geode-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kl...@apache.org
Subject [07/11] geode git commit: GEODE-2632: use immutable SecurityService impls to improve performance
Date Fri, 09 Jun 2017 17:25:01 GMT
http://git-wip-us.apache.org/repos/asf/geode/blob/5eca6f03/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/PutAll70.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/PutAll70.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/PutAll70.java
index fb2bdb8..1bf4955 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/PutAll70.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/PutAll70.java
@@ -12,9 +12,6 @@
  * or implied. See the License for the specific language governing permissions and limitations under
  * the License.
  */
-/**
- * Author: Gester Zhou
- */
 package org.apache.geode.internal.cache.tier.sockets.command;
 
 import java.io.IOException;
@@ -49,12 +46,12 @@ import org.apache.geode.internal.cache.versions.VersionTag;
 import org.apache.geode.internal.i18n.LocalizedStrings;
 import org.apache.geode.internal.logging.log4j.LocalizedMessage;
 import org.apache.geode.internal.security.AuthorizeRequest;
+import org.apache.geode.internal.security.SecurityService;
 
 public class PutAll70 extends BaseCommand {
 
   private final static PutAll70 singleton = new PutAll70();
 
-
   public static Command getCommand() {
     return singleton;
   }
@@ -62,8 +59,8 @@ public class PutAll70 extends BaseCommand {
   private PutAll70() {}
 
   @Override
-  public void cmdExecute(Message clientMessage, ServerConnection serverConnection, long startp)
-      throws IOException, InterruptedException {
+  public void cmdExecute(final Message clientMessage, final ServerConnection serverConnection,
+      final SecurityService securityService, long startp) throws IOException, InterruptedException {
     long start = startp; // copy this since we need to modify it
     Part regionNamePart = null, numberOfKeysPart = null, keyPart = null, valuePart = null;
     String regionName = null;
@@ -73,7 +70,7 @@ public class PutAll70 extends BaseCommand {
     boolean replyWithMetaData = false;
     VersionedObjectList response = null;
 
-    StringBuffer errMessage = new StringBuffer();
+    StringBuilder errMessage = new StringBuilder();
     CachedRegionHelper crHelper = serverConnection.getCachedRegionHelper();
     CacheServerStats stats = serverConnection.getCacheServerStats();
 
@@ -209,7 +206,7 @@ public class PutAll70 extends BaseCommand {
         serverConnection.setRequestSpecificTimeout(timeout);
       }
 
-      this.securityService.authorizeRegionWrite(regionName);
+      securityService.authorizeRegionWrite(regionName);
 
       AuthorizeRequest authzRequest = serverConnection.getAuthzRequest();
       if (authzRequest != null) {

http://git-wip-us.apache.org/repos/asf/geode/blob/5eca6f03/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/PutAll80.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/PutAll80.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/PutAll80.java
index c6c26f7..3a8f0db 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/PutAll80.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/PutAll80.java
@@ -12,9 +12,6 @@
  * or implied. See the License for the specific language governing permissions and limitations under
  * the License.
  */
-/**
- * Author: Gester Zhou
- */
 package org.apache.geode.internal.cache.tier.sockets.command;
 
 import java.io.IOException;
@@ -50,6 +47,7 @@ import org.apache.geode.internal.cache.versions.VersionTag;
 import org.apache.geode.internal.i18n.LocalizedStrings;
 import org.apache.geode.internal.logging.log4j.LocalizedMessage;
 import org.apache.geode.internal.security.AuthorizeRequest;
+import org.apache.geode.internal.security.SecurityService;
 import org.apache.geode.internal.util.Breadcrumbs;
 
 public class PutAll80 extends BaseCommand {
@@ -75,8 +73,8 @@ public class PutAll80 extends BaseCommand {
   }
 
   @Override
-  public void cmdExecute(Message clientMessage, ServerConnection serverConnection, long startp)
-      throws IOException, InterruptedException {
+  public void cmdExecute(final Message clientMessage, final ServerConnection serverConnection,
+      final SecurityService securityService, long startp) throws IOException, InterruptedException {
     long start = startp; // copy this since we need to modify it
     Part regionNamePart = null, numberOfKeysPart = null, keyPart = null, valuePart = null;
     String regionName = null;
@@ -86,7 +84,7 @@ public class PutAll80 extends BaseCommand {
     boolean replyWithMetaData = false;
     VersionedObjectList response = null;
 
-    StringBuffer errMessage = new StringBuffer();
+    StringBuilder errMessage = new StringBuilder();
     CachedRegionHelper crHelper = serverConnection.getCachedRegionHelper();
     CacheServerStats stats = serverConnection.getCacheServerStats();
 
@@ -245,7 +243,7 @@ public class PutAll80 extends BaseCommand {
         serverConnection.setRequestSpecificTimeout(timeout);
       }
 
-      this.securityService.authorizeRegionWrite(regionName);
+      securityService.authorizeRegionWrite(regionName);
 
       AuthorizeRequest authzRequest = serverConnection.getAuthzRequest();
       if (authzRequest != null) {

http://git-wip-us.apache.org/repos/asf/geode/blob/5eca6f03/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/PutUserCredentials.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/PutUserCredentials.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/PutUserCredentials.java
index ea5c875..02ecce0 100755
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/PutUserCredentials.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/PutUserCredentials.java
@@ -21,6 +21,7 @@ import org.apache.geode.internal.cache.tier.sockets.BaseCommand;
 import org.apache.geode.internal.cache.tier.sockets.Message;
 import org.apache.geode.internal.cache.tier.sockets.ServerConnection;
 import org.apache.geode.internal.i18n.LocalizedStrings;
+import org.apache.geode.internal.security.SecurityService;
 import org.apache.geode.security.GemFireSecurityException;
 
 public class PutUserCredentials extends BaseCommand {
@@ -32,7 +33,8 @@ public class PutUserCredentials extends BaseCommand {
   }
 
   @Override
-  public void cmdExecute(Message clientMessage, ServerConnection serverConnection, long start)
+  public void cmdExecute(final Message clientMessage, final ServerConnection serverConnection,
+      final SecurityService securityService, long start)
       throws IOException, ClassNotFoundException, InterruptedException {
     boolean isSecureMode = clientMessage.isSecureMode();
 

http://git-wip-us.apache.org/repos/asf/geode/blob/5eca6f03/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/Query.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/Query.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/Query.java
index b7d2810..d1be057 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/Query.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/Query.java
@@ -31,6 +31,7 @@ import org.apache.geode.internal.cache.tier.sockets.BaseCommandQuery;
 import org.apache.geode.internal.cache.tier.sockets.Message;
 import org.apache.geode.internal.cache.tier.sockets.ServerConnection;
 import org.apache.geode.internal.security.AuthorizeRequest;
+import org.apache.geode.internal.security.SecurityService;
 
 public class Query extends BaseCommandQuery {
 
@@ -43,8 +44,8 @@ public class Query extends BaseCommandQuery {
   protected Query() {}
 
   @Override
-  public void cmdExecute(Message clientMessage, ServerConnection serverConnection, long start)
-      throws IOException, InterruptedException {
+  public void cmdExecute(final Message clientMessage, final ServerConnection serverConnection,
+      final SecurityService securityService, long start) throws IOException, InterruptedException {
 
     // Based on MessageType.DESTROY
     // Added by gregp 10/18/05
@@ -89,7 +90,7 @@ public class Query extends BaseCommandQuery {
       }
 
       processQuery(clientMessage, query, queryString, regionNames, start, null, queryContext,
-          serverConnection, true);
+          serverConnection, true, securityService);
     } catch (QueryInvalidException e) {
       throw new QueryInvalidException(e.getMessage() + queryString);
     } catch (QueryExecutionLowMemoryException e) {

http://git-wip-us.apache.org/repos/asf/geode/blob/5eca6f03/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/Query651.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/Query651.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/Query651.java
index e52fa3f..d47a284 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/Query651.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/Query651.java
@@ -32,6 +32,7 @@ import org.apache.geode.internal.cache.tier.sockets.CacheClientNotifier;
 import org.apache.geode.internal.cache.tier.sockets.Message;
 import org.apache.geode.internal.cache.tier.sockets.ServerConnection;
 import org.apache.geode.internal.security.AuthorizeRequest;
+import org.apache.geode.internal.security.SecurityService;
 
 public class Query651 extends BaseCommandQuery {
 
@@ -44,8 +45,8 @@ public class Query651 extends BaseCommandQuery {
   protected Query651() {}
 
   @Override
-  public void cmdExecute(Message clientMessage, ServerConnection serverConnection, long start)
-      throws IOException, InterruptedException {
+  public void cmdExecute(final Message clientMessage, final ServerConnection serverConnection,
+      final SecurityService securityService, long start) throws IOException, InterruptedException {
 
