureServerDUnitTest(){
-    values = new HashMap();
-    for(int i=0; i<5; i++){
-      values.put("key"+i, "value"+i);
-    }
-  }
-
-  @Before
-  public void before() throws Exception {
-    final Host host = Host.getHost(0);
-    this.client1 = host.getVM(1);
-    this.client2 = host.getVM(2);
-    this.client3 = host.getVM(3);
-
-    Properties props = new Properties();
-    props.setProperty(SampleSecurityManager.SECURITY_JSON, "com/gemstone/gemfire/management/internal/security/clientServer.json");
-    props.setProperty(SECURITY_MANAGER, SampleSecurityManager.class.getName());
-//    props.setProperty(SECURITY_SHIRO_INIT, "shiro.ini");
-    props.setProperty(LOCATORS, "");
-    props.setProperty(MCAST_PORT, "0");
-    if (postProcessor!=null) {
-      props.setProperty(SECURITY_POST_PROCESSOR, postProcessor.getName());
-    }
-    props.setProperty(SECURITY_LOG_LEVEL, "finest");
-
-    props.setProperty("security-pdx", pdxPersistent+"");
-    if(jmxPort>0){
-      props.put(JMX_MANAGER, "true");
-      props.put(JMX_MANAGER_START, "true");
-      props.put(JMX_MANAGER_PORT, String.valueOf(jmxPort));
-    }
-
-    if(restPort>0){
-      props.setProperty(START_DEV_REST_API, "true");
-      props.setProperty(HTTP_SERVICE_BIND_ADDRESS, "localhost");
-      props.setProperty(HTTP_SERVICE_PORT, restPort+"");
-    }
-
-    props.put(ConfigurationProperties.ENABLE_NETWORK_PARTITION_DETECTION, "false");
-    
-    this.dsProperties = props;
-
-    getSystem(props);
-
-    CacheFactory cf = new CacheFactory();
-    cf.setPdxPersistent(pdxPersistent);
-    cf.setPdxReadSerialized(pdxPersistent);
-    Cache cache = getCache(cf);
-
-    Region region = cache.createRegionFactory(RegionShortcut.REPLICATE).create(REGION_NAME);
-
-    CacheServer server = cache.addCacheServer();
-    server.setPort(0);
-    server.start();
-
-    this.serverPort = server.getPort();
-
-    for(Entry entry:values.entrySet()){
-      region.put(entry.getKey(), entry.getValue());
-    }
-  }
-
-  @Override
-  public Properties getDistributedSystemProperties() {
-    return dsProperties;
-  }
-
-  @Override
-  public void preTearDownCacheTestCase() throws Exception {
-    Invoke.invokeInEveryVM(()->closeCache());
-    closeCache();
-  }
-
-  public static void assertNotAuthorized(ThrowingCallable shouldRaiseThrowable, String permString) {
-    assertThatThrownBy(shouldRaiseThrowable).hasMessageContaining(permString);
-  }
-
-  public static Properties createClientProperties(String userName, String password) {
-    Properties props = new Properties();
-    props.setProperty(UserPasswordAuthInit.USER_NAME, userName);
-    props.setProperty(UserPasswordAuthInit.PASSWORD, password);
-    props.setProperty(LOG_LEVEL, "fine");
-    props.setProperty(LOCATORS, "");
-    props.setProperty(MCAST_PORT, "0");
-    props.setProperty(SECURITY_CLIENT_AUTH_INIT, UserPasswordAuthInit.class.getName() + ".create");
-    props.setProperty(SECURITY_LOG_LEVEL, "finest");
-    return props;
-  }
-
-  public static ClientCache createClientCache(String username, String password, int serverPort){
-    ClientCache cache = new ClientCacheFactory(createClientProperties(username, password))
-      .setPoolSubscriptionEnabled(true)
-      .addPoolServer("localhost", serverPort)
-      .create();
-
-    cache.createClientRegionFactory(ClientRegionShortcut.PROXY).create(REGION_NAME);
-    return cache;
-  }
-
-}

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthenticationDUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthenticationDUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthenticationDUnitTest.java
deleted file mode 100644
index dbc782f..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthenticationDUnitTest.java
+++ /dev/null
@@ -1,90 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- * 
- *   http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package com.gemstone.gemfire.security;
-
-import com.gemstone.gemfire.test.junit.categories.DistributedTest;
-import com.gemstone.gemfire.test.junit.categories.FlakyTest;
-import com.gemstone.gemfire.test.junit.categories.SecurityTest;
-
-import org.junit.Ignore;
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-
-/**
- * Test for authentication from client to server. This tests for both valid and
- * invalid credentials/modules. It also checks for authentication
- * success/failure in case of failover and for the notification channel.
- * 
- * @since GemFire 5.5
- */
-@Category({ DistributedTest.class, SecurityTest.class })
-public class ClientAuthenticationDUnitTest extends ClientAuthenticationTestCase {
-
-  @Test
-  public void testValidCredentials() throws Exception {
-    doTestValidCredentials(false);
-  }
-
-  @Test
-  public void testNoCredentials() throws Exception {
-    doTestNoCredentials(false);
-  }
-
-  @Test
-  public void testInvalidCredentials() throws Exception {
-    doTestInvalidCredentials(false);
-  }
-
-  @Test
-  public void testInvalidAuthInit() throws Exception {
-    doTestInvalidAuthInit(false);
-  }
-
-  @Test
-  public void testNoAuthInitWithCredentials() throws Exception {
-    doTestNoAuthInitWithCredentials(false);
-  }
-
-  @Test
-  public void testInvalidAuthenticator() throws Exception {
-    doTestInvalidAuthenticator(false);
-  }
-
-  @Test
-  public void testNoAuthenticatorWithCredentials() throws Exception {
-    doTestNoAuthenticatorWithCredentials(false);
-  }
-
-  @Test
-  public void testCredentialsWithFailover() throws Exception {
-    doTestCredentialsWithFailover(false);
-  }
-
-  @Category(FlakyTest.class) // GEODE-838: random ports, thread sleeps, time sensitive
-  @Test
-  public void testCredentialsForNotifications() throws Exception {
-    doTestCredentialsForNotifications(false);
-  }
-
-  @Ignore("Disabled for unknown reason")
-  @Test
-  public void testValidCredentialsForMultipleUsers() throws Exception {
-    doTestValidCredentials(true);
-  }
-}



Mime
View raw message