geode-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kl...@apache.org
Subject [06/11] geode git commit: Revert "GEODE-2632: use immutable SecurityService impls to improve performance"
Date Fri, 09 Jun 2017 20:01:33 GMT
http://git-wip-us.apache.org/repos/asf/geode/blob/fd638d52/geode-core/src/main/java/org/apache/geode/internal/security/EnabledSecurityService.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/security/EnabledSecurityService.java b/geode-core/src/main/java/org/apache/geode/internal/security/EnabledSecurityService.java
deleted file mode 100644
index f971dee..0000000
--- a/geode-core/src/main/java/org/apache/geode/internal/security/EnabledSecurityService.java
+++ /dev/null
@@ -1,387 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
- * agreements. See the NOTICE file distributed with this work for additional information regarding
- * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance with the License. You may obtain a
- * copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software distributed under the License
- * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
- * or implied. See the License for the specific language governing permissions and limitations under
- * the License.
- */
-package org.apache.geode.internal.security;
-
-import org.apache.commons.lang.SerializationException;
-import org.apache.commons.lang.StringUtils;
-import org.apache.geode.GemFireIOException;
-import org.apache.geode.internal.cache.EntryEventImpl;
-import org.apache.geode.internal.logging.LogService;
-import org.apache.geode.internal.security.shiro.GeodeAuthenticationToken;
-import org.apache.geode.internal.security.shiro.RealmInitializer;
-import org.apache.geode.internal.security.shiro.ShiroPrincipal;
-import org.apache.geode.internal.util.BlobHelper;
-import org.apache.geode.management.internal.security.ResourceOperation;
-import org.apache.geode.security.AuthenticationFailedException;
-import org.apache.geode.security.GemFireSecurityException;
-import org.apache.geode.security.NotAuthorizedException;
-import org.apache.geode.security.PostProcessor;
-import org.apache.geode.security.ResourcePermission;
-import org.apache.geode.security.ResourcePermission.Operation;
-import org.apache.geode.security.ResourcePermission.Resource;
-import org.apache.geode.security.SecurityManager;
-import org.apache.logging.log4j.Logger;
-import org.apache.shiro.SecurityUtils;
-import org.apache.shiro.ShiroException;
-import org.apache.shiro.subject.Subject;
-import org.apache.shiro.subject.support.SubjectThreadState;
-import org.apache.shiro.util.ThreadContext;
-import org.apache.shiro.util.ThreadState;
-
-import java.io.IOException;
-import java.io.Serializable;
-import java.security.AccessController;
-import java.util.Properties;
-import java.util.Set;
-import java.util.concurrent.Callable;
-
-/**
- * Security service with SecurityManager and an optional PostProcessor.
- */
-public class EnabledSecurityService implements SecurityService {
-  private static Logger logger = LogService.getLogger(LogService.SECURITY_LOGGER_NAME);
-
-  private final SecurityManager securityManager;
-
-  private final PostProcessor postProcessor;
-
-  EnabledSecurityService(final SecurityManager securityManager, final PostProcessor postProcessor,
-      final RealmInitializer realmInitializer) {
-    this.securityManager = securityManager;
-    this.postProcessor = postProcessor;
-    realmInitializer.initialize(this.securityManager);
-  }
-
-  @Override
-  public void initSecurity(final Properties securityProps) {
-    this.securityManager.init(securityProps);
-    if (this.postProcessor != null) {
-      this.postProcessor.init(securityProps);
-    }
-  }
-
-  /**
-   * It first looks the shiro subject in AccessControlContext since JMX will use multiple threads to
-   * process operations from the same client, then it looks into Shiro's thead context.
-   *
-   * @return the shiro subject, null if security is not enabled
-   */
-  @Override
-  public Subject getSubject() {
-    Subject currentUser;
-
-    // First try get the principal out of AccessControlContext instead of Shiro's Thread context
-    // since threads can be shared between JMX clients.
-    javax.security.auth.Subject jmxSubject =
-        javax.security.auth.Subject.getSubject(AccessController.getContext());
-
-    if (jmxSubject != null) {
-      Set<ShiroPrincipal> principals = jmxSubject.getPrincipals(ShiroPrincipal.class);
-      if (!principals.isEmpty()) {
-        ShiroPrincipal principal = principals.iterator().next();
-        currentUser = principal.getSubject();
-        ThreadContext.bind(currentUser);
-        return currentUser;
-      }
-    }
-
-    // in other cases like rest call, client operations, we get it from the current thread
-    currentUser = SecurityUtils.getSubject();
-
-    if (currentUser == null || currentUser.getPrincipal() == null) {
-      throw new GemFireSecurityException("Error: Anonymous User");
-    }
-
-    return currentUser;
-  }
-
-  /**
-   * @return null if security is not enabled, otherwise return a shiro subject
-   */
-  @Override
-  public Subject login(final Properties credentials) {
-    if (credentials == null) {
-      return null;
-    }
-
-    // this makes sure it starts with a clean user object
-    ThreadContext.remove();
-
-    Subject currentUser = SecurityUtils.getSubject();
-    GeodeAuthenticationToken token = new GeodeAuthenticationToken(credentials);
-    try {
-      logger.info("Logging in " + token.getPrincipal());
-      currentUser.login(token);
-    } catch (ShiroException e) {
-      logger.info(e.getMessage(), e);
-      throw new AuthenticationFailedException(
-          "Authentication error. Please check your credentials.", e);
-    }
-
-    return currentUser;
-  }
-
-  @Override
-  public void logout() {
-    Subject currentUser = getSubject();
-    if (currentUser == null) {
-      return;
-    }
-
-    try {
-      logger.info("Logging out " + currentUser.getPrincipal());
-      currentUser.logout();
-    } catch (ShiroException e) {
-      logger.info(e.getMessage(), e);
-      throw new GemFireSecurityException(e.getMessage(), e);
-    }
-
-    // clean out Shiro's thread local content
-    ThreadContext.remove();
-  }
-
-  @Override
-  public Callable associateWith(final Callable callable) {
-    Subject currentUser = getSubject();
-    if (currentUser == null) {
-      return callable;
-    }
-
-    return currentUser.associateWith(callable);
-  }
-
-  /**
-   * Binds the passed-in subject to the executing thread. Usage:
-   *
-   * <pre>
-   * ThreadState state = null;
-   * try {
-   *   state = securityService.bindSubject(subject);
-   *   // do the rest of the work as this subject
-   * } finally {
-   *   if (state != null)
-   *     state.clear();
-   * }
-   * </pre>
-   */
-  @Override
-  public ThreadState bindSubject(final Subject subject) {
-    if (subject == null) {
-      return null;
-    }
-
-    ThreadState threadState = new SubjectThreadState(subject);
-    threadState.bind();
-    return threadState;
-  }
-
-  @Override
-  public void authorize(final ResourceOperation resourceOperation) {
-    if (resourceOperation == null) {
-      return;
-    }
-
-    authorize(resourceOperation.resource().name(), resourceOperation.operation().name(), null);
-  }
-
-  @Override
-  public void authorizeClusterManage() {
-    authorize("CLUSTER", "MANAGE");
-  }
-
-  @Override
-  public void authorizeClusterWrite() {
-    authorize("CLUSTER", "WRITE");
-  }
-
-  @Override
-  public void authorizeClusterRead() {
-    authorize("CLUSTER", "READ");
-  }
-
-  @Override
-  public void authorizeDataManage() {
-    authorize("DATA", "MANAGE");
-  }
-
-  @Override
-  public void authorizeDataWrite() {
-    authorize("DATA", "WRITE");
-  }
-
-  @Override
-  public void authorizeDataRead() {
-    authorize("DATA", "READ");
-  }
-
-  @Override
-  public void authorizeRegionManage(final String regionName) {
-    authorize("DATA", "MANAGE", regionName);
-  }
-
-  @Override
-  public void authorizeRegionManage(final String regionName, final String key) {
-    authorize("DATA", "MANAGE", regionName, key);
-  }
-
-  @Override
-  public void authorizeRegionWrite(final String regionName) {
-    authorize("DATA", "WRITE", regionName);
-  }
-
-  @Override
-  public void authorizeRegionWrite(final String regionName, final String key) {
-    authorize("DATA", "WRITE", regionName, key);
-  }
-
-  @Override
-  public void authorizeRegionRead(final String regionName) {
-    authorize("DATA", "READ", regionName);
-  }
-
-  @Override
-  public void authorizeRegionRead(final String regionName, final String key) {
-    authorize("DATA", "READ", regionName, key);
-  }
-
-  @Override
-  public void authorize(final String resource, final String operation) {
-    authorize(resource, operation, null);
-  }
-
-  @Override
-  public void authorize(final String resource, final String operation, final String regionName) {
-    authorize(resource, operation, regionName, null);
-  }
-
-  @Override
-  public void authorize(final String resource, final String operation, String regionName,
-      final String key) {
-    regionName = StringUtils.stripStart(regionName, "/");
-    authorize(new ResourcePermission(resource, operation, regionName, key));
-  }
-
-  @Override
-  public void authorize(final ResourcePermission context) {
-    Subject currentUser = getSubject();
-    if (currentUser == null) {
-      return;
-    }
-    if (context == null) {
-      return;
-    }
-    if (context.getResource() == Resource.NULL && context.getOperation() == Operation.NULL) {
-      return;
-    }
-
-    try {
-      currentUser.checkPermission(context);
-    } catch (ShiroException e) {
-      String msg = currentUser.getPrincipal() + " not authorized for " + context;
-      logger.info(msg);
-      throw new NotAuthorizedException(msg, e);
-    }
-  }
-
-  @Override
-  public void close() {
-    if (this.securityManager != null) {
-      this.securityManager.close();
-    }
-
-    if (this.postProcessor != null) {
-      this.postProcessor.close();
-    }
-
-    ThreadContext.remove();
-    SecurityUtils.setSecurityManager(null);
-  }
-
-  /**
-   * postProcess call already has this logic built in, you don't need to call this everytime you
-   * call postProcess. But if your postProcess is pretty involved with preparations and you need to
-   * bypass it entirely, call this first.
-   */
-  @Override
-  public boolean needPostProcess() {
-    return this.postProcessor != null;
-  }
-
-  @Override
-  public Object postProcess(final String regionPath, final Object key, final Object value,
-      final boolean valueIsSerialized) {
-    return postProcess(null, regionPath, key, value, valueIsSerialized);
-  }
-
-  @Override
-  public Object postProcess(Object principal, final String regionPath, final Object key,
-      final Object value, final boolean valueIsSerialized) {
-    if (!needPostProcess()) {
-      return value;
-    }
-
-    if (principal == null) {
-      Subject subject = getSubject();
-      if (subject == null) {
-        return value;
-      }
-      principal = (Serializable) subject.getPrincipal();
-    }
-
-    String regionName = StringUtils.stripStart(regionPath, "/");
-    Object newValue;
-
-    // if the data is a byte array, but the data itself is supposed to be an object, we need to
-    // deserialize it before we pass it to the callback.
-    if (valueIsSerialized && value instanceof byte[]) {
-      try {
-        Object oldObj = EntryEventImpl.deserialize((byte[]) value);
-        Object newObj = this.postProcessor.processRegionValue(principal, regionName, key, oldObj);
-        newValue = BlobHelper.serializeToBlob(newObj);
-      } catch (IOException | SerializationException e) {
-        throw new GemFireIOException("Exception de/serializing entry value", e);
-      }
-    } else {
-      newValue = this.postProcessor.processRegionValue(principal, regionName, key, value);
-    }
-
-    return newValue;
-  }
-
-  @Override
-  public SecurityManager getSecurityManager() {
-    return this.securityManager;
-  }
-
-  @Override
-  public PostProcessor getPostProcessor() {
-    return this.postProcessor;
-  }
-
-  @Override
-  public boolean isIntegratedSecurity() {
-    return true;
-  }
-
-  @Override
-  public boolean isClientSecurityRequired() {
-    return true;
-  }
-
-  @Override
-  public boolean isPeerSecurityRequired() {
-    return true;
-  }
-}

http://git-wip-us.apache.org/repos/asf/geode/blob/fd638d52/geode-core/src/main/java/org/apache/geode/internal/security/IntegratedSecurityService.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/security/IntegratedSecurityService.java b/geode-core/src/main/java/org/apache/geode/internal/security/IntegratedSecurityService.java
new file mode 100644
index 0000000..f9fade1
--- /dev/null
+++ b/geode-core/src/main/java/org/apache/geode/internal/security/IntegratedSecurityService.java
@@ -0,0 +1,472 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.geode.internal.security;
+
+import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_CLIENT_AUTHENTICATOR;
+import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANAGER;
+import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_PEER_AUTHENTICATOR;
+import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_POST_PROCESSOR;
+import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_SHIRO_INIT;
+
+import org.apache.commons.lang.SerializationException;
+import org.apache.commons.lang.StringUtils;
+import org.apache.geode.GemFireIOException;
+import org.apache.geode.internal.cache.EntryEventImpl;
+import org.apache.geode.internal.logging.LogService;
+import org.apache.geode.internal.security.shiro.CustomAuthRealm;
+import org.apache.geode.internal.security.shiro.GeodeAuthenticationToken;
+import org.apache.geode.internal.security.shiro.ShiroPrincipal;
+import org.apache.geode.internal.util.BlobHelper;
+import org.apache.geode.management.internal.security.ResourceOperation;
+import org.apache.geode.security.AuthenticationFailedException;
+import org.apache.geode.security.GemFireSecurityException;
+import org.apache.geode.security.NotAuthorizedException;
+import org.apache.geode.security.PostProcessor;
+import org.apache.geode.security.ResourcePermission;
+import org.apache.geode.security.ResourcePermission.Operation;
+import org.apache.geode.security.ResourcePermission.Resource;
+import org.apache.geode.security.SecurityManager;
+import org.apache.logging.log4j.Logger;
+import org.apache.shiro.SecurityUtils;
+import org.apache.shiro.ShiroException;
+import org.apache.shiro.UnavailableSecurityManagerException;
+import org.apache.shiro.config.Ini.Section;
+import org.apache.shiro.config.IniSecurityManagerFactory;
+import org.apache.shiro.mgt.DefaultSecurityManager;
+import org.apache.shiro.realm.Realm;
+import org.apache.shiro.session.mgt.DefaultSessionManager;
+import org.apache.shiro.session.mgt.SessionManager;
+import org.apache.shiro.subject.Subject;
+import org.apache.shiro.subject.support.SubjectThreadState;
+import org.apache.shiro.util.ThreadContext;
+import org.apache.shiro.util.ThreadState;
+
+import java.io.IOException;
+import java.io.Serializable;
+import java.security.AccessController;
+import java.util.Properties;
+import java.util.Set;
+import java.util.concurrent.Callable;
+
+public class IntegratedSecurityService implements SecurityService {
+
+  private static Logger logger = LogService.getLogger(LogService.SECURITY_LOGGER_NAME);
+
+  private static SecurityService defaultInstance = new IntegratedSecurityService();
+
+  public static SecurityService getSecurityService() {
+    return defaultInstance;
+  }
+
+  private IntegratedSecurityService() {}
+
+  private PostProcessor postProcessor;
+  private SecurityManager securityManager;
+
+  private Boolean isIntegratedSecurity;
+
+  private boolean isClientAuthenticator; // is there a SECURITY_CLIENT_AUTHENTICATOR
+  private boolean isPeerAuthenticator; // is there a SECURITY_PEER_AUTHENTICATOR
+
+  /**
+   * It first looks the shiro subject in AccessControlContext since JMX will use multiple threads to
+   * process operations from the same client, then it looks into Shiro's thead context.
+   *
+   * @return the shiro subject, null if security is not enabled
+   */
+  public Subject getSubject() {
+    if (!isIntegratedSecurity()) {
+      return null;
+    }
+
+    Subject currentUser = null;
+
+    // First try get the principal out of AccessControlContext instead of Shiro's Thread context
+    // since threads can be shared between JMX clients.
+    javax.security.auth.Subject jmxSubject =
+        javax.security.auth.Subject.getSubject(AccessController.getContext());
+
+    if (jmxSubject != null) {
+      Set<ShiroPrincipal> principals = jmxSubject.getPrincipals(ShiroPrincipal.class);
+      if (principals.size() > 0) {
+        ShiroPrincipal principal = principals.iterator().next();
+        currentUser = principal.getSubject();
+        ThreadContext.bind(currentUser);
+        return currentUser;
+      }
+    }
+
+    // in other cases like rest call, client operations, we get it from the current thread
+    currentUser = SecurityUtils.getSubject();
+
+    if (currentUser == null || currentUser.getPrincipal() == null) {
+      throw new GemFireSecurityException("Error: Anonymous User");
+    }
+
+    return currentUser;
+  }
+
+  /**
+   * @return null if security is not enabled, otherwise return a shiro subject
+   */
+  public Subject login(Properties credentials) {
+    if (!isIntegratedSecurity()) {
+      return null;
+    }
+
+    if (credentials == null)
+      return null;
+
+    // this makes sure it starts with a clean user object
+    ThreadContext.remove();
+
+    Subject currentUser = SecurityUtils.getSubject();
+    GeodeAuthenticationToken token = new GeodeAuthenticationToken(credentials);
+    try {
+      logger.debug("Logging in " + token.getPrincipal());
+      currentUser.login(token);
+    } catch (ShiroException e) {
+      logger.info(e.getMessage(), e);
+      throw new AuthenticationFailedException(
+          "Authentication error. Please check your credentials.", e);
+    }
+
+    return currentUser;
+  }
+
+  public void logout() {
+    Subject currentUser = getSubject();
+    if (currentUser == null) {
+      return;
+    }
+
+    try {
+      logger.debug("Logging out " + currentUser.getPrincipal());
+      currentUser.logout();
+    } catch (ShiroException e) {
+      logger.info(e.getMessage(), e);
+      throw new GemFireSecurityException(e.getMessage(), e);
+    }
+    // clean out Shiro's thread local content
+    ThreadContext.remove();
+  }
+
+  public Callable associateWith(Callable callable) {
+    Subject currentUser = getSubject();
+    if (currentUser == null) {
+      return callable;
+    }
+
+    return currentUser.associateWith(callable);
+  }
+
+  /**
+   * this binds the passed-in subject to the executing thread, normally, you would do this:
+   *
+   * ThreadState state = null; try{ state = IntegratedSecurityService.bindSubject(subject); //do the
+   * rest of the work as this subject } finally{ if(state!=null) state.clear(); }
+   */
+  public ThreadState bindSubject(Subject subject) {
+    if (subject == null) {
+      return null;
+    }
+
+    ThreadState threadState = new SubjectThreadState(subject);
+    threadState.bind();
+    return threadState;
+  }
+
+  public void authorize(ResourceOperation resourceOperation) {
+    if (resourceOperation == null) {
+      return;
+    }
+
+    authorize(resourceOperation.resource().name(), resourceOperation.operation().name(), null);
+  }
+
+  public void authorizeClusterManage() {
+    authorize("CLUSTER", "MANAGE");
+  }
+
+  public void authorizeClusterWrite() {
+    authorize("CLUSTER", "WRITE");
+  }
+
+  public void authorizeClusterRead() {
+    authorize("CLUSTER", "READ");
+  }
+
+  public void authorizeDataManage() {
+    authorize("DATA", "MANAGE");
+  }
+
+  public void authorizeDataWrite() {
+    authorize("DATA", "WRITE");
+  }
+
+  public void authorizeDataRead() {
+    authorize("DATA", "READ");
+  }
+
+  public void authorizeRegionManage(String regionName) {
+    authorize("DATA", "MANAGE", regionName);
+  }
+
+  public void authorizeRegionManage(String regionName, String key) {
+    authorize("DATA", "MANAGE", regionName, key);
+  }
+
+  public void authorizeRegionWrite(String regionName) {
+    authorize("DATA", "WRITE", regionName);
+  }
+
+  public void authorizeRegionWrite(String regionName, String key) {
+    authorize("DATA", "WRITE", regionName, key);
+  }
+
+  public void authorizeRegionRead(String regionName) {
+    authorize("DATA", "READ", regionName);
+  }
+
+  public void authorizeRegionRead(String regionName, String key) {
+    authorize("DATA", "READ", regionName, key);
+  }
+
+  public void authorize(String resource, String operation) {
+    authorize(resource, operation, null);
+  }
+
+  public void authorize(String resource, String operation, String regionName) {
+    authorize(resource, operation, regionName, null);
+  }
+
+  public void authorize(String resource, String operation, String regionName, String key) {
+    regionName = StringUtils.stripStart(regionName, "/");
+    authorize(new ResourcePermission(resource, operation, regionName, key));
+  }
+
+  public void authorize(ResourcePermission context) {
+    Subject currentUser = getSubject();
+    if (currentUser == null) {
+      return;
+    }
+
+    if (context == null) {
+      return;
+    }
+
+    if (context.getResource() == Resource.NULL && context.getOperation() == Operation.NULL) {
+      return;
+    }
+
+    try {
+      currentUser.checkPermission(context);
+    } catch (ShiroException e) {
+      String msg = currentUser.getPrincipal() + " not authorized for " + context;
+      logger.info(msg);
+      throw new NotAuthorizedException(msg, e);
+    }
+  }
+
+  /**
+   * initialize Shiro's Security Manager and Security Utilities
+   */
+  public void initSecurity(Properties securityProps) {
+    if (securityProps == null) {
+      return;
+    }
+
+    String shiroConfig = securityProps.getProperty(SECURITY_SHIRO_INIT);
+    String securityManagerConfig = securityProps.getProperty(SECURITY_MANAGER);
+    String clientAuthenticatorConfig = securityProps.getProperty(SECURITY_CLIENT_AUTHENTICATOR);
+    String peerAuthenticatorConfig = securityProps.getProperty(SECURITY_PEER_AUTHENTICATOR);
+
+    if (StringUtils.isNotBlank(shiroConfig)) {
+      IniSecurityManagerFactory factory = new IniSecurityManagerFactory("classpath:" + shiroConfig);
+
+      // we will need to make sure that shiro uses a case sensitive permission resolver
+      Section main = factory.getIni().addSection("main");
+      main.put("geodePermissionResolver",
+          "org.apache.geode.internal.security.shiro.GeodePermissionResolver");
+      if (!main.containsKey("iniRealm.permissionResolver")) {
+        main.put("iniRealm.permissionResolver", "$geodePermissionResolver");
+      }
+
+      org.apache.shiro.mgt.SecurityManager securityManager = factory.getInstance();
+      SecurityUtils.setSecurityManager(securityManager);
+      isIntegratedSecurity = true;
+      isClientAuthenticator = false;
+      isPeerAuthenticator = false;
+    }
+    // only set up shiro realm if user has implemented SecurityManager
+    else if (StringUtils.isNotBlank(securityManagerConfig)) {
+      SecurityManager securityManager = SecurityService
+          .getObjectOfTypeFromClassName(securityManagerConfig, SecurityManager.class);
+      securityManager.init(securityProps);
+      this.setSecurityManager(securityManager);
+    } else {
+      isIntegratedSecurity = null;
+      isClientAuthenticator = StringUtils.isNotBlank(clientAuthenticatorConfig);
+      isPeerAuthenticator = StringUtils.isNotBlank(peerAuthenticatorConfig);
+    }
+
+    // this initializes the post processor
+    String customPostProcessor = securityProps.getProperty(SECURITY_POST_PROCESSOR);
+    if (StringUtils.isNotBlank(customPostProcessor)) {
+      postProcessor =
+          SecurityService.getObjectOfTypeFromClassName(customPostProcessor, PostProcessor.class);
+      postProcessor.init(securityProps);
+    } else {
+      postProcessor = null;
+    }
+  }
+
+  public void close() {
+    if (securityManager != null) {
+      securityManager.close();
+      securityManager = null;
+    }
+
+    if (postProcessor != null) {
+      postProcessor.close();
+      postProcessor = null;
+    }
+    ThreadContext.remove();
+    SecurityUtils.setSecurityManager(null);
+    isIntegratedSecurity = null;
+    isClientAuthenticator = false;
+    isPeerAuthenticator = false;
+  }
+
+  /**
+   * postProcess call already has this logic built in, you don't need to call this everytime you
+   * call postProcess. But if your postProcess is pretty involved with preparations and you need to
+   * bypass it entirely, call this first.
+   */
+  public boolean needPostProcess() {
+    return (isIntegratedSecurity() && postProcessor != null);
+  }
+
+  public Object postProcess(String regionPath, Object key, Object value,
+      boolean valueIsSerialized) {
+    return postProcess(null, regionPath, key, value, valueIsSerialized);
+  }
+
+  public Object postProcess(Object principal, String regionPath, Object key, Object value,
+      boolean valueIsSerialized) {
+    if (!needPostProcess())
+      return value;
+
+    if (principal == null) {
+      Subject subject = getSubject();
+      if (subject == null)
+        return value;
+      principal = (Serializable) subject.getPrincipal();
+    }
+
+    String regionName = StringUtils.stripStart(regionPath, "/");
+    Object newValue = null;
+
+    // if the data is a byte array, but the data itself is supposed to be an object, we need to
+    // desearized it before we pass
+    // it to the callback.
+    if (valueIsSerialized && value instanceof byte[]) {
+      try {
+        Object oldObj = EntryEventImpl.deserialize((byte[]) value);
+        Object newObj = postProcessor.processRegionValue(principal, regionName, key, oldObj);
+        newValue = BlobHelper.serializeToBlob(newObj);
+      } catch (IOException | SerializationException e) {
+        throw new GemFireIOException("Exception de/serializing entry value", e);
+      }
+    } else {
+      newValue = postProcessor.processRegionValue(principal, regionName, key, value);
+    }
+
+    return newValue;
+  }
+
+  public SecurityManager getSecurityManager() {
+    return securityManager;
+  }
+
+  public void setSecurityManager(SecurityManager securityManager) {
+    if (securityManager == null) {
+      return;
+    }
+
+    this.securityManager = securityManager;
+    Realm realm = new CustomAuthRealm(securityManager);
+    DefaultSecurityManager shiroManager = new DefaultSecurityManager(realm);
+    SecurityUtils.setSecurityManager(shiroManager);
+    increaseShiroGlobalSessionTimeout(shiroManager);
+
+    isIntegratedSecurity = true;
+    isClientAuthenticator = false;
+    isPeerAuthenticator = false;
+  }
+
+  private void increaseShiroGlobalSessionTimeout(final DefaultSecurityManager shiroManager) {
+    SessionManager sessionManager = shiroManager.getSessionManager();
+    if (DefaultSessionManager.class.isInstance(sessionManager)) {
+      DefaultSessionManager defaultSessionManager = (DefaultSessionManager) sessionManager;
+      defaultSessionManager.setGlobalSessionTimeout(Long.MAX_VALUE);
+      long value = defaultSessionManager.getGlobalSessionTimeout();
+      if (value != Long.MAX_VALUE) {
+        logger.error("Unable to set Shiro Global Session Timeout. Current value is '{}'.", value);
+      }
+    } else {
+      logger.error("Unable to set Shiro Global Session Timeout. Current SessionManager is '{}'.",
+          sessionManager == null ? "null" : sessionManager.getClass());
+    }
+  }
+
+  public PostProcessor getPostProcessor() {
+    return postProcessor;
+  }
+
+  public void setPostProcessor(PostProcessor postProcessor) {
+    if (postProcessor == null) {
+      return;
+    }
+
+    this.postProcessor = postProcessor;
+  }
+
+  /**
+   * check if Shiro's security manager is configured
+   * 
+   * @return true if configured, false if not
+   */
+  public boolean isIntegratedSecurity() {
+    if (isIntegratedSecurity != null) {
+      return isIntegratedSecurity;
+    }
+
+    try {
+      isIntegratedSecurity = (SecurityUtils.getSecurityManager() != null);
+    } catch (UnavailableSecurityManagerException e) {
+      isIntegratedSecurity = false;
+    }
+    return isIntegratedSecurity;
+  }
+
+  public boolean isClientSecurityRequired() {
+    return isClientAuthenticator || isIntegratedSecurity();
+  }
+
+  public boolean isPeerSecurityRequired() {
+    return isPeerAuthenticator || isIntegratedSecurity();
+  }
+}

http://git-wip-us.apache.org/repos/asf/geode/blob/fd638d52/geode-core/src/main/java/org/apache/geode/internal/security/LegacySecurityService.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/security/LegacySecurityService.java b/geode-core/src/main/java/org/apache/geode/internal/security/LegacySecurityService.java
deleted file mode 100644
index ef92bb7..0000000
--- a/geode-core/src/main/java/org/apache/geode/internal/security/LegacySecurityService.java
+++ /dev/null
@@ -1,204 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
- * agreements. See the NOTICE file distributed with this work for additional information regarding
- * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance with the License. You may obtain a
- * copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software distributed under the License
- * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
- * or implied. See the License for the specific language governing permissions and limitations under
- * the License.
- */
-package org.apache.geode.internal.security;
-
-import java.util.Properties;
-import java.util.concurrent.Callable;
-
-import org.apache.shiro.subject.Subject;
-import org.apache.shiro.util.ThreadState;
-
-import org.apache.geode.management.internal.security.ResourceOperation;
-import org.apache.geode.security.PostProcessor;
-import org.apache.geode.security.ResourcePermission;
-import org.apache.geode.security.SecurityManager;
-
-/**
- * Legacy security service with ClientAuthenticator and/or PeerAuthenticator.
- */
-public class LegacySecurityService implements SecurityService {
-
-  private final boolean hasClientAuthenticator;
-
-  private final boolean hasPeerAuthenticator;
-
-  LegacySecurityService(final String clientAuthenticator, final String peerAuthenticator) {
-    this.hasClientAuthenticator = clientAuthenticator != null;
-    this.hasPeerAuthenticator = peerAuthenticator != null;
-  }
-
-  @Override
-  public void initSecurity(final Properties securityProps) {
-    // nothing
-  }
-
-  @Override
-  public ThreadState bindSubject(final Subject subject) {
-    return null;
-  }
-
-  @Override
-  public Subject getSubject() {
-    return null;
-  }
-
-  @Override
-  public Subject login(final Properties credentials) {
-    return null;
-  }
-
-  @Override
-  public void logout() {
-    // nothing
-  }
-
-  @Override
-  public Callable associateWith(final Callable callable) {
-    return null;
-  }
-
-  @Override
-  public void authorize(final ResourceOperation resourceOperation) {
-    // nothing
-  }
-
-  @Override
-  public void authorizeClusterManage() {
-    // nothing
-  }
-
-  @Override
-  public void authorizeClusterWrite() {
-    // nothing
-  }
-
-  @Override
-  public void authorizeClusterRead() {
-    // nothing
-  }
-
-  @Override
-  public void authorizeDataManage() {
-    // nothing
-  }
-
-  @Override
-  public void authorizeDataWrite() {
-    // nothing
-  }
-
-  @Override
-  public void authorizeDataRead() {
-    // nothing
-  }
-
-  @Override
-  public void authorizeRegionManage(final String regionName) {
-    // nothing
-  }
-
-  @Override
-  public void authorizeRegionManage(final String regionName, final String key) {
-    // nothing
-  }
-
-  @Override
-  public void authorizeRegionWrite(final String regionName) {
-    // nothing
-  }
-
-  @Override
-  public void authorizeRegionWrite(final String regionName, final String key) {
-    // nothing
-  }
-
-  @Override
-  public void authorizeRegionRead(final String regionName) {
-    // nothing
-  }
-
-  @Override
-  public void authorizeRegionRead(final String regionName, final String key) {
-    // nothing
-  }
-
-  @Override
-  public void authorize(final String resource, final String operation) {
-    // nothing
-  }
-
-  @Override
-  public void authorize(final String resource, final String operation, final String regionName) {
-    // nothing
-  }
-
-  @Override
-  public void authorize(final String resource, final String operation, final String regionName,
-      final String key) {
-    // nothing
-  }
-
-  @Override
-  public void authorize(final ResourcePermission context) {
-    // nothing
-  }
-
-  @Override
-  public void close() {
-    // nothing
-  }
-
-  @Override
-  public boolean needPostProcess() {
-    return false;
-  }
-
-  @Override
-  public Object postProcess(final String regionPath, final Object key, final Object value,
-      final boolean valueIsSerialized) {
-    return value;
-  }
-
-  @Override
-  public Object postProcess(final Object principal, final String regionPath, final Object key,
-      final Object value, final boolean valueIsSerialized) {
-    return value;
-  }
-
-  @Override
-  public boolean isClientSecurityRequired() {
-    return this.hasClientAuthenticator;
-  }
-
-  @Override
-  public boolean isIntegratedSecurity() {
-    return false;
-  }
-
-  @Override
-  public boolean isPeerSecurityRequired() {
-    return this.hasPeerAuthenticator;
-  }
-
-  @Override
-  public SecurityManager getSecurityManager() {
-    return null;
-  }
-
-  @Override
-  public PostProcessor getPostProcessor() {
-    return null;
-  }
-}

http://git-wip-us.apache.org/repos/asf/geode/blob/fd638d52/geode-core/src/main/java/org/apache/geode/internal/security/SecurityService.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/security/SecurityService.java b/geode-core/src/main/java/org/apache/geode/internal/security/SecurityService.java
index be81582..14784c3 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/security/SecurityService.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/security/SecurityService.java
@@ -14,20 +14,22 @@
  */
 package org.apache.geode.internal.security;
 
+import org.apache.geode.internal.ClassLoadUtil;
+import org.apache.geode.management.internal.security.ResourceConstants;
 import org.apache.geode.management.internal.security.ResourceOperation;
+import org.apache.geode.security.GemFireSecurityException;
 import org.apache.geode.security.PostProcessor;
 import org.apache.geode.security.ResourcePermission;
 import org.apache.geode.security.SecurityManager;
 import org.apache.shiro.subject.Subject;
 import org.apache.shiro.util.ThreadState;
 
+import java.lang.reflect.Method;
 import java.util.Properties;
 import java.util.concurrent.Callable;
 
 public interface SecurityService {
 
-  void initSecurity(Properties securityProps);
-
   ThreadState bindSubject(Subject subject);
 
   Subject getSubject();
@@ -72,6 +74,8 @@ public interface SecurityService {
 
   void authorize(ResourcePermission context);
 
+  void initSecurity(Properties securityProps);
+
   void close();
 
   boolean needPostProcess();
@@ -89,6 +93,91 @@ public interface SecurityService {
 
   SecurityManager getSecurityManager();
 
+  void setSecurityManager(SecurityManager securityManager);
+
   PostProcessor getPostProcessor();
 
+  void setPostProcessor(PostProcessor postProcessor);
+
+  /**
+   * this method would never return null, it either throws an exception or returns an object
+   */
+  public static <T> T getObjectOfTypeFromClassName(String className, Class<T> expectedClazz) {
+    Class actualClass = null;
+    try {
+      actualClass = ClassLoadUtil.classFromName(className);
+    } catch (Exception ex) {
+      throw new GemFireSecurityException("Instance could not be obtained, " + ex.toString(), ex);
+    }
+
+    if (!expectedClazz.isAssignableFrom(actualClass)) {
+      throw new GemFireSecurityException(
+          "Instance could not be obtained. Expecting a " + expectedClazz.getName() + " class.");
+    }
+
+    T actualObject = null;
+    try {
+      actualObject = (T) actualClass.newInstance();
+    } catch (Exception e) {
+      throw new GemFireSecurityException(
+          "Instance could not be obtained. Error instantiating " + actualClass.getName(), e);
+    }
+    return actualObject;
+  }
+
+  /**
+   * this method would never return null, it either throws an exception or returns an object
+   */
+  public static <T> T getObjectOfTypeFromFactoryMethod(String factoryMethodName,
+      Class<T> expectedClazz) {
+    T actualObject = null;
+    try {
+      Method factoryMethod = ClassLoadUtil.methodFromName(factoryMethodName);
+      actualObject = (T) factoryMethod.invoke(null, (Object[]) null);
+    } catch (Exception e) {
+      throw new GemFireSecurityException("Instance could not be obtained from " + factoryMethodName,
+          e);
+    }
+
+    if (actualObject == null) {
+      throw new GemFireSecurityException(
+          "Instance could not be obtained from " + factoryMethodName);
+    }
+
+    return actualObject;
+  }
+
+  /**
+   * this method would never return null, it either throws an exception or returns an object
+   *
+   * @return an object of type expectedClazz. This method would never return null. It either returns
+   *         an non-null object or throws exception.
+   */
+  public static <T> T getObjectOfType(String classOrMethod, Class<T> expectedClazz) {
+    T object = null;
+    try {
+      object = getObjectOfTypeFromClassName(classOrMethod, expectedClazz);
+    } catch (Exception e) {
+      object = getObjectOfTypeFromFactoryMethod(classOrMethod, expectedClazz);
+    }
+    return object;
+  }
+
+  public static Properties getCredentials(Properties securityProps) {
+    Properties credentials = null;
+    if (securityProps.containsKey(ResourceConstants.USER_NAME)
+        && securityProps.containsKey(ResourceConstants.PASSWORD)) {
+      credentials = new Properties();
+      credentials.setProperty(ResourceConstants.USER_NAME,
+          securityProps.getProperty(ResourceConstants.USER_NAME));
+      credentials.setProperty(ResourceConstants.PASSWORD,
+          securityProps.getProperty(ResourceConstants.PASSWORD));
+    }
+    return credentials;
+  }
+
+  static SecurityService getSecurityService() {
+    return IntegratedSecurityService.getSecurityService();
+  }
+
 }

http://git-wip-us.apache.org/repos/asf/geode/blob/fd638d52/geode-core/src/main/java/org/apache/geode/internal/security/SecurityServiceFactory.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/security/SecurityServiceFactory.java b/geode-core/src/main/java/org/apache/geode/internal/security/SecurityServiceFactory.java
deleted file mode 100644
index 02f34f1..0000000
--- a/geode-core/src/main/java/org/apache/geode/internal/security/SecurityServiceFactory.java
+++ /dev/null
@@ -1,204 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
- * agreements. See the NOTICE file distributed with this work for additional information regarding
- * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance with the License. You may obtain a
- * copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software distributed under the License
- * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
- * or implied. See the License for the specific language governing permissions and limitations under
- * the License.
- */
-package org.apache.geode.internal.security;
-
-import static org.apache.commons.lang.StringUtils.isNotBlank;
-import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_CLIENT_AUTHENTICATOR;
-import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANAGER;
-import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_PEER_AUTHENTICATOR;
-import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_POST_PROCESSOR;
-import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_SHIRO_INIT;
-
-import org.apache.geode.distributed.internal.DistributionConfig;
-import org.apache.geode.internal.cache.CacheConfig;
-import org.apache.geode.internal.cache.GemFireCacheImpl;
-import org.apache.geode.internal.cache.InternalCache;
-import org.apache.geode.internal.security.shiro.ConfigInitializer;
-import org.apache.geode.internal.security.shiro.RealmInitializer;
-import org.apache.geode.security.PostProcessor;
-import org.apache.geode.security.SecurityManager;
-import org.apache.shiro.SecurityUtils;
-import org.apache.shiro.UnavailableSecurityManagerException;
-
-import java.util.Properties;
-
-public class SecurityServiceFactory {
-
-  private SecurityServiceFactory() {
-    // do not instantiate
-  }
-
-  public static SecurityService create(CacheConfig cacheConfig,
-      DistributionConfig distributionConfig) {
-    Properties securityConfig = getSecurityConfig(distributionConfig);
-    SecurityManager securityManager =
-        getSecurityManager(getSecurityManagerFromConfig(cacheConfig), securityConfig);
-    PostProcessor postProcessor =
-        getPostProcessor(getPostProcessorFromConfig(cacheConfig), securityConfig);
-    return create(distributionConfig, securityManager, postProcessor);
-  }
-
-  /**
-   * Creates and initializes SecurityService. Initialization will invoke init on both
-   * SecurityManager and PostProcessor if they are specified.
-   */
-  public static SecurityService create(DistributionConfig distributionConfig,
-      SecurityManager securityManager, PostProcessor postProcessor) {
-    Properties securityConfig = getSecurityConfig(distributionConfig);
-
-    securityManager = getSecurityManager(securityManager, securityConfig);
-    postProcessor = getPostProcessor(postProcessor, securityConfig);
-
-    SecurityService securityService = create(securityConfig, securityManager, postProcessor);
-    initialize(securityService, distributionConfig);
-    return securityService;
-  }
-
-  public static SecurityService create() {
-    return new DisabledSecurityService();
-  }
-
-  public static SecurityService create(Properties securityConfig, SecurityManager securityManager,
-      PostProcessor postProcessor) {
-    SecurityServiceType type = determineType(securityConfig, securityManager, postProcessor);
-    switch (type) {
-      case CUSTOM:
-        String shiroConfig = getProperty(securityConfig, SECURITY_SHIRO_INIT);
-        if (isNotBlank(shiroConfig)) {
-          new ConfigInitializer().initialize(shiroConfig);
-        }
-        return new CustomSecurityService(postProcessor);
-      case ENABLED:
-        return new EnabledSecurityService(securityManager, postProcessor, new RealmInitializer());
-      case LEGACY:
-        String clientAuthenticator = getProperty(securityConfig, SECURITY_CLIENT_AUTHENTICATOR);
-        String peerAuthenticator = getProperty(securityConfig, SECURITY_PEER_AUTHENTICATOR);
-        return new LegacySecurityService(clientAuthenticator, peerAuthenticator);
-      default:
-        return new DisabledSecurityService();
-    }
-  }
-
-  public static SecurityService findSecurityService() {
-    InternalCache cache = GemFireCacheImpl.getInstance();
-    if (cache != null) {
-      return cache.getSecurityService();
-    }
-    return SecurityServiceFactory.create();
-  }
-
-  static SecurityServiceType determineType(Properties securityConfig,
-      SecurityManager securityManager, PostProcessor postProcessor) {
-    boolean hasShiroConfig = hasProperty(securityConfig, SECURITY_SHIRO_INIT);
-    if (hasShiroConfig) {
-      return SecurityServiceType.CUSTOM;
-    }
-
-    boolean hasSecurityManager =
-        securityManager != null || hasProperty(securityConfig, SECURITY_MANAGER);
-    if (hasSecurityManager) {
-      return SecurityServiceType.ENABLED;
-    }
-
-    boolean hasClientAuthenticator = hasProperty(securityConfig, SECURITY_CLIENT_AUTHENTICATOR);
-    boolean hasPeerAuthenticator = hasProperty(securityConfig, SECURITY_PEER_AUTHENTICATOR);
-    if (hasClientAuthenticator || hasPeerAuthenticator) {
-      return SecurityServiceType.LEGACY;
-    }
-
-    boolean isShiroInUse = isShiroInUse();
-    if (isShiroInUse) {
-      return SecurityServiceType.CUSTOM;
-    }
-
-    return SecurityServiceType.DISABLED;
-  }
-
-  static SecurityManager getSecurityManager(SecurityManager securityManager,
-      Properties securityConfig) {
-    if (securityManager != null) {
-      return securityManager;
-    }
-
-    String securityManagerConfig = getProperty(securityConfig, SECURITY_MANAGER);
-    if (isNotBlank(securityManagerConfig)) {
-      securityManager = CallbackInstantiator.getObjectOfTypeFromClassName(securityManagerConfig,
-          SecurityManager.class);
-    }
-
-    return securityManager;
-  }
-
-  static PostProcessor getPostProcessor(PostProcessor postProcessor, Properties securityConfig) {
-    if (postProcessor != null) {
-      return postProcessor;
-    }
-
-    String postProcessorConfig = getProperty(securityConfig, SECURITY_POST_PROCESSOR);
-    if (isNotBlank(postProcessorConfig)) {
-      postProcessor = CallbackInstantiator.getObjectOfTypeFromClassName(postProcessorConfig,
-          PostProcessor.class);
-    }
-
-    return postProcessor;
-  }
-
-  private static boolean isShiroInUse() {
-    try {
-      return SecurityUtils.getSecurityManager() != null;
-    } catch (UnavailableSecurityManagerException ignore) {
-      return false;
-    }
-  }
-
-  private static Properties getSecurityConfig(DistributionConfig distributionConfig) {
-    if (distributionConfig == null) {
-      return new Properties();
-    }
-    return distributionConfig.getSecurityProps();
-  }
-
-  private static SecurityManager getSecurityManagerFromConfig(CacheConfig cacheConfig) {
-    if (cacheConfig == null) {
-      return null;
-    }
-    return cacheConfig.getSecurityManager();
-  }
-
-  private static PostProcessor getPostProcessorFromConfig(CacheConfig cacheConfig) {
-    if (cacheConfig == null) {
-      return null;
-    }
-    return cacheConfig.getPostProcessor();
-  }
-
-  private static boolean hasProperty(Properties securityConfig, String key) {
-    return securityConfig != null && getProperty(securityConfig, key) != null;
-  }
-
-  private static String getProperty(Properties securityConfig, String key) {
-    if (securityConfig == null) {
-      return null;
-    }
-    return securityConfig.getProperty(key);
-  }
-
-  private static void initialize(SecurityService securityService,
-      DistributionConfig distributionConfig) {
-    if (securityService != null && distributionConfig != null) {
-      securityService.initSecurity(distributionConfig.getSecurityProps());
-    }
-  }
-}

http://git-wip-us.apache.org/repos/asf/geode/blob/fd638d52/geode-core/src/main/java/org/apache/geode/internal/security/SecurityServiceType.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/security/SecurityServiceType.java b/geode-core/src/main/java/org/apache/geode/internal/security/SecurityServiceType.java
deleted file mode 100644
index 8ae76d2..0000000
--- a/geode-core/src/main/java/org/apache/geode/internal/security/SecurityServiceType.java
+++ /dev/null
@@ -1,28 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
- * agreements. See the NOTICE file distributed with this work for additional information regarding
- * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance with the License. You may obtain a
- * copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software distributed under the License
- * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
- * or implied. See the License for the specific language governing permissions and limitations under
- * the License.
- */
-package org.apache.geode.internal.security;
-
-public enum SecurityServiceType {
-  /** Integrated Security is Enabled */
-  ENABLED,
-  /** Security is Disabled */
-  DISABLED,
-  /** Legacy Security is Enabled */
-  LEGACY,
-  /** Shiro Config is specified */
-  CUSTOM,
-  /** Shiro is already configured with SecurityManager */
-  EXTERNAL
-}

http://git-wip-us.apache.org/repos/asf/geode/blob/fd638d52/geode-core/src/main/java/org/apache/geode/internal/security/shiro/ConfigInitializer.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/security/shiro/ConfigInitializer.java b/geode-core/src/main/java/org/apache/geode/internal/security/shiro/ConfigInitializer.java
deleted file mode 100644
index 60f014b..0000000
--- a/geode-core/src/main/java/org/apache/geode/internal/security/shiro/ConfigInitializer.java
+++ /dev/null
@@ -1,43 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
- * agreements. See the NOTICE file distributed with this work for additional information regarding
- * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance with the License. You may obtain a
- * copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software distributed under the License
- * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
- * or implied. See the License for the specific language governing permissions and limitations under
- * the License.
- */
-package org.apache.geode.internal.security.shiro;
-
-import org.apache.shiro.SecurityUtils;
-import org.apache.shiro.config.Ini.Section;
-import org.apache.shiro.config.IniSecurityManagerFactory;
-import org.apache.shiro.mgt.SecurityManager;
-
-public class ConfigInitializer {
-
-  public ConfigInitializer() {
-    // nothing
-  }
-
-  public void initialize(String shiroConfig) {
-    IniSecurityManagerFactory factory = new IniSecurityManagerFactory("classpath:" + shiroConfig);
-
-    // we will need to make sure that shiro uses a case sensitive permission resolver
-    Section main = factory.getIni().addSection("main");
-    main.put("geodePermissionResolver", GeodePermissionResolver.class.getName());
-    if (!main.containsKey("iniRealm.permissionResolver")) {
-      main.put("iniRealm.permissionResolver", "$geodePermissionResolver");
-    }
-
-    // logs "Users or Roles are already populated. Configured Ini instance will be ignored."
-    SecurityManager securityManager = factory.getInstance();
-    SecurityUtils.setSecurityManager(securityManager);
-  }
-
-}

http://git-wip-us.apache.org/repos/asf/geode/blob/fd638d52/geode-core/src/main/java/org/apache/geode/internal/security/shiro/CustomAuthRealm.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/security/shiro/CustomAuthRealm.java b/geode-core/src/main/java/org/apache/geode/internal/security/shiro/CustomAuthRealm.java
index 51449fd..ff30882 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/security/shiro/CustomAuthRealm.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/security/shiro/CustomAuthRealm.java
@@ -17,7 +17,6 @@ package org.apache.geode.internal.security.shiro;
 import java.io.Serializable;
 import java.util.Properties;
 
-import org.apache.geode.internal.security.CallbackInstantiator;
 import org.apache.geode.security.ResourcePermission;
 import org.apache.geode.security.SecurityManager;
 import org.apache.shiro.authc.AuthenticationException;
@@ -29,6 +28,8 @@ import org.apache.shiro.authz.Permission;
 import org.apache.shiro.realm.AuthorizingRealm;
 import org.apache.shiro.subject.PrincipalCollection;
 
+import org.apache.geode.internal.security.SecurityService;
+
 public class CustomAuthRealm extends AuthorizingRealm {
 
   private static final String REALM_NAME = "CUSTOMAUTHREALM";
@@ -53,8 +54,8 @@ public class CustomAuthRealm extends AuthorizingRealm {
    * @param securityProperties the security properties to initialize SecurityManager with
    */
   public CustomAuthRealm(String authenticatorFactory, Properties securityProperties) {
-    this.securityManager = CallbackInstantiator.getObjectOfTypeFromClassName(authenticatorFactory,
-        SecurityManager.class);
+    this.securityManager =
+        SecurityService.getObjectOfTypeFromClassName(authenticatorFactory, SecurityManager.class);
     this.securityManager.init(securityProperties);
   }
 

http://git-wip-us.apache.org/repos/asf/geode/blob/fd638d52/geode-core/src/main/java/org/apache/geode/internal/security/shiro/JMXShiroAuthenticator.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/security/shiro/JMXShiroAuthenticator.java b/geode-core/src/main/java/org/apache/geode/internal/security/shiro/JMXShiroAuthenticator.java
index 4f6c3cf..2a641d3 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/security/shiro/JMXShiroAuthenticator.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/security/shiro/JMXShiroAuthenticator.java
@@ -14,11 +14,7 @@
  */
 package org.apache.geode.internal.security.shiro;
 
-import static org.apache.geode.management.internal.security.ResourceConstants.MISSING_CREDENTIALS_MESSAGE;
-
-import org.apache.geode.internal.security.SecurityService;
-import org.apache.geode.management.internal.security.ResourceConstants;
-import org.apache.geode.security.AuthenticationFailedException;
+import static org.apache.geode.management.internal.security.ResourceConstants.*;
 
 import java.security.Principal;
 import java.util.Collections;
@@ -30,16 +26,18 @@ import javax.management.remote.JMXConnectionNotification;
 import javax.management.remote.JMXPrincipal;
 import javax.security.auth.Subject;
 
+import org.apache.geode.internal.security.IntegratedSecurityService;
+import org.apache.geode.internal.security.SecurityService;
+import org.apache.geode.management.internal.security.ResourceConstants;
+import org.apache.geode.security.AuthenticationFailedException;
+
 /**
  * this will make JMX authentication to use Shiro for Authentication
  */
-public class JMXShiroAuthenticator implements JMXAuthenticator, NotificationListener {
 
-  private final SecurityService securityService;
+public class JMXShiroAuthenticator implements JMXAuthenticator, NotificationListener {
 
-  public JMXShiroAuthenticator(SecurityService securityService) {
-    this.securityService = securityService;
-  }
+  private SecurityService securityService = IntegratedSecurityService.getSecurityService();
 
   @Override
   public Subject authenticate(Object credentials) {
@@ -66,8 +64,8 @@ public class JMXShiroAuthenticator implements JMXAuthenticator, NotificationList
       principal = new ShiroPrincipal(shiroSubject);
     }
 
-    return new Subject(true, Collections.singleton(principal), Collections.emptySet(),
-        Collections.emptySet());
+    return new Subject(true, Collections.singleton(principal), Collections.EMPTY_SET,
+        Collections.EMPTY_SET);
   }
 
   @Override

http://git-wip-us.apache.org/repos/asf/geode/blob/fd638d52/geode-core/src/main/java/org/apache/geode/internal/security/shiro/RealmInitializer.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/security/shiro/RealmInitializer.java b/geode-core/src/main/java/org/apache/geode/internal/security/shiro/RealmInitializer.java
deleted file mode 100644
index 978c4dd..0000000
--- a/geode-core/src/main/java/org/apache/geode/internal/security/shiro/RealmInitializer.java
+++ /dev/null
@@ -1,54 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
- * agreements. See the NOTICE file distributed with this work for additional information regarding
- * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance with the License. You may obtain a
- * copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software distributed under the License
- * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
- * or implied. See the License for the specific language governing permissions and limitations under
- * the License.
- */
-package org.apache.geode.internal.security.shiro;
-
-import org.apache.geode.internal.logging.LogService;
-import org.apache.geode.security.SecurityManager;
-import org.apache.logging.log4j.Logger;
-import org.apache.shiro.SecurityUtils;
-import org.apache.shiro.mgt.DefaultSecurityManager;
-import org.apache.shiro.realm.Realm;
-import org.apache.shiro.session.mgt.DefaultSessionManager;
-import org.apache.shiro.session.mgt.SessionManager;
-
-public class RealmInitializer {
-  private static Logger logger = LogService.getLogger(LogService.SECURITY_LOGGER_NAME);
-
-  public RealmInitializer() {
-    // nothing
-  }
-
-  public void initialize(final SecurityManager securityManager) {
-    Realm realm = new CustomAuthRealm(securityManager);
-    DefaultSecurityManager shiroManager = new DefaultSecurityManager(realm);
-    SecurityUtils.setSecurityManager(shiroManager);
-    increaseShiroGlobalSessionTimeout(shiroManager);
-  }
-
-  private void increaseShiroGlobalSessionTimeout(final DefaultSecurityManager shiroManager) {
-    SessionManager sessionManager = shiroManager.getSessionManager();
-    if (DefaultSessionManager.class.isInstance(sessionManager)) {
-      DefaultSessionManager defaultSessionManager = (DefaultSessionManager) sessionManager;
-      defaultSessionManager.setGlobalSessionTimeout(Long.MAX_VALUE);
-      long value = defaultSessionManager.getGlobalSessionTimeout();
-      if (value != Long.MAX_VALUE) {
-        logger.error("Unable to set Shiro Global Session Timeout. Current value is '{}'.", value);
-      }
-    } else {
-      logger.error("Unable to set Shiro Global Session Timeout. Current SessionManager is '{}'.",
-          sessionManager == null ? "null" : sessionManager.getClass());
-    }
-  }
-}

http://git-wip-us.apache.org/repos/asf/geode/blob/fd638d52/geode-core/src/main/java/org/apache/geode/management/cli/CommandService.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/management/cli/CommandService.java b/geode-core/src/main/java/org/apache/geode/management/cli/CommandService.java
index 55957b2..767cf94 100644
--- a/geode-core/src/main/java/org/apache/geode/management/cli/CommandService.java
+++ b/geode-core/src/main/java/org/apache/geode/management/cli/CommandService.java
@@ -19,7 +19,6 @@ import java.util.Map;
 
 import org.apache.geode.cache.Cache;
 import org.apache.geode.cache.CacheClosedException;
-import org.apache.geode.internal.cache.InternalCache;
 import org.apache.geode.internal.i18n.LocalizedStrings;
 import org.apache.geode.management.DependenciesNotFoundException;
 import org.apache.geode.management.internal.cli.CliUtil;
@@ -125,7 +124,7 @@ public abstract class CommandService {
                 .toLocalizedString(new Object[] {nonExistingDependency}));
       }
 
-      localCommandService = new MemberCommandService((InternalCache) cache);
+      localCommandService = new MemberCommandService(cache);
     }
 
     return localCommandService;

http://git-wip-us.apache.org/repos/asf/geode/blob/fd638d52/geode-core/src/main/java/org/apache/geode/management/internal/ManagementAgent.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/ManagementAgent.java b/geode-core/src/main/java/org/apache/geode/management/internal/ManagementAgent.java
index 554dc66..3e6e4484 100755
--- a/geode-core/src/main/java/org/apache/geode/management/internal/ManagementAgent.java
+++ b/geode-core/src/main/java/org/apache/geode/management/internal/ManagementAgent.java
@@ -91,7 +91,7 @@ public class ManagementAgent {
   private JMXConnectorServer jmxConnectorServer;
   private JMXShiroAuthenticator shiroAuthenticator;
   private final DistributionConfig config;
-  private final SecurityService securityService;
+  private SecurityService securityService = SecurityService.getSecurityService();
   private boolean isHttpServiceRunning = false;
 
   /**
@@ -103,9 +103,8 @@ public class ManagementAgent {
   private static final String PULSE_USESSL_MANAGER = "pulse.useSSL.manager";
   private static final String PULSE_USESSL_LOCATOR = "pulse.useSSL.locator";
 
-  public ManagementAgent(DistributionConfig config, SecurityService securityService) {
+  public ManagementAgent(DistributionConfig config) {
     this.config = config;
-    this.securityService = securityService;
   }
 
   public synchronized boolean isRunning() {
@@ -466,14 +465,14 @@ public class ManagementAgent {
         };
 
     if (securityService.isIntegratedSecurity()) {
-      shiroAuthenticator = new JMXShiroAuthenticator(this.securityService);
+      shiroAuthenticator = new JMXShiroAuthenticator();
       env.put(JMXConnectorServer.AUTHENTICATOR, shiroAuthenticator);
       jmxConnectorServer.addNotificationListener(shiroAuthenticator, null,
           jmxConnectorServer.getAttributes());
       // always going to assume authorization is needed as well, if no custom AccessControl, then
       // the CustomAuthRealm
       // should take care of that
-      MBeanServerWrapper mBeanServerWrapper = new MBeanServerWrapper(this.securityService);
+      MBeanServerWrapper mBeanServerWrapper = new MBeanServerWrapper();
       jmxConnectorServer.setMBeanServerForwarder(mBeanServerWrapper);
       registerAccessControlMBean();
     } else {
@@ -502,7 +501,7 @@ public class ManagementAgent {
 
   private void registerAccessControlMBean() {
     try {
-      AccessControlMBean acc = new AccessControlMBean(this.securityService);
+      AccessControlMBean acc = new AccessControlMBean();
       ObjectName accessControlMBeanON = new ObjectName(ResourceConstants.OBJECT_NAME_ACCESSCONTROL);
       MBeanServer platformMBeanServer = ManagementFactory.getPlatformMBeanServer();
 

http://git-wip-us.apache.org/repos/asf/geode/blob/fd638d52/geode-core/src/main/java/org/apache/geode/management/internal/SystemManagementService.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/SystemManagementService.java b/geode-core/src/main/java/org/apache/geode/management/internal/SystemManagementService.java
index 11402f1..fc8eb97 100755
--- a/geode-core/src/main/java/org/apache/geode/management/internal/SystemManagementService.java
+++ b/geode-core/src/main/java/org/apache/geode/management/internal/SystemManagementService.java
@@ -144,7 +144,7 @@ public class SystemManagementService extends BaseManagementService {
 
     this.notificationHub = new NotificationHub(repo);
     if (system.getConfig().getJmxManager()) {
-      this.agent = new ManagementAgent(system.getConfig(), cache.getSecurityService());
+      this.agent = new ManagementAgent(system.getConfig());
     } else {
       this.agent = null;
     }

http://git-wip-us.apache.org/repos/asf/geode/blob/fd638d52/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/CreateAlterDestroyRegionCommands.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/CreateAlterDestroyRegionCommands.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/CreateAlterDestroyRegionCommands.java
index 270972b..ad40518 100644
--- a/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/CreateAlterDestroyRegionCommands.java
+++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/CreateAlterDestroyRegionCommands.java
@@ -31,6 +31,8 @@ import org.apache.geode.distributed.internal.membership.InternalDistributedMembe
 import org.apache.geode.internal.ClassPathLoader;
 import org.apache.geode.internal.cache.InternalCache;
 import org.apache.geode.internal.i18n.LocalizedStrings;
+import org.apache.geode.internal.security.IntegratedSecurityService;
+import org.apache.geode.internal.security.SecurityService;
 import org.apache.geode.management.DistributedRegionMXBean;
 import org.apache.geode.management.DistributedSystemMXBean;
 import org.apache.geode.management.ManagementService;
@@ -51,6 +53,7 @@ import org.apache.geode.management.internal.cli.functions.RegionCreateFunction;
 import org.apache.geode.management.internal.cli.functions.RegionDestroyFunction;
 import org.apache.geode.management.internal.cli.functions.RegionFunctionArgs;
 import org.apache.geode.management.internal.cli.i18n.CliStrings;
+import org.apache.geode.management.internal.cli.result.CommandResultException;
 import org.apache.geode.management.internal.cli.result.ResultBuilder;
 import org.apache.geode.management.internal.cli.result.TabularResultData;
 import org.apache.geode.management.internal.cli.util.RegionPath;
@@ -86,6 +89,8 @@ public class CreateAlterDestroyRegionCommands implements GfshCommand {
 
   public static final Set<RegionShortcut> PERSISTENT_OVERFLOW_SHORTCUTS = new TreeSet<>();
 
+  private SecurityService securityService = IntegratedSecurityService.getSecurityService();
+
   static {
     PERSISTENT_OVERFLOW_SHORTCUTS.add(RegionShortcut.PARTITION_PERSISTENT);
     PERSISTENT_OVERFLOW_SHORTCUTS.add(RegionShortcut.PARTITION_REDUNDANT_PERSISTENT);
@@ -421,7 +426,7 @@ public class CreateAlterDestroyRegionCommands implements GfshCommand {
     Result result;
     AtomicReference<XmlEntity> xmlEntity = new AtomicReference<>();
 
-    getCache().getSecurityService().authorizeRegionManage(regionPath);
+    this.securityService.authorizeRegionManage(regionPath);
 
     try {
       InternalCache cache = getCache();

http://git-wip-us.apache.org/repos/asf/geode/blob/fd638d52/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/DataCommands.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/DataCommands.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/DataCommands.java
index 887470d..cb9c4fe 100644
--- a/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/DataCommands.java
+++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/DataCommands.java
@@ -33,6 +33,8 @@ import org.apache.geode.cache.execute.ResultCollector;
 import org.apache.geode.cache.partition.PartitionRebalanceInfo;
 import org.apache.geode.distributed.DistributedMember;
 import org.apache.geode.internal.cache.InternalCache;
+import org.apache.geode.internal.security.IntegratedSecurityService;
+import org.apache.geode.internal.security.SecurityService;
 import org.apache.geode.management.DistributedRegionMXBean;
 import org.apache.geode.management.ManagementService;
 import org.apache.geode.management.cli.CliMetaData;
@@ -44,7 +46,6 @@ import org.apache.geode.management.internal.cli.LogWrapper;
 import org.apache.geode.management.internal.cli.domain.DataCommandRequest;
 import org.apache.geode.management.internal.cli.domain.DataCommandResult;
 import org.apache.geode.management.internal.cli.functions.DataCommandFunction;
-import org.apache.geode.management.internal.cli.functions.DataCommandFunction.SelectExecStep;
 import org.apache.geode.management.internal.cli.functions.ExportDataFunction;
 import org.apache.geode.management.internal.cli.functions.ImportDataFunction;
 import org.apache.geode.management.internal.cli.functions.RebalanceFunction;
@@ -85,21 +86,13 @@ import java.util.concurrent.TimeoutException;
  */
 public class DataCommands implements GfshCommand {
 
-  private final int resultItemCount = 9;
+  final int resultItemCount = 9;
 
   private final ExportDataFunction exportDataFunction = new ExportDataFunction();
 
   private final ImportDataFunction importDataFunction = new ImportDataFunction();
 
-  @Override
-  public Gfsh getGfsh() {
-    return Gfsh.getCurrentInstance();
-  }
-
-  @Override
-  public InternalCache getCache() {
-    return (InternalCache) CacheFactory.getAnyInstance();
-  }
+  private SecurityService securityService = IntegratedSecurityService.getSecurityService();
 
   @CliCommand(value = CliStrings.REBALANCE, help = CliStrings.REBALANCE__HELP)
   @CliMetaData(relatedTopic = {CliStrings.TOPIC_GEODE_DATA, CliStrings.TOPIC_GEODE_REGION})
@@ -153,14 +146,14 @@ public class DataCommands implements GfshCommand {
       return executeRebalanceWithTimeout(includeRegions, excludeRegions, simulate);
     }
 
-    ExecuteRebalanceWithTimeout(String[] includedRegions, String[] excludedRegions,
+    public ExecuteRebalanceWithTimeout(String[] includedRegions, String[] excludedRegions,
         boolean toSimulate) {
       includeRegions = includedRegions;
       excludeRegions = excludedRegions;
       simulate = toSimulate;
     }
 
-    Result executeRebalanceWithTimeout(String[] includeRegions, String[] excludeRegions,
+    public Result executeRebalanceWithTimeout(String[] includeRegions, String[] excludeRegions,
         boolean simulate) {
 
       Result result = null;
@@ -458,14 +451,14 @@ public class DataCommands implements GfshCommand {
     return result;
   }
 
-  private boolean checkMemberPresence(DistributedMember dsMember, InternalCache cache) {
+  public boolean checkMemberPresence(DistributedMember dsMember, InternalCache cache) {
     // check if member's presence just before executing function
     // this is to avoid running a function on departed members #47248
     Set<DistributedMember> dsMemberList = CliUtil.getAllNormalMembers(cache);
     return dsMemberList.contains(dsMember);
   }
 
-  private String listOfAllMembers(ArrayList<DistributedMember> dsMemberList) {
+  public String listOfAllMembers(ArrayList<DistributedMember> dsMemberList) {
     StringBuilder listMembersId = new StringBuilder();
     for (int j = 0; j < dsMemberList.size() - 1; j++) {
       listMembersId.append(dsMemberList.get(j).getId());
@@ -474,7 +467,7 @@ public class DataCommands implements GfshCommand {
     return listMembersId.toString();
   }
 
-  private CompositeResultData toCompositeResultData(CompositeResultData rebalanceResulteData,
+  protected CompositeResultData toCompositeResultData(CompositeResultData rebalanceResulteData,
       ArrayList<String> rstlist, int index, boolean simulate, InternalCache cache) {
 
     // add only if there are any valid regions in results
@@ -630,7 +623,7 @@ public class DataCommands implements GfshCommand {
     return rebalanceResultData;
   }
 
-  private DistributedMember getAssociatedMembers(String region, final InternalCache cache) {
+  public DistributedMember getAssociatedMembers(String region, final InternalCache cache) {
     DistributedRegionMXBean bean =
         ManagementService.getManagementService(cache).getDistributedRegionMXBean(region);
 
@@ -748,7 +741,7 @@ public class DataCommands implements GfshCommand {
           optionContext = ConverterHint.MEMBERIDNAME, mandatory = true,
           help = CliStrings.EXPORT_DATA__MEMBER__HELP) String memberNameOrId) {
 
-    getCache().getSecurityService().authorizeRegionRead(regionName);
+    this.securityService.authorizeRegionRead(regionName);
     final DistributedMember targetMember = CliUtil.getDistributedMemberByNameOrId(memberNameOrId);
     Result result;
 
@@ -806,7 +799,7 @@ public class DataCommands implements GfshCommand {
       @CliOption(key = CliStrings.IMPORT_DATA__INVOKE_CALLBACKS, unspecifiedDefaultValue = "false",
           help = CliStrings.IMPORT_DATA__INVOKE_CALLBACKS__HELP) boolean invokeCallbacks) {
 
-    getCache().getSecurityService().authorizeRegionWrite(regionName);
+    this.securityService.authorizeRegionWrite(regionName);
 
     Result result;
 
@@ -867,8 +860,8 @@ public class DataCommands implements GfshCommand {
       @CliOption(key = {CliStrings.PUT__PUTIFABSENT}, help = CliStrings.PUT__PUTIFABSENT__HELP,
           unspecifiedDefaultValue = "false") boolean putIfAbsent) {
 
+    this.securityService.authorizeRegionWrite(regionPath);
     InternalCache cache = getCache();
-    cache.getSecurityService().authorizeRegionWrite(regionPath);
     DataCommandResult dataResult;
     if (StringUtils.isEmpty(regionPath)) {
       return makePresentationResult(DataCommandResult.createPutResult(key, null, null,
@@ -938,9 +931,9 @@ public class DataCommands implements GfshCommand {
       @CliOption(key = CliStrings.GET__LOAD, unspecifiedDefaultValue = "true",
           specifiedDefaultValue = "true",
           help = CliStrings.GET__LOAD__HELP) Boolean loadOnCacheMiss) {
+    this.securityService.authorizeRegionRead(regionPath, key);
 
     InternalCache cache = getCache();
-    cache.getSecurityService().authorizeRegionRead(regionPath, key);
     DataCommandResult dataResult;
 
     if (StringUtils.isEmpty(regionPath)) {
@@ -966,7 +959,7 @@ public class DataCommands implements GfshCommand {
         request.setRegionName(regionPath);
         request.setValueClass(valueClass);
         request.setLoadOnCacheMiss(loadOnCacheMiss);
-        Subject subject = cache.getSecurityService().getSubject();
+        Subject subject = this.securityService.getSubject();
         if (subject != null) {
           request.setPrincipal(subject.getPrincipal());
         }
@@ -977,8 +970,7 @@ public class DataCommands implements GfshCommand {
             false);
       }
     } else {
-      dataResult = getfn.get(null, key, keyClass, valueClass, regionPath, loadOnCacheMiss,
-          cache.getSecurityService());
+      dataResult = getfn.get(null, key, keyClass, valueClass, regionPath, loadOnCacheMiss);
     }
     dataResult.setKeyClass(keyClass);
     if (valueClass != null) {
@@ -1004,7 +996,7 @@ public class DataCommands implements GfshCommand {
           help = CliStrings.LOCATE_ENTRY__RECURSIVE__HELP,
           unspecifiedDefaultValue = "false") boolean recursive) {
 
-    getCache().getSecurityService().authorizeRegionRead(regionPath, key);
+    this.securityService.authorizeRegionRead(regionPath, key);
 
     DataCommandResult dataResult;
 
@@ -1067,9 +1059,9 @@ public class DataCommands implements GfshCommand {
     }
 
     if (removeAllKeys) {
-      cache.getSecurityService().authorizeRegionWrite(regionPath);
+      this.securityService.authorizeRegionWrite(regionPath);
     } else {
-      cache.getSecurityService().authorizeRegionWrite(regionPath, key);
+      this.securityService.authorizeRegionWrite(regionPath, key);
     }
 
     @SuppressWarnings("rawtypes")
@@ -1115,7 +1107,7 @@ public class DataCommands implements GfshCommand {
     }
 
     Object[] arguments = new Object[] {query, stepName, interactive};
-    CLIStep exec = new SelectExecStep(arguments);
+    CLIStep exec = new DataCommandFunction.SelectExecStep(arguments);
     CLIStep display = new DataCommandFunction.SelectDisplayStep(arguments);
     CLIStep move = new DataCommandFunction.SelectMoveStep(arguments);
     CLIStep quit = new DataCommandFunction.SelectQuitStep(arguments);
@@ -1135,15 +1127,14 @@ public class DataCommands implements GfshCommand {
   }
 
   private static class MemberPRInfo {
-    ArrayList<DistributedMember> dsMemberList;
+    public ArrayList<DistributedMember> dsMemberList;
     public String region;
 
-    MemberPRInfo() {
+    public MemberPRInfo() {
       region = "";
       dsMemberList = new ArrayList<>();
     }
 
-    @Override
     public boolean equals(Object o2) {
       return o2 != null && this.region.equals(((MemberPRInfo) o2).region);
     }

http://git-wip-us.apache.org/repos/asf/geode/blob/fd638d52/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/DeployCommands.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/DeployCommands.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/DeployCommands.java
index 8511de8..30d840a 100644
--- a/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/DeployCommands.java
+++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/DeployCommands.java
@@ -14,8 +14,6 @@
  */
 package org.apache.geode.management.internal.cli.commands;
 
-import static org.apache.commons.io.FileUtils.ONE_MB;
-
 import org.apache.geode.SystemFailure;
 import org.apache.geode.cache.execute.ResultCollector;
 import org.apache.geode.distributed.DistributedMember;
@@ -33,6 +31,7 @@ import org.apache.geode.management.internal.cli.functions.ListDeployedFunction;
 import org.apache.geode.management.internal.cli.functions.UndeployFunction;
 import org.apache.geode.management.internal.cli.i18n.CliStrings;
 import org.apache.geode.management.internal.cli.remote.CommandExecutionContext;
+import org.apache.geode.management.internal.cli.result.CommandResultException;
 import org.apache.geode.management.internal.cli.result.FileResult;
 import org.apache.geode.management.internal.cli.result.ResultBuilder;
 import org.apache.geode.management.internal.cli.result.TabularResultData;
@@ -51,9 +50,11 @@ import java.util.List;
 import java.util.Map;
 import java.util.Set;
 
+
 /**
  * Commands for deploying, un-deploying and listing files deployed using the command line shell.
- *
+ * <p/>
+ * 
  * @see GfshCommand
  * @since GemFire 7.0
  */
@@ -84,7 +85,7 @@ public class DeployCommands implements GfshCommand {
 
       // since deploy function can potentially do a lot of damage to security, this action should
       // require these following privileges
-      SecurityService securityService = getCache().getSecurityService();
+      SecurityService securityService = SecurityService.getSecurityService();
       securityService.authorizeClusterManage();
       securityService.authorizeClusterWrite();
       securityService.authorizeDataManage();
@@ -281,7 +282,7 @@ public class DeployCommands implements GfshCommand {
       return true;
     }
 
-    return getGfsh() != null && getGfsh().isConnectedAndReady();
+    return (getGfsh() != null && getGfsh().isConnectedAndReady());
   }
 
   /**
@@ -295,15 +296,15 @@ public class DeployCommands implements GfshCommand {
       Map<String, String> paramValueMap = parseResult.getParamValueStrings();
 
       String jar = paramValueMap.get("jar");
-      jar = jar == null ? null : jar.trim();
+      jar = (jar == null) ? null : jar.trim();
 
       String dir = paramValueMap.get("dir");
-      dir = dir == null ? null : dir.trim();
+      dir = (dir == null) ? null : dir.trim();
 
       String group = paramValueMap.get("group");
-      group = group == null ? null : group.trim();
+      group = (group == null) ? null : group.trim();
 
-      String jarOrDir = jar != null ? jar : dir;
+      String jarOrDir = (jar != null ? jar : dir);
 
       if (jar == null && dir == null) {
         return ResultBuilder.createUserErrorResult(
@@ -324,7 +325,7 @@ public class DeployCommands implements GfshCommand {
       if (dir != null) {
         String message =
             "\nDeploying files: " + fileResult.getFormattedFileList() + "\nTotal file size is: "
-                + this.numFormatter.format((double) fileResult.computeFileSizeTotal() / ONE_MB)
+                + this.numFormatter.format(((double) fileResult.computeFileSizeTotal() / 1048576))
                 + "MB\n\nContinue? ";
 
         if (readYesNo(message, Response.YES) == Response.NO) {

http://git-wip-us.apache.org/repos/asf/geode/blob/fd638d52/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/GfshCommand.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/GfshCommand.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/GfshCommand.java
index 86296b4..d46024d 100644
--- a/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/GfshCommand.java
+++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/GfshCommand.java
@@ -37,7 +37,8 @@ import java.util.Set;
 
 /**
  * Encapsulates common functionality for implementing command classes for the Geode shell (gfsh).
- *
+ * <p>
+ * 
  * @see org.apache.geode.cache.Cache
  * @see org.apache.geode.cache.execute.FunctionService
  * @see org.apache.geode.distributed.DistributedMember
@@ -47,13 +48,13 @@ import java.util.Set;
 @SuppressWarnings("unused")
 public interface GfshCommand extends CommandMarker {
   default String convertDefaultValue(final String from, final String to) {
-    return CliMetaData.ANNOTATION_DEFAULT_VALUE.equals(from) ? to : from;
+    return (CliMetaData.ANNOTATION_DEFAULT_VALUE.equals(from) ? to : from);
   }
 
   default String toString(final Boolean condition, final String trueValue,
       final String falseValue) {
-    return Boolean.TRUE.equals(condition) ? StringUtils.defaultIfBlank(trueValue, "true")
-        : StringUtils.defaultIfBlank(falseValue, "false");
+    return (Boolean.TRUE.equals(condition) ? StringUtils.defaultIfBlank(trueValue, "true")
+        : StringUtils.defaultIfBlank(falseValue, "false"));
   }
 
   default String toString(final Throwable t, final boolean printStackTrace) {
@@ -69,12 +70,12 @@ public interface GfshCommand extends CommandMarker {
   }
 
   default boolean isConnectedAndReady() {
-    return getGfsh() != null && getGfsh().isConnectedAndReady();
+    return (getGfsh() != null && getGfsh().isConnectedAndReady());
   }
 
   default ClusterConfigurationService getSharedConfiguration() {
     InternalLocator locator = InternalLocator.getLocator();
-    return locator == null ? null : locator.getSharedConfiguration();
+    return (locator == null) ? null : locator.getSharedConfiguration();
   }
 
   default void persistClusterConfiguration(Result result, Runnable runnable) {
@@ -91,11 +92,11 @@ public interface GfshCommand extends CommandMarker {
   }
 
   default boolean isDebugging() {
-    return getGfsh() != null && getGfsh().getDebug();
+    return (getGfsh() != null && getGfsh().getDebug());
   }
 
   default boolean isLogging() {
-    return getGfsh() != null;
+    return (getGfsh() != null);
   }
 
   default InternalCache getCache() {
@@ -121,7 +122,7 @@ public interface GfshCommand extends CommandMarker {
 
   /**
    * Gets all members in the GemFire distributed system/cache.
-   *
+   * 
    * @param cache the GemFire cache.
    * @return all members in the GemFire distributed system/cache.
    * @see org.apache.geode.management.internal.cli.CliUtil#getAllMembers(org.apache.geode.internal.cache.InternalCache)


Mime
View raw message