geode-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From aba...@apache.org
Subject [10/58] [abbrv] geode git commit: GEODE-2632: use immutable SecurityService impls to improve performance
Date Mon, 17 Jul 2017 18:06:19 GMT
http://git-wip-us.apache.org/repos/asf/geode/blob/5eca6f03/geode-core/src/main/java/org/apache/geode/distributed/internal/membership/gms/Services.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/distributed/internal/membership/gms/Services.java b/geode-core/src/main/java/org/apache/geode/distributed/internal/membership/gms/Services.java
index 1404b3b..2d6af1a 100644
--- a/geode-core/src/main/java/org/apache/geode/distributed/internal/membership/gms/Services.java
+++ b/geode-core/src/main/java/org/apache/geode/distributed/internal/membership/gms/Services.java
@@ -26,7 +26,12 @@ import org.apache.geode.distributed.internal.membership.MembershipManager;
 import org.apache.geode.distributed.internal.membership.NetView;
 import org.apache.geode.distributed.internal.membership.gms.auth.GMSAuthenticator;
 import org.apache.geode.distributed.internal.membership.gms.fd.GMSHealthMonitor;
-import org.apache.geode.distributed.internal.membership.gms.interfaces.*;
+import org.apache.geode.distributed.internal.membership.gms.interfaces.Authenticator;
+import org.apache.geode.distributed.internal.membership.gms.interfaces.HealthMonitor;
+import org.apache.geode.distributed.internal.membership.gms.interfaces.JoinLeave;
+import org.apache.geode.distributed.internal.membership.gms.interfaces.Locator;
+import org.apache.geode.distributed.internal.membership.gms.interfaces.Manager;
+import org.apache.geode.distributed.internal.membership.gms.interfaces.Messenger;
 import org.apache.geode.distributed.internal.membership.gms.locator.GMSLocator;
 import org.apache.geode.distributed.internal.membership.gms.membership.GMSJoinLeave;
 import org.apache.geode.distributed.internal.membership.gms.messenger.JGroupsMessenger;
@@ -35,6 +40,8 @@ import org.apache.geode.internal.admin.remote.RemoteTransportConfig;
 import org.apache.geode.internal.logging.InternalLogWriter;
 import org.apache.geode.internal.logging.LogService;
 import org.apache.geode.internal.logging.LoggingThreadGroup;
+import org.apache.geode.internal.security.SecurityService;
+import org.apache.geode.internal.security.SecurityServiceFactory;
 import org.apache.geode.security.AuthenticationFailedException;
 import org.apache.logging.log4j.Logger;
 
@@ -51,26 +58,27 @@ public class Services {
   private static InternalLogWriter staticLogWriter;
   private static InternalLogWriter staticSecurityLogWriter;
 
-  final private Manager manager;
-  final private JoinLeave joinLeave;
-  private Locator locator;
-  final private HealthMonitor healthMon;
-  final private Messenger messenger;
-  final private Authenticator auth;
-  final private ServiceConfig config;
-  final private DMStats stats;
-  final private Stopper cancelCriterion;
+  private final Manager manager;
+  private final JoinLeave joinLeave;
+  private final HealthMonitor healthMon;
+  private final Messenger messenger;
+  private final Authenticator auth;
+  private final ServiceConfig config;
+  private final DMStats stats;
+  private final Stopper cancelCriterion;
+  private final SecurityService securityService;
+
   private volatile boolean stopping;
   private volatile boolean stopped;
   private volatile Exception shutdownCause;
 
+  private Locator locator;
+
   private InternalLogWriter logWriter;
   private InternalLogWriter securityLogWriter;
 
   private final Timer timer = new Timer("Geode Membership Timer", true);
 
-
-
   /**
    * A common logger for membership classes
    */
@@ -96,7 +104,6 @@ public class Services {
     return this.stopped;
   }
 
-
   /**
    * for testing only - create a non-functional Services object with a Stopper
    */
@@ -108,11 +115,12 @@ public class Services {
     this.joinLeave = null;
     this.healthMon = null;
     this.messenger = null;
+    this.securityService = SecurityServiceFactory.create();
     this.auth = null;
   }
 
   public Services(DistributedMembershipListener listener, DistributionConfig config,
-      RemoteTransportConfig transport, DMStats stats) {
+      RemoteTransportConfig transport, DMStats stats, SecurityService securityService) {
     this.cancelCriterion = new Stopper();
     this.stats = stats;
     this.config = new ServiceConfig(transport, config);
@@ -120,15 +128,16 @@ public class Services {
     this.joinLeave = new GMSJoinLeave();
     this.healthMon = new GMSHealthMonitor();
     this.messenger = new JGroupsMessenger();
+    this.securityService = securityService;
     this.auth = new GMSAuthenticator();
   }
 
   protected void init() {
     // InternalDistributedSystem establishes this log writer at boot time
     // TODO fix this so that IDS doesn't know about Services
-    securityLogWriter = staticSecurityLogWriter;
+    this.securityLogWriter = staticSecurityLogWriter;
     staticSecurityLogWriter = null;
-    logWriter = staticLogWriter;
+    this.logWriter = staticLogWriter;
     staticLogWriter = null;
     this.auth.init(this);
     this.messenger.init(this);
@@ -186,29 +195,29 @@ public class Services {
   }
 
   public void emergencyClose() {
-    if (stopping) {
+    if (this.stopping) {
       return;
     }
-    stopping = true;
+    this.stopping = true;
     logger.info("Stopping membership services");
-    timer.cancel();
+    this.timer.cancel();
     try {
-      joinLeave.emergencyClose();
+      this.joinLeave.emergencyClose();
     } finally {
       try {
-        healthMon.emergencyClose();
+        this.healthMon.emergencyClose();
       } finally {
         try {
-          auth.emergencyClose();
+          this.auth.emergencyClose();
         } finally {
           try {
-            messenger.emergencyClose();
+            this.messenger.emergencyClose();
           } finally {
             try {
-              manager.emergencyClose();
+              this.manager.emergencyClose();
             } finally {
-              cancelCriterion.cancel("Membership services are shut down");
-              stopped = true;
+              this.cancelCriterion.cancel("Membership services are shut down");
+              this.stopped = true;
             }
           }
         }
@@ -217,31 +226,31 @@ public class Services {
   }
 
   public void stop() {
-    if (stopping) {
+    if (this.stopping) {
       return;
     }
     logger.info("Stopping membership services");
-    stopping = true;
+    this.stopping = true;
     try {
-      timer.cancel();
+      this.timer.cancel();
     } finally {
       try {
-        joinLeave.stop();
+        this.joinLeave.stop();
       } finally {
         try {
-          healthMon.stop();
+          this.healthMon.stop();
         } finally {
           try {
-            auth.stop();
+            this.auth.stop();
           } finally {
             try {
-              messenger.stop();
+              this.messenger.stop();
             } finally {
               try {
-                manager.stop();
+                this.manager.stop();
               } finally {
-                cancelCriterion.cancel("Membership services are shut down");
-                stopped = true;
+                this.cancelCriterion.cancel("Membership services are shut down");
+                this.stopped = true;
               }
             }
           }
@@ -258,6 +267,10 @@ public class Services {
     staticSecurityLogWriter = securityWriter;
   }
 
+  public SecurityService getSecurityService() {
+    return this.securityService;
+  }
+
   public InternalLogWriter getLogWriter() {
     return this.logWriter;
   }
@@ -267,38 +280,38 @@ public class Services {
   }
 
   public Authenticator getAuthenticator() {
-    return auth;
+    return this.auth;
   }
 
   public void installView(NetView v) {
     try {
-      auth.installView(v);
+      this.auth.installView(v);
     } catch (AuthenticationFailedException e) {
       return;
     }
-    if (locator != null) {
-      locator.installView(v);
+    if (this.locator != null) {
+      this.locator.installView(v);
     }
-    healthMon.installView(v);
-    messenger.installView(v);
-    manager.installView(v);
+    this.healthMon.installView(v);
+    this.messenger.installView(v);
+    this.manager.installView(v);
   }
 
   public void memberSuspected(InternalDistributedMember initiator,
       InternalDistributedMember suspect, String reason) {
     try {
-      joinLeave.memberSuspected(initiator, suspect, reason);
+      this.joinLeave.memberSuspected(initiator, suspect, reason);
     } finally {
       try {
-        healthMon.memberSuspected(initiator, suspect, reason);
+        this.healthMon.memberSuspected(initiator, suspect, reason);
       } finally {
         try {
-          auth.memberSuspected(initiator, suspect, reason);
+          this.auth.memberSuspected(initiator, suspect, reason);
         } finally {
           try {
-            messenger.memberSuspected(initiator, suspect, reason);
+            this.messenger.memberSuspected(initiator, suspect, reason);
           } finally {
-            manager.memberSuspected(initiator, suspect, reason);
+            this.manager.memberSuspected(initiator, suspect, reason);
           }
         }
       }
@@ -306,11 +319,11 @@ public class Services {
   }
 
   public Manager getManager() {
-    return manager;
+    return this.manager;
   }
 
   public Locator getLocator() {
-    return locator;
+    return this.locator;
   }
 
   public void setLocator(Locator locator) {
@@ -318,11 +331,11 @@ public class Services {
   }
 
   public JoinLeave getJoinLeave() {
-    return joinLeave;
+    return this.joinLeave;
   }
 
   public HealthMonitor getHealthMonitor() {
-    return healthMon;
+    return this.healthMon;
   }
 
   public ServiceConfig getConfig() {
@@ -346,11 +359,11 @@ public class Services {
   }
 
   public Exception getShutdownCause() {
-    return shutdownCause;
+    return this.shutdownCause;
   }
 
   public boolean isShutdownDueToForcedDisconnect() {
-    return shutdownCause instanceof ForcedDisconnectException;
+    return this.shutdownCause instanceof ForcedDisconnectException;
   }
 
   public boolean isAutoReconnectEnabled() {
@@ -358,8 +371,8 @@ public class Services {
   }
 
   public byte[] getPublicKey(InternalDistributedMember mbr) {
-    if (locator != null) {
-      return ((GMSLocator) locator).getPublicKey(mbr);
+    if (this.locator != null) {
+      return ((GMSLocator) this.locator).getPublicKey(mbr);
     }
     return null;
   }
@@ -375,7 +388,7 @@ public class Services {
     public String cancelInProgress() {
       if (Services.this.shutdownCause != null)
         return Services.this.shutdownCause.toString();
-      return reasonForStopping;
+      return this.reasonForStopping;
     }
 
