geode-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kl...@apache.org
Subject [1/2] geode git commit: New SecurityService unit tests and refactoring to support it
Date Thu, 08 Jun 2017 23:50:23 GMT
Repository: geode
Updated Branches:
  refs/heads/feature/GEODE-2632-21 028b37547 -> 7efe37d0e


New SecurityService unit tests and refactoring to support it


Project: http://git-wip-us.apache.org/repos/asf/geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/geode/commit/0360b0f8
Tree: http://git-wip-us.apache.org/repos/asf/geode/tree/0360b0f8
Diff: http://git-wip-us.apache.org/repos/asf/geode/diff/0360b0f8

Branch: refs/heads/feature/GEODE-2632-21
Commit: 0360b0f8629743bc1683c9d438dd9a394e8b0e5b
Parents: 028b375
Author: Kirk Lund <klund@apache.org>
Authored: Thu Jun 8 16:48:14 2017 -0700
Committer: Kirk Lund <klund@apache.org>
Committed: Thu Jun 8 16:48:14 2017 -0700

----------------------------------------------------------------------
 .../security/EnabledSecurityService.java        |  59 ++----
 .../security/SecurityServiceFactory.java        |   8 +-
 .../security/shiro/ConfigInitialization.java    |  45 -----
 .../security/shiro/ConfigInitializer.java       |  44 +++++
 .../security/shiro/JMXShiroAuthenticator.java   |   4 +-
 .../security/shiro/RealmInitializer.java        |  56 ++++++
 .../security/DisabledSecurityServiceTest.java   | 166 +++++++++++++++++
 .../security/EnabledSecurityServiceTest.java    | 186 +++++++++++++++++++
 .../shiro/ConfigInitializerIntegrationTest.java |  94 ++++++++++
 .../shiro/ConfigInitializerIntegrationTest.ini  |  30 +++
 10 files changed, 599 insertions(+), 93 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/geode/blob/0360b0f8/geode-core/src/main/java/org/apache/geode/internal/security/EnabledSecurityService.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/security/EnabledSecurityService.java
b/geode-core/src/main/java/org/apache/geode/internal/security/EnabledSecurityService.java
index 301c8bc..0881f91 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/security/EnabledSecurityService.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/security/EnabledSecurityService.java
@@ -14,32 +14,13 @@
  */
 package org.apache.geode.internal.security;
 
-import java.io.IOException;
-import java.io.Serializable;
-import java.security.AccessController;
-import java.util.Properties;
-import java.util.Set;
-import java.util.concurrent.Callable;
-
 import org.apache.commons.lang.SerializationException;
 import org.apache.commons.lang.StringUtils;
-import org.apache.logging.log4j.Logger;
-import org.apache.shiro.SecurityUtils;
-import org.apache.shiro.ShiroException;
-import org.apache.shiro.mgt.DefaultSecurityManager;
-import org.apache.shiro.realm.Realm;
-import org.apache.shiro.session.mgt.DefaultSessionManager;
-import org.apache.shiro.session.mgt.SessionManager;
-import org.apache.shiro.subject.Subject;
-import org.apache.shiro.subject.support.SubjectThreadState;
-import org.apache.shiro.util.ThreadContext;
-import org.apache.shiro.util.ThreadState;
-
 import org.apache.geode.GemFireIOException;
 import org.apache.geode.internal.cache.EntryEventImpl;
 import org.apache.geode.internal.logging.LogService;
-import org.apache.geode.internal.security.shiro.CustomAuthRealm;
 import org.apache.geode.internal.security.shiro.GeodeAuthenticationToken;
+import org.apache.geode.internal.security.shiro.RealmInitializer;
 import org.apache.geode.internal.security.shiro.ShiroPrincipal;
 import org.apache.geode.internal.util.BlobHelper;
 import org.apache.geode.management.internal.security.ResourceOperation;
@@ -51,6 +32,20 @@ import org.apache.geode.security.ResourcePermission;
 import org.apache.geode.security.ResourcePermission.Operation;
 import org.apache.geode.security.ResourcePermission.Resource;
 import org.apache.geode.security.SecurityManager;
+import org.apache.logging.log4j.Logger;
+import org.apache.shiro.SecurityUtils;
+import org.apache.shiro.ShiroException;
+import org.apache.shiro.subject.Subject;
+import org.apache.shiro.subject.support.SubjectThreadState;
+import org.apache.shiro.util.ThreadContext;
+import org.apache.shiro.util.ThreadState;
+
+import java.io.IOException;
+import java.io.Serializable;
+import java.security.AccessController;
+import java.util.Properties;
+import java.util.Set;
+import java.util.concurrent.Callable;
 