     // Based on MessageType.DESTROY
     // Added by gregp 10/18/05
@@ -130,7 +131,7 @@ public class Query651 extends BaseCommandQuery {
       }
 
       processQueryUsingParams(clientMessage, query, queryString, regionNames, start, null,
-          queryContext, serverConnection, true, queryParams);
+          queryContext, serverConnection, true, queryParams, securityService);
     } catch (QueryInvalidException e) {
       throw new QueryInvalidException(e.getMessage() + queryString);
     }

http://git-wip-us.apache.org/repos/asf/geode/blob/5eca6f03/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterDataSerializers.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterDataSerializers.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterDataSerializers.java
index 053b2a8..eef5195 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterDataSerializers.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterDataSerializers.java
@@ -17,7 +17,6 @@ package org.apache.geode.internal.cache.tier.sockets.command;
 import java.io.IOException;
 import java.nio.ByteBuffer;
 
-import org.apache.geode.internal.ClassPathLoader;
 import org.apache.geode.internal.InternalDataSerializer;
 import org.apache.geode.internal.cache.EventID;
 import org.apache.geode.internal.cache.tier.Command;
@@ -26,6 +25,7 @@ import org.apache.geode.internal.cache.tier.sockets.CacheServerHelper;
 import org.apache.geode.internal.cache.tier.sockets.Message;
 import org.apache.geode.internal.cache.tier.sockets.Part;
 import org.apache.geode.internal.cache.tier.sockets.ServerConnection;
+import org.apache.geode.internal.security.SecurityService;
 
 public class RegisterDataSerializers extends BaseCommand {
 
@@ -37,7 +37,8 @@ public class RegisterDataSerializers extends BaseCommand {
 
   private RegisterDataSerializers() {}
 
-  public void cmdExecute(Message clientMessage, ServerConnection serverConnection, long start)
+  public void cmdExecute(final Message clientMessage, final ServerConnection serverConnection,
+      final SecurityService securityService, long start)
       throws IOException, ClassNotFoundException {
     if (logger.isDebugEnabled()) {
       logger.debug("{}: Received register dataserializer request ({} parts) from {}",

http://git-wip-us.apache.org/repos/asf/geode/blob/5eca6f03/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInstantiators.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInstantiators.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInstantiators.java
index df5a46c..a402cb3 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInstantiators.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInstantiators.java
@@ -21,7 +21,6 @@ import java.io.IOException;
 import java.nio.ByteBuffer;
 
 import org.apache.geode.internal.Assert;
-import org.apache.geode.internal.ClassPathLoader;
 import org.apache.geode.internal.InternalDataSerializer;
 import org.apache.geode.internal.InternalInstantiator;
 import org.apache.geode.internal.cache.EnumListenerEvent;
@@ -36,6 +35,7 @@ import org.apache.geode.internal.cache.tier.sockets.Part;
 import org.apache.geode.internal.cache.tier.sockets.ServerConnection;
 import org.apache.geode.internal.i18n.LocalizedStrings;
 import org.apache.geode.internal.logging.log4j.LocalizedMessage;
+import org.apache.geode.internal.security.SecurityService;
 
 
 public class RegisterInstantiators extends BaseCommand {
@@ -49,7 +49,8 @@ public class RegisterInstantiators extends BaseCommand {
   private RegisterInstantiators() {}
 
   @Override
-  public void cmdExecute(Message clientMessage, ServerConnection serverConnection, long start)
+  public void cmdExecute(final Message clientMessage, final ServerConnection serverConnection,
+      final SecurityService securityService, long start)
       throws IOException, ClassNotFoundException {
     if (logger.isDebugEnabled()) {
       logger.debug("{}: Received register instantiator request ({} parts) from {}",

http://git-wip-us.apache.org/repos/asf/geode/blob/5eca6f03/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInterest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInterest.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInterest.java
index edd917a..a1cf93f 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInterest.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInterest.java
@@ -36,6 +36,7 @@ import org.apache.geode.internal.cache.tier.sockets.ServerConnection;
 import org.apache.geode.internal.i18n.LocalizedStrings;
 import org.apache.geode.internal.logging.log4j.LocalizedMessage;
 import org.apache.geode.internal.security.AuthorizeRequest;
+import org.apache.geode.internal.security.SecurityService;
 
 public class RegisterInterest extends BaseCommand {
 
@@ -46,8 +47,8 @@ public class RegisterInterest extends BaseCommand {
   }
 
   @Override
-  public void cmdExecute(Message clientMessage, ServerConnection serverConnection, long start)
-      throws IOException, InterruptedException {
+  public void cmdExecute(final Message clientMessage, final ServerConnection serverConnection,
+      final SecurityService securityService, long start) throws IOException, InterruptedException {
     Part regionNamePart = null, keyPart = null;
     String regionName = null;
     Object key = null;
@@ -147,9 +148,9 @@ public class RegisterInterest extends BaseCommand {
     // Register interest
     try {
       if (interestType == InterestType.REGULAR_EXPRESSION) {
-        this.securityService.authorizeRegionRead(regionName);
+        securityService.authorizeRegionRead(regionName);
       } else {
-        this.securityService.authorizeRegionRead(regionName, key.toString());
+        securityService.authorizeRegionRead(regionName, key.toString());
       }
 
       AuthorizeRequest authzRequest = serverConnection.getAuthzRequest();

http://git-wip-us.apache.org/repos/asf/geode/blob/5eca6f03/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInterest61.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInterest61.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInterest61.java
index bad3bed..111f234 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInterest61.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInterest61.java
@@ -12,9 +12,6 @@
  * or implied. See the License for the specific language governing permissions and limitations under
  * the License.
  */
-/**
- * 
- */
 package org.apache.geode.internal.cache.tier.sockets.command;
 
 import java.io.IOException;
@@ -40,6 +37,7 @@ import org.apache.geode.internal.cache.vmotion.VMotionObserverHolder;
 import org.apache.geode.internal.i18n.LocalizedStrings;
 import org.apache.geode.internal.logging.log4j.LocalizedMessage;
 import org.apache.geode.internal.security.AuthorizeRequest;
+import org.apache.geode.internal.security.SecurityService;
 
 /**
  * @since GemFire 6.1
@@ -60,8 +58,8 @@ public class RegisterInterest61 extends BaseCommand {
   RegisterInterest61() {}
 
   @Override
-  public void cmdExecute(Message clientMessage, ServerConnection serverConnection, long start)
-      throws IOException, InterruptedException {
+  public void cmdExecute(final Message clientMessage, final ServerConnection serverConnection,
+      final SecurityService securityService, long start) throws IOException, InterruptedException {
     Part regionNamePart = null, keyPart = null;
     String regionName = null;
     Object key = null;
@@ -186,9 +184,9 @@ public class RegisterInterest61 extends BaseCommand {
     try {
 
       if (interestType == InterestType.REGULAR_EXPRESSION) {
-        this.securityService.authorizeRegionRead(regionName);
+        securityService.authorizeRegionRead(regionName);
       } else {
-        this.securityService.authorizeRegionRead(regionName, key.toString());
+        securityService.authorizeRegionRead(regionName, key.toString());
       }
 
       AuthorizeRequest authzRequest = serverConnection.getAuthzRequest();

http://git-wip-us.apache.org/repos/asf/geode/blob/5eca6f03/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInterestList.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInterestList.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInterestList.java
index 5f5fafa..c64bc69 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInterestList.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInterestList.java
@@ -12,32 +12,31 @@
  * or implied. See the License for the specific language governing permissions and limitations under
  * the License.
  */
-/**
- * 
- */
 package org.apache.geode.internal.cache.tier.sockets.command;
 
+import org.apache.geode.cache.DynamicRegionFactory;
+import org.apache.geode.cache.InterestResultPolicy;
+import org.apache.geode.cache.operations.RegisterInterestOperationContext;
+import org.apache.geode.i18n.StringId;
 import org.apache.geode.internal.cache.LocalRegion;
 import org.apache.geode.internal.cache.tier.CachedRegionHelper;
 import org.apache.geode.internal.cache.tier.Command;
 import org.apache.geode.internal.cache.tier.InterestType;
 import org.apache.geode.internal.cache.tier.MessageType;
-import org.apache.geode.internal.cache.tier.sockets.*;
+import org.apache.geode.internal.cache.tier.sockets.BaseCommand;
+import org.apache.geode.internal.cache.tier.sockets.ChunkedMessage;
+import org.apache.geode.internal.cache.tier.sockets.Message;
+import org.apache.geode.internal.cache.tier.sockets.Part;
+import org.apache.geode.internal.cache.tier.sockets.ServerConnection;
 import org.apache.geode.internal.i18n.LocalizedStrings;
 import org.apache.geode.internal.logging.log4j.LocalizedMessage;
 import org.apache.geode.internal.security.AuthorizeRequest;
-import org.apache.geode.cache.DynamicRegionFactory;
-import org.apache.geode.cache.InterestResultPolicy;
-import org.apache.geode.cache.operations.RegisterInterestOperationContext;
-import org.apache.geode.i18n.StringId;
+import org.apache.geode.internal.security.SecurityService;
 
 import java.io.IOException;
 import java.util.ArrayList;
 import java.util.List;
 
