geode-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jstew...@apache.org
Subject [1/6] geode git commit: GEODE-2919: Provide finer grained security
Date Fri, 23 Jun 2017 22:48:58 GMT
Repository: geode
Updated Branches:
  refs/heads/develop 3ee585c58 -> 451d12e83


http://git-wip-us.apache.org/repos/asf/geode/blob/451d12e8/geode-core/src/test/java/org/apache/geode/management/internal/security/TestCommand.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/management/internal/security/TestCommand.java b/geode-core/src/test/java/org/apache/geode/management/internal/security/TestCommand.java
index 7ce0438..abe5d21 100644
--- a/geode-core/src/test/java/org/apache/geode/management/internal/security/TestCommand.java
+++ b/geode-core/src/test/java/org/apache/geode/management/internal/security/TestCommand.java
@@ -15,9 +15,11 @@
 package org.apache.geode.management.internal.security;
 
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.List;
 import java.util.stream.Collectors;
 
+import org.apache.commons.lang.ArrayUtils;
 import org.apache.shiro.authz.Permission;
 
 import org.apache.geode.security.ResourcePermission;
@@ -46,10 +48,22 @@ public class TestCommand {
 
   public static ResourcePermission clusterRead =
       new ResourcePermission(Resource.CLUSTER, Operation.READ);
+  public static ResourcePermission clusterReadQuery =
+      new ResourcePermission(Resource.CLUSTER, Operation.READ, Target.QUERY);
   public static ResourcePermission clusterWrite =
       new ResourcePermission(Resource.CLUSTER, Operation.WRITE);
+  public static ResourcePermission clusterWriteDisk =
+      new ResourcePermission(Resource.CLUSTER, Operation.WRITE, Target.DISK);
   public static ResourcePermission clusterManage =
       new ResourcePermission(Resource.CLUSTER, Operation.MANAGE);
+  public static ResourcePermission clusterManageDisk =
+      new ResourcePermission(Resource.CLUSTER, Operation.MANAGE, Target.DISK);
+  public static ResourcePermission clusterManageGateway =
+      new ResourcePermission(Resource.CLUSTER, Operation.MANAGE, Target.GATEWAY);
+  public static ResourcePermission clusterManageJar =
+      new ResourcePermission(Resource.CLUSTER, Operation.MANAGE, Target.JAR);
+  public static ResourcePermission clusterManageQuery =
+      new ResourcePermission(Resource.CLUSTER, Operation.MANAGE, Target.QUERY);
 
   private static List<TestCommand> testCommands = new ArrayList<>();
 
@@ -58,15 +72,15 @@ public class TestCommand {
   }
 
   private final String command;
-  private final ResourcePermission permission;
+  private final ResourcePermission[] permissions;
 
-  public TestCommand(String command, ResourcePermission permission) {
+  public TestCommand(String command, ResourcePermission... permissions) {
     this.command = command;
-    this.permission = permission;
+    this.permissions = permissions;
   }
 
-  private static void createTestCommand(String command, ResourcePermission permission) {
-    TestCommand instance = new TestCommand(command, permission);
+  private static void createTestCommand(String command, ResourcePermission... permissions) {
+    TestCommand instance = new TestCommand(command, permissions);
     testCommands.add(instance);
   }
 
@@ -74,8 +88,8 @@ public class TestCommand {
     return this.command;
   }
 
-  public ResourcePermission getPermission() {
-    return this.permission;
+  public ResourcePermission[] getPermissions() {
+    return this.permissions;
   }
 
   public static List<TestCommand> getCommands() {
@@ -83,11 +97,21 @@ public class TestCommand {
     return testCommands.stream().collect(Collectors.toList());
   }
 
+  public static List<TestCommand> getOnlineCommands() {
+    return testCommands.stream().filter((x) -> ArrayUtils.isNotEmpty(x.getPermissions()))
+        .collect(Collectors.toList());
+  }
+
   public static List<TestCommand> getPermittedCommands(Permission permission) {
     List<TestCommand> result = new ArrayList<>();
     for (TestCommand testCommand : testCommands) {
-      ResourcePermission cPerm = testCommand.getPermission();
-      if (cPerm != null && permission.implies(cPerm)) {
+      ResourcePermission[] cPerms = testCommand.getPermissions();
+      if (cPerms == null || cPerms.length == 0) {
+        // Skip offline commands.
+        continue;
+      }
+      boolean allPermissionsAreImplied = Arrays.stream(cPerms).allMatch(permission::implies);
+      if (allPermissionsAreImplied) {
         result.add(testCommand);
       }
     }
@@ -107,6 +131,11 @@ public class TestCommand {
     // CreateAlterDestroyRegionCommands
     createTestCommand("alter region --name=RegionA --eviction-max=5000", regionAManage);
     createTestCommand("create region --name=region12 --type=REPLICATE", dataManage);
+    createTestCommand("create region --name=region123 --type=PARTITION_PERSISTENT", dataManage,
+        clusterWriteDisk);
+    // This command requires an existing persistent region named "persistentRegion"
+    createTestCommand("create region --name=region1234 --template-region=/persistentRegion",
+        dataManage, clusterWriteDisk);
     createTestCommand("destroy region --name=value", dataManage);
 
     // Data Commands
@@ -124,28 +153,28 @@ public class TestCommand {
     // Deploy commands
     // createTestCommand("deploy --jar=group1_functions.jar --group=Group1", dataManage); // TODO:
     // this command will fail in GfshCommandsSecurityTest at interceptor for jar file checking
-    createTestCommand("undeploy --group=Group1", dataManage);
+    createTestCommand("undeploy --group=Group1", clusterManageJar);
 
     // Diskstore Commands
-    createTestCommand("backup disk-store --dir=foo", dataRead);
+    createTestCommand("backup disk-store --dir=foo", dataRead, clusterWriteDisk);
     createTestCommand("list disk-stores", clusterRead);
-    createTestCommand("create disk-store --name=foo --dir=bar", dataManage);
-    createTestCommand("compact disk-store --name=foo", diskManage);
-    createTestCommand("compact offline-disk-store --name=foo --disk-dirs=bar", null);
-    createTestCommand("upgrade offline-disk-store --name=foo --disk-dirs=bar", null);
+    createTestCommand("create disk-store --name=foo --dir=bar", clusterManageDisk);
+    createTestCommand("compact disk-store --name=foo", clusterManageDisk);
+    createTestCommand("compact offline-disk-store --name=foo --disk-dirs=bar");
+    createTestCommand("upgrade offline-disk-store --name=foo --disk-dirs=bar");
     createTestCommand("describe disk-store --name=foo --member=baz", clusterRead);
-    createTestCommand("revoke missing-disk-store --id=foo", dataManage);
+    createTestCommand("revoke missing-disk-store --id=foo", clusterManageDisk);
     createTestCommand("show missing-disk-stores", clusterRead);
-    createTestCommand("describe offline-disk-store --name=foo --disk-dirs=bar", null);
-    createTestCommand("export offline-disk-store --name=foo --disk-dirs=bar --dir=baz", null);
-    createTestCommand("validate offline-disk-store --name=foo --disk-dirs=bar", null);
-    createTestCommand("alter disk-store --name=foo --region=xyz --disk-dirs=bar", null);
-    createTestCommand("destroy disk-store --name=foo", dataManage);
+    createTestCommand("describe offline-disk-store --name=foo --disk-dirs=bar");
+    createTestCommand("export offline-disk-store --name=foo --disk-dirs=bar --dir=baz");
+    createTestCommand("validate offline-disk-store --name=foo --disk-dirs=bar");
+    createTestCommand("alter disk-store --name=foo --region=xyz --disk-dirs=bar");
+    createTestCommand("destroy disk-store --name=foo", clusterManageDisk);
 
     // DurableClientCommands
-    createTestCommand("close durable-client --durable-client-id=client1", dataManage);
+    createTestCommand("close durable-client --durable-client-id=client1", clusterManageQuery);
     createTestCommand("close durable-cq --durable-client-id=client1 --durable-cq-name=cq1",
-        dataManage);
+        clusterManageQuery);
     createTestCommand("show subscription-queue-size --durable-client-id=client1", clusterRead);
     createTestCommand("list durable-cqs --durable-client-id=client1", clusterRead);
 
@@ -160,30 +189,30 @@ public class TestCommand {
     createTestCommand("list functions", clusterRead);
 
     // GfshHelpCommands
-    createTestCommand("hint", null);
-    createTestCommand("help", null);
+    createTestCommand("hint");
+    createTestCommand("help");
 
     // IndexCommands
-    createTestCommand("clear defined indexes", dataManage);
-    createTestCommand("create defined indexes", dataManage);
+    createTestCommand("clear defined indexes", clusterManageQuery);
+    createTestCommand("create defined indexes", clusterManageQuery);
     createTestCommand(
         "create index --name=myKeyIndex --expression=region1.Id --region=RegionA --type=key",
-        regionAManage);
+        clusterManageQuery);
     createTestCommand("define index --name=myIndex1 --expression=exp1 --region=/RegionA",
-        regionAManage);
-    createTestCommand("destroy index --member=server2", dataManage);
-    createTestCommand("destroy index --region=RegionA --member=server2", regionAManage);
-    createTestCommand("list indexes", clusterRead);
+        clusterManageQuery);
+    createTestCommand("destroy index --member=server2", clusterManageQuery);
+    createTestCommand("destroy index --region=RegionA --member=server2", clusterManageQuery);
+    createTestCommand("list indexes", clusterReadQuery);
 
     // LauncherLifecycleCommands
-    createTestCommand("start jconsole", null);
-    createTestCommand("start jvisualvm", null);
-    createTestCommand("start locator --name=locator1", null);
-    createTestCommand("start pulse", null);
-    createTestCommand("start server --name=server1", null);
-    createTestCommand("start vsd", null);
-    createTestCommand("status locator", null);
-    createTestCommand("status server", null);
+    createTestCommand("start jconsole");
+    createTestCommand("start jvisualvm");
+    createTestCommand("start locator --name=locator1");
+    createTestCommand("start pulse");
+    createTestCommand("start server --name=server1");
+    createTestCommand("start vsd");
+    createTestCommand("status locator");
+    createTestCommand("status server");
     // createTestCommand("stop locator --name=locator1", clusterManage);
     // createTestCommand("stop server --name=server1", clusterManage);
 
@@ -203,48 +232,52 @@ public class TestCommand {
 
 
     // PDX Commands
-    createTestCommand("configure pdx --read-serialized=true", dataManage);
-    // createTestCommand("pdx rename --old=org.apache --new=com.pivotal --disk-store=ds1
-    // --disk-dirs=/diskDir1", dataManage);
+    createTestCommand("configure pdx --read-serialized=true", clusterManage);
+    createTestCommand(
+        "pdx rename --old=org.apache --new=com.pivotal --disk-store=ds1 --disk-dirs=/diskDir1");
 
