geode-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jasonhu...@apache.org
Subject [geode] 01/01: GEODE-3247: MethodInvocationAuthorizer is created at start up
Date Thu, 28 Sep 2017 21:34:45 GMT
This is an automated email from the ASF dual-hosted git repository.

jasonhuynh pushed a commit to branch feature/GEODE-3247
in repository https://gitbox.apache.org/repos/asf/geode.git

commit 30db126a5f551da1820978c441f2a8d8f4342f14
Author: Jason Huynh <huynhja@gmail.com>
AuthorDate: Mon Sep 25 16:04:23 2017 -0700

    GEODE-3247: MethodInvocationAuthorizer is created at start up
    
      * MethodInvocationAuthorizer can now be passed down from InternalCache
      * Broke apart new tests into smaller files and removed complex query maps from UserPerms
      * Modified Customer Test Object for Rest Security tests
---
 .../rest/internal/web/controllers/Customer.java    |    2 +-
 .../cache/query/internal/AttributeDescriptor.java  |   17 +-
 .../cache/query/internal/CompiledIteratorDef.java  |    1 -
 .../cache/query/internal/CompiledOperation.java    |    5 +-
 .../geode/cache/query/internal/CompiledSelect.java |   15 +-
 .../geode/cache/query/internal/DefaultQuery.java   |    2 -
 .../cache/query/internal/DefaultQueryService.java  |   21 +-
 .../query/internal/InternalQueryService.java}      |   18 +-
 .../geode/cache/query/internal/MethodDispatch.java |   11 +-
 .../query/internal/MethodInvocationAuthorizer.java |  138 +-
 .../geode/cache/query/internal/PathUtils.java      |   14 +-
 .../RestrictedMethodInvocationAuthorizer.java      |  135 ++
 .../cache/query/internal/RuntimeIterator.java      |    5 +-
 .../geode/internal/cache/GemFireCacheImpl.java     |    9 +-
 .../apache/geode/internal/cache/InternalCache.java |    3 +
 .../internal/cache/xmlcache/CacheCreation.java     |   10 +-
 .../RestrictedMethodInvocationAuthorizerTest.java} |  109 +-
 ...ServerBridgeClientMembershipRegressionTest.java |    3 +-
 .../apache/geode/security/SecurityTestUtil.java    |    5 -
 .../security/query/IndexSecurityDUnitTest.java     |  114 +-
 ...java => PartitionedIndexSecurityDUnitTest.java} |    5 +-
 ...ionedQuerySecurityAllowedQueriesDUnitTest.java} |    9 +-
 ...edQuerySecurityRestrictedQueriesDUnitTest.java} |    9 +-
 ...ionedQuerySecurityAllowedQueriesDUnitTest.java} |    7 +-
 .../PdxQuerySecurityAllowedQueriesDUnitTest.java   |   74 +
 .../security/query/PdxQuerySecurityDUnitTest.java  |  125 --
 ...PdxQuerySecurityRestrictedQueriesDUnitTest.java |   80 +
 .../QuerySecurityAllowedQueriesDUnitTest.java      |  255 ++++
 ...curityAuthorizedUserBindParameterDUnitTest.java |   53 +
 .../geode/security/query/QuerySecurityBase.java    |  161 ++-
 .../security/query/QuerySecurityDUnitTest.java     | 1525 --------------------
 .../QuerySecurityRestrictedQueriesDUnitTest.java   |  318 ++++
 ...rityUnauthorizedUserBindParameterDUnitTest.java |   76 +
 .../geode/security/query/UserPermissions.java      |  423 +-----
 .../security/query/data/PdxQueryTestObject.java    |   73 +
 .../geode/security/query/data/QueryTestObject.java |   65 +
 .../cache/tier/sockets/command/CloseCQ.java        |    1 +
 .../dunit/CqSecurityAuthorizedUserDUnitTest.java   |  267 ++++
 .../cache/query/cq/dunit/CqSecurityDUnitTest.java  |  424 ------
 ...SecurityPartitionedAuthorizedUserDUnitTest.java |   65 +
 .../cq/dunit/CqSecurityPartitionedDUnitTest.java   |   98 --
 ...curityPartitionedUnauthorizedUserDUnitTest.java |   21 +-
 .../dunit/CqSecurityUnauthorizedUserDUnitTest.java |  215 +++
 .../cache/tier/sockets/command/CloseCQTest.java    |    1 -
 .../geode/security/ClientQueryAuthDUnitTest.java   |  151 +-
 45 files changed, 1994 insertions(+), 3144 deletions(-)

diff --git a/geode-assembly/src/test/java/org/apache/geode/rest/internal/web/controllers/Customer.java b/geode-assembly/src/test/java/org/apache/geode/rest/internal/web/controllers/Customer.java
index 9732aa0..c2dacbf 100644
--- a/geode-assembly/src/test/java/org/apache/geode/rest/internal/web/controllers/Customer.java
+++ b/geode-assembly/src/test/java/org/apache/geode/rest/internal/web/controllers/Customer.java
@@ -31,7 +31,7 @@ import java.io.Serializable;
 public class Customer implements Serializable {
 
   @JsonProperty("id")
-  private Long customerId;
+  public Long customerId;
   private String firstName;
   private String lastName;
   @JsonProperty("ssn")
diff --git a/geode-core/src/main/java/org/apache/geode/cache/query/internal/AttributeDescriptor.java b/geode-core/src/main/java/org/apache/geode/cache/query/internal/AttributeDescriptor.java
index cc54db8..8bef658 100644
--- a/geode-core/src/main/java/org/apache/geode/cache/query/internal/AttributeDescriptor.java
+++ b/geode-core/src/main/java/org/apache/geode/cache/query/internal/AttributeDescriptor.java
@@ -35,7 +35,6 @@ import org.apache.geode.cache.query.QueryService;
 import org.apache.geode.cache.query.types.ObjectType;
 import org.apache.geode.internal.cache.Token;
 import org.apache.geode.internal.i18n.LocalizedStrings;
-import org.apache.geode.internal.security.SecurityService;
 import org.apache.geode.pdx.JSONFormatter;
 import org.apache.geode.pdx.PdxInstance;
 import org.apache.geode.pdx.PdxSerializationException;
@@ -51,16 +50,15 @@ import org.apache.geode.pdx.internal.PdxInstanceImpl;
 
 public class AttributeDescriptor {
   private final String _name;
-  private final SecurityService _securityService;
+  private final MethodInvocationAuthorizer _methodInvocationAuthorizer;
   /** cache for remembering the correct Member for a class and attribute */
-  // DAVID/JASON should this be ConcurrentHashMap or ConcurrentMap? (is there a difference?)
   private static final ConcurrentMap _local_field_cache = new ConcurrentHashMap();
   private static final ConcurrentMap _local_method_cache = new ConcurrentHashMap();
 
 
 
-  public AttributeDescriptor(SecurityService securityService, String name) {
-    _securityService = securityService;
+  public AttributeDescriptor(MethodInvocationAuthorizer methodInvocationAuthorizer, String name) {
+    _methodInvocationAuthorizer = methodInvocationAuthorizer;
     _name = name;
   }
 
@@ -99,11 +97,10 @@ public class AttributeDescriptor {
 
     Class resolutionClass = target.getClass();
     Member m = getReadMember(resolutionClass);
-    System.out.println("JASON found m:" + m.getName());
     try {
       if (m instanceof Method) {
         try {
-          MethodInvocationAuthorizer.authorizeFunctionInvocation(_securityService, m, target);
+          _methodInvocationAuthorizer.authorizeMethodInvocation((Method) m, target);
           return ((Method) m).invoke(target, (Object[]) null);
         } catch (EntryDestroyedException e) {
           // eat the Exception
@@ -163,7 +160,6 @@ public class AttributeDescriptor {
       m = (Member) _local_method_cache.get(key);
 
       if (m != null) {
-        MethodInvocationAuthorizer.authorizeFunctionInvocation(m);
         return m;
       }
     }
@@ -188,7 +184,6 @@ public class AttributeDescriptor {
   }
 
 
-
   private Field getReadField(Class targetType) {
     try {
       return targetType.getField(_name);
@@ -215,9 +210,7 @@ public class AttributeDescriptor {
 
   private Method getReadMethod(Class targetType, String methodName) {
     try {
-      Method m = targetType.getMethod(methodName, (Class[]) null);
-      MethodInvocationAuthorizer.authorizeFunctionInvocation(m);
-      return m;
+      return targetType.getMethod(methodName, (Class[]) null);
     } catch (NoSuchMethodException e) {
       updateClassToMethodsMap(targetType.getCanonicalName(), _name);
       return null;
diff --git a/geode-core/src/main/java/org/apache/geode/cache/query/internal/CompiledIteratorDef.java b/geode-core/src/main/java/org/apache/geode/cache/query/internal/CompiledIteratorDef.java
index c1c9140..872614d 100644
--- a/geode-core/src/main/java/org/apache/geode/cache/query/internal/CompiledIteratorDef.java
+++ b/geode-core/src/main/java/org/apache/geode/cache/query/internal/CompiledIteratorDef.java
@@ -119,7 +119,6 @@ public class CompiledIteratorDef extends AbstractCompiledValue {
       } catch (RegionNotFoundException re) {
         throw re;
       } catch (Exception e) {
-        logger.info("JASON:", e);
         if (logger.isDebugEnabled()) {
           logger.debug("Exception while getting runtime iterator.", e);
         }
diff --git a/geode-core/src/main/java/org/apache/geode/cache/query/internal/CompiledOperation.java b/geode-core/src/main/java/org/apache/geode/cache/query/internal/CompiledOperation.java
index 3f0934d..0e5bd14 100644
--- a/geode-core/src/main/java/org/apache/geode/cache/query/internal/CompiledOperation.java
+++ b/geode-core/src/main/java/org/apache/geode/cache/query/internal/CompiledOperation.java
@@ -258,8 +258,9 @@ public class CompiledOperation extends AbstractCompiledValue {
     methodDispatch = (MethodDispatch) CompiledOperation.cache.get(key);
     if (methodDispatch == null) {
       try {
-        methodDispatch = new MethodDispatch(context.getCache().getSecurityService(), resolutionType,
-            this.methodName, argTypes);
+        methodDispatch =
+            new MethodDispatch(context.getCache().getQueryService().getMethodInvocationAuthorizer(),
+                resolutionType, this.methodName, argTypes);
       } catch (NameResolutionException nre) {
         if (!org.apache.geode.cache.query.Struct.class.isAssignableFrom(resolutionType)
             && (DefaultQueryService.QUERY_HETEROGENEOUS_OBJECTS
diff --git a/geode-core/src/main/java/org/apache/geode/cache/query/internal/CompiledSelect.java b/geode-core/src/main/java/org/apache/geode/cache/query/internal/CompiledSelect.java
index 30bda63..3ab90aa 100644
--- a/geode-core/src/main/java/org/apache/geode/cache/query/internal/CompiledSelect.java
+++ b/geode-core/src/main/java/org/apache/geode/cache/query/internal/CompiledSelect.java
@@ -1116,19 +1116,8 @@ public class CompiledSelect extends AbstractCompiledValue {
       List pathOnItr = cv.getPathOnIterator(rit, context);
       if (pathOnItr != null) {
         String path[] = (String[]) pathOnItr.toArray(new String[pathOnItr.size()]);
-        try {
-          ObjectType ot[] = PathUtils.calculateTypesAlongPath(context, rit.getElementType(), path);
-          retType = ot[ot.length - 1];
-        } catch (NotAuthorizedException e) {
-          // When preparing result sets/ transform object types are unknown meaning all calls to
-          // fields, getters, etc. fall through to method invocation. The query itself may not need
-          // to do method invocation but because everything is falling through the user must be
-          // authorized for method invocation (DATA:MANAGE and CLUSTER:MANAGE). To execute a query
-          // without method invocation requires (DATA:READ). Because the code is unable to determine
-          // if we truly need the higher authorizations, we should continue until a true method
-          // invocation is required. This code does not actually invoke() the method and instead is
-          // using the method object to check class types.
-        }
+        ObjectType ot[] = PathUtils.calculateTypesAlongPath(context, rit.getElementType(), path);
+        retType = ot[ot.length - 1];
       }
     } catch (NameNotFoundException ignore) {
       // Unable to determine the type Of attribute.It will default to
diff --git a/geode-core/src/main/java/org/apache/geode/cache/query/internal/DefaultQuery.java b/geode-core/src/main/java/org/apache/geode/cache/query/internal/DefaultQuery.java
index 39886bb..c242d89 100644
--- a/geode-core/src/main/java/org/apache/geode/cache/query/internal/DefaultQuery.java
+++ b/geode-core/src/main/java/org/apache/geode/cache/query/internal/DefaultQuery.java
@@ -86,8 +86,6 @@ public class DefaultQuery implements Query {
   public static boolean QUERY_VERBOSE =
       Boolean.getBoolean(DistributionConfig.GEMFIRE_PREFIX + "Query.VERBOSE");
 
-  public static boolean ALLOW_UNTRUSTED_METHOD_INVOCATION = Boolean.getBoolean(DistributionConfig.GEMFIRE_PREFIX + "Query.allowUntrustedMethodInvocation");
-
   /**
    * System property to cleanup the compiled query. The compiled query will be removed if it is not
    * used for more than the set value. By default its set to 10 minutes, the time is set in
diff --git a/geode-core/src/main/java/org/apache/geode/cache/query/internal/DefaultQueryService.java b/geode-core/src/main/java/org/apache/geode/cache/query/internal/DefaultQueryService.java
index e3b2449..8fc1c9e 100644
--- a/geode-core/src/main/java/org/apache/geode/cache/query/internal/DefaultQueryService.java
+++ b/geode-core/src/main/java/org/apache/geode/cache/query/internal/DefaultQueryService.java
@@ -39,13 +39,14 @@ import org.apache.geode.internal.logging.LogService;
 import org.apache.geode.internal.logging.log4j.LocalizedMessage;
 import org.apache.logging.log4j.Logger;
 
+import java.lang.reflect.Method;
 import java.util.*;
 import java.util.Map.Entry;
 
 /**
  * @version $Revision: 1.2 $
  */
-public class DefaultQueryService implements QueryService {
+public class DefaultQueryService implements InternalQueryService {
   private static final Logger logger = LogService.getLogger();
 
   /**
@@ -62,22 +63,37 @@ public class DefaultQueryService implements QueryService {
           DistributionConfig.GEMFIRE_PREFIX + "QueryService.CopyOnReadAtEntryLevel", "false"))
       .booleanValue();
 
+  public static boolean ALLOW_UNTRUSTED_METHOD_INVOCATION = Boolean.getBoolean(
+      DistributionConfig.GEMFIRE_PREFIX + "QueryService.allowUntrustedMethodInvocation");
+
 
   /** Test purpose only */
   public static boolean TEST_QUERY_HETEROGENEOUS_OBJECTS = false;
 
   private final InternalCache cache;
 
+  private final MethodInvocationAuthorizer methodInvocationAuthorizer;
+
   private InternalPool pool;
 
   private Map<Region, HashSet<IndexCreationData>> indexDefinitions =
       Collections.synchronizedMap(new HashMap<Region, HashSet<IndexCreationData>>());
 
+
   public DefaultQueryService(InternalCache cache) {
     if (cache == null)
       throw new IllegalArgumentException(
           LocalizedStrings.DefaultQueryService_CACHE_MUST_NOT_BE_NULL.toLocalizedString());
     this.cache = cache;
+    if (!cache.getSecurityService().isIntegratedSecurity() || ALLOW_UNTRUSTED_METHOD_INVOCATION) {
+      // A no-op authorizer, allow method invocation
+      this.methodInvocationAuthorizer = ((Method m, Object t) -> {
+      });
+    } else {
+      this.methodInvocationAuthorizer =
+          new RestrictedMethodInvocationAuthorizer(cache.getSecurityService());
+
+    }
   }
 
   /**
@@ -950,4 +966,7 @@ public class DefaultQueryService implements QueryService {
     return pool;
   }
 
+  public MethodInvocationAuthorizer getMethodInvocationAuthorizer() {
+    return methodInvocationAuthorizer;
+  }
 }
diff --git a/geode-core/src/test/java/org/apache/geode/security/query/PartitionedQuerySecurityDUnitTest.java b/geode-core/src/main/java/org/apache/geode/cache/query/internal/InternalQueryService.java
similarity index 57%
copy from geode-core/src/test/java/org/apache/geode/security/query/PartitionedQuerySecurityDUnitTest.java
copy to geode-core/src/main/java/org/apache/geode/cache/query/internal/InternalQueryService.java
index 4d81034..2fd462e 100644
--- a/geode-core/src/test/java/org/apache/geode/security/query/PartitionedQuerySecurityDUnitTest.java
+++ b/geode-core/src/main/java/org/apache/geode/cache/query/internal/InternalQueryService.java
@@ -12,21 +12,11 @@
  * or implied. See the License for the specific language governing permissions and limitations under
  * the License.
  */
-package org.apache.geode.security.query;
+package org.apache.geode.cache.query.internal;
 
-import junitparams.JUnitParamsRunner;
-import org.junit.experimental.categories.Category;
-import org.junit.runner.RunWith;
+import org.apache.geode.cache.query.QueryService;
 
-import org.apache.geode.cache.RegionShortcut;
-import org.apache.geode.test.junit.categories.DistributedTest;
-import org.apache.geode.test.junit.categories.SecurityTest;
-
-@Category({DistributedTest.class, SecurityTest.class})
-@RunWith(JUnitParamsRunner.class)
-public class PartitionedQuerySecurityDUnitTest extends QuerySecurityDUnitTest {
-  public RegionShortcut getRegionType() {
-    return RegionShortcut.PARTITION;
-  }
+public interface InternalQueryService extends QueryService {
 
+  MethodInvocationAuthorizer getMethodInvocationAuthorizer();
 }
diff --git a/geode-core/src/main/java/org/apache/geode/cache/query/internal/MethodDispatch.java b/geode-core/src/main/java/org/apache/geode/cache/query/internal/MethodDispatch.java
index 61bae00..7b5e65c 100644
--- a/geode-core/src/main/java/org/apache/geode/cache/query/internal/MethodDispatch.java
+++ b/geode-core/src/main/java/org/apache/geode/cache/query/internal/MethodDispatch.java
@@ -30,7 +30,6 @@ import org.apache.geode.cache.query.NameResolutionException;
 import org.apache.geode.cache.query.QueryInvocationTargetException;
 import org.apache.geode.cache.query.internal.types.TypeUtils;
 import org.apache.geode.internal.i18n.LocalizedStrings;
-import org.apache.geode.internal.security.SecurityService;
 
 
 /**
@@ -44,14 +43,14 @@ public class MethodDispatch {
   private String _methodName;
   private Class[] _argTypes;
   private Method _method; // remember the right method
-  private SecurityService _securityService;
+  private MethodInvocationAuthorizer _methodInvocationAuthorizer;
 
-  public MethodDispatch(SecurityService securityService, Class targetClass, String methodName,
-      List argTypes) throws NameResolutionException {
+  public MethodDispatch(MethodInvocationAuthorizer methodInvocationAuthorizer, Class targetClass,
+      String methodName, List argTypes) throws NameResolutionException {
     _targetClass = targetClass;
     _methodName = methodName;
     _argTypes = (Class[]) argTypes.toArray(new Class[argTypes.size()]);
-    _securityService = securityService;
+    _methodInvocationAuthorizer = methodInvocationAuthorizer;
 
     resolve();
     // override security in case this is a method on a nonpublic class
@@ -64,7 +63,7 @@ public class MethodDispatch {
     Object[] argsArray = args.toArray();
 
     try {
-      MethodInvocationAuthorizer.authorizeFunctionInvocation(_securityService, _method, target);
+      _methodInvocationAuthorizer.authorizeMethodInvocation(_method, target);
       return _method.invoke(target, argsArray);
     } catch (IllegalAccessException e) {
       throw new NameNotFoundException(
diff --git a/geode-core/src/main/java/org/apache/geode/cache/query/internal/MethodInvocationAuthorizer.java b/geode-core/src/main/java/org/apache/geode/cache/query/internal/MethodInvocationAuthorizer.java
index d5f8cbe..412c2d5 100644
--- a/geode-core/src/main/java/org/apache/geode/cache/query/internal/MethodInvocationAuthorizer.java
+++ b/geode-core/src/main/java/org/apache/geode/cache/query/internal/MethodInvocationAuthorizer.java
@@ -14,140 +14,8 @@
  */
 package org.apache.geode.cache.query.internal;
 
-import java.lang.reflect.Member;
-import java.math.BigDecimal;
-import java.math.BigInteger;
-import java.security.Security;
-import java.sql.Timestamp;
-import java.util.Date;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Map;
-import java.util.Set;
-import java.util.concurrent.atomic.AtomicInteger;
-import java.util.concurrent.atomic.AtomicLong;
+import java.lang.reflect.Method;
 
-import org.apache.geode.cache.Region;
-import org.apache.geode.cache.query.internal.index.DummyQRegion;
-import org.apache.geode.internal.cache.EntrySnapshot;
-import org.apache.geode.internal.cache.LocalRegion;
-import org.apache.geode.internal.cache.PartitionedRegion;
-import org.apache.geode.internal.i18n.LocalizedStrings;
-import org.apache.geode.internal.security.SecurityService;
-import org.apache.geode.security.NotAuthorizedException;
-import org.apache.geode.security.ResourcePermission;
-
-public class MethodInvocationAuthorizer {
-
-  public static final String UNAUTHORIZED_STRING = "Unauthorized access to method: ";
-  // List of methods that can be invoked by
-  public static final Set<String> whiteListedMethods = new HashSet<>();
-  public static final HashMap<String, Set> whiteListedClassMethods = new HashMap<>();
-  static {
-    whiteListedMethods.add("toString");
-    whiteListedMethods.add("equals");
-    whiteListedMethods.add("compareTo");
-
-    Set<String> booleanMethods = new HashSet<>();
-    booleanMethods.add("booleanValue");
-    whiteListedClassMethods.put(Boolean.class.getName(), booleanMethods);
-
-    Set<String> numberMethods = new HashSet<>();
-    numberMethods.add("byteValue");
-    numberMethods.add("doubleValue");
-    numberMethods.add("intValue");
-    numberMethods.add("floatValue");
-    numberMethods.add("longValue");
-    numberMethods.add("shortValue");
-    whiteListedClassMethods.put(Byte.class.getName(), numberMethods);
-    whiteListedClassMethods.put(Double.class.getName(), numberMethods);
-    whiteListedClassMethods.put(Float.class.getName(), numberMethods);
-    whiteListedClassMethods.put(Integer.class.getName(), numberMethods);
-    whiteListedClassMethods.put(Short.class.getName(), numberMethods);
-    whiteListedClassMethods.put(Number.class.getName(), numberMethods);
-    whiteListedClassMethods.put(BigDecimal.class.getName(), numberMethods);
-    whiteListedClassMethods.put(BigInteger.class.getName(), numberMethods);
-    whiteListedClassMethods.put(AtomicInteger.class.getName(), numberMethods);
-    whiteListedClassMethods.put(AtomicLong.class.getName(), numberMethods);
-
-    Set<String> dateMethods = new HashSet<>();
-    dateMethods.add("after");
-    dateMethods.add("before");
-    whiteListedClassMethods.put(Date.class.getName(), dateMethods);
-
-    Set<String> timestampMethods = new HashSet<>();
-    timestampMethods.add("after");
-    timestampMethods.add("before");
-    timestampMethods.add("getNanos");
-    timestampMethods.add("getTime");
-    whiteListedClassMethods.put(Timestamp.class.getName(), timestampMethods);
-
-    Set<String> mapMethods = new HashSet<>();
-    mapMethods.add("entrySet");
-    mapMethods.add("keySet");
-    mapMethods.add("values");
-    mapMethods.add("getEntries");
-    mapMethods.add("getValues");
-    mapMethods.add("containsKey");
-    whiteListedClassMethods.put(QRegion.class.getName(), mapMethods);
-    whiteListedClassMethods.put(DummyQRegion.class.getName(), mapMethods);
-    whiteListedClassMethods.put(PartitionedRegion.class.getName(), mapMethods);
-
-    Set<String> mapEntryMethods = new HashSet<>();
-    mapEntryMethods.add("getKey");
-    mapEntryMethods.add("getValue");
-    whiteListedClassMethods.put(Map.Entry.class.getName(), mapEntryMethods);
-    whiteListedClassMethods.put(LocalRegion.NonTXEntry.class.getName(), mapEntryMethods);
-    whiteListedClassMethods.put(EntrySnapshot.class.getName(), mapEntryMethods);
-
-    Set<String> stringMethods = new HashSet<>();
-    stringMethods.add("toString");
-    stringMethods.add("toLowerCase");
-    stringMethods.add("toUpperCase");
-    whiteListedClassMethods.put(String.class.getName(), stringMethods);
-
-    Set<String> localRegionMethods = new HashSet<>();
-    localRegionMethods.add("values");
-    whiteListedClassMethods.put(LocalRegion.class.getName(), localRegionMethods);
-  }
-
-  public MethodInvocationAuthorizer() {
-
-  }
-
-  public static boolean isWhitelisted(Member method) {
-    return isWhitelisted(method.getDeclaringClass().getName(), method.getName());
-  }
-
-  public static void allowedRegionAccess(SecurityService securityService, Member method,
-      Object target) {
-    if (target instanceof Region) {
-      String regionName = ((Region) target).getName();
-      securityService.authorize(ResourcePermission.Resource.DATA, ResourcePermission.Operation.READ, regionName);
-    }
-  }
-
-  public static boolean isWhitelisted(String className, String methodName) {
-    if (DefaultQuery.ALLOW_UNTRUSTED_METHOD_INVOCATION || whiteListedMethods.contains((methodName))) {
-      return true;
-    }
-
-    Set whiteListedMethods = whiteListedClassMethods.get(className);
-    if (whiteListedMethods != null) {
-      return whiteListedMethods.contains(methodName);
-    }
-    return false;
-  }
-  public static void authorizeFunctionInvocation(Member method) {
-    if (!isWhitelisted(method) ) {
-      throw new NotAuthorizedException(UNAUTHORIZED_STRING + method.getName());
-    }
-  }
-
-  public static void authorizeFunctionInvocation(SecurityService securityService, Member method, Object target) {
-    if (!isWhitelisted(method)) {
-      throw new NotAuthorizedException(UNAUTHORIZED_STRING + method.getName());
-    }
-    allowedRegionAccess(securityService, method, target);
-  }
+public interface MethodInvocationAuthorizer {
+  void authorizeMethodInvocation(Method method, Object target);
 }
diff --git a/geode-core/src/main/java/org/apache/geode/cache/query/internal/PathUtils.java b/geode-core/src/main/java/org/apache/geode/cache/query/internal/PathUtils.java
index aecf5d2..4c7141f 100644
--- a/geode-core/src/main/java/org/apache/geode/cache/query/internal/PathUtils.java
+++ b/geode-core/src/main/java/org/apache/geode/cache/query/internal/PathUtils.java
@@ -72,8 +72,9 @@ public class PathUtils {
       }
     }
     try {
-      return new AttributeDescriptor(context.getCache().getSecurityService(), attribute)
-          .read(target);
+      return new AttributeDescriptor(
+          context.getCache().getQueryService().getMethodInvocationAuthorizer(), attribute)
+              .read(target);
     } catch (NameNotFoundException nfe) {
       if (DefaultQueryService.QUERY_HETEROGENEOUS_OBJECTS
           || DefaultQueryService.TEST_QUERY_HETEROGENEOUS_OBJECTS) {
@@ -111,8 +112,8 @@ public class PathUtils {
 