     @Override

http://git-wip-us.apache.org/repos/asf/geode/blob/5eca6f03/geode-core/src/main/java/org/apache/geode/distributed/internal/membership/gms/auth/GMSAuthenticator.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/distributed/internal/membership/gms/auth/GMSAuthenticator.java b/geode-core/src/main/java/org/apache/geode/distributed/internal/membership/gms/auth/GMSAuthenticator.java
index ab0ca6b..f895b96 100755
--- a/geode-core/src/main/java/org/apache/geode/distributed/internal/membership/gms/auth/GMSAuthenticator.java
+++ b/geode-core/src/main/java/org/apache/geode/distributed/internal/membership/gms/auth/GMSAuthenticator.java
@@ -14,14 +14,14 @@
  */
 package org.apache.geode.distributed.internal.membership.gms.auth;
 
-import static org.apache.geode.distributed.ConfigurationProperties.*;
-import static org.apache.geode.internal.i18n.LocalizedStrings.*;
-
-import java.security.Principal;
-import java.util.Properties;
+import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_PEER_AUTHENTICATOR;
+import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_PEER_AUTH_INIT;
+import static org.apache.geode.internal.i18n.LocalizedStrings.AUTH_PEER_AUTHENTICATION_FAILED;
+import static org.apache.geode.internal.i18n.LocalizedStrings.AUTH_PEER_AUTHENTICATION_FAILED_WITH_EXCEPTION;
+import static org.apache.geode.internal.i18n.LocalizedStrings.AUTH_PEER_AUTHENTICATION_MISSING_CREDENTIALS;
+import static org.apache.geode.internal.i18n.LocalizedStrings.HandShake_FAILED_TO_ACQUIRE_AUTHENTICATOR_OBJECT;
 
 import org.apache.commons.lang.StringUtils;
-
 import org.apache.geode.LogWriter;
 import org.apache.geode.distributed.DistributedMember;
 import org.apache.geode.distributed.internal.membership.InternalDistributedMember;
@@ -31,16 +31,18 @@ import org.apache.geode.distributed.internal.membership.gms.interfaces.Authentic
 import org.apache.geode.internal.cache.tier.sockets.HandShake;
 import org.apache.geode.internal.i18n.LocalizedStrings;
 import org.apache.geode.internal.logging.InternalLogWriter;
-import org.apache.geode.internal.security.IntegratedSecurityService;
+import org.apache.geode.internal.security.CallbackInstantiator;
 import org.apache.geode.internal.security.SecurityService;
 import org.apache.geode.security.AuthenticationFailedException;
 import org.apache.geode.security.GemFireSecurityException;
 
+import java.security.Principal;
+import java.util.Properties;
+
 public class GMSAuthenticator implements Authenticator {
 
   private Services services;
   private Properties securityProps;
-  private SecurityService securityService = IntegratedSecurityService.getSecurityService();
 
   @Override
   public void init(Services s) {
@@ -98,11 +100,12 @@ public class GMSAuthenticator implements Authenticator {
    */
   String authenticate(DistributedMember member, Properties credentials, Properties secProps)
       throws AuthenticationFailedException {
+    SecurityService securityService = this.services.getSecurityService();
+
     // For older systems, locator might be started without cache, so secureService may not be
-    // initialized here. We need to check
-    // if the passed in secProps has peer authenticator or not
+    // initialized here. We need to check if the passed in secProps has peer authenticator or not at
+    // this point
     String authMethod = secProps.getProperty(SECURITY_PEER_AUTHENTICATOR);
-    // at this point,
     if (!securityService.isPeerSecurityRequired() && StringUtils.isBlank(authMethod)) {
       return null;
     }
@@ -116,9 +119,9 @@ public class GMSAuthenticator implements Authenticator {
 
     String failMsg = null;
     try {
-      if (this.securityService.isIntegratedSecurity()) {
-        this.securityService.login(credentials);
-        this.securityService.authorizeClusterManage();
+      if (securityService.isIntegratedSecurity()) {
+        securityService.login(credentials);
+        securityService.authorizeClusterManage();
       } else {
         invokeAuthenticator(secProps, member, credentials);
       }
@@ -140,15 +143,15 @@ public class GMSAuthenticator implements Authenticator {
     String authMethod = securityProps.getProperty(SECURITY_PEER_AUTHENTICATOR);
     org.apache.geode.security.Authenticator auth = null;
     try {
-      auth = SecurityService.getObjectOfType(authMethod,
+      auth = CallbackInstantiator.getObjectOfType(authMethod,
           org.apache.geode.security.Authenticator.class);
 
       LogWriter logWriter = this.services.getLogWriter();
       LogWriter securityLogWriter = this.services.getSecurityLogWriter();
-      auth.init(this.securityProps, logWriter, securityLogWriter); // this.securityProps contains
-                                                                   // security-ldap-basedn but
-                                                                   // security-ldap-baseDomainName
-                                                                   // is expected
+
+      // this.securityProps contains security-ldap-basedn but security-ldap-baseDomainName is
+      // expected
+      auth.init(this.securityProps, logWriter, securityLogWriter);
       return auth.authenticate(credentials, member);
 
     } catch (GemFireSecurityException gse) {

http://git-wip-us.apache.org/repos/asf/geode/blob/5eca6f03/geode-core/src/main/java/org/apache/geode/internal/ClassLoadUtil.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/ClassLoadUtil.java b/geode-core/src/main/java/org/apache/geode/internal/ClassLoadUtil.java
index 60d1d39..5dad332 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/ClassLoadUtil.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/ClassLoadUtil.java
@@ -21,39 +21,20 @@ import java.util.Map;
 
 public class ClassLoadUtil {
 
-  static Map primTypes;
-  static Map wrapperTypes;
+  private static final Map<String, Class> PRIMITIVE_TYPES = primitiveTypes();
 
-  static {
-
-    if (primTypes == null) {
-      Map ptMap = new HashMap();
-      ptMap.put(boolean.class.getName(), boolean.class);
-      ptMap.put(char.class.getName(), char.class);
-      ptMap.put(byte.class.getName(), byte.class);
-      ptMap.put(short.class.getName(), short.class);
-      ptMap.put(int.class.getName(), int.class);
-      ptMap.put(long.class.getName(), long.class);
-      ptMap.put(float.class.getName(), float.class);
-      ptMap.put(double.class.getName(), double.class);
-      ptMap.put(void.class.getName(), void.class);
-      // Do this at the end to support multiple threads without synchronizing
-      primTypes = ptMap;
-    }
-
-    if (wrapperTypes == null) {
-      Map wtMap = new HashMap();
-      wtMap.put(boolean.class.getName(), Boolean.class);
-      wtMap.put(char.class.getName(), Character.class);
-      wtMap.put(byte.class.getName(), Byte.class);
-      wtMap.put(short.class.getName(), Short.class);
-      wtMap.put(int.class.getName(), Integer.class);
-      wtMap.put(long.class.getName(), Long.class);
-      wtMap.put(float.class.getName(), Float.class);
-      wtMap.put(double.class.getName(), Double.class);
-      // Do this at the end to support multiple threads without synchronizing
-      wrapperTypes = wtMap;
-    }
+  private static Map primitiveTypes() {
+    Map<String, Class> ptMap = new HashMap<>();
+    ptMap.put(boolean.class.getName(), boolean.class);
+    ptMap.put(char.class.getName(), char.class);
+    ptMap.put(byte.class.getName(), byte.class);
+    ptMap.put(short.class.getName(), short.class);
+    ptMap.put(int.class.getName(), int.class);
+    ptMap.put(long.class.getName(), long.class);
+    ptMap.put(float.class.getName(), float.class);
+    ptMap.put(double.class.getName(), double.class);
+    ptMap.put(void.class.getName(), void.class);
+    return ptMap;
   }
 
   /**
@@ -68,9 +49,9 @@ public class ClassLoadUtil {
   }
 
   /**
-   * Resolve the method from the given qualified name.
+   * Resolve the method from the given qualified name. Only zero argument methods are supported.
    */
-  public static Method methodFromName(String fullyQualifiedMethodName, Class[] parameterTypes)
+  public static Method methodFromName(String fullyQualifiedMethodName)
       throws ClassNotFoundException, NoSuchMethodException, SecurityException {
     int classIndex = fullyQualifiedMethodName.lastIndexOf('.');
     if (classIndex <= 0) {
@@ -82,34 +63,16 @@ public class ClassLoadUtil {
       throw new NoSuchMethodException(className + " cannot be one of the primitive types");
     }
     String methodName = fullyQualifiedMethodName.substring(classIndex + 1);
-    Class result = ClassPathLoader.getLatest().forName(className);
-    return result.getMethod(methodName, parameterTypes);
-  }
-
-  /**
-   * Resolve the method from the given qualified name. Only zero argument methods are supported.
-   */
-  public static Method methodFromName(String fullyQualifiedMethodName)
-      throws ClassNotFoundException, NoSuchMethodException, SecurityException {
-    return methodFromName(fullyQualifiedMethodName, (Class[]) null);
+    Class<?> result = ClassPathLoader.getLatest().forName(className);
+    return result.getMethod(methodName);
   }
 
   /**
    * If the argument className is the name of a primitive type (including "void"), return the
    * primitive type class (ex, boolean.class). Otherwise, return null.
    */
-  public static Class checkForPrimType(String className) {
-
-    return (Class) primTypes.get(className);
-  }
-
-  /**
-   * If the argument className is the name of a primitive type (not including "void"), return the
-   * wrapper class for that type (ex, Boolean.class). Otherwise, return null.
-   */
-  public static Class checkForWrapperType(String className) {
-
-    return (Class) wrapperTypes.get(className);
+  private static Class checkForPrimType(String className) {
+    return PRIMITIVE_TYPES.get(className);
   }
 