 /**
  * Security service with SecurityManager and an optional PostProcessor.
@@ -62,15 +57,10 @@ public class EnabledSecurityService implements SecurityService {
 
   private final PostProcessor postProcessor;
 
-  EnabledSecurityService(final SecurityManager securityManager, final PostProcessor postProcessor)
{
+  EnabledSecurityService(final SecurityManager securityManager, final PostProcessor postProcessor,
final RealmInitializer realmInitializer) {
     this.securityManager = securityManager;
     this.postProcessor = postProcessor;
-
-    // initialize Shiro
-    Realm realm = new CustomAuthRealm(securityManager);
-    DefaultSecurityManager shiroManager = new DefaultSecurityManager(realm);
-    SecurityUtils.setSecurityManager(shiroManager);
-    increaseShiroGlobalSessionTimeout(shiroManager);
+    realmInitializer.initialize(this.securityManager);
   }
 
   @Override
@@ -393,19 +383,4 @@ public class EnabledSecurityService implements SecurityService {
   public boolean isPeerSecurityRequired() {
     return true;
   }
-
-  private void increaseShiroGlobalSessionTimeout(final DefaultSecurityManager shiroManager)
{
-    SessionManager sessionManager = shiroManager.getSessionManager();
-    if (DefaultSessionManager.class.isInstance(sessionManager)) {
-      DefaultSessionManager defaultSessionManager = (DefaultSessionManager) sessionManager;
-      defaultSessionManager.setGlobalSessionTimeout(Long.MAX_VALUE);
-      long value = defaultSessionManager.getGlobalSessionTimeout();
-      if (value != Long.MAX_VALUE) {
-        logger.error("Unable to set Shiro Global Session Timeout. Current value is '{}'.",
value);
-      }
-    } else {
-      logger.error("Unable to set Shiro Global Session Timeout. Current SessionManager is
'{}'.",
-          sessionManager == null ? "null" : sessionManager.getClass());
-    }
-  }
 }

http://git-wip-us.apache.org/repos/asf/geode/blob/0360b0f8/geode-core/src/main/java/org/apache/geode/internal/security/SecurityServiceFactory.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/security/SecurityServiceFactory.java
b/geode-core/src/main/java/org/apache/geode/internal/security/SecurityServiceFactory.java
index dffe17c..02f34f1 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/security/SecurityServiceFactory.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/security/SecurityServiceFactory.java
@@ -25,7 +25,8 @@ import org.apache.geode.distributed.internal.DistributionConfig;
 import org.apache.geode.internal.cache.CacheConfig;
 import org.apache.geode.internal.cache.GemFireCacheImpl;
 import org.apache.geode.internal.cache.InternalCache;
-import org.apache.geode.internal.security.shiro.ConfigInitialization;
+import org.apache.geode.internal.security.shiro.ConfigInitializer;
+import org.apache.geode.internal.security.shiro.RealmInitializer;
 import org.apache.geode.security.PostProcessor;
 import org.apache.geode.security.SecurityManager;
 import org.apache.shiro.SecurityUtils;
@@ -76,12 +77,11 @@ public class SecurityServiceFactory {
       case CUSTOM:
         String shiroConfig = getProperty(securityConfig, SECURITY_SHIRO_INIT);
         if (isNotBlank(shiroConfig)) {
-          ConfigInitialization configInitialization = new ConfigInitialization(shiroConfig);
-          configInitialization.initialize();
+          new ConfigInitializer().initialize(shiroConfig);
         }
         return new CustomSecurityService(postProcessor);
       case ENABLED:
-        return new EnabledSecurityService(securityManager, postProcessor);
+        return new EnabledSecurityService(securityManager, postProcessor, new RealmInitializer());
       case LEGACY:
         String clientAuthenticator = getProperty(securityConfig, SECURITY_CLIENT_AUTHENTICATOR);
         String peerAuthenticator = getProperty(securityConfig, SECURITY_PEER_AUTHENTICATOR);