     for (int i = 1; i < types.length; i++) {
       ObjectType currentType = types[i - 1];
-      Member member =
-          new AttributeDescriptor(context.getCache().getSecurityService(), pathArray[i - 1])
+      Member member = new AttributeDescriptor(
+          context.getCache().getQueryService().getMethodInvocationAuthorizer(), pathArray[i - 1])
               .getReadMember(currentType);
 
       if (member instanceof Field)
@@ -169,8 +170,9 @@ public class PathUtils {
             stepStr = stepStr.substring(0, stepStr.length() - 2);
             member = clazz.getMethod(stepStr, (Class[]) null);
           } else {
-            member = new AttributeDescriptor(context.getCache().getSecurityService(), stepStr)
-                .getReadMember(clazz);
+            member = new AttributeDescriptor(
+                context.getCache().getQueryService().getMethodInvocationAuthorizer(), stepStr)
+                    .getReadMember(clazz);
           }
           if (member instanceof Field) {
             clazz = ((Field) member).getType();
diff --git a/geode-core/src/main/java/org/apache/geode/cache/query/internal/RestrictedMethodInvocationAuthorizer.java b/geode-core/src/main/java/org/apache/geode/cache/query/internal/RestrictedMethodInvocationAuthorizer.java
new file mode 100644
index 0000000..e97fe34
--- /dev/null
+++ b/geode-core/src/main/java/org/apache/geode/cache/query/internal/RestrictedMethodInvocationAuthorizer.java
@@ -0,0 +1,135 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.geode.cache.query.internal;
+
+import java.lang.reflect.Member;
+import java.lang.reflect.Method;
+import java.math.BigDecimal;
+import java.math.BigInteger;
+import java.sql.Timestamp;
+import java.util.Collection;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
+import java.util.concurrent.atomic.AtomicInteger;
+import java.util.concurrent.atomic.AtomicLong;
+
+import org.apache.geode.cache.Region;
+import org.apache.geode.cache.query.internal.index.DummyQRegion;
+import org.apache.geode.internal.cache.EntrySnapshot;
+import org.apache.geode.internal.cache.LocalRegion;
+import org.apache.geode.internal.cache.PartitionedRegion;
+import org.apache.geode.internal.security.SecurityService;
+import org.apache.geode.security.NotAuthorizedException;
+import org.apache.geode.security.ResourcePermission;
+
+public class RestrictedMethodInvocationAuthorizer implements MethodInvocationAuthorizer {
+
+  public static final String UNAUTHORIZED_STRING = "Unauthorized access to method: ";
+
+  private SecurityService securityService;
+
+  // List of methods that can be invoked by
+  private final HashMap<String, Set> whiteListedMethodsToClass;
+
+
+  public RestrictedMethodInvocationAuthorizer(SecurityService securityService) {
+    this.securityService = securityService;
+    whiteListedMethodsToClass = createWhiteList();
+  }
+
+  private HashMap<String, Set> createWhiteList() {
+    HashMap<String, Set> whiteListMap = new HashMap();
+    Set<Class> objectCallers = new HashSet();
+    objectCallers.add(Object.class);
+    whiteListMap.put("toString", objectCallers);
+    whiteListMap.put("equals", objectCallers);
+    whiteListMap.put("compareTo", objectCallers);
+
+    Set<Class> booleanCallers = new HashSet();
+    booleanCallers.add(Boolean.class);
+    whiteListMap.put("booleanValue", booleanCallers);
+
+    Set<Class> numericCallers = new HashSet();
+    numericCallers.add(Number.class);
+    whiteListMap.put("byteValue", numericCallers);
+    whiteListMap.put("intValue", numericCallers);
+    whiteListMap.put("doubleValue", numericCallers);
+    whiteListMap.put("floatValue", numericCallers);
+    whiteListMap.put("longValue", numericCallers);
+    whiteListMap.put("shortValue", numericCallers);
+
+    Set<Class> mapCallers = new HashSet();
+    mapCallers.add(Collection.class);
+    mapCallers.add(Map.class);
+    whiteListMap.put("entrySet", mapCallers);
+    whiteListMap.put("keySet", mapCallers);
+    whiteListMap.put("values", mapCallers);
+    whiteListMap.put("getEntries", mapCallers);
+    whiteListMap.put("getValues", mapCallers);
+    whiteListMap.put("containsKey", mapCallers);
+
+    Set<Class> mapEntryCallers = new HashSet();
+    mapEntryCallers.add(Map.Entry.class);
+    whiteListMap.put("getKey", mapEntryCallers);
+    whiteListMap.put("getValue", mapEntryCallers);
+
+    Set<Class> dateCallers = new HashSet<>();
+    dateCallers.add(Date.class);
+    whiteListMap.put("after", dateCallers);
+    whiteListMap.put("before", dateCallers);
+    whiteListMap.put("getNanos", dateCallers);
+    whiteListMap.put("getTime", dateCallers);
+
+    Set<Class> stringCallers = new HashSet<>();
+    stringCallers.add(String.class);
+    whiteListMap.put("toLowerCase", stringCallers);
+    whiteListMap.put("toUpperCase", stringCallers);
+    return whiteListMap;
+  }
+
+  boolean isWhitelisted(Method method) {
+    String methodName = method.getName();
+
+    Set<Class> allowedClasses = whiteListedMethodsToClass.get(methodName);
+    if (allowedClasses == null) {
+      return false;
+    }
+    for (Class clazz : allowedClasses) {
+      if (clazz.isAssignableFrom(method.getDeclaringClass())) {
+        return true;
+      }
+    }
+    return false;
+  }
+
+  @Override
+  public void authorizeMethodInvocation(Method method, Object target) {
+    if (!isWhitelisted(method)) {
+      throw new NotAuthorizedException(UNAUTHORIZED_STRING + method.getName());
+    }
+    authorizeRegionAccess(securityService, target);
+  }
+
+  private void authorizeRegionAccess(SecurityService securityService, Object target) {
+    if (target instanceof Region) {
+      String regionName = ((Region) target).getName();
+      securityService.authorize(ResourcePermission.Resource.DATA, ResourcePermission.Operation.READ,
+          regionName);
+    }
+  }
+}
diff --git a/geode-core/src/main/java/org/apache/geode/cache/query/internal/RuntimeIterator.java b/geode-core/src/main/java/org/apache/geode/cache/query/internal/RuntimeIterator.java
index 23d470c..3373b96 100644
--- a/geode-core/src/main/java/org/apache/geode/cache/query/internal/RuntimeIterator.java
+++ b/geode-core/src/main/java/org/apache/geode/cache/query/internal/RuntimeIterator.java
@@ -198,8 +198,9 @@ public class RuntimeIterator extends AbstractCompiledValue {
     // if there are zero arguments and it's an attribute, then defer to
     // AttributeDescriptor
     // to see if there's a match
-    return new AttributeDescriptor(context.getCache().getSecurityService(), name)
-        .validateReadType(clazz);
+    return new AttributeDescriptor(
+        context.getCache().getQueryService().getMethodInvocationAuthorizer(), name)
+            .validateReadType(clazz);
   }
 
   // private SelectResults prepareIteratorDef(Object obj)
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/GemFireCacheImpl.java b/geode-core/src/main/java/org/apache/geode/internal/cache/GemFireCacheImpl.java
index c5b5d01..e2975ea 100755
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/GemFireCacheImpl.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/GemFireCacheImpl.java
@@ -79,6 +79,9 @@ import com.sun.jna.Platform;
 import org.apache.commons.lang.StringUtils;
 import org.apache.logging.log4j.Logger;
 
+import org.apache.geode.cache.query.internal.InternalQueryService;
+import org.apache.geode.cache.query.internal.MethodInvocationAuthorizer;
+import org.apache.geode.cache.query.internal.RestrictedMethodInvocationAuthorizer;
 import org.apache.geode.internal.cache.event.EventTrackerExpiryTask;
 import org.apache.geode.internal.cache.wan.GatewaySenderQueueEntrySynchronizationListener;
 import org.apache.geode.internal.security.SecurityServiceFactory;
@@ -177,7 +180,6 @@ import org.apache.geode.internal.SystemTimer;
 import org.apache.geode.internal.cache.control.InternalResourceManager;
 import org.apache.geode.internal.cache.control.InternalResourceManager.ResourceType;
 import org.apache.geode.internal.cache.control.ResourceAdvisor;
-import org.apache.geode.internal.cache.event.EventTrackerExpiryTask;
 import org.apache.geode.internal.cache.execute.util.FindRestEnabledServersFunction;
 import org.apache.geode.internal.cache.extension.Extensible;
 import org.apache.geode.internal.cache.extension.ExtensionPoint;
@@ -215,7 +217,6 @@ import org.apache.geode.internal.logging.log4j.LocalizedMessage;
 import org.apache.geode.internal.net.SocketCreator;
 import org.apache.geode.internal.offheap.MemoryAllocator;
 import org.apache.geode.internal.security.SecurityService;
-import org.apache.geode.internal.security.SecurityServiceFactory;
 import org.apache.geode.internal.sequencelog.SequenceLoggerImpl;
 import org.apache.geode.internal.tcp.ConnectionTable;
 import org.apache.geode.internal.util.concurrent.FutureResult;
@@ -4192,7 +4193,7 @@ public class GemFireCacheImpl implements InternalCache, InternalClientCache, Has
   }
 
   @Override
-  public QueryService getQueryService() {
+  public InternalQueryService getQueryService() {
     if (!isClient()) {
       return new DefaultQueryService(this);
     }
@@ -4201,7 +4202,7 @@ public class GemFireCacheImpl implements InternalCache, InternalClientCache, Has
       throw new IllegalStateException(
           "Client cache does not have a default pool. Use getQueryService(String poolName) instead.");
     }
-    return defaultPool.getQueryService();
+    return (InternalQueryService) defaultPool.getQueryService();
   }
 
   @Override
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/InternalCache.java b/geode-core/src/main/java/org/apache/geode/internal/cache/InternalCache.java
index 66bc44a..5ef8fcd 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/InternalCache.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/InternalCache.java
@@ -39,6 +39,7 @@ import org.apache.geode.cache.asyncqueue.AsyncEventQueue;
 import org.apache.geode.cache.asyncqueue.internal.AsyncEventQueueImpl;
 import org.apache.geode.cache.client.internal.ClientMetadataService;
 import org.apache.geode.cache.query.QueryService;
+import org.apache.geode.cache.query.internal.InternalQueryService;
 import org.apache.geode.cache.query.internal.QueryMonitor;
 import org.apache.geode.cache.query.internal.cq.CqService;
 import org.apache.geode.cache.server.CacheServer;
@@ -320,4 +321,6 @@ public interface InternalCache extends Cache, Extensible<Cache>, CacheTime {
   void invokeRegionEntrySynchronizationListenersAfterSynchronization(
       InternalDistributedMember sender, LocalRegion region,
       List<InitialImageOperation.Entry> entriesToSynchronize);
+
+  InternalQueryService getQueryService();
 }
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/xmlcache/CacheCreation.java b/geode-core/src/main/java/org/apache/geode/internal/cache/xmlcache/CacheCreation.java
index 9c80ce1..3cd1971 100755
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/xmlcache/CacheCreation.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/xmlcache/CacheCreation.java
@@ -58,6 +58,8 @@ import org.apache.geode.cache.query.Query;
 import org.apache.geode.cache.query.QueryInvalidException;
 import org.apache.geode.cache.query.QueryService;
 import org.apache.geode.cache.query.RegionNotFoundException;
+import org.apache.geode.cache.query.internal.InternalQueryService;
+import org.apache.geode.cache.query.internal.MethodInvocationAuthorizer;
 import org.apache.geode.cache.query.internal.QueryMonitor;
 import org.apache.geode.cache.query.internal.cq.CqService;
 import org.apache.geode.cache.server.CacheServer;
@@ -943,7 +945,7 @@ public class CacheCreation implements InternalCache {
   }
 
   @Override
-  public QueryService getQueryService() {
+  public InternalQueryService getQueryService() {
     return this.queryService;
   }
 
@@ -1735,7 +1737,7 @@ public class CacheCreation implements InternalCache {
     return null;
   }
 
-  private final QueryService queryService = new QueryService() {
+  private final InternalQueryService queryService = new InternalQueryService() {
 
     private final Map<String, List<Index>> indexes = new HashMap<>();
 
@@ -1958,6 +1960,10 @@ public class CacheCreation implements InternalCache {
       throw new UnsupportedOperationException(LocalizedStrings.SHOULDNT_INVOKE.toLocalizedString());
     }
 
+    @Override
+    public MethodInvocationAuthorizer getMethodInvocationAuthorizer() {
+      throw new UnsupportedOperationException(LocalizedStrings.SHOULDNT_INVOKE.toLocalizedString());
+    }
   };
 
   @Override
diff --git a/geode-core/src/test/java/org/apache/geode/internal/MethodInvocationAuthorizerTest.java b/geode-core/src/test/java/org/apache/geode/cache/query/internal/RestrictedMethodInvocationAuthorizerTest.java
similarity index 59%
rename from geode-core/src/test/java/org/apache/geode/internal/MethodInvocationAuthorizerTest.java
rename to geode-core/src/test/java/org/apache/geode/cache/query/internal/RestrictedMethodInvocationAuthorizerTest.java
index 490cf2c..45ddf27 100644
--- a/geode-core/src/test/java/org/apache/geode/internal/MethodInvocationAuthorizerTest.java
+++ b/geode-core/src/test/java/org/apache/geode/cache/query/internal/RestrictedMethodInvocationAuthorizerTest.java
@@ -1,6 +1,21 @@
-package org.apache.geode.internal;
-
-
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.geode.cache.query.internal;
+
+
+import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertTrue;
 
 import java.lang.reflect.Method;
@@ -13,129 +28,139 @@ import java.util.concurrent.atomic.AtomicInteger;
 import java.util.concurrent.atomic.AtomicLong;
 
 import org.junit.Test;
+import org.junit.experimental.categories.Category;
 
-import org.apache.geode.cache.query.internal.MethodInvocationAuthorizer;
-import org.apache.geode.cache.query.internal.QRegion;
 import org.apache.geode.cache.query.internal.index.DummyQRegion;
 import org.apache.geode.internal.cache.EntrySnapshot;
 import org.apache.geode.internal.cache.LocalRegion;
 import org.apache.geode.internal.cache.PartitionedRegion;
+import org.apache.geode.test.junit.categories.SecurityTest;
+import org.apache.geode.test.junit.categories.UnitTest;
+
+@Category({UnitTest.class, SecurityTest.class})
+public class RestrictedMethodInvocationAuthorizerTest {
+  RestrictedMethodInvocationAuthorizer methodInvocationAuthorizer =
+      new RestrictedMethodInvocationAuthorizer(null);
 
-public class MethodInvocationAuthorizerTest {
+  @Test
+  public void getClassShouldFail() throws Exception {
+    Method method = Integer.class.getMethod("getClass");
+    assertFalse(methodInvocationAuthorizer.isWhitelisted(method));
+  }
 
   @Test
   public void toStringOnAnyObject() throws Exception {
     Method stringMethod = Integer.class.getMethod("toString");
-    assertTrue(MethodInvocationAuthorizer.isWhitelisted(stringMethod));
+    assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
   }
 
   @Test
   public void equalsOnAnyObject() throws Exception {
     Method equalsMethod = Integer.class.getMethod("equals", Object.class);
-    assertTrue(MethodInvocationAuthorizer.isWhitelisted(equalsMethod));
+    assertTrue(methodInvocationAuthorizer.isWhitelisted(equalsMethod));
   }
 
   @Test
   public void booleanMethodsAreWhiteListed() throws Exception {
     Method booleanValue = Boolean.class.getMethod("booleanValue");
-    assertTrue(MethodInvocationAuthorizer.isWhitelisted(booleanValue));
+    assertTrue(methodInvocationAuthorizer.isWhitelisted(booleanValue));
   }
 
   @Test
   public void toLowerCaseOnStringObject() throws Exception {
     Method stringMethod = String.class.getMethod("toLowerCase");
-    assertTrue(MethodInvocationAuthorizer.isWhitelisted(stringMethod));
+    assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
   }
 
   @Test
   public void toUpperCaseOnStringObject() throws Exception {
     Method stringMethod = String.class.getMethod("toUpperCase");
-    assertTrue(MethodInvocationAuthorizer.isWhitelisted(stringMethod));
+    assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
   }
 
   @Test
   public void utilDateAfterMethodIsWhiteListed() throws Exception {
     Method method = Date.class.getMethod("after", Date.class);
-    assertTrue(MethodInvocationAuthorizer.isWhitelisted(method));
+    assertTrue(methodInvocationAuthorizer.isWhitelisted(method));
   }
 
   @Test
   public void sqlDateAfterMethodIsWhiteListed() throws Exception {
     Method method = java.sql.Date.class.getMethod("after", Date.class);
-    assertTrue(MethodInvocationAuthorizer.isWhitelisted(method));
+    assertTrue(methodInvocationAuthorizer.isWhitelisted(method));
   }
 
   @Test
   public void utilDateBeforeMethodIsWhiteListed() throws Exception {
     Method method = Date.class.getMethod("before", Date.class);
-    assertTrue(MethodInvocationAuthorizer.isWhitelisted(method));
+    assertTrue(methodInvocationAuthorizer.isWhitelisted(method));
   }
 
   @Test
   public void sqlDateBeforeMethodIsWhiteListed() throws Exception {
     Method method = java.sql.Date.class.getMethod("before", Date.class);
-    assertTrue(MethodInvocationAuthorizer.isWhitelisted(method));
+    assertTrue(methodInvocationAuthorizer.isWhitelisted(method));
   }
 
   @Test
   public void timestampAfterMethodIsWhiteListed() throws Exception {
     Method method = Timestamp.class.getMethod("after", Timestamp.class);
-    assertTrue(MethodInvocationAuthorizer.isWhitelisted(method));
+    assertTrue(methodInvocationAuthorizer.isWhitelisted(method));
   }
 
   @Test
   public void sqlTimestampBeforeMethodIsWhiteListed() throws Exception {
     Method method = Timestamp.class.getMethod("before", Timestamp.class);
-    assertTrue(MethodInvocationAuthorizer.isWhitelisted(method));
+    assertTrue(methodInvocationAuthorizer.isWhitelisted(method));
   }
 
   @Test
   public void sqlTimestampGetNanosIsWhiteListed() throws Exception {
     Method method = Timestamp.class.getMethod("getNanos");
-    assertTrue(MethodInvocationAuthorizer.isWhitelisted(method));
+    assertTrue(methodInvocationAuthorizer.isWhitelisted(method));
   }
 
   @Test
   public void sqlTimestampGetTimeIsWhiteListed() throws Exception {
     Method method = Timestamp.class.getMethod("getTime");
-    assertTrue(MethodInvocationAuthorizer.isWhitelisted(method));
+    assertTrue(methodInvocationAuthorizer.isWhitelisted(method));
   }
 
 
   @Test
   public void getKeyForMapEntryIsWhiteListed() throws Exception {
     Method getKeyMethod = Map.Entry.class.getMethod("getKey");
-    assertTrue(MethodInvocationAuthorizer.isWhitelisted(getKeyMethod));
+    assertTrue(methodInvocationAuthorizer.isWhitelisted(getKeyMethod));
   }
 
   @Test
   public void getValueForMapEntryIsWhiteListed() throws Exception {
     Method getValueMethod = Map.Entry.class.getMethod("getValue");
-    assertTrue(MethodInvocationAuthorizer.isWhitelisted(getValueMethod));
+    assertTrue(methodInvocationAuthorizer.isWhitelisted(getValueMethod));
   }
 
   @Test
   public void getKeyForMapEntrySnapShotIsWhiteListed() throws Exception {
     Method getKeyMethod = EntrySnapshot.class.getMethod("getKey");
-    assertTrue(MethodInvocationAuthorizer.isWhitelisted(getKeyMethod));
+    assertTrue(methodInvocationAuthorizer.isWhitelisted(getKeyMethod));
   }
 
   @Test
   public void getValueForMapEntrySnapShotIsWhiteListed() throws Exception {
     Method getValueMethod = EntrySnapshot.class.getMethod("getValue");
-    assertTrue(MethodInvocationAuthorizer.isWhitelisted(getValueMethod));
+    assertTrue(methodInvocationAuthorizer.isWhitelisted(getValueMethod));
   }
 
   @Test
   public void getKeyForNonTXEntryIsWhiteListed() throws Exception {
     Method getKeyMethod = LocalRegion.NonTXEntry.class.getMethod("getKey");
-    assertTrue(MethodInvocationAuthorizer.isWhitelisted(getKeyMethod));
+    assertTrue(methodInvocationAuthorizer.isWhitelisted(getKeyMethod));
   }
 
   @Test
   public void getValueForNonTXEntryIsWhiteListed() throws Exception {
     Method getValueMethod = LocalRegion.NonTXEntry.class.getMethod("getValue");
-    assertTrue(MethodInvocationAuthorizer.isWhitelisted(getValueMethod));
+    assertTrue(methodInvocationAuthorizer.isWhitelisted(getValueMethod));
   }
 
   @Test
@@ -150,7 +175,15 @@ public class MethodInvocationAuthorizerTest {
 
   @Test
   public void mapMethodsForPartitionedRegionAreWhiteListed() throws Exception {
-    testMapMethods(PartitionedRegion.class);
+    Class clazz = PartitionedRegion.class;
+    Method entrySet = clazz.getMethod("entrySet");
+    Method keySet = clazz.getMethod("keySet");
+    Method values = clazz.getMethod("values");
+    Method containsKey = clazz.getMethod("containsKey", Object.class);
+    assertTrue(methodInvocationAuthorizer.isWhitelisted(entrySet));
+    assertTrue(methodInvocationAuthorizer.isWhitelisted(keySet));
+    assertTrue(methodInvocationAuthorizer.isWhitelisted(values));
+    assertTrue(methodInvocationAuthorizer.isWhitelisted(containsKey));
   }
 
   @Test
@@ -205,12 +238,12 @@ public class MethodInvocationAuthorizerTest {
     Method floatValue = clazz.getMethod("longValue");
     Method longValue = clazz.getMethod("floatValue");
     Method shortValue = clazz.getMethod("shortValue");
-    assertTrue(MethodInvocationAuthorizer.isWhitelisted(byteValue));
-    assertTrue(MethodInvocationAuthorizer.isWhitelisted(doubleValue));
-    assertTrue(MethodInvocationAuthorizer.isWhitelisted(intValue));
-    assertTrue(MethodInvocationAuthorizer.isWhitelisted(floatValue));
-    assertTrue(MethodInvocationAuthorizer.isWhitelisted(longValue));
-    assertTrue(MethodInvocationAuthorizer.isWhitelisted(shortValue));
+    assertTrue(methodInvocationAuthorizer.isWhitelisted(byteValue));
+    assertTrue(methodInvocationAuthorizer.isWhitelisted(doubleValue));
+    assertTrue(methodInvocationAuthorizer.isWhitelisted(intValue));
+    assertTrue(methodInvocationAuthorizer.isWhitelisted(floatValue));
+    assertTrue(methodInvocationAuthorizer.isWhitelisted(longValue));
+    assertTrue(methodInvocationAuthorizer.isWhitelisted(shortValue));
   }
 
   private void testMapMethods(Class clazz) throws NoSuchMethodException {
@@ -220,12 +253,12 @@ public class MethodInvocationAuthorizerTest {
     Method getEntries = clazz.getMethod("getEntries");
     Method getValues = clazz.getMethod("getValues");
     Method containsKey = clazz.getMethod("containsKey", Object.class);
-    assertTrue(MethodInvocationAuthorizer.isWhitelisted(entrySet));
-    assertTrue(MethodInvocationAuthorizer.isWhitelisted(keySet));
-    assertTrue(MethodInvocationAuthorizer.isWhitelisted(values));
-    assertTrue(MethodInvocationAuthorizer.isWhitelisted(getEntries));
-    assertTrue(MethodInvocationAuthorizer.isWhitelisted(getValues));
-    assertTrue(MethodInvocationAuthorizer.isWhitelisted(containsKey));
+    assertTrue(methodInvocationAuthorizer.isWhitelisted(entrySet));
+    assertTrue(methodInvocationAuthorizer.isWhitelisted(keySet));
+    assertTrue(methodInvocationAuthorizer.isWhitelisted(values));
+    assertTrue(methodInvocationAuthorizer.isWhitelisted(getEntries));
+    assertTrue(methodInvocationAuthorizer.isWhitelisted(getValues));
+    assertTrue(methodInvocationAuthorizer.isWhitelisted(containsKey));
   }
 