 }

http://git-wip-us.apache.org/repos/asf/geode/blob/5eca6f03/geode-core/src/main/java/org/apache/geode/internal/cache/AbstractLRURegionMap.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/AbstractLRURegionMap.java b/geode-core/src/main/java/org/apache/geode/internal/cache/AbstractLRURegionMap.java
index 988be0a..9f02c58 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/AbstractLRURegionMap.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/AbstractLRURegionMap.java
@@ -192,7 +192,6 @@ public abstract class AbstractLRURegionMap extends AbstractRegionMap {
         }
       }
     }
-    // TODO:KIRK:OK if (le.getValueInVM((RegionEntryContext) _getOwnerObject()) != cd) return false;
     boolean result = false;
     int delta = le.updateEntrySize(_getCCHelper(), new CDValueWrapper(v));
     if (delta != 0) {

http://git-wip-us.apache.org/repos/asf/geode/blob/5eca6f03/geode-core/src/main/java/org/apache/geode/internal/cache/CacheServerImpl.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/CacheServerImpl.java b/geode-core/src/main/java/org/apache/geode/internal/cache/CacheServerImpl.java
index 670c697..7d4b6d4 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/CacheServerImpl.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/CacheServerImpl.java
@@ -72,6 +72,7 @@ import org.apache.geode.internal.cache.tier.sockets.ClientProxyMembershipID;
 import org.apache.geode.internal.i18n.LocalizedStrings;
 import org.apache.geode.internal.logging.LogService;
 import org.apache.geode.internal.logging.log4j.LocalizedMessage;
+import org.apache.geode.internal.security.SecurityService;
 import org.apache.geode.management.membership.ClientMembership;
 import org.apache.geode.management.membership.ClientMembershipListener;
 
@@ -88,6 +89,8 @@ public class CacheServerImpl extends AbstractCacheServer implements Distribution
   private static final int FORCE_LOAD_UPDATE_FREQUENCY = getInteger(
       DistributionConfig.GEMFIRE_PREFIX + "BridgeServer.FORCE_LOAD_UPDATE_FREQUENCY", 10);
 
+  private final SecurityService securityService;
+
   /** The acceptor that does the actual serving */
   private volatile AcceptorImpl acceptor;
 
@@ -135,6 +138,7 @@ public class CacheServerImpl extends AbstractCacheServer implements Distribution
   public CacheServerImpl(InternalCache cache, boolean isGatewayReceiver) {
     super(cache);
     this.isGatewayReceiver = isGatewayReceiver;
+    this.securityService = cache.getSecurityService();
   }
 
   // //////////////////// Instance Methods ///////////////////

http://git-wip-us.apache.org/repos/asf/geode/blob/5eca6f03/geode-core/src/main/java/org/apache/geode/internal/cache/DiskStoreImpl.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/DiskStoreImpl.java b/geode-core/src/main/java/org/apache/geode/internal/cache/DiskStoreImpl.java
index 67fcce8..5a121a8 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/DiskStoreImpl.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/DiskStoreImpl.java
@@ -3913,7 +3913,6 @@ public class DiskStoreImpl implements DiskStore {
           public void writeBatch(Map<Object, RecoveredEntry> entries) throws IOException {
             for (Map.Entry<Object, RecoveredEntry> re : entries.entrySet()) {
               Object key = re.getKey();
-              // TODO:KIRK:OK Rusty's code was value = de.getValueWithContext(drv);
               Object value = re.getValue().getValue();
               writer.snapshotEntry(new SnapshotRecord(key, value));
             }

http://git-wip-us.apache.org/repos/asf/geode/blob/5eca6f03/geode-core/src/main/java/org/apache/geode/internal/cache/GemFireCacheImpl.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/GemFireCacheImpl.java b/geode-core/src/main/java/org/apache/geode/internal/cache/GemFireCacheImpl.java
index 5e35224..40df0c7 100755
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/GemFireCacheImpl.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/GemFireCacheImpl.java
@@ -213,6 +213,7 @@ import org.apache.geode.internal.net.SocketCreator;
 import org.apache.geode.internal.offheap.MemoryAllocator;
 import org.apache.geode.internal.process.ClusterConfigurationNotAvailableException;
 import org.apache.geode.internal.security.SecurityService;
+import org.apache.geode.internal.security.SecurityServiceFactory;
 import org.apache.geode.internal.sequencelog.SequenceLoggerImpl;
 import org.apache.geode.internal.tcp.ConnectionTable;
 import org.apache.geode.internal.util.concurrent.FutureResult;
@@ -583,7 +584,7 @@ public class GemFireCacheImpl implements InternalCache, InternalClientCache, Has
 
   private final Map<Class<? extends CacheService>, CacheService> services = new HashMap<>();
 
-  private final SecurityService securityService = SecurityService.getSecurityService();
+  private final SecurityService securityService;
 
   static {
     // this works around jdk bug 6427854, reported in ticket #44434
@@ -726,26 +727,26 @@ public class GemFireCacheImpl implements InternalCache, InternalClientCache, Has
     return result;
   }
 
-  public static GemFireCacheImpl createClient(DistributedSystem system, PoolFactory pf,
+  public static GemFireCacheImpl createClient(InternalDistributedSystem system, PoolFactory pf,
       CacheConfig cacheConfig) {
     return basicCreate(system, true, cacheConfig, pf, true, ASYNC_EVENT_LISTENERS, null);
   }
 
-  public static GemFireCacheImpl create(DistributedSystem system, CacheConfig cacheConfig) {
+  public static GemFireCacheImpl create(InternalDistributedSystem system, CacheConfig cacheConfig) {
     return basicCreate(system, true, cacheConfig, null, false, ASYNC_EVENT_LISTENERS, null);
   }
 
-  static GemFireCacheImpl createWithAsyncEventListeners(DistributedSystem system,
+  static GemFireCacheImpl createWithAsyncEventListeners(InternalDistributedSystem system,
       CacheConfig cacheConfig, TypeRegistry typeRegistry) {
     return basicCreate(system, true, cacheConfig, null, false, true, typeRegistry);
   }
 
-  public static Cache create(DistributedSystem system, boolean existingOk,
+  public static Cache create(InternalDistributedSystem system, boolean existingOk,
       CacheConfig cacheConfig) {
     return basicCreate(system, existingOk, cacheConfig, null, false, ASYNC_EVENT_LISTENERS, null);
   }
 
-  private static GemFireCacheImpl basicCreate(DistributedSystem system, boolean existingOk,
+  private static GemFireCacheImpl basicCreate(InternalDistributedSystem system, boolean existingOk,
       CacheConfig cacheConfig, PoolFactory pf, boolean isClient, boolean asyncEventListeners,
       TypeRegistry typeRegistry) throws CacheExistsException, TimeoutException,
       CacheWriterException, GatewayException, RegionExistsException {
@@ -793,7 +794,7 @@ public class GemFireCacheImpl implements InternalCache, InternalClientCache, Has
    * 
    * @param typeRegistry: currently only unit tests set this parameter to a non-null value
    */
-  private GemFireCacheImpl(boolean isClient, PoolFactory pf, DistributedSystem system,
+  private GemFireCacheImpl(boolean isClient, PoolFactory pf, InternalDistributedSystem system,
       CacheConfig cacheConfig, boolean asyncEventListeners, TypeRegistry typeRegistry) {
     this.isClient = isClient;
     this.poolFactory = pf;
@@ -807,8 +808,11 @@ public class GemFireCacheImpl implements InternalCache, InternalClientCache, Has
       // start JTA transaction manager within this synchronized block
       // to prevent race with cache close. fixes bug 43987
       JNDIInvoker.mapTransactions(system);
-      this.system = (InternalDistributedSystem) system;
+      this.system = system;
       this.dm = this.system.getDistributionManager();
+
+      this.securityService = this.system.getSecurityService();
+
       if (!this.isClient && PoolManager.getAll().isEmpty()) {
         // We only support management on members of a distributed system
         // Should do this: if (!getSystem().isLoner()) {
@@ -928,6 +932,11 @@ public class GemFireCacheImpl implements InternalCache, InternalClientCache, Has
   }
 
   @Override
+  public SecurityService getSecurityService() {
+    return this.securityService;
+  }
+
+  @Override
   public boolean isRESTServiceRunning() {
     return this.isRESTServiceRunning;
   }
@@ -1153,17 +1162,6 @@ public class GemFireCacheImpl implements InternalCache, InternalClientCache, Has
     ClusterConfigurationLoader.applyClusterPropertiesConfiguration(this, configurationResponse,
         this.system.getConfig());
 
-    // first initialize the security service using the security properties
-    this.securityService.initSecurity(this.system.getConfig().getSecurityProps());
-    // secondly if cacheConfig has a securityManager, use that instead
-    if (this.cacheConfig.getSecurityManager() != null) {
-      this.securityService.setSecurityManager(this.cacheConfig.getSecurityManager());
-    }
-    // if cacheConfig has a postProcessor, use that instead
-    if (this.cacheConfig.getPostProcessor() != null) {
-      this.securityService.setPostProcessor(this.cacheConfig.getPostProcessor());
-    }
-
     SystemMemberCacheEventProcessor.send(this, Operation.CACHE_CREATE);
     this.resourceAdvisor.initializationGate();
 

http://git-wip-us.apache.org/repos/asf/geode/blob/5eca6f03/geode-core/src/main/java/org/apache/geode/internal/cache/InternalCache.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/InternalCache.java b/geode-core/src/main/java/org/apache/geode/internal/cache/InternalCache.java
index d9a34e1..4c229db 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/InternalCache.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/InternalCache.java
@@ -60,6 +60,7 @@ import org.apache.geode.internal.cache.tier.sockets.CacheClientNotifier;
 import org.apache.geode.internal.cache.tier.sockets.ClientProxyMembershipID;
 import org.apache.geode.internal.logging.InternalLogWriter;
 import org.apache.geode.internal.offheap.MemoryAllocator;
+import org.apache.geode.internal.security.SecurityService;
 import org.apache.geode.management.internal.JmxManagerAdvisor;
 import org.apache.geode.management.internal.RestAgent;
 import org.apache.geode.pdx.PdxInstanceFactory;
@@ -309,4 +310,6 @@ public interface InternalCache extends Cache, Extensible<Cache>, CacheTime {
   PdxInstanceFactory createPdxInstanceFactory(String className, boolean expectDomainClass);
 
   void waitForRegisterInterestsInProgress();
+
+  SecurityService getSecurityService();
 }

http://git-wip-us.apache.org/repos/asf/geode/blob/5eca6f03/geode-core/src/main/java/org/apache/geode/internal/cache/PartitionedRegionDataStore.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/PartitionedRegionDataStore.java b/geode-core/src/main/java/org/apache/geode/internal/cache/PartitionedRegionDataStore.java
index 037bff6..7cef0a5 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/PartitionedRegionDataStore.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/PartitionedRegionDataStore.java
@@ -1995,8 +1995,6 @@ public class PartitionedRegionDataStore implements HasCachePerfStats {
         throw new EntryNotFoundException(
             LocalizedStrings.PartitionedRegionDataStore_ENTRY_NOT_FOUND.toLocalizedString());
 
-        // TODO:KIRK:OK } else if ((ent.isTombstone() && allowTombstones) ||
-        // !Token.isRemoved(ent.getValueInVM(getPartitionedRegion()))) {
       } else if ((ent.isTombstone() && allowTombstones) || !ent.isDestroyedOrRemoved()) {
         res = new EntrySnapshot(ent, bucketRegion, partitionedRegion, allowTombstones);
       }

http://git-wip-us.apache.org/repos/asf/geode/blob/5eca6f03/geode-core/src/main/java/org/apache/geode/internal/cache/partitioned/FetchEntriesMessage.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/partitioned/FetchEntriesMessage.java b/geode-core/src/main/java/org/apache/geode/internal/cache/partitioned/FetchEntriesMessage.java
index 489ffba..2a1c07a 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/partitioned/FetchEntriesMessage.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/partitioned/FetchEntriesMessage.java
@@ -12,23 +12,8 @@
  * or implied. See the License for the specific language governing permissions and limitations under
  * the License.
  */
-
 package org.apache.geode.internal.cache.partitioned;
 
-import java.io.ByteArrayInputStream;
-import java.io.DataInput;
-import java.io.DataInputStream;
-import java.io.DataOutput;
-import java.io.IOException;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.Map;
-import java.util.Set;
-import java.util.concurrent.ConcurrentHashMap;
-
-import org.apache.logging.log4j.Logger;
-
 import org.apache.geode.CancelException;
 import org.apache.geode.DataSerializer;
 import org.apache.geode.cache.CacheException;
@@ -64,6 +49,19 @@ import org.apache.geode.internal.logging.log4j.LocalizedMessage;
 import org.apache.geode.internal.logging.log4j.LogMarker;
 import org.apache.geode.internal.offheap.OffHeapHelper;
 import org.apache.geode.internal.util.ObjectIntProcedure;
+import org.apache.logging.log4j.Logger;
+
+import java.io.ByteArrayInputStream;
+import java.io.DataInput;
+import java.io.DataInputStream;
+import java.io.DataOutput;
+import java.io.IOException;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.Map;
+import java.util.Set;
+import java.util.concurrent.ConcurrentHashMap;
 
 public class FetchEntriesMessage extends PartitionMessage {
   private static final Logger logger = LogService.getLogger();
@@ -232,9 +230,6 @@ public class FetchEntriesMessage extends PartitionMessage {
                * @return true to continue to next chunk
                */
               public boolean executeWith(Object a, int b) {
-                // if (this.last)
-                // throw new
-                // InternalGemFireError(LocalizedStrings.FetchEntriesMessage_ALREADY_PROCESSED_LAST_CHUNK.toLocalizedString());
                 HeapDataOutputStream chunk = (HeapDataOutputStream) a;
                 this.last = b > 0;
                 try {
@@ -269,7 +264,6 @@ public class FetchEntriesMessage extends PartitionMessage {
       return (failures == null) || (failures.size() == 0);
     }
 
-
     /**
      * Serialize the given map's entries into byte[] chunks, calling proc for each one. proc args:
      * the byte[] chunk and an int indicating whether it is the last chunk (positive means last
@@ -301,7 +295,6 @@ public class FetchEntriesMessage extends PartitionMessage {
           LocalRegion.NonTXEntry entry = (LocalRegion.NonTXEntry) it.next();
           RegionEntry re = entry.getRegionEntry();
           synchronized (re) {
-            // TODO:KIRK:OK Object value = re.getValueInVM(map);
             Object value = re._getValueRetain(map, true);
             try {
               if (value == null) {
@@ -350,7 +343,6 @@ public class FetchEntriesMessage extends PartitionMessage {
       return sentLastChunk;
     }
 
-
     /**
      * Processes this message. This method is invoked by the receiver of the message.
      * 
@@ -377,7 +369,6 @@ public class FetchEntriesMessage extends PartitionMessage {
       dm.getStats().incReplyMessageTime(DistributionStats.getStatTime() - startTime);
     }
 
-
     @Override
     public void toData(DataOutput out) throws IOException {
       super.toData(out);
@@ -409,7 +400,7 @@ public class FetchEntriesMessage extends PartitionMessage {
 
     @Override
     public String toString() {
-      StringBuffer sb = new StringBuffer();
+      StringBuilder sb = new StringBuilder();
       sb.append("FetchEntriesReplyMessage ").append("processorid=").append(this.processorId)
           .append(",bucketId=").append(this.bucketId);
       if (getSender() != null) {
@@ -472,18 +463,12 @@ public class FetchEntriesMessage extends PartitionMessage {
 
         @Override
         public String toString() {
-          // int sz;
-          // synchronized(this) {
-          // sz = this.size();
-          // }
           return "Bucket id = " + bucketId + " from member = " + recipient + ": "
               + super.toString();
         }
       };
     }
 
-
-
     @Override
     public void process(DistributionMessage msg) {
       // If the reply is a region version vector, store it in our RVV field.
@@ -503,8 +488,6 @@ public class FetchEntriesMessage extends PartitionMessage {
       super.process(msg);
     }
 
-
-
     void processChunk(FetchEntriesReplyMessage msg) {
       // this processing algorighm won't work well if there are multiple recipients. currently the
       // retry logic for failed recipients is in PartitionedRegion. If we parallelize the sending

http://git-wip-us.apache.org/repos/asf/geode/blob/5eca6f03/geode-core/src/main/java/org/apache/geode/internal/cache/tier/Command.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/Command.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/Command.java
index d7f7c7b..110d6ef 100755
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/Command.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/Command.java
@@ -16,9 +16,11 @@ package org.apache.geode.internal.cache.tier;
 
 import org.apache.geode.internal.cache.tier.sockets.Message;
 import org.apache.geode.internal.cache.tier.sockets.ServerConnection;
+import org.apache.geode.internal.security.SecurityService;
 
 public interface Command {
-  void execute(Message message, ServerConnection serverConnection);
+  void execute(Message clientMessage, ServerConnection serverConnection,
+      SecurityService securityService);
 
   int RESPONDED = 1;
 

http://git-wip-us.apache.org/repos/asf/geode/blob/5eca6f03/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/AcceptorImpl.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/AcceptorImpl.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/AcceptorImpl.java
index 9658f98..2a8818c 100755
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/AcceptorImpl.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/AcceptorImpl.java
@@ -15,7 +15,42 @@
 
 package org.apache.geode.internal.cache.tier.sockets;
 
-import static org.apache.geode.distributed.ConfigurationProperties.*;
+import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_CLIENT_ACCESSOR_PP;
+
+import org.apache.geode.CancelException;
+import org.apache.geode.SystemFailure;
+import org.apache.geode.ToDataException;
+import org.apache.geode.cache.Cache;
+import org.apache.geode.cache.RegionDestroyedException;
+import org.apache.geode.cache.client.internal.PoolImpl;
+import org.apache.geode.cache.server.CacheServer;
+import org.apache.geode.cache.wan.GatewayTransportFilter;
+import org.apache.geode.distributed.internal.DM;
+import org.apache.geode.distributed.internal.DistributionConfig;
+import org.apache.geode.distributed.internal.InternalDistributedSystem;
+import org.apache.geode.distributed.internal.LonerDistributionManager;
+import org.apache.geode.distributed.internal.PooledExecutorWithDMStats;
+import org.apache.geode.distributed.internal.ReplyProcessor21;
+import org.apache.geode.internal.SystemTimer;
+import org.apache.geode.internal.cache.BucketAdvisor;
+import org.apache.geode.internal.cache.BucketAdvisor.BucketProfile;
+import org.apache.geode.internal.cache.InternalCache;
+import org.apache.geode.internal.cache.PartitionedRegion;
+import org.apache.geode.internal.cache.partitioned.AllBucketProfilesUpdateMessage;
+import org.apache.geode.internal.cache.tier.Acceptor;
+import org.apache.geode.internal.cache.tier.CachedRegionHelper;
+import org.apache.geode.internal.cache.wan.GatewayReceiverStats;
+import org.apache.geode.internal.i18n.LocalizedStrings;
+import org.apache.geode.internal.logging.LogService;
+import org.apache.geode.internal.logging.LoggingThreadGroup;
+import org.apache.geode.internal.logging.log4j.LocalizedMessage;
+import org.apache.geode.internal.net.SocketCreator;
+import org.apache.geode.internal.net.SocketCreatorFactory;
+import org.apache.geode.internal.security.SecurableCommunicationChannel;
+import org.apache.geode.internal.security.SecurityService;
+import org.apache.geode.internal.tcp.ConnectionTable;
+import org.apache.geode.internal.util.ArrayUtils;
+import org.apache.logging.log4j.Logger;
 
 import java.io.EOFException;
 import java.io.IOException;
@@ -54,46 +89,8 @@ import java.util.concurrent.ThreadFactory;
 import java.util.concurrent.ThreadPoolExecutor;
 import java.util.concurrent.TimeUnit;
 import java.util.concurrent.atomic.AtomicInteger;
-
 import javax.net.ssl.SSLException;
 
-import org.apache.logging.log4j.Logger;
-
-import org.apache.geode.CancelException;
-import org.apache.geode.SystemFailure;
-import org.apache.geode.ToDataException;
-import org.apache.geode.cache.Cache;
-import org.apache.geode.cache.RegionDestroyedException;
-import org.apache.geode.cache.client.internal.PoolImpl;
-import org.apache.geode.cache.server.CacheServer;
-import org.apache.geode.cache.wan.GatewayTransportFilter;
-import org.apache.geode.distributed.internal.DM;
-import org.apache.geode.distributed.internal.DistributionConfig;
-import org.apache.geode.distributed.internal.InternalDistributedSystem;
-import org.apache.geode.distributed.internal.LonerDistributionManager;
-import org.apache.geode.distributed.internal.PooledExecutorWithDMStats;
-import org.apache.geode.distributed.internal.ReplyProcessor21;
-import org.apache.geode.internal.SystemTimer;
-import org.apache.geode.internal.cache.BucketAdvisor;
-import org.apache.geode.internal.cache.BucketAdvisor.BucketProfile;
-import org.apache.geode.internal.cache.InternalCache;
-import org.apache.geode.internal.cache.PartitionedRegion;
-import org.apache.geode.internal.cache.partitioned.AllBucketProfilesUpdateMessage;
-import org.apache.geode.internal.cache.tier.Acceptor;
-import org.apache.geode.internal.cache.tier.CachedRegionHelper;
-import org.apache.geode.internal.cache.wan.GatewayReceiverStats;
-import org.apache.geode.internal.i18n.LocalizedStrings;
-import org.apache.geode.internal.logging.LogService;
-import org.apache.geode.internal.logging.LoggingThreadGroup;
-import org.apache.geode.internal.logging.log4j.LocalizedMessage;
-import org.apache.geode.internal.net.SocketCreator;
-import org.apache.geode.internal.net.SocketCreatorFactory;
-import org.apache.geode.internal.security.IntegratedSecurityService;
-import org.apache.geode.internal.security.SecurableCommunicationChannel;
-import org.apache.geode.internal.security.SecurityService;
-import org.apache.geode.internal.tcp.ConnectionTable;
-import org.apache.geode.internal.util.ArrayUtils;
-
 /**
  * Implements the acceptor thread on the bridge server. Accepts connections from the edge and starts
  * up threads to process requests from these.
@@ -272,7 +269,7 @@ public class AcceptorImpl extends Acceptor implements Runnable {
   private List<GatewayTransportFilter> gatewayTransportFilters;
   private final SocketCreator socketCreator;
 
-  private SecurityService securityService = IntegratedSecurityService.getSecurityService();
+  private final SecurityService securityService;
 
   /**
    * Initializes this acceptor thread to listen for connections on the given port.
@@ -297,6 +294,7 @@ public class AcceptorImpl extends Acceptor implements Runnable {
       int maxConnections, int maxThreads, int maximumMessageCount, int messageTimeToLive,
       ConnectionListener listener, List overflowAttributesList, boolean isGatewayReceiver,
       List<GatewayTransportFilter> transportFilter, boolean tcpNoDelay) throws IOException {
+    this.securityService = internalCache.getSecurityService();
     this.bindHostName = calcBindHostName(internalCache, bindHostName);
     this.connectionListener = listener == null ? new ConnectionListenerAdapter() : listener;
     this.notifyBySubscription = notifyBySubscription;
@@ -1470,7 +1468,7 @@ public class AcceptorImpl extends Acceptor implements Runnable {
       }
       ServerConnection serverConn = new ServerConnection(s, this.cache, this.crHelper, this.stats,
           AcceptorImpl.handShakeTimeout, this.socketBufferSize, communicationModeStr,
-          communicationMode, this);
+          communicationMode, this, this.securityService);
       synchronized (this.allSCsLock) {
         this.allSCs.add(serverConn);
         ServerConnection snap[] = this.allSCList; // avoid volatile read

http://git-wip-us.apache.org/repos/asf/geode/blob/5eca6f03/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/BaseCommand.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/BaseCommand.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/BaseCommand.java
index 1fb8c8c..cc78cca 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/BaseCommand.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/BaseCommand.java
@@ -14,25 +14,6 @@
  */
 package org.apache.geode.internal.cache.tier.sockets;
 
-import java.io.EOFException;
-import java.io.IOException;
-import java.io.InterruptedIOException;
-import java.io.PrintWriter;
-import java.io.StringWriter;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Map;
-import java.util.Map.Entry;
-import java.util.Set;
-import java.util.concurrent.Semaphore;
-import java.util.regex.Pattern;
-
-import edu.umd.cs.findbugs.annotations.SuppressWarnings;
-import org.apache.logging.log4j.Logger;
-
 import org.apache.geode.CopyException;
 import org.apache.geode.InternalGemFireError;
 import org.apache.geode.SerializationException;
@@ -77,10 +58,27 @@ import org.apache.geode.internal.i18n.LocalizedStrings;
 import org.apache.geode.internal.logging.LogService;
 import org.apache.geode.internal.logging.log4j.LocalizedMessage;
 import org.apache.geode.internal.offheap.OffHeapHelper;
-import org.apache.geode.internal.security.IntegratedSecurityService;
 import org.apache.geode.internal.security.SecurityService;
 import org.apache.geode.internal.sequencelog.EntryLogger;
 import org.apache.geode.security.GemFireSecurityException;
+import org.apache.logging.log4j.Logger;
+
+import java.io.EOFException;
+import java.io.IOException;
+import java.io.InterruptedIOException;
+import java.io.PrintWriter;
+import java.io.StringWriter;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Map.Entry;
+import java.util.Set;
+import java.util.concurrent.Semaphore;
+import java.util.regex.Pattern;
+import edu.umd.cs.findbugs.annotations.SuppressWarnings;
 
 public abstract class BaseCommand implements Command {
   protected static final Logger logger = LogService.getLogger();
@@ -115,8 +113,6 @@ public abstract class BaseCommand implements Command {
 
   private static final Semaphore INCOMING_MSG_LIMITER;
 
-  protected SecurityService securityService = IntegratedSecurityService.getSecurityService();
-
   static {
     Semaphore semaphore;
     if (MAX_INCOMING_DATA > 0) {
@@ -140,7 +136,8 @@ public abstract class BaseCommand implements Command {
   }
 
   @Override
-  public void execute(Message clientMessage, ServerConnection serverConnection) {
+  public void execute(Message clientMessage, ServerConnection serverConnection,
+      SecurityService securityService) {
     // Read the request and update the statistics
     long start = DistributionStats.getStatTime();
     if (EntryLogger.isEnabled() && serverConnection != null) {
@@ -156,13 +153,13 @@ public abstract class BaseCommand implements Command {
         TXStateProxy tx = null;
         try {
           tx = txMgr.masqueradeAs(clientMessage, member, false);
-          cmdExecute(clientMessage, serverConnection, start);
+          cmdExecute(clientMessage, serverConnection, securityService, start);
           tx.updateProxyServer(txMgr.getMemberId());
         } finally {
           txMgr.unmasquerade(tx);
         }
       } else {
-        cmdExecute(clientMessage, serverConnection, start);
+        cmdExecute(clientMessage, serverConnection, securityService, start);
       }
 
     } catch (TransactionException | CopyException | SerializationException | CacheWriterException
@@ -265,8 +262,9 @@ public abstract class BaseCommand implements Command {
     return tag;
   }
 
-  public abstract void cmdExecute(Message clientMessage, ServerConnection serverConnection,
-      long start) throws IOException, ClassNotFoundException, InterruptedException;
+  public abstract void cmdExecute(final Message clientMessage,
+      final ServerConnection serverConnection, final SecurityService securityService,
+      final long start) throws IOException, ClassNotFoundException, InterruptedException;
 
   protected void writeReply(Message origMsg, ServerConnection serverConnection) throws IOException {
     Message replyMsg = serverConnection.getReplyMessage();

http://git-wip-us.apache.org/repos/asf/geode/blob/5eca6f03/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/BaseCommandQuery.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/BaseCommandQuery.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/BaseCommandQuery.java
index adf702a..184aa36 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/BaseCommandQuery.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/BaseCommandQuery.java
@@ -14,12 +14,6 @@
  */
 package org.apache.geode.internal.cache.tier.sockets;
 
-import java.io.IOException;
-import java.util.Collection;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Set;
-
 import org.apache.geode.cache.RegionDestroyedException;
 import org.apache.geode.cache.operations.QueryOperationContext;
 import org.apache.geode.cache.query.Query;
@@ -42,48 +36,38 @@ import org.apache.geode.internal.cache.tier.MessageType;
 import org.apache.geode.internal.i18n.LocalizedStrings;
 import org.apache.geode.internal.logging.log4j.LocalizedMessage;
 import org.apache.geode.internal.security.AuthorizeRequestPP;
+import org.apache.geode.internal.security.SecurityService;
+
+import java.io.IOException;
+import java.util.Collection;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Set;
 
 public abstract class BaseCommandQuery extends BaseCommand {
 
   /**
    * Process the give query and sends the resulset back to the client.
    *
-   * @param msg
-   * @param query
-   * @param queryString
-   * @param regionNames
-   * @param start
-   * @param cqQuery
-   * @param queryContext
-   * @param servConn
    * @return true if successful execution false in case of failure.
-   * @throws IOException
    */
   protected boolean processQuery(Message msg, Query query, String queryString, Set regionNames,
       long start, ServerCQ cqQuery, QueryOperationContext queryContext, ServerConnection servConn,
-      boolean sendResults) throws IOException, InterruptedException {
+      boolean sendResults, final SecurityService securityService)
+      throws IOException, InterruptedException {
     return processQueryUsingParams(msg, query, queryString, regionNames, start, cqQuery,
-        queryContext, servConn, sendResults, null);
+        queryContext, servConn, sendResults, null, securityService);
   }
 
   /**
    * Process the give query and sends the resulset back to the client.
    *
-   * @param msg
-   * @param query
-   * @param queryString
-   * @param regionNames
-   * @param start
-   * @param cqQuery
-   * @param queryContext
-   * @param servConn
    * @return true if successful execution false in case of failure.
-   * @throws IOException
    */
   protected boolean processQueryUsingParams(Message msg, Query query, String queryString,
       Set regionNames, long start, ServerCQ cqQuery, QueryOperationContext queryContext,
-      ServerConnection servConn, boolean sendResults, Object[] params)
-      throws IOException, InterruptedException {
+      ServerConnection servConn, boolean sendResults, Object[] params,
+      final SecurityService securityService) throws IOException, InterruptedException {
     ChunkedMessage queryResponseMsg = servConn.getQueryResponseMessage();
     CacheServerStats stats = servConn.getCacheServerStats();
     CachedRegionHelper crHelper = servConn.getCachedRegionHelper();
@@ -103,7 +87,7 @@ public abstract class BaseCommandQuery extends BaseCommand {
     try {
       // integrated security
       for (Object regionName : regionNames) {
-        this.securityService.authorizeRegionRead(regionName.toString());
+        securityService.authorizeRegionRead(regionName.toString());
       }
 
       // Execute query
@@ -226,7 +210,8 @@ public abstract class BaseCommandQuery extends BaseCommand {
           // send it as a part of ObjectPartList
           if (hasSerializedObjects) {
             sendResultsAsObjectPartList(numberOfChunks, servConn, selectResults.asList(), isStructs,
-                collectionType, queryString, cqQuery, sendCqResultsWithKey, sendResults);
+                collectionType, queryString, cqQuery, sendCqResultsWithKey, sendResults,
+                securityService);
           } else {
             sendResultsAsObjectArray(selectResults, numberOfChunks, servConn, isStructs,
                 collectionType, queryString, cqQuery, sendCqResultsWithKey, sendResults);
@@ -456,7 +441,8 @@ public abstract class BaseCommandQuery extends BaseCommand {
 
   private void sendResultsAsObjectPartList(int numberOfChunks, ServerConnection servConn, List objs,
       boolean isStructs, CollectionType collectionType, String queryString, ServerCQ cqQuery,
-      boolean sendCqResultsWithKey, boolean sendResults) throws IOException {
+      boolean sendCqResultsWithKey, boolean sendResults, final SecurityService securityService)
+      throws IOException {
     int resultIndex = 0;
     Object result = null;
     for (int j = 0; j < numberOfChunks; j++) {
@@ -499,7 +485,8 @@ public abstract class BaseCommandQuery extends BaseCommand {
           result = objs.get(resultIndex);
         }
         if (sendResults) {
-          addToObjectPartList(serializedObjs, result, collectionType, false, servConn, isStructs);
+          addToObjectPartList(serializedObjs, result, collectionType, false, servConn, isStructs,
+              securityService);
         }
         resultIndex++;
       }
@@ -518,13 +505,13 @@ public abstract class BaseCommandQuery extends BaseCommand {
 
   private void addToObjectPartList(ObjectPartList serializedObjs, Object res,
       CollectionType collectionType, boolean lastChunk, ServerConnection servConn,
-      boolean isStructs) throws IOException {
+      boolean isStructs, final SecurityService securityService) throws IOException {
     if (isStructs && (res instanceof Struct)) {
       Object[] values = ((Struct) res).getFieldValues();
       // create another ObjectPartList for the struct
       ObjectPartList serializedValueObjs = new ObjectPartList(values.length, false);
       for (Object value : values) {
-        addObjectToPartList(serializedValueObjs, null, value);
+        addObjectToPartList(serializedValueObjs, null, value, securityService);
       }
       serializedObjs.addPart(null, serializedValueObjs, ObjectPartList.OBJECT, null);
     } else if (res instanceof Object[]) {// for CQ key-value pairs
@@ -534,15 +521,16 @@ public abstract class BaseCommandQuery extends BaseCommand {
       for (int i = 0; i < values.length; i += 2) {
         Object key = values[i];
         Object value = values[i + 1];
-        addObjectToPartList(serializedValueObjs, key, value);
+        addObjectToPartList(serializedValueObjs, key, value, securityService);
       }
       serializedObjs.addPart(null, serializedValueObjs, ObjectPartList.OBJECT, null);
     } else { // for deserialized objects
-      addObjectToPartList(serializedObjs, null, res);
+      addObjectToPartList(serializedObjs, null, res, securityService);
     }
   }
 
-  private void addObjectToPartList(ObjectPartList objPartList, Object key, Object value) {
+  private void addObjectToPartList(ObjectPartList objPartList, Object key, Object value,
+      final SecurityService securityService) {
     Object object = value;
     boolean isObject = true;
     if (value instanceof CachedDeserializable) {
@@ -551,7 +539,7 @@ public abstract class BaseCommandQuery extends BaseCommand {
       isObject = false;
     }
 
-    object = this.securityService.postProcess(null, key, object, isObject);
+    object = securityService.postProcess(null, key, object, isObject);
     if (key != null) {
       objPartList.addPart(null, key, ObjectPartList.OBJECT, null);
     }

http://git-wip-us.apache.org/repos/asf/geode/blob/5eca6f03/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/CacheClientNotifier.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/CacheClientNotifier.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/CacheClientNotifier.java
index fd5154f..e2612fc 100755
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/CacheClientNotifier.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/CacheClientNotifier.java
@@ -17,9 +17,7 @@ package org.apache.geode.internal.cache.tier.sockets;
 import static org.apache.geode.distributed.ConfigurationProperties.*;
 
 import java.io.BufferedOutputStream;
-import java.io.DataInput;
 import java.io.DataInputStream;
-import java.io.DataOutput;
 import java.io.DataOutputStream;
 import java.io.IOException;
 import java.lang.reflect.Method;
@@ -70,12 +68,7 @@ import org.apache.geode.distributed.DistributedMember;
 import org.apache.geode.distributed.DistributedSystem;
 import org.apache.geode.distributed.internal.DM;
 import org.apache.geode.distributed.internal.DistributionConfig;
-import org.apache.geode.distributed.internal.DistributionManager;
-import org.apache.geode.distributed.internal.HighPriorityDistributionMessage;
 import org.apache.geode.distributed.internal.InternalDistributedSystem;
-import org.apache.geode.distributed.internal.MessageWithReply;
-import org.apache.geode.distributed.internal.ReplyMessage;
-import org.apache.geode.distributed.internal.ReplyProcessor21;
 import org.apache.geode.internal.ClassLoadUtil;
 import org.apache.geode.internal.cache.InternalCache;
 import org.apache.geode.internal.statistics.DummyStatisticsFactory;
@@ -337,14 +330,16 @@ public class CacheClientNotifier {
       proxy = registerClient(socket, proxyID, proxy, isPrimary, clientConflation, clientVersion,
           acceptorId, notifyBySubscription);
 
-      Properties credentials = HandShake.readCredentials(dis, dos, system);
+      Properties credentials =
+          HandShake.readCredentials(dis, dos, system, this.cache.getSecurityService());
       if (credentials != null && proxy != null) {
         if (securityLogWriter.fineEnabled()) {
           securityLogWriter
               .fine("CacheClientNotifier: verifying credentials for proxyID: " + proxyID);
         }
-        Object subject = HandShake.verifyCredentials(authenticator, credentials,
-            system.getSecurityProperties(), this.logWriter, this.securityLogWriter, member);
+        Object subject =
+            HandShake.verifyCredentials(authenticator, credentials, system.getSecurityProperties(),
+                this.logWriter, this.securityLogWriter, member, this.cache.getSecurityService());
         if (subject instanceof Principal) {
           Principal principal = (Principal) subject;
           if (securityLogWriter.fineEnabled()) {
@@ -460,7 +455,7 @@ public class CacheClientNotifier {
               proxyId.getDurableId());
         }
         l_proxy = new CacheClientProxy(this, socket, proxyId, isPrimary, clientConflation,
-            clientVersion, acceptorId, notifyBySubscription);
+            clientVersion, acceptorId, notifyBySubscription, this.cache.getSecurityService());
         successful = this.initializeProxy(l_proxy);
       } else {
         if (proxy.isPrimary()) {
@@ -538,7 +533,7 @@ public class CacheClientNotifier {
       if (toCreateNewProxy) {
         // Create the new proxy for this non-durable client
         l_proxy = new CacheClientProxy(this, socket, proxyId, isPrimary, clientConflation,
-            clientVersion, acceptorId, notifyBySubscription);
+            clientVersion, acceptorId, notifyBySubscription, this.cache.getSecurityService());
         successful = this.initializeProxy(l_proxy);
       }
     }
@@ -963,8 +958,8 @@ public class CacheClientNotifier {
   private void singletonRouteClientMessage(Conflatable conflatable,
       Collection<ClientProxyMembershipID> filterClients) {
 
-    this._cache.getCancelCriterion().checkCancelInProgress(null); // bug #43942 - client notified
-                                                                  // but no p2p distribution
+    this.cache.getCancelCriterion().checkCancelInProgress(null); // bug #43942 - client notified
+                                                                 // but no p2p distribution
 
     List<CacheClientProxy> deadProxies = null;
     for (ClientProxyMembershipID clientId : filterClients) {
@@ -1845,15 +1840,15 @@ public class CacheClientNotifier {
    * @return this <code>CacheClientNotifier</code>'s <code>InternalCache</code>
    */
   protected InternalCache getCache() { // TODO:SYNC: looks wrong
-    if (this._cache != null && this._cache.isClosed()) {
+    if (this.cache != null && this.cache.isClosed()) {
       InternalCache cache = GemFireCacheImpl.getInstance();
       if (cache != null) {
-        this._cache = cache;
+        this.cache = cache;
         this.logWriter = cache.getInternalLogWriter();
         this.securityLogWriter = cache.getSecurityInternalLogWriter();
       }
     }
-    return this._cache;
+    return this.cache;
   }
 
   /**
@@ -2016,7 +2011,7 @@ public class CacheClientNotifier {
       if (!isCompiledQueryCleanupThreadStarted) {
         long period = DefaultQuery.TEST_COMPILED_QUERY_CLEAR_TIME > 0
             ? DefaultQuery.TEST_COMPILED_QUERY_CLEAR_TIME : DefaultQuery.COMPILED_QUERY_CLEAR_TIME;
-        _cache.getCCPTimer().scheduleAtFixedRate(task, period, period);
+        cache.getCCPTimer().scheduleAtFixedRate(task, period, period);
       }
       isCompiledQueryCleanupThreadStarted = true;
     }
@@ -2063,7 +2058,7 @@ public class CacheClientNotifier {
     if (logger.isDebugEnabled()) {
       logger.debug("Scheduling client ping task with period={} ms", CLIENT_PING_TASK_PERIOD);
     }
-    CacheClientNotifier.this._cache.getCCPTimer().scheduleAtFixedRate(this.clientPingTask,
+    CacheClientNotifier.this.cache.getCCPTimer().scheduleAtFixedRate(this.clientPingTask,
         CLIENT_PING_TASK_PERIOD, CLIENT_PING_TASK_PERIOD);
   }
 
@@ -2098,10 +2093,10 @@ public class CacheClientNotifier {
 
   /**
    * The GemFire <code>InternalCache</code>. Note that since this is a singleton class you should
-   * not use a direct reference to _cache in CacheClientNotifier code. Instead, you should always
-   * use <code>getCache()</code>
+   * not use a direct reference to cache in CacheClientNotifier code. Instead, you should always use
+   * <code>getCache()</code>
    */
-  private InternalCache _cache;
+  private InternalCache cache;
 
   private InternalLogWriter logWriter;
 
@@ -2216,8 +2211,8 @@ public class CacheClientNotifier {
     // lazily initialize haContainer in case this CCN instance was created by a gateway receiver
     if (overflowAttributesList != null
         && !HARegionQueue.HA_EVICTION_POLICY_NONE.equals(overflowAttributesList.get(0))) {
-      haContainer = new HAContainerRegion(_cache.getRegion(Region.SEPARATOR
-          + CacheServerImpl.clientMessagesRegion(_cache, (String) overflowAttributesList.get(0),
+      haContainer = new HAContainerRegion(cache.getRegion(Region.SEPARATOR
+          + CacheServerImpl.clientMessagesRegion(cache, (String) overflowAttributesList.get(0),
               ((Integer) overflowAttributesList.get(1)).intValue(),
               ((Integer) overflowAttributesList.get(2)).intValue(),
               (String) overflowAttributesList.get(3), (Boolean) overflowAttributesList.get(4))));
@@ -2246,10 +2241,10 @@ public class CacheClientNotifier {
   }
 
   /**
-   * @param _cache the _cache to set
+   * @param _cache the cache to set
    */
   private void setCache(InternalCache _cache) {
-    this._cache = _cache;
+    this.cache = _cache;
   }
 
   private class ExpireBlackListTask extends PoolTask {

http://git-wip-us.apache.org/repos/asf/geode/blob/5eca6f03/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/CacheClientProxy.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/CacheClientProxy.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/CacheClientProxy.java
index 8450db9..d7e3548 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/CacheClientProxy.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/CacheClientProxy.java
@@ -327,7 +327,7 @@ public class CacheClientProxy implements ClientSession {
   private int numDrainsInProgress = 0;
   private final Object drainsInProgressLock = new Object();
 
-  private SecurityService securityService = SecurityService.getSecurityService();
+  private final SecurityService securityService;
 
   /**
    * Constructor.
@@ -340,10 +340,13 @@ public class CacheClientProxy implements ClientSession {
    */
   protected CacheClientProxy(CacheClientNotifier ccn, Socket socket,
       ClientProxyMembershipID proxyID, boolean isPrimary, byte clientConflation,
-      Version clientVersion, long acceptorId, boolean notifyBySubscription) throws CacheException {
+      Version clientVersion, long acceptorId, boolean notifyBySubscription,
+      SecurityService securityService) throws CacheException {
+
     initializeTransientFields(socket, proxyID, isPrimary, clientConflation, clientVersion);
     this._cacheClientNotifier = ccn;
     this._cache = ccn.getCache();
+    this.securityService = securityService;
     this._maximumMessageCount = ccn.getMaximumMessageCount();
     this._messageTimeToLive = ccn.getMessageTimeToLive();
     this._acceptorId = acceptorId;

http://git-wip-us.apache.org/repos/asf/geode/blob/5eca6f03/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/HandShake.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/HandShake.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/HandShake.java
index 388f838..32735b9 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/HandShake.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/HandShake.java
@@ -48,8 +48,10 @@ import org.apache.geode.internal.cache.tier.ConnectionProxy;
 import org.apache.geode.internal.i18n.LocalizedStrings;
 import org.apache.geode.internal.logging.InternalLogWriter;
 import org.apache.geode.internal.logging.LogService;
-import org.apache.geode.internal.security.IntegratedSecurityService;
+import org.apache.geode.internal.security.CallbackInstantiator;
+import org.apache.geode.internal.security.Credentials;
 import org.apache.geode.internal.security.SecurityService;
+import org.apache.geode.internal.security.SecurityServiceFactory;
 import org.apache.geode.pdx.internal.PeerTypeRegistration;
 import org.apache.geode.security.AuthInitialize;
 import org.apache.geode.security.AuthenticationFailedException;
@@ -120,7 +122,7 @@ public class HandShake implements ClientHandShake {
 
   public static final byte REPLY_SERVER_IS_LOCATOR = (byte) 67;
 
-  private static SecurityService securityService = IntegratedSecurityService.getSecurityService();
+  private final SecurityService securityService;
 
   private byte code;
   private int clientReadTimeout = PoolFactory.DEFAULT_READ_TIMEOUT;
@@ -248,19 +250,21 @@ public class HandShake implements ClientHandShake {
   protected HandShake() {
     system = null;
     id = null;
+    this.securityService = SecurityServiceFactory.create();
   }
 
   /**
    * HandShake Constructor used by server side connection
    */
   public HandShake(Socket sock, int timeout, DistributedSystem sys, Version clientVersion,
-      byte communicationMode) throws IOException, AuthenticationRequiredException {
+      byte communicationMode, SecurityService securityService)
+      throws IOException, AuthenticationRequiredException {
+
     this.clientVersion = clientVersion;
     this.system = sys;
-    // SocketChannel sc = sock.getChannel();
-    /*
-     * if (sc != null) { } else
-     */ {
+    this.securityService = securityService;
+
+    {
       int soTimeout = -1;
       try {
         soTimeout = sock.getSoTimeout();
@@ -298,7 +302,7 @@ public class HandShake implements ClientHandShake {
           // Hitesh
           if (this.clientVersion.compareTo(Version.GFE_65) < 0
               || communicationMode == Acceptor.GATEWAY_TO_GATEWAY) {
-            this.credentials = readCredentials(dis, dos, sys);
+            this.credentials = readCredentials(dis, dos, sys, this.securityService);
           } else {
             this.credentials = this.readCredential(dis, dos, sys);
           }
@@ -335,6 +339,7 @@ public class HandShake implements ClientHandShake {
     this.system = sys;
     setOverrides();
     this.credentials = null;
+    this.securityService = SecurityServiceFactory.create();
   }
 
   public void updateProxyID(InternalDistributedMember idm) {
@@ -358,6 +363,7 @@ public class HandShake implements ClientHandShake {
     this.overrides = handShake.overrides;
     this.system = handShake.system;
     this.id = handShake.id;
+    this.securityService = handShake.securityService;
     // create new one
     this._decrypt = null;
     this._encrypt = null;
@@ -1085,7 +1091,8 @@ public class HandShake implements ClientHandShake {
     // Initialize the keys when either the host is a client that has
     // non-blank setting for DH symmetric algo, or this is a server
     // that has authenticator defined.
-    if ((dhSKAlgo != null && dhSKAlgo.length() > 0) || securityService.isClientSecurityRequired()) {
+    if ((dhSKAlgo != null
+        && dhSKAlgo.length() > 0) /* || securityService.isClientSecurityRequired() */) {
       KeyPairGenerator keyGen = KeyPairGenerator.getInstance("DH");
       DHParameterSpec dhSpec = new DHParameterSpec(dhP, dhG, dhL);
       keyGen.initialize(dhSpec);
@@ -1503,12 +1510,13 @@ public class HandShake implements ClientHandShake {
     Properties credentials = null;
     // if no authInit, Try to extract the credentials directly from securityProps
     if (StringUtils.isBlank(authInitMethod)) {
-      return SecurityService.getCredentials(securityProperties);
+      return Credentials.getCredentials(securityProperties);
     }
 
     // if authInit exists
     try {
-      AuthInitialize auth = SecurityService.getObjectOfType(authInitMethod, AuthInitialize.class);
+      AuthInitialize auth =
+          CallbackInstantiator.getObjectOfType(authInitMethod, AuthInitialize.class);
       auth.init(logWriter, securityLogWriter);
       try {
         credentials = auth.getCredentials(securityProperties, server, isPeer);
@@ -1536,7 +1544,8 @@ public class HandShake implements ClientHandShake {
 
   // This assumes that authentication is the last piece of info in handshake
   public static Properties readCredentials(DataInputStream dis, DataOutputStream dos,
-      DistributedSystem system) throws GemFireSecurityException, IOException {
+      DistributedSystem system, SecurityService securityService)
+      throws GemFireSecurityException, IOException {
 
     boolean requireAuthentication = securityService.isClientSecurityRequired();
     Properties credentials = null;
@@ -1671,7 +1680,8 @@ public class HandShake implements ClientHandShake {
    */
   public static Object verifyCredentials(String authenticatorMethod, Properties credentials,
       Properties securityProperties, InternalLogWriter logWriter,
-      InternalLogWriter securityLogWriter, DistributedMember member)
+      InternalLogWriter securityLogWriter, DistributedMember member,
+      SecurityService securityService)
       throws AuthenticationRequiredException, AuthenticationFailedException {
 
     if (!AcceptorImpl.isAuthenticationRequired()) {
@@ -1704,7 +1714,8 @@ public class HandShake implements ClientHandShake {
     String methodName = this.system.getProperties().getProperty(SECURITY_CLIENT_AUTHENTICATOR);
     return verifyCredentials(methodName, this.credentials, this.system.getSecurityProperties(),
         (InternalLogWriter) this.system.getLogWriter(),
-        (InternalLogWriter) this.system.getSecurityLogWriter(), this.id.getDistributedMember());
+        (InternalLogWriter) this.system.getSecurityLogWriter(), this.id.getDistributedMember(),
+        this.securityService);
   }
 
   public void sendCredentialsForWan(OutputStream out, InputStream in) {
@@ -1730,10 +1741,10 @@ public class HandShake implements ClientHandShake {
       return;
     }
     String authenticator = this.system.getProperties().getProperty(SECURITY_CLIENT_AUTHENTICATOR);
-    Properties peerWanProps = readCredentials(dis, dos, this.system);
+    Properties peerWanProps = readCredentials(dis, dos, this.system, this.securityService);
     verifyCredentials(authenticator, peerWanProps, this.system.getSecurityProperties(),
         (InternalLogWriter) this.system.getLogWriter(),
-        (InternalLogWriter) this.system.getSecurityLogWriter(), member);
+        (InternalLogWriter) this.system.getSecurityLogWriter(), member, this.securityService);
   }
 
   private static int getKeySize(String skAlgo) {

http://git-wip-us.apache.org/repos/asf/geode/blob/5eca6f03/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/ServerConnection.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/ServerConnection.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/ServerConnection.java
index 485ccae..947b836 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/ServerConnection.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/ServerConnection.java
@@ -39,7 +39,6 @@ import org.apache.shiro.util.ThreadState;
 import org.apache.geode.CancelException;
 import org.apache.geode.DataSerializer;
 import org.apache.geode.SystemFailure;
-import org.apache.geode.cache.Cache;
 import org.apache.geode.cache.client.internal.AbstractOp;
 import org.apache.geode.cache.client.internal.Connection;
 import org.apache.geode.distributed.DistributedSystem;
@@ -62,7 +61,6 @@ import org.apache.geode.internal.logging.LogService;
 import org.apache.geode.internal.logging.log4j.LocalizedMessage;
 import org.apache.geode.internal.security.AuthorizeRequest;
 import org.apache.geode.internal.security.AuthorizeRequestPP;
-import org.apache.geode.internal.security.IntegratedSecurityService;
 import org.apache.geode.internal.security.SecurityService;
 import org.apache.geode.internal.util.Breadcrumbs;
 import org.apache.geode.security.AuthenticationFailedException;
@@ -88,7 +86,7 @@ public class ServerConnection implements Runnable {
 
   private Map commands;
 
-  private SecurityService securityService = IntegratedSecurityService.getSecurityService();
+  private final SecurityService securityService;
 
   final protected CacheServerStats stats;
 
@@ -250,25 +248,26 @@ public class ServerConnection implements Runnable {
    * Creates a new <code>ServerConnection</code> that processes messages received from an edge
    * client over a given <code>Socket</code>.
    */
-  public ServerConnection(Socket s, Cache c, CachedRegionHelper helper, CacheServerStats stats,
-      int hsTimeout, int socketBufferSize, String communicationModeStr, byte communicationMode,
-      Acceptor acceptor) {
-    StringBuffer buffer = new StringBuffer(100);
+  public ServerConnection(Socket socket, InternalCache internalCache, CachedRegionHelper helper,
+      CacheServerStats stats, int hsTimeout, int socketBufferSize, String communicationModeStr,
+      byte communicationMode, Acceptor acceptor, SecurityService securityService) {
+
+    StringBuilder buffer = new StringBuilder(100);
     if (((AcceptorImpl) acceptor).isGatewayReceiver()) {
       buffer.append("GatewayReceiver connection from [");
     } else {
       buffer.append("Server connection from [");
     }
     buffer.append(communicationModeStr).append(" host address=")
-        .append(s.getInetAddress().getHostAddress()).append("; ").append(communicationModeStr)
-        .append(" port=").append(s.getPort()).append("]");
+        .append(socket.getInetAddress().getHostAddress()).append("; ").append(communicationModeStr)
+        .append(" port=").append(socket.getPort()).append("]");
     this.name = buffer.toString();
 
     this.stats = stats;
     this.acceptor = (AcceptorImpl) acceptor;
     this.crHelper = helper;
-    this.logWriter = (InternalLogWriter) c.getLoggerI18n();
-    this.securityLogWriter = (InternalLogWriter) c.getSecurityLoggerI18n();
+    this.logWriter = (InternalLogWriter) internalCache.getLoggerI18n();
+    this.securityLogWriter = (InternalLogWriter) internalCache.getSecurityLoggerI18n();
     this.communicationModeStr = communicationModeStr;
     this.communicationMode = communicationMode;
     this.principal = null;
@@ -276,20 +275,18 @@ public class ServerConnection implements Runnable {
     this.postAuthzRequest = null;
     this.randomConnectionIdGen = new Random(this.hashCode());
 
+    this.securityService = securityService;
+
     final boolean isDebugEnabled = logger.isDebugEnabled();
     try {
-      // requestMsg.setUseDataStream(useDataStream);
-      // replyMsg.setUseDataStream(useDataStream);
-      // responseMsg.setUseDataStream(useDataStream);
-      // errorMsg.setUseDataStream(useDataStream);
 
-      initStreams(s, socketBufferSize, stats);
+      initStreams(socket, socketBufferSize, stats);
 
       if (isDebugEnabled) {
         logger.debug(
             "{}: Accepted client connection from {}[client host name={}; client host address={}; client port={}]",
-            getName(), s.getInetAddress().getCanonicalHostName(),
-            s.getInetAddress().getHostAddress(), s.getPort());
+            getName(), communicationModeStr, socket.getInetAddress().getCanonicalHostName(),
+            socket.getInetAddress().getHostAddress(), socket.getPort());
       }
       this.handShakeTimeout = hsTimeout;
     } catch (Exception e) {
@@ -323,7 +320,7 @@ public class ServerConnection implements Runnable {
     synchronized (this.handShakeMonitor) {
       if (this.handshake == null) {
         // synchronized (getCleanupTable()) {
-        boolean readHandShake = ServerHandShakeProcessor.readHandShake(this);
+        boolean readHandShake = ServerHandShakeProcessor.readHandShake(this, getSecurityService());
         if (readHandShake) {
           if (this.handshake.isOK()) {
             try {
@@ -441,6 +438,10 @@ public class ServerConnection implements Runnable {
     return this.securityLogWriter;
   }
 
+  private SecurityService getSecurityService() {
+    return this.securityService;
+  }
+
   private boolean incedCleanupTableRef = false;
   private boolean incedCleanupProxyIdTableRef = false;
 
@@ -777,7 +778,7 @@ public class ServerConnection implements Runnable {
           }
         }
 
-        command.execute(msg, this);
+        command.execute(msg, this, this.securityService);
       }
     } finally {
       // Keep track of the fact that a message is no longer being
@@ -1031,7 +1032,8 @@ public class ServerConnection implements Runnable {
 
       Object principal = HandShake.verifyCredentials(methodName, credentials,
           system.getSecurityProperties(), (InternalLogWriter) system.getLogWriter(),
-          (InternalLogWriter) system.getSecurityLogWriter(), this.proxyId.getDistributedMember());
+          (InternalLogWriter) system.getSecurityLogWriter(), this.proxyId.getDistributedMember(),
+          this.securityService);
       if (principal instanceof Subject) {
         Subject subject = (Subject) principal;
         uniqueId = this.clientUserAuths.putSubject(subject);

http://git-wip-us.apache.org/repos/asf/geode/blob/5eca6f03/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/ServerHandShakeProcessor.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/ServerHandShakeProcessor.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/ServerHandShakeProcessor.java
index 6534b68..8b89694 100755
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/ServerHandShakeProcessor.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/ServerHandShakeProcessor.java
@@ -29,6 +29,7 @@ import java.net.SocketTimeoutException;
 import java.security.Principal;
 import java.util.Properties;
 
+import org.apache.geode.internal.security.SecurityService;
 import org.apache.logging.log4j.Logger;
 import org.apache.shiro.subject.Subject;
 
@@ -77,7 +78,8 @@ public class ServerHandShakeProcessor {
     currentServerVersion = Version.fromOrdinalOrCurrent(ver);
   }
 
-  public static boolean readHandShake(ServerConnection connection) {
+  public static boolean readHandShake(ServerConnection connection,
+      SecurityService securityService) {
     boolean validHandShake = false;
     Version clientVersion = null;
     try {
@@ -120,7 +122,7 @@ public class ServerHandShakeProcessor {
 
       // Read the appropriate handshake
       if (clientVersion.compareTo(Version.GFE_57) >= 0) {
-        validHandShake = readGFEHandshake(connection, clientVersion);
+        validHandShake = readGFEHandshake(connection, clientVersion, securityService);
       } else {
         connection.refuseHandshake(
             "Unsupported version " + clientVersion + "Server's current version " + Acceptor.VERSION,
@@ -196,7 +198,8 @@ public class ServerHandShakeProcessor {
     hdos.close();
   }
 
-  private static boolean readGFEHandshake(ServerConnection connection, Version clientVersion) {
+  private static boolean readGFEHandshake(ServerConnection connection, Version clientVersion,
+      SecurityService securityService) {
     int handShakeTimeout = connection.getHandShakeTimeout();
     InternalLogWriter securityLogWriter = connection.getSecurityLogWriter();
     try {
@@ -204,7 +207,7 @@ public class ServerHandShakeProcessor {
       DistributedSystem system = connection.getDistributedSystem();
       // hitesh:it will set credentials and principals
       HandShake handshake = new HandShake(socket, handShakeTimeout, system, clientVersion,
-          connection.getCommunicationMode());
+          connection.getCommunicationMode(), securityService);
       connection.setHandshake(handshake);
       ClientProxyMembershipID proxyId = handshake.getMembership();
       connection.setProxyId(proxyId);

http://git-wip-us.apache.org/repos/asf/geode/blob/5eca6f03/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/AddPdxEnum.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/AddPdxEnum.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/AddPdxEnum.java
index 2cb36cd..5a4a07b 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/AddPdxEnum.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/AddPdxEnum.java
@@ -24,6 +24,7 @@ import org.apache.geode.internal.cache.tier.sockets.BaseCommand;
 import org.apache.geode.internal.cache.tier.sockets.Message;
 import org.apache.geode.internal.cache.tier.sockets.ServerConnection;
 import org.apache.geode.internal.logging.LogService;
+import org.apache.geode.internal.security.SecurityService;
 import org.apache.geode.pdx.internal.EnumInfo;
 import org.apache.geode.pdx.internal.TypeRegistry;
 
@@ -39,7 +40,8 @@ public class AddPdxEnum extends BaseCommand {
   private AddPdxEnum() {}
 
   @Override
-  public void cmdExecute(Message clientMessage, ServerConnection serverConnection, long start)
+  public void cmdExecute(final Message clientMessage, final ServerConnection serverConnection,
+      final SecurityService securityService, long start)
       throws IOException, ClassNotFoundException {
     serverConnection.setAsTrue(REQUIRES_RESPONSE);
     if (logger.isDebugEnabled()) {

http://git-wip-us.apache.org/repos/asf/geode/blob/5eca6f03/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/AddPdxType.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/AddPdxType.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/AddPdxType.java
index 3feba0d..cb4b261 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/AddPdxType.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/AddPdxType.java
@@ -24,6 +24,7 @@ import org.apache.geode.internal.cache.tier.sockets.BaseCommand;
 import org.apache.geode.internal.cache.tier.sockets.Message;
 import org.apache.geode.internal.cache.tier.sockets.ServerConnection;
 import org.apache.geode.internal.logging.LogService;
+import org.apache.geode.internal.security.SecurityService;
 import org.apache.geode.pdx.internal.PdxType;
 import org.apache.geode.pdx.internal.TypeRegistry;
 
@@ -39,7 +40,8 @@ public class AddPdxType extends BaseCommand {
   private AddPdxType() {}
 
   @Override
-  public void cmdExecute(Message clientMessage, ServerConnection serverConnection, long start)
+  public void cmdExecute(final Message clientMessage, final ServerConnection serverConnection,
+      final SecurityService securityService, long start)
       throws IOException, ClassNotFoundException {
     serverConnection.setAsTrue(REQUIRES_RESPONSE);
     if (logger.isDebugEnabled()) {


Mime
View raw message