-/**
- * 
- */
 public class RegisterInterestList extends BaseCommand {
 
   private final static RegisterInterestList singleton = new RegisterInterestList();
@@ -49,8 +48,8 @@ public class RegisterInterestList extends BaseCommand {
   RegisterInterestList() {}
 
   @Override
-  public void cmdExecute(Message clientMessage, ServerConnection serverConnection, long start)
-      throws IOException, InterruptedException {
+  public void cmdExecute(final Message clientMessage, final ServerConnection serverConnection,
+      final SecurityService securityService, long start) throws IOException, InterruptedException {
     Part regionNamePart = null, keyPart = null, numberOfKeysPart = null;
     String regionName = null;
     Object key = null;
@@ -172,7 +171,7 @@ public class RegisterInterestList extends BaseCommand {
       // responded = true;
     } // else { // region not null
     try {
-      this.securityService.authorizeRegionRead(regionName);
+      securityService.authorizeRegionRead(regionName);
       AuthorizeRequest authzRequest = serverConnection.getAuthzRequest();
       if (authzRequest != null) {
         if (!DynamicRegionFactory.regionIsDynamicRegionList(regionName)) {

http://git-wip-us.apache.org/repos/asf/geode/blob/5eca6f03/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInterestList61.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInterestList61.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInterestList61.java
index 40a3c25..82e2f0d 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInterestList61.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInterestList61.java
@@ -12,24 +12,26 @@
  * or implied. See the License for the specific language governing permissions and limitations under
  * the License.
  */
-/**
- * 
- */
 package org.apache.geode.internal.cache.tier.sockets.command;
 
+import org.apache.geode.cache.DynamicRegionFactory;
+import org.apache.geode.cache.InterestResultPolicy;
+import org.apache.geode.cache.operations.RegisterInterestOperationContext;
+import org.apache.geode.i18n.StringId;
 import org.apache.geode.internal.cache.LocalRegion;
 import org.apache.geode.internal.cache.tier.CachedRegionHelper;
 import org.apache.geode.internal.cache.tier.Command;
 import org.apache.geode.internal.cache.tier.InterestType;
 import org.apache.geode.internal.cache.tier.MessageType;
-import org.apache.geode.internal.cache.tier.sockets.*;
+import org.apache.geode.internal.cache.tier.sockets.BaseCommand;
+import org.apache.geode.internal.cache.tier.sockets.ChunkedMessage;
+import org.apache.geode.internal.cache.tier.sockets.Message;
+import org.apache.geode.internal.cache.tier.sockets.Part;
+import org.apache.geode.internal.cache.tier.sockets.ServerConnection;
 import org.apache.geode.internal.i18n.LocalizedStrings;
 import org.apache.geode.internal.logging.log4j.LocalizedMessage;
 import org.apache.geode.internal.security.AuthorizeRequest;
-import org.apache.geode.cache.DynamicRegionFactory;
-import org.apache.geode.cache.InterestResultPolicy;
-import org.apache.geode.cache.operations.RegisterInterestOperationContext;
-import org.apache.geode.i18n.StringId;
+import org.apache.geode.internal.security.SecurityService;
 
 import java.io.IOException;
 import java.util.ArrayList;
@@ -49,8 +51,8 @@ public class RegisterInterestList61 extends BaseCommand {
   RegisterInterestList61() {}
 
   @Override
-  public void cmdExecute(Message clientMessage, ServerConnection serverConnection, long start)
-      throws IOException, InterruptedException {
+  public void cmdExecute(final Message clientMessage, final ServerConnection serverConnection,
+      final SecurityService securityService, long start) throws IOException, InterruptedException {
     Part regionNamePart = null, keyPart = null, numberOfKeysPart = null;
     String regionName = null;
     Object key = null;
@@ -171,7 +173,6 @@ public class RegisterInterestList61 extends BaseCommand {
       return;
     }
 
-
     LocalRegion region = (LocalRegion) serverConnection.getCache().getRegion(regionName);
     if (region == null) {
       logger.info(LocalizedMessage.create(
@@ -182,7 +183,7 @@ public class RegisterInterestList61 extends BaseCommand {
       // responded = true;
     } // else { // region not null
     try {
-      this.securityService.authorizeRegionRead(regionName);
+      securityService.authorizeRegionRead(regionName);
       AuthorizeRequest authzRequest = serverConnection.getAuthzRequest();
       if (authzRequest != null) {
         if (!DynamicRegionFactory.regionIsDynamicRegionList(regionName)) {

http://git-wip-us.apache.org/repos/asf/geode/blob/5eca6f03/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInterestList66.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInterestList66.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInterestList66.java
index 6a2ad95..5f6ab9b 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInterestList66.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInterestList66.java
@@ -12,36 +12,36 @@
  * or implied. See the License for the specific language governing permissions and limitations under
  * the License.
  */
-/**
- * 
- */
 package org.apache.geode.internal.cache.tier.sockets.command;
 
+import org.apache.geode.cache.DynamicRegionFactory;
+import org.apache.geode.cache.InterestResultPolicy;
+import org.apache.geode.cache.operations.RegisterInterestOperationContext;
+import org.apache.geode.i18n.StringId;
 import org.apache.geode.internal.Version;
 import org.apache.geode.internal.cache.LocalRegion;
 import org.apache.geode.internal.cache.tier.CachedRegionHelper;
 import org.apache.geode.internal.cache.tier.Command;
 import org.apache.geode.internal.cache.tier.InterestType;
 import org.apache.geode.internal.cache.tier.MessageType;
-import org.apache.geode.internal.cache.tier.sockets.*;
+import org.apache.geode.internal.cache.tier.sockets.BaseCommand;
+import org.apache.geode.internal.cache.tier.sockets.ChunkedMessage;
+import org.apache.geode.internal.cache.tier.sockets.Message;
+import org.apache.geode.internal.cache.tier.sockets.Part;
+import org.apache.geode.internal.cache.tier.sockets.ServerConnection;
 import org.apache.geode.internal.i18n.LocalizedStrings;
 import org.apache.geode.internal.logging.log4j.LocalizedMessage;
 import org.apache.geode.internal.security.AuthorizeRequest;
-import org.apache.geode.cache.DynamicRegionFactory;
-import org.apache.geode.cache.InterestResultPolicy;
-import org.apache.geode.cache.operations.RegisterInterestOperationContext;
-import org.apache.geode.i18n.StringId;
+import org.apache.geode.internal.security.SecurityService;
 
 import java.io.IOException;
 import java.util.List;
 
 /**
- * 
  * All keys of the register interest list are being sent as a single part since 6.6. There is no
  * need to send no keys as a separate part.In earlier versions {@link RegisterInterestList61} number
  * of keys & each individual key was sent as a separate part.
- * 
- * 
+ *
  * @since GemFire 6.6
  */
 public class RegisterInterestList66 extends BaseCommand {
@@ -55,9 +55,9 @@ public class RegisterInterestList66 extends BaseCommand {
   RegisterInterestList66() {}
 
   @Override
-  public void cmdExecute(Message clientMessage, ServerConnection serverConnection, long start)
-      throws IOException, InterruptedException {
-    Part regionNamePart = null, keyPart = null;// numberOfKeysPart = null;
+  public void cmdExecute(final Message clientMessage, final ServerConnection serverConnection,
+      final SecurityService securityService, long start) throws IOException, InterruptedException {
+    Part regionNamePart = null, keyPart = null;
     String regionName = null;
     Object key = null;
     InterestResultPolicy policy;
@@ -68,10 +68,6 @@ public class RegisterInterestList66 extends BaseCommand {
     serverConnection.setAsTrue(REQUIRES_CHUNKED_RESPONSE);
     ChunkedMessage chunkedResponseMsg = serverConnection.getRegisterInterestResponseMessage();
 
-    // bserverStats.incLong(readDestroyRequestTimeId,
-    // DistributionStats.getStatTime() - start);
-    // bserverStats.incInt(destroyRequestsId, 1);
-    // start = DistributionStats.getStatTime();
     // Retrieve the data from the message parts
     regionNamePart = clientMessage.getPart(0);
     regionName = regionNamePart.getString();
@@ -139,18 +135,6 @@ public class RegisterInterestList66 extends BaseCommand {
           serverConnection.getSocketString(), numberOfKeys, regionName, keys);
     }
 