http://git-wip-us.apache.org/repos/asf/geode/blob/0360b0f8/geode-core/src/main/java/org/apache/geode/internal/security/shiro/ConfigInitialization.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/security/shiro/ConfigInitialization.java
b/geode-core/src/main/java/org/apache/geode/internal/security/shiro/ConfigInitialization.java
deleted file mode 100644
index 659e3a9..0000000
--- a/geode-core/src/main/java/org/apache/geode/internal/security/shiro/ConfigInitialization.java
+++ /dev/null
@@ -1,45 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
- * agreements. See the NOTICE file distributed with this work for additional information
regarding
- * copyright ownership. The ASF licenses this file to You under the Apache License, Version
2.0 (the
- * "License"); you may not use this file except in compliance with the License. You may obtain
a
- * copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software distributed under
the License
- * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
express
- * or implied. See the License for the specific language governing permissions and limitations
under
- * the License.
- */
-package org.apache.geode.internal.security.shiro;
-
-import org.apache.shiro.SecurityUtils;
-import org.apache.shiro.config.Ini.Section;
-import org.apache.shiro.config.IniSecurityManagerFactory;
-import org.apache.shiro.mgt.SecurityManager;
-
-public class ConfigInitialization {
-
-  private final String shiroConfig;
-
-  public ConfigInitialization(String shiroConfig) {
-    this.shiroConfig = shiroConfig;
-  }
-
-  public void initialize() {
-    IniSecurityManagerFactory factory =
-        new IniSecurityManagerFactory("classpath:" + this.shiroConfig);
-
-    // we will need to make sure that shiro uses a case sensitive permission resolver
-    Section main = factory.getIni().addSection("main");
-    main.put("geodePermissionResolver", GeodePermissionResolver.class.getName());
-    if (!main.containsKey("iniRealm.permissionResolver")) {
-      main.put("iniRealm.permissionResolver", "$geodePermissionResolver");
-    }
-
-    SecurityManager securityManager = factory.getInstance();
-    SecurityUtils.setSecurityManager(securityManager);
-  }
-
-}

http://git-wip-us.apache.org/repos/asf/geode/blob/0360b0f8/geode-core/src/main/java/org/apache/geode/internal/security/shiro/ConfigInitializer.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/security/shiro/ConfigInitializer.java
b/geode-core/src/main/java/org/apache/geode/internal/security/shiro/ConfigInitializer.java
new file mode 100644
index 0000000..036a51e
--- /dev/null
+++ b/geode-core/src/main/java/org/apache/geode/internal/security/shiro/ConfigInitializer.java
@@ -0,0 +1,44 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information
regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version
2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain
a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under
the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
express
+ * or implied. See the License for the specific language governing permissions and limitations
under
+ * the License.
+ */
+package org.apache.geode.internal.security.shiro;
+
+import org.apache.shiro.SecurityUtils;
+import org.apache.shiro.config.Ini.Section;
+import org.apache.shiro.config.IniSecurityManagerFactory;
+import org.apache.shiro.mgt.SecurityManager;
+
+public class ConfigInitializer {
+
+  public ConfigInitializer() {
+    // nothing
+  }
+
+  public void initialize(String shiroConfig) {
+    IniSecurityManagerFactory factory =
+        new IniSecurityManagerFactory("classpath:" + shiroConfig);
+
+    // we will need to make sure that shiro uses a case sensitive permission resolver
+    Section main = factory.getIni().addSection("main");
+    main.put("geodePermissionResolver", GeodePermissionResolver.class.getName());
+    if (!main.containsKey("iniRealm.permissionResolver")) {
+      main.put("iniRealm.permissionResolver", "$geodePermissionResolver");
+    }
+
+    // logs "Users or Roles are already populated.  Configured Ini instance will be ignored."
+    SecurityManager securityManager = factory.getInstance();
+    SecurityUtils.setSecurityManager(securityManager);
+  }
+
+}