 }
diff --git a/geode-core/src/test/java/org/apache/geode/management/internal/beans/CacheServerBridgeClientMembershipRegressionTest.java b/geode-core/src/test/java/org/apache/geode/management/internal/beans/CacheServerBridgeClientMembershipRegressionTest.java
index 232df0a..1cc73c3 100644
--- a/geode-core/src/test/java/org/apache/geode/management/internal/beans/CacheServerBridgeClientMembershipRegressionTest.java
+++ b/geode-core/src/test/java/org/apache/geode/management/internal/beans/CacheServerBridgeClientMembershipRegressionTest.java
@@ -34,6 +34,7 @@ import org.junit.experimental.categories.Category;
 import org.apache.geode.cache.CacheClosedException;
 import org.apache.geode.cache.CacheFactory;
 import org.apache.geode.cache.query.QueryService;
+import org.apache.geode.cache.query.internal.InternalQueryService;
 import org.apache.geode.internal.cache.CacheServerImpl;
 import org.apache.geode.internal.cache.InternalCache;
 import org.apache.geode.internal.cache.tier.sockets.AcceptorImpl;
@@ -75,7 +76,7 @@ public class CacheServerBridgeClientMembershipRegressionTest {
     this.acceptor = mock(AcceptorImpl.class);
     this.monitor = mock(MBeanStatsMonitor.class);
 
-    when(cache.getQueryService()).thenReturn(mock(QueryService.class));
+    when(cache.getQueryService()).thenReturn(mock(InternalQueryService.class));
     when(acceptor.getStats()).thenReturn(mock(CacheServerStats.class));
   }
 
diff --git a/geode-core/src/test/java/org/apache/geode/security/SecurityTestUtil.java b/geode-core/src/test/java/org/apache/geode/security/SecurityTestUtil.java
index 331acac..1a1e105 100644
--- a/geode-core/src/test/java/org/apache/geode/security/SecurityTestUtil.java
+++ b/geode-core/src/test/java/org/apache/geode/security/SecurityTestUtil.java
@@ -48,11 +48,6 @@ public class SecurityTestUtil {
     return cache.createClientRegionFactory(ClientRegionShortcut.PROXY).create(regionName);
   }
 
-  public static void assertNotAuthorizedMatching(
-      ThrowableAssert.ThrowingCallable shouldRaiseThrowable, String permString) {
-    assertThatThrownBy(shouldRaiseThrowable).hasMessageMatching(permString);
-  }
-
   public static void assertNotAuthorized(ThrowableAssert.ThrowingCallable shouldRaiseThrowable,
       String permString) {
     assertThatThrownBy(shouldRaiseThrowable).hasMessageContaining(permString);
diff --git a/geode-core/src/test/java/org/apache/geode/security/query/IndexSecurityDUnitTest.java b/geode-core/src/test/java/org/apache/geode/security/query/IndexSecurityDUnitTest.java
index b2ce211..ea0f920 100644
--- a/geode-core/src/test/java/org/apache/geode/security/query/IndexSecurityDUnitTest.java
+++ b/geode-core/src/test/java/org/apache/geode/security/query/IndexSecurityDUnitTest.java
@@ -14,10 +14,9 @@
  */
 package org.apache.geode.security.query;
 
-import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANAGER;
-import static org.apache.geode.security.SecurityTestUtil.createClientCache;
-import static org.apache.geode.security.SecurityTestUtil.createProxyRegion;
-import static org.junit.Assert.assertEquals;
+import static org.apache.geode.internal.Assert.assertTrue;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.fail;
 
 import java.util.Arrays;
 import java.util.List;
@@ -25,95 +24,82 @@ import java.util.List;
 import junitparams.JUnitParamsRunner;
 import junitparams.Parameters;
 import org.junit.Before;
-import org.junit.Rule;
 import org.junit.Test;
 import org.junit.experimental.categories.Category;
 import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
 
-import org.apache.geode.cache.Region;
 import org.apache.geode.cache.RegionShortcut;
-import org.apache.geode.cache.client.ClientCache;
 import org.apache.geode.cache.query.Index;
+import org.apache.geode.cache.query.IndexInvalidException;
 import org.apache.geode.cache.query.QueryService;
-import org.apache.geode.security.TestSecurityManager;
-import org.apache.geode.test.dunit.Host;
-import org.apache.geode.test.dunit.VM;
-import org.apache.geode.test.dunit.internal.JUnit4DistributedTestCase;
-import org.apache.geode.test.dunit.rules.ServerStarterRule;
+import org.apache.geode.security.query.data.QueryTestObject;
 import org.apache.geode.test.junit.categories.DistributedTest;
 import org.apache.geode.test.junit.categories.SecurityTest;
 
 @Category({DistributedTest.class, SecurityTest.class})
-@RunWith(JUnitParamsRunner.class)
+@RunWith(Parameterized.class)
 public class IndexSecurityDUnitTest extends QuerySecurityBase {
+  public RegionShortcut getRegionType() {
+    return RegionShortcut.REPLICATE;
+  }
+
+  @Parameterized.Parameters
+  public static Object[] usersAllowed() {
+    return new Object[] {"dataWriter"};
+  }
 
-  // Should be the same as the key specified for the region key specific users in the
-  // clientServer.json
-  public static final String REGION_PUT_KEY = "key";
+  @Parameterized.Parameter
+  public String user;
 
 
-  public List<String> getAllUsersOnlyAllowedWrite() {
-    return Arrays.asList(
-        "dataWriter");
+  @Before
+  public void configureSpecificUserAndKeyAndValues() {
+    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
+    createProxyRegion(specificUserClient, regionName);
+
+    keys = new Object[] {"key-0", "key-1", "key-2"};
+    values = new Object[] {new QueryTestObject(1, "Mary"), new QueryTestObject(2, "Joe"),
+        new QueryTestObject(3, "Joe")};
   }
 
   @Test
-  @Parameters(method = "getAllUsers")
-  public void indexBehaviorTest(String user) throws Exception {
-    String query = UserPermissions.SELECT_ALL_FROM_REGION;
-    String region = UserPermissions.REGION_NAME;
-
-    Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + 1, REGION_PUT_KEY + 2};
-    Object[] values = {new QuerySecurityDUnitTest.QueryTestObject(1, "Mary"), new QuerySecurityDUnitTest.QueryTestObject(2, "Joe"),
-        new QuerySecurityDUnitTest.QueryTestObject(3, "Joe")};
+  public void indexCreatedButPutWithNoReadCredentialsShouldNotThrowSecurityException()
+      throws Exception {
     QueryService queryService = server.getCache().getQueryService();
-    Index idIndex = queryService.createIndex("IdIndex", "id", "/" + UserPermissions.REGION_NAME);
-    Index errorIndex = queryService.createIndex("TEST", "methodThrowsException",
-        "/" + UserPermissions.REGION_NAME);
-
-    try {
-      putIntoRegion(superUserClient, keys, values, region);
-    } catch (Exception e) {
-      e.printStackTrace();
-    }
-
+    Index idIndex = queryService.createIndex("IdIndex", "id", "/" + regionName);
+    putIntoRegion(specificUserClient, keys, values, regionName);
   }
 
   @Test
-  @Parameters(method = "getAllUsersOnlyAllowedWrite")
-  public void indexCreatedButPutWithNoReadCredentialsShouldNotThrowSecurityException(String user) throws Exception {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    String region = UserPermissions.REGION_NAME;
-
-    Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + 1, REGION_PUT_KEY + 2};
-    Object[] values = {new QuerySecurityDUnitTest.QueryTestObject(1, "Mary"), new QuerySecurityDUnitTest.QueryTestObject(2, "Joe"),
-        new QuerySecurityDUnitTest.QueryTestObject(3, "Joe")};
+  public void indexCreatedWithRegionEntriesButPutWithNoReadCredentialsShouldNotThrowSecurityException()
+      throws Exception {
     QueryService queryService = server.getCache().getQueryService();
-    Index idIndex = queryService.createIndex("IdIndex", "id", "/" + UserPermissions.REGION_NAME);
-
-    putIntoRegion(specificUserClient, keys, values, region);
-
+    Index idIndex = queryService.createIndex("IdIndex", "e.id", "/" + regionName + ".entries e");
+    putIntoRegion(specificUserClient, keys, values, regionName);
   }
 
   @Test
-  @Parameters(method = "getAllUsersOnlyAllowedWrite")
-  public void indexCreatedWithRegionEntriesButPutWithNoReadCredentialsShouldNotThrowSecurityException(String user) throws Exception {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    String region = UserPermissions.REGION_NAME;
-
-    Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + 1, REGION_PUT_KEY + 2};
-    Object[] values = {new QuerySecurityDUnitTest.QueryTestObject(1, "Mary"), new QuerySecurityDUnitTest.QueryTestObject(2, "Joe"),
-        new QuerySecurityDUnitTest.QueryTestObject(3, "Joe")};
+  public void indexCreatedWithMethodInvocationOnPrepopulatedRegionShouldThrowSecurityException()
+      throws Exception {
     QueryService queryService = server.getCache().getQueryService();
-    Index idIndex = queryService.createIndex("IdIndex", "e.id", "/" + UserPermissions.REGION_NAME + ".entries e");
+    putIntoRegion(superUserClient, keys, values, regionName);
 
-    putIntoRegion(specificUserClient, keys, values, region);
+    try {
+      queryService.createIndex("IdIndex", "e.getName()", "/" + regionName + " e");
+      fail("Index creation should have failed due to method invocation");
+    } catch (IndexInvalidException e) {
+      assertTrue(e.getMessage().contains("Unauthorized access to method: getName"));
+    }
   }
 
-
+  @Test
+  public void indexCreatedWithMethodInvocationOnUnpopulatedRegionAndPutShouldMarkIndexInvalid()
+      throws Exception {
+    QueryService queryService = server.getCache().getQueryService();
+    Index index = queryService.createIndex("IdIndex", "e.getName()", "/" + regionName + " e");
+    putIntoRegion(superUserClient, keys, values, regionName);
+    assertFalse(index.isValid());
+  }
 
 }
diff --git a/geode-core/src/test/java/org/apache/geode/security/query/PartitionedQuerySecurityDUnitTest.java b/geode-core/src/test/java/org/apache/geode/security/query/PartitionedIndexSecurityDUnitTest.java
similarity index 90%
copy from geode-core/src/test/java/org/apache/geode/security/query/PartitionedQuerySecurityDUnitTest.java
copy to geode-core/src/test/java/org/apache/geode/security/query/PartitionedIndexSecurityDUnitTest.java
index 4d81034..593bd4e 100644
--- a/geode-core/src/test/java/org/apache/geode/security/query/PartitionedQuerySecurityDUnitTest.java
+++ b/geode-core/src/test/java/org/apache/geode/security/query/PartitionedIndexSecurityDUnitTest.java
@@ -17,14 +17,15 @@ package org.apache.geode.security.query;
 import junitparams.JUnitParamsRunner;
 import org.junit.experimental.categories.Category;
 import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
 
 import org.apache.geode.cache.RegionShortcut;
 import org.apache.geode.test.junit.categories.DistributedTest;
 import org.apache.geode.test.junit.categories.SecurityTest;
 
 @Category({DistributedTest.class, SecurityTest.class})
-@RunWith(JUnitParamsRunner.class)
-public class PartitionedQuerySecurityDUnitTest extends QuerySecurityDUnitTest {
+@RunWith(Parameterized.class)
+public class PartitionedIndexSecurityDUnitTest extends IndexSecurityDUnitTest {
   public RegionShortcut getRegionType() {
     return RegionShortcut.PARTITION;
   }
diff --git a/geode-core/src/test/java/org/apache/geode/security/query/PartitionedQuerySecurityDUnitTest.java b/geode-core/src/test/java/org/apache/geode/security/query/PartitionedQuerySecurityAllowedQueriesDUnitTest.java
similarity index 78%
copy from geode-core/src/test/java/org/apache/geode/security/query/PartitionedQuerySecurityDUnitTest.java
copy to geode-core/src/test/java/org/apache/geode/security/query/PartitionedQuerySecurityAllowedQueriesDUnitTest.java
index 4d81034..2d5b057 100644
--- a/geode-core/src/test/java/org/apache/geode/security/query/PartitionedQuerySecurityDUnitTest.java
+++ b/geode-core/src/test/java/org/apache/geode/security/query/PartitionedQuerySecurityAllowedQueriesDUnitTest.java
@@ -17,14 +17,19 @@ package org.apache.geode.security.query;
 import junitparams.JUnitParamsRunner;
 import org.junit.experimental.categories.Category;
 import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
 
 import org.apache.geode.cache.RegionShortcut;
 import org.apache.geode.test.junit.categories.DistributedTest;
 import org.apache.geode.test.junit.categories.SecurityTest;
+import org.apache.geode.test.junit.runners.CategoryWithParameterizedRunnerFactory;
 
 @Category({DistributedTest.class, SecurityTest.class})
-@RunWith(JUnitParamsRunner.class)
-public class PartitionedQuerySecurityDUnitTest extends QuerySecurityDUnitTest {
+@RunWith(Parameterized.class)
+@Parameterized.UseParametersRunnerFactory(CategoryWithParameterizedRunnerFactory.class)
+public class PartitionedQuerySecurityAllowedQueriesDUnitTest
+    extends QuerySecurityAllowedQueriesDUnitTest {
+
   public RegionShortcut getRegionType() {
     return RegionShortcut.PARTITION;
   }
diff --git a/geode-core/src/test/java/org/apache/geode/security/query/PartitionedQuerySecurityDUnitTest.java b/geode-core/src/test/java/org/apache/geode/security/query/PartitionedQuerySecurityRestrictedQueriesDUnitTest.java
similarity index 77%
copy from geode-core/src/test/java/org/apache/geode/security/query/PartitionedQuerySecurityDUnitTest.java
copy to geode-core/src/test/java/org/apache/geode/security/query/PartitionedQuerySecurityRestrictedQueriesDUnitTest.java
index 4d81034..28a01ff 100644
--- a/geode-core/src/test/java/org/apache/geode/security/query/PartitionedQuerySecurityDUnitTest.java
+++ b/geode-core/src/test/java/org/apache/geode/security/query/PartitionedQuerySecurityRestrictedQueriesDUnitTest.java
@@ -17,14 +17,19 @@ package org.apache.geode.security.query;
 import junitparams.JUnitParamsRunner;
 import org.junit.experimental.categories.Category;
 import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
 
 import org.apache.geode.cache.RegionShortcut;
 import org.apache.geode.test.junit.categories.DistributedTest;
 import org.apache.geode.test.junit.categories.SecurityTest;
+import org.apache.geode.test.junit.runners.CategoryWithParameterizedRunnerFactory;
 
 @Category({DistributedTest.class, SecurityTest.class})
-@RunWith(JUnitParamsRunner.class)
-public class PartitionedQuerySecurityDUnitTest extends QuerySecurityDUnitTest {
+@RunWith(Parameterized.class)
+@Parameterized.UseParametersRunnerFactory(CategoryWithParameterizedRunnerFactory.class)
+public class PartitionedQuerySecurityRestrictedQueriesDUnitTest
+    extends QuerySecurityRestrictedQueriesDUnitTest {
+
   public RegionShortcut getRegionType() {
     return RegionShortcut.PARTITION;
   }
diff --git a/geode-core/src/test/java/org/apache/geode/security/query/PdxPartitionedQuerySecurityDUnitTest.java b/geode-core/src/test/java/org/apache/geode/security/query/PdxPartitionedQuerySecurityAllowedQueriesDUnitTest.java
similarity index 86%
rename from geode-core/src/test/java/org/apache/geode/security/query/PdxPartitionedQuerySecurityDUnitTest.java
rename to geode-core/src/test/java/org/apache/geode/security/query/PdxPartitionedQuerySecurityAllowedQueriesDUnitTest.java
index 856ff5a..b9d0fda 100644
--- a/geode-core/src/test/java/org/apache/geode/security/query/PdxPartitionedQuerySecurityDUnitTest.java
+++ b/geode-core/src/test/java/org/apache/geode/security/query/PdxPartitionedQuerySecurityAllowedQueriesDUnitTest.java
@@ -14,17 +14,18 @@
  */
 package org.apache.geode.security.query;
 
-import junitparams.JUnitParamsRunner;
 import org.junit.experimental.categories.Category;
 import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
 
 import org.apache.geode.cache.RegionShortcut;
 import org.apache.geode.test.junit.categories.DistributedTest;
 import org.apache.geode.test.junit.categories.SecurityTest;
 