-    /*
-     * AcceptorImpl acceptor = servConn.getAcceptor();
-     * 
-     * // Check if the Server is running in NotifyBySubscription=true mode. if
-     * (!acceptor.getCacheClientNotifier().getNotifyBySubscription()) { // This should have been
-     * taken care at the client. String err = LocalizedStrings.
-     * RegisterInterest_INTEREST_REGISTRATION_IS_SUPPORTED_ONLY_FOR_SERVERS_WITH_NOTIFYBYSUBSCRIPTION_SET_TO_TRUE
-     * .toLocalizedString(); writeChunkedErrorResponse(msg,
-     * MessageType.REGISTER_INTEREST_DATA_ERROR, err, servConn); servConn.setAsTrue(RESPONDED);
-     * return; }
-     */
-
     // Process the register interest request
     if (keys.isEmpty() || regionName == null) {
       StringId errMessage = null;
@@ -177,12 +161,9 @@ public class RegisterInterestList66 extends BaseCommand {
       logger.info(LocalizedMessage.create(
           LocalizedStrings.RegisterInterestList_0_REGION_NAMED_1_WAS_NOT_FOUND_DURING_REGISTER_INTEREST_LIST_REQUEST,
           new Object[] {serverConnection.getName(), regionName}));
-      // writeChunkedErrorResponse(msg,
-      // MessageType.REGISTER_INTEREST_DATA_ERROR, message);
-      // responded = true;
-    } // else { // region not null
+    }
     try {
-      this.securityService.authorizeRegionRead(regionName);
+      securityService.authorizeRegionRead(regionName);
       AuthorizeRequest authzRequest = serverConnection.getAuthzRequest();
       if (authzRequest != null) {
         if (!DynamicRegionFactory.regionIsDynamicRegionList(regionName)) {
@@ -204,11 +185,6 @@ public class RegisterInterestList66 extends BaseCommand {
       return;
     }
 
-    // Update the statistics and write the reply
-    // bserverStats.incLong(processDestroyTimeId,
-    // DistributionStats.getStatTime() - start);
-    // start = DistributionStats.getStatTime();
-
     boolean isPrimary = serverConnection.getAcceptor().getCacheClientNotifier()
         .getClientProxy(serverConnection.getProxyID()).isPrimary();
     if (!isPrimary) {
@@ -244,18 +220,11 @@ public class RegisterInterestList66 extends BaseCommand {
       }
 
       if (logger.isDebugEnabled()) {
-        // logger.debug(getName() + ": Sent chunk (1 of 1) of register interest
-        // response (" + chunkedResponseMsg.getBufferLength() + " bytes) for
-        // region " + regionName + " key " + key);
         logger.debug(
             "{}: Sent register interest response for the following {} keys in region {}: {}",
             serverConnection.getName(), numberOfKeys, regionName, keys);
       }
-      // bserverStats.incLong(writeDestroyResponseTimeId,
-      // DistributionStats.getStatTime() - start);
-      // bserverStats.incInt(destroyResponsesId, 1);
     } // isPrimary
-    // } // region not null
   }
 
 }

http://git-wip-us.apache.org/repos/asf/geode/blob/5eca6f03/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RemoveAll.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RemoveAll.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RemoveAll.java
index a295c54..2daf755 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RemoveAll.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RemoveAll.java
@@ -12,11 +12,6 @@
  * or implied. See the License for the specific language governing permissions and limitations under
  * the License.
  */
-/**
- * Author: dschneider
- * 
- * @since GemFire 8.1
- */
 package org.apache.geode.internal.cache.tier.sockets.command;
 
 import java.io.IOException;
@@ -48,6 +43,7 @@ import org.apache.geode.internal.cache.versions.VersionTag;
 import org.apache.geode.internal.i18n.LocalizedStrings;
 import org.apache.geode.internal.logging.log4j.LocalizedMessage;
 import org.apache.geode.internal.security.AuthorizeRequest;
+import org.apache.geode.internal.security.SecurityService;
 import org.apache.geode.internal.util.Breadcrumbs;
 
 public class RemoveAll extends BaseCommand {
@@ -61,8 +57,8 @@ public class RemoveAll extends BaseCommand {
   protected RemoveAll() {}
 
   @Override
-  public void cmdExecute(Message clientMessage, ServerConnection serverConnection, long startp)
-      throws IOException, InterruptedException {
+  public void cmdExecute(final Message clientMessage, final ServerConnection serverConnection,
+      final SecurityService securityService, long startp) throws IOException, InterruptedException {
     long start = startp; // copy this since we need to modify it
     Part regionNamePart = null, numberOfKeysPart = null, keyPart = null;
     String regionName = null;
@@ -72,7 +68,7 @@ public class RemoveAll extends BaseCommand {
     boolean replyWithMetaData = false;
     VersionedObjectList response = null;
 
-    StringBuffer errMessage = new StringBuffer();
+    StringBuilder errMessage = new StringBuilder();
     CachedRegionHelper crHelper = serverConnection.getCachedRegionHelper();
     CacheServerStats stats = serverConnection.getCacheServerStats();
 
@@ -190,7 +186,7 @@ public class RemoveAll extends BaseCommand {
         serverConnection.setRequestSpecificTimeout(timeout);
       }
 
-      this.securityService.authorizeRegionWrite(regionName);
+      securityService.authorizeRegionWrite(regionName);
 
       AuthorizeRequest authzRequest = serverConnection.getAuthzRequest();
       if (authzRequest != null) {

http://git-wip-us.apache.org/repos/asf/geode/blob/5eca6f03/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RemoveUserAuth.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RemoveUserAuth.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RemoveUserAuth.java
index cc42e0d..ead5469 100755
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RemoveUserAuth.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RemoveUserAuth.java
@@ -22,6 +22,7 @@ import org.apache.geode.internal.cache.tier.sockets.Message;
 import org.apache.geode.internal.cache.tier.sockets.Part;
 import org.apache.geode.internal.cache.tier.sockets.ServerConnection;
 import org.apache.geode.internal.i18n.LocalizedStrings;
+import org.apache.geode.internal.security.SecurityService;
 import org.apache.geode.security.GemFireSecurityException;
 
 public class RemoveUserAuth extends BaseCommand {
@@ -33,7 +34,8 @@ public class RemoveUserAuth extends BaseCommand {
   }
 
   @Override
-  public void cmdExecute(Message clientMessage, ServerConnection serverConnection, long start)
+  public void cmdExecute(final Message clientMessage, final ServerConnection serverConnection,
+      final SecurityService securityService, long start)
       throws IOException, ClassNotFoundException, InterruptedException {
     boolean isSecureMode = clientMessage.isSecureMode();
 

http://git-wip-us.apache.org/repos/asf/geode/blob/5eca6f03/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/Request.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/Request.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/Request.java
index 6f97d31..25badd3 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/Request.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/Request.java
@@ -12,9 +12,6 @@
  * or implied. See the License for the specific language governing permissions and limitations under
  * the License.
  */
-/**
- * 
- */
 package org.apache.geode.internal.cache.tier.sockets.command;
 
 import java.io.IOException;
@@ -38,6 +35,7 @@ import org.apache.geode.internal.cache.tier.sockets.ServerConnection;
 import org.apache.geode.internal.i18n.LocalizedStrings;
 import org.apache.geode.internal.security.AuthorizeRequest;
 import org.apache.geode.internal.security.AuthorizeRequestPP;
+import org.apache.geode.internal.security.SecurityService;
 import org.apache.geode.security.NotAuthorizedException;
 import org.apache.geode.i18n.StringId;
 
@@ -52,8 +50,8 @@ public class Request extends BaseCommand {
   Request() {}
 
   @Override
-  public void cmdExecute(Message clientMessage, ServerConnection serverConnection, long start)
-      throws IOException {
+  public void cmdExecute(final Message clientMessage, final ServerConnection serverConnection,
+      final SecurityService securityService, long start) throws IOException {
     Part regionNamePart = null, keyPart = null, valuePart = null;
     String regionName = null;
     Object callbackArg = null, key = null;
@@ -126,7 +124,7 @@ public class Request extends BaseCommand {
         GetOperationContext getContext = null;
 
         try {
-          this.securityService.authorizeRegionRead(regionName, key.toString());
+          securityService.authorizeRegionRead(regionName, key.toString());
           AuthorizeRequest authzRequest = serverConnection.getAuthzRequest();
           if (authzRequest != null) {
             getContext = authzRequest.getAuthorize(regionName, key, callbackArg);

http://git-wip-us.apache.org/repos/asf/geode/blob/5eca6f03/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RequestEventValue.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RequestEventValue.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RequestEventValue.java
index a6d6578..0d64747 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RequestEventValue.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RequestEventValue.java
@@ -32,6 +32,7 @@ import org.apache.geode.internal.cache.tier.sockets.Part;
 import org.apache.geode.internal.cache.tier.sockets.ServerConnection;
 import org.apache.geode.internal.i18n.LocalizedStrings;
 import org.apache.geode.internal.logging.log4j.LocalizedMessage;
+import org.apache.geode.internal.security.SecurityService;
 
 /**
  * Represents a request for (full) value of a given event from ha container
@@ -49,8 +50,8 @@ public class RequestEventValue extends BaseCommand {
 
   private RequestEventValue() {}
 
-  public void cmdExecute(Message clientMessage, ServerConnection serverConnection, long start)
-      throws IOException {
+  public void cmdExecute(final Message clientMessage, final ServerConnection serverConnection,
+      final SecurityService securityService, long start) throws IOException {
     Part eventIDPart = null, valuePart = null;
     EventID event = null;
     Object callbackArg = null;

http://git-wip-us.apache.org/repos/asf/geode/blob/5eca6f03/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RollbackCommand.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RollbackCommand.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RollbackCommand.java
index cd12ea7..2100c76 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RollbackCommand.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RollbackCommand.java
@@ -24,6 +24,7 @@ import org.apache.geode.internal.cache.tier.Command;
 import org.apache.geode.internal.cache.tier.sockets.BaseCommand;
 import org.apache.geode.internal.cache.tier.sockets.Message;
 import org.apache.geode.internal.cache.tier.sockets.ServerConnection;
+import org.apache.geode.internal.security.SecurityService;
 
