geode-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kl...@apache.org
Subject [5/9] geode git commit: Use immutable SecurityService
Date Mon, 05 Jun 2017 16:46:28 GMT
http://git-wip-us.apache.org/repos/asf/geode/blob/eab9e6e0/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInterestList66.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInterestList66.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInterestList66.java
index 6a2ad95..5f6ab9b 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInterestList66.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInterestList66.java
@@ -12,36 +12,36 @@
  * or implied. See the License for the specific language governing permissions and limitations under
  * the License.
  */
-/**
- * 
- */
 package org.apache.geode.internal.cache.tier.sockets.command;
 
+import org.apache.geode.cache.DynamicRegionFactory;
+import org.apache.geode.cache.InterestResultPolicy;
+import org.apache.geode.cache.operations.RegisterInterestOperationContext;
+import org.apache.geode.i18n.StringId;
 import org.apache.geode.internal.Version;
 import org.apache.geode.internal.cache.LocalRegion;
 import org.apache.geode.internal.cache.tier.CachedRegionHelper;
 import org.apache.geode.internal.cache.tier.Command;
 import org.apache.geode.internal.cache.tier.InterestType;
 import org.apache.geode.internal.cache.tier.MessageType;
-import org.apache.geode.internal.cache.tier.sockets.*;
+import org.apache.geode.internal.cache.tier.sockets.BaseCommand;
+import org.apache.geode.internal.cache.tier.sockets.ChunkedMessage;
+import org.apache.geode.internal.cache.tier.sockets.Message;
+import org.apache.geode.internal.cache.tier.sockets.Part;
+import org.apache.geode.internal.cache.tier.sockets.ServerConnection;
 import org.apache.geode.internal.i18n.LocalizedStrings;
 import org.apache.geode.internal.logging.log4j.LocalizedMessage;
 import org.apache.geode.internal.security.AuthorizeRequest;
-import org.apache.geode.cache.DynamicRegionFactory;
-import org.apache.geode.cache.InterestResultPolicy;
-import org.apache.geode.cache.operations.RegisterInterestOperationContext;
-import org.apache.geode.i18n.StringId;
+import org.apache.geode.internal.security.SecurityService;
 
 import java.io.IOException;
 import java.util.List;
 
 /**
- * 
  * All keys of the register interest list are being sent as a single part since 6.6. There is no
  * need to send no keys as a separate part.In earlier versions {@link RegisterInterestList61} number
  * of keys & each individual key was sent as a separate part.
- * 
- * 
+ *
  * @since GemFire 6.6
  */
 public class RegisterInterestList66 extends BaseCommand {
@@ -55,9 +55,9 @@ public class RegisterInterestList66 extends BaseCommand {
   RegisterInterestList66() {}
 
   @Override
-  public void cmdExecute(Message clientMessage, ServerConnection serverConnection, long start)
-      throws IOException, InterruptedException {
-    Part regionNamePart = null, keyPart = null;// numberOfKeysPart = null;
+  public void cmdExecute(final Message clientMessage, final ServerConnection serverConnection,
+      final SecurityService securityService, long start) throws IOException, InterruptedException {
+    Part regionNamePart = null, keyPart = null;
     String regionName = null;
     Object key = null;
     InterestResultPolicy policy;
@@ -68,10 +68,6 @@ public class RegisterInterestList66 extends BaseCommand {
     serverConnection.setAsTrue(REQUIRES_CHUNKED_RESPONSE);
     ChunkedMessage chunkedResponseMsg = serverConnection.getRegisterInterestResponseMessage();
 
-    // bserverStats.incLong(readDestroyRequestTimeId,
-    // DistributionStats.getStatTime() - start);
-    // bserverStats.incInt(destroyRequestsId, 1);
-    // start = DistributionStats.getStatTime();
     // Retrieve the data from the message parts
     regionNamePart = clientMessage.getPart(0);
     regionName = regionNamePart.getString();
@@ -139,18 +135,6 @@ public class RegisterInterestList66 extends BaseCommand {
           serverConnection.getSocketString(), numberOfKeys, regionName, keys);
     }
 
-    /*
-     * AcceptorImpl acceptor = servConn.getAcceptor();
-     * 
-     * // Check if the Server is running in NotifyBySubscription=true mode. if
-     * (!acceptor.getCacheClientNotifier().getNotifyBySubscription()) { // This should have been
-     * taken care at the client. String err = LocalizedStrings.
-     * RegisterInterest_INTEREST_REGISTRATION_IS_SUPPORTED_ONLY_FOR_SERVERS_WITH_NOTIFYBYSUBSCRIPTION_SET_TO_TRUE
-     * .toLocalizedString(); writeChunkedErrorResponse(msg,
-     * MessageType.REGISTER_INTEREST_DATA_ERROR, err, servConn); servConn.setAsTrue(RESPONDED);
-     * return; }
-     */
-
     // Process the register interest request
     if (keys.isEmpty() || regionName == null) {
       StringId errMessage = null;
@@ -177,12 +161,9 @@ public class RegisterInterestList66 extends BaseCommand {
       logger.info(LocalizedMessage.create(
           LocalizedStrings.RegisterInterestList_0_REGION_NAMED_1_WAS_NOT_FOUND_DURING_REGISTER_INTEREST_LIST_REQUEST,
           new Object[] {serverConnection.getName(), regionName}));
-      // writeChunkedErrorResponse(msg,
-      // MessageType.REGISTER_INTEREST_DATA_ERROR, message);
-      // responded = true;
-    } // else { // region not null
+    }
     try {
-      this.securityService.authorizeRegionRead(regionName);
+      securityService.authorizeRegionRead(regionName);
       AuthorizeRequest authzRequest = serverConnection.getAuthzRequest();
       if (authzRequest != null) {
         if (!DynamicRegionFactory.regionIsDynamicRegionList(regionName)) {
@@ -204,11 +185,6 @@ public class RegisterInterestList66 extends BaseCommand {
       return;
     }
 
-    // Update the statistics and write the reply
-    // bserverStats.incLong(processDestroyTimeId,
-    // DistributionStats.getStatTime() - start);
-    // start = DistributionStats.getStatTime();
-
     boolean isPrimary = serverConnection.getAcceptor().getCacheClientNotifier()
         .getClientProxy(serverConnection.getProxyID()).isPrimary();
     if (!isPrimary) {
@@ -244,18 +220,11 @@ public class RegisterInterestList66 extends BaseCommand {
       }
 
       if (logger.isDebugEnabled()) {
-        // logger.debug(getName() + ": Sent chunk (1 of 1) of register interest
-        // response (" + chunkedResponseMsg.getBufferLength() + " bytes) for
-        // region " + regionName + " key " + key);
         logger.debug(
             "{}: Sent register interest response for the following {} keys in region {}: {}",
             serverConnection.getName(), numberOfKeys, regionName, keys);
       }
-      // bserverStats.incLong(writeDestroyResponseTimeId,
-      // DistributionStats.getStatTime() - start);
-      // bserverStats.incInt(destroyResponsesId, 1);
     } // isPrimary
-    // } // region not null
   }
 
 }

http://git-wip-us.apache.org/repos/asf/geode/blob/eab9e6e0/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RemoveAll.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RemoveAll.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RemoveAll.java
index a295c54..2daf755 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RemoveAll.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RemoveAll.java
@@ -12,11 +12,6 @@
  * or implied. See the License for the specific language governing permissions and limitations under
  * the License.
  */
-/**
- * Author: dschneider
- * 
- * @since GemFire 8.1
- */
 package org.apache.geode.internal.cache.tier.sockets.command;
 
 import java.io.IOException;
@@ -48,6 +43,7 @@ import org.apache.geode.internal.cache.versions.VersionTag;
 import org.apache.geode.internal.i18n.LocalizedStrings;
 import org.apache.geode.internal.logging.log4j.LocalizedMessage;
 import org.apache.geode.internal.security.AuthorizeRequest;
+import org.apache.geode.internal.security.SecurityService;
 import org.apache.geode.internal.util.Breadcrumbs;
 
 public class RemoveAll extends BaseCommand {
@@ -61,8 +57,8 @@ public class RemoveAll extends BaseCommand {
   protected RemoveAll() {}
 
   @Override
-  public void cmdExecute(Message clientMessage, ServerConnection serverConnection, long startp)
-      throws IOException, InterruptedException {
+  public void cmdExecute(final Message clientMessage, final ServerConnection serverConnection,
+      final SecurityService securityService, long startp) throws IOException, InterruptedException {
     long start = startp; // copy this since we need to modify it
     Part regionNamePart = null, numberOfKeysPart = null, keyPart = null;
     String regionName = null;
@@ -72,7 +68,7 @@ public class RemoveAll extends BaseCommand {
     boolean replyWithMetaData = false;
     VersionedObjectList response = null;
 
-    StringBuffer errMessage = new StringBuffer();
+    StringBuilder errMessage = new StringBuilder();
     CachedRegionHelper crHelper = serverConnection.getCachedRegionHelper();
     CacheServerStats stats = serverConnection.getCacheServerStats();
 
@@ -190,7 +186,7 @@ public class RemoveAll extends BaseCommand {
         serverConnection.setRequestSpecificTimeout(timeout);
       }
 
-      this.securityService.authorizeRegionWrite(regionName);
+      securityService.authorizeRegionWrite(regionName);
 
       AuthorizeRequest authzRequest = serverConnection.getAuthzRequest();
       if (authzRequest != null) {

http://git-wip-us.apache.org/repos/asf/geode/blob/eab9e6e0/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RemoveUserAuth.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RemoveUserAuth.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RemoveUserAuth.java
index cc42e0d..ead5469 100755
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RemoveUserAuth.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RemoveUserAuth.java
@@ -22,6 +22,7 @@ import org.apache.geode.internal.cache.tier.sockets.Message;
 import org.apache.geode.internal.cache.tier.sockets.Part;
 import org.apache.geode.internal.cache.tier.sockets.ServerConnection;
 import org.apache.geode.internal.i18n.LocalizedStrings;
+import org.apache.geode.internal.security.SecurityService;
 import org.apache.geode.security.GemFireSecurityException;
 
 public class RemoveUserAuth extends BaseCommand {
@@ -33,7 +34,8 @@ public class RemoveUserAuth extends BaseCommand {
   }
 
   @Override
-  public void cmdExecute(Message clientMessage, ServerConnection serverConnection, long start)
+  public void cmdExecute(final Message clientMessage, final ServerConnection serverConnection,
+      final SecurityService securityService, long start)
       throws IOException, ClassNotFoundException, InterruptedException {
     boolean isSecureMode = clientMessage.isSecureMode();
 

http://git-wip-us.apache.org/repos/asf/geode/blob/eab9e6e0/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/Request.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/Request.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/Request.java
index 6f97d31..25badd3 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/Request.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/Request.java
@@ -12,9 +12,6 @@
  * or implied. See the License for the specific language governing permissions and limitations under
  * the License.
  */
-/**
- * 
- */
 package org.apache.geode.internal.cache.tier.sockets.command;
 
 import java.io.IOException;
@@ -38,6 +35,7 @@ import org.apache.geode.internal.cache.tier.sockets.ServerConnection;
 import org.apache.geode.internal.i18n.LocalizedStrings;
 import org.apache.geode.internal.security.AuthorizeRequest;
 import org.apache.geode.internal.security.AuthorizeRequestPP;
+import org.apache.geode.internal.security.SecurityService;
 import org.apache.geode.security.NotAuthorizedException;
 import org.apache.geode.i18n.StringId;
 
@@ -52,8 +50,8 @@ public class Request extends BaseCommand {
   Request() {}
 
   @Override
-  public void cmdExecute(Message clientMessage, ServerConnection serverConnection, long start)
-      throws IOException {
+  public void cmdExecute(final Message clientMessage, final ServerConnection serverConnection,
+      final SecurityService securityService, long start) throws IOException {
     Part regionNamePart = null, keyPart = null, valuePart = null;
     String regionName = null;
     Object callbackArg = null, key = null;
@@ -126,7 +124,7 @@ public class Request extends BaseCommand {
         GetOperationContext getContext = null;
 
         try {
-          this.securityService.authorizeRegionRead(regionName, key.toString());
+          securityService.authorizeRegionRead(regionName, key.toString());
           AuthorizeRequest authzRequest = serverConnection.getAuthzRequest();
           if (authzRequest != null) {
             getContext = authzRequest.getAuthorize(regionName, key, callbackArg);

http://git-wip-us.apache.org/repos/asf/geode/blob/eab9e6e0/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RequestEventValue.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RequestEventValue.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RequestEventValue.java
index a6d6578..0d64747 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RequestEventValue.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RequestEventValue.java
@@ -32,6 +32,7 @@ import org.apache.geode.internal.cache.tier.sockets.Part;
 import org.apache.geode.internal.cache.tier.sockets.ServerConnection;
 import org.apache.geode.internal.i18n.LocalizedStrings;
 import org.apache.geode.internal.logging.log4j.LocalizedMessage;
+import org.apache.geode.internal.security.SecurityService;
 
 /**
  * Represents a request for (full) value of a given event from ha container
@@ -49,8 +50,8 @@ public class RequestEventValue extends BaseCommand {
 
   private RequestEventValue() {}
 
-  public void cmdExecute(Message clientMessage, ServerConnection serverConnection, long start)
-      throws IOException {
+  public void cmdExecute(final Message clientMessage, final ServerConnection serverConnection,
+      final SecurityService securityService, long start) throws IOException {
     Part eventIDPart = null, valuePart = null;
     EventID event = null;
     Object callbackArg = null;

http://git-wip-us.apache.org/repos/asf/geode/blob/eab9e6e0/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RollbackCommand.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RollbackCommand.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RollbackCommand.java
index cd12ea7..2100c76 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RollbackCommand.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RollbackCommand.java
@@ -24,6 +24,7 @@ import org.apache.geode.internal.cache.tier.Command;
 import org.apache.geode.internal.cache.tier.sockets.BaseCommand;
 import org.apache.geode.internal.cache.tier.sockets.Message;
 import org.apache.geode.internal.cache.tier.sockets.ServerConnection;
+import org.apache.geode.internal.security.SecurityService;
 
 /**
  * Command for performing Rollback on the server
@@ -39,7 +40,8 @@ public class RollbackCommand extends BaseCommand {
   private RollbackCommand() {}
 
   @Override
-  public void cmdExecute(Message clientMessage, ServerConnection serverConnection, long start)
+  public void cmdExecute(final Message clientMessage, final ServerConnection serverConnection,
+      final SecurityService securityService, long start)
       throws IOException, ClassNotFoundException, InterruptedException {
     serverConnection.setAsTrue(REQUIRES_RESPONSE);
     TXManagerImpl txMgr = (TXManagerImpl) serverConnection.getCache().getCacheTransactionManager();

http://git-wip-us.apache.org/repos/asf/geode/blob/eab9e6e0/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/Size.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/Size.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/Size.java
index c4515ab..e4485b4 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/Size.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/Size.java
@@ -12,9 +12,6 @@
  * or implied. See the License for the specific language governing permissions and limitations under
  * the License.
  */
-/**
- *
- */
 package org.apache.geode.internal.cache.tier.sockets.command;
 
 import java.io.IOException;
@@ -32,9 +29,9 @@ import org.apache.geode.internal.cache.tier.sockets.Part;
 import org.apache.geode.internal.cache.tier.sockets.ServerConnection;
 import org.apache.geode.internal.i18n.LocalizedStrings;
 import org.apache.geode.internal.logging.log4j.LocalizedMessage;
+import org.apache.geode.internal.security.SecurityService;
 import org.apache.geode.security.GemFireSecurityException;
 
-
 public class Size extends BaseCommand {
 
   private final static Size singleton = new Size();
@@ -56,8 +53,8 @@ public class Size extends BaseCommand {
   }
 
   @Override
-  public void cmdExecute(Message clientMessage, ServerConnection serverConnection, long start)
-      throws IOException, InterruptedException {
+  public void cmdExecute(final Message clientMessage, final ServerConnection serverConnection,
+      final SecurityService securityService, long start) throws IOException, InterruptedException {
     StringBuilder errMessage = new StringBuilder();
     CachedRegionHelper crHelper = serverConnection.getCachedRegionHelper();
     CacheServerStats stats = serverConnection.getCacheServerStats();
@@ -93,7 +90,7 @@ public class Size extends BaseCommand {
 
     // Size the entry
     try {
-      this.securityService.authorizeRegionRead(regionName);
+      securityService.authorizeRegionRead(regionName);
       writeSizeResponse(region.size(), clientMessage, serverConnection);
     } catch (RegionDestroyedException rde) {
       writeException(clientMessage, rde, false, serverConnection);

http://git-wip-us.apache.org/repos/asf/geode/blob/eab9e6e0/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/TXFailoverCommand.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/TXFailoverCommand.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/TXFailoverCommand.java
index 9fc3fd1..6bd00c0 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/TXFailoverCommand.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/TXFailoverCommand.java
@@ -33,6 +33,7 @@ import org.apache.geode.internal.cache.tier.Command;
 import org.apache.geode.internal.cache.tier.sockets.BaseCommand;
 import org.apache.geode.internal.cache.tier.sockets.Message;
 import org.apache.geode.internal.cache.tier.sockets.ServerConnection;
+import org.apache.geode.internal.security.SecurityService;
 
 /**
  * Used for bootstrapping txState/PeerTXStateStub on the server. This command is send when in client
@@ -49,7 +50,8 @@ public class TXFailoverCommand extends BaseCommand {
   private TXFailoverCommand() {}
 
   @Override
-  public void cmdExecute(Message clientMessage, ServerConnection serverConnection, long start)
+  public void cmdExecute(final Message clientMessage, final ServerConnection serverConnection,
+      final SecurityService securityService, long start)
       throws IOException, ClassNotFoundException, InterruptedException {
     serverConnection.setAsTrue(REQUIRES_RESPONSE);
     // Build the TXId for the transaction

http://git-wip-us.apache.org/repos/asf/geode/blob/eab9e6e0/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/TXSynchronizationCommand.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/TXSynchronizationCommand.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/TXSynchronizationCommand.java
index 03270d6..b1b0cfb 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/TXSynchronizationCommand.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/TXSynchronizationCommand.java
@@ -30,6 +30,7 @@ import org.apache.geode.internal.cache.tier.sockets.Message;
 import org.apache.geode.internal.cache.tier.sockets.MessageTooLargeException;
 import org.apache.geode.internal.cache.tier.sockets.Part;
 import org.apache.geode.internal.cache.tier.sockets.ServerConnection;
+import org.apache.geode.internal.security.SecurityService;
 
 import java.io.IOException;
 import java.util.concurrent.Executor;
@@ -69,7 +70,8 @@ public class TXSynchronizationCommand extends BaseCommand {
    */
   @Override
   public void cmdExecute(final Message clientMessage, final ServerConnection serverConnection,
-      long start) throws IOException, ClassNotFoundException, InterruptedException {
+      final SecurityService securityService, long start)
+      throws IOException, ClassNotFoundException, InterruptedException {
 
     serverConnection.setAsTrue(REQUIRES_RESPONSE);
 

http://git-wip-us.apache.org/repos/asf/geode/blob/eab9e6e0/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/UnregisterInterest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/UnregisterInterest.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/UnregisterInterest.java
index 199ac18..1af283b 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/UnregisterInterest.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/UnregisterInterest.java
@@ -12,9 +12,6 @@
  * or implied. See the License for the specific language governing permissions and limitations under
  * the License.
  */
-/**
- *
- */
 package org.apache.geode.internal.cache.tier.sockets.command;
 
 import java.io.IOException;
@@ -31,9 +28,9 @@ import org.apache.geode.internal.cache.tier.sockets.Part;
 import org.apache.geode.internal.cache.tier.sockets.ServerConnection;
 import org.apache.geode.internal.i18n.LocalizedStrings;
 import org.apache.geode.internal.security.AuthorizeRequest;
+import org.apache.geode.internal.security.SecurityService;
 import org.apache.geode.security.NotAuthorizedException;
 
-
 public class UnregisterInterest extends BaseCommand {
 
   private final static UnregisterInterest singleton = new UnregisterInterest();
@@ -45,7 +42,8 @@ public class UnregisterInterest extends BaseCommand {
   UnregisterInterest() {}
 
   @Override
-  public void cmdExecute(Message clientMessage, ServerConnection serverConnection, long start)
+  public void cmdExecute(final Message clientMessage, final ServerConnection serverConnection,
+      final SecurityService securityService, long start)
       throws ClassNotFoundException, IOException {
     Part regionNamePart = null, keyPart = null;
     String regionName = null;
@@ -105,9 +103,9 @@ public class UnregisterInterest extends BaseCommand {
 
     try {
       if (interestType == InterestType.REGULAR_EXPRESSION) {
-        this.securityService.authorizeRegionRead(regionName);
+        securityService.authorizeRegionRead(regionName);
       } else {
-        this.securityService.authorizeRegionRead(regionName, key.toString());
+        securityService.authorizeRegionRead(regionName, key.toString());
       }
     } catch (NotAuthorizedException ex) {
       writeException(clientMessage, ex, false, serverConnection);

http://git-wip-us.apache.org/repos/asf/geode/blob/eab9e6e0/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/UnregisterInterestList.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/UnregisterInterestList.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/UnregisterInterestList.java
index 1968bff..035a953 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/UnregisterInterestList.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/UnregisterInterestList.java
@@ -32,6 +32,7 @@ import org.apache.geode.internal.cache.tier.sockets.Part;
 import org.apache.geode.internal.cache.tier.sockets.ServerConnection;
 import org.apache.geode.internal.i18n.LocalizedStrings;
 import org.apache.geode.internal.security.AuthorizeRequest;
+import org.apache.geode.internal.security.SecurityService;
 import org.apache.geode.security.NotAuthorizedException;
 
 
@@ -46,7 +47,8 @@ public class UnregisterInterestList extends BaseCommand {
   private UnregisterInterestList() {}
 
   @Override
-  public void cmdExecute(Message clientMessage, ServerConnection serverConnection, long start)
+  public void cmdExecute(final Message clientMessage, final ServerConnection serverConnection,
+      final SecurityService securityService, long start)
       throws IOException, ClassNotFoundException {
     Part regionNamePart = null, keyPart = null, numberOfKeysPart = null;
     String regionName = null;
@@ -121,7 +123,7 @@ public class UnregisterInterestList extends BaseCommand {
     }
 
     try {
-      this.securityService.authorizeRegionRead(regionName);
+      securityService.authorizeRegionRead(regionName);
     } catch (NotAuthorizedException ex) {
       writeException(clientMessage, ex, false, serverConnection);
       serverConnection.setAsTrue(RESPONDED);

http://git-wip-us.apache.org/repos/asf/geode/blob/eab9e6e0/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/UpdateClientNotification.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/UpdateClientNotification.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/UpdateClientNotification.java
index 2f434fb..b19c710 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/UpdateClientNotification.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/UpdateClientNotification.java
@@ -20,6 +20,7 @@ package org.apache.geode.internal.cache.tier.sockets.command;
 import org.apache.geode.internal.cache.tier.Command;
 import org.apache.geode.internal.cache.tier.sockets.*;
 import org.apache.geode.distributed.internal.DistributionStats;
+import org.apache.geode.internal.security.SecurityService;
 
 import java.io.IOException;
 
@@ -35,8 +36,8 @@ public class UpdateClientNotification extends BaseCommand {
   private UpdateClientNotification() {}
 
   @Override
-  public void cmdExecute(Message clientMessage, ServerConnection serverConnection, long start)
-      throws IOException {
+  public void cmdExecute(final Message clientMessage, final ServerConnection serverConnection,
+      final SecurityService securityService, long start) throws IOException {
     CacheServerStats stats = serverConnection.getCacheServerStats();
     {
       long oldStart = start;

http://git-wip-us.apache.org/repos/asf/geode/blob/eab9e6e0/geode-core/src/main/java/org/apache/geode/internal/cache/xmlcache/CacheCreation.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/xmlcache/CacheCreation.java b/geode-core/src/main/java/org/apache/geode/internal/cache/xmlcache/CacheCreation.java
index f99f9db..410ac7c 100755
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/xmlcache/CacheCreation.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/xmlcache/CacheCreation.java
@@ -144,6 +144,8 @@ import org.apache.geode.internal.logging.InternalLogWriter;
 import org.apache.geode.internal.logging.LocalLogWriter;
 import org.apache.geode.internal.logging.LogWriterFactory;
 import org.apache.geode.internal.offheap.MemoryAllocator;
+import org.apache.geode.internal.security.DisabledSecurityService;
+import org.apache.geode.internal.security.SecurityService;
 import org.apache.geode.management.internal.JmxManagerAdvisor;
 import org.apache.geode.management.internal.RestAgent;
 import org.apache.geode.pdx.PdxInstance;
@@ -1039,6 +1041,11 @@ public class CacheCreation implements InternalCache {
     throw new UnsupportedOperationException(LocalizedStrings.SHOULDNT_INVOKE.toLocalizedString());
   }
 
+  @Override
+  public SecurityService getSecurityService() {
+    return new DisabledSecurityService();
+  }
+
   void addDeclarableProperties(final Declarable declarable, final Properties properties) {
     this.declarablePropertiesMap.put(declarable, properties);
   }

http://git-wip-us.apache.org/repos/asf/geode/blob/eab9e6e0/geode-core/src/main/java/org/apache/geode/internal/lang/Initializer.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/lang/Initializer.java b/geode-core/src/main/java/org/apache/geode/internal/lang/Initializer.java
index 2037371..80d3602 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/lang/Initializer.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/lang/Initializer.java
@@ -15,8 +15,8 @@
 package org.apache.geode.internal.lang;
 
 /**
- * The Initializer class is a utility class to identify Initable objects and initialize them by
- * calling their init method.
+ * The ConfigInitialization class is a utility class to identify Initable objects and initialize
+ * them by calling their init method.
  * <p/>
  * 
  * @see org.apache.geode.internal.lang.Initable

http://git-wip-us.apache.org/repos/asf/geode/blob/eab9e6e0/geode-core/src/main/java/org/apache/geode/internal/security/CustomSecurityService.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/security/CustomSecurityService.java b/geode-core/src/main/java/org/apache/geode/internal/security/CustomSecurityService.java
new file mode 100644
index 0000000..f4b0ceb
--- /dev/null
+++ b/geode-core/src/main/java/org/apache/geode/internal/security/CustomSecurityService.java
@@ -0,0 +1,206 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.geode.internal.security;
+
+import java.util.Properties;
+import java.util.concurrent.Callable;
+
+import org.apache.shiro.subject.Subject;
+import org.apache.shiro.util.ThreadState;
+
+import org.apache.geode.management.internal.security.ResourceOperation;
+import org.apache.geode.security.PostProcessor;
+import org.apache.geode.security.ResourcePermission;
+import org.apache.geode.security.SecurityManager;
+
+public class CustomSecurityService implements SecurityService {
+
+  CustomSecurityService() {
+    // nothing
+  }
+
+  @Override
+  public void initSecurity(final Properties securityProps) {
+
+  }
+
+  @Override
+  public void setSecurityManager(final SecurityManager securityManager) {
+
+  }
+
+  @Override
+  public void setPostProcessor(final PostProcessor postProcessor) {
+
+  }
+
+  @Override
+  public ThreadState bindSubject(final Subject subject) {
+    return null;
+  }
+
+  @Override
+  public Subject getSubject() {
+    return null;
+  }
+
+  @Override
+  public Subject login(final Properties credentials) {
+    return null;
+  }
+
+  @Override
+  public void logout() {
+
+  }
+
+  @Override
+  public Callable associateWith(final Callable callable) {
+    return null;
+  }
+
+  @Override
+  public void authorize(final ResourceOperation resourceOperation) {
+
+  }
+
+  @Override
+  public void authorizeClusterManage() {
+
+  }
+
+  @Override
+  public void authorizeClusterWrite() {
+
+  }
+
+  @Override
+  public void authorizeClusterRead() {
+
+  }
+
+  @Override
+  public void authorizeDataManage() {
+
+  }
+
+  @Override
+  public void authorizeDataWrite() {
+
+  }
+
+  @Override
+  public void authorizeDataRead() {
+
+  }
+
+  @Override
+  public void authorizeRegionManage(final String regionName) {
+
+  }
+
+  @Override
+  public void authorizeRegionManage(final String regionName, final String key) {
+
+  }
+
+  @Override
+  public void authorizeRegionWrite(final String regionName) {
+
+  }
+
+  @Override
+  public void authorizeRegionWrite(final String regionName, final String key) {
+
+  }
+
+  @Override
+  public void authorizeRegionRead(final String regionName) {
+
+  }
+
+  @Override
+  public void authorizeRegionRead(final String regionName, final String key) {
+
+  }
+
+  @Override
+  public void authorize(final String resource, final String operation) {
+
+  }
+
+  @Override
+  public void authorize(final String resource, final String operation, final String regionName) {
+
+  }
+
+  @Override
+  public void authorize(final String resource, final String operation, final String regionName,
+      final String key) {
+
+  }
+
+  @Override
+  public void authorize(final ResourcePermission context) {
+
+  }
+
+  @Override
+  public void close() {
+
+  }
+
+  @Override
+  public boolean needPostProcess() {
+    return false;
+  }
+
+  @Override
+  public Object postProcess(final String regionPath, final Object key, final Object value,
+      final boolean valueIsSerialized) {
+    return value;
+  }
+
+  @Override
+  public Object postProcess(final Object principal, final String regionPath, final Object key,
+      final Object value, final boolean valueIsSerialized) {
+    return value;
+  }
+
+  @Override
+  public boolean isClientSecurityRequired() {
+    return true;
+  }
+
+  @Override
+  public boolean isIntegratedSecurity() {
+    return true;
+  }
+
+  @Override
+  public boolean isPeerSecurityRequired() {
+    return true;
+  }
+
+  @Override
+  public SecurityManager getSecurityManager() {
+    return null;
+  }
+
+  @Override
+  public PostProcessor getPostProcessor() {
+    return null;
+  }
+}

http://git-wip-us.apache.org/repos/asf/geode/blob/eab9e6e0/geode-core/src/main/java/org/apache/geode/internal/security/DisabledSecurityService.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/security/DisabledSecurityService.java b/geode-core/src/main/java/org/apache/geode/internal/security/DisabledSecurityService.java
new file mode 100644
index 0000000..407bef1
--- /dev/null
+++ b/geode-core/src/main/java/org/apache/geode/internal/security/DisabledSecurityService.java
@@ -0,0 +1,209 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.geode.internal.security;
+
+import java.util.Properties;
+import java.util.concurrent.Callable;
+
+import org.apache.shiro.subject.Subject;
+import org.apache.shiro.util.ThreadState;
+
+import org.apache.geode.management.internal.security.ResourceOperation;
+import org.apache.geode.security.PostProcessor;
+import org.apache.geode.security.ResourcePermission;
+import org.apache.geode.security.SecurityManager;
+
+/**
+ * No-op security service that does nothing.
+ */
+public class DisabledSecurityService implements SecurityService {
+
+  public DisabledSecurityService() {
+    // nothing
+  }
+
+  @Override
+  public void initSecurity(final Properties securityProps) {
+    // nothing
+  }
+
+  @Override
+  public void setSecurityManager(final SecurityManager securityManager) {
+    // nothing
+  }
+
+  @Override
+  public void setPostProcessor(final PostProcessor postProcessor) {
+    // nothing
+  }
+
+  @Override
+  public ThreadState bindSubject(final Subject subject) {
+    return null;
+  }
+
+  @Override
+  public Subject getSubject() {
+    return null;
+  }
+
+  @Override
+  public Subject login(final Properties credentials) {
+    return null;
+  }
+
+  @Override
+  public void logout() {
+    // nothing
+  }
+
+  @Override
+  public Callable associateWith(final Callable callable) {
+    return null;
+  }
+
+  @Override
+  public void authorize(final ResourceOperation resourceOperation) {
+    // nothing
+  }
+
+  @Override
+  public void authorizeClusterManage() {
+    // nothing
+  }
+
+  @Override
+  public void authorizeClusterWrite() {
+    // nothing
+  }
+
+  @Override
+  public void authorizeClusterRead() {
+    // nothing
+  }
+
+  @Override
+  public void authorizeDataManage() {
+    // nothing
+  }
+
+  @Override
+  public void authorizeDataWrite() {
+    // nothing
+  }
+
+  @Override
+  public void authorizeDataRead() {
+    // nothing
+  }
+
+  @Override
+  public void authorizeRegionManage(final String regionName) {
+    // nothing
+  }
+
+  @Override
+  public void authorizeRegionManage(final String regionName, final String key) {
+    // nothing
+  }
+
+  @Override
+  public void authorizeRegionWrite(final String regionName) {
+    // nothing
+  }
+
+  @Override
+  public void authorizeRegionWrite(final String regionName, final String key) {
+    // nothing
+  }
+
+  @Override
+  public void authorizeRegionRead(final String regionName) {
+    // nothing
+  }
+
+  @Override
+  public void authorizeRegionRead(final String regionName, final String key) {
+    // nothing
+  }
+
+  @Override
+  public void authorize(final String resource, final String operation) {
+    // nothing
+  }
+
+  @Override
+  public void authorize(final String resource, final String operation, final String regionName) {
+    // nothing
+  }
+
+  @Override
+  public void authorize(final String resource, final String operation, final String regionName,
+      final String key) {
+    // nothing
+  }
+
+  @Override
+  public void authorize(final ResourcePermission context) {
+    // nothing
+  }
+
+  @Override
+  public void close() {
+    // nothing
+  }
+
+  @Override
+  public boolean needPostProcess() {
+    return false;
+  }
+
+  @Override
+  public Object postProcess(final String regionPath, final Object key, final Object value,
+      final boolean valueIsSerialized) {
+    return value;
+  }
+
+  @Override
+  public Object postProcess(final Object principal, final String regionPath, final Object key,
+      final Object value, final boolean valueIsSerialized) {
+    return value;
+  }
+
+  @Override
+  public boolean isClientSecurityRequired() {
+    return false;
+  }
+
+  @Override
+  public boolean isIntegratedSecurity() {
+    return false;
+  }
+
+  @Override
+  public boolean isPeerSecurityRequired() {
+    return false;
+  }
+
+  @Override
+  public SecurityManager getSecurityManager() {
+    return null;
+  }
+
+  @Override
+  public PostProcessor getPostProcessor() {
+    return null;
+  }
+}

http://git-wip-us.apache.org/repos/asf/geode/blob/eab9e6e0/geode-core/src/main/java/org/apache/geode/internal/security/EnabledSecurityService.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/security/EnabledSecurityService.java b/geode-core/src/main/java/org/apache/geode/internal/security/EnabledSecurityService.java
new file mode 100644
index 0000000..4b59378
--- /dev/null
+++ b/geode-core/src/main/java/org/apache/geode/internal/security/EnabledSecurityService.java
@@ -0,0 +1,423 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.geode.internal.security;
+
+import java.io.IOException;
+import java.io.Serializable;
+import java.security.AccessController;
+import java.util.Properties;
+import java.util.Set;
+import java.util.concurrent.Callable;
+
+import org.apache.commons.lang.SerializationException;
+import org.apache.commons.lang.StringUtils;
+import org.apache.logging.log4j.Logger;
+import org.apache.shiro.SecurityUtils;
+import org.apache.shiro.ShiroException;
+import org.apache.shiro.mgt.DefaultSecurityManager;
+import org.apache.shiro.realm.Realm;
+import org.apache.shiro.session.mgt.DefaultSessionManager;
+import org.apache.shiro.session.mgt.SessionManager;
+import org.apache.shiro.subject.Subject;
+import org.apache.shiro.subject.support.SubjectThreadState;
+import org.apache.shiro.util.ThreadContext;
+import org.apache.shiro.util.ThreadState;
+
+import org.apache.geode.GemFireIOException;
+import org.apache.geode.internal.cache.EntryEventImpl;
+import org.apache.geode.internal.logging.LogService;
+import org.apache.geode.internal.security.shiro.CustomAuthRealm;
+import org.apache.geode.internal.security.shiro.GeodeAuthenticationToken;
+import org.apache.geode.internal.security.shiro.ShiroPrincipal;
+import org.apache.geode.internal.util.BlobHelper;
+import org.apache.geode.management.internal.security.ResourceOperation;
+import org.apache.geode.security.AuthenticationFailedException;
+import org.apache.geode.security.GemFireSecurityException;
+import org.apache.geode.security.NotAuthorizedException;
+import org.apache.geode.security.PostProcessor;
+import org.apache.geode.security.ResourcePermission;
+import org.apache.geode.security.ResourcePermission.Operation;
+import org.apache.geode.security.ResourcePermission.Resource;
+import org.apache.geode.security.SecurityManager;
+
+/**
+ * Security service with SecurityManager and an optional PostProcessor.
+ *
+ * TODO: rename EnabledSecurityService to IntegratedSecurityService
+ */
+public class EnabledSecurityService implements SecurityService {
+  private static Logger logger = LogService.getLogger(LogService.SECURITY_LOGGER_NAME);
+
+  private final SecurityManager securityManager;
+
+  private final PostProcessor postProcessor;
+
+  EnabledSecurityService(final SecurityManager securityManager, final PostProcessor postProcessor) {
+    this.securityManager = securityManager;
+    this.postProcessor = postProcessor;
+
+    // initialize Shiro
+    Realm realm = new CustomAuthRealm(securityManager);
+    DefaultSecurityManager shiroManager = new DefaultSecurityManager(realm);
+    SecurityUtils.setSecurityManager(shiroManager);
+    increaseShiroGlobalSessionTimeout(shiroManager);
+  }
+
+  @Override
+  public void initSecurity(final Properties securityProps) {
+    this.securityManager.init(securityProps);
+    if (this.postProcessor != null) {
+      this.postProcessor.init(securityProps);
+    }
+  }
+
+  @Override
+  public void setSecurityManager(final SecurityManager securityManager) {
+    // nothing
+  }
+
+  @Override
+  public void setPostProcessor(final PostProcessor postProcessor) {
+    // nothing
+  }
+
+  /**
+   * It first looks the shiro subject in AccessControlContext since JMX will use multiple threads to
+   * process operations from the same client, then it looks into Shiro's thead context.
+   *
+   * @return the shiro subject, null if security is not enabled
+   */
+  @Override
+  public Subject getSubject() {
+    Subject currentUser;
+
+    // First try get the principal out of AccessControlContext instead of Shiro's Thread context
+    // since threads can be shared between JMX clients.
+    javax.security.auth.Subject jmxSubject =
+        javax.security.auth.Subject.getSubject(AccessController.getContext());
+
+    if (jmxSubject != null) {
+      Set<ShiroPrincipal> principals = jmxSubject.getPrincipals(ShiroPrincipal.class);
+      if (!principals.isEmpty()) {
+        ShiroPrincipal principal = principals.iterator().next();
+        currentUser = principal.getSubject();
+        ThreadContext.bind(currentUser);
+        return currentUser;
+      }
+    }
+
+    // in other cases like rest call, client operations, we get it from the current thread
+    currentUser = SecurityUtils.getSubject();
+
+    if (currentUser == null || currentUser.getPrincipal() == null) {
+      throw new GemFireSecurityException("Error: Anonymous User");
+    }
+
+    return currentUser;
+  }
+
+  /**
+   * @return null if security is not enabled, otherwise return a shiro subject
+   */
+  @Override
+  public Subject login(final Properties credentials) {
+    if (credentials == null) {
+      return null;
+    }
+
+    // this makes sure it starts with a clean user object
+    ThreadContext.remove();
+
+    Subject currentUser = SecurityUtils.getSubject();
+    GeodeAuthenticationToken token = new GeodeAuthenticationToken(credentials);
+    try {
+      logger.info("Logging in " + token.getPrincipal());
+      currentUser.login(token);
+    } catch (ShiroException e) {
+      logger.info(e.getMessage(), e);
+      throw new AuthenticationFailedException(
+          "Authentication error. Please check your credentials.", e);
+    }
+
+    return currentUser;
+  }
+
+  @Override
+  public void logout() {
+    Subject currentUser = getSubject();
+    if (currentUser == null) {
+      return;
+    }
+
+    try {
+      logger.info("Logging out " + currentUser.getPrincipal());
+      currentUser.logout();
+    } catch (ShiroException e) {
+      logger.info(e.getMessage(), e);
+      throw new GemFireSecurityException(e.getMessage(), e);
+    }
+
+    // clean out Shiro's thread local content
+    ThreadContext.remove();
+  }
+
+  @Override // TODO: give Callable a type
+  public Callable associateWith(final Callable callable) {
+    Subject currentUser = getSubject();
+    if (currentUser == null) {
+      return callable;
+    }
+
+    return currentUser.associateWith(callable);
+  }
+
+  /**
+   * Binds the passed-in subject to the executing thread. Usage:
+   *
+   * <pre>
+   * ThreadState state = null;
+   * try {
+   *   state = IntegratedSecurityService.bindSubject(subject);
+   *   // do the rest of the work as this subject
+   * } finally {
+   *   if (state != null)
+   *     state.clear();
+   * }
+   * </pre>
+   */
+  @Override
+  public ThreadState bindSubject(final Subject subject) {
+    if (subject == null) {
+      return null;
+    }
+
+    ThreadState threadState = new SubjectThreadState(subject);
+    threadState.bind();
+    return threadState;
+  }
+
+  @Override
+  public void authorize(final ResourceOperation resourceOperation) {
+    if (resourceOperation == null) {
+      return;
+    }
+
+    authorize(resourceOperation.resource().name(), resourceOperation.operation().name(), null);
+  }
+
+  @Override
+  public void authorizeClusterManage() {
+    authorize("CLUSTER", "MANAGE");
+  }
+
+  @Override
+  public void authorizeClusterWrite() {
+    authorize("CLUSTER", "WRITE");
+  }
+
+  @Override
+  public void authorizeClusterRead() {
+    authorize("CLUSTER", "READ");
+  }
+
+  @Override
+  public void authorizeDataManage() {
+    authorize("DATA", "MANAGE");
+  }
+
+  @Override
+  public void authorizeDataWrite() {
+    authorize("DATA", "WRITE");
+  }
+
+  @Override
+  public void authorizeDataRead() {
+    authorize("DATA", "READ");
+  }
+
+  @Override
+  public void authorizeRegionManage(final String regionName) {
+    authorize("DATA", "MANAGE", regionName);
+  }
+
+  @Override
+  public void authorizeRegionManage(final String regionName, final String key) {
+    authorize("DATA", "MANAGE", regionName, key);
+  }
+
+  @Override
+  public void authorizeRegionWrite(final String regionName) {
+    authorize("DATA", "WRITE", regionName);
+  }
+
+  @Override
+  public void authorizeRegionWrite(final String regionName, final String key) {
+    authorize("DATA", "WRITE", regionName, key);
+  }
+
+  @Override
+  public void authorizeRegionRead(final String regionName) {
+    authorize("DATA", "READ", regionName);
+  }
+
+  @Override
+  public void authorizeRegionRead(final String regionName, final String key) {
+    authorize("DATA", "READ", regionName, key);
+  }
+
+  @Override
+  public void authorize(final String resource, final String operation) {
+    authorize(resource, operation, null);
+  }
+
+  @Override
+  public void authorize(final String resource, final String operation, final String regionName) {
+    authorize(resource, operation, regionName, null);
+  }
+
+  @Override
+  public void authorize(final String resource, final String operation, String regionName,
+      final String key) {
+    regionName = StringUtils.stripStart(regionName, "/");
+    authorize(new ResourcePermission(resource, operation, regionName, key));
+  }
+
+  @Override
+  public void authorize(final ResourcePermission context) {
+    Subject currentUser = getSubject();
+    if (currentUser == null) {
+      return;
+    }
+    if (context == null) {
+      return;
+    }
+    if (context.getResource() == Resource.NULL && context.getOperation() == Operation.NULL) {
+      return;
+    }
+
+    try {
+      currentUser.checkPermission(context);
+    } catch (ShiroException e) {
+      String msg = currentUser.getPrincipal() + " not authorized for " + context;
+      logger.info(msg);
+      throw new NotAuthorizedException(msg, e);
+    }
+  }
+
+  @Override
+  public void close() {
+    if (this.securityManager != null) {
+      this.securityManager.close();
+    }
+
+    if (this.postProcessor != null) {
+      this.postProcessor.close();
+    }
+
+    ThreadContext.remove();
+    SecurityUtils.setSecurityManager(null);
+  }
+
+  /**
+   * postProcess call already has this logic built in, you don't need to call this everytime you
+   * call postProcess. But if your postProcess is pretty involved with preparations and you need to
+   * bypass it entirely, call this first.
+   */
+  @Override
+  public boolean needPostProcess() {
+    return this.postProcessor != null;
+  }
+
+  @Override
+  public Object postProcess(final String regionPath, final Object key, final Object value,
+      final boolean valueIsSerialized) {
+    return postProcess(null, regionPath, key, value, valueIsSerialized);
+  }
+
+  @Override
+  public Object postProcess(Object principal, final String regionPath, final Object key,
+      final Object value, final boolean valueIsSerialized) {
+    if (!needPostProcess()) {
+      return value;
+    }
+
+    if (principal == null) {
+      Subject subject = getSubject();
+      if (subject == null) {
+        return value;
+      }
+      principal = (Serializable) subject.getPrincipal();
+    }
+
+    String regionName = StringUtils.stripStart(regionPath, "/");
+    Object newValue;
+
+    // if the data is a byte array, but the data itself is supposed to be an object, we need to
+    // deserialize it before we pass it to the callback.
+    if (valueIsSerialized && value instanceof byte[]) {
+      try {
+        Object oldObj = EntryEventImpl.deserialize((byte[]) value);
+        Object newObj = this.postProcessor.processRegionValue(principal, regionName, key, oldObj);
+        newValue = BlobHelper.serializeToBlob(newObj);
+      } catch (IOException | SerializationException e) {
+        throw new GemFireIOException("Exception de/serializing entry value", e);
+      }
+    } else {
+      newValue = this.postProcessor.processRegionValue(principal, regionName, key, value);
+    }
+
+    return newValue;
+  }
+
+  @Override
+  public SecurityManager getSecurityManager() {
+    return this.securityManager;
+  }
+
+  @Override
+  public PostProcessor getPostProcessor() {
+    return this.postProcessor;
+  }
+
+  @Override
+  public boolean isIntegratedSecurity() {
+    return true;
+  }
+
+  @Override
+  public boolean isClientSecurityRequired() {
+    return true;
+  }
+
+  @Override
+  public boolean isPeerSecurityRequired() {
+    return true;
+  }
+
+  private void increaseShiroGlobalSessionTimeout(final DefaultSecurityManager shiroManager) {
+    SessionManager sessionManager = shiroManager.getSessionManager();
+    if (DefaultSessionManager.class.isInstance(sessionManager)) {
+      DefaultSessionManager defaultSessionManager = (DefaultSessionManager) sessionManager;
+      defaultSessionManager.setGlobalSessionTimeout(Long.MAX_VALUE);
+      long value = defaultSessionManager.getGlobalSessionTimeout();
+      if (value != Long.MAX_VALUE) {
+        logger.error("Unable to set Shiro Global Session Timeout. Current value is '{}'.", value);
+      }
+    } else {
+      logger.error("Unable to set Shiro Global Session Timeout. Current SessionManager is '{}'.",
+          sessionManager == null ? "null" : sessionManager.getClass());
+    }
+  }
+}

http://git-wip-us.apache.org/repos/asf/geode/blob/eab9e6e0/geode-core/src/main/java/org/apache/geode/internal/security/LegacySecurityService.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/security/LegacySecurityService.java b/geode-core/src/main/java/org/apache/geode/internal/security/LegacySecurityService.java
new file mode 100644
index 0000000..a74ce01
--- /dev/null
+++ b/geode-core/src/main/java/org/apache/geode/internal/security/LegacySecurityService.java
@@ -0,0 +1,219 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.geode.internal.security;
+
+import static org.apache.geode.distributed.ConfigurationProperties.*;
+
+import java.util.Properties;
+import java.util.concurrent.Callable;
+
+import org.apache.shiro.SecurityUtils;
+import org.apache.shiro.config.Ini.Section;
+import org.apache.shiro.config.IniSecurityManagerFactory;
+import org.apache.shiro.subject.Subject;
+import org.apache.shiro.util.ThreadState;
+
+import org.apache.geode.management.internal.security.ResourceOperation;
+import org.apache.geode.security.PostProcessor;
+import org.apache.geode.security.ResourcePermission;
+import org.apache.geode.security.SecurityManager;
+
+/**
+ * Legacy security service with ClientAuthenticator and/or PeerAuthenticator.
+ */
+public class LegacySecurityService implements SecurityService {
+
+  private final boolean hasClientAuthenticator;
+
+  private final boolean hasPeerAuthenticator;
+
+  LegacySecurityService(final String clientAuthenticator, final String peerAuthenticator) {
+    this.hasClientAuthenticator = clientAuthenticator != null;
+    this.hasPeerAuthenticator = peerAuthenticator != null;
+  }
+
+  @Override
+  public void initSecurity(final Properties securityProps) {
+    // nothing
+  }
+
+  @Override
+  public void setSecurityManager(final SecurityManager securityManager) {
+    // nothing
+  }
+
+  @Override
+  public void setPostProcessor(final PostProcessor postProcessor) {
+    // nothing
+  }
+
+  @Override
+  public ThreadState bindSubject(final Subject subject) {
+    return null;
+  }
+
+  @Override
+  public Subject getSubject() {
+    return null;
+  }
+
+  @Override
+  public Subject login(final Properties credentials) {
+    return null;
+  }
+
+  @Override
+  public void logout() {
+    // nothing
+  }
+
+  @Override
+  public Callable associateWith(final Callable callable) {
+    return null;
+  }
+
+  @Override
+  public void authorize(final ResourceOperation resourceOperation) {
+    // nothing
+  }
+
+  @Override
+  public void authorizeClusterManage() {
+    // nothing
+  }
+
+  @Override
+  public void authorizeClusterWrite() {
+    // nothing
+  }
+
+  @Override
+  public void authorizeClusterRead() {
+    // nothing
+  }
+
+  @Override
+  public void authorizeDataManage() {
+    // nothing
+  }
+
+  @Override
+  public void authorizeDataWrite() {
+    // nothing
+  }
+
+  @Override
+  public void authorizeDataRead() {
+    // nothing
+  }
+
+  @Override
+  public void authorizeRegionManage(final String regionName) {
+    // nothing
+  }
+
+  @Override
+  public void authorizeRegionManage(final String regionName, final String key) {
+    // nothing
+  }
+
+  @Override
+  public void authorizeRegionWrite(final String regionName) {
+    // nothing
+  }
+
+  @Override
+  public void authorizeRegionWrite(final String regionName, final String key) {
+    // nothing
+  }
+
+  @Override
+  public void authorizeRegionRead(final String regionName) {
+    // nothing
+  }
+
+  @Override
+  public void authorizeRegionRead(final String regionName, final String key) {
+    // nothing
+  }
+
+  @Override
+  public void authorize(final String resource, final String operation) {
+    // nothing
+  }
+
+  @Override
+  public void authorize(final String resource, final String operation, final String regionName) {
+    // nothing
+  }
+
+  @Override
+  public void authorize(final String resource, final String operation, final String regionName,
+      final String key) {
+    // nothing
+  }
+
+  @Override
+  public void authorize(final ResourcePermission context) {
+    // nothing
+  }
+
+  @Override
+  public void close() {
+    // nothing
+  }
+
+  @Override
+  public boolean needPostProcess() {
+    return false;
+  }
+
+  @Override
+  public Object postProcess(final String regionPath, final Object key, final Object value,
+      final boolean valueIsSerialized) {
+    return value;
+  }
+
+  @Override
+  public Object postProcess(final Object principal, final String regionPath, final Object key,
+      final Object value, final boolean valueIsSerialized) {
+    return value;
+  }
+
+  @Override
+  public boolean isClientSecurityRequired() {
+    return this.hasClientAuthenticator;
+  }
+
+  @Override
+  public boolean isIntegratedSecurity() {
+    return false;
+  }
+
+  @Override
+  public boolean isPeerSecurityRequired() {
+    return this.hasPeerAuthenticator;
+  }
+
+  @Override
+  public SecurityManager getSecurityManager() {
+    return null;
+  }
+
+  @Override
+  public PostProcessor getPostProcessor() {
+    return null;
+  }
+}

http://git-wip-us.apache.org/repos/asf/geode/blob/eab9e6e0/geode-core/src/main/java/org/apache/geode/internal/security/SecurityService.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/security/SecurityService.java b/geode-core/src/main/java/org/apache/geode/internal/security/SecurityService.java
index 14784c3..65c4daf 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/security/SecurityService.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/security/SecurityService.java
@@ -30,6 +30,12 @@ import java.util.concurrent.Callable;
 
 public interface SecurityService {
 
+  void initSecurity(Properties securityProps);
+
+  void setSecurityManager(SecurityManager securityManager); // TODO:KIRK: delete
+
+  void setPostProcessor(PostProcessor postProcessor); // TODO:KIRK: delete
+
   ThreadState bindSubject(Subject subject);
 
   Subject getSubject();
@@ -74,8 +80,6 @@ public interface SecurityService {
 
   void authorize(ResourcePermission context);
 
-  void initSecurity(Properties securityProps);
-
   void close();
 
   boolean needPostProcess();
@@ -93,21 +97,17 @@ public interface SecurityService {
 
   SecurityManager getSecurityManager();
 
-  void setSecurityManager(SecurityManager securityManager);
-
   PostProcessor getPostProcessor();
 
-  void setPostProcessor(PostProcessor postProcessor);
-
   /**
    * this method would never return null, it either throws an exception or returns an object
    */
-  public static <T> T getObjectOfTypeFromClassName(String className, Class<T> expectedClazz) {
-    Class actualClass = null;
+  static <T> T getObjectOfTypeFromClassName(String className, Class<T> expectedClazz) {
+    Class actualClass;
     try {
       actualClass = ClassLoadUtil.classFromName(className);
-    } catch (Exception ex) {
-      throw new GemFireSecurityException("Instance could not be obtained, " + ex.toString(), ex);
+    } catch (Exception e) {
+      throw new GemFireSecurityException("Instance could not be obtained, " + e, e);
     }
 
     if (!expectedClazz.isAssignableFrom(actualClass)) {
@@ -115,22 +115,21 @@ public interface SecurityService {
           "Instance could not be obtained. Expecting a " + expectedClazz.getName() + " class.");
     }
 
-    T actualObject = null;
     try {
-      actualObject = (T) actualClass.newInstance();
+      return (T) actualClass.newInstance();
     } catch (Exception e) {
       throw new GemFireSecurityException(
           "Instance could not be obtained. Error instantiating " + actualClass.getName(), e);
     }
-    return actualObject;
   }
 
   /**
    * this method would never return null, it either throws an exception or returns an object
+   *
+   * TODO: expectedClazz is unused
    */
-  public static <T> T getObjectOfTypeFromFactoryMethod(String factoryMethodName,
-      Class<T> expectedClazz) {
-    T actualObject = null;
+  static <T> T getObjectOfTypeFromFactoryMethod(String factoryMethodName, Class<T> expectedClazz) {
+    T actualObject;
     try {
       Method factoryMethod = ClassLoadUtil.methodFromName(factoryMethodName);
       actualObject = (T) factoryMethod.invoke(null, (Object[]) null);
@@ -153,17 +152,17 @@ public interface SecurityService {
    * @return an object of type expectedClazz. This method would never return null. It either returns
    *         an non-null object or throws exception.
    */
-  public static <T> T getObjectOfType(String classOrMethod, Class<T> expectedClazz) {
-    T object = null;
+  static <T> T getObjectOfType(String classOrMethod, Class<T> expectedClazz) {
+    T object;
     try {
       object = getObjectOfTypeFromClassName(classOrMethod, expectedClazz);
-    } catch (Exception e) {
+    } catch (Exception ignore) {
       object = getObjectOfTypeFromFactoryMethod(classOrMethod, expectedClazz);
     }
     return object;
   }
 
-  public static Properties getCredentials(Properties securityProps) {
+  static Properties getCredentials(Properties securityProps) {
     Properties credentials = null;
     if (securityProps.containsKey(ResourceConstants.USER_NAME)
         && securityProps.containsKey(ResourceConstants.PASSWORD)) {
@@ -177,6 +176,7 @@ public interface SecurityService {
   }
 
   static SecurityService getSecurityService() {
+    // TODO:KIRK
     return IntegratedSecurityService.getSecurityService();
   }
 

http://git-wip-us.apache.org/repos/asf/geode/blob/eab9e6e0/geode-core/src/main/java/org/apache/geode/internal/security/SecurityServiceFactory.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/security/SecurityServiceFactory.java b/geode-core/src/main/java/org/apache/geode/internal/security/SecurityServiceFactory.java
new file mode 100644
index 0000000..4453651
--- /dev/null
+++ b/geode-core/src/main/java/org/apache/geode/internal/security/SecurityServiceFactory.java
@@ -0,0 +1,188 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.geode.internal.security;
+
+import static org.apache.geode.distributed.ConfigurationProperties.*;
+
+import java.util.Properties;
+
+import org.apache.commons.lang.StringUtils;
+
+import org.apache.geode.distributed.internal.DistributionConfig;
+import org.apache.geode.internal.cache.CacheConfig;
+import org.apache.geode.internal.security.shiro.ConfigInitialization;
+import org.apache.geode.security.PostProcessor;
+import org.apache.geode.security.SecurityManager;
+import org.apache.shiro.SecurityUtils;
+import org.apache.shiro.UnavailableSecurityManagerException;
+
+public class SecurityServiceFactory {
+
+  private SecurityServiceFactory() {
+    // do not instantiate
+  }
+
+  public static SecurityService create(CacheConfig cacheConfig,
+      DistributionConfig distributionConfig) {
+    Properties securityConfig = getSecurityConfig(distributionConfig);
+    SecurityManager securityManager =
+        getSecurityManager(getSecurityManagerFromConfig(cacheConfig), securityConfig);
+    PostProcessor postProcessor =
+        getPostProcessor(getPostProcessorFromConfig(cacheConfig), securityConfig);
+    return create(distributionConfig, securityManager, postProcessor);
+  }
+
+  /**
+   * Creates and initializes SecurityService. Initialization will invoke init on both
+   * SecurityManager and PostProcessor if they are specified.
+   */
+  public static SecurityService create(DistributionConfig distributionConfig,
+      SecurityManager securityManager, PostProcessor postProcessor) {
+    Properties securityConfig = getSecurityConfig(distributionConfig);
+
+    SecurityService securityService = create(securityConfig, securityManager, postProcessor);
+    initialize(securityService, distributionConfig);
+    return securityService;
+  }
+
+  public static SecurityService create() {
+    return new DisabledSecurityService();
+  }
+
+  public static SecurityService create(Properties securityConfig, SecurityManager securityManager,
+      PostProcessor postProcessor) {
+    SecurityServiceType type = determineType(securityConfig, securityManager);
+    switch (type) {
+      case CUSTOM:
+        String shiroConfig = getProperty(securityConfig, SECURITY_SHIRO_INIT);
+        if (StringUtils.isNotBlank(shiroConfig)) {
+          ConfigInitialization configInitialization = new ConfigInitialization(shiroConfig);
+          configInitialization.initialize();
+        }
+        return new CustomSecurityService();
+      case ENABLED:
+        return new EnabledSecurityService(securityManager, postProcessor);
+      case LEGACY:
+        String clientAuthenticator = getProperty(securityConfig, SECURITY_CLIENT_AUTHENTICATOR);
+        String peerAuthenticator = getProperty(securityConfig, SECURITY_PEER_AUTHENTICATOR);
+        return new LegacySecurityService(clientAuthenticator, peerAuthenticator);
+      default:
+        return new DisabledSecurityService();
+    }
+  }
+
+  static SecurityServiceType determineType(Properties securityConfig,
+      SecurityManager securityManager) {
+    boolean hasShiroConfig = hasProperty(securityConfig, SECURITY_SHIRO_INIT);
+    if (hasShiroConfig) {
+      return SecurityServiceType.CUSTOM;
+    }
+
+    boolean hasSecurityManager = securityManager != null;
+    if (hasSecurityManager) {
+      return SecurityServiceType.ENABLED;
+    }
+
+    boolean hasClientAuthenticator = hasProperty(securityConfig, SECURITY_CLIENT_AUTHENTICATOR);
+    boolean hasPeerAuthenticator = hasProperty(securityConfig, SECURITY_PEER_AUTHENTICATOR);
+    if (hasClientAuthenticator || hasPeerAuthenticator) {
+      return SecurityServiceType.LEGACY;
+    }
+
+    boolean isShiroInUse = isShiroInUse();
+    if (isShiroInUse) {
+      return SecurityServiceType.CUSTOM;
+    }
+
+    return SecurityServiceType.DISABLED;
+  }
+
+  static SecurityManager getSecurityManager(SecurityManager securityManager,
+      Properties securityConfig) {
+    if (securityManager != null) {
+      return securityManager;
+    }
+
+    String securityManagerConfig = getProperty(securityConfig, SECURITY_MANAGER);
+    if (StringUtils.isNotBlank(securityManagerConfig)) {
+      securityManager = SecurityService.getObjectOfTypeFromClassName(securityManagerConfig,
+          SecurityManager.class);
+    }
+
+    return securityManager;
+  }
+
+  static PostProcessor getPostProcessor(PostProcessor postProcessor, Properties securityConfig) {
+    if (postProcessor != null) {
+      return postProcessor;
+    }
+
+    String postProcessorConfig = getProperty(securityConfig, SECURITY_POST_PROCESSOR);
+    if (StringUtils.isNotBlank(postProcessorConfig)) {
+      postProcessor =
+          SecurityService.getObjectOfTypeFromClassName(postProcessorConfig, PostProcessor.class);
+    }
+
+    return postProcessor;
+  }
+
+  public static boolean isShiroInUse() {
+    try {
+      return SecurityUtils.getSecurityManager() != null;
+    } catch (UnavailableSecurityManagerException ignore) {
+      return false;
+    }
+  }
+
+  private static Properties getSecurityConfig(DistributionConfig distributionConfig) {
+    if (distributionConfig == null) {
+      return new Properties();
+    }
+    return distributionConfig.getSecurityProps();
+  }
+
+  private static SecurityManager getSecurityManagerFromConfig(CacheConfig cacheConfig) {
+    if (cacheConfig == null) {
+      return null;
+    }
+    return cacheConfig.getSecurityManager();
+  }
+
+  private static PostProcessor getPostProcessorFromConfig(CacheConfig cacheConfig) {
+    if (cacheConfig == null) {
+      return null;
+    }
+    return cacheConfig.getPostProcessor();
+  }
+
+  private static boolean hasProperty(Properties securityConfig, String key) {
+    return securityConfig != null && getProperty(securityConfig, key) != null;
+  }
+
+  private static String getProperty(Properties securityConfig, String key) {
+    if (securityConfig == null) {
+      return null;
+    }
+    return securityConfig.getProperty(key);
+  }
+
+  private static void initialize(SecurityService securityService,
+      DistributionConfig distributionConfig) {
+    if (securityService != null && distributionConfig != null) {
+      securityService.initSecurity(distributionConfig.getSecurityProps());
+    }
+  }
+
+}

http://git-wip-us.apache.org/repos/asf/geode/blob/eab9e6e0/geode-core/src/main/java/org/apache/geode/internal/security/SecurityServiceType.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/security/SecurityServiceType.java b/geode-core/src/main/java/org/apache/geode/internal/security/SecurityServiceType.java
new file mode 100644
index 0000000..8ae76d2
--- /dev/null
+++ b/geode-core/src/main/java/org/apache/geode/internal/security/SecurityServiceType.java
@@ -0,0 +1,28 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.geode.internal.security;
+
+public enum SecurityServiceType {
+  /** Integrated Security is Enabled */
+  ENABLED,
+  /** Security is Disabled */
+  DISABLED,
+  /** Legacy Security is Enabled */
+  LEGACY,
+  /** Shiro Config is specified */
+  CUSTOM,
+  /** Shiro is already configured with SecurityManager */
+  EXTERNAL
+}

http://git-wip-us.apache.org/repos/asf/geode/blob/eab9e6e0/geode-core/src/main/java/org/apache/geode/internal/security/shiro/ConfigInitialization.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/security/shiro/ConfigInitialization.java b/geode-core/src/main/java/org/apache/geode/internal/security/shiro/ConfigInitialization.java
new file mode 100644
index 0000000..6b2331d
--- /dev/null
+++ b/geode-core/src/main/java/org/apache/geode/internal/security/shiro/ConfigInitialization.java
@@ -0,0 +1,45 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.geode.internal.security.shiro;
+
+import org.apache.shiro.SecurityUtils;
+import org.apache.shiro.config.Ini.Section;
+import org.apache.shiro.config.IniSecurityManagerFactory;
+
+public class ConfigInitialization {
+
+  private final String shiroConfig;
+
+  public ConfigInitialization(String shiroConfig) {
+    this.shiroConfig = shiroConfig;
+  }
+
+  public void initialize() {
+    IniSecurityManagerFactory factory =
+        new IniSecurityManagerFactory("classpath:" + this.shiroConfig);
+
+    // we will need to make sure that shiro uses a case sensitive permission resolver
+    Section main = factory.getIni().addSection("main");
+    main.put("geodePermissionResolver",
+        "org.apache.geode.internal.security.shiro.GeodePermissionResolver");
+    if (!main.containsKey("iniRealm.permissionResolver")) {
+      main.put("iniRealm.permissionResolver", "$geodePermissionResolver");
+    }
+
+    org.apache.shiro.mgt.SecurityManager securityManager = factory.getInstance();
+    SecurityUtils.setSecurityManager(securityManager);
+  }
+
+}

http://git-wip-us.apache.org/repos/asf/geode/blob/eab9e6e0/geode-core/src/main/java/org/apache/geode/internal/security/shiro/JMXShiroAuthenticator.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/security/shiro/JMXShiroAuthenticator.java b/geode-core/src/main/java/org/apache/geode/internal/security/shiro/JMXShiroAuthenticator.java
index 2a641d3..49d38f5 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/security/shiro/JMXShiroAuthenticator.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/security/shiro/JMXShiroAuthenticator.java
@@ -14,7 +14,11 @@
  */
 package org.apache.geode.internal.security.shiro;
 
-import static org.apache.geode.management.internal.security.ResourceConstants.*;
+import static org.apache.geode.management.internal.security.ResourceConstants.MISSING_CREDENTIALS_MESSAGE;
+
+import org.apache.geode.internal.security.SecurityService;
+import org.apache.geode.management.internal.security.ResourceConstants;
+import org.apache.geode.security.AuthenticationFailedException;
 
 import java.security.Principal;
 import java.util.Collections;
@@ -26,18 +30,16 @@ import javax.management.remote.JMXConnectionNotification;
 import javax.management.remote.JMXPrincipal;
 import javax.security.auth.Subject;
 
-import org.apache.geode.internal.security.IntegratedSecurityService;
-import org.apache.geode.internal.security.SecurityService;
-import org.apache.geode.management.internal.security.ResourceConstants;
-import org.apache.geode.security.AuthenticationFailedException;
-
 /**
  * this will make JMX authentication to use Shiro for Authentication
  */
-
 public class JMXShiroAuthenticator implements JMXAuthenticator, NotificationListener {
 
-  private SecurityService securityService = IntegratedSecurityService.getSecurityService();
+  private final SecurityService securityService;
+
+  public JMXShiroAuthenticator(SecurityService securityService) {
+    this.securityService = securityService;
+  }
 
   @Override
   public Subject authenticate(Object credentials) {

http://git-wip-us.apache.org/repos/asf/geode/blob/eab9e6e0/geode-core/src/main/java/org/apache/geode/management/cli/CommandService.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/management/cli/CommandService.java b/geode-core/src/main/java/org/apache/geode/management/cli/CommandService.java
index 767cf94..55957b2 100644
--- a/geode-core/src/main/java/org/apache/geode/management/cli/CommandService.java
+++ b/geode-core/src/main/java/org/apache/geode/management/cli/CommandService.java
@@ -19,6 +19,7 @@ import java.util.Map;
 
 import org.apache.geode.cache.Cache;
 import org.apache.geode.cache.CacheClosedException;
+import org.apache.geode.internal.cache.InternalCache;
 import org.apache.geode.internal.i18n.LocalizedStrings;
 import org.apache.geode.management.DependenciesNotFoundException;
 import org.apache.geode.management.internal.cli.CliUtil;
@@ -124,7 +125,7 @@ public abstract class CommandService {
                 .toLocalizedString(new Object[] {nonExistingDependency}));
       }
 
-      localCommandService = new MemberCommandService(cache);
+      localCommandService = new MemberCommandService((InternalCache) cache);
     }
 
     return localCommandService;

http://git-wip-us.apache.org/repos/asf/geode/blob/eab9e6e0/geode-core/src/main/java/org/apache/geode/management/internal/ManagementAgent.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/ManagementAgent.java b/geode-core/src/main/java/org/apache/geode/management/internal/ManagementAgent.java
index 3e6e4484..554dc66 100755
--- a/geode-core/src/main/java/org/apache/geode/management/internal/ManagementAgent.java
+++ b/geode-core/src/main/java/org/apache/geode/management/internal/ManagementAgent.java
@@ -91,7 +91,7 @@ public class ManagementAgent {
   private JMXConnectorServer jmxConnectorServer;
   private JMXShiroAuthenticator shiroAuthenticator;
   private final DistributionConfig config;
-  private SecurityService securityService = SecurityService.getSecurityService();
+  private final SecurityService securityService;
   private boolean isHttpServiceRunning = false;
 
   /**
@@ -103,8 +103,9 @@ public class ManagementAgent {
   private static final String PULSE_USESSL_MANAGER = "pulse.useSSL.manager";
   private static final String PULSE_USESSL_LOCATOR = "pulse.useSSL.locator";
 
-  public ManagementAgent(DistributionConfig config) {
+  public ManagementAgent(DistributionConfig config, SecurityService securityService) {
     this.config = config;
+    this.securityService = securityService;
   }
 
   public synchronized boolean isRunning() {
@@ -465,14 +466,14 @@ public class ManagementAgent {
         };
 
     if (securityService.isIntegratedSecurity()) {
-      shiroAuthenticator = new JMXShiroAuthenticator();
+      shiroAuthenticator = new JMXShiroAuthenticator(this.securityService);
       env.put(JMXConnectorServer.AUTHENTICATOR, shiroAuthenticator);
       jmxConnectorServer.addNotificationListener(shiroAuthenticator, null,
           jmxConnectorServer.getAttributes());
       // always going to assume authorization is needed as well, if no custom AccessControl, then
       // the CustomAuthRealm
       // should take care of that
-      MBeanServerWrapper mBeanServerWrapper = new MBeanServerWrapper();
+      MBeanServerWrapper mBeanServerWrapper = new MBeanServerWrapper(this.securityService);
       jmxConnectorServer.setMBeanServerForwarder(mBeanServerWrapper);
       registerAccessControlMBean();
     } else {
@@ -501,7 +502,7 @@ public class ManagementAgent {
 
   private void registerAccessControlMBean() {
     try {
-      AccessControlMBean acc = new AccessControlMBean();
+      AccessControlMBean acc = new AccessControlMBean(this.securityService);
       ObjectName accessControlMBeanON = new ObjectName(ResourceConstants.OBJECT_NAME_ACCESSCONTROL);
       MBeanServer platformMBeanServer = ManagementFactory.getPlatformMBeanServer();
 

http://git-wip-us.apache.org/repos/asf/geode/blob/eab9e6e0/geode-core/src/main/java/org/apache/geode/management/internal/SystemManagementService.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/SystemManagementService.java b/geode-core/src/main/java/org/apache/geode/management/internal/SystemManagementService.java
index fc8eb97..11402f1 100755
--- a/geode-core/src/main/java/org/apache/geode/management/internal/SystemManagementService.java
+++ b/geode-core/src/main/java/org/apache/geode/management/internal/SystemManagementService.java
@@ -144,7 +144,7 @@ public class SystemManagementService extends BaseManagementService {
 
     this.notificationHub = new NotificationHub(repo);
     if (system.getConfig().getJmxManager()) {
-      this.agent = new ManagementAgent(system.getConfig());
+      this.agent = new ManagementAgent(system.getConfig(), cache.getSecurityService());
     } else {
       this.agent = null;
     }

http://git-wip-us.apache.org/repos/asf/geode/blob/eab9e6e0/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/CreateAlterDestroyRegionCommands.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/CreateAlterDestroyRegionCommands.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/CreateAlterDestroyRegionCommands.java
index ad40518..d86df07 100644
--- a/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/CreateAlterDestroyRegionCommands.java
+++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/CreateAlterDestroyRegionCommands.java
@@ -89,8 +89,6 @@ public class CreateAlterDestroyRegionCommands implements GfshCommand {
 
   public static final Set<RegionShortcut> PERSISTENT_OVERFLOW_SHORTCUTS = new TreeSet<>();
 
-  private SecurityService securityService = IntegratedSecurityService.getSecurityService();
-
   static {
     PERSISTENT_OVERFLOW_SHORTCUTS.add(RegionShortcut.PARTITION_PERSISTENT);
     PERSISTENT_OVERFLOW_SHORTCUTS.add(RegionShortcut.PARTITION_REDUNDANT_PERSISTENT);
@@ -426,7 +424,7 @@ public class CreateAlterDestroyRegionCommands implements GfshCommand {
     Result result;
     AtomicReference<XmlEntity> xmlEntity = new AtomicReference<>();
 
-    this.securityService.authorizeRegionManage(regionPath);
+    getCache().getSecurityService().authorizeRegionManage(regionPath);
 
     try {
       InternalCache cache = getCache();


Mime
View raw message