 @Category({DistributedTest.class, SecurityTest.class})
-@RunWith(JUnitParamsRunner.class)
-public class PdxPartitionedQuerySecurityDUnitTest extends PdxQuerySecurityDUnitTest {
+@RunWith(Parameterized.class)
+public class PdxPartitionedQuerySecurityAllowedQueriesDUnitTest
+    extends PdxQuerySecurityAllowedQueriesDUnitTest {
   public RegionShortcut getRegionType() {
     return RegionShortcut.PARTITION;
   }
diff --git a/geode-core/src/test/java/org/apache/geode/security/query/PdxQuerySecurityAllowedQueriesDUnitTest.java b/geode-core/src/test/java/org/apache/geode/security/query/PdxQuerySecurityAllowedQueriesDUnitTest.java
new file mode 100644
index 0000000..e25f6cf
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/security/query/PdxQuerySecurityAllowedQueriesDUnitTest.java
@@ -0,0 +1,74 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.geode.security.query;
+
+import java.io.Serializable;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+
+import junitparams.Parameters;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
+
+import org.apache.geode.pdx.PdxReader;
+import org.apache.geode.pdx.PdxSerializable;
+import org.apache.geode.pdx.PdxWriter;
+import org.apache.geode.security.query.data.PdxQueryTestObject;
+import org.apache.geode.test.junit.categories.DistributedTest;
+import org.apache.geode.test.junit.categories.SecurityTest;
+
+@Category({DistributedTest.class, SecurityTest.class})
+@RunWith(Parameterized.class)
+public class PdxQuerySecurityAllowedQueriesDUnitTest extends QuerySecurityBase {
+  @Parameterized.Parameters
+  public static Object[] usersAllowed() {
+    return new Object[] {"dataReader", "dataReaderRegion", "clusterManagerDataReader",
+        "clusterManagerDataReaderRegion", "super-user"};
+  }
+
+  @Parameterized.Parameter
+  public String user;
+
+  @Before
+  public void configureSpecificClientAndKeyAndValues() {
+    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
+    createProxyRegion(specificUserClient, regionName);
+
+    keys = new Object[] {"key-0", "key-1"};
+    values = new Object[] {new PdxQueryTestObject(0, "John"), new PdxQueryTestObject(3, "Beth")};
+    putIntoRegion(superUserClient, keys, values, regionName);
+  }
+
+  @Test
+  public void checkUserAuthorizationsForSelectOnPublicFieldQuery() {
+    String query = "select * from /" + regionName + " r where r.id = 3";
+    List<Object> expectedResults = Arrays.asList(values[1]);
+    executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+        expectedResults);
+  }
+
+  @Test
+  public void checkUserAuthorizationsForSelectWithPdxFieldNamedGetQuery() {
+    server.getCache().setReadSerialized(true);
+    String query = "select * from /" + regionName + " r where r.getName = 'Beth'";
+    List<Object> expectedResults = Arrays.asList(values[1]);
+    executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+        expectedResults);
+  }
+}
diff --git a/geode-core/src/test/java/org/apache/geode/security/query/PdxQuerySecurityDUnitTest.java b/geode-core/src/test/java/org/apache/geode/security/query/PdxQuerySecurityDUnitTest.java
deleted file mode 100644
index 80a10ff..0000000
--- a/geode-core/src/test/java/org/apache/geode/security/query/PdxQuerySecurityDUnitTest.java
+++ /dev/null
@@ -1,125 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
- * agreements. See the NOTICE file distributed with this work for additional information regarding
- * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance with the License. You may obtain a
- * copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software distributed under the License
- * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
- * or implied. See the License for the specific language governing permissions and limitations under
- * the License.
- */
-package org.apache.geode.security.query;
-
-import java.io.Serializable;
-import java.util.ArrayList;
-import java.util.List;
-
-import junitparams.JUnitParamsRunner;
-import junitparams.Parameters;
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-import org.junit.runner.RunWith;
-
-import org.apache.geode.pdx.PdxReader;
-import org.apache.geode.pdx.PdxSerializable;
-import org.apache.geode.pdx.PdxWriter;
-import org.apache.geode.test.junit.categories.DistributedTest;
-import org.apache.geode.test.junit.categories.SecurityTest;
-
-@Category({DistributedTest.class, SecurityTest.class})
-@RunWith(JUnitParamsRunner.class)
-public class PdxQuerySecurityDUnitTest extends QuerySecurityBase {
-
-  // Should be the same as the key specified for the region key specific users in the
-  // clientServer.json
-  public static final String REGION_PUT_KEY = "key";
-
-
-  @Test
-  @Parameters(method = "getAllUsers")
-  public void checkUserAuthorizationsForSelectOnPublicFieldQuery(String user) {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    String query = UserPermissions.SELECT_FROM_REGION_BY_PUBLIC_FIELD;
-    String region = UserPermissions.REGION_NAME;
-
-    Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
-    Object[] values = {new PdxQueryTestObject(0, "John"), new PdxQueryTestObject(3, "Beth")};
-    putIntoRegion(superUserClient, keys, values, region);
-
-    List<Object> expectedResults = new ArrayList<>();
-    executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, region, expectedResults);
-  }
-
-  @Test
-  @Parameters(method = "getAllUsers")
-  public void checkUserAuthorizationsForSelectWithPdxFieldNoExistingPublicFieldQuery(String user) {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    String query = UserPermissions.SELECT_FROM_REGION_BY_IMPLICIT_GETTER;
-    String region = UserPermissions.REGION_NAME;
-
-    Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
-    Object[] values = {new PdxQueryTestObject(0, "John"), new PdxQueryTestObject(3, "Beth")};
-    putIntoRegion(superUserClient, keys, values, region);
-
-    List<Object> expectedResults = new ArrayList<>();
-    executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, region, expectedResults);
-  }
-
-  @Test
-  @Parameters(method = "getAllUsers")
-  public void checkUserAuthorizationsForSelectWhenInvokingMethodOnPdxObjectQuery(String user) {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    String query = UserPermissions.SELECT_DEPLOYED_METHOD_FROM_REGION;
-    String region = UserPermissions.REGION_NAME;
-
-    Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
-    Object[] values = {new PdxQueryTestObject(0, "John"), new PdxQueryTestObject(3, "Beth")};
-    putIntoRegion(superUserClient, keys, values, region);
-
-    List<Object> expectedResults = new ArrayList<>();
-    executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, region, expectedResults);
-  }
-
-  public static class PdxQueryTestObject implements PdxSerializable , Serializable /*just to pass around in test code*/ {
-    public int id = -1;
-    private String name;
-
-    private boolean shouldThrowException = true;
-
-    public PdxQueryTestObject(int id, String name) {
-      this.id = id;
-      this.name = name;
-    }
-
-    public String getName() {
-      return name;
-    }
-
-    @Override
-    public String toString() {
-      return "Test_Object";
-    }
-
-    @Override
-    public void toData(PdxWriter writer) {
-      writer.writeInt("id", id);
-      writer.writeString("getName", name);
-    }
-
-    @Override
-    public void fromData(PdxReader reader) {
-      id = reader.readInt("id");
-      name = reader.readString("getName");
-    }
-  }
-}
diff --git a/geode-core/src/test/java/org/apache/geode/security/query/PdxQuerySecurityRestrictedQueriesDUnitTest.java b/geode-core/src/test/java/org/apache/geode/security/query/PdxQuerySecurityRestrictedQueriesDUnitTest.java
new file mode 100644
index 0000000..f7e0258
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/security/query/PdxQuerySecurityRestrictedQueriesDUnitTest.java
@@ -0,0 +1,80 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.geode.security.query;
+
+import java.io.Serializable;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+
+import junitparams.Parameters;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
+
+import org.apache.geode.pdx.PdxReader;
+import org.apache.geode.pdx.PdxSerializable;
+import org.apache.geode.pdx.PdxWriter;
+import org.apache.geode.security.query.data.PdxQueryTestObject;
+import org.apache.geode.test.junit.categories.DistributedTest;
+import org.apache.geode.test.junit.categories.SecurityTest;
+
+@Category({DistributedTest.class, SecurityTest.class})
+@RunWith(Parameterized.class)
+public class PdxQuerySecurityRestrictedQueriesDUnitTest extends QuerySecurityBase {
+  @Parameterized.Parameters
+  public static Object[] usersAllowed() {
+    return new Object[] {"dataReader", "dataReaderRegion", "clusterManagerDataReader",
+        "clusterManagerDataReaderRegion", "super-user"};
+  }
+
+  @Parameterized.Parameter
+  public String user;
+
+  private String regexForExpectedExceptions = ".*Unauthorized access.*";
+
+  @Before
+  public void configureCache() {
+    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
+    createProxyRegion(specificUserClient, regionName);
+
+    keys = new Object[] {"key-0", "key-1"};
+    values = new Object[] {new PdxQueryTestObject(0, "John"), new PdxQueryTestObject(3, "Beth")};
+    putIntoRegion(superUserClient, keys, values, regionName);
+  }
+
+  @Test
+  public void selectWhenInvokingMethodOnPdxObjectQueryShouldBeRestricted() {
+    String query = "select r.getClass from /" + regionName + " r";
+    executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+        regexForExpectedExceptions);
+  }
+
+  @Test
+  public void invokingMethodOnPdxObjectShouldBeRestricted() {
+    String query = "select r.getAge from /" + regionName + " r";
+    executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+        regexForExpectedExceptions);
+  }
+
+  @Test
+  public void selectWithPdxFieldNoExistingPublicFieldQueryShouldBeRestricted() {
+    String query = "select * from /" + regionName + " r where r.name = 'Beth'";
+    executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+        regexForExpectedExceptions);
+  }
+}
diff --git a/geode-core/src/test/java/org/apache/geode/security/query/QuerySecurityAllowedQueriesDUnitTest.java b/geode-core/src/test/java/org/apache/geode/security/query/QuerySecurityAllowedQueriesDUnitTest.java
new file mode 100644
index 0000000..318086e
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/security/query/QuerySecurityAllowedQueriesDUnitTest.java
@@ -0,0 +1,255 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.geode.security.query;
+
+import java.util.Arrays;
+import java.util.List;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
+
+import org.apache.geode.security.query.data.QueryTestObject;
+import org.apache.geode.test.junit.categories.DistributedTest;
+import org.apache.geode.test.junit.categories.SecurityTest;
+import org.apache.geode.test.junit.runners.CategoryWithParameterizedRunnerFactory;
+
+@Category({DistributedTest.class, SecurityTest.class})
+@RunWith(Parameterized.class)
+@Parameterized.UseParametersRunnerFactory(CategoryWithParameterizedRunnerFactory.class)
+public class QuerySecurityAllowedQueriesDUnitTest extends QuerySecurityBase {
+
+  @Parameterized.Parameters
+  public static Object[] usersAllowed() {
+    return new Object[] {"dataReader", "dataReaderRegion", "clusterManagerDataReader",
+        "clusterManagerDataReaderRegion", "super-user"};
+  }
+
+  @Parameterized.Parameter
+  public String user;
+
+  @Before
+  public void configureCache() {
+    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
+    createProxyRegion(specificUserClient, regionName);
+
+    keys = new Object[] {"key-0", "key-1"};
+    values = new Object[] {new QueryTestObject(1, "John"), new QueryTestObject(3, "Beth")};
+    putIntoRegion(superUserClient, keys, values, regionName);
+  }
+
+
+  @Test
+  public void checkUserAuthorizationsForSelectAllQuery() {
+    String query = "select * from /" + regionName;
+    List<Object> expectedResults = Arrays.asList(values);
+    executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+        expectedResults);
+  }
+
+  /* ----- Public Field Tests ----- */
+  @Test
+  public void checkUserAuthorizationsForSelectByPublicFieldQuery() {
+    String query = "select * from /" + regionName + " r where r.id = 1";
+    List<Object> expectedResults = Arrays.asList(values[0]);
+    executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+        expectedResults);
+  }
+
+  @Test
+  public void checkUserAuthorizationsForSelectPublicFieldQuery() {
+    String query = "select r.id from /" + regionName + " r";
+    List<Object> expectedResults = Arrays.asList(1, 3);
+    executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+        expectedResults);
+  }
+
+  @Test
+  public void checkUserAuthorizationsForSelectCountOfPublicFieldQuery() {
+    String query = "select count(r.id) from /" + regionName + " r";
+    List<Object> expectedResults = Arrays.asList(2);
+    executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+        expectedResults);
+  }
+
+  @Test
+  public void checkUserAuthorizationsForSelectMaxOfPublicFieldQuery() {
+    String query = "select max(r.id) from /" + regionName + " r";
+    List<Object> expectedResults = Arrays.asList(3);
+    executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+        expectedResults);
+  }
+
+  @Test
+  public void checkUserAuthorizationsForSelectMinOfPublicFieldQuery() {
+    String query = "select min(r.id) from /" + regionName + " r";
+    List<Object> expectedResults = Arrays.asList(1);
+    executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+        expectedResults);
+  }
+
+  @Test
+  public void checkUserAuthorizationsForSelectPublicFieldFromRegionByPublicFieldFromRegionQuery() {
+    String query = "select * from /" + regionName + " r1 where r1.id in (select r2.id from /"
+        + regionName + " r2)";
+    List<Object> expectedResults = Arrays.asList(values);
+    executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+        expectedResults);
+  }
+
+  @Test
+  public void checkUserAuthorizationsForSelectRegionContainsKeyQuery() {
+    String query = "select * from /" + regionName + ".containsKey('" + keys[0] + "')";
+    List<Object> expectedResults = Arrays.asList(true);
+    executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+        expectedResults);
+  }
+
+  @Test
+  public void checkUserAuthorizationsForSelectValuesQuery() {
+    String query = "select * from /" + regionName + ".values";
+    List<Object> expectedResults = Arrays.asList(values);
+    executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+        expectedResults);
+  }
+
+  @Test
+  public void checkUserAuthorizationsForSelectKeySetQuery() {
+    String query = "select * from /" + regionName + ".keySet";
+    List<Object> expectedResults = Arrays.asList(keys);
+    executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+        expectedResults);
+  }
+
+  @Test
+  public void checkUserAuthorizationsForSelectEntriesQuery() {
+    String query = "select e.getKey from /" + regionName + ".entries e";
+    List<Object> expectedResults = Arrays.asList(keys);
+    executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+        expectedResults);
+  }
+
+  @Test
+  public void checkUserAuthorizationsForSelectKeyFromEntrySetQuery() {
+    String query = "select e.key from /" + regionName + ".entrySet e";
+    List<Object> expectedResults = Arrays.asList(keys);
+    executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+        expectedResults);
+  }
+
+  @Test
+  public void checkUserAuthorizationsForSelectGetKeyFromEntrySetQuery() {
+    String query = "select e.getKey from /" + regionName + ".entrySet e";
+    List<Object> expectedResults = Arrays.asList(keys);
+    executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+        expectedResults);
+  }
+
+  @Test
+  public void checkUserAuthorizationsForSelectValueFromEntrySetQuery() {
+    String query = "select e.value from /" + regionName + ".entrySet e";
+    executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+        Arrays.asList(values));
+  }
+
+  @Test
+  public void checkUserAuthorizationsForSelectGetValueFromEntrySetQuery() {
+    String query = "select e.getValue from /" + regionName + ".entrySet e";
+    executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+        Arrays.asList(values));
+  }
+
+  @Test
+  public void checkUserAuthorizationsForSelectByToStringQuery() {
+    String query = "select * from /" + regionName + " r where r.toString = 'Test_Object'";
+    executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+        Arrays.asList(values));
+  }
+
+  @Test
+  public void checkUserAuthorizationsForSelectToStringQuery() {
+    String query = "select r.toString() from /" + regionName + " r";
+    List<Object> expectedResults = Arrays.asList("Test_Object", "Test_Object");
+    executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+        expectedResults);
+  }
+
+  @Test
+  public void checkUserAuthorizationsForSelectByToStringToUpperCaseQuery() {
+    String query =
+        "select * from /" + regionName + " r where r.toString().toUpperCase = 'TEST_OBJECT'";
+    executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+        Arrays.asList(values));
+  }
+
+  @Test
+  public void checkUserAuthorizationsForSelectByToStringToLowerCaseQuery() {
+    String query =
+        "select * from /" + regionName + " r where r.toString().toLowerCase = 'test_object'";
+    executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+        Arrays.asList(values));
+  }
+
+  @Test
+  public void checkUserAuthorizationsForSelectIntValueQuery() {
+    String query = "select r.id.intValue() from /" + regionName + " r";
+    List<Object> expectedResults = Arrays.asList(1, 3);
+    executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+        expectedResults);
+  }
+
+  @Test
+  public void checkUserAuthorizationsForSelectLongValueQuery() {
+    String query = "select r.id.longValue() from /" + regionName + " r";
+    List<Object> expectedResults = Arrays.asList(1L, 3L);
+    executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+        expectedResults);
+  }
+
+  @Test
+  public void checkUserAuthorizationsForSelectDoubleValueQuery() {
+    String query = "select r.id.doubleValue() from /" + regionName + " r";
+    List<Object> expectedResults = Arrays.asList(1d, 3d);
+    executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+        expectedResults);
+  }
+
+  @Test
+  public void checkUserAuthorizationsForSelectShortValueQuery() {
+    String query = "select r.id.shortValue() from /" + regionName + " r";
+    List<Object> expectedResults = Arrays.asList((short) 1, (short) 3);
+    executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+        expectedResults);
+  }
+
+  @Test
+  public void checkUserAuthorizationsForSelectToDateQuery() {
+    String query =
+        "SELECT * FROM /" + regionName + " where dateField = to_date('08/08/2018', 'MM/dd/yyyy')";
+
+    QueryTestObject obj1 = new QueryTestObject(0, "John");
+    obj1.setDateField("08/08/2018");
+    QueryTestObject obj2 = new QueryTestObject(3, "Beth");
+    obj2.setDateField("08/08/2018");
+    Object[] values = {obj1, obj2};
+    putIntoRegion(superUserClient, keys, values, regionName);
+
+    executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+        Arrays.asList(values));
+  }
+
+}
diff --git a/geode-core/src/test/java/org/apache/geode/security/query/QuerySecurityAuthorizedUserBindParameterDUnitTest.java b/geode-core/src/test/java/org/apache/geode/security/query/QuerySecurityAuthorizedUserBindParameterDUnitTest.java
new file mode 100644
index 0000000..493fb73
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/security/query/QuerySecurityAuthorizedUserBindParameterDUnitTest.java
@@ -0,0 +1,53 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.geode.security.query;
+
+import java.util.Arrays;
+import java.util.HashSet;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+import org.apache.geode.cache.Region;
+import org.apache.geode.security.query.data.QueryTestObject;
+import org.apache.geode.test.junit.categories.DistributedTest;
+import org.apache.geode.test.junit.categories.SecurityTest;
+
+@Category({DistributedTest.class, SecurityTest.class})
+public class QuerySecurityAuthorizedUserBindParameterDUnitTest extends QuerySecurityBase {
+
+  @Before
+  public void configureCache() {
+    String user = "dataReaderRegion";
+    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
+    createProxyRegion(specificUserClient, regionName);
+
+    keys = new Object[] {"key-0", "key-1"};
+    values = new Object[] {new QueryTestObject(1, "John"), new QueryTestObject(3, "Beth")};
+    putIntoRegion(superUserClient, keys, values, regionName);
+  }
+
+  @Test
+  public void userWithRegionAccessAndPassingInWrappedBindParameterShouldReturnCorrectResults() {
+    String query = "select v from $1 r, r.values() v";
+    specificUserClient.invoke(() -> {
+      Region region = getClientCache().getRegion(regionName);
+      HashSet hashset = new HashSet();
+      hashset.add(region);
+      assertQueryResults(getClientCache(), query, new Object[] {hashset}, Arrays.asList(values));
+    });
+  }
+}
diff --git a/geode-core/src/test/java/org/apache/geode/security/query/QuerySecurityBase.java b/geode-core/src/test/java/org/apache/geode/security/query/QuerySecurityBase.java
index d412111..1e1815e 100644
--- a/geode-core/src/test/java/org/apache/geode/security/query/QuerySecurityBase.java
+++ b/geode-core/src/test/java/org/apache/geode/security/query/QuerySecurityBase.java
@@ -1,3 +1,17 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
 package org.apache.geode.security.query;
 
 import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANAGER;
@@ -21,6 +35,7 @@ import org.apache.geode.cache.client.Pool;
 import org.apache.geode.cache.client.PoolManager;
 import org.apache.geode.cache.query.FunctionDomainException;
 import org.apache.geode.cache.query.NameResolutionException;
+import org.apache.geode.cache.query.Query;
 import org.apache.geode.cache.query.QueryInvocationTargetException;
 import org.apache.geode.cache.query.QueryService;
 import org.apache.geode.cache.query.TypeMismatchException;
@@ -29,56 +44,41 @@ import org.apache.geode.security.TestSecurityManager;
 import org.apache.geode.test.dunit.Host;
 import org.apache.geode.test.dunit.VM;
 import org.apache.geode.test.dunit.internal.JUnit4DistributedTestCase;
-import org.apache.geode.test.dunit.rules.ServerStarterRule;
+import org.apache.geode.test.junit.rules.ServerStarterRule;
 
 public class QuerySecurityBase extends JUnit4DistributedTestCase {
 
+  public RegionShortcut getRegionType() {
+    return RegionShortcut.REPLICATE;
+  }
+
+  protected String regionName = "region";
+  protected Object[] keys;
+  protected Object[] values;
+
   @Rule
   public ServerStarterRule server =
       new ServerStarterRule().withProperty(SECURITY_MANAGER, TestSecurityManager.class.getName())
           .withProperty(TestSecurityManager.SECURITY_JSON,
               "org/apache/geode/management/internal/security/clientServer.json")
-          .withRegion(getRegionType(), UserPermissions.REGION_NAME);
+          .withRegion(getRegionType(), regionName);
 
-  //Varibles used to store caches between invoke methods
+  // Varibles used to store caches between invoke methods
   private static ClientCache clientCache;
 
-  protected static transient UserPermissions userPerms;
+  protected transient UserPermissions userPerms = new UserPermissions();
 
-  protected  Host host;
+  protected Host host;
   protected VM superUserClient;
-  protected  VM specificUserClient;
+  protected VM specificUserClient;
 
-
-  protected UserPermissions configurePermissions() {
-    return new UserPermissions("DATA:READ");
-  }
-
-  public RegionShortcut getRegionType() {
-    return RegionShortcut.REPLICATE;
-  }
-
-  public List<String> getAllUsers() {
-    return userPerms.getAllUsers();
-  }
-
-  public List<String> getAllUsersWhoCanExecuteQuery() {
-    return Arrays.asList("dataReader", "dataReaderRegion", "clusterManagerDataReader",
-        "clusterManagerDataReaderRegion", "super-user");
-  }
-
-  public List<String> getAllUsersWhoCannotExecuteQuery() {
-    return Arrays.asList("stranger", "dataReaderRegionKey",
-        "clusterManager", "clusterManagerQuery", "clusterManagerDataReaderRegionKey");
-  }
   @Before
-  public void setup() {
+  public void configureTest() {
     host = Host.getHost(0);
     superUserClient = host.getVM(1);
     specificUserClient = host.getVM(2);
-    userPerms = configurePermissions();
     createClientCache(superUserClient, "super-user", userPerms.getUserPassword("super-user"));
-    createProxyRegion(superUserClient, UserPermissions.REGION_NAME);
+    createProxyRegion(superUserClient, regionName);
   }
 
   public void setClientCache(ClientCache cache) {
@@ -91,8 +91,7 @@ public class QuerySecurityBase extends JUnit4DistributedTestCase {
 
   public void createClientCache(VM vm, String userName, String password) {
     vm.invoke(() -> {
-      ClientCache cache = SecurityTestUtil.createClientCache(userName, password,
-          server.getPort());
+      ClientCache cache = SecurityTestUtil.createClientCache(userName, password, server.getPort());
       setClientCache(cache);
     });
   }
@@ -118,7 +117,6 @@ public class QuerySecurityBase extends JUnit4DistributedTestCase {
   }
 
   protected void assertExceptionOccurred(QueryService qs, String query, String authErrorRegexp) {
-    System.out.println("Execution exception should match:" + authErrorRegexp);
     try {
       qs.newQuery(query).execute();
     } catch (Exception e) {
@@ -136,7 +134,8 @@ public class QuerySecurityBase extends JUnit4DistributedTestCase {
     }
   }
 
-  protected void assertExceptionOccurred(QueryService qs, String query, Object[] bindParams, String authErrorRegexp) {
+  protected void assertExceptionOccurred(QueryService qs, String query, Object[] bindParams,
+      String authErrorRegexp) {
     System.out.println("Execution exception should match:" + authErrorRegexp);
     try {
       qs.newQuery(query).execute(bindParams);
@@ -156,66 +155,68 @@ public class QuerySecurityBase extends JUnit4DistributedTestCase {
     }
   }
 
+  protected void assertQueryResults(ClientCache clientCache, String query,
+      List<Object> expectedResults) throws FunctionDomainException, TypeMismatchException,
+      NameResolutionException, QueryInvocationTargetException {
+    assertQueryResults(clientCache, query, null, expectedResults);
+  }
 
-  public void executeAndConfirmQueryResults(VM vm, String query,
-                                            List<Object> expectedResults) throws Exception {
-    vm.invoke(()-> {
-      assertQueryResults(getClientCache(), query, expectedResults);
+  protected void assertQueryResults(ClientCache clientCache, String queryString,
+      Object[] bindParameters, List<Object> expectedResults) throws FunctionDomainException,
+      TypeMismatchException, NameResolutionException, QueryInvocationTargetException {
+    Query query = clientCache.getQueryService().newQuery(queryString);
+    Collection results;
+    if (bindParameters == null) {
+      results = (Collection) query.execute();
+    } else {
+      results = (Collection) query.execute(bindParameters);
+    }
+    assertNotNull(results);
+    assertEquals("Query results size did not match expected for " + query, expectedResults.size(),
+        results.size());
+
+    results.forEach((i) -> {
+      assertTrue("Result:" + i + " was not found in the expectedResults",
+          expectedResults.contains(i));
     });
   }
 
-  private void assertQueryResults(ClientCache clientCache, String query, List<Object> expectedResults)
-      throws FunctionDomainException, TypeMismatchException, NameResolutionException,
-      QueryInvocationTargetException {
-    Collection
-        results =
-        (Collection) clientCache.getQueryService().newQuery(query).execute();
-    assertNotNull("Query results were null when they should have been " + expectedResults + ".",
-        results);
-    assertEquals(
-        "The number of expected results does not match the number of results obtained from the query."
-            + query, expectedResults.size(), results.size());
-    assertTrue("The query returned results that were not in the expected result list.",
-        expectedResults.containsAll(results));
+  public void executeAndConfirmRegionMatches(VM vm, String regionName,
+      List<Object> expectedRegionResults) throws Exception {
+    vm.invoke(() -> {
+      assertQueryResults(getClientCache(), "select * from /" + regionName, expectedRegionResults);
+    });
   }
 
-  public  void assertRegionMatches(VM vm, String regionName, List<Object> expectedRegionResults) throws Exception {
-    executeAndConfirmQueryResults(vm,"select * from /" + regionName, expectedRegionResults);
+  protected void putIntoRegion(VM vm, Object[] keys, Object[] values, String regionName) {
+    vm.invoke(() -> {
+      Region region = getClientCache().getRegion(regionName);
+      assertEquals(
+          "Bad region put. The list of keys does not have the same length as the list of values.",
+          keys.length, values.length);
+      for (int i = 0; i < keys.length; i++) {
+        region.put(keys[i], values[i]);
+      }
+    });
   }
 
-  public void executeQueryWithCheckForAccessPermissions(VM vm, String query, String user, String regionName, List<Object> expectedSuccessfulQueryResults) {
-    List<String> possibleAuthorizationErrors = userPerms.getMissingUserAuthorizationsForQuery(user, query);
-    String regexForExpectedExceptions = userPerms.regexForExpectedException(possibleAuthorizationErrors);
-    executeQueryWithCheckForAccessPermissions(vm, query, user, possibleAuthorizationErrors, regexForExpectedExceptions, regionName, expectedSuccessfulQueryResults);
-}
-
-
-  private void executeQueryWithCheckForAccessPermissions(VM vm, String query, String user, List<String> possibleAuthorizationErrors, String regexForExpectedExceptions,
-                                                        String regionName, List<Object> expectedSuccessfulQueryResults) {
-
+  protected void executeQueryWithCheckForAccessPermissions(VM vm, String query, String regionName,
+      List<Object> expectedSuccessfulQueryResults) {
     vm.invoke(() -> {
       Region region = getClientCache().getRegion(regionName);
-      if (possibleAuthorizationErrors.isEmpty()) {
-        assertQueryResults(getClientCache(), query, expectedSuccessfulQueryResults);
-      } else {
-        String authErrorRegexp = regexForExpectedExceptions;
-        assertExceptionOccurred(getClientCache().getQueryService(), query, authErrorRegexp);
-        Pool pool = PoolManager.find(region);
-        assertExceptionOccurred(pool.getQueryService(), query, authErrorRegexp);
-      }
+      assertQueryResults(getClientCache(), query, expectedSuccessfulQueryResults);
     });
   }
 