 /**
  * Command for performing Rollback on the server
@@ -39,7 +40,8 @@ public class RollbackCommand extends BaseCommand {
   private RollbackCommand() {}
 
   @Override
-  public void cmdExecute(Message clientMessage, ServerConnection serverConnection, long start)
+  public void cmdExecute(final Message clientMessage, final ServerConnection serverConnection,
+      final SecurityService securityService, long start)
       throws IOException, ClassNotFoundException, InterruptedException {
     serverConnection.setAsTrue(REQUIRES_RESPONSE);
     TXManagerImpl txMgr = (TXManagerImpl) serverConnection.getCache().getCacheTransactionManager();

http://git-wip-us.apache.org/repos/asf/geode/blob/5eca6f03/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/Size.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/Size.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/Size.java
index c4515ab..e4485b4 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/Size.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/Size.java
@@ -12,9 +12,6 @@
  * or implied. See the License for the specific language governing permissions and limitations under
  * the License.
  */
-/**
- *
- */
 package org.apache.geode.internal.cache.tier.sockets.command;
 
 import java.io.IOException;
@@ -32,9 +29,9 @@ import org.apache.geode.internal.cache.tier.sockets.Part;
 import org.apache.geode.internal.cache.tier.sockets.ServerConnection;
 import org.apache.geode.internal.i18n.LocalizedStrings;
 import org.apache.geode.internal.logging.log4j.LocalizedMessage;
+import org.apache.geode.internal.security.SecurityService;
 import org.apache.geode.security.GemFireSecurityException;
 
-
 public class Size extends BaseCommand {
 
   private final static Size singleton = new Size();
@@ -56,8 +53,8 @@ public class Size extends BaseCommand {
   }
 
   @Override
-  public void cmdExecute(Message clientMessage, ServerConnection serverConnection, long start)
-      throws IOException, InterruptedException {
+  public void cmdExecute(final Message clientMessage, final ServerConnection serverConnection,
+      final SecurityService securityService, long start) throws IOException, InterruptedException {
     StringBuilder errMessage = new StringBuilder();
     CachedRegionHelper crHelper = serverConnection.getCachedRegionHelper();
     CacheServerStats stats = serverConnection.getCacheServerStats();
@@ -93,7 +90,7 @@ public class Size extends BaseCommand {
 
     // Size the entry
     try {
-      this.securityService.authorizeRegionRead(regionName);
+      securityService.authorizeRegionRead(regionName);
       writeSizeResponse(region.size(), clientMessage, serverConnection);
     } catch (RegionDestroyedException rde) {
       writeException(clientMessage, rde, false, serverConnection);

http://git-wip-us.apache.org/repos/asf/geode/blob/5eca6f03/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/TXFailoverCommand.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/TXFailoverCommand.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/TXFailoverCommand.java
index 9fc3fd1..6bd00c0 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/TXFailoverCommand.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/TXFailoverCommand.java
@@ -33,6 +33,7 @@ import org.apache.geode.internal.cache.tier.Command;
 import org.apache.geode.internal.cache.tier.sockets.BaseCommand;
 import org.apache.geode.internal.cache.tier.sockets.Message;
 import org.apache.geode.internal.cache.tier.sockets.ServerConnection;
+import org.apache.geode.internal.security.SecurityService;
 
 /**
  * Used for bootstrapping txState/PeerTXStateStub on the server. This command is send when in client
@@ -49,7 +50,8 @@ public class TXFailoverCommand extends BaseCommand {
   private TXFailoverCommand() {}
 
   @Override
-  public void cmdExecute(Message clientMessage, ServerConnection serverConnection, long start)
+  public void cmdExecute(final Message clientMessage, final ServerConnection serverConnection,
+      final SecurityService securityService, long start)
       throws IOException, ClassNotFoundException, InterruptedException {
     serverConnection.setAsTrue(REQUIRES_RESPONSE);
     // Build the TXId for the transaction

http://git-wip-us.apache.org/repos/asf/geode/blob/5eca6f03/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/TXSynchronizationCommand.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/TXSynchronizationCommand.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/TXSynchronizationCommand.java
index 03270d6..b1b0cfb 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/TXSynchronizationCommand.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/TXSynchronizationCommand.java
@@ -30,6 +30,7 @@ import org.apache.geode.internal.cache.tier.sockets.Message;
 import org.apache.geode.internal.cache.tier.sockets.MessageTooLargeException;
 import org.apache.geode.internal.cache.tier.sockets.Part;
 import org.apache.geode.internal.cache.tier.sockets.ServerConnection;
+import org.apache.geode.internal.security.SecurityService;
 
 import java.io.IOException;
 import java.util.concurrent.Executor;
@@ -69,7 +70,8 @@ public class TXSynchronizationCommand extends BaseCommand {
    */
   @Override
   public void cmdExecute(final Message clientMessage, final ServerConnection serverConnection,
-      long start) throws IOException, ClassNotFoundException, InterruptedException {
+      final SecurityService securityService, long start)
+      throws IOException, ClassNotFoundException, InterruptedException {
 
     serverConnection.setAsTrue(REQUIRES_RESPONSE);
 

http://git-wip-us.apache.org/repos/asf/geode/blob/5eca6f03/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/UnregisterInterest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/UnregisterInterest.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/UnregisterInterest.java
index 199ac18..1af283b 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/UnregisterInterest.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/UnregisterInterest.java
@@ -12,9 +12,6 @@
  * or implied. See the License for the specific language governing permissions and limitations under
  * the License.
  */
-/**
- *
- */
 package org.apache.geode.internal.cache.tier.sockets.command;
 
 import java.io.IOException;
@@ -31,9 +28,9 @@ import org.apache.geode.internal.cache.tier.sockets.Part;
 import org.apache.geode.internal.cache.tier.sockets.ServerConnection;
 import org.apache.geode.internal.i18n.LocalizedStrings;
 import org.apache.geode.internal.security.AuthorizeRequest;
+import org.apache.geode.internal.security.SecurityService;
 import org.apache.geode.security.NotAuthorizedException;
 
-
 public class UnregisterInterest extends BaseCommand {
 
   private final static UnregisterInterest singleton = new UnregisterInterest();
@@ -45,7 +42,8 @@ public class UnregisterInterest extends BaseCommand {
   UnregisterInterest() {}
 
   @Override
-  public void cmdExecute(Message clientMessage, ServerConnection serverConnection, long start)
+  public void cmdExecute(final Message clientMessage, final ServerConnection serverConnection,
+      final SecurityService securityService, long start)
       throws ClassNotFoundException, IOException {
     Part regionNamePart = null, keyPart = null;
     String regionName = null;
@@ -105,9 +103,9 @@ public class UnregisterInterest extends BaseCommand {
 
     try {
       if (interestType == InterestType.REGULAR_EXPRESSION) {
-        this.securityService.authorizeRegionRead(regionName);
+        securityService.authorizeRegionRead(regionName);
       } else {
-        this.securityService.authorizeRegionRead(regionName, key.toString());
+        securityService.authorizeRegionRead(regionName, key.toString());
       }
     } catch (NotAuthorizedException ex) {
       writeException(clientMessage, ex, false, serverConnection);

http://git-wip-us.apache.org/repos/asf/geode/blob/5eca6f03/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/UnregisterInterestList.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/UnregisterInterestList.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/UnregisterInterestList.java
index 1968bff..035a953 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/UnregisterInterestList.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/UnregisterInterestList.java
@@ -32,6 +32,7 @@ import org.apache.geode.internal.cache.tier.sockets.Part;
 import org.apache.geode.internal.cache.tier.sockets.ServerConnection;
 import org.apache.geode.internal.i18n.LocalizedStrings;
 import org.apache.geode.internal.security.AuthorizeRequest;
+import org.apache.geode.internal.security.SecurityService;
 import org.apache.geode.security.NotAuthorizedException;
 
 
@@ -46,7 +47,8 @@ public class UnregisterInterestList extends BaseCommand {
   private UnregisterInterestList() {}
 