     // Queue Commands
     createTestCommand("create async-event-queue --id=myAEQ --listener=myApp.myListener",
-        dataManage);
+        clusterManageJar);
+    createTestCommand(
+        "create async-event-queue --id=myAEQ --listener=myApp.myListener --persistent",
+        clusterManageJar, clusterWriteDisk);
+
     createTestCommand("list async-event-queues", clusterRead);
 
     // RegionCommands
     createTestCommand("describe region --name=value", clusterRead);
-    createTestCommand("list regions", dataRead);
+    createTestCommand("list regions", clusterRead);
 
     // StatusCommands
     createTestCommand("status cluster-config-service", clusterRead);
 
     // Shell Commands
-    createTestCommand("connect", null);
-    createTestCommand("debug --state=on", null);
-    createTestCommand("describe connection", null);
-    createTestCommand("echo --string=\"Hello World!\"", null);
-    createTestCommand("version", null);
-    createTestCommand("sleep", null);
-    createTestCommand("sh ls", null);
+    createTestCommand("connect");
+    createTestCommand("debug --state=on");
+    createTestCommand("describe connection");
+    createTestCommand("echo --string=\"Hello World!\"");
+    createTestCommand("version");
+    createTestCommand("sleep");
+    createTestCommand("sh ls");
 
     // WAN Commands
     createTestCommand("create gateway-sender --id=sender1 --remote-distributed-system-id=2",
-        dataManage);
-    createTestCommand("start gateway-sender --id=sender1", dataManage);
-    createTestCommand("pause gateway-sender --id=sender1", dataManage);
-    createTestCommand("resume gateway-sender --id=sender1", dataManage);
-    createTestCommand("stop gateway-sender --id=sender1", dataManage);
-    createTestCommand("load-balance gateway-sender --id=sender1", dataManage);
+        clusterManageGateway);
+    createTestCommand("start gateway-sender --id=sender1", clusterManageGateway);
+    createTestCommand("pause gateway-sender --id=sender1", clusterManageGateway);
+    createTestCommand("resume gateway-sender --id=sender1", clusterManageGateway);
+    createTestCommand("stop gateway-sender --id=sender1", clusterManageGateway);
+    createTestCommand("load-balance gateway-sender --id=sender1", clusterManageGateway);
     createTestCommand("list gateways", clusterRead);
-    createTestCommand("create gateway-receiver", dataManage);
-    createTestCommand("start gateway-receiver", dataManage);
-    createTestCommand("stop gateway-receiver", dataManage);
+    createTestCommand("create gateway-receiver", clusterManageGateway);
+    createTestCommand("start gateway-receiver", clusterManageGateway);
+    createTestCommand("stop gateway-receiver", clusterManageGateway);
     createTestCommand("status gateway-receiver", clusterRead);
     createTestCommand("status gateway-sender --id=sender1", clusterRead);
 
     // ShellCommand
-    createTestCommand("disconnect", null);
+    createTestCommand("disconnect");
 
     // Misc commands
     // createTestCommand("shutdown", clusterManage);

http://git-wip-us.apache.org/repos/asf/geode/blob/451d12e8/geode-core/src/test/java/org/apache/geode/test/dunit/rules/LocatorServerStartupRule.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/test/dunit/rules/LocatorServerStartupRule.java b/geode-core/src/test/java/org/apache/geode/test/dunit/rules/LocatorServerStartupRule.java
index dcdc5c4..62ae2e2 100644
--- a/geode-core/src/test/java/org/apache/geode/test/dunit/rules/LocatorServerStartupRule.java
+++ b/geode-core/src/test/java/org/apache/geode/test/dunit/rules/LocatorServerStartupRule.java
@@ -20,13 +20,6 @@ import static org.apache.geode.distributed.ConfigurationProperties.JMX_MANAGER_P
 import static org.apache.geode.distributed.ConfigurationProperties.NAME;
 import static org.apache.geode.test.dunit.Host.getHost;
 
-import org.apache.geode.internal.AvailablePortHelper;
-import org.apache.geode.test.dunit.VM;
-import org.apache.geode.test.dunit.standalone.DUnitLauncher;
-import org.apache.geode.test.junit.rules.serializable.SerializableTemporaryFolder;
-import org.junit.rules.ExternalResource;
-import org.junit.rules.TemporaryFolder;
-
 import java.io.File;
 import java.io.IOException;
 import java.io.Serializable;
@@ -34,6 +27,14 @@ import java.util.Arrays;
 import java.util.Objects;
 import java.util.Properties;
 
+import org.junit.rules.ExternalResource;
+import org.junit.rules.TemporaryFolder;
+
+import org.apache.geode.internal.AvailablePortHelper;
+import org.apache.geode.test.dunit.VM;
+import org.apache.geode.test.dunit.standalone.DUnitLauncher;
+import org.apache.geode.test.junit.rules.serializable.SerializableTemporaryFolder;
+
 
 /**
  * A rule to help you start locators and servers inside of a
@@ -118,6 +119,10 @@ public class LocatorServerStartupRule extends ExternalResource implements Serial
 
   public MemberVM startServerAsJmxManager(int index) throws IOException {
     Properties properties = new Properties();
+    return startServerAsJmxManager(index, properties);
+  }
+
+  public MemberVM startServerAsJmxManager(int index, Properties properties) throws IOException {
     properties.setProperty(JMX_MANAGER_PORT, AvailablePortHelper.getRandomAvailableTCPPort() + "");
     return startServerVM(index, properties, -1);
   }

http://git-wip-us.apache.org/repos/asf/geode/blob/451d12e8/geode-core/src/test/java/org/apache/geode/test/dunit/rules/MemberStarterRule.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/test/dunit/rules/MemberStarterRule.java b/geode-core/src/test/java/org/apache/geode/test/dunit/rules/MemberStarterRule.java
index 008ced7..5b4f2c1 100644
--- a/geode-core/src/test/java/org/apache/geode/test/dunit/rules/MemberStarterRule.java
+++ b/geode-core/src/test/java/org/apache/geode/test/dunit/rules/MemberStarterRule.java
@@ -38,6 +38,12 @@ import java.io.File;
 import java.io.IOException;
 import java.util.Properties;
 
+import org.junit.rules.ExternalResource;
+import org.junit.rules.TemporaryFolder;
+
+import org.apache.geode.internal.AvailablePortHelper;
+import org.apache.geode.security.SecurityManager;
+
 /**
  * the abstract class that's used by LocatorStarterRule and ServerStarterRule to avoid code
  * duplication.

http://git-wip-us.apache.org/repos/asf/geode/blob/451d12e8/geode-core/src/test/resources/org/apache/geode/codeAnalysis/sanctionedSerializables.txt
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/org/apache/geode/codeAnalysis/sanctionedSerializables.txt b/geode-core/src/test/resources/org/apache/geode/codeAnalysis/sanctionedSerializables.txt
index 28c6c8a..135f509 100755
--- a/geode-core/src/test/resources/org/apache/geode/codeAnalysis/sanctionedSerializables.txt
+++ b/geode-core/src/test/resources/org/apache/geode/codeAnalysis/sanctionedSerializables.txt
@@ -533,8 +533,8 @@ org/apache/geode/management/internal/cli/functions/AsyncEventQueueFunctionArgs,t
 org/apache/geode/management/internal/cli/functions/ChangeLogLevelFunction,true,1
 org/apache/geode/management/internal/cli/functions/CloseDurableClientFunction,true,1
 org/apache/geode/management/internal/cli/functions/CloseDurableCqFunction,true,1
-org/apache/geode/management/internal/cli/functions/ContunuousQueryFunction,true,1
-org/apache/geode/management/internal/cli/functions/ContunuousQueryFunction$ClientInfo,true,1,isDurable:java/lang/String,primaryServer:java/lang/String,secondaryServer:java/lang/String,this$0:org/apache/geode/management/internal/cli/functions/ContunuousQueryFunction
+org/apache/geode/management/internal/cli/functions/ContinuousQueryFunction,true,1
+org/apache/geode/management/internal/cli/functions/ContinuousQueryFunction$ClientInfo,true,1,isDurable:java/lang/String,primaryServer:java/lang/String,secondaryServer:java/lang/String,this$0:org/apache/geode/management/internal/cli/functions/ContinuousQueryFunction
 org/apache/geode/management/internal/cli/functions/CreateAsyncEventQueueFunction,true,1
 org/apache/geode/management/internal/cli/functions/CreateDefinedIndexesFunction,true,1
 org/apache/geode/management/internal/cli/functions/CreateDiskStoreFunction,true,1

http://git-wip-us.apache.org/repos/asf/geode/blob/451d12e8/geode-cq/src/test/java/org/apache/geode/management/internal/cli/commands/ClientCommandsDUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-cq/src/test/java/org/apache/geode/management/internal/cli/commands/ClientCommandsDUnitTest.java b/geode-cq/src/test/java/org/apache/geode/management/internal/cli/commands/ClientCommandsDUnitTest.java
index 7dd92bf..b0552ad 100644
--- a/geode-cq/src/test/java/org/apache/geode/management/internal/cli/commands/ClientCommandsDUnitTest.java
+++ b/geode-cq/src/test/java/org/apache/geode/management/internal/cli/commands/ClientCommandsDUnitTest.java
@@ -14,8 +14,45 @@
  */
 package org.apache.geode.management.internal.cli.commands;
 
-import org.apache.geode.cache.*;
-import org.apache.geode.cache.client.*;
+import static org.apache.geode.distributed.ConfigurationProperties.ENABLE_NETWORK_PARTITION_DETECTION;
+import static org.apache.geode.distributed.ConfigurationProperties.LOCATORS;
+import static org.apache.geode.distributed.ConfigurationProperties.LOG_FILE;
+import static org.apache.geode.distributed.ConfigurationProperties.LOG_LEVEL;
+import static org.apache.geode.distributed.ConfigurationProperties.MCAST_PORT;
+import static org.apache.geode.distributed.ConfigurationProperties.STATISTIC_ARCHIVE_FILE;
+import static org.apache.geode.distributed.ConfigurationProperties.STATISTIC_SAMPLING_ENABLED;
+import static org.apache.geode.test.dunit.Assert.assertEquals;
+import static org.apache.geode.test.dunit.Assert.assertNotNull;
+import static org.apache.geode.test.dunit.Assert.assertTrue;
+import static org.apache.geode.test.dunit.DistributedTestUtils.getDUnitLocatorPort;
+import static org.apache.geode.test.dunit.LogWriterUtils.getLogWriter;
+import static org.apache.geode.test.dunit.NetworkUtils.getServerHostName;
+
+import java.util.List;
+import java.util.Map;
+import java.util.Map.Entry;
+import java.util.Properties;
+import java.util.concurrent.TimeUnit;
+
+import javax.management.ObjectName;
+
+import org.awaitility.Awaitility;
+import org.junit.Ignore;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+import org.apache.geode.cache.AttributesFactory;
+import org.apache.geode.cache.Cache;
+import org.apache.geode.cache.CacheFactory;
+import org.apache.geode.cache.DataPolicy;
+import org.apache.geode.cache.PartitionAttributesFactory;
+import org.apache.geode.cache.Region;
+import org.apache.geode.cache.Scope;
+import org.apache.geode.cache.client.ClientCache;
+import org.apache.geode.cache.client.ClientCacheFactory;
+import org.apache.geode.cache.client.ClientRegionFactory;
+import org.apache.geode.cache.client.ClientRegionShortcut;
+import org.apache.geode.cache.client.PoolManager;
 import org.apache.geode.cache.client.internal.PoolImpl;
 import org.apache.geode.cache.query.CqAttributesFactory;
 import org.apache.geode.cache.query.QueryService;
@@ -40,27 +77,10 @@ import org.apache.geode.management.internal.cli.result.CompositeResultData.Secti
 import org.apache.geode.management.internal.cli.result.TabularResultData;
 import org.apache.geode.test.dunit.Host;
 import org.apache.geode.test.dunit.SerializableCallable;
+import org.apache.geode.test.dunit.SerializableRunnableIF;
 import org.apache.geode.test.dunit.VM;
 import org.apache.geode.test.junit.categories.DistributedTest;
 import org.apache.geode.test.junit.categories.FlakyTest;
-import org.awaitility.Awaitility;
-import org.junit.Ignore;
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-
-import javax.management.ObjectName;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
-import java.util.Map.Entry;
-import java.util.Properties;
-import java.util.concurrent.TimeUnit;
-
-import static org.apache.geode.distributed.ConfigurationProperties.*;
-import static org.apache.geode.test.dunit.Assert.*;
-import static org.apache.geode.test.dunit.DistributedTestUtils.getDUnitLocatorPort;
-import static org.apache.geode.test.dunit.LogWriterUtils.getLogWriter;
-import static org.apache.geode.test.dunit.NetworkUtils.getServerHostName;
 
 /**
  * Dunit class for testing gemfire Client commands : list client , describe client
@@ -88,35 +108,34 @@ public class ClientCommandsDUnitTest extends CliCommandTestBase {
 
     assertNotNull(serverMember);
 
-    manager.invoke(() -> {
-      Awaitility.waitAtMost(2 * 60, TimeUnit.SECONDS).pollDelay(2, TimeUnit.SECONDS).until(() -> {
-        final SystemManagementService service =
-            (SystemManagementService) ManagementService.getManagementService(getCache());
-        if (service == null) {
-          getLogWriter().info("waitForListClientMbean Still probing for service");
-          return false;
-        } else {
-          final ObjectName cacheServerMBeanName =
-              service.getCacheServerMBeanName(port0, serverMember);
-          CacheServerMXBean bean =
-              service.getMBeanProxy(cacheServerMBeanName, CacheServerMXBean.class);
-          try {
-            if (bean != null) {
-              if (bean.getClientIds().length > 1) {
-                return true;
+    manager.invoke(() -> Awaitility.waitAtMost(2 * 60, TimeUnit.SECONDS)
+        .pollDelay(2, TimeUnit.SECONDS).until(() -> {
+          final SystemManagementService service =
+              (SystemManagementService) ManagementService.getManagementService(getCache());
+          if (service == null) {
+            getLogWriter().info("waitForListClientMbean Still probing for service");
+            return false;
+          } else {
+            final ObjectName cacheServerMBeanName =
+                service.getCacheServerMBeanName(port0, serverMember);
+            CacheServerMXBean bean =
+                service.getMBeanProxy(cacheServerMBeanName, CacheServerMXBean.class);
+            try {
+              if (bean != null) {
+                if (bean.getClientIds().length > 1) {
+                  return true;
+                }
               }
+              return false;
+
+            } catch (Exception e) {
+              LogWrapper.getInstance()
+                  .warning("waitForListClientMbean Exception in waitForListClientMbean ::: "
+                      + CliUtil.stackTraceAsString(e));
             }
             return false;
-
-          } catch (Exception e) {
-            LogWrapper.getInstance()
-                .warning("waitForListClientMbean Exception in waitForListClientMbean ::: "
-                    + CliUtil.stackTraceAsString(e));
           }
-          return false;
-        }
-      });
-    });
+        }));
   }
 
   public void waitForMbean() {
@@ -128,44 +147,41 @@ public class ClientCommandsDUnitTest extends CliCommandTestBase {
 
     assertNotNull(serverMember);
 
-    manager.invoke(() -> {
-      Awaitility.waitAtMost(2 * 60, TimeUnit.SECONDS).pollDelay(2, TimeUnit.SECONDS).until(() -> {
-        final SystemManagementService service =
-            (SystemManagementService) ManagementService.getManagementService(getCache());
-        if (service == null) {
-          getLogWriter().info("waitForMbean Still probing for service");
-          return false;
-        } else {
-          final ObjectName cacheServerMBeanName =
-              service.getCacheServerMBeanName(port0, serverMember);
-          CacheServerMXBean bean =
-              service.getMBeanProxy(cacheServerMBeanName, CacheServerMXBean.class);
-          try {
-            ClientHealthStatus stats = bean.showClientStats(bean.getClientIds()[0]);
-            Map<String, String> poolStats = stats.getPoolStats();
-            if (poolStats.size() > 0) {
-              Iterator<Entry<String, String>> it = poolStats.entrySet().iterator();
-              while (it.hasNext()) {
-                Entry<String, String> entry = it.next();
-                String poolStatsStr = entry.getValue();
-                String str[] = poolStatsStr.split(";");
-                int numCqs = Integer.parseInt(str[3].substring(str[3].indexOf("=") + 1));
-                if (numCqs == 3) {
-                  return true;
+    manager.invoke(() -> Awaitility.waitAtMost(2 * 60, TimeUnit.SECONDS)
+        .pollDelay(2, TimeUnit.SECONDS).until(() -> {
+          final SystemManagementService service =
+              (SystemManagementService) ManagementService.getManagementService(getCache());
+          if (service == null) {
+            getLogWriter().info("waitForMbean Still probing for service");
+            return false;
+          } else {
+            final ObjectName cacheServerMBeanName =
+                service.getCacheServerMBeanName(port0, serverMember);
+            CacheServerMXBean bean =
+                service.getMBeanProxy(cacheServerMBeanName, CacheServerMXBean.class);
+            try {
+              ClientHealthStatus stats = bean.showClientStats(bean.getClientIds()[0]);
+              Map<String, String> poolStats = stats.getPoolStats();
+              if (poolStats.size() > 0) {
+                for (Entry<String, String> entry : poolStats.entrySet()) {
+                  String poolStatsStr = entry.getValue();
+                  String str[] = poolStatsStr.split(";");
+                  int numCqs = Integer.parseInt(str[3].substring(str[3].indexOf("=") + 1));
+                  if (numCqs == 3) {
+                    return true;
+                  }
                 }
               }
+              return false;
+
+            } catch (Exception e) {
+              LogWrapper.getInstance().warning(
+                  "waitForMbean Exception in waitForMbean ::: " + CliUtil.stackTraceAsString(e));
             }
             return false;
 
-          } catch (Exception e) {
-            LogWrapper.getInstance().warning(
-                "waitForMbean Exception in waitForMbean ::: " + CliUtil.stackTraceAsString(e));
           }
-          return false;
-
-        }
-      });
-    });
+        }));
   }
 
   public void waitForListClientMbean3() {
@@ -179,59 +195,56 @@ public class ClientCommandsDUnitTest extends CliCommandTestBase {
 
     assertNotNull(serverMember1);
 
-    manager.invoke(() -> {
-      Awaitility.waitAtMost(2 * 60, TimeUnit.SECONDS).pollDelay(2, TimeUnit.SECONDS).until(() -> {
-        final SystemManagementService service =
-            (SystemManagementService) ManagementService.getManagementService(getCache());
-        if (service == null) {
-          getLogWriter().info("waitForListClientMbean3 Still probing for service");
-          return false;
-        } else {
-          final ObjectName cacheServerMBeanName1 =
-              service.getCacheServerMBeanName(port0, serverMember1);
-          final ObjectName cacheServerMBeanName2 =
-              service.getCacheServerMBeanName(port1, serverMember2);
-          CacheServerMXBean bean1 =
-              service.getMBeanProxy(cacheServerMBeanName1, CacheServerMXBean.class);
-          CacheServerMXBean bean2 =
-              service.getMBeanProxy(cacheServerMBeanName2, CacheServerMXBean.class);
-          try {
-            if (bean1 != null && bean2 != null) {
-              if (bean1.getClientIds().length > 0 && bean2.getClientIds().length > 0) {
-                return true;
+    manager.invoke(() -> Awaitility.waitAtMost(2 * 60, TimeUnit.SECONDS)
+        .pollDelay(2, TimeUnit.SECONDS).until(() -> {
+          final SystemManagementService service =
+              (SystemManagementService) ManagementService.getManagementService(getCache());
+          if (service == null) {
+            getLogWriter().info("waitForListClientMbean3 Still probing for service");
+            return false;
+          } else {
+            final ObjectName cacheServerMBeanName1 =
+                service.getCacheServerMBeanName(port0, serverMember1);
+            final ObjectName cacheServerMBeanName2 =
+                service.getCacheServerMBeanName(port1, serverMember2);
+            CacheServerMXBean bean1 =
+                service.getMBeanProxy(cacheServerMBeanName1, CacheServerMXBean.class);
+            CacheServerMXBean bean2 =
+                service.getMBeanProxy(cacheServerMBeanName2, CacheServerMXBean.class);
+            try {
+              if (bean1 != null && bean2 != null) {
+                if (bean1.getClientIds().length > 0 && bean2.getClientIds().length > 0) {
+                  return true;
+                }
               }
+              return false;
+
+            } catch (Exception e) {
+              LogWrapper.getInstance()
+                  .warning("waitForListClientMbean3 Exception in waitForListClientMbean ::: "
+                      + CliUtil.stackTraceAsString(e));
             }
             return false;
-
-          } catch (Exception e) {
-            LogWrapper.getInstance()
-                .warning("waitForListClientMbean3 Exception in waitForListClientMbean ::: "
-                    + CliUtil.stackTraceAsString(e));
           }
-          return false;
-        }
-      });
-    });
+        }));
   }
 
   @Ignore("disabled for unknown reason")
   @Test
   public void testDescribeClientWithServers3() throws Exception {
     setupSystem3();
-    String commandString = CliStrings.DESCRIBE_CLIENT + " --" + CliStrings.DESCRIBE_CLIENT__ID
-        + "=\"" + clientId + "\"";
+    String commandString;
     final VM server1 = Host.getHost(0).getVM(1);
     final VM server2 = Host.getHost(0).getVM(3);
     final VM manager = Host.getHost(0).getVM(0);
     String serverName1 =
-        (String) server1.invoke("get DistributedMemberID ", () -> getDistributedMemberId());
+        (String) server1.invoke("get DistributedMemberID ", this::getDistributedMemberId);
 
-    String serverName2 =
-        (String) server2.invoke("get DistributedMemberID ", () -> getDistributedMemberId());
+    String serverName2 = server2.invoke("get DistributedMemberID ", this::getDistributedMemberId);
 
     final DistributedMember serverMember1 = getMember(server1);
 
-    String[] clientIds = (String[]) manager.invoke("get Client Ids", () -> {
+    String[] clientIds = manager.invoke("get Client Ids", () -> {
       final SystemManagementService service =
           (SystemManagementService) ManagementService.getManagementService(getCache());
 
@@ -250,7 +263,7 @@ public class ClientCommandsDUnitTest extends CliCommandTestBase {
 
     final DistributedMember serverMember2 = getMember(server2);
 
-    String[] clientIds2 = (String[]) manager.invoke("get Client Ids", () -> {
+    String[] clientIds2 = manager.invoke("get Client Ids", () -> {
       final SystemManagementService service =
           (SystemManagementService) ManagementService.getManagementService(getCache());
 
@@ -307,21 +320,21 @@ public class ClientCommandsDUnitTest extends CliCommandTestBase {
     SectionResultData section = resultData.retrieveSection("InfoSection");
     assertNotNull(section);
     for (int i = 0; i < 1; i++) {
-      TabularResultData tableRsultData = section.retrieveTableByIndex(i);
-      getLogWriter().info("testDescribeClientWithServers getHeader=" + tableRsultData.getHeader());
-      assertNotNull(tableRsultData);
+      TabularResultData tableResultData = section.retrieveTableByIndex(i);
+      getLogWriter().info("testDescribeClientWithServers getHeader=" + tableResultData.getHeader());
+      assertNotNull(tableResultData);
 
-      List<String> minConn = tableRsultData.retrieveAllValues(CliStrings.DESCRIBE_CLIENT_MIN_CONN);
-      List<String> maxConn = tableRsultData.retrieveAllValues(CliStrings.DESCRIBE_CLIENT_MAX_CONN);
-      List<String> redudancy =
-          tableRsultData.retrieveAllValues(CliStrings.DESCRIBE_CLIENT_REDUDANCY);
-      List<String> numCqs = tableRsultData.retrieveAllValues(CliStrings.DESCRIBE_CLIENT_CQs);
+      List<String> minConn = tableResultData.retrieveAllValues(CliStrings.DESCRIBE_CLIENT_MIN_CONN);
+      List<String> maxConn = tableResultData.retrieveAllValues(CliStrings.DESCRIBE_CLIENT_MAX_CONN);
+      List<String> redundancy =
+          tableResultData.retrieveAllValues(CliStrings.DESCRIBE_CLIENT_REDUNDANCY);
+      List<String> numCqs = tableResultData.retrieveAllValues(CliStrings.DESCRIBE_CLIENT_CQs);
 
       getLogWriter().info("testDescribeClientWithServers getHeader numCqs =" + numCqs);
 
       assertTrue(minConn.contains("1"));
       assertTrue(maxConn.contains("-1"));
-      assertTrue(redudancy.contains("1"));
+      assertTrue(redundancy.contains("1"));
       assertTrue(numCqs.contains("3"));
       String puts = section.retrieveString(CliStrings.DESCRIBE_CLIENT_COLUMN_PUTS);
       assertTrue(puts.equals("2"));
@@ -358,8 +371,7 @@ public class ClientCommandsDUnitTest extends CliCommandTestBase {
     getLogWriter().info("testDescribeClient commandStr=" + commandString);
 
     final VM server1 = Host.getHost(0).getVM(1);
-    String serverName =
-        (String) server1.invoke("get distributed member Id", () -> getDistributedMemberId());
+    String serverName = server1.invoke("get distributed member Id", this::getDistributedMemberId);
 
     CommandResult commandResult = executeCommand(commandString);
     getLogWriter().info("testDescribeClient commandResult=" + commandResult);
@@ -371,17 +383,18 @@ public class ClientCommandsDUnitTest extends CliCommandTestBase {
     CompositeResultData resultData = (CompositeResultData) commandResult.getResultData();
     SectionResultData section = resultData.retrieveSection("InfoSection");
     assertNotNull(section);
-    TabularResultData tableRsultData = section.retrieveTable("Pool Stats For Pool Name = DEFAULT");
-    assertNotNull(tableRsultData);
+    TabularResultData tableResultData = section.retrieveTable("Pool Stats For Pool Name = DEFAULT");
+    assertNotNull(tableResultData);
 
-    List<String> minConn = tableRsultData.retrieveAllValues(CliStrings.DESCRIBE_CLIENT_MIN_CONN);
-    List<String> maxConn = tableRsultData.retrieveAllValues(CliStrings.DESCRIBE_CLIENT_MAX_CONN);
-    List<String> redudancy = tableRsultData.retrieveAllValues(CliStrings.DESCRIBE_CLIENT_REDUDANCY);
-    List<String> numCqs = tableRsultData.retrieveAllValues(CliStrings.DESCRIBE_CLIENT_CQs);
+    List<String> minConn = tableResultData.retrieveAllValues(CliStrings.DESCRIBE_CLIENT_MIN_CONN);
+    List<String> maxConn = tableResultData.retrieveAllValues(CliStrings.DESCRIBE_CLIENT_MAX_CONN);
+    List<String> redundancy =
+        tableResultData.retrieveAllValues(CliStrings.DESCRIBE_CLIENT_REDUNDANCY);
+    List<String> numCqs = tableResultData.retrieveAllValues(CliStrings.DESCRIBE_CLIENT_CQs);
 
     assertTrue(minConn.contains("1"));
     assertTrue(maxConn.contains("-1"));
-    assertTrue(redudancy.contains("1"));
+    assertTrue(redundancy.contains("1"));
     assertTrue(numCqs.contains("3"));
     String puts = section.retrieveString(CliStrings.DESCRIBE_CLIENT_COLUMN_PUTS);
     assertTrue(puts.equals("2"));
@@ -417,8 +430,7 @@ public class ClientCommandsDUnitTest extends CliCommandTestBase {
     getLogWriter().info("testDescribeClientWithServers commandStr=" + commandString);
 
     final VM server1 = Host.getHost(0).getVM(1);
-    String serverName =
-        (String) server1.invoke("get Distributed Member Id", () -> getDistributedMemberId());
+    String serverName = server1.invoke("get Distributed Member Id", this::getDistributedMemberId);
 
     CommandResult commandResult = executeCommand(commandString);
     getLogWriter().info("testDescribeClientWithServers commandResult=" + commandResult);
@@ -430,17 +442,18 @@ public class ClientCommandsDUnitTest extends CliCommandTestBase {
     CompositeResultData resultData = (CompositeResultData) commandResult.getResultData();
     SectionResultData section = resultData.retrieveSection("InfoSection");
     assertNotNull(section);
-    TabularResultData tableRsultData = section.retrieveTable("Pool Stats For Pool Name = DEFAULT");
-    assertNotNull(tableRsultData);
+    TabularResultData tableResultData = section.retrieveTable("Pool Stats For Pool Name = DEFAULT");
+    assertNotNull(tableResultData);
 
-    List<String> minConn = tableRsultData.retrieveAllValues(CliStrings.DESCRIBE_CLIENT_MIN_CONN);
-    List<String> maxConn = tableRsultData.retrieveAllValues(CliStrings.DESCRIBE_CLIENT_MAX_CONN);
-    List<String> redudancy = tableRsultData.retrieveAllValues(CliStrings.DESCRIBE_CLIENT_REDUDANCY);
-    List<String> numCqs = tableRsultData.retrieveAllValues(CliStrings.DESCRIBE_CLIENT_CQs);
+    List<String> minConn = tableResultData.retrieveAllValues(CliStrings.DESCRIBE_CLIENT_MIN_CONN);
+    List<String> maxConn = tableResultData.retrieveAllValues(CliStrings.DESCRIBE_CLIENT_MAX_CONN);
+    List<String> redundancy =
+        tableResultData.retrieveAllValues(CliStrings.DESCRIBE_CLIENT_REDUNDANCY);
+    List<String> numCqs = tableResultData.retrieveAllValues(CliStrings.DESCRIBE_CLIENT_CQs);
 
     assertTrue(minConn.contains("1"));
     assertTrue(maxConn.contains("-1"));
-    assertTrue(redudancy.contains("1"));
+    assertTrue(redundancy.contains("1"));
     assertTrue(numCqs.contains("3"));
     String puts = section.retrieveString(CliStrings.DESCRIBE_CLIENT_COLUMN_PUTS);
     assertTrue(puts.equals("2"));
@@ -483,7 +496,7 @@ public class ClientCommandsDUnitTest extends CliCommandTestBase {
 
     final DistributedMember serverMember = getMember(server1);
 
-    String[] clientIds = (String[]) manager.invoke("get client Ids", () -> {
+    String[] clientIds = manager.invoke("get client Ids", () -> {
       final SystemManagementService service =
           (SystemManagementService) ManagementService.getManagementService(getCache());
       final ObjectName cacheServerMBeanName = service.getCacheServerMBeanName(port0, serverMember);
@@ -491,8 +504,7 @@ public class ClientCommandsDUnitTest extends CliCommandTestBase {
       return bean.getClientIds();
     });
 
-    String serverName =
-        (String) server1.invoke("get distributed member Id", () -> getDistributedMemberId());
+    String serverName = server1.invoke("get distributed member Id", this::getDistributedMemberId);
 
     CommandResult commandResult = executeCommand(commandString);
     getLogWriter().info("testListClient commandResult=" + commandResult);
@@ -504,13 +516,13 @@ public class ClientCommandsDUnitTest extends CliCommandTestBase {
     CompositeResultData resultData = (CompositeResultData) commandResult.getResultData();
     SectionResultData section = resultData.retrieveSection("section1");
     assertNotNull(section);
-    TabularResultData tableRsultData = section.retrieveTable("TableForClientList");
-    assertNotNull(tableRsultData);
+    TabularResultData tableResultData = section.retrieveTable("TableForClientList");
+    assertNotNull(tableResultData);
 
     List<String> serverNames =
-        tableRsultData.retrieveAllValues(CliStrings.LIST_CLIENT_COLUMN_SERVERS);
+        tableResultData.retrieveAllValues(CliStrings.LIST_CLIENT_COLUMN_SERVERS);
     List<String> clientNames =
-        tableRsultData.retrieveAllValues(CliStrings.LIST_CLIENT_COLUMN_Clients);
+        tableResultData.retrieveAllValues(CliStrings.LIST_CLIENT_COLUMN_Clients);
 
     getLogWriter().info("testListClients serverNames : " + serverNames);
     getLogWriter().info("testListClients clientNames : " + clientNames);
@@ -543,7 +555,7 @@ public class ClientCommandsDUnitTest extends CliCommandTestBase {
 
     final DistributedMember serverMember = getMember(server1);
 
-    String[] clientIds = (String[]) manager.invoke("get client Ids", () -> {
+    String[] clientIds = manager.invoke("get client Ids", () -> {
       final SystemManagementService service =
           (SystemManagementService) ManagementService.getManagementService(getCache());
       final ObjectName cacheServerMBeanName = service.getCacheServerMBeanName(port0, serverMember);
@@ -551,11 +563,9 @@ public class ClientCommandsDUnitTest extends CliCommandTestBase {
       return bean.getClientIds();
     });
 
-    String serverName1 =
-        (String) server1.invoke("get distributed member Id", () -> getDistributedMemberId());
+    String serverName1 = server1.invoke("get distributed member Id", this::getDistributedMemberId);
 
-    String serverName2 =
-        (String) server2.invoke("get distributed member Id", () -> getDistributedMemberId());
+    String serverName2 = server2.invoke("get distributed member Id", this::getDistributedMemberId);
 
     CommandResult commandResult = executeCommand(commandString);
     System.out.println("testListClientForServers commandResult=" + commandResult);
@@ -567,13 +577,13 @@ public class ClientCommandsDUnitTest extends CliCommandTestBase {
     CompositeResultData resultData = (CompositeResultData) commandResult.getResultData();
     SectionResultData section = resultData.retrieveSection("section1");
     assertNotNull(section);
-    TabularResultData tableRsultData = section.retrieveTable("TableForClientList");
-    assertNotNull(tableRsultData);
+    TabularResultData tableResultData = section.retrieveTable("TableForClientList");
+    assertNotNull(tableResultData);
 
     List<String> serverNames =
-        tableRsultData.retrieveAllValues(CliStrings.LIST_CLIENT_COLUMN_SERVERS);
+        tableResultData.retrieveAllValues(CliStrings.LIST_CLIENT_COLUMN_SERVERS);
     List<String> clientNames =
-        tableRsultData.retrieveAllValues(CliStrings.LIST_CLIENT_COLUMN_Clients);
+        tableResultData.retrieveAllValues(CliStrings.LIST_CLIENT_COLUMN_Clients);
 
     serverName1 = serverName1.replace(":", "-");
     serverName2 = serverName2.replace(":", "-");
@@ -602,7 +612,7 @@ public class ClientCommandsDUnitTest extends CliCommandTestBase {
   }
 
   public DistributedMember getMember(final VM vm) {
-    return (DistributedMember) vm.invoke("Get Member",
+    return vm.invoke("Get Member",
         () -> GemFireCacheImpl.getInstance().getDistributedSystem().getDistributedMember());
   }
 
@@ -635,7 +645,7 @@ public class ClientCommandsDUnitTest extends CliCommandTestBase {
     setupCqsOnVM(client1);
     waitForMbean();
 
-    clientId = (String) manager.invoke("get client Id", () -> {
+    clientId = manager.invoke("get client Id", () -> {
       Cache cache = GemFireCacheImpl.getInstance();
       SystemManagementService service =
           (SystemManagementService) ManagementService.getExistingManagementService(cache);
@@ -664,7 +674,7 @@ public class ClientCommandsDUnitTest extends CliCommandTestBase {
 
     waitForMbean();
 
-    clientId = (String) manager.invoke("get client Id", () -> {
+    clientId = manager.invoke("get client Id", () -> {
       Cache cache = GemFireCacheImpl.getInstance();
       SystemManagementService service =
           (SystemManagementService) ManagementService.getExistingManagementService(cache);
@@ -692,7 +702,7 @@ public class ClientCommandsDUnitTest extends CliCommandTestBase {
     setupCqsOnVM(client1);
     waitForListClientMbean3();
 
-    clientId = (String) manager.invoke("get client Id", () -> {
+    clientId = manager.invoke("get client Id", () -> {
       Cache cache = GemFireCacheImpl.getInstance();
       SystemManagementService service =
           (SystemManagementService) ManagementService.getExistingManagementService(cache);
@@ -725,7 +735,7 @@ public class ClientCommandsDUnitTest extends CliCommandTestBase {
   }
 
   private int startCacheServer(VM server, final int port, final boolean createPR,
-      final String regionName) throws Exception {
+      final String regionName) {
 
     return server.invoke("setup CacheServer", () -> {
       getSystem(getServerProperties());
@@ -775,7 +785,7 @@ public class ClientCommandsDUnitTest extends CliCommandTestBase {
         ccf.setPoolSubscriptionRedundancy(1);
         ccf.setPoolMinConnections(1);
 
-        ClientCache clientCache = (ClientCache) getClientCache(ccf);
+        ClientCache clientCache = getClientCache(ccf);
         // Create region
         if (clientCache.getRegion(Region.SEPARATOR + regionName) == null
             && clientCache.getRegion(regionName) == null) {
@@ -813,9 +823,7 @@ public class ClientCommandsDUnitTest extends CliCommandTestBase {
 
   private void closeCacheServer(final VM vm) {
     vm.invoke("Stop client", () -> {
-      Iterator<CacheServer> it = CacheFactory.getAnyInstance().getCacheServers().iterator();
-      while (it.hasNext()) {
-        CacheServer cacheServer = it.next();
+      for (CacheServer cacheServer : CacheFactory.getAnyInstance().getCacheServers()) {
         cacheServer.stop();
       }
     });
@@ -841,35 +849,34 @@ public class ClientCommandsDUnitTest extends CliCommandTestBase {
     final DistributedMember serverMember = getMember(server1);
     assertNotNull(serverMember);
 
-    manager.invoke(() -> {
-      Awaitility.waitAtMost(5 * 60, TimeUnit.SECONDS).pollDelay(2, TimeUnit.SECONDS).until(() -> {
-        try {
-          final SystemManagementService service =
-              (SystemManagementService) ManagementService.getManagementService(getCache());
-          if (service == null) {
-            getLogWriter().info("waitForNonSubScribedClientMBean Still probing for service");
-            return false;
-          } else {
-            getLogWriter().info("waitForNonSubScribedClientMBean 1");
-            final ObjectName cacheServerMBeanName =
-                service.getCacheServerMBeanName(port0, serverMember);
-            getLogWriter().info(
-                "waitForNonSubScribedClientMBean 2 cacheServerMBeanName " + cacheServerMBeanName);
-            CacheServerMXBean bean =
-                service.getMBeanProxy(cacheServerMBeanName, CacheServerMXBean.class);
-            getLogWriter().info("waitForNonSubScribedClientMBean 2 bean " + bean);
-            if (bean.getClientIds().length > 0) {
-              return true;
+    manager.invoke(() -> Awaitility.waitAtMost(5 * 60, TimeUnit.SECONDS)
+        .pollDelay(2, TimeUnit.SECONDS).until(() -> {
+          try {
+            final SystemManagementService service =
+                (SystemManagementService) ManagementService.getManagementService(getCache());
+            if (service == null) {
+              getLogWriter().info("waitForNonSubScribedClientMBean Still probing for service");
+              return false;
+            } else {
+              getLogWriter().info("waitForNonSubScribedClientMBean 1");
+              final ObjectName cacheServerMBeanName =
+                  service.getCacheServerMBeanName(port0, serverMember);
+              getLogWriter().info(
+                  "waitForNonSubScribedClientMBean 2 cacheServerMBeanName " + cacheServerMBeanName);
+              CacheServerMXBean bean =
+                  service.getMBeanProxy(cacheServerMBeanName, CacheServerMXBean.class);
+              getLogWriter().info("waitForNonSubScribedClientMBean 2 bean " + bean);
+              if (bean.getClientIds().length > 0) {
+                return true;
+              }
             }
+          } catch (Exception e) {
+            LogWrapper.getInstance()
+                .warning("waitForNonSubScribedClientMBean Exception in waitForMbean ::: "
+                    + CliUtil.stackTraceAsString(e));
           }
-        } catch (Exception e) {
-          LogWrapper.getInstance()
-              .warning("waitForNonSubScribedClientMBean Exception in waitForMbean ::: "
-                  + CliUtil.stackTraceAsString(e));
-        }
-        return false;
-      });
-    });
+          return false;
+        }));
   }
 
   public void waitForMixedClients() {
@@ -881,34 +888,33 @@ public class ClientCommandsDUnitTest extends CliCommandTestBase {
 
     assertNotNull(serverMember);
 
-    manager.invoke(() -> {
-      Awaitility.waitAtMost(5 * 60, TimeUnit.SECONDS).pollDelay(2, TimeUnit.SECONDS).until(() -> {
-        try {
-          final SystemManagementService service =
-              (SystemManagementService) ManagementService.getManagementService(getCache());
-          if (service == null) {
-            getLogWriter().info("waitForMixedClients Still probing for service");
-            return false;
-          } else {
-            getLogWriter().info("waitForMixedClients 1");
-            final ObjectName cacheServerMBeanName =
-                service.getCacheServerMBeanName(port0, serverMember);
-            getLogWriter()
-                .info("waitForMixedClients 2 cacheServerMBeanName " + cacheServerMBeanName);
-            CacheServerMXBean bean =
-                service.getMBeanProxy(cacheServerMBeanName, CacheServerMXBean.class);
-            getLogWriter().info("waitForMixedClients 2 bean " + bean);
-            if (bean.getClientIds().length > 1) {
-              return true;
+    manager.invoke(() -> Awaitility.waitAtMost(5 * 60, TimeUnit.SECONDS)
+        .pollDelay(2, TimeUnit.SECONDS).until(() -> {
+          try {
+            final SystemManagementService service =
+                (SystemManagementService) ManagementService.getManagementService(getCache());
+            if (service == null) {
+              getLogWriter().info("waitForMixedClients Still probing for service");
+              return false;
+            } else {
+              getLogWriter().info("waitForMixedClients 1");
+              final ObjectName cacheServerMBeanName =
+                  service.getCacheServerMBeanName(port0, serverMember);
+              getLogWriter()
+                  .info("waitForMixedClients 2 cacheServerMBeanName " + cacheServerMBeanName);
+              CacheServerMXBean bean =
+                  service.getMBeanProxy(cacheServerMBeanName, CacheServerMXBean.class);
+              getLogWriter().info("waitForMixedClients 2 bean " + bean);
+              if (bean.getClientIds().length > 1) {
+                return true;
+              }
             }
+          } catch (Exception e) {
+            LogWrapper.getInstance().warning("waitForMixedClients Exception in waitForMbean ::: "
+                + CliUtil.stackTraceAsString(e));
           }
-        } catch (Exception e) {
-          LogWrapper.getInstance().warning(
-              "waitForMixedClients Exception in waitForMbean ::: " + CliUtil.stackTraceAsString(e));
-        }
-        return false;
-      });
-    });
+          return false;
+        }));
   }
 
   @Category(FlakyTest.class) // GEODE-910: random ports, HeadlessGfsh
@@ -934,16 +940,17 @@ public class ClientCommandsDUnitTest extends CliCommandTestBase {
     CompositeResultData resultData = (CompositeResultData) commandResult.getResultData();
     SectionResultData section = resultData.retrieveSection("InfoSection");
     assertNotNull(section);
-    TabularResultData tableRsultData = section.retrieveTable("Pool Stats For Pool Name = DEFAULT");
-    assertNotNull(tableRsultData);
+    TabularResultData tableResultData = section.retrieveTable("Pool Stats For Pool Name = DEFAULT");
+    assertNotNull(tableResultData);
 
-    List<String> minConn = tableRsultData.retrieveAllValues(CliStrings.DESCRIBE_CLIENT_MIN_CONN);
-    List<String> maxConn = tableRsultData.retrieveAllValues(CliStrings.DESCRIBE_CLIENT_MAX_CONN);
-    List<String> redudancy = tableRsultData.retrieveAllValues(CliStrings.DESCRIBE_CLIENT_REDUDANCY);
+    List<String> minConn = tableResultData.retrieveAllValues(CliStrings.DESCRIBE_CLIENT_MIN_CONN);
+    List<String> maxConn = tableResultData.retrieveAllValues(CliStrings.DESCRIBE_CLIENT_MAX_CONN);
+    List<String> redundancy =
+        tableResultData.retrieveAllValues(CliStrings.DESCRIBE_CLIENT_REDUNDANCY);
 
     assertTrue(minConn.contains("1"));
     assertTrue(maxConn.contains("-1"));
-    assertTrue(redudancy.contains("1"));
+    assertTrue(redundancy.contains("1"));
 
     String puts = section.retrieveString(CliStrings.DESCRIBE_CLIENT_COLUMN_PUTS);
     assertTrue(puts.equals("2"));
@@ -980,8 +987,7 @@ public class ClientCommandsDUnitTest extends CliCommandTestBase {
     String[] clientIds = setupSystemWithSubAndNonSubClient();
 
     final VM server1 = Host.getHost(0).getVM(1);
-    String serverName =
-        (String) server1.invoke("Get DistributedMember Id", () -> getDistributedMemberId());
+    String serverName = server1.invoke("Get DistributedMember Id", this::getDistributedMemberId);
 
     String commandString = CliStrings.DESCRIBE_CLIENT + " --" + CliStrings.DESCRIBE_CLIENT__ID
         + "=\"" + clientIds[0] + "\"";
@@ -1018,12 +1024,12 @@ public class ClientCommandsDUnitTest extends CliCommandTestBase {
 
     List<String> minConn = tableResultData.retrieveAllValues(CliStrings.DESCRIBE_CLIENT_MIN_CONN);
     List<String> maxConn = tableResultData.retrieveAllValues(CliStrings.DESCRIBE_CLIENT_MAX_CONN);
-    List<String> redudancy =
-        tableResultData.retrieveAllValues(CliStrings.DESCRIBE_CLIENT_REDUDANCY);
+    List<String> redundancy =
+        tableResultData.retrieveAllValues(CliStrings.DESCRIBE_CLIENT_REDUNDANCY);
 
     assertTrue(minConn.contains("1"));
     assertTrue(maxConn.contains("-1"));
-    assertTrue(redudancy.contains("1"));
+    assertTrue(redundancy.contains("1"));
 
     String puts = section.retrieveString(CliStrings.DESCRIBE_CLIENT_COLUMN_PUTS);
     assertTrue(puts.equals("2"));
@@ -1098,7 +1104,7 @@ public class ClientCommandsDUnitTest extends CliCommandTestBase {
 
     waitForMixedClients();
 
-    String[] cliendIds = (String[]) manager.invoke("get client Ids", () -> {
+    String[] clientIds = manager.invoke("get client Ids", () -> {
       Cache cache = GemFireCacheImpl.getInstance();
       SystemManagementService service =
           (SystemManagementService) ManagementService.getExistingManagementService(cache);
@@ -1108,7 +1114,7 @@ public class ClientCommandsDUnitTest extends CliCommandTestBase {
       return bean.getClientIds();
     });
 
-    return cliendIds;
+    return clientIds;
   }
 
   private void startNonSubscribedClient(VM client, final VM server, final int port) {
@@ -1132,7 +1138,7 @@ public class ClientCommandsDUnitTest extends CliCommandTestBase {
         ccf.setPoolSubscriptionRedundancy(1);
         ccf.setPoolMinConnections(1);
 
-        ClientCache clientCache = (ClientCache) getClientCache(ccf);
+        ClientCache clientCache = getClientCache(ccf);
         // Create region
         if (clientCache.getRegion(Region.SEPARATOR + regionName) == null
             && clientCache.getRegion(regionName) == null) {
@@ -1165,9 +1171,9 @@ public class ClientCommandsDUnitTest extends CliCommandTestBase {
 
   @Override
   public final void postTearDownCacheTestCase() throws Exception {
-    Host.getHost(0).getVM(0).invoke(() -> CacheServerTestUtil.closeCache());
-    Host.getHost(0).getVM(1).invoke(() -> CacheServerTestUtil.closeCache());
-    Host.getHost(0).getVM(2).invoke(() -> CacheServerTestUtil.closeCache());
-    Host.getHost(0).getVM(3).invoke(() -> CacheServerTestUtil.closeCache());
+    Host.getHost(0).getVM(0).invoke((SerializableRunnableIF) CacheServerTestUtil::closeCache);
+    Host.getHost(0).getVM(1).invoke((SerializableRunnableIF) CacheServerTestUtil::closeCache);
+    Host.getHost(0).getVM(2).invoke((SerializableRunnableIF) CacheServerTestUtil::closeCache);
+    Host.getHost(0).getVM(3).invoke((SerializableRunnableIF) CacheServerTestUtil::closeCache);
   }
 }

http://git-wip-us.apache.org/repos/asf/geode/blob/451d12e8/geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/cli/LuceneIndexCommands.java
----------------------------------------------------------------------
diff --git a/geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/cli/LuceneIndexCommands.java b/geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/cli/LuceneIndexCommands.java
index 00440e5..6ddacf1 100755
--- a/geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/cli/LuceneIndexCommands.java
+++ b/geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/cli/LuceneIndexCommands.java
@@ -14,7 +14,21 @@
  */
 package org.apache.geode.cache.lucene.internal.cli;
 
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.HashSet;
+import java.util.LinkedHashSet;
+import java.util.List;
+import java.util.Objects;
+import java.util.Set;
+import java.util.stream.Collectors;
+
 import org.apache.commons.lang.StringUtils;
+import org.springframework.shell.core.annotation.CliAvailabilityIndicator;
+import org.springframework.shell.core.annotation.CliCommand;
+import org.springframework.shell.core.annotation.CliOption;
+
 import org.apache.geode.SystemFailure;
 import org.apache.geode.cache.Region;
 import org.apache.geode.cache.execute.Execution;
@@ -44,19 +58,10 @@ import org.apache.geode.management.internal.cli.result.TabularResultData;
 import org.apache.geode.management.internal.cli.shell.Gfsh;
 import org.apache.geode.management.internal.configuration.domain.XmlEntity;
 import org.apache.geode.management.internal.security.ResourceOperation;
+import org.apache.geode.security.GemFireSecurityException;
 import org.apache.geode.security.ResourcePermission.Operation;
 import org.apache.geode.security.ResourcePermission.Resource;
-import org.springframework.shell.core.annotation.CliAvailabilityIndicator;
-import org.springframework.shell.core.annotation.CliCommand;
-import org.springframework.shell.core.annotation.CliOption;
-
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.HashSet;
-import java.util.LinkedHashSet;
-import java.util.List;
-import java.util.Set;
-import java.util.stream.Collectors;
+import org.apache.geode.security.ResourcePermission.Target;
 
 /**
  * The LuceneIndexCommands class encapsulates all Geode shell (Gfsh) commands related to Lucene
@@ -81,7 +86,7 @@ public class LuceneIndexCommands implements GfshCommand {
   @CliCommand(value = LuceneCliStrings.LUCENE_LIST_INDEX,
       help = LuceneCliStrings.LUCENE_LIST_INDEX__HELP)
   @CliMetaData(relatedTopic = {CliStrings.TOPIC_GEODE_REGION, CliStrings.TOPIC_GEODE_DATA})
-  @ResourceOperation(resource = Resource.CLUSTER, operation = Operation.READ)
+  @ResourceOperation(resource = Resource.CLUSTER, operation = Operation.READ, target = Target.QUERY)
   public Result listIndex(@CliOption(key = LuceneCliStrings.LUCENE_LIST_INDEX__STATS,
       specifiedDefaultValue = "true", unspecifiedDefaultValue = "false",
       help = LuceneCliStrings.LUCENE_LIST_INDEX__STATS__HELP) final boolean stats) {
@@ -116,7 +121,7 @@ public class LuceneIndexCommands implements GfshCommand {
         (List<Set<LuceneIndexDetails>>) resultsCollector.getResult();
 
     List<LuceneIndexDetails> sortedResults =
-        results.stream().flatMap(set -> set.stream()).sorted().collect(Collectors.toList());
+        results.stream().flatMap(Collection::stream).sorted().collect(Collectors.toList());
     LinkedHashSet<LuceneIndexDetails> uniqResults = new LinkedHashSet<>();
     uniqResults.addAll(sortedResults);
     sortedResults.clear();
@@ -158,10 +163,15 @@ public class LuceneIndexCommands implements GfshCommand {
     }
   }
 
+  /**
+   * On the server, we also verify the resource operation permissions CLUSTER:WRITE:DISK
+   */
   @CliCommand(value = LuceneCliStrings.LUCENE_CREATE_INDEX,
       help = LuceneCliStrings.LUCENE_CREATE_INDEX__HELP)
   @CliMetaData(relatedTopic = {CliStrings.TOPIC_GEODE_REGION, CliStrings.TOPIC_GEODE_DATA})
   // TODO : Add optionContext for indexName
+  @ResourceOperation(resource = Resource.CLUSTER, operation = Operation.MANAGE,
+      target = Target.QUERY)
   public Result createIndex(@CliOption(key = LuceneCliStrings.LUCENE__INDEX_NAME, mandatory = true,
       help = LuceneCliStrings.LUCENE_CREATE_INDEX__NAME__HELP) final String indexName,
 
@@ -178,12 +188,10 @@ public class LuceneIndexCommands implements GfshCommand {
     Result result;
     XmlEntity xmlEntity = null;
 
-    getCache().getSecurityService().authorizeRegionManage(regionPath);
     try {
       final InternalCache cache = getCache();
       // trim fields for any leading trailing spaces.
-      String[] trimmedFields =
-          Arrays.stream(fields).map(field -> field.trim()).toArray(size -> new String[size]);
+      String[] trimmedFields = Arrays.stream(fields).map(String::trim).toArray(String[]::new);
       LuceneIndexInfo indexInfo =
           new LuceneIndexInfo(indexName, regionPath, trimmedFields, analyzers);
       final ResultCollector<?, ?> rc =
@@ -224,7 +232,7 @@ public class LuceneIndexCommands implements GfshCommand {
   @CliCommand(value = LuceneCliStrings.LUCENE_DESCRIBE_INDEX,
       help = LuceneCliStrings.LUCENE_DESCRIBE_INDEX__HELP)
   @CliMetaData(relatedTopic = {CliStrings.TOPIC_GEODE_REGION, CliStrings.TOPIC_GEODE_DATA})
-  @ResourceOperation(resource = Resource.CLUSTER, operation = Operation.READ)
+  @ResourceOperation(resource = Resource.CLUSTER, operation = Operation.READ, target = Target.QUERY)
   public Result describeIndex(
       @CliOption(key = LuceneCliStrings.LUCENE__INDEX_NAME, mandatory = true,
           help = LuceneCliStrings.LUCENE_DESCRIBE_INDEX__NAME__HELP) final String indexName,
@@ -256,14 +264,15 @@ public class LuceneIndexCommands implements GfshCommand {
     final ResultCollector<?, ?> rc =
         executeFunctionOnRegion(describeIndexFunction, indexInfo, true);
     final List<LuceneIndexDetails> funcResults = (List<LuceneIndexDetails>) rc.getResult();
-    return funcResults.stream().filter(indexDetails -> indexDetails != null)
-        .collect(Collectors.toList());
+    return funcResults.stream().filter(Objects::nonNull).collect(Collectors.toList());
   }
 
+  /**
+   * Internally, we verify the resource operation permissions DATA:READ:[RegionName]
+   */
   @CliCommand(value = LuceneCliStrings.LUCENE_SEARCH_INDEX,
       help = LuceneCliStrings.LUCENE_SEARCH_INDEX__HELP)
   @CliMetaData(relatedTopic = {CliStrings.TOPIC_GEODE_REGION, CliStrings.TOPIC_GEODE_DATA})
-  @ResourceOperation(resource = Resource.DATA, operation = Operation.WRITE)
   public Result searchIndex(@CliOption(key = LuceneCliStrings.LUCENE__INDEX_NAME, mandatory = true,
       help = LuceneCliStrings.LUCENE_SEARCH_INDEX__NAME__HELP) final String indexName,
 
@@ -284,6 +293,7 @@ public class LuceneIndexCommands implements GfshCommand {
           unspecifiedDefaultValue = "false",
           help = LuceneCliStrings.LUCENE_SEARCH_INDEX__KEYSONLY__HELP) boolean keysOnly) {
     try {
+      getSecurityService().authorizeRegionRead(regionPath);
       LuceneQueryInfo queryInfo =
           new LuceneQueryInfo(indexName, regionPath, queryString, defaultField, limit, keysOnly);
       int pageSize = Integer.MAX_VALUE;
@@ -297,6 +307,8 @@ public class LuceneIndexCommands implements GfshCommand {
       throw e;
     } catch (IllegalArgumentException e) {
       return ResultBuilder.createInfoResult(e.getMessage());
+    } catch (GemFireSecurityException e) {
+      throw e;
     } catch (Throwable t) {
       SystemFailure.checkFailure();
       getCache().getLogger().info(t);
@@ -308,6 +320,8 @@ public class LuceneIndexCommands implements GfshCommand {
   @CliCommand(value = LuceneCliStrings.LUCENE_DESTROY_INDEX,
       help = LuceneCliStrings.LUCENE_DESTROY_INDEX__HELP)
   @CliMetaData(relatedTopic = {CliStrings.TOPIC_GEODE_REGION, CliStrings.TOPIC_GEODE_DATA})
+  @ResourceOperation(resource = Resource.CLUSTER, operation = Operation.MANAGE,
+      target = Target.QUERY)
   public Result destroyIndex(@CliOption(key = LuceneCliStrings.LUCENE__INDEX_NAME,
       help = LuceneCliStrings.LUCENE_DESTROY_INDEX__NAME__HELP) final String indexName,
 
@@ -324,8 +338,6 @@ public class LuceneIndexCommands implements GfshCommand {
           CliStrings.format(LuceneCliStrings.LUCENE_DESTROY_INDEX__MSG__INDEX_CANNOT_BE_EMPTY));
     }
 
-    getCache().getSecurityService().authorizeRegionManage(regionPath);
-
     Result result;
     try {
       List<CliFunctionResult> accumulatedResults = new ArrayList<>();
@@ -528,7 +540,7 @@ public class LuceneIndexCommands implements GfshCommand {
     final List<Set<LuceneSearchResults>> functionResults =
         (List<Set<LuceneSearchResults>>) rc.getResult();
 
-    return functionResults.stream().flatMap(set -> set.stream()).sorted()
+    return functionResults.stream().flatMap(Collection::stream).sorted()
         .collect(Collectors.toList());
   }
 

http://git-wip-us.apache.org/repos/asf/geode/blob/451d12e8/geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/cli/LuceneIndexInfo.java
----------------------------------------------------------------------
diff --git a/geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/cli/LuceneIndexInfo.java b/geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/cli/LuceneIndexInfo.java
index 41b066e..ad59f0f 100644
--- a/geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/cli/LuceneIndexInfo.java
+++ b/geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/cli/LuceneIndexInfo.java
@@ -14,16 +14,6 @@
  */
 package org.apache.geode.cache.lucene.internal.cli;
 
-import java.io.Serializable;
-import java.util.Arrays;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.Map.Entry;
-import org.apache.geode.cache.lucene.internal.LuceneIndexImpl;
-
-import org.apache.lucene.analysis.Analyzer;
-
 public class LuceneIndexInfo extends LuceneFunctionSerializable {
   private static final long serialVersionUID = 1L;
 

http://git-wip-us.apache.org/repos/asf/geode/blob/451d12e8/geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/cli/functions/LuceneCreateIndexFunction.java
----------------------------------------------------------------------
diff --git a/geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/cli/functions/LuceneCreateIndexFunction.java b/geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/cli/functions/LuceneCreateIndexFunction.java
index 5e36efa..2d3f8d2 100644
--- a/geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/cli/functions/LuceneCreateIndexFunction.java
+++ b/geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/cli/functions/LuceneCreateIndexFunction.java
@@ -19,6 +19,9 @@ import static org.apache.geode.cache.lucene.internal.LuceneServiceImpl.validateC
 import static org.apache.geode.cache.lucene.internal.LuceneServiceImpl.validateCommandParameters.REGION_PATH;
 
 import org.apache.commons.lang.StringUtils;
+import org.apache.lucene.analysis.Analyzer;
+import org.apache.lucene.analysis.standard.StandardAnalyzer;
+
 import org.apache.geode.cache.Cache;
 import org.apache.geode.cache.CacheFactory;
 import org.apache.geode.cache.execute.FunctionAdapter;
@@ -30,12 +33,14 @@ import org.apache.geode.cache.lucene.internal.cli.LuceneCliStrings;
 import org.apache.geode.cache.lucene.internal.cli.LuceneIndexDetails;
 import org.apache.geode.cache.lucene.internal.cli.LuceneIndexInfo;
 import org.apache.geode.internal.InternalEntity;
+import org.apache.geode.internal.cache.InternalCache;
 import org.apache.geode.management.internal.cli.CliUtil;
 import org.apache.geode.management.internal.cli.functions.CliFunctionResult;
 import org.apache.geode.management.internal.cli.i18n.CliStrings;
 import org.apache.geode.management.internal.configuration.domain.XmlEntity;
-import org.apache.lucene.analysis.Analyzer;
-import org.apache.lucene.analysis.standard.StandardAnalyzer;
+import org.apache.geode.security.ResourcePermission.Operation;
+import org.apache.geode.security.ResourcePermission.Resource;
+import org.apache.geode.security.ResourcePermission.Target;
 
 
 /**
@@ -88,6 +93,11 @@ public class LuceneCreateIndexFunction extends FunctionAdapter implements Intern
       }
 
       REGION_PATH.validateName(indexInfo.getRegionPath());
+
+      // Every lucene index potentially writes to disk.
+      ((InternalCache) cache).getSecurityService().authorize(Resource.CLUSTER, Operation.WRITE,
+          Target.DISK);
+
       indexFactory.create(indexInfo.getIndexName(), indexInfo.getRegionPath());
 
       // TODO - update cluster configuration by returning a valid XmlEntity

http://git-wip-us.apache.org/repos/asf/geode/blob/451d12e8/geode-lucene/src/test/java/org/apache/geode/cache/lucene/LuceneCommandsSecurityDUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-lucene/src/test/java/org/apache/geode/cache/lucene/LuceneCommandsSecurityDUnitTest.java b/geode-lucene/src/test/java/org/apache/geode/cache/lucene/LuceneCommandsSecurityDUnitTest.java
index 423fc59..7cc6709 100644
--- a/geode-lucene/src/test/java/org/apache/geode/cache/lucene/LuceneCommandsSecurityDUnitTest.java
+++ b/geode-lucene/src/test/java/org/apache/geode/cache/lucene/LuceneCommandsSecurityDUnitTest.java
@@ -20,6 +20,17 @@ import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANA
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertTrue;
 
+import java.io.Serializable;
+import java.util.Properties;
+
+import junitparams.JUnitParamsRunner;
+import junitparams.Parameters;
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+import org.junit.runner.RunWith;
+
 import org.apache.geode.cache.RegionShortcut;
 import org.apache.geode.cache.lucene.internal.cli.LuceneCliStrings;
 import org.apache.geode.management.cli.Result;
@@ -34,16 +45,6 @@ import org.apache.geode.test.dunit.rules.LocatorServerStartupRule;
 import org.apache.geode.test.dunit.rules.MemberVM;
 import org.apache.geode.test.junit.categories.DistributedTest;
 import org.apache.geode.test.junit.categories.SecurityTest;
-import org.junit.Before;
-import org.junit.Rule;
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-import org.junit.runner.RunWith;
-
-import java.io.Serializable;
-import java.util.Properties;
-import junitparams.JUnitParamsRunner;
-import junitparams.Parameters;
 
 @Category({DistributedTest.class, SecurityTest.class})
 @RunWith(JUnitParamsRunner.class)
@@ -57,25 +58,26 @@ public class LuceneCommandsSecurityDUnitTest {
 
   private MemberVM locator;
 
-  private MemberVM server;
-
   @Before
   public void before() throws Exception {
-    startLocator();
-    startServer();
-  }
-
-  private void startLocator() throws Exception {
+    // start the locator
     Properties props = new Properties();
     props.setProperty(SECURITY_MANAGER, SimpleTestSecurityManager.class.getName());
     this.locator = this.locatorServer.startLocatorVM(0, props);
+
+    // start the server
+    props = new Properties();
+    props.setProperty("security-username", "clusterManage");
+    props.setProperty("security-password", "clusterManage");
+    this.locatorServer.startServerVM(1, props, this.locator.getPort());
   }
 
-  private void startServer() throws Exception {
-    Properties props = new Properties();
-    props.setProperty("security-username", "clustermanage");
-    props.setProperty("security-password", "clustermanage");
-    this.server = this.locatorServer.startServerVM(1, props, this.locator.getPort());
+  protected UserNameAndExpectedResponse[] getCreateIndexUserNameAndExpectedResponses() {
+    return new UserNameAndExpectedResponse[] {
+        new UserNameAndExpectedResponse("noPermissions", true,
+            "Unauthorized. Reason : noPermissions not authorized for CLUSTER:MANAGE:QUERY"),
+        new UserNameAndExpectedResponse("clusterManageQuery", false,
+            "Successfully created lucene index")};
   }
 
   @Test
@@ -92,6 +94,13 @@ public class LuceneCommandsSecurityDUnitTest {
     verifyResult(user, result);
   }
 
+  protected UserNameAndExpectedResponse[] getSearchIndexUserNameAndExpectedResponses() {
+    return new UserNameAndExpectedResponse[] {
+        new UserNameAndExpectedResponse("noPermissions", true,
+            "Unauthorized. Reason : noPermissions not authorized for DATA:READ:region"),
+        new UserNameAndExpectedResponse("dataRead", false, "No results")};
+  }
+
   @Test
   @Parameters(method = "getSearchIndexUserNameAndExpectedResponses")
   public void verifySearchIndexPermissions(UserNameAndExpectedResponse user) throws Exception {
@@ -109,6 +118,13 @@ public class LuceneCommandsSecurityDUnitTest {
     verifyResult(user, result);
   }
 
+  protected UserNameAndExpectedResponse[] getListIndexesUserNameAndExpectedResponses() {
+    return new UserNameAndExpectedResponse[] {
+        new UserNameAndExpectedResponse("noPermissions", true,
+            "Unauthorized. Reason : noPermissions not authorized for CLUSTER:READ:QUERY"),
+        new UserNameAndExpectedResponse("clusterReadQuery", false, "Index Name")};
+  }
+
   @Test
   @Parameters(method = "getListIndexesUserNameAndExpectedResponses")
   public void verifyListIndexesPermissions(UserNameAndExpectedResponse user) throws Exception {
@@ -126,6 +142,13 @@ public class LuceneCommandsSecurityDUnitTest {
     verifyResult(user, result);
   }
 
+  protected UserNameAndExpectedResponse[] getDescribeIndexUserNameAndExpectedResponses() {
+    return new UserNameAndExpectedResponse[] {
+        new UserNameAndExpectedResponse("noPermissions", true,
+            "Unauthorized. Reason : noPermissions not authorized for CLUSTER:READ:QUERY"),
+        new UserNameAndExpectedResponse("clusterReadQuery", false, "Index Name")};
+  }
+
   @Test
   @Parameters(method = "getDescribeIndexUserNameAndExpectedResponses")
   public void verifyDescribeIndexPermissions(UserNameAndExpectedResponse user) throws Exception {
@@ -143,6 +166,14 @@ public class LuceneCommandsSecurityDUnitTest {
     verifyResult(user, result);
   }
 
+  protected UserNameAndExpectedResponse[] getDestroyIndexUserNameAndExpectedResponses() {
+    return new UserNameAndExpectedResponse[] {
+        new UserNameAndExpectedResponse("noPermissions", true,
+            "Unauthorized. Reason : noPermissions not authorized for CLUSTER:MANAGE:QUERY"),
+        new UserNameAndExpectedResponse("clusterManageQuery", false,
+            "Successfully destroyed lucene index")};
+  }
+
   @Test
   @Parameters(method = "getDestroyIndexUserNameAndExpectedResponses")
   public void verifyDestroyIndexPermissions(UserNameAndExpectedResponse user) throws Exception {
@@ -163,7 +194,7 @@ public class LuceneCommandsSecurityDUnitTest {
   private void createIndexAndRegion() throws Exception {
     // Connect gfsh to locator with permissions necessary to create an index and region
     this.gfshShell.secureConnectAndVerify(this.locator.getPort(),
-        GfshShellConnectionRule.PortType.locator, "datamanage", "datamanage");
+        GfshShellConnectionRule.PortType.locator, "cluster,data", "cluster,data");
 
     // Create lucene index
     this.gfshShell.executeAndVerifyCommand(getCreateIndexCommand());
@@ -186,7 +217,7 @@ public class LuceneCommandsSecurityDUnitTest {
     assertTrue(this.gfshShell.getGfshOutput().contains(user.getExpectedResponse()));
   }
 
-  private String getCreateIndexCommand() throws Exception {
+  private String getCreateIndexCommand() {
     CommandStringBuilder csb = new CommandStringBuilder(LuceneCliStrings.LUCENE_CREATE_INDEX);
     csb.addOption(LuceneCliStrings.LUCENE__INDEX_NAME, INDEX_NAME);
     csb.addOption(LuceneCliStrings.LUCENE__REGION_PATH, REGION_NAME);
@@ -194,7 +225,7 @@ public class LuceneCommandsSecurityDUnitTest {
     return csb.toString();
   }
 
-  private String getCreateRegionCommand() throws Exception {
+  private String getCreateRegionCommand() {
     CommandStringBuilder csb = new CommandStringBuilder(CliStrings.CREATE_REGION);
     csb.addOption(CliStrings.CREATE_REGION__REGION, REGION_NAME);
     csb.addOption(CliStrings.CREATE_REGION__REGIONSHORTCUT,
@@ -202,7 +233,7 @@ public class LuceneCommandsSecurityDUnitTest {
     return csb.toString();
   }
 
-  private String getSearchIndexCommand() throws Exception {
+  private String getSearchIndexCommand() {
     CommandStringBuilder csb = new CommandStringBuilder(LuceneCliStrings.LUCENE_SEARCH_INDEX);
     csb.addOption(LuceneCliStrings.LUCENE__INDEX_NAME, INDEX_NAME);
     csb.addOption(LuceneCliStrings.LUCENE__REGION_PATH, REGION_NAME);
@@ -211,62 +242,25 @@ public class LuceneCommandsSecurityDUnitTest {
     return csb.toString();
   }
 
-  private String getListIndexesCommand() throws Exception {
+  private String getListIndexesCommand() {
     CommandStringBuilder csb = new CommandStringBuilder(LuceneCliStrings.LUCENE_LIST_INDEX);
     return csb.toString();
   }
 
-  private String getDescribeIndexCommand() throws Exception {
+  private String getDescribeIndexCommand() {
     CommandStringBuilder csb = new CommandStringBuilder(LuceneCliStrings.LUCENE_DESCRIBE_INDEX);
     csb.addOption(LuceneCliStrings.LUCENE__INDEX_NAME, INDEX_NAME);
     csb.addOption(LuceneCliStrings.LUCENE__REGION_PATH, REGION_NAME);
     return csb.toString();
   }
 
-  private String getDestroyIndexCommand() throws Exception {
+  private String getDestroyIndexCommand() {
     CommandStringBuilder csb = new CommandStringBuilder(LuceneCliStrings.LUCENE_DESTROY_INDEX);
     csb.addOption(LuceneCliStrings.LUCENE__INDEX_NAME, INDEX_NAME);
     csb.addOption(LuceneCliStrings.LUCENE__REGION_PATH, REGION_NAME);
     return csb.toString();
   }
 
-  protected UserNameAndExpectedResponse[] getCreateIndexUserNameAndExpectedResponses() {
-    return new UserNameAndExpectedResponse[] {
-        new UserNameAndExpectedResponse("nopermissions", true,
-            "Unauthorized. Reason : nopermissions not authorized for DATA:MANAGE:region"),
-        new UserNameAndExpectedResponse("datamanageregion", false,
-            "Successfully created lucene index")};
-  }
-
-  protected UserNameAndExpectedResponse[] getSearchIndexUserNameAndExpectedResponses() {
-    return new UserNameAndExpectedResponse[] {
-        new UserNameAndExpectedResponse("nopermissions", true,
-            "Unauthorized. Reason : nopermissions not authorized for DATA:WRITE"),
-        new UserNameAndExpectedResponse("datawrite", false, "No results")};
-  }
-
-  protected UserNameAndExpectedResponse[] getListIndexesUserNameAndExpectedResponses() {
-    return new UserNameAndExpectedResponse[] {
-        new UserNameAndExpectedResponse("nopermissions", true,
-            "Unauthorized. Reason : nopermissions not authorized for CLUSTER:READ"),
-        new UserNameAndExpectedResponse("clusterread", false, "Index Name")};
-  }
-
-  protected UserNameAndExpectedResponse[] getDescribeIndexUserNameAndExpectedResponses() {
-    return new UserNameAndExpectedResponse[] {
-        new UserNameAndExpectedResponse("nopermissions", true,
-            "Unauthorized. Reason : nopermissions not authorized for CLUSTER:READ"),
-        new UserNameAndExpectedResponse("clusterread", false, "Index Name")};
-  }
-
-  protected UserNameAndExpectedResponse[] getDestroyIndexUserNameAndExpectedResponses() {
-    return new UserNameAndExpectedResponse[] {
-        new UserNameAndExpectedResponse("nopermissions", true,
-            "Unauthorized. Reason : nopermissions not authorized for DATA:MANAGE:region"),
-        new UserNameAndExpectedResponse("datamanageregion", false,
-            "Successfully destroyed lucene index")};
-  }
-
   public static class UserNameAndExpectedResponse implements Serializable {
 
     private final String userName;

http://git-wip-us.apache.org/repos/asf/geode/blob/451d12e8/geode-web/src/test/java/org/apache/geode/management/internal/security/GfshCommandsOverHttpSecurityTest.java
----------------------------------------------------------------------
diff --git a/geode-web/src/test/java/org/apache/geode/management/internal/security/GfshCommandsOverHttpSecurityTest.java b/geode-web/src/test/java/org/apache/geode/management/internal/security/GfshCommandsOverHttpSecurityTest.java
index 25068bc..0410e7f 100644
--- a/geode-web/src/test/java/org/apache/geode/management/internal/security/GfshCommandsOverHttpSecurityTest.java
+++ b/geode-web/src/test/java/org/apache/geode/management/internal/security/GfshCommandsOverHttpSecurityTest.java
@@ -15,11 +15,11 @@
 
 package org.apache.geode.management.internal.security;
 
+import org.junit.experimental.categories.Category;
+
 import org.apache.geode.test.dunit.rules.GfshShellConnectionRule;
 import org.apache.geode.test.junit.categories.IntegrationTest;
-
 import org.apache.geode.test.junit.categories.SecurityTest;
-import org.junit.experimental.categories.Category;
 
 @Category({IntegrationTest.class, SecurityTest.class})
 public class GfshCommandsOverHttpSecurityTest extends GfshCommandsSecurityTest {


Mime
View raw message