-  protected void putIntoRegion(VM vm, Object[] keys, Object[] values,
-                                          String regionName) {
+
+  protected void executeQueryWithCheckForAccessPermissions(VM vm, String query, String regionName,
+      String regexForExpectedExceptions) {
     vm.invoke(() -> {
       Region region = getClientCache().getRegion(regionName);
-        assertEquals(
-            "Bad region put. The list of keys does not have the same length as the list of values.",
-            keys.length, values.length);
-        for (int i = 0; i < keys.length; i++) {
-          region.put(keys[i], values[i]);
-        }
+      assertExceptionOccurred(getClientCache().getQueryService(), query,
+          regexForExpectedExceptions);
+      Pool pool = PoolManager.find(region);
+      assertExceptionOccurred(pool.getQueryService(), query, regexForExpectedExceptions);
     });
   }
 }
diff --git a/geode-core/src/test/java/org/apache/geode/security/query/QuerySecurityDUnitTest.java b/geode-core/src/test/java/org/apache/geode/security/query/QuerySecurityDUnitTest.java
deleted file mode 100644
index 366571b..0000000
--- a/geode-core/src/test/java/org/apache/geode/security/query/QuerySecurityDUnitTest.java
+++ /dev/null
@@ -1,1525 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
- * agreements. See the NOTICE file distributed with this work for additional information regarding
- * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance with the License. You may obtain a
- * copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software distributed under the License
- * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
- * or implied. See the License for the specific language governing permissions and limitations under
- * the License.
- */
-package org.apache.geode.security.query;
-
-import static org.junit.Assert.fail;
-
-import java.io.Serializable;
-import java.text.ParseException;
-import java.text.SimpleDateFormat;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.Date;
-import java.util.HashSet;
-import java.util.List;
-
-import junitparams.JUnitParamsRunner;
-import junitparams.Parameters;
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-import org.junit.runner.RunWith;
-
-import org.apache.geode.cache.Region;
-import org.apache.geode.cache.RegionDestroyedException;
-import org.apache.geode.cache.query.QueryService;
-import org.apache.geode.cache.query.internal.index.DummyQRegion;
-import org.apache.geode.test.junit.categories.DistributedTest;
-import org.apache.geode.test.junit.categories.SecurityTest;
-
-@Category({DistributedTest.class, SecurityTest.class})
-@RunWith(JUnitParamsRunner.class)
-public class QuerySecurityDUnitTest extends QuerySecurityBase {
-
-
-  public static final String REGION_PUT_KEY = "key";
-
-  @Test
-  @Parameters(method = "getAllUsers")
-  public void checkUserAuthorizationsForSelectAllQuery(String user) {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    String query = UserPermissions.SELECT_ALL_FROM_REGION;
-    String regionName = UserPermissions.REGION_NAME;
-
-    Object[] keys = {REGION_PUT_KEY};
-    Object[] values = {new QueryTestObject(1, "Mary")};
-    putIntoRegion(superUserClient, keys, values, regionName);
-
-    List<Object> expectedResults = Arrays.asList(values);
-    executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
-  }
-
-  /* ----- Public Field Tests ----- */
-  @Test
-  @Parameters(method = "getAllUsers")
-  public void checkUserAuthorizationsForSelectByPublicFieldQuery(String user) {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    String query = UserPermissions.SELECT_FROM_REGION_BY_PUBLIC_FIELD;
-    String regionName = UserPermissions.REGION_NAME;
-
-    Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
-    Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(2, "Beth")};
-    putIntoRegion(superUserClient, keys, values, regionName);
-
-    List<Object> expectedResults = Arrays.asList(values[0]);
-    executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
-  }
-
-  @Test
-  @Parameters(method = "getAllUsers")
-  public void checkUserAuthorizationsForSelectPublicFieldQuery(String user) {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    String query = UserPermissions.SELECT_PUBLIC_FIELD_FROM_REGION;
-    String regionName = UserPermissions.REGION_NAME;
-
-    Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
-    Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(2, "Beth")};
-    putIntoRegion(superUserClient, keys, values, regionName);
-
-    List<Object> expectedResults = Arrays.asList(1, 2);
-    executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
-  }
-
-  @Test
-  @Parameters(method = "getAllUsers")
-  public void checkUserAuthorizationsForSelectCountOfPublicFieldQuery(String user) {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    String query = UserPermissions.SELECT_COUNT_OF_PUBLIC_FIELD_FROM_REGION;
-    String regionName = UserPermissions.REGION_NAME;
-
-    Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
-    Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(3, "Beth")};
-    putIntoRegion(superUserClient, keys, values, regionName);
-
-    List<Object> expectedResults = Arrays.asList(2);
-    executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
-  }
-
-  @Test
-  @Parameters(method = "getAllUsers")
-  public void checkUserAuthorizationsForSelectMaxOfPublicFieldQuery(String user) {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    String query = UserPermissions.SELECT_MAX_OF_PUBLIC_FIELD_FROM_REGION;
-    String regionName = UserPermissions.REGION_NAME;
-
-    Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
-    Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(3, "Beth")};
-    putIntoRegion(superUserClient, keys, values, regionName);
-
-    List<Object> expectedResults = Arrays.asList(3);
-    executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
-  }
-
-  @Test
-  @Parameters(method = "getAllUsers")
-  public void checkUserAuthorizationsForSelectMinOfPublicFieldQuery(String user) {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    String query = UserPermissions.SELECT_MIN_OF_PUBLIC_FIELD_FROM_REGION;
-    String regionName = UserPermissions.REGION_NAME;
-
-    Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
-    Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
-    putIntoRegion(superUserClient, keys, values, regionName);
-
-    List<Object> expectedResults = Arrays.asList(0);
-    executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
-  }
-
-  @Test
-  @Parameters(method = "getAllUsers")
-  public void checkUserAuthorizationsForSelectPublicFieldFromRegionByPublicFieldFromRegionQuery(
-      String user) {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    String query = UserPermissions.SELECT_FROM_REGION_WHERE_PUBLIC_FIELD_IN_REGION_PUBLIC_FIELDS;
-    String regionName = UserPermissions.REGION_NAME;
-
-    Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
-    Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
-    putIntoRegion(superUserClient, keys, values, regionName);
-
-    List<Object> expectedResults = Arrays.asList(values);
-    executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
-  }
-  /* ----- Public Field Tests ----- */
-
-  /* ----- Implicit Getter Tests ----- */
-  @Test
-  @Parameters(method = "getAllUsers")
-  public void checkUserAuthorizationsForSelectByImplicitGetterQuery(String user) {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    String query = UserPermissions.SELECT_FROM_REGION_BY_IMPLICIT_GETTER;
-    String regionName = UserPermissions.REGION_NAME;
-
-    Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
-    Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(2, "Beth")};
-    putIntoRegion(superUserClient, keys, values, regionName);
-
-    List<Object> expectedResults = Arrays.asList(values[1]);
-    executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
-  }
-
-  @Test
-  @Parameters(method = "getAllUsers")
-  public void checkUserAuthorizationsForSelectImplicitGetterQuery(String user) {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    String query = UserPermissions.SELECT_IMPLICIT_GETTER_FROM_REGION;
-    String regionName = UserPermissions.REGION_NAME;
-
-    Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
-    Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(2, "Beth")};
-    putIntoRegion(superUserClient, keys, values, regionName);
-
-    List<Object> expectedResults = Arrays.asList("John", "Beth");
-    executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
-  }
-
-  @Test
-  @Parameters(method = "getAllUsers")
-  public void checkUserAuthorizationsForSelectCountOfImplicitGetterQuery(String user) {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    String query = UserPermissions.SELECT_COUNT_OF_IMPLICIT_GETTER_FROM_REGION;
-    String regionName = UserPermissions.REGION_NAME;
-
-    Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
-    Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(3, "Beth")};
-    putIntoRegion(superUserClient, keys, values, regionName);
-
-    List<Object> expectedResults = Arrays.asList(2);
-    executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
-  }
-
-  @Test
-  @Parameters(method = "getAllUsers")
-  public void checkUserAuthorizationsForSelectMaxOfImplicitGetterQuery(String user) {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    String query = UserPermissions.SELECT_MAX_OF_IMPLICIT_GETTER_FROM_REGION;
-    String regionName = UserPermissions.REGION_NAME;
-
-    Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
-    Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(3, "Beth")};
-    putIntoRegion(superUserClient, keys, values, regionName);
-
-    List<Object> expectedResults = Arrays.asList("John");
-    executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
-  }
-
-  @Test
-  @Parameters(method = "getAllUsers")
-  public void checkUserAuthorizationsForSelectMinOfImplicitGetterQuery(String user) {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    String query = UserPermissions.SELECT_MIN_OF_IMPLICIT_GETTER_FROM_REGION;
-    String regionName = UserPermissions.REGION_NAME;
-
-    Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
-    Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
-    putIntoRegion(superUserClient, keys, values, regionName);
-
-    List<Object> expectedResults = Arrays.asList("Beth");
-    executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
-  }
-
-  @Test
-  @Parameters(method = "getAllUsers")
-  public void checkUserAuthorizationsForSelectImplicitGetterFromRegionByImplicitGetterFromRegionQuery(
-      String user) {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    String query =
-        UserPermissions.SELECT_FROM_REGION1_WHERE_IMPLICIT_GETTER_IN_REGION2_IMPLICIT_GETTERS;
-    String regionName = UserPermissions.REGION_NAME;
-
-    Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
-    Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
-    putIntoRegion(superUserClient, keys, values, regionName);
-
-    List<Object> expectedResults = Arrays.asList(values);
-    executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
-  }
-  /* ----- Implicit Getter Tests ----- */
-
-  /* ----- Direct Getter Tests ----- */
-  @Test
-  @Parameters(method = "getAllUsers")
-  public void checkUserAuthorizationsForSelectByDirectGetterQuery(String user) {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    String query = UserPermissions.SELECT_FROM_REGION_BY_DIRECT_GETTER;
-    String regionName = UserPermissions.REGION_NAME;
-
-    Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
-    Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(2, "Beth")};
-    putIntoRegion(superUserClient, keys, values, regionName);
-
-    List<Object> expectedResults = Arrays.asList(values[1]);
-    executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
-  }
-
-  @Test
-  @Parameters(method = "getAllUsers")
-  public void checkUserAuthorizationsForSelectDirectGetterQuery(String user) {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    String query = UserPermissions.SELECT_DIRECT_GETTER_FROM_REGION;
-    String regionName = UserPermissions.REGION_NAME;
-
-    Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
-    Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(2, "Beth")};
-    putIntoRegion(superUserClient, keys, values, regionName);
-
-    List<Object> expectedResults = Arrays.asList("John", "Beth");
-    executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
-  }
-
-  @Test
-  @Parameters(method = "getAllUsers")
-  public void checkUserAuthorizationsForSelectCountOfDirectGetterQuery(String user) {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    String query = UserPermissions.SELECT_COUNT_OF_DIRECT_GETTER_FROM_REGION;
-    String regionName = UserPermissions.REGION_NAME;
-
-    Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
-    Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(3, "Beth")};
-    putIntoRegion(superUserClient, keys, values, regionName);
-
-    List<Object> expectedResults = Arrays.asList(2);
-    executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
-  }
-
-  @Test
-  @Parameters(method = "getAllUsers")
-  public void checkUserAuthorizationsForSelectMaxOfDirectGetterQuery(String user) {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    String query = UserPermissions.SELECT_MAX_OF_DIRECT_GETTER_FROM_REGION;
-    String regionName = UserPermissions.REGION_NAME;
-
-    Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
-    Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(3, "Beth")};
-    putIntoRegion(superUserClient, keys, values, regionName);
-
-    List<Object> expectedResults = Arrays.asList("John");
-    executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
-  }
-
-  @Test
-  @Parameters(method = "getAllUsers")
-  public void checkUserAuthorizationsForSelectMinOfDirectGetterQuery(String user) {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    String query = UserPermissions.SELECT_MIN_OF_DIRECT_GETTER_FROM_REGION;
-    String regionName = UserPermissions.REGION_NAME;
-
-    Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
-    Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
-    putIntoRegion(superUserClient, keys, values, regionName);
-
-    List<Object> expectedResults = Arrays.asList("Beth");
-    executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
-  }
-
-  @Test
-  @Parameters(method = "getAllUsers")
-  public void checkUserAuthorizationsForSelectDirectGetterFromRegionByDirectGetterFromRegionQuery(
-      String user) {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    String query = UserPermissions.SELECT_FROM_REGION_WHERE_DIRECT_GETTER_IN_REGION_DIRECT_GETTERS;
-    String regionName = UserPermissions.REGION_NAME;
-
-    Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
-    Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
-    putIntoRegion(superUserClient, keys, values, regionName);
-
-    List<Object> expectedResults = Arrays.asList(values);
-    executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
-  }
-  /* ----- Direct Getter Tests ----- */
-
-  /* ----- Deployed Method Tests ----- */
-  @Test
-  @Parameters(method = "getAllUsers")
-  public void checkUserAuthorizationsForSelectByDeployedMethodQuery(String user) {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    String query = UserPermissions.SELECT_FROM_REGION_BY_DEPLOYED_METHOD;
-    String regionName = UserPermissions.REGION_NAME;
-
-    Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
-    Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(2, "Beth")};
-    putIntoRegion(superUserClient, keys, values, regionName);
-
-    List<Object> expectedResults = Arrays.asList(values[0]);
-    executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
-  }
-
-  @Test
-  @Parameters(method = "getAllUsers")
-  public void checkUserAuthorizationsForSelectDeployedMethodQuery(String user) {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    String query = UserPermissions.SELECT_DEPLOYED_METHOD_FROM_REGION;
-    String regionName = UserPermissions.REGION_NAME;
-
-    Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
-    Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(2, "Beth")};
-    putIntoRegion(superUserClient, keys, values, regionName);
-
-    List<Object> expectedResults = Arrays.asList("John:1", "Beth:2");
-    executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
-  }
-
-  @Test
-  @Parameters(method = "getAllUsers")
-  public void checkUserAuthorizationsForSelectCountOfDeployedMethodQuery(String user) {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    String query = UserPermissions.SELECT_COUNT_OF_DEPLOYED_METHOD_FROM_REGION;
-    String regionName = UserPermissions.REGION_NAME;
-
-    Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
-    Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(3, "Beth")};
-    putIntoRegion(superUserClient, keys, values, regionName);
-
-    List<Object> expectedResults = Arrays.asList(2);
-    executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
-  }
-
-  @Test
-  @Parameters(method = "getAllUsers")
-  public void checkUserAuthorizationsForSelectMaxOfDeployedMethodQuery(String user) {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    String query = UserPermissions.SELECT_MAX_OF_DEPLOYED_METHOD_FROM_REGION;
-    String regionName = UserPermissions.REGION_NAME;
-
-    Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
-    Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(3, "Beth")};
-    putIntoRegion(superUserClient, keys, values, regionName);
-
-    List<Object> expectedResults = Arrays.asList("John:1");
-    executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
-  }
-
-  @Test
-  @Parameters(method = "getAllUsers")
-  public void checkUserAuthorizationsForSelectMinOfDeployedMethodQuery(String user) {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    String query = UserPermissions.SELECT_MIN_OF_DEPLOYED_METHOD_FROM_REGION;
-    String regionName = UserPermissions.REGION_NAME;
-
-    Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
-    Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
-    putIntoRegion(superUserClient, keys, values, regionName);
-
-    List<Object> expectedResults = Arrays.asList("Beth:3");
-    executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
-  }
-
-  @Test
-  @Parameters(method = "getAllUsers")
-  public void checkUserAuthorizationsForSelectDeployedMethodFromRegionByDeployedMethodFromRegionQuery(
-      String user) {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    String query =
-        UserPermissions.SELECT_FROM_REGION_WHERE_DEPLOYED_METHOD_IN_REGION_DEPLOYED_METHODS;
-    String regionName = UserPermissions.REGION_NAME;
-
-    Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
-    Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
-    putIntoRegion(superUserClient, keys, values, regionName);
-
-    List<Object> expectedResults = Arrays.asList(values);
-    executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
-  }
-  /* ----- Deployed Method Tests ----- */
-
-  /* ----- Geode Method Tests ----- */
-  @Test
-  @Parameters(method = "getAllUsers")
-  public void checkUserAuthorizationsForSelectRegionContainsKeyQuery(String user) {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    String query = UserPermissions.SELECT_FROM_REGION_CONTAINS_KEY;
-    String regionName = UserPermissions.REGION_NAME;
-
-    Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
-    Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(2, "Beth")};
-    putIntoRegion(superUserClient, keys, values, regionName);
-
-    List<Object> expectedResults = Arrays.asList(true);
-    executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
-  }
-
-  @Test
-  @Parameters(method = "getAllUsers")
-  public void checkUserAuthorizationsForSelectRegionContainsValueQuery(String user) {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    String query = UserPermissions.SELECT_FROM_REGION_CONTAINS_VALUE;
-    String regionName = UserPermissions.REGION_NAME;
-
-    Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
-    Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(2, "Beth")};
-    putIntoRegion(superUserClient, keys, values, regionName);
-
-    List<Object> expectedResults = Arrays.asList(false);
-    executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
-  }
-
-  @Test
-  @Parameters(method = "getAllUsersWhoCannotExecuteQuery")
-  public void usersWhoCannotExecuteQueryShouldGetExceptionForSelectRegionCreateQuery(String user) throws Exception {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    String query = UserPermissions.SELECT_FROM_REGION_CREATE;
-    String regionName = UserPermissions.REGION_NAME;
-
-    Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
-    Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(2, "Beth")};
-    putIntoRegion(superUserClient, keys, values, regionName);
-
-    List<Object> expectedResults = new ArrayList<>();
-    executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
-  }
-
-  @Test
-  @Parameters(method = "getAllUsersWhoCanExecuteQuery")
-  public void usersWhoCanExecuteQueryShouldNotInvokeRegionCreateForSelectRegionCreateQuery(String user) throws Exception {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    String query = UserPermissions.SELECT_FROM_REGION_CREATE;
-    String regionName = UserPermissions.REGION_NAME;
-
-    Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
-    Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(2, "Beth")};
-    putIntoRegion(superUserClient, keys, values, regionName);
-
-    List<Object> expectedResults = new ArrayList<>();
-    List<Object> expectedFullRegionResults = Arrays.asList(values[0], values[1]);
-    executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
-    assertRegionMatches(specificUserClient, regionName, expectedFullRegionResults);
-  }
-
-  @Test
-  @Parameters(method = "getAllUsersWhoCannotExecuteQuery")
-  public void usersWhoCanExecuteQueryShouldGetExceptionForSelectCreateFromRegionQuery(String user) throws Exception {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    String query = UserPermissions.SELECT_CREATE_FROM_REGION;
-    String regionName = UserPermissions.REGION_NAME;
-
-    Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
-    Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(2, "Beth")};
-    putIntoRegion(superUserClient, keys, values, regionName);
-
-    List<Object> expectedResults = Arrays.asList(QueryService.UNDEFINED, QueryService.UNDEFINED);
-    executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
-  }
-
-  @Test
-  @Parameters(method = "getAllUsersWhoCanExecuteQuery")
-  public void usersWhoCanExecuteQueryShouldGetResultsForSelectCreateFromRegionQuery(String user) throws Exception {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    String query = UserPermissions.SELECT_CREATE_FROM_REGION;
-    String regionName = UserPermissions.REGION_NAME;
-
-    Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
-    Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(2, "Beth")};
-    putIntoRegion(superUserClient, keys, values, regionName);
-
-    List<Object> expectedResults = Arrays.asList(QueryService.UNDEFINED, QueryService.UNDEFINED);
-    List<Object> expectedFullRegionResults = Arrays.asList(values[0], values[1]);
-    executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
-    assertRegionMatches(specificUserClient, regionName, expectedFullRegionResults);
-  }
-
-  @Test
-  @Parameters(method = "getAllUsersWhoCannotExecuteQuery")
-  public void usersWhoCannotExecuteQueryShouldGetExceptionForSelectRegionDestroyQuery(String user) throws Exception {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    String query = UserPermissions.SELECT_FROM_REGION_DESTROY;
-    String regionName = UserPermissions.REGION_NAME;
-
-    Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
-    Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(2, "Beth")};
-    putIntoRegion(superUserClient, keys, values, regionName);
-
-    List<Object> expectedResults = new ArrayList<>();
-    executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
-  }
-
-  @Test
-  @Parameters(method = "getAllUsersWhoCanExecuteQuery")
-  public void usersWhoCanExecuteQueryShouldNotInvokeDestroyForSelectRegionDestroyQuery(String user) throws Exception {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    String query = UserPermissions.SELECT_FROM_REGION_DESTROY;
-    String regionName = UserPermissions.REGION_NAME;
-
-    Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
-    Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(2, "Beth")};
-    putIntoRegion(superUserClient, keys, values, regionName);
-
-    List<Object> expectedResults = new ArrayList<>();
-    List<Object> expectedFullRegionResults = Arrays.asList(values[0], values[1]);
-    executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
-    assertRegionMatches(specificUserClient, regionName, expectedFullRegionResults);
-  }
-
-  @Test
-  @Parameters(method = "getAllUsersWhoCannotExecuteQuery")
-  public void usersWhoCanExecuteQueryShouldGetExceptionForSelectRegionDestroyRegionQuery(String user) throws Exception {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    String query = UserPermissions.SELECT_FROM_REGION_DESTROY_REGION;
-    String regionName = UserPermissions.REGION_NAME;
-
-    Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
-    Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(2, "Beth")};
-    putIntoRegion(superUserClient, keys, values, regionName);
-
-    List<Object> expectedResults = new ArrayList<>();
-    try {
-      executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
-    } catch (Throwable throwable) {
-      if (!(throwable.getCause().getCause() instanceof RegionDestroyedException)) {
-        throw throwable;
-      }
-    }
-  }
-
-  @Test
-  @Parameters(method = "getAllUsersWhoCanExecuteQuery")
-  public void usersWhoCanExecuteQueryShouldNotMethodInvokeADestroyForSelectRegionDestroyRegionQuery(String user) throws Exception {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    String query = UserPermissions.SELECT_FROM_REGION_DESTROY_REGION;
-    String regionName = UserPermissions.REGION_NAME;
-
-    Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
-    Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(2, "Beth")};
-    putIntoRegion(superUserClient, keys, values, regionName);
-
-    List<Object> expectedResults = new ArrayList<>();
-    List<Object> expectedFullRegionResults = Arrays.asList(values[0], values[1]);
-    try {
-      executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
-      assertRegionMatches(specificUserClient, regionName, expectedFullRegionResults);
-    } catch (Throwable throwable) {
-      if (!(throwable.getCause().getCause() instanceof RegionDestroyedException)) {
-        throw throwable;
-      }
-    }
-  }
-
-  @Test
-  @Parameters(method = "getAllUsers")
-  public void checkUserAuthorizationsForSelectRegionDestroyRegionParenQuery(String user) {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    String query = UserPermissions.SELECT_FROM_REGION_DESTROY_REGION_PAREN;
-    String regionName = UserPermissions.REGION_NAME;
-
-    Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
-    Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(2, "Beth")};
-    putIntoRegion(superUserClient, keys, values, regionName);
-
-    List<Object> expectedResults = new ArrayList<>();
-    try {
-      executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
-    } catch (Throwable throwable) {
-      if (!(throwable.getCause().getCause() instanceof RegionDestroyedException)) {
-        throw throwable;
-      }
-    }
-  }
-
-  @Test
-  @Parameters(method = "getAllUsers")
-  public void checkUserAuthorizationsForSelectRegionGetQuery(String user) {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    String query = UserPermissions.SELECT_FROM_REGION_GET;
-    String regionName = UserPermissions.REGION_NAME;
-
-    Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
-    Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(2, "Beth")};
-    putIntoRegion(superUserClient, keys, values, regionName);
-
-    List<Object> expectedResults = Arrays.asList(values[0]);
-    executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
-  }
-
-  @Test
-  @Parameters(method = "getAllUsersWhoCannotExecuteQuery")
-  public void usersWhoCannotExecuteQueryShouldGetExceptionForSelectRegionPutQuery(String user) throws Exception {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    String query = UserPermissions.SELECT_FROM_REGION_PUT;
-    String regionName = UserPermissions.REGION_NAME;
-
-    Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
-    Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(2, "Beth")};
-    putIntoRegion(superUserClient, keys, values, regionName);
-
-    List<Object> expectedResults = Arrays.asList();
-    executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
-  }
-
-  @Test
-  @Parameters(method = "getAllUsersWhoCanExecuteQuery")
-  public void usersWhoCanExecuteQueryShouldNotInvokeRegionPutForSelectRegionPutQuery(String user) throws Exception {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    String query = UserPermissions.SELECT_FROM_REGION_PUT;
-    String regionName = UserPermissions.REGION_NAME;
-
-    Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
-    Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(2, "Beth")};
-    putIntoRegion(superUserClient, keys, values, regionName);
-
-    List<Object> expectedResults = Arrays.asList();
-    List<Object> expectedFullRegionResults = Arrays.asList(values[0], values[1]);
-    executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
-    assertRegionMatches(specificUserClient, regionName, expectedFullRegionResults);
-  }
-
-  @Test
-  @Parameters(method = "getAllUsersWhoCannotExecuteQuery")
-  public void usersWhoCanExecuteQueryShouldReceiveExceptionForSelectRegionPutIfAbsentQuery(String user) throws Exception {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    String query = UserPermissions.SELECT_FROM_REGION_PUT_IF_ABSENT;
-    String regionName = UserPermissions.REGION_NAME;
-
-    Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
-    Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(2, "Beth")};
-    putIntoRegion(superUserClient, keys, values, regionName);
-
-    List<Object> expectedResults = Arrays.asList();
-    executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
-  }
-
-  @Test
-  @Parameters(method = "getAllUsersWhoCanExecuteQuery")
-  public void usersWhoCanExecuteQueryShouldNotInvokePutIfAbsentForSelectRegionPutIfAbsentQuery(String user) throws Exception {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    String query = UserPermissions.SELECT_FROM_REGION_PUT_IF_ABSENT;
-    String regionName = UserPermissions.REGION_NAME;
-
-    Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
-    Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(2, "Beth")};
-    putIntoRegion(superUserClient, keys, values, regionName);
-
-    List<Object> expectedResults = Arrays.asList();
-    List<Object> expectedFullRegionResults = Arrays.asList(values[0], values[1]);
-    executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
-    assertRegionMatches(specificUserClient, regionName, expectedFullRegionResults);
-  }
-
-  @Test
-  @Parameters(method = "getAllUsersWhoCannotExecuteQuery")
-  public void checkUserAuthorizationsForSelectRegionRemoveQuery(String user) throws Exception {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    String query = UserPermissions.SELECT_FROM_REGION_REMOVE;
-    String regionName = UserPermissions.REGION_NAME;
-
-    Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
-    Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(2, "Beth")};
-    putIntoRegion(superUserClient, keys, values, regionName);
-
-    List<Object> expectedResults = Arrays.asList();
-    executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
-  }
-
-
-  @Test
-  @Parameters(method = "getAllUsersWhoCanExecuteQuery")
-  public void usersWhoCanExecuteQueryShouldNotInvokedRegionRemoveForSelectRegionRemoveQuery(String user) throws Exception {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    String query = UserPermissions.SELECT_FROM_REGION_REMOVE;
-    String regionName = UserPermissions.REGION_NAME;
-
-    Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
-    Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(2, "Beth")};
-    putIntoRegion(superUserClient, keys, values, regionName);
-
-    List<Object> expectedResults = Arrays.asList();
-    List<Object> expectedFullRegionResults = Arrays.asList(values[0], values[1]);
-    executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
-    assertRegionMatches(specificUserClient, regionName, expectedFullRegionResults);
-  }
-
-  @Test
-  @Parameters(method = "getAllUsersWhoCanExecuteQuery")
-  public void usersWhoCannExecuteQueryShouldReceiveExpectedResultsForSelectRegionReplaceQuery(String user) throws Exception {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    String query = UserPermissions.SELECT_FROM_REGION_REPLACE;
-    String regionName = UserPermissions.REGION_NAME;
-
-    Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
-    Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(2, "Beth")};
-    putIntoRegion(superUserClient, keys, values, regionName);
-
-    List<Object> expectedResults = Arrays.asList();
-    List<Object> expectedFullRegionResults = Arrays.asList(values[0], values[1]);
-    executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
-    assertRegionMatches(specificUserClient, regionName, expectedFullRegionResults);
-  }
-
-  @Test
-  @Parameters(method = "getAllUsersWhoCannotExecuteQuery")
-  public void usersWhoCannotExecuteQueryShouldReceiveExceptionForSelectRegionReplaceQuery(String user) throws Exception {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    String query = UserPermissions.SELECT_FROM_REGION_REPLACE;
-    String regionName = UserPermissions.REGION_NAME;
-
-    Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
-    Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(2, "Beth")};
-    putIntoRegion(superUserClient, keys, values, regionName);
-
-    List<Object> expectedResults = Arrays.asList();
-    executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
-  }
-
-  @Test
-  @Parameters(method = "getAllUsers")
-  public void checkUserAuthorizationsForSelectGetInterestListRegexRegionQuery(String user) {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    String query = UserPermissions.SELECT_GET_INTEREST_LIST_REGEX_FROM_REGION;
-    String regionName = UserPermissions.REGION_NAME;
-
-    Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
-    Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(2, "Beth")};
-    putIntoRegion(superUserClient, keys, values, regionName);
-
-    List<Object> expectedResults = Arrays.asList(QueryService.UNDEFINED, QueryService.UNDEFINED);
-    executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
-  }
-
-  @Test
-  @Parameters(method = "getAllUsers")
-  public void checkUserAuthorizationsForSelectGetInterestListRegexParenRegionQuery(String user) {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    String query = UserPermissions.SELECT_GET_INTEREST_LIST_REGEX_PAREN_FROM_REGION;
-    String regionName = UserPermissions.REGION_NAME;
-
-    Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
-    Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(2, "Beth")};
-    putIntoRegion(superUserClient, keys, values, regionName);
-
-    List<Object> expectedResults = Arrays.asList(QueryService.UNDEFINED, QueryService.UNDEFINED);
-    executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
-  }
-  /* ----- Geode Method Tests ----- */
-
-
-  /* ----- Whitelisted Methods Tests ----- */
-  @Test
-  @Parameters(method = "getAllUsers")
-  public void checkUserAuthorizationsForSelectValuesQuery(String user) {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    String query = UserPermissions.SELECT_FROM_REGION_VALUES;
-    String regionName = UserPermissions.REGION_NAME;
-
-    Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
-    Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
-    putIntoRegion(superUserClient, keys, values, regionName);
-
-    List<Object> expectedResults = Arrays.asList(values);
-    executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
-  }
-
-  @Test
-  @Parameters(method = "getAllUsers")
-  public void checkUserAuthorizationsForSelectKeySetQuery(String user) {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    String query = UserPermissions.SELECT_FROM_REGION_KEYSET;
-    String regionName = UserPermissions.REGION_NAME;
-
-    Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
-    Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
-    putIntoRegion(superUserClient, keys, values, regionName);
-
-    List<Object> expectedResults = Arrays.asList(keys);
-    executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
-  }
-
-  @Test
-  @Parameters(method = "getAllUsers")
-  public void checkUserAuthorizationsForSelectEntriesQuery(String user) {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    String query = UserPermissions.SELECT_FROM_REGION_ENTRIES;
-    String regionName = UserPermissions.REGION_NAME;
-
-    Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
-    Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
-    putIntoRegion(superUserClient, keys, values, regionName);
-
-    List<Object> expectedResults = Arrays.asList(keys);
-    executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
-  }
-
-  @Test
-  @Parameters(method = "getAllUsers")
-  public void checkUserAuthorizationsForSelectEntrySetQuery(String user) {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    String query = UserPermissions.SELECT_FROM_REGION_ENTRY_SET;
-    String regionName = UserPermissions.REGION_NAME;
-
-    Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
-    Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
-    putIntoRegion(superUserClient, keys, values, regionName);
-
-    List<Object> expectedResults = Arrays.asList(REGION_PUT_KEY, REGION_PUT_KEY + "1");
-    executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
-  }
-
-  @Test
-  @Parameters(method = "getAllUsers")
-  public void checkUserAuthorizationsForSelectKeyFromEntrySetQuery(String user) {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    String query = UserPermissions.SELECT_KEY_FROM_REGION_ENTRYSET;
-    String regionName = UserPermissions.REGION_NAME;
-
-    Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
-    Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
-    putIntoRegion(superUserClient, keys, values, regionName);
-
-    List<Object> expectedResults = Arrays.asList(keys);
-    executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
-  }
-
-  @Test
-  @Parameters(method = "getAllUsers")
-  public void checkUserAuthorizationsForSelectGetKeyFromEntrySetQuery(String user) {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    String query = UserPermissions.SELECT_GET_KEY_FROM_REGION_ENTRYSET;
-    String regionName = UserPermissions.REGION_NAME;
-
-    Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
-    Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
-    putIntoRegion(superUserClient, keys, values, regionName);
-
-    List<Object> expectedResults = Arrays.asList(keys);
-    executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
-  }
-
-  @Test
-  @Parameters(method = "getAllUsers")
-  public void checkUserAuthorizationsForSelectValueFromEntrySetQuery(String user) {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    String query = UserPermissions.SELECT_VALUE_FROM_REGION_ENTRYSET;
-    String regionName = UserPermissions.REGION_NAME;
-
-    Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
-    Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
-    putIntoRegion(superUserClient, keys, values, regionName);
-
-    List<Object> expectedResults = Arrays.asList(values);
-    executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
-  }
-
-  @Test
-  @Parameters(method = "getAllUsers")
-  public void checkUserAuthorizationsForSelectGetValueFromEntrySetQuery(String user) {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    String query = UserPermissions.SELECT_GET_VALUE_FROM_REGION_ENTRYSET;
-    String regionName = UserPermissions.REGION_NAME;
-
-    Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
-    Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
-    putIntoRegion(superUserClient, keys, values, regionName);
-
-    List<Object> expectedResults = Arrays.asList(values);
-    executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
-  }
-
-  @Test
-  @Parameters(method = "getAllUsers")
-  public void checkUserAuthorizationsForSelectByToStringQuery(String user) {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    String query = UserPermissions.SELECT_FROM_REGION_BY_TO_STRING;
-    String regionName = UserPermissions.REGION_NAME;
-
-    Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
-    Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
-    putIntoRegion(superUserClient, keys, values, regionName);
-
-    List<Object> expectedResults = Arrays.asList(values);
-    executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
-  }
-
-  @Test
-  @Parameters(method = "getAllUsers")
-  public void checkUserAuthorizationsForSelectToStringQuery(String user) {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    String query = UserPermissions.SELECT_TO_STRING_FROM_REGION;
-    String regionName = UserPermissions.REGION_NAME;
-
-    Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
-    Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
-    putIntoRegion(superUserClient, keys, values, regionName);
-
-    List<Object> expectedResults = Arrays.asList("Test_Object", "Test_Object");
-    executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
-  }
-
-  @Test
-  @Parameters(method = "getAllUsers")
-  public void checkUserAuthorizationsForSelectByToStringToUpperCaseQuery(String user) {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    String query = UserPermissions.SELECT_FROM_REGION_BY_TO_STRING_TO_UPPER_CASE;
-    String regionName = UserPermissions.REGION_NAME;
-
-    Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
-    Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
-    putIntoRegion(superUserClient, keys, values, regionName);
-
-    List<Object> expectedResults = Arrays.asList(values);
-    executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
-  }
-
-  @Test
-  @Parameters(method = "getAllUsers")
-  public void checkUserAuthorizationsForSelectByToStringToLowerCaseQuery(String user) {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    String query = UserPermissions.SELECT_FROM_REGION_BY_TO_STRING_TO_LOWER_CASE;
-    String regionName = UserPermissions.REGION_NAME;
-
-    Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
-    Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
-    putIntoRegion(superUserClient, keys, values, regionName);
-
-    List<Object> expectedResults = Arrays.asList(values);
-    executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
-  }
-
-  @Test
-  @Parameters(method = "getAllUsers")
-  public void checkUserAuthorizationsForSelectIntValueQuery(String user) {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    String query = UserPermissions.SELECT_INT_VALUE_FROM_REGION;
-    String regionName = UserPermissions.REGION_NAME;
-
-    Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
-    Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
-    putIntoRegion(superUserClient, keys, values, regionName);
-
-    List<Object> expectedResults = Arrays.asList(0, 3);
-    executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
-  }
-
-  @Test
-  @Parameters(method = "getAllUsers")
-  public void checkUserAuthorizationsForSelectLongValueQuery(String user) {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    String query = UserPermissions.SELECT_LONG_VALUE_FROM_REGION;
-    String regionName = UserPermissions.REGION_NAME;
-
-    Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
-    Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
-    putIntoRegion(superUserClient, keys, values, regionName);
-
-    List<Object> expectedResults = Arrays.asList(0L, 3L);
-    executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
-  }
-
-  @Test
-  @Parameters(method = "getAllUsers")
-  public void checkUserAuthorizationsForSelectDoubleValueQuery(String user) {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    String query = UserPermissions.SELECT_DOUBLE_VALUE_FROM_REGION;
-    String regionName = UserPermissions.REGION_NAME;
-
-    Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
-    Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
-    putIntoRegion(superUserClient, keys, values, regionName);
-
-    List<Object> expectedResults = Arrays.asList(0d, 3d);
-    executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
-  }
-
-  @Test
-  @Parameters(method = "getAllUsers")
-  public void checkUserAuthorizationsForSelectShortValueQuery(String user) {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    String query = UserPermissions.SELECT_SHORT_VALUE_FROM_REGION;
-    String regionName = UserPermissions.REGION_NAME;
-
-    Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
-    Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
-    putIntoRegion(superUserClient, keys, values, regionName);
-
-    List<Object> expectedResults = Arrays.asList((short) 0, (short) 3);
-    executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
-  }
-  /* ----- Whitelisted Methods Tests ----- */
-
-  /* ----- Blacklisted Methods Tests ----- */
-  @Test
-  @Parameters(method = "getAllUsers")
-  public void checkUserAuthorizationsForSelectByGetClassQuery(String user) {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    String query = UserPermissions.SELECT_FROM_REGION_BY_GET_CLASS;
-    String regionName = UserPermissions.REGION_NAME;
-
-    Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
-    Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
-    putIntoRegion(superUserClient, keys, values, regionName);
-
-    List<Object> expectedResults = new ArrayList<>();
-    executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
-  }
-
-  @Test
-  @Parameters(method = "getAllUsers")
-  public void checkUserAuthorizationsForSelectByGetClassParenQuery(String user) {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    String query = UserPermissions.SELECT_FROM_REGION_BY_GET_CLASS_PAREN;
-    String regionName = UserPermissions.REGION_NAME;
-
-    Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
-    Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
-    putIntoRegion(superUserClient, keys, values, regionName);
-
-    List<Object> expectedResults = new ArrayList<>();
-    executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
-  }
-
-  @Test
-  @Parameters(method = "getAllUsers")
-  public void checkUserAuthorizationsForSelectGetClassRegionQuery(String user) {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    String query = UserPermissions.SELECT_GET_CLASS_FROM_REGION;
-    String regionName = UserPermissions.REGION_NAME;
-
-    Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
-    Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
-    putIntoRegion(superUserClient, keys, values, regionName);
-
-    List<Object> expectedResults = new ArrayList<>();
-    executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
-  }
-
-  @Test
-  @Parameters(method = "getAllUsers")
-  public void checkUserAuthorizationsForSelectGetClassParenRegionQuery(String user) {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    String query = UserPermissions.SELECT_GET_CLASS_PAREN_FROM_REGION;
-    String regionName = UserPermissions.REGION_NAME;
-
-    Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
-    Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
-    putIntoRegion(superUserClient, keys, values, regionName);
-
-    List<Object> expectedResults = new ArrayList<>();
-    executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
-  }
-
-  @Test
-  @Parameters(method = "getAllUsers")
-  public void checkUserAuthorizationsForSelectByClassQuery(String user) {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    String query = UserPermissions.SELECT_FROM_REGION_BY_CLASS;
-    String regionName = UserPermissions.REGION_NAME;
-
-    Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
-    Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
-    putIntoRegion(superUserClient, keys, values, regionName);
-
-    List<Object> expectedResults = new ArrayList<>();
-    executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
-  }
-
-  @Test
-  @Parameters(method = "getAllUsers")
-  public void checkUserAuthorizationsForSelectClassRegionQuery(String user) {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    String query = UserPermissions.SELECT_CLASS_FROM_REGION;
-    String regionName = UserPermissions.REGION_NAME;
-
-    Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
-    Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
-    putIntoRegion(superUserClient, keys, values, regionName);
-
-    List<Object> expectedResults = new ArrayList<>();
-    executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
-  }
-
-  @Test
-  @Parameters(method = "getAllUsers")
-  public void checkUserAuthorizationsForSelectByCapitalClassQuery(String user) {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    String query = UserPermissions.SELECT_FROM_REGION_BY_CAPITAL_CLASS;
-    String regionName = UserPermissions.REGION_NAME;
-
-    Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
-    Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
-    putIntoRegion(superUserClient, keys, values, regionName);
-
-    List<Object> expectedResults = new ArrayList<>();
-    executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
-  }
-
-  @Test
-  @Parameters(method = "getAllUsers")
-  public void checkUserAuthorizationsForSelectCapitalClassRegionQuery(String user) {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    String query = UserPermissions.SELECT_CAPITAL_CLASS_FROM_REGION;
-    String regionName = UserPermissions.REGION_NAME;
-
-    Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
-    Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
-    putIntoRegion(superUserClient, keys, values, regionName);
-
-    List<Object> expectedResults = new ArrayList<>();
-    executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
-  }
-
-  @Test
-  @Parameters(method = "getAllUsers")
-  public void checkUserAuthorizationsForSelectRegionGetClassQuery(String user) {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    String query = UserPermissions.SELECT_FROM_REGION_GET_CLASS;
-    String regionName = UserPermissions.REGION_NAME;
-
-    Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
-    Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
-    putIntoRegion(superUserClient, keys, values, regionName);
-
-    List<Object> expectedResults = new ArrayList<>();
-    executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
-  }
-
-  @Test
-  @Parameters(method = "getAllUsers")
-  public void checkUserAuthorizationsForSelectRegionGetClassParenQuery(String user) {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    String query = UserPermissions.SELECT_FROM_REGION_GET_CLASS_PAREN;
-    String regionName = UserPermissions.REGION_NAME;
-
-    Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
-    Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
-    putIntoRegion(superUserClient, keys, values, regionName);
-
-    List<Object> expectedResults = new ArrayList<>();
-    executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
-  }
-
-  @Test
-  @Parameters(method = "getAllUsers")
-  public void checkUserAuthorizationsForSelectRegionClassQuery(String user) {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    String query = UserPermissions.SELECT_FROM_REGION_CLASS;
-    String regionName = UserPermissions.REGION_NAME;
-
-    Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
-    Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
-    putIntoRegion(superUserClient, keys, values, regionName);
-
-    List<Object> expectedResults = new ArrayList<>();
-    executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
-  }
-
-  @Test
-  @Parameters(method = "getAllUsers")
-  public void checkUserAuthorizationsForSelectRegionCapitalClassQuery(String user) {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    String query = UserPermissions.SELECT_FROM_REGION_CAPITAL_CLASS;
-    String regionName = UserPermissions.REGION_NAME;
-
-    Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
-    Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
-    putIntoRegion(superUserClient, keys, values, regionName);
-
-    List<Object> expectedResults = new ArrayList<>();
-    executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
-  }
-
-  @Test
-  @Parameters(method = "getAllUsers")
-  public void checkUserAuthorizationsForSelectRegionCloneQuery(String user) {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    String query = UserPermissions.SELECT_FROM_REGION_CLONE;
-    String regionName = UserPermissions.REGION_NAME;
-
-    Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
-    Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
-    putIntoRegion(superUserClient, keys, values, regionName);
-
-    List<Object> expectedResults = new ArrayList<>();
-    executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
-  }
-
-  @Test
-  @Parameters(method = "getAllUsers")
-  public void checkUserAuthorizationsForSelectToDateQuery(String user) {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    String query = UserPermissions.SELECT_FROM_REGION_TO_DATE;
-    String regionName = UserPermissions.REGION_NAME;
-
-    Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
-    QueryTestObject obj1 = new QueryTestObject(0, "John");
-    obj1.setDateField("08/08/2018");
-    QueryTestObject obj2 = new QueryTestObject(3, "Beth");
-    obj2.setDateField("08/08/2018");
-    Object[] values = {obj1, obj2};
-    putIntoRegion(superUserClient, keys, values, regionName);
-
-    List<Object> expectedResults = new ArrayList<>();
-    executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
-  }
-
-  @Test
-  public void userWithRegionAccessAndPassingInWrappedbindParameterShouldExecute() {
-    String user = "dataReaderRegion";
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    String regionName = UserPermissions.REGION_NAME;
-
-    Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
-    Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
-    putIntoRegion(superUserClient, keys, values, regionName);
-
-    String query = "select v from $1 r, r.values() v";
-    String regexForExpectedException = ".*DATA:READ.*";
-    specificUserClient.invoke(()-> {
-      Region region = getClientCache().getRegion(regionName);
-      HashSet hashset = new HashSet();
-      hashset.add(region);
-      getClientCache().getQueryService().newQuery(query).execute(new Object[]{hashset});
-    });
-  }
-
-  @Test
-  public void userWithoutRegionAccessAndPassingInWrappedBindParameterShouldThrowException() {
-    String user = "dataReaderRegionKey";
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    String regionName = UserPermissions.REGION_NAME;
-
-    Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
-    Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
-    putIntoRegion(superUserClient, keys, values, regionName);
-
-    String query = "select v from $1 r, r.values() v";
-    String regexForExpectedException = ".*DATA:READ.*";
-    specificUserClient.invoke(()-> {
-      Region region = getClientCache().getRegion(regionName);
-      HashSet hashset = new HashSet();
-      hashset.add(region);
-      assertExceptionOccurred(getClientCache().getQueryService(), query, new Object[]{hashset}, regexForExpectedException);
-    });
-  }
-
-  //If DummyQRegion is every serializable, then this test will fail and a security hole with query will have been opened
-  //That means a user could wrap a region in a dummy region and bypass the MethodInvocationAuthorizer
-  @Test
-  public void userWithoutRegionAccessAndPassingInWrappedInDummyQRegionBindParameterShouldThrowSerializationException() {
-    String user = "dataReaderRegionKey";
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    String regionName = UserPermissions.REGION_NAME;
-
-    Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
-    Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
-    putIntoRegion(superUserClient, keys, values, regionName);
-
-    String query = "select v from $1 r, r.values() v";
-    String regexForExpectedException = ".*failed serializing object.*";
-    specificUserClient.invoke(()-> {
-      Region region = getClientCache().getRegion(regionName);
-      HashSet hashset = new HashSet();
-      hashset.add(new DummyQRegion(region));
-      assertExceptionOccurred(getClientCache().getQueryService(), query, new Object[]{hashset}, regexForExpectedException);
-    });
-  }
-
-  public static class QueryTestObject implements Serializable {
-    public int id = -1;
-
-    private String name;
-    private String Class;
-
-    public Date dateField;
-
-    public QueryTestObject(int id, String name) {
-      this.id = id;
-      this.name = name;
-    }
-
-    public String getName() {
-      return name;
-    }
-
-    public String someMethod() {
-      return name + ":" + id;
-    }
-
-    public void setDateField(String dateString) {
-      try {
-        SimpleDateFormat sdf = new SimpleDateFormat("MM/dd/yyyy");
-        dateField = sdf.parse(dateString);
-      } catch (ParseException e) {
-
-      }
-    }
-
-    @Override
-    public String toString() {
-      return "Test_Object";
-    }
-
-    @Override
-    public boolean equals(Object obj) {
-      QueryTestObject qto = (QueryTestObject) obj;
-      return (this.id == qto.id && this.name.equals(qto.getName()));
-    }
-  }
-}
diff --git a/geode-core/src/test/java/org/apache/geode/security/query/QuerySecurityRestrictedQueriesDUnitTest.java b/geode-core/src/test/java/org/apache/geode/security/query/QuerySecurityRestrictedQueriesDUnitTest.java
new file mode 100644
index 0000000..bf39447
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/security/query/QuerySecurityRestrictedQueriesDUnitTest.java
@@ -0,0 +1,318 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.geode.security.query;
+
+import java.io.Serializable;
+import java.text.ParseException;
+import java.text.SimpleDateFormat;
+import java.util.Arrays;
+import java.util.Date;
+import java.util.List;
+
+import junitparams.Parameters;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
+
+import org.apache.geode.cache.Region;
+import org.apache.geode.cache.RegionDestroyedException;
+import org.apache.geode.cache.client.Pool;
+import org.apache.geode.cache.client.PoolManager;
+import org.apache.geode.security.query.data.QueryTestObject;
+import org.apache.geode.test.dunit.VM;
+import org.apache.geode.test.junit.categories.DistributedTest;
+import org.apache.geode.test.junit.categories.SecurityTest;
+import org.apache.geode.test.junit.runners.CategoryWithParameterizedRunnerFactory;
+
+@Category({DistributedTest.class, SecurityTest.class})
+@RunWith(Parameterized.class)
+@Parameterized.UseParametersRunnerFactory(CategoryWithParameterizedRunnerFactory.class)
+public class QuerySecurityRestrictedQueriesDUnitTest extends QuerySecurityBase {
+
+  @Parameterized.Parameters
+  public static Object[] usersAllowed() {
+    return new Object[] {"dataReader", "dataReaderRegion", "clusterManagerDataReader",
+        "clusterManagerDataReaderRegion", "super-user"};
+  }
+
+  @Parameterized.Parameter
+  public String user;
+
+  @Before
+  public void configureCache() {
+    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
+    createProxyRegion(specificUserClient, regionName);
+
+    keys = new Object[] {"key-0", "key-1"};
+    values = new Object[] {new QueryTestObject(1, "John"), new QueryTestObject(3, "Beth")};
+    putIntoRegion(superUserClient, keys, values, regionName);
+  }
+
+  protected String regexForExpectedExceptions = ".*Unauthorized access.*";
+
+
+  /* ----- Implicit Getter Tests ----- */
+  @Test
+  public void checkUserAuthorizationsForSelectByImplicitGetterQuery() {
+    String query = "select * from /" + regionName + " r where r.name = 'Beth'";
+    executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+        regexForExpectedExceptions);
+  }
+
+  @Test
+  public void checkUserAuthorizationsForSelectImplicitGetterQuery() {
+    String query = "select r.name from /" + regionName + " r";
+    executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+        regexForExpectedExceptions);
+  }
+
+  @Test
+  public void checkUserAuthorizationsForSelectCountOfImplicitGetterQuery() {
+    String query = "select count(r.name) from /" + regionName + " r";
+    executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+        regexForExpectedExceptions);
+  }
+
+  @Test
+  public void checkUserAuthorizationsForSelectMaxOfImplicitGetterQuery() {
+    String query = "select max(r.name) from /" + regionName + " r";
+    executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+        regexForExpectedExceptions);
+  }
+
+  @Test
+  public void checkUserAuthorizationsForSelectMinOfImplicitGetterQuery() {
+    String query = "select min(r.name) from /" + regionName + " r";
+    executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+        regexForExpectedExceptions);
+  }
+
+  @Test
+  public void checkUserAuthorizationsForSelectImplicitGetterFromRegionByImplicitGetterFromRegionQuery() {
+    String query = "select * from /" + regionName + " r1 where r1.name in (select r2.name from /"
+        + regionName + " r2)";
+    executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+        regexForExpectedExceptions);
+  }
+  /* ----- Implicit Getter Tests ----- */
+
+  /* ----- Direct Getter Tests ----- */
+  @Test
+  public void checkUserAuthorizationsForSelectByDirectGetterQuery() {
+    String query = "select * from /" + regionName + " r where r.getName = 'Beth'";
+    executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+        regexForExpectedExceptions);
+  }
+
+  @Test
+  public void checkUserAuthorizationsForSelectDirectGetterQuery() {
+    String query = "select r.getName() from /" + regionName + " r";
+    executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+        regexForExpectedExceptions);
+  }
+
+  @Test
+  public void checkUserAuthorizationsForSelectCountOfDirectGetterQuery() {
+    String query = "select count(r.getId) from /" + regionName + " r";
+    executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+        regexForExpectedExceptions);
+  }
+
+  @Test
+  public void checkUserAuthorizationsForSelectMaxOfDirectGetterQuery() {
+    String query = "select max(r.getId()) from /" + regionName + " r";
+    executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+        regexForExpectedExceptions);
+  }
+
+  @Test
+  public void checkUserAuthorizationsForSelectMinOfDirectGetterQuery() {
+    String query = "select min(getId()) from /" + regionName + " r";
+    executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+        regexForExpectedExceptions);
+  }
+
+  @Test
+  public void checkUserAuthorizationsForSelectDirectGetterFromRegionByDirectGetterFromRegionQuery() {
+    String query = "select * from /" + regionName
+        + " r1 where r1.getName in (select r2.getName from /" + regionName + " r2)";
+    executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+        regexForExpectedExceptions);
+  }
+
+  @Test
+  public void checkUserAuthorizationsForSelectRegionContainsValueQuery() {
+    String query = "select * from /" + regionName + ".containsValue('value')";
+    executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+        regexForExpectedExceptions);
+  }
+
+  @Test
+  public void usersWhoCanExecuteQueryShouldNotInvokeRegionCreateForSelectRegionCreateQuery()
+      throws Exception {
+    String query = "select * from /" + regionName + ".create('key2', 15)";
+    executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+        regexForExpectedExceptions);
+    executeAndConfirmRegionMatches(specificUserClient, regionName, Arrays.asList(values));
+  }
+
+
+  @Test
+  // @Parameters(method = "getAllUsersWhoCanExecuteQuery")
+  public void usersWhoCanExecuteQueryShouldGetResultsForSelectCreateFromRegionQuery()
+      throws Exception {
+    String query = "select r.create('key2', 15) from /" + regionName + " r";
+    executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+        regexForExpectedExceptions);
+    executeAndConfirmRegionMatches(specificUserClient, regionName, Arrays.asList(values));
+  }
+
+  @Test
+  // @Parameters(method = "getAllUsersWhoCanExecuteQuery")
+  public void usersWhoCanExecuteQueryShouldNotInvokeDestroyForSelectRegionDestroyQuery()
+      throws Exception {
+    String query = "select * from /" + regionName + ".destroyKey('" + keys[0] + "')";
+    executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+        regexForExpectedExceptions);
+    executeAndConfirmRegionMatches(specificUserClient, regionName, Arrays.asList(values));
+  }
+
+  @Test
+  public void checkUserAuthorizationsForSelectRegionDestroyRegionQuery() {
+    String query = "select * from /" + regionName + ".destroyRegion()";
+    try {
+      executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+          regexForExpectedExceptions);
+    } catch (Throwable throwable) {
+      if (!(throwable.getCause().getCause() instanceof RegionDestroyedException)) {
+        throw throwable;
+      }
+    }
+  }
+
+  @Test
+  public void checkUserAuthorizationsForSelectRegionGetQuery() {
+    String query = "select * from /" + regionName + ".getKey('" + keys[0] + "')";
+    executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+        regexForExpectedExceptions);
+  }
+
+  @Test
+  public void usersWhoCanExecuteQueryShouldNotInvokeRegionPutForSelectRegionPutQuery()
+      throws Exception {
+    String query = "select * from /" + regionName + ".put('key-2', 'something')";
+    executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+        regexForExpectedExceptions);
+    executeAndConfirmRegionMatches(specificUserClient, regionName, Arrays.asList(values));
+  }
+
+
+
+  @Test
+  public void usersWhoCanExecuteQueryShouldNotInvokePutIfAbsentForSelectRegionPutIfAbsentQuery()
+      throws Exception {
+    String query = "select * from /" + regionName + ".putIfAbsent('key-2', 'something')";
+    executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+        regexForExpectedExceptions);
+    executeAndConfirmRegionMatches(specificUserClient, regionName, Arrays.asList(values));
+  }
+
+
+  @Test
+  @Parameters(method = "getAllUsersWhoCanExecuteQuery")
+  public void usersWhoCanExecuteQueryShouldNotInvokedRegionRemoveForSelectRegionRemoveQuery()
+      throws Exception {
+    String query = "select * from /" + regionName + ".remove('key-0')";
+    executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+        regexForExpectedExceptions);
+    executeAndConfirmRegionMatches(specificUserClient, regionName, Arrays.asList(values));
+  }
+
+  @Test
+  @Parameters(method = "getAllUsersWhoCanExecuteQuery")
+  public void usersWhoCannExecuteQueryShouldReceiveExpectedResultsForSelectRegionReplaceQuery()
+      throws Exception {
+    String query = "select * from /" + regionName + ".replace('key-0', 'something')";
+    executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+        regexForExpectedExceptions);
+    executeAndConfirmRegionMatches(specificUserClient, regionName, Arrays.asList(values));
+  }
+
+  @Test
+  public void checkUserAuthorizationsForSelectGetInterestListRegexRegionQuery() {
+    String query = "select r.getInterestListRegex from /" + regionName + " r";
+    executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+        regexForExpectedExceptions);
+  }
+
+  @Test
+  public void checkUserAuthorizationsForSelectGetInterestListRegexParenRegionQuery() {
+    String query = "select r.getInterestListRegex() from /" + regionName + " r";
+    executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+        regexForExpectedExceptions);
+  }
+
+  @Test
+  public void checkUserAuthorizationsForSelectByGetClassQuery() {
+    String query = "select * from /" + regionName + " r where r.getClass != '1'";
+    executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+        regexForExpectedExceptions);
+  }
+
+  @Test
+  public void checkUserAuthorizationsForSelectGetClassRegionQuery() {
+    String query = "select r.getClass from /" + regionName + " r";
+    executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+        regexForExpectedExceptions);
+  }
+
+  @Test
+  public void checkUserAuthorizationsForSelectGetClassWithParenthesisRegionQuery() {
+    String query = "select r.getClass() from /" + regionName + " r";
+    executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+        regexForExpectedExceptions);
+  }
+
+  @Test
+  public void checkUserAuthorizationsForSelectByClassQuery() {
+    String query = "select * from /" + regionName + " r where r.getClass != 'blah'";
+    executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+        regexForExpectedExceptions);
+  }
+
+  @Test
+  public void checkUserAuthorizationsForSelectByGetClassWithParenthesisQuery() {
+    String query = "select * from /" + regionName + " r where r.getClass() != '1'";
+    executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+        regexForExpectedExceptions);
+  }
+
+
+  @Test
+  public void checkUserAuthorizationsForSelectByCapitalClassQuery() {
+    String query = "select * from /" + regionName + " r where r.Class != '1'";
+    executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+        regexForExpectedExceptions);
+  }
+
+  @Test
+  public void checkUserAuthorizationsForSelectRegionCloneQuery() {
+    String query = "select * from /" + regionName + ".clone";
+    executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+        regexForExpectedExceptions);
+  }
+}
diff --git a/geode-core/src/test/java/org/apache/geode/security/query/QuerySecurityUnauthorizedUserBindParameterDUnitTest.java b/geode-core/src/test/java/org/apache/geode/security/query/QuerySecurityUnauthorizedUserBindParameterDUnitTest.java
new file mode 100644
index 0000000..47647be
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/security/query/QuerySecurityUnauthorizedUserBindParameterDUnitTest.java
@@ -0,0 +1,76 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.geode.security.query;
+
+import java.util.HashSet;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
+
+import org.apache.geode.cache.Region;
+import org.apache.geode.cache.query.internal.index.DummyQRegion;
+import org.apache.geode.security.query.data.QueryTestObject;
+import org.apache.geode.test.junit.categories.DistributedTest;
+import org.apache.geode.test.junit.categories.SecurityTest;
+import org.apache.geode.test.junit.runners.CategoryWithParameterizedRunnerFactory;
+
+@Category({DistributedTest.class, SecurityTest.class})
+public class QuerySecurityUnauthorizedUserBindParameterDUnitTest extends QuerySecurityBase {
+
+  @Before
+  public void configureCache() {
+    String user = "dataReaderRegionKey";
+    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
+    createProxyRegion(specificUserClient, regionName);
+
+    keys = new Object[] {"key-0", "key-1"};
+    values = new Object[] {new QueryTestObject(1, "John"), new QueryTestObject(3, "Beth")};
+    putIntoRegion(superUserClient, keys, values, regionName);
+  }
+
+  @Test
+  public void userWithoutRegionAccessAndPassingInWrappedBindParameterShouldThrowException() {
+    String query = "select v from $1 r, r.values() v";
+    String regexForExpectedException = ".*DATA:READ.*";
+    specificUserClient.invoke(() -> {
+      Region region = getClientCache().getRegion(regionName);
+      HashSet hashset = new HashSet();
+      hashset.add(region);
+      assertExceptionOccurred(getClientCache().getQueryService(), query, new Object[] {hashset},
+          regexForExpectedException);
+    });
+  }
+
+
+  // If DummyQRegion is ever serializable, then this test will fail and a security hole with query
+  // will have been opened
+  // That means a user could wrap a region in a dummy region and bypass the
+  // RestrictedMethodInvocationAuthorizer
+  @Test
+  public void userWithoutRegionAccessAndPassingInWrappedInDummyQRegionBindParameterShouldThrowSerializationException() {
+    String query = "select v from $1 r, r.values() v";
+    String regexForExpectedException = ".*failed serializing object.*";
+    specificUserClient.invoke(() -> {
+      Region region = getClientCache().getRegion(regionName);
+      HashSet hashset = new HashSet();
+      hashset.add(new DummyQRegion(region));
+      assertExceptionOccurred(getClientCache().getQueryService(), query, new Object[] {hashset},
+          regexForExpectedException);
+    });
+  }
+}
diff --git a/geode-core/src/test/java/org/apache/geode/security/query/UserPermissions.java b/geode-core/src/test/java/org/apache/geode/security/query/UserPermissions.java
index 4c44f33..bd87ae9 100644
--- a/geode-core/src/test/java/org/apache/geode/security/query/UserPermissions.java
+++ b/geode-core/src/test/java/org/apache/geode/security/query/UserPermissions.java
@@ -21,445 +21,26 @@ import java.util.Iterator;
 import java.util.List;
 import java.util.Set;
 
-import org.apache.geode.cache.query.internal.MethodInvocationAuthorizer;
+import org.apache.geode.cache.query.internal.RestrictedMethodInvocationAuthorizer;
 import org.apache.geode.security.ResourcePermission;
 import org.apache.geode.security.ResourcePermission.Operation;
 import org.apache.geode.security.ResourcePermission.Resource;
 import org.apache.geode.security.TestSecurityManager;
 
 public class UserPermissions {
-
-  // Must be the same as the region specified for the region specific users in the clientServer.json
-  public static final String REGION_NAME = "region";
-
-  public static List<String> RESTRICTED_METHOD_ACCESS_PERMISSIONS;
-  
-  public static final String SELECT_FROM_REGION_BY_FORMAT =
-      "select * from /" + REGION_NAME + " r where r.%s = %s";
-  public static final String SELECT_FORMAT_FROM_REGION = "select r.%s from /" + REGION_NAME + " r";
-  public static final String SELECT_COUNT_OF_FORMAT_FROM_REGION =
-      "select count(r.%s) from /" + REGION_NAME + " r";
-  public static final String SELECT_MAX_OF_FORMAT_FROM_REGION =
-      "select max(r.%s) from /" + REGION_NAME + " r";
-  public static final String SELECT_MIN_OF_FORMAT_FROM_REGION =
-      "select min(r.%s) from /" + REGION_NAME + " r";
-  public static final String SELECT_FROM_REGION_WHERE_FORMAT_IN_REGION_FORMAT = "select * from /"
-      + REGION_NAME + " r1 where r1.%1$s in (select r2.%1$s from /" + REGION_NAME + " r2)";
-  public static final String SELECT_FROM_REGION_FORMAT = "select * from /" + REGION_NAME + ".%s";
-  public static final String SELECT_FORMAT_FROM_REGION_ENTRYSET =
-      "select e.%s from /" + REGION_NAME + ".entrySet e";
-
-  public static final String SELECT_FROM_REGION_WITH_NUMERIC_METHOD =
-      "select * from /" + REGION_NAME + " r where r.%s > 0";
-  public static final String SELECT_NUMERIC_FROM_REGION_RESULTS =
-      "select r.%s from /" + REGION_NAME + " r";
-
-  // Regular ad hoc query
-  public static final String SELECT_ALL_FROM_REGION = "select * from /" + REGION_NAME;
-  // Testing public field getting
-  public static final String SELECT_FROM_REGION_BY_PUBLIC_FIELD =
-      String.format(SELECT_FROM_REGION_BY_FORMAT, "id", 1);
-  public static final String SELECT_PUBLIC_FIELD_FROM_REGION =
-      String.format(SELECT_FORMAT_FROM_REGION, "id");
-  public static final String SELECT_COUNT_OF_PUBLIC_FIELD_FROM_REGION =
-      String.format(SELECT_COUNT_OF_FORMAT_FROM_REGION, "id");
-  public static final String SELECT_MAX_OF_PUBLIC_FIELD_FROM_REGION =
-      String.format(SELECT_MAX_OF_FORMAT_FROM_REGION, "id");
-  public static final String SELECT_MIN_OF_PUBLIC_FIELD_FROM_REGION =
-      String.format(SELECT_MIN_OF_FORMAT_FROM_REGION, "id");
-  public static final String SELECT_FROM_REGION_WHERE_PUBLIC_FIELD_IN_REGION_PUBLIC_FIELDS =
-      String.format(SELECT_FROM_REGION_WHERE_FORMAT_IN_REGION_FORMAT, "id");
-
-  // Testing getter invocation
-  public static final String SELECT_FROM_REGION_BY_IMPLICIT_GETTER =
-      String.format(SELECT_FROM_REGION_BY_FORMAT, "name", "'Beth'");
-  public static final String SELECT_IMPLICIT_GETTER_FROM_REGION =
-      String.format(SELECT_FORMAT_FROM_REGION, "name");
-  public static final String SELECT_COUNT_OF_IMPLICIT_GETTER_FROM_REGION =
-      String.format(SELECT_COUNT_OF_FORMAT_FROM_REGION, "name");
-  public static final String SELECT_MAX_OF_IMPLICIT_GETTER_FROM_REGION =
-      String.format(SELECT_MAX_OF_FORMAT_FROM_REGION, "name");
-  public static final String SELECT_MIN_OF_IMPLICIT_GETTER_FROM_REGION =
-      String.format(SELECT_MIN_OF_FORMAT_FROM_REGION, "name");
-  public static final String SELECT_FROM_REGION1_WHERE_IMPLICIT_GETTER_IN_REGION2_IMPLICIT_GETTERS =
-      String.format(SELECT_FROM_REGION_WHERE_FORMAT_IN_REGION_FORMAT, "name");
-  public static final String SELECT_FROM_REGION_BY_DIRECT_GETTER =
-      String.format(SELECT_FROM_REGION_BY_FORMAT, "getName", "'Beth'");
-  public static final String SELECT_DIRECT_GETTER_FROM_REGION =
-      String.format(SELECT_FORMAT_FROM_REGION, "getName");
-  public static final String SELECT_COUNT_OF_DIRECT_GETTER_FROM_REGION =
-      String.format(SELECT_COUNT_OF_FORMAT_FROM_REGION, "getName");
-  public static final String SELECT_MAX_OF_DIRECT_GETTER_FROM_REGION =
-      String.format(SELECT_MAX_OF_FORMAT_FROM_REGION, "getName");
-  public static final String SELECT_MIN_OF_DIRECT_GETTER_FROM_REGION =
-      String.format(SELECT_MIN_OF_FORMAT_FROM_REGION, "getName");
-  public static final String SELECT_FROM_REGION_WHERE_DIRECT_GETTER_IN_REGION_DIRECT_GETTERS =
-      String.format(SELECT_FROM_REGION_WHERE_FORMAT_IN_REGION_FORMAT, "getName");
-
-  // Testing custom method invocation
-  public static final String SELECT_FROM_REGION_BY_DEPLOYED_METHOD =
-      String.format(SELECT_FROM_REGION_BY_FORMAT, "someMethod", "'John:1'");
-  public static final String SELECT_DEPLOYED_METHOD_FROM_REGION =
-      String.format(SELECT_FORMAT_FROM_REGION, "someMethod");
-  public static final String SELECT_COUNT_OF_DEPLOYED_METHOD_FROM_REGION =
-      String.format(SELECT_COUNT_OF_FORMAT_FROM_REGION, "someMethod");
-  public static final String SELECT_MAX_OF_DEPLOYED_METHOD_FROM_REGION =
-      String.format(SELECT_MAX_OF_FORMAT_FROM_REGION, "someMethod");
-  public static final String SELECT_MIN_OF_DEPLOYED_METHOD_FROM_REGION =
-      String.format(SELECT_MIN_OF_FORMAT_FROM_REGION, "someMethod");;
-  public static final String SELECT_FROM_REGION_WHERE_DEPLOYED_METHOD_IN_REGION_DEPLOYED_METHODS =
-      String.format(SELECT_FROM_REGION_WHERE_FORMAT_IN_REGION_FORMAT, "someMethod");
-
-  // Geode method invocation
-  public static final String SELECT_FROM_REGION_CONTAINS_KEY =
-      String.format(SELECT_FROM_REGION_FORMAT, "containsKey('key')");
-  public static final String SELECT_FROM_REGION_CONTAINS_VALUE =
-      String.format(SELECT_FROM_REGION_FORMAT, "containsValue(15)");
-  public static final String SELECT_FROM_REGION_CREATE =
-      String.format(SELECT_FROM_REGION_FORMAT, "create('key2', 15)");
-  public static final String SELECT_CREATE_FROM_REGION =
-      String.format(SELECT_FORMAT_FROM_REGION, "create('key2', 15)");
-  public static final String SELECT_FROM_REGION_DESTROY =
-      String.format(SELECT_FROM_REGION_FORMAT, "destroy('key')");
-  public static final String SELECT_FROM_REGION_DESTROY_REGION =
-      String.format(SELECT_FROM_REGION_FORMAT, "destroyRegion");
-  public static final String SELECT_DESTROY_REGION_FROM_REGION =
-      String.format(SELECT_FORMAT_FROM_REGION, "destroyRegion");
-  public static final String SELECT_FROM_REGION_DESTROY_REGION_PAREN =
-      String.format(SELECT_FROM_REGION_FORMAT, "destroyRegion()");
-  public static final String SELECT_DESTROY_REGION_PAREN_FROM_REGION =
-      String.format(SELECT_FORMAT_FROM_REGION, "destroyRegion()");
-  public static final String SELECT_FROM_REGION_GET =
-      String.format(SELECT_FROM_REGION_FORMAT, "get('key')");
-  public static final String SELECT_FROM_REGION_PUT =
-      String.format(SELECT_FROM_REGION_FORMAT, "put('key2', 20)");
-  public static final String SELECT_FROM_REGION_PUT_IF_ABSENT =
-      String.format(SELECT_FROM_REGION_FORMAT, "putIfAbsent('key2', 20)");
-  public static final String SELECT_FROM_REGION_REMOVE =
-      String.format(SELECT_FROM_REGION_FORMAT, "remove('key')");
-  public static final String SELECT_FROM_REGION_REPLACE =
-      String.format(SELECT_FROM_REGION_FORMAT, "replace('key', 25)");
-  public static final String SELECT_GET_INTEREST_LIST_REGEX_FROM_REGION =
-      String.format(SELECT_FORMAT_FROM_REGION, "getInterestListRegex");
-  public static final String SELECT_GET_INTEREST_LIST_REGEX_PAREN_FROM_REGION =
-      String.format(SELECT_FORMAT_FROM_REGION, "getInterestListRegex()");
-
-  // JDK method invocation
-  public static final String SELECT_ADD_FROM_REGION_ENTRYSET =
-      String.format(SELECT_FORMAT_FROM_REGION_ENTRYSET, "add('test')");
-  public static final String SELECT_REMOVE_FROM_REGION_ENTRYSET =
-      String.format(SELECT_FORMAT_FROM_REGION_ENTRYSET, "remove('key')");
-  public static final String SELECT_FROM_REGION_TO_DATE =
-      "SELECT * FROM /" + REGION_NAME + " where dateField = to_date('08/08/2018', 'MM/dd/yyyy')";
-
-  // JDK numeric methods
-  public static final String SELECT_INT_VALUE_FROM_REGION =
-      String.format(SELECT_NUMERIC_FROM_REGION_RESULTS, "id.intValue");
-  public static final String SELECT_LONG_VALUE_FROM_REGION =
-      String.format(SELECT_NUMERIC_FROM_REGION_RESULTS, "id.longValue");
-  public static final String SELECT_DOUBLE_VALUE_FROM_REGION =
-      String.format(SELECT_NUMERIC_FROM_REGION_RESULTS, "id.doubleValue");
-  public static final String SELECT_SHORT_VALUE_FROM_REGION =
-      String.format(SELECT_NUMERIC_FROM_REGION_RESULTS, "id.shortValue");
-
-  // Testing whitelisted methods
-  public static final String SELECT_FROM_REGION_ENTRYSET =
-      String.format(SELECT_FORMAT_FROM_REGION_ENTRYSET, "getKey, e.getValue");
-  public static final String SELECT_FROM_REGION_VALUES =
-      String.format(SELECT_FROM_REGION_FORMAT, "values");
-  public static final String SELECT_FROM_REGION_KEYSET =
-      String.format(SELECT_FROM_REGION_FORMAT, "keySet");
-  public static final String SELECT_FROM_REGION_ENTRIES =
-      "select e.getKey from /" + REGION_NAME + ".entries e";
-  public static final String SELECT_FROM_REGION_ENTRY_SET =
-      String.format(SELECT_FORMAT_FROM_REGION_ENTRYSET, "getKey");
-  public static final String SELECT_KEY_FROM_REGION_ENTRYSET =
-      String.format(SELECT_FORMAT_FROM_REGION_ENTRYSET, "key");
-  public static final String SELECT_GET_KEY_FROM_REGION_ENTRYSET =
-      String.format(SELECT_FORMAT_FROM_REGION_ENTRYSET, "getKey");
-  public static final String SELECT_VALUE_FROM_REGION_ENTRYSET =
-      String.format(SELECT_FORMAT_FROM_REGION_ENTRYSET, "value");
-  public static final String SELECT_GET_VALUE_FROM_REGION_ENTRYSET =
-      String.format(SELECT_FORMAT_FROM_REGION_ENTRYSET, "getValue");
-  public static final String SELECT_FROM_REGION_BY_TO_STRING =
-      String.format(SELECT_FROM_REGION_BY_FORMAT, "toString", "'Test_Object'");
-  public static final String SELECT_TO_STRING_FROM_REGION =
-      String.format(SELECT_FORMAT_FROM_REGION, "toString");
-  public static final String SELECT_FROM_REGION_BY_TO_STRING_TO_UPPER_CASE =
-      String.format(SELECT_FROM_REGION_BY_FORMAT, "toString.toUpperCase", "'TEST_OBJECT'");
-  public static final String SELECT_FROM_REGION_BY_TO_STRING_TO_LOWER_CASE =
-      String.format(SELECT_FROM_REGION_BY_FORMAT, "toString.toLowerCase", "'test_object'");
-
-  // Testing blocked methods
-  public static final String SELECT_FROM_REGION_BY_GET_CLASS =
-      String.format(SELECT_FROM_REGION_BY_FORMAT, "getClass", "'org.apache'");
-  public static final String SELECT_FROM_REGION_BY_GET_CLASS_PAREN =
-      String.format(SELECT_FROM_REGION_BY_FORMAT, "getClass()", "'org.apache'");
-  public static final String SELECT_GET_CLASS_FROM_REGION =
-      String.format(SELECT_FORMAT_FROM_REGION, "getClass");
-  public static final String SELECT_GET_CLASS_PAREN_FROM_REGION =
-      String.format(SELECT_FORMAT_FROM_REGION, "getClass()");
-  public static final String SELECT_FROM_REGION_BY_CLASS =
-      String.format(SELECT_FROM_REGION_BY_FORMAT, "class", "'org.apache'");
-  public static final String SELECT_CLASS_FROM_REGION =
-      String.format(SELECT_FORMAT_FROM_REGION, "class");
-  public static final String SELECT_FROM_REGION_BY_CAPITAL_CLASS =
-      String.format(SELECT_FROM_REGION_BY_FORMAT, "Class", "'org.apache'");
-  public static final String SELECT_CAPITAL_CLASS_FROM_REGION =
-      String.format(SELECT_FORMAT_FROM_REGION, "Class");
-  public static final String SELECT_FROM_REGION_GET_CLASS =
-      String.format(SELECT_FROM_REGION_FORMAT, "getClass");
-  public static final String SELECT_FROM_REGION_GET_CLASS_PAREN =
-      String.format(SELECT_FROM_REGION_FORMAT, "getClass()");
-  public static final String SELECT_FROM_REGION_CLASS =
-      String.format(SELECT_FROM_REGION_FORMAT, "class");
-  public static final String SELECT_FROM_REGION_CAPITAL_CLASS =
-      String.format(SELECT_FROM_REGION_FORMAT, "Class");
-  public static final String SELECT_FROM_REGION_CLONE =
-      String.format(SELECT_FROM_REGION_FORMAT, "clone");
-  public static final String SELECT_FROM_REGION_WAIT =
-      String.format(SELECT_FROM_REGION_FORMAT, "wait");
-  public static final String SELECT_CLONE_FROM_REGION =
-      String.format(SELECT_FORMAT_FROM_REGION, "clone");
-  public static final String SELECT_WAIT_FROM_REGION =
-      String.format(SELECT_FORMAT_FROM_REGION, "wait");
-
-
   private TestSecurityManager manager = new TestSecurityManager();
   public HashMap<String, List<String>> queryPermissions;
 
-  public UserPermissions(String requiredSecurityTag) {
-    this(Arrays.asList(requiredSecurityTag));
-  }
-
-  public UserPermissions(List<String> requiredSecurityTags) {
+  public UserPermissions() {
     if (!manager.initializeFromJsonResource(
         "org/apache/geode/management/internal/security/clientServer.json"))
       throw new RuntimeException(
           "Something bad happened while trying to load the TestSecurityManager with the org/apache/geode/management/internal/security/clientServer.json");
-    queryPermissions = initQueryPermissions(requiredSecurityTags);
-  }
-
-  public ResourcePermission createResourcePermissionFromString(String perm) {
-    String[] permParts = perm.split(":");
-
-    Resource res = Resource.valueOf(permParts[0]);
-    Operation op = Operation.valueOf(permParts[1]);
-    if (permParts.length == 2)
-      return new ResourcePermission(res, op);
-    else {
-      String target = permParts[3];
-      if (permParts.length == 3)
-        return new ResourcePermission(res, op, target);
-      else {
-        String targetKey = permParts[4];
-        return new ResourcePermission(res, op, target, targetKey);
-      }
-    }
   }
 
-  public List<ResourcePermission> createResourcePermissionListFromStrings(String... perms) {
-    List<ResourcePermission> resPerms = new ArrayList<>();
-    for (String perm : perms) {
-      resPerms.add(createResourcePermissionFromString(perm));
-    }
-    return resPerms;
-  }
-
-  public HashMap<String, List<String>> initQueryPermissions(List<String> requiredSecurityTags) {
-    HashMap<String, List<String>> perms = new HashMap<>();
-
-    String securityString = "";
-    Iterator<String> iterator = requiredSecurityTags.iterator();
-    while (iterator.hasNext()) {
-      securityString += "(.*" + iterator.next();
-      if (iterator.hasNext()) {
-        securityString += ".*)|";
-      }
-    }
-
-    RESTRICTED_METHOD_ACCESS_PERMISSIONS = Arrays.asList(
-        MethodInvocationAuthorizer.UNAUTHORIZED_STRING + ".*)|" + securityString);
-    perms.put(SELECT_ALL_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-
-    // Public field access
-    perms.put(SELECT_FROM_REGION_BY_PUBLIC_FIELD, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-    perms.put(SELECT_PUBLIC_FIELD_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-    perms.put(SELECT_COUNT_OF_PUBLIC_FIELD_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-    perms.put(SELECT_MAX_OF_PUBLIC_FIELD_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-    perms.put(SELECT_MIN_OF_PUBLIC_FIELD_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-    perms.put(SELECT_FROM_REGION_WHERE_PUBLIC_FIELD_IN_REGION_PUBLIC_FIELDS,
-        RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-
-    // Getter access
-    perms.put(SELECT_FROM_REGION_BY_IMPLICIT_GETTER, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-    perms.put(SELECT_IMPLICIT_GETTER_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-    perms.put(SELECT_COUNT_OF_IMPLICIT_GETTER_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-    perms.put(SELECT_MAX_OF_IMPLICIT_GETTER_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-    perms.put(SELECT_MIN_OF_IMPLICIT_GETTER_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-    perms.put(SELECT_FROM_REGION1_WHERE_IMPLICIT_GETTER_IN_REGION2_IMPLICIT_GETTERS,
-        RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-    perms.put(SELECT_FROM_REGION_BY_DIRECT_GETTER, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-    perms.put(SELECT_DIRECT_GETTER_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-    perms.put(SELECT_COUNT_OF_DIRECT_GETTER_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-    perms.put(SELECT_MAX_OF_DIRECT_GETTER_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-    perms.put(SELECT_MIN_OF_DIRECT_GETTER_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-    perms.put(SELECT_FROM_REGION_WHERE_DIRECT_GETTER_IN_REGION_DIRECT_GETTERS,
-        RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-
-    // Deployed Methods
-    perms.put(SELECT_FROM_REGION_BY_DEPLOYED_METHOD, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-    perms.put(SELECT_DEPLOYED_METHOD_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-    perms.put(SELECT_COUNT_OF_DEPLOYED_METHOD_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-    perms.put(SELECT_MAX_OF_DEPLOYED_METHOD_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-    perms.put(SELECT_MIN_OF_DEPLOYED_METHOD_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-    perms.put(SELECT_FROM_REGION_WHERE_DEPLOYED_METHOD_IN_REGION_DEPLOYED_METHODS,
-        RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-
-    // Gemfire Methods
-    perms.put(SELECT_FROM_REGION_CONTAINS_KEY, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-    perms.put(SELECT_FROM_REGION_CONTAINS_VALUE, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-    perms.put(SELECT_FROM_REGION_CREATE, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-    perms.put(SELECT_CREATE_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-    perms.put(SELECT_FROM_REGION_DESTROY, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-    perms.put(SELECT_FROM_REGION_DESTROY_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-    perms.put(SELECT_DESTROY_REGION_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-    perms.put(SELECT_FROM_REGION_DESTROY_REGION_PAREN, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-    perms.put(SELECT_DESTROY_REGION_PAREN_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-    perms.put(SELECT_FROM_REGION_GET, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-    perms.put(SELECT_FROM_REGION_PUT, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-    perms.put(SELECT_FROM_REGION_PUT_IF_ABSENT, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-    perms.put(SELECT_FROM_REGION_REMOVE, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-    perms.put(SELECT_FROM_REGION_REPLACE, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-    perms.put(SELECT_GET_INTEREST_LIST_REGEX_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-    perms.put(SELECT_GET_INTEREST_LIST_REGEX_PAREN_FROM_REGION,
-        RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-
-    // JDK Methods
-    perms.put(SELECT_ADD_FROM_REGION_ENTRYSET, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-    perms.put(SELECT_REMOVE_FROM_REGION_ENTRYSET, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-    perms.put(SELECT_FROM_REGION_TO_DATE, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-
-    // Numeric Methods
-    perms.put(SELECT_INT_VALUE_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-    perms.put(SELECT_LONG_VALUE_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-    perms.put(SELECT_DOUBLE_VALUE_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-    perms.put(SELECT_SHORT_VALUE_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-
-    // Whitelisted Methods
-    perms.put(SELECT_FROM_REGION_ENTRYSET, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-    perms.put(SELECT_FROM_REGION_VALUES, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-    perms.put(SELECT_FROM_REGION_KEYSET, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-    perms.put(SELECT_FROM_REGION_ENTRIES, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-    perms.put(SELECT_FROM_REGION_ENTRY_SET, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-    perms.put(SELECT_KEY_FROM_REGION_ENTRYSET, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-    perms.put(SELECT_GET_KEY_FROM_REGION_ENTRYSET, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-    perms.put(SELECT_VALUE_FROM_REGION_ENTRYSET, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-    perms.put(SELECT_GET_VALUE_FROM_REGION_ENTRYSET, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-    perms.put(SELECT_FROM_REGION_BY_TO_STRING, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-    perms.put(SELECT_TO_STRING_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-    perms.put(SELECT_FROM_REGION_BY_TO_STRING_TO_UPPER_CASE, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-    perms.put(SELECT_FROM_REGION_BY_TO_STRING_TO_LOWER_CASE, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-
-    // Blacklisted Methods
-    perms.put(SELECT_FROM_REGION_BY_GET_CLASS, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-    perms.put(SELECT_FROM_REGION_BY_GET_CLASS_PAREN, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-    perms.put(SELECT_GET_CLASS_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-    perms.put(SELECT_GET_CLASS_PAREN_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-    perms.put(SELECT_FROM_REGION_BY_CLASS, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-    perms.put(SELECT_CLASS_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-    perms.put(SELECT_FROM_REGION_BY_CAPITAL_CLASS, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-    perms.put(SELECT_CAPITAL_CLASS_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-    perms.put(SELECT_FROM_REGION_GET_CLASS, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-    perms.put(SELECT_FROM_REGION_GET_CLASS_PAREN, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-    perms.put(SELECT_FROM_REGION_CLASS, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-    perms.put(SELECT_FROM_REGION_CAPITAL_CLASS, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-    perms.put(SELECT_FROM_REGION_CLONE, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-    perms.put(SELECT_FROM_REGION_WAIT, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-    perms.put(SELECT_CLONE_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-    perms.put(SELECT_WAIT_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-
-    return perms;
-  }
-
-  public static List<String> getAllUsers() {
-    return Arrays.asList("stranger", "dataReader", "dataReaderRegion", "dataReaderRegionKey",
-        "clusterManager", "clusterManagerQuery", "clusterManagerDataReader",
-        "clusterManagerDataReaderRegion", "clusterManagerDataReaderRegionKey", "super-user"); // Includes
-                                                                                              // all
-                                                                                              // cluster
-                                                                                              // permissions
-                                                                                              // (READ,
-                                                                                              // WRITE,
-                                                                                              // MANAGE)
-                                                                                              // as
-                                                                                              // well
-                                                                                              // as
-                                                                                              // all
-                                                                                              // data
-                                                                                              // privileges
-                                                                                              // (READ,
-                                                                                              // WRITE,
-                                                                                              // MANAGE)
-  }
-
-  private List<String> getUserResourcePermissions(String user) {
-    List<String> userPerms = new ArrayList<>();
-    Set<TestSecurityManager.Role> userRoles = manager.getUser(user).getRoles();
-
-    for (TestSecurityManager.Role role : userRoles) {
-      for (ResourcePermission perm : role.getPermissions()) {
-        userPerms.add(perm.toString());
-      }
-    }
-    return userPerms;
-  }
-
-  public List<String> getMissingUserAuthorizationsForQuery(String user, String query) {
-    List<String> foundPerms = new ArrayList<>();
-    List<String> userPerms = getUserResourcePermissions(user);
-    List<String> reqPerms = queryPermissions.get(query);
-
-    System.out.println("userPerms: " + userPerms);
-    System.out.println("reqPerms: " + reqPerms);
-
-    for (String reqPerm : reqPerms) {
-      for (String userPerm : userPerms) {
-        if (userPerm.equals(reqPerm)) {
-          foundPerms.add(reqPerm);
-        } else {
-          String[] reqPermParts = reqPerm.split(":");
-          String[] userPermParts = userPerm.split(":");
-          if (reqPermParts.length > userPermParts.length) {
-            boolean hasGenericPerm = true;
-            for (int i = 0; i < userPermParts.length; i++) {
-              if (!reqPermParts[i].equals(userPermParts[i])) {
-                hasGenericPerm = false;
-                break;
-              }
-            }
-
-            if (hasGenericPerm) {
-              foundPerms.add(reqPerm);
-            }
-          }
-        }
-      }
-    }
-
-    List<String> missingPerms = new ArrayList<>(reqPerms);
-    missingPerms.removeAll(foundPerms);
-    System.out.println("Missing perms: " + missingPerms);
-    return missingPerms;
-  }
 
   public String getUserPassword(String user) {
     return manager.getUser(user).getPassword();
   }
 
-  public String regexForExpectedException(List<String> expectedExceptionMessages) {
-    String authErrorRegexp = "(.*" + String.join(".*)|(.*", expectedExceptionMessages) + ".*)";
-    return authErrorRegexp;
-  }
-
 }
diff --git a/geode-core/src/test/java/org/apache/geode/security/query/data/PdxQueryTestObject.java b/geode-core/src/test/java/org/apache/geode/security/query/data/PdxQueryTestObject.java
new file mode 100644
index 0000000..e2c2ff4
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/security/query/data/PdxQueryTestObject.java
@@ -0,0 +1,73 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.geode.security.query.data;
+
+import java.io.Serializable;
+
+import org.apache.geode.pdx.PdxReader;
+import org.apache.geode.pdx.PdxSerializable;
+import org.apache.geode.pdx.PdxWriter;
+
+public class PdxQueryTestObject
+    implements PdxSerializable, Serializable /* just to pass around in test code */ {
+  public int id = -1;
+  private String name;
+  private int age = 1;
+
+  private boolean shouldThrowException = true;
+
+
+  public PdxQueryTestObject() {
+
+  }
+
+  public PdxQueryTestObject(int id, String name) {
+    this.id = id;
+    this.name = name;
+  }
+
+  public String getName() {
+    return name;
+  }
+
+  @Override
+  public String toString() {
+    return "Test_Object";
+  }
+
+  public int getAge() {
+    return age;
+  }
+
+  @Override
+  public void toData(PdxWriter writer) {
+    writer.writeInt("id", id);
+    writer.writeString("getName", name);
+  }
+
+  @Override
+  public void fromData(PdxReader reader) {
+    id = reader.readInt("id");
+    name = reader.readString("getName");
+  }
+
+  public boolean equals(Object o) {
+    if (o instanceof PdxQueryTestObject) {
+      PdxQueryTestObject other = (PdxQueryTestObject) o;
+      return other.id == this.id && other.name.equals(this.name);
+    }
+    return false;
+  }
+}
diff --git a/geode-core/src/test/java/org/apache/geode/security/query/data/QueryTestObject.java b/geode-core/src/test/java/org/apache/geode/security/query/data/QueryTestObject.java
new file mode 100644
index 0000000..70b535d
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/security/query/data/QueryTestObject.java
@@ -0,0 +1,65 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.geode.security.query.data;
+
+import java.io.Serializable;
+import java.text.ParseException;
+import java.text.SimpleDateFormat;
+import java.util.Date;
+
+public class QueryTestObject implements Serializable {
+  public int id = -1;
+
+  private String name;
+
+  public Date dateField;
+
+  public QueryTestObject(int id, String name) {
+    this.id = id;
+    this.name = name;
+  }
+
+  public int getId() {
+    return id;
+  }
+
+  public String getName() {
+    return name;
+  }
+
+  public String someMethod() {
+    return name + ":" + id;
+  }
+
+  public void setDateField(String dateString) {
+    try {
+      SimpleDateFormat sdf = new SimpleDateFormat("MM/dd/yyyy");
+      dateField = sdf.parse(dateString);
+    } catch (ParseException e) {
+
+    }
+  }
+
+  @Override
+  public String toString() {
+    return "Test_Object";
+  }
+
+  @Override
+  public boolean equals(Object obj) {
+    QueryTestObject qto = (QueryTestObject) obj;
+    return (this.id == qto.id && this.name.equals(qto.getName()));
+  }
+}
diff --git a/geode-cq/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/CloseCQ.java b/geode-cq/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/CloseCQ.java
index 17ee0e2..0140aa1 100644
--- a/geode-cq/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/CloseCQ.java
+++ b/geode-cq/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/CloseCQ.java
@@ -100,6 +100,7 @@ public class CloseCQ extends BaseCQCommand {
             cqRegionNames.add(cqQuery.getRegionName());
             authzRequest.closeCQAuthorize(cqName, queryStr, cqRegionNames);
           }
+          
         }
 
         cqService.closeCq(cqName, id);
diff --git a/geode-cq/src/test/java/org/apache/geode/cache/query/cq/dunit/CqSecurityAuthorizedUserDUnitTest.java b/geode-cq/src/test/java/org/apache/geode/cache/query/cq/dunit/CqSecurityAuthorizedUserDUnitTest.java
new file mode 100644
index 0000000..298a273
--- /dev/null
+++ b/geode-cq/src/test/java/org/apache/geode/cache/query/cq/dunit/CqSecurityAuthorizedUserDUnitTest.java
@@ -0,0 +1,267 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.geode.cache.query.cq.dunit;
+
+import static org.apache.geode.internal.Assert.assertTrue;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.fail;
+import static org.junit.Assume.assumeTrue;
+
+import java.util.List;
+import java.util.concurrent.TimeUnit;
+
+import junitparams.Parameters;
+import org.awaitility.Awaitility;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
+
+import org.apache.geode.cache.query.CqAttributesFactory;
+import org.apache.geode.cache.query.CqEvent;
+import org.apache.geode.cache.query.CqException;
+import org.apache.geode.cache.query.CqListener;
+import org.apache.geode.cache.query.CqQuery;
+import org.apache.geode.cache.query.QueryService;
+import org.apache.geode.cache.query.RegionNotFoundException;
+import org.apache.geode.security.query.QuerySecurityBase;
+import org.apache.geode.security.query.data.QueryTestObject;
+import org.apache.geode.test.junit.categories.DistributedTest;
+import org.apache.geode.test.junit.categories.SecurityTest;
+import org.apache.geode.test.junit.runners.CategoryWithParameterizedRunnerFactory;
+
+@Category({DistributedTest.class, SecurityTest.class})
+@RunWith(Parameterized.class)
+@Parameterized.UseParametersRunnerFactory(CategoryWithParameterizedRunnerFactory.class)
+public class CqSecurityAuthorizedUserDUnitTest extends QuerySecurityBase {
+
+  @Parameterized.Parameters
+  public static Object[] usersAllowed() {
+    return new Object[] {"dataReader", "dataReaderRegion", "clusterManagerDataReader",
+        "clusterManagerDataReaderRegion", "super-user"};
+  }
+
+  @Parameterized.Parameter
+  public String user;
+
+  @Before
+  public void configureSpecificClientAndKeyAndValues() {
+    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
+    createProxyRegion(specificUserClient, regionName);
+
+    keys = new Object[] {"key-0"};
+    values = new Object[] {new QueryTestObject(0, "John")};
+  }
+
+  // Variables that need to be shared across invoke calls.
+  protected static CqSecurityTestCqListener cqListener = null;
+
+  private String regexForExpectedExceptions = ".*Unauthorized access.*";
+
+  @Test
+  public void cqExecuteNoMethodInvocationWithUsersWithCqPermissionsWithPrepopulatedRegionShouldBeAllowed()
+      throws Exception {
+    putIntoRegion(superUserClient, keys, values, regionName);
+    String query = "select * from /" + regionName + " r where r.id = 0";
+    specificUserClient.invoke(() -> {
+      QueryService queryService = getClientCache().getQueryService();
+      CqSecurityTestCqListener cqListener = new CqSecurityTestCqListener();
+      CqSecurityAuthorizedUserDUnitTest.cqListener = cqListener;
+      CqQuery cq = createCq(queryService, query, cqListener);
+      cq.execute();
+    });
+
+    putIntoRegion(superUserClient, keys, new Object[] {new QueryTestObject(0, "Bethany")},
+        regionName);
+
+    specificUserClient.invoke(() -> {
+      Awaitility.await().atMost(30, TimeUnit.SECONDS)
+          .until(() -> assertEquals(1, cqListener.getNumEvent()));
+    });
+  }
+
+  @Test
+  public void cqExecuteWithMethodInvocationWithUsersWithCqPermissionsWithPrepopulatedRegionIsGettingExceptionInReplicatedRegion()
+      throws Exception {
+    putIntoRegion(superUserClient, keys, values, regionName);
+    String query = "select * from /" + regionName + " r where r.name = 'Beth'";
+    specificUserClient.invoke(() -> {
+      QueryService queryService = getClientCache().getQueryService();
+      CqSecurityTestCqListener cqListener = new CqSecurityTestCqListener();
+      CqSecurityAuthorizedUserDUnitTest.cqListener = cqListener;
+      CqQuery cq = createCq(queryService, query, cqListener);
+      executeCqButExpectException(cq, user, regexForExpectedExceptions);
+    });
+  }
+
+  @Test
+  public void cqExecuteWithInitialResultsWithMethodInvocationWithUsersWithCqPermissionsWithPrepopulatedRegionShouldBeDeniedBecauseOfInvocation()
+      throws Exception {
+    putIntoRegion(superUserClient, keys, values, regionName);
+    String query = "select * from /" + regionName + " r where r.name = 'Beth'";
+
+    specificUserClient.invoke(() -> {
+      QueryService queryService = getClientCache().getQueryService();
+      CqSecurityTestCqListener cqListener = new CqSecurityTestCqListener();
+      CqSecurityAuthorizedUserDUnitTest.cqListener = cqListener;
+      CqQuery cq = createCq(queryService, query, cqListener);
+      executeCqWithInitialResultsButExpectException(cq, user, regexForExpectedExceptions);
+    });
+  }
+
+
+  @Test
+  public void cqExecuteWithInitialResultsWithMethodInvocationWithUnpopulatedRegionAndFollowedByAPutShouldTriggerCqError()
+      throws Exception {
+    String query = "select * from /" + regionName + " r where r.name = 'Beth'";
+
+    specificUserClient.invoke(() -> {
+      QueryService queryService = getClientCache().getQueryService();
+      CqSecurityTestCqListener cqListener = new CqSecurityTestCqListener();
+      CqSecurityAuthorizedUserDUnitTest.cqListener = cqListener;
+      CqQuery cq = createCq(queryService, query, cqListener);
+      cq.executeWithInitialResults();
+    });
+
+    Object[] keys = {"key-0"};
+    Object[] values = {new QueryTestObject(1, "Mary")};
+    putIntoRegion(superUserClient, keys, values, regionName);
+
+    specificUserClient.invoke(() -> {
+      Awaitility.await().atMost(30, TimeUnit.SECONDS)
+          .until(() -> assertEquals(1, cqListener.getNumErrors()));
+    });
+  }
+
+  @Test
+  public void cqExecuteWithMethodInvocationWithUnpopulatedRegionAndFollowedByAPutShouldTriggerCqError()
+      throws Exception {
+    String query = "select * from /" + regionName + " r where r.name = 'Beth'";;
+
+    specificUserClient.invoke(() -> {
+      QueryService queryService = getClientCache().getQueryService();
+      CqSecurityTestCqListener cqListener = new CqSecurityTestCqListener();
+      CqSecurityAuthorizedUserDUnitTest.cqListener = cqListener;
+      CqQuery cq = createCq(queryService, query, cqListener);
+      cq.execute();
+    });
+
+    Object[] keys = {"key-0"};
+    Object[] values = {new QueryTestObject(1, "Mary")};
+    putIntoRegion(superUserClient, keys, values, regionName);
+
+    specificUserClient.invoke(() -> {
+      Awaitility.await().atMost(30, TimeUnit.SECONDS)
+          .until(() -> assertEquals(1, cqListener.getNumErrors()));
+    });
+  }
+
+  @Test
+  public void cqCanBeClosedByTheCreator() throws Exception {
+    String query = "select * from /" + regionName + " r where r.id = 0";
+
+    specificUserClient.invoke(() -> {
+      QueryService queryService = getClientCache().getQueryService();
+      CqSecurityTestCqListener cqListener = new CqSecurityTestCqListener();
+      CqSecurityAuthorizedUserDUnitTest.cqListener = cqListener;
+      CqQuery cq = createCq(queryService, query, cqListener);
+      cq.execute();
+      cq.close();
+      assertTrue(cq.isClosed());
+    });
+    assertEquals(0, server.getCache().getCqService().getAllCqs().size());
+  }
+
+
+  protected CqQuery createCq(QueryService queryService, String query, CqListener cqListener)
+      throws CqException {
+    CqAttributesFactory cqaf = new CqAttributesFactory();
+    cqaf.addCqListener(cqListener);
+    CqQuery cq = queryService.newCq(query, cqaf.create());
+    return cq;
+  }
+
+  protected void executeCqButExpectException(CqQuery cq, String user,
+      String regexForExpectedException) {
+    try {
+      cq.execute();
+      fail("Expected an exception when executing cq:" + cq.getQueryString() + " with user:" + user);
+    } catch (RegionNotFoundException | CqException e) {
+      if (!e.getMessage().matches(regexForExpectedException)) {
+        Throwable cause = e.getCause();
+        while (cause != null) {
+          if (cause.getMessage().matches(regexForExpectedException)) {
+            return;
+          }
+          cause = cause.getCause();
+        }
+        e.printStackTrace();
+        fail("Exception thrown did not match:" + regexForExpectedException + ".  Instead was:" + e);
+      }
+    }
+  }
+
+  private void executeCqWithInitialResultsButExpectException(CqQuery cq, String user,
+      String regexForExpectedException) {
+    try {
+      cq.executeWithInitialResults();
+      fail("Expected an exception when executing cq:" + cq + " with user:" + user);
+    } catch (RegionNotFoundException | CqException e) {
+      e.printStackTrace();
+      if (!e.getMessage().matches(regexForExpectedException)) {
+        Throwable cause = e.getCause();
+        while (cause != null) {
+          if (cause.getMessage() != null && cause.getMessage().matches(regexForExpectedException)) {
+            return;
+          }
+          cause = cause.getCause();
+        }
+        e.printStackTrace();
+        fail("Exception thrown did not match:" + regexForExpectedException + ".  Instead was:" + e);
+      }
+    }
+
+  }
+
+  public class CqSecurityTestCqListener implements CqListener {
+
+    private int numEvents = 0;
+    private int numErrors = 0;
+
+    @Override
+    public void onEvent(CqEvent aCqEvent) {
+      numEvents++;
+    }
+
+    @Override
+    public void onError(CqEvent aCqEvent) {
+      numErrors++;
+    }
+
+    public int getNumEvent() {
+      return numEvents;
+    }
+
+    public int getNumErrors() {
+      return numErrors;
+    }
+
+    @Override
+    public void close() {
+
+    }
+  }
+}
diff --git a/geode-cq/src/test/java/org/apache/geode/cache/query/cq/dunit/CqSecurityDUnitTest.java b/geode-cq/src/test/java/org/apache/geode/cache/query/cq/dunit/CqSecurityDUnitTest.java
deleted file mode 100644
index d2bc8ec..0000000
--- a/geode-cq/src/test/java/org/apache/geode/cache/query/cq/dunit/CqSecurityDUnitTest.java
+++ /dev/null
@@ -1,424 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
- * agreements. See the NOTICE file distributed with this work for additional information regarding
- * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance with the License. You may obtain a
- * copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software distributed under the License
- * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
- * or implied. See the License for the specific language governing permissions and limitations under
- * the License.
- */
-package org.apache.geode.cache.query.cq.dunit;
-
-import static org.apache.geode.internal.Assert.assertTrue;
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.fail;
-
-import java.util.Arrays;
-import java.util.List;
-import java.util.concurrent.TimeUnit;
-
-import junitparams.JUnitParamsRunner;
-import junitparams.Parameters;
-import org.awaitility.Awaitility;
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-import org.junit.runner.RunWith;
-
-import org.apache.geode.cache.query.CqAttributesFactory;
-import org.apache.geode.cache.query.CqEvent;
-import org.apache.geode.cache.query.CqException;
-import org.apache.geode.cache.query.CqListener;
-import org.apache.geode.cache.query.CqQuery;
-import org.apache.geode.cache.query.QueryService;
-import org.apache.geode.cache.query.RegionNotFoundException;
-import org.apache.geode.security.query.QuerySecurityBase;
-import org.apache.geode.security.query.QuerySecurityDUnitTest;
-import org.apache.geode.security.query.UserPermissions;
-import org.apache.geode.test.junit.categories.DistributedTest;
-import org.apache.geode.test.junit.categories.SecurityTest;
-
-@Category({DistributedTest.class, SecurityTest.class})
-@RunWith(JUnitParamsRunner.class)
-public class CqSecurityDUnitTest extends QuerySecurityBase {
-
-  protected UserPermissions configurePermissions() {
-    return new UserPermissions(Arrays.asList("DATA:READ"));
-  }
-
-  // Variables that need to be shared across invoke calls.
-  protected static CqSecurityTestCqListener cqListener = null;
-
-  // Should be the same as the key specified for the region key specific users in the
-  // clientServer.json
-  public static final String REGION_PUT_KEY = "key";
-
-  public List<String> getAllUsersThatCannotInvokeCq() {
-    return Arrays.asList("stranger", "dataReaderRegionKey", "clusterManagerQuery", "clusterManagerDataReaderRegionKey");
-  }
-
-  public List<String> getAllUsersThatCanInvokeCq() {
-    return Arrays.asList(
-        "dataReader", "dataReaderRegion", "clusterManagerDataReader", "clusterManagerDataReaderRegion", "super-user");
-  }
-
-
-  public List<String> getAllUsersOnlyAllowedWrite() {
-    return Arrays.asList(
-        "dataWriter");
-  }
-
-
-  @Test
-  @Parameters(method = "getAllUsersThatCanInvokeCq")
-  public void cqExecuteNoMethodInvocationWithUsersWithCqPermissionsWithPrepopulatedRegionShouldBeAllowed(
-      String user) throws Exception {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    Object[] keys = {REGION_PUT_KEY};
-    Object[] values = {new QuerySecurityDUnitTest.QueryTestObject(1, "Mary")};
-    putIntoRegion(superUserClient, keys, values, UserPermissions.REGION_NAME);
-
-    String query = UserPermissions.SELECT_FROM_REGION_BY_PUBLIC_FIELD;
-    List<String> expectedExceptionMessages =
-        userPerms.getMissingUserAuthorizationsForQuery(user, query);
-
-    specificUserClient.invoke(() -> {
-      QueryService queryService = getClientCache().getQueryService();
-      CqSecurityTestCqListener cqListener = new CqSecurityTestCqListener();
-      CqSecurityDUnitTest.cqListener = cqListener;
-      CqQuery cq = createCq(queryService, query, cqListener);
-      cq.execute();
-    });
-
-    putIntoRegion(superUserClient, keys, values, UserPermissions.REGION_NAME);
-
-    specificUserClient.invoke(() -> {
-      Awaitility.await().atMost(30, TimeUnit.SECONDS)
-          .until(() -> assertEquals(1, cqListener.getNumEvent()));
-    });
-  }
-
-  @Test
-  @Parameters(method = "getAllUsersThatCannotInvokeCq")
-  public void cqExecuteNoMethodInvocationWithUsersWithoutCqPermissionsWithPrepopulatedRegionShouldThrowSecurityException(
-      String user) throws Exception {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    Object[] keys = {REGION_PUT_KEY};
-    Object[] values = {new QuerySecurityDUnitTest.QueryTestObject(1, "Mary")};
-    putIntoRegion(superUserClient, keys, values, UserPermissions.REGION_NAME);
-
-    String query = UserPermissions.SELECT_FROM_REGION_BY_PUBLIC_FIELD;
-    List<String> expectedExceptionMessages =
-        userPerms.getMissingUserAuthorizationsForQuery(user, query);
-
-    String regexForExpectedExceptions = userPerms.regexForExpectedException(expectedExceptionMessages);
-
-    specificUserClient.invoke(() -> {
-      QueryService queryService = getClientCache().getQueryService();
-      CqSecurityTestCqListener cqListener = new CqSecurityTestCqListener();
-      CqSecurityDUnitTest.cqListener = cqListener;
-      CqQuery cq = createCq(queryService, query, cqListener);
-      executeCqButExpectException(cq, user, regexForExpectedExceptions);
-    });
-  }
-
-  @Test
-  @Parameters(method = "getAllUsers")
-  public void cqExecuteWithMethodInvocationWithUsersWithCqPermissionsWithPrepopulatedRegionIsGettingExceptionInReplicatedRegion(
-      String user) throws Exception {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    Object[] keys = {REGION_PUT_KEY};
-    Object[] values = {new QuerySecurityDUnitTest.QueryTestObject(1, "Mary")};
-    putIntoRegion(superUserClient, keys, values, UserPermissions.REGION_NAME);
-
-    String query = UserPermissions.SELECT_FROM_REGION_BY_IMPLICIT_GETTER;
-    List<String> expectedExceptionMessages =
-        userPerms.getMissingUserAuthorizationsForQuery(user, query);
-    String regexForExpectedExceptions = userPerms.regexForExpectedException(expectedExceptionMessages);
-
-    specificUserClient.invoke(() -> {
-      QueryService queryService = getClientCache().getQueryService();
-      CqSecurityTestCqListener cqListener = new CqSecurityTestCqListener();
-      CqSecurityDUnitTest.cqListener = cqListener;
-      CqQuery cq = createCq(queryService, query, cqListener);
-