   @Override
-  public void cmdExecute(Message clientMessage, ServerConnection serverConnection, long start)
+  public void cmdExecute(final Message clientMessage, final ServerConnection serverConnection,
+      final SecurityService securityService, long start)
       throws IOException, ClassNotFoundException {
     Part regionNamePart = null, keyPart = null, numberOfKeysPart = null;
     String regionName = null;
@@ -121,7 +123,7 @@ public class UnregisterInterestList extends BaseCommand {
     }
 
     try {
-      this.securityService.authorizeRegionRead(regionName);
+      securityService.authorizeRegionRead(regionName);
     } catch (NotAuthorizedException ex) {
       writeException(clientMessage, ex, false, serverConnection);
       serverConnection.setAsTrue(RESPONDED);

http://git-wip-us.apache.org/repos/asf/geode/blob/5eca6f03/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/UpdateClientNotification.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/UpdateClientNotification.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/UpdateClientNotification.java
index 2f434fb..8e50f64 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/UpdateClientNotification.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/UpdateClientNotification.java
@@ -12,64 +12,43 @@
  * or implied. See the License for the specific language governing permissions and limitations under
  * the License.
  */
-/**
- * 
- */
 package org.apache.geode.internal.cache.tier.sockets.command;
 
-import org.apache.geode.internal.cache.tier.Command;
-import org.apache.geode.internal.cache.tier.sockets.*;
 import org.apache.geode.distributed.internal.DistributionStats;
+import org.apache.geode.internal.cache.tier.Command;
+import org.apache.geode.internal.cache.tier.sockets.BaseCommand;
+import org.apache.geode.internal.cache.tier.sockets.CacheServerStats;
+import org.apache.geode.internal.cache.tier.sockets.Message;
+import org.apache.geode.internal.cache.tier.sockets.ServerConnection;
+import org.apache.geode.internal.security.SecurityService;
 
 import java.io.IOException;
 
-
 public class UpdateClientNotification extends BaseCommand {
 
-  private final static UpdateClientNotification singleton = new UpdateClientNotification();
+  private static final UpdateClientNotification singleton = new UpdateClientNotification();
 
   public static Command getCommand() {
     return singleton;
   }
 
-  private UpdateClientNotification() {}
+  private UpdateClientNotification() {
+    // nothing
+  }
 
   @Override
-  public void cmdExecute(Message clientMessage, ServerConnection serverConnection, long start)
-      throws IOException {
+  public void cmdExecute(final Message clientMessage, final ServerConnection serverConnection,
+      final SecurityService securityService, long start) throws IOException {
+
     CacheServerStats stats = serverConnection.getCacheServerStats();
-    {
-      long oldStart = start;
-      start = DistributionStats.getStatTime();
-      stats.incReadUpdateClientNotificationRequestTime(start - oldStart);
-    }
-    try {
-      // this is no longer needed the client membership id is now used
-      // // Retrieve the data from the message parts
-      // Part clientPortPart = msg.getPart(0);
-      // int clientPort = clientPortPart.getInt();
-      // if (logger.fineEnabled()) {
-      // logger.fine(servConn.getName()
-      // + ": Received client notification update request ("
-      // + msg.getPayloadLength() + " bytes) for " + clientPort + " from "
-      // + servConn.getSocketHost() + ":" + servConn.getSocketPort());
-      // }
-      // // Update the client socket and remote ports
-      // servConn.getAcceptor().getCacheClientNotifier().registerClientPort(
-      // servConn.getSocketHost(), clientPort, servConn.getSocketPort(),
-      // servConn.getProxyID());
 
-      // if (logger.fineEnabled()) {
-      // logger.fine(servConn.getName()
-      // + ": Processed client notification update request for "
-      // + clientPort + " from " + servConn.getSocketHost() + ":"
-      // + servConn.getSocketPort());
-      // }
-    } finally {
-      long oldStart = start;
-      start = DistributionStats.getStatTime();
-      stats.incProcessUpdateClientNotificationTime(start - oldStart);
-    }
+    long oldStart = start;
+    start = DistributionStats.getStatTime();
+    stats.incReadUpdateClientNotificationRequestTime(start - oldStart);
+
+    oldStart = start;
+    start = DistributionStats.getStatTime();
+    stats.incProcessUpdateClientNotificationTime(start - oldStart);
   }
 
 }

http://git-wip-us.apache.org/repos/asf/geode/blob/5eca6f03/geode-core/src/main/java/org/apache/geode/internal/cache/xmlcache/CacheCreation.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/xmlcache/CacheCreation.java b/geode-core/src/main/java/org/apache/geode/internal/cache/xmlcache/CacheCreation.java
index f99f9db..61f91a0 100755
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/xmlcache/CacheCreation.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/xmlcache/CacheCreation.java
@@ -14,29 +14,6 @@
  */
 package org.apache.geode.internal.cache.xmlcache;
 
-import java.io.File;
-import java.io.IOException;
-import java.io.InputStream;
-import java.net.URL;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.Collection;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.LinkedHashMap;
-import java.util.LinkedHashSet;
-import java.util.List;
-import java.util.Map;
-import java.util.Map.Entry;
-import java.util.Properties;
-import java.util.Set;
-import java.util.concurrent.Executor;
-import java.util.concurrent.TimeUnit;
-
-import javax.naming.Context;
-import javax.transaction.TransactionManager;
-
 import org.apache.geode.CancelCriterion;
 import org.apache.geode.GemFireIOException;
 import org.apache.geode.LogWriter;
@@ -101,9 +78,9 @@ import org.apache.geode.distributed.internal.membership.InternalDistributedMembe
 import org.apache.geode.i18n.LogWriterI18n;
 import org.apache.geode.internal.Assert;
 import org.apache.geode.internal.SystemTimer;
+import org.apache.geode.internal.cache.CacheConfig;
 import org.apache.geode.internal.cache.CachePerfStats;
 import org.apache.geode.internal.cache.CacheServerImpl;
-import org.apache.geode.internal.cache.CacheConfig;
 import org.apache.geode.internal.cache.CacheServerLauncher;
 import org.apache.geode.internal.cache.CacheService;
 import org.apache.geode.internal.cache.DiskStoreAttributes;
@@ -136,14 +113,16 @@ import org.apache.geode.internal.cache.persistence.PersistentMemberManager;
 import org.apache.geode.internal.cache.tier.sockets.CacheClientNotifier;
 import org.apache.geode.internal.cache.tier.sockets.ClientProxyMembershipID;
 import org.apache.geode.internal.cache.wan.AbstractGatewaySender;
-import org.apache.geode.internal.cache.wan.WANServiceProvider;
 import org.apache.geode.internal.cache.wan.InternalGatewaySenderFactory;
+import org.apache.geode.internal.cache.wan.WANServiceProvider;
 import org.apache.geode.internal.i18n.LocalizedStrings;
 import org.apache.geode.internal.jndi.JNDIInvoker;
 import org.apache.geode.internal.logging.InternalLogWriter;
 import org.apache.geode.internal.logging.LocalLogWriter;
 import org.apache.geode.internal.logging.LogWriterFactory;
 import org.apache.geode.internal.offheap.MemoryAllocator;
+import org.apache.geode.internal.security.SecurityService;
+import org.apache.geode.internal.security.SecurityServiceFactory;
 import org.apache.geode.management.internal.JmxManagerAdvisor;
 import org.apache.geode.management.internal.RestAgent;
 import org.apache.geode.pdx.PdxInstance;
@@ -151,6 +130,28 @@ import org.apache.geode.pdx.PdxInstanceFactory;
 import org.apache.geode.pdx.PdxSerializer;
 import org.apache.geode.pdx.internal.TypeRegistry;
 
+import java.io.File;
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.URL;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.LinkedHashMap;
+import java.util.LinkedHashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Map.Entry;
+import java.util.Properties;
+import java.util.Set;
+import java.util.concurrent.Executor;
+import java.util.concurrent.TimeUnit;
+import javax.naming.Context;
+import javax.transaction.TransactionManager;
+
 /**
  * Represents a {@link Cache} that is created declaratively. Notice that it implements the
  * {@link Cache} interface so that this class must be updated when {@link Cache} is modified. This
@@ -1039,6 +1040,11 @@ public class CacheCreation implements InternalCache {
     throw new UnsupportedOperationException(LocalizedStrings.SHOULDNT_INVOKE.toLocalizedString());
   }
 