http://git-wip-us.apache.org/repos/asf/geode/blob/0360b0f8/geode-core/src/main/java/org/apache/geode/internal/security/shiro/JMXShiroAuthenticator.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/security/shiro/JMXShiroAuthenticator.java
b/geode-core/src/main/java/org/apache/geode/internal/security/shiro/JMXShiroAuthenticator.java
index 49d38f5..4f6c3cf 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/security/shiro/JMXShiroAuthenticator.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/security/shiro/JMXShiroAuthenticator.java
@@ -66,8 +66,8 @@ public class JMXShiroAuthenticator implements JMXAuthenticator, NotificationList
       principal = new ShiroPrincipal(shiroSubject);
     }
 
-    return new Subject(true, Collections.singleton(principal), Collections.EMPTY_SET,
-        Collections.EMPTY_SET);
+    return new Subject(true, Collections.singleton(principal), Collections.emptySet(),
+        Collections.emptySet());
   }
 
   @Override

http://git-wip-us.apache.org/repos/asf/geode/blob/0360b0f8/geode-core/src/main/java/org/apache/geode/internal/security/shiro/RealmInitializer.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/security/shiro/RealmInitializer.java
b/geode-core/src/main/java/org/apache/geode/internal/security/shiro/RealmInitializer.java
new file mode 100644
index 0000000..cd4732b
--- /dev/null
+++ b/geode-core/src/main/java/org/apache/geode/internal/security/shiro/RealmInitializer.java
@@ -0,0 +1,56 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geode.internal.security.shiro;
+
+import org.apache.geode.internal.logging.LogService;
+import org.apache.geode.security.SecurityManager;
+import org.apache.logging.log4j.Logger;
+import org.apache.shiro.SecurityUtils;
+import org.apache.shiro.mgt.DefaultSecurityManager;
+import org.apache.shiro.realm.Realm;
+import org.apache.shiro.session.mgt.DefaultSessionManager;
+import org.apache.shiro.session.mgt.SessionManager;
+
+public class RealmInitializer {
+  private static Logger logger = LogService.getLogger(LogService.SECURITY_LOGGER_NAME);
+
+  public RealmInitializer() {
+    // nothing
+  }
+
+  public void initialize(final SecurityManager securityManager) {
+    Realm realm = new CustomAuthRealm(securityManager);
+    DefaultSecurityManager shiroManager = new DefaultSecurityManager(realm);
+    SecurityUtils.setSecurityManager(shiroManager);
+    increaseShiroGlobalSessionTimeout(shiroManager);
+  }
+
+  private void increaseShiroGlobalSessionTimeout(final DefaultSecurityManager shiroManager)
{
+    SessionManager sessionManager = shiroManager.getSessionManager();
+    if (DefaultSessionManager.class.isInstance(sessionManager)) {
+      DefaultSessionManager defaultSessionManager = (DefaultSessionManager) sessionManager;
+      defaultSessionManager.setGlobalSessionTimeout(Long.MAX_VALUE);
+      long value = defaultSessionManager.getGlobalSessionTimeout();
+      if (value != Long.MAX_VALUE) {
+        logger.error("Unable to set Shiro Global Session Timeout. Current value is '{}'.",
value);
+      }
+    } else {
+      logger.error("Unable to set Shiro Global Session Timeout. Current SessionManager is
'{}'.",
+          sessionManager == null ? "null" : sessionManager.getClass());
+    }
+  }
+}

http://git-wip-us.apache.org/repos/asf/geode/blob/0360b0f8/geode-core/src/test/java/org/apache/geode/internal/security/DisabledSecurityServiceTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/internal/security/DisabledSecurityServiceTest.java
b/geode-core/src/test/java/org/apache/geode/internal/security/DisabledSecurityServiceTest.java
new file mode 100644
index 0000000..9256c31
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/internal/security/DisabledSecurityServiceTest.java
@@ -0,0 +1,166 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geode.internal.security;
+
+import static org.assertj.core.api.Assertions.*;
+import static org.mockito.Mockito.*;
+
+import org.apache.geode.security.PostProcessor;
+import org.apache.geode.test.junit.categories.UnitTest;
+import org.apache.shiro.subject.Subject;
+import org.apache.shiro.subject.support.SubjectThreadState;
+import org.apache.shiro.util.ThreadState;
+import org.apache.geode.security.SecurityManager;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+import java.util.Properties;
+import java.util.concurrent.Callable;
+
+@Category(UnitTest.class)
+public class DisabledSecurityServiceTest {
+
+  private DisabledSecurityService disabledSecurityService;
+  private Subject mockSubject;
+
+  @Before
+  public void before() throws Exception {
+    this.disabledSecurityService = new DisabledSecurityService();
+    this.mockSubject = mock(Subject.class);
+  }
+
+  @Test
+  public void bindSubject_null() throws Exception {
+    ThreadState threadState = this.disabledSecurityService.bindSubject(null);
+    assertThat(threadState).isNull();
+  }
+
+  @Test
+  public void bindSubject_subject_shouldReturnThreadState() throws Exception {
+    ThreadState threadState = this.disabledSecurityService.bindSubject(this.mockSubject);
+    assertThat(threadState).isNotNull().isInstanceOf(SubjectThreadState.class);
+  }
+
+  @Test
+  public void getSubject_beforeLogin_shouldReturnNull() throws Exception {
+    Subject subject = this.disabledSecurityService.getSubject();
+    assertThat(subject).isNull();
+  }
+
+  @Test
+  public void login_null_shouldReturnNull() throws Exception {
+    Subject subject = this.disabledSecurityService.login(null);
+    assertThat(subject).isNull();
+  }
+
+  @Test
+  public void login_properties_shouldReturnNull() throws Exception {
+    Subject subject = this.disabledSecurityService.login(new Properties());
+    assertThat(subject).isNull();
+  }
+
+  @Test
+  public void getSubject_afterLogin_shouldReturnNull() throws Exception {
+    this.disabledSecurityService.login(new Properties());
+    Subject subject = this.disabledSecurityService.getSubject();
+    assertThat(subject).isNull();
+  }
+
+  @Test
+  public void getSubject_afterLogout_shouldReturnNull() throws Exception {
+    this.disabledSecurityService.login(new Properties());
+    this.disabledSecurityService.logout();
+    Subject subject = this.disabledSecurityService.getSubject();
+    assertThat(subject).isNull();
+  }
+
+  @Test
+  public void associateWith_callable_shouldReturnSameCallable() throws Exception {
+    Callable mockCallable = mock(Callable.class);
+    Callable callable = this.disabledSecurityService.associateWith(mockCallable);
+    assertThat(callable).isNotNull().isSameAs(mockCallable);
+  }
+
+  @Test
+  public void associateWith_null_should() throws Exception {
+    Callable callable = this.disabledSecurityService.associateWith(null);
+    assertThat(callable).isNull();
+  }
+
+  @Test
+  public void needPostProcess_returnsFalse() throws Exception {
+    boolean needPostProcess = this.disabledSecurityService.needPostProcess();
+    assertThat(needPostProcess).isFalse();
+  }
+
+  @Test
+  public void postProcess1_value_shouldReturnSameValue() throws Exception {
+    Object value = new Object();
+    Object result = this.disabledSecurityService.postProcess(null, null, value, false);
+    assertThat(result).isNotNull().isSameAs(value);
+  }
+
+  @Test
+  public void postProcess1_null_returnsNull() throws Exception {
+    Object result = this.disabledSecurityService.postProcess(null, null, null, false);
+    assertThat(result).isNull();
+  }
+
+  @Test
+  public void postProcess2_value_shouldReturnSameValue() throws Exception {
+    Object value = new Object();
+    Object result = this.disabledSecurityService.postProcess(null, null, null, value, false);
+    assertThat(result).isNotNull().isSameAs(value);
+  }
+
+  @Test
+  public void postProcess2_null_returnsNull() throws Exception {
+    Object result = this.disabledSecurityService.postProcess(null, null, null, null, false);
+    assertThat(result).isNull();
+  }
+
+  @Test
+  public void isClientSecurityRequired_returnsFalse() throws Exception {
+    boolean result = this.disabledSecurityService.isClientSecurityRequired();
+    assertThat(result).isFalse();
+  }
+
+  @Test
+  public void isIntegratedSecurity_returnsFalse() throws Exception {
+    boolean result = this.disabledSecurityService.isIntegratedSecurity();
+    assertThat(result).isFalse();
+  }
+
+  @Test
+  public void isPeerSecurityRequired_returnsFalse() throws Exception {
+    boolean result = this.disabledSecurityService.isPeerSecurityRequired();
+    assertThat(result).isFalse();
+  }
+
+  @Test
+  public void getSecurityManager_returnsNull() throws Exception {
+    SecurityManager securityManager = this.disabledSecurityService.getSecurityManager();
+    assertThat(securityManager).isNull();
+  }
+
+  @Test
+  public void getPostProcessor_returnsNull() throws Exception {
+    PostProcessor postProcessor = this.disabledSecurityService.getPostProcessor();
+    assertThat(postProcessor).isNull();
+  }
+}

http://git-wip-us.apache.org/repos/asf/geode/blob/0360b0f8/geode-core/src/test/java/org/apache/geode/internal/security/EnabledSecurityServiceTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/internal/security/EnabledSecurityServiceTest.java
b/geode-core/src/test/java/org/apache/geode/internal/security/EnabledSecurityServiceTest.java
new file mode 100644
index 0000000..1843afd
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/internal/security/EnabledSecurityServiceTest.java
@@ -0,0 +1,186 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geode.internal.security;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.mockito.Mockito.*;
+
+import org.apache.geode.internal.security.shiro.RealmInitializer;
+import org.apache.geode.security.AuthenticationFailedException;
+import org.apache.geode.security.GemFireSecurityException;
+import org.apache.geode.security.PostProcessor;
+import org.apache.geode.security.SecurityManager;
+import org.apache.geode.test.junit.categories.UnitTest;
+import org.apache.shiro.subject.Subject;
+import org.apache.shiro.subject.support.SubjectThreadState;
+import org.apache.shiro.util.ThreadState;
+import org.junit.Before;
+import org.junit.Ignore;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+import java.util.Properties;
+import java.util.concurrent.Callable;
+
+@Category(UnitTest.class)
+public class EnabledSecurityServiceTest {
+
+  private SecurityManager mockSecurityManager;
+  private PostProcessor mockPostProcessor;
+  private RealmInitializer spyRealmInitializer;
+  private Subject mockSubject;
+
+  private EnabledSecurityService securityService;
+  private EnabledSecurityService securityServiceWithPostProcessor;
+
+  @Before
+  public void before() throws Exception {
+    this.mockSecurityManager = mock(SecurityManager.class);
+    this.mockPostProcessor = mock(PostProcessor.class);
+    this.spyRealmInitializer = spy(RealmInitializer.class);
+    this.mockSubject = mock(Subject.class);
+
+    this.securityService = new EnabledSecurityService(this.mockSecurityManager, null, this.spyRealmInitializer);
+    this.securityServiceWithPostProcessor = new EnabledSecurityService(this.mockSecurityManager,
this.mockPostProcessor, this.spyRealmInitializer);
+  }
+
+  @Test
+  public void bindSubject_nullSubject_shouldReturn_null() throws Exception {
+    ThreadState threadState = this.securityService.bindSubject(null);
+    assertThat(threadState).isNull();
+  }
+
+  @Test
+  public void bindSubject_subject_shouldReturn_ThreadState() throws Exception {
+    ThreadState threadState = this.securityService.bindSubject(this.mockSubject);
+    assertThat(threadState).isNotNull().isInstanceOf(SubjectThreadState.class);
+  }
+
+  @Test
+  public void getSubject_beforeLogin_shouldThrow_GemFireSecurityException() throws Exception
{
+    assertThatThrownBy(() -> this.securityService.getSubject())
+        .isInstanceOf(GemFireSecurityException.class)
+        .hasMessageContaining("Anonymous User");
+  }
+
+  @Test
+  public void login_nullProperties_shouldReturn_null() throws Exception {
+    Subject subject = this.securityService.login(null);
+    assertThat(subject).isNull();
+  }
+
+  @Test
+  public void login_emptyProperties_shouldThrow_AuthenticationFailedException() throws Exception
{
+    assertThatThrownBy(() -> this.securityService.login(new Properties()))
+        .isInstanceOf(AuthenticationFailedException.class)
+        .hasMessageContaining("Please check your credentials");
+  }
+
+  @Ignore("Extract all shiro integration code out of EnabledSecurityService for mocking")
+  @Test
+  public void getSubject_afterLogin_shouldReturnNull() throws Exception {
+    this.securityService.login(new Properties());
+    Subject subject = this.securityService.getSubject();
+    assertThat(subject).isNull();
+  }
+
+  @Ignore("Extract all shiro integration code out of EnabledSecurityService for mocking")
+  @Test
+  public void getSubject_afterLogout_shouldReturnNull() throws Exception {
+    this.securityService.login(new Properties());
+    this.securityService.logout();
+    Subject subject = this.securityService.getSubject();
+    assertThat(subject).isNull();
+  }
+
+  @Test
+  public void associateWith_callable_beforeLogin_shouldThrow_GemFireSecurityException() throws
Exception {
+    assertThatThrownBy(() -> this.securityService.associateWith(mock(Callable.class)))
+        .isInstanceOf(GemFireSecurityException.class)
+        .hasMessageContaining("Anonymous User");
+  }
+
+  @Test
+  public void associateWith_null_should() throws Exception {
+    assertThatThrownBy(() -> this.securityService.associateWith(null))
+        .isInstanceOf(GemFireSecurityException.class)
+        .hasMessageContaining("Anonymous User");
+  }
+
+  @Test
+  public void needPostProcess_returnsFalse() throws Exception {
+    boolean needPostProcess = this.securityService.needPostProcess();
+    assertThat(needPostProcess).isFalse();
+  }
+
+  @Test
+  public void postProcess1_value_shouldReturnSameValue() throws Exception {
+    Object value = new Object();
+    Object result = this.securityService.postProcess(null, null, value, false);
+    assertThat(result).isNotNull().isSameAs(value);
+  }
+
+  @Test
+  public void postProcess1_null_returnsNull() throws Exception {
+    Object result = this.securityService.postProcess(null, null, null, false);
+    assertThat(result).isNull();
+  }
+
+  @Test
+  public void postProcess2_value_shouldReturnSameValue() throws Exception {
+    Object value = new Object();
+    Object result = this.securityService.postProcess(null, null, null, value, false);
+    assertThat(result).isNotNull().isSameAs(value);
+  }
+
+  @Test
+  public void postProcess2_null_returnsNull() throws Exception {
+    Object result = this.securityService.postProcess(null, null, null, null, false);
+    assertThat(result).isNull();
+  }
+
+  @Test
+  public void isClientSecurityRequired_returnsTrue() throws Exception {
+    boolean result = this.securityService.isClientSecurityRequired();
+    assertThat(result).isTrue();
+  }
+
+  @Test
+  public void isIntegratedSecurity_returnsTrue() throws Exception {
+    boolean result = this.securityService.isIntegratedSecurity();
+    assertThat(result).isTrue();
+  }
+
+  @Test
+  public void isPeerSecurityRequired_returnsTrue() throws Exception {
+    boolean result = this.securityService.isPeerSecurityRequired();
+    assertThat(result).isTrue();
+  }
+
+  @Test
+  public void getSecurityManager_returnsSecurityManager() throws Exception {
+    SecurityManager securityManager = this.securityService.getSecurityManager();
+    assertThat(securityManager).isNotNull().isSameAs(this.mockSecurityManager);
+  }
+
+  @Test
+  public void getPostProcessor_returnsNull() throws Exception {
+    PostProcessor postProcessor = this.securityService.getPostProcessor();
+    assertThat(postProcessor).isNull();
+  }
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/geode/blob/0360b0f8/geode-core/src/test/java/org/apache/geode/internal/security/shiro/ConfigInitializerIntegrationTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/internal/security/shiro/ConfigInitializerIntegrationTest.java
b/geode-core/src/test/java/org/apache/geode/internal/security/shiro/ConfigInitializerIntegrationTest.java
new file mode 100644
index 0000000..4045d35
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/internal/security/shiro/ConfigInitializerIntegrationTest.java
@@ -0,0 +1,94 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geode.internal.security.shiro;
+
+import static org.assertj.core.api.Assertions.*;
+
+import org.apache.commons.io.FileUtils;
+import org.apache.geode.test.junit.categories.UnitTest;
+import org.apache.shiro.SecurityUtils;
+import org.apache.shiro.UnavailableSecurityManagerException;
+import org.apache.shiro.util.ThreadContext;
+import org.apache.shiro.config.ConfigurationException;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+import org.junit.rules.TemporaryFolder;
+
+import java.io.File;
+
+@Category(UnitTest.class)
+public class ConfigInitializerIntegrationTest {
+
+  private static final String SHIRO_INI_FILE = "ConfigInitializerIntegrationTest.ini";
+
+  private String shiroIniInClasspath;
+  private ConfigInitializer configInitializer;
+  private String shiroIniInFilesystem;
+
+  @Rule
+  public TemporaryFolder temporaryFolder = new TemporaryFolder();
+
+  @Before
+  public void before() throws Exception {
+    assertThat(getClass().getResource(SHIRO_INI_FILE)).isNotNull();
+
+    this.configInitializer = new ConfigInitializer();
+
+    this.shiroIniInClasspath = getResourcePackage(getClass()) + SHIRO_INI_FILE;
+
+    File shiroIniFile = this.temporaryFolder.newFile(SHIRO_INI_FILE);
+    FileUtils.copyURLToFile(getClass().getResource(SHIRO_INI_FILE), shiroIniFile);
+    this.shiroIniInFilesystem = shiroIniFile.getAbsolutePath();
+
+    assertThatThrownBy(() -> SecurityUtils.getSecurityManager())
+        .isInstanceOf(UnavailableSecurityManagerException.class);
+  }
+
+  @After
+  public void after() throws Exception {
+    ThreadContext.remove();
+    SecurityUtils.setSecurityManager(null);
+  }
+
+  @Test
+  public void initialize_fileInClasspath() throws Exception {
+    this.configInitializer.initialize(this.shiroIniInClasspath);
+    assertThat(SecurityUtils.getSecurityManager()).isNotNull();
+  }
+
+  @Test
+  public void initialize_null_throws_ConfigurationException() throws Exception {
+    assertThatThrownBy(() -> this.configInitializer.initialize(null))
+        .isInstanceOf(ConfigurationException.class)
+        .hasMessageContaining("Resource [classpath:null] could not be found");
+  }
+
+  @Test
+  public void initialize_fileInFilesystem() throws Exception {
+    assertThatThrownBy(() -> this.configInitializer.initialize(this.shiroIniInFilesystem))
+        .isInstanceOf(ConfigurationException.class)
+        .hasMessageContaining("Resource [classpath:")
+        .hasMessageContaining("ConfigInitializerIntegrationTest.ini] could not be found");
+  }
+
+  private String getResourcePackage(Class classInPackage) {
+    return classInPackage.getName().replace(classInPackage.getSimpleName(), "").replace(".",
"/");
+  }
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/geode/blob/0360b0f8/geode-core/src/test/resources/org/apache/geode/internal/security/shiro/ConfigInitializerIntegrationTest.ini
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/org/apache/geode/internal/security/shiro/ConfigInitializerIntegrationTest.ini
b/geode-core/src/test/resources/org/apache/geode/internal/security/shiro/ConfigInitializerIntegrationTest.ini
new file mode 100644
index 0000000..8f7ffa7
--- /dev/null
+++ b/geode-core/src/test/resources/org/apache/geode/internal/security/shiro/ConfigInitializerIntegrationTest.ini
@@ -0,0 +1,30 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# the users and roles in this file needs to be kept in sync with shiro.ini
+# since they are used by the same test to test ShiroUtil
+# -----------------------------------------------------------------------------
+# Users and their (optional) assigned roles
+# username = password, role1, role2, ..., roleN
+# -----------------------------------------------------------------------------
+[users]
+root = secret, admin
+
+# -----------------------------------------------------------------------------
+# Roles with assigned permissions
+# roleName = perm1, perm2, ..., permN
+# -----------------------------------------------------------------------------
+[roles]
+admin = *


Mime
View raw message