+  @Override
+  public SecurityService getSecurityService() {
+    return SecurityServiceFactory.create();
+  }
+
   void addDeclarableProperties(final Declarable declarable, final Properties properties) {
     this.declarablePropertiesMap.put(declarable, properties);
   }

http://git-wip-us.apache.org/repos/asf/geode/blob/5eca6f03/geode-core/src/main/java/org/apache/geode/internal/security/CallbackInstantiator.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/security/CallbackInstantiator.java b/geode-core/src/main/java/org/apache/geode/internal/security/CallbackInstantiator.java
new file mode 100644
index 0000000..3ff632d
--- /dev/null
+++ b/geode-core/src/main/java/org/apache/geode/internal/security/CallbackInstantiator.java
@@ -0,0 +1,89 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.geode.internal.security;
+
+import static org.apache.geode.internal.ClassLoadUtil.classFromName;
+import static org.apache.geode.internal.ClassLoadUtil.methodFromName;
+
+import org.apache.geode.security.GemFireSecurityException;
+
+import java.lang.reflect.Method;
+
+/**
+ * Utility methods for instantiating security callback objects by reflection.
+ */
+public class CallbackInstantiator {
+
+  /**
+   * this method would never return null, it either throws an exception or returns an object
+   */
+  public static <T> T getObjectOfTypeFromClassName(String className, Class<T> expectedClazz) {
+    Class actualClass;
+    try {
+      actualClass = classFromName(className);
+    } catch (Exception e) {
+      throw new GemFireSecurityException("Instance could not be obtained, " + e, e);
+    }
+
+    if (!expectedClazz.isAssignableFrom(actualClass)) {
+      throw new GemFireSecurityException(
+          "Instance could not be obtained. Expecting a " + expectedClazz.getName() + " class.");
+    }
+
+    try {
+      return (T) actualClass.newInstance();
+    } catch (Exception e) {
+      throw new GemFireSecurityException(
+          "Instance could not be obtained. Error instantiating " + actualClass.getName(), e);
+    }
+  }
+
+  /**
+   * this method would never return null, it either throws an exception or returns an object
+   */
+  private static <T> T getObjectOfTypeFromFactoryMethod(String factoryMethodName) {
+    T actualObject;
+    try {
+      Method factoryMethod = methodFromName(factoryMethodName);
+      actualObject = (T) factoryMethod.invoke(null, (Object[]) null);
+    } catch (Exception e) {
+      throw new GemFireSecurityException("Instance could not be obtained from " + factoryMethodName,
+          e);
+    }
+
+    if (actualObject == null) {
+      throw new GemFireSecurityException(
+          "Instance could not be obtained from " + factoryMethodName);
+    }
+
+    return actualObject;
+  }
+
+  /**
+   * this method would never return null, it either throws an exception or returns an object
+   *
+   * @return an object of type expectedClazz. This method would never return null. It either returns
+   *         an non-null object or throws exception.
+   */
+  public static <T> T getObjectOfType(String classOrMethod, Class<T> expectedClazz) {
+    T object;
+    try {
+      object = getObjectOfTypeFromClassName(classOrMethod, expectedClazz);
+    } catch (Exception ignore) {
+      object = getObjectOfTypeFromFactoryMethod(classOrMethod);
+    }
+    return object;
+  }
+}

http://git-wip-us.apache.org/repos/asf/geode/blob/5eca6f03/geode-core/src/main/java/org/apache/geode/internal/security/Credentials.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/security/Credentials.java b/geode-core/src/main/java/org/apache/geode/internal/security/Credentials.java
new file mode 100644
index 0000000..518af9b
--- /dev/null
+++ b/geode-core/src/main/java/org/apache/geode/internal/security/Credentials.java
@@ -0,0 +1,36 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.geode.internal.security;
+
+import static org.apache.geode.management.internal.security.ResourceConstants.PASSWORD;
+import static org.apache.geode.management.internal.security.ResourceConstants.USER_NAME;
+
+import java.util.Properties;
+
+/**
+ * Utility for gathering security credentials from securityProperties.
+ */
+public class Credentials {
+
+  public static Properties getCredentials(Properties securityProps) {
+    Properties credentials = null;
+    if (securityProps.containsKey(USER_NAME) && securityProps.containsKey(PASSWORD)) {
+      credentials = new Properties();
+      credentials.setProperty(USER_NAME, securityProps.getProperty(USER_NAME));
+      credentials.setProperty(PASSWORD, securityProps.getProperty(PASSWORD));
+    }
+    return credentials;
+  }
+}

http://git-wip-us.apache.org/repos/asf/geode/blob/5eca6f03/geode-core/src/main/java/org/apache/geode/internal/security/CustomSecurityService.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/security/CustomSecurityService.java b/geode-core/src/main/java/org/apache/geode/internal/security/CustomSecurityService.java
new file mode 100644
index 0000000..c4946e7
--- /dev/null
+++ b/geode-core/src/main/java/org/apache/geode/internal/security/CustomSecurityService.java
@@ -0,0 +1,341 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.geode.internal.security;
+
+import java.io.IOException;
+import java.io.Serializable;
+import java.security.AccessController;
+import java.util.Properties;
+import java.util.Set;
+import java.util.concurrent.Callable;
+
+import org.apache.commons.lang.SerializationException;
+import org.apache.commons.lang.StringUtils;
+import org.apache.geode.GemFireIOException;
+import org.apache.geode.internal.cache.EntryEventImpl;
+import org.apache.geode.internal.logging.LogService;
+import org.apache.geode.internal.security.shiro.GeodeAuthenticationToken;
+import org.apache.geode.internal.security.shiro.ShiroPrincipal;
+import org.apache.geode.internal.util.BlobHelper;
+import org.apache.geode.security.AuthenticationFailedException;
+import org.apache.geode.security.GemFireSecurityException;
+import org.apache.geode.security.NotAuthorizedException;
+import org.apache.geode.security.ResourcePermission.Operation;
+import org.apache.geode.security.ResourcePermission.Resource;
+import org.apache.logging.log4j.Logger;
+import org.apache.shiro.SecurityUtils;
+import org.apache.shiro.ShiroException;
+import org.apache.shiro.subject.Subject;
+import org.apache.shiro.subject.support.SubjectThreadState;
+import org.apache.shiro.util.ThreadContext;
+import org.apache.shiro.util.ThreadState;
+
+import org.apache.geode.management.internal.security.ResourceOperation;
+import org.apache.geode.security.PostProcessor;
+import org.apache.geode.security.ResourcePermission;
+import org.apache.geode.security.SecurityManager;
+
+public class CustomSecurityService implements SecurityService {
+  private static Logger logger = LogService.getLogger(LogService.SECURITY_LOGGER_NAME);
+
+  private final PostProcessor postProcessor;
+
+  CustomSecurityService(PostProcessor postProcessor) {
+    this.postProcessor = postProcessor;
+  }
+
+  @Override
+  public void initSecurity(final Properties securityProps) {
+    if (this.postProcessor != null) {
+      this.postProcessor.init(securityProps);
+    }
+  }
+
+  @Override
+  public ThreadState bindSubject(final Subject subject) {
+    if (subject == null) {
+      return null;
+    }
+
+    ThreadState threadState = new SubjectThreadState(subject);
+    threadState.bind();
+    return threadState;
+  }
+
+  @Override
+  public Subject getSubject() {
+    Subject currentUser;
+
+    // First try get the principal out of AccessControlContext instead of Shiro's Thread context
+    // since threads can be shared between JMX clients.
+    javax.security.auth.Subject jmxSubject =
+        javax.security.auth.Subject.getSubject(AccessController.getContext());
+
+    if (jmxSubject != null) {
+      Set<ShiroPrincipal> principals = jmxSubject.getPrincipals(ShiroPrincipal.class);
+      if (principals.size() > 0) {
+        ShiroPrincipal principal = principals.iterator().next();
+        currentUser = principal.getSubject();
+        ThreadContext.bind(currentUser);
+        return currentUser;
+      }
+    }
+
+    // in other cases like rest call, client operations, we get it from the current thread
+    currentUser = SecurityUtils.getSubject();
+
+    if (currentUser == null || currentUser.getPrincipal() == null) {
+      throw new GemFireSecurityException("Error: Anonymous User");
+    }
+
+    return currentUser;
+  }
+
+  @Override
+  public Subject login(final Properties credentials) {
+    if (credentials == null) {
+      return null;
+    }
+
+    // this makes sure it starts with a clean user object
+    ThreadContext.remove();
+
+    Subject currentUser = SecurityUtils.getSubject();
+    GeodeAuthenticationToken token = new GeodeAuthenticationToken(credentials);
+    try {
+      logger.debug("Logging in " + token.getPrincipal());
+      currentUser.login(token);
+    } catch (ShiroException e) {
+      logger.info(e.getMessage(), e);
+      throw new AuthenticationFailedException(
+          "Authentication error. Please check your credentials.", e);
+    }
+
+    return currentUser;
+  }
+
+  @Override
+  public void logout() {
+    Subject currentUser = getSubject();
+    if (currentUser == null) {
+      return;
+    }
+
+    try {
+      logger.debug("Logging out " + currentUser.getPrincipal());
+      currentUser.logout();
+    } catch (ShiroException e) {
+      logger.info(e.getMessage(), e);
+      throw new GemFireSecurityException(e.getMessage(), e);
+    }
+    // clean out Shiro's thread local content
+    ThreadContext.remove();
+  }
+
+  @Override
+  public Callable associateWith(final Callable callable) {
+    Subject currentUser = getSubject();
+    if (currentUser == null) {
+      return callable;
+    }
+
+    return currentUser.associateWith(callable);
+  }
+
+  @Override
+  public void authorize(final ResourceOperation resourceOperation) {
+    if (resourceOperation == null) {
+      return;
+    }
+
+    authorize(resourceOperation.resource().name(), resourceOperation.operation().name(), null);
+  }
+
+  @Override
+  public void authorizeClusterManage() {
+    authorize("CLUSTER", "MANAGE");
+  }
+
+  @Override
+  public void authorizeClusterWrite() {
+    authorize("CLUSTER", "WRITE");
+  }
+
+  @Override
+  public void authorizeClusterRead() {
+    authorize("CLUSTER", "READ");
+  }
+
+  @Override
+  public void authorizeDataManage() {
+    authorize("DATA", "MANAGE");
+  }
+
+  @Override
+  public void authorizeDataWrite() {
+    authorize("DATA", "WRITE");
+  }
+
+  @Override
+  public void authorizeDataRead() {
+    authorize("DATA", "READ");
+  }
+
+  @Override
+  public void authorizeRegionManage(final String regionName) {
+    authorize("DATA", "MANAGE", regionName);
+  }
+
+  @Override
+  public void authorizeRegionManage(final String regionName, final String key) {
+    authorize("DATA", "MANAGE", regionName, key);
+  }
+
+  @Override
+  public void authorizeRegionWrite(final String regionName) {
+    authorize("DATA", "WRITE", regionName);
+  }
+
+  @Override
+  public void authorizeRegionWrite(final String regionName, final String key) {
+    authorize("DATA", "WRITE", regionName, key);
+  }
+
+  @Override
+  public void authorizeRegionRead(final String regionName) {
+    authorize("DATA", "READ", regionName);
+  }
+
+  @Override
+  public void authorizeRegionRead(final String regionName, final String key) {
+    authorize("DATA", "READ", regionName, key);
+  }
+
+  @Override
+  public void authorize(final String resource, final String operation) {
+    authorize(resource, operation, null);
+  }
+
+  @Override
+  public void authorize(final String resource, final String operation, final String regionName) {
+    authorize(resource, operation, regionName, null);
+  }
+
+  @Override
+  public void authorize(final String resource, final String operation, String regionName,
+      final String key) {
+    regionName = StringUtils.stripStart(regionName, "/");
+    authorize(new ResourcePermission(resource, operation, regionName, key));
+  }
+
+  @Override
+  public void authorize(final ResourcePermission context) {
+    Subject currentUser = getSubject();
+    if (currentUser == null) {
+      return;
+    }
+    if (context == null) {
+      return;
+    }
+    if (context.getResource() == Resource.NULL && context.getOperation() == Operation.NULL) {
+      return;
+    }
+
+    try {
+      currentUser.checkPermission(context);
+    } catch (ShiroException e) {
+      String msg = currentUser.getPrincipal() + " not authorized for " + context;
+      logger.info(msg);
+      throw new NotAuthorizedException(msg, e);
+    }
+  }
+
+  @Override
+  public void close() {
+    ThreadContext.remove();
+    SecurityUtils.setSecurityManager(null);
+  }
+
+  @Override
+  public boolean needPostProcess() {
+    return this.postProcessor != null;
+  }
+
+  @Override
+  public Object postProcess(final String regionPath, final Object key, final Object value,
+      final boolean valueIsSerialized) {
+    return postProcess(null, regionPath, key, value, valueIsSerialized);
+  }
+
+  @Override
+  public Object postProcess(Object principal, final String regionPath, final Object key,
+      final Object value, final boolean valueIsSerialized) {
+    if (!needPostProcess()) {
+      return value;
+    }
+
+    if (principal == null) {
+      Subject subject = getSubject();
+      if (subject == null) {
+        return value;
+      }
+      principal = (Serializable) subject.getPrincipal();
+    }
+
+    String regionName = StringUtils.stripStart(regionPath, "/");
+    Object newValue;
+
+    // if the data is a byte array, but the data itself is supposed to be an object, we need to
+    // deserialize it before we pass it to the callback.
+    if (valueIsSerialized && value instanceof byte[]) {
+      try {
+        Object oldObj = EntryEventImpl.deserialize((byte[]) value);
+        Object newObj = this.postProcessor.processRegionValue(principal, regionName, key, oldObj);
+        newValue = BlobHelper.serializeToBlob(newObj);
+      } catch (IOException | SerializationException e) {
+        throw new GemFireIOException("Exception de/serializing entry value", e);
+      }
+    } else {
+      newValue = this.postProcessor.processRegionValue(principal, regionName, key, value);
+    }
+
+    return newValue;
+  }
+
+  @Override
+  public boolean isClientSecurityRequired() {
+    return true;
+  }
+
+  @Override
+  public boolean isIntegratedSecurity() {
+    return true;
+  }
+
+  @Override
+  public boolean isPeerSecurityRequired() {
+    return true;
+  }
+
+  @Override
+  public SecurityManager getSecurityManager() {
+    return null;
+  }
+
+  @Override
+  public PostProcessor getPostProcessor() {
+    return this.postProcessor;
+  }
+}

http://git-wip-us.apache.org/repos/asf/geode/blob/5eca6f03/geode-core/src/main/java/org/apache/geode/internal/security/DisabledSecurityService.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/security/DisabledSecurityService.java b/geode-core/src/main/java/org/apache/geode/internal/security/DisabledSecurityService.java
new file mode 100644
index 0000000..d328946
--- /dev/null
+++ b/geode-core/src/main/java/org/apache/geode/internal/security/DisabledSecurityService.java
@@ -0,0 +1,206 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.geode.internal.security;
+
+import java.util.Properties;
+import java.util.concurrent.Callable;
+
+import org.apache.shiro.subject.Subject;
+import org.apache.shiro.subject.support.SubjectThreadState;
+import org.apache.shiro.util.ThreadState;
+
+import org.apache.geode.management.internal.security.ResourceOperation;
+import org.apache.geode.security.PostProcessor;
+import org.apache.geode.security.ResourcePermission;
+import org.apache.geode.security.SecurityManager;
+
+/**
+ * No-op security service that does nothing.
+ */
+public class DisabledSecurityService implements SecurityService {
+
+  public DisabledSecurityService() {
+    // nothing
+  }
+
+  @Override
+  public void initSecurity(final Properties securityProps) {
+    // nothing
+  }
+
+  @Override
+  public ThreadState bindSubject(final Subject subject) {
+    if (subject == null) {
+      return null;
+    }
+
+    ThreadState threadState = new SubjectThreadState(subject);
+    threadState.bind();
+    return threadState;
+  }
+
+  @Override
+  public Subject getSubject() {
+    return null;
+  }
+
+  @Override
+  public Subject login(final Properties credentials) {
+    return null;
+  }
+
+  @Override
+  public void logout() {
+    // nothing
+  }
+
+  @Override
+  public Callable associateWith(final Callable callable) {
+    return callable;
+  }
+
+  @Override
+  public void authorize(final ResourceOperation resourceOperation) {
+    // nothing
+  }
+
+  @Override
+  public void authorizeClusterManage() {
+    // nothing
+  }
+
+  @Override
+  public void authorizeClusterWrite() {
+    // nothing
+  }
+
+  @Override
+  public void authorizeClusterRead() {
+    // nothing
+  }
+
+  @Override
+  public void authorizeDataManage() {
+    // nothing
+  }
+
+  @Override
+  public void authorizeDataWrite() {
+    // nothing
+  }
+
+  @Override
+  public void authorizeDataRead() {
+    // nothing
+  }
+
+  @Override
+  public void authorizeRegionManage(final String regionName) {
+    // nothing
+  }
+
+  @Override
+  public void authorizeRegionManage(final String regionName, final String key) {
+    // nothing
+  }
+
+  @Override
+  public void authorizeRegionWrite(final String regionName) {
+    // nothing
+  }
+
+  @Override
+  public void authorizeRegionWrite(final String regionName, final String key) {
+    // nothing
+  }
+
+  @Override
+  public void authorizeRegionRead(final String regionName) {
+    // nothing
+  }
+
+  @Override
+  public void authorizeRegionRead(final String regionName, final String key) {
+    // nothing
+  }
+
+  @Override
+  public void authorize(final String resource, final String operation) {
+    // nothing
+  }
+
+  @Override
+  public void authorize(final String resource, final String operation, final String regionName) {
+    // nothing
+  }
+
+  @Override
+  public void authorize(final String resource, final String operation, final String regionName,
+      final String key) {
+    // nothing
+  }
+
+  @Override
+  public void authorize(final ResourcePermission context) {
+    // nothing
+  }
+
+  @Override
+  public void close() {
+    // nothing
+  }
+
+  @Override
+  public boolean needPostProcess() {
+    return false;
+  }
+
+  @Override
+  public Object postProcess(final String regionPath, final Object key, final Object value,
+      final boolean valueIsSerialized) {
+    return value;
+  }
+
+  @Override
+  public Object postProcess(final Object principal, final String regionPath, final Object key,
+      final Object value, final boolean valueIsSerialized) {
+    return value;
+  }
+
+  @Override
+  public boolean isClientSecurityRequired() {
+    return false;
+  }
+
+  @Override
+  public boolean isIntegratedSecurity() {
+    return false;
+  }
+
+  @Override
+  public boolean isPeerSecurityRequired() {
+    return false;
+  }
+
+  @Override
+  public SecurityManager getSecurityManager() {
+    return null;
+  }
+
+  @Override
+  public PostProcessor getPostProcessor() {
+    return null;
+  }
+}


Mime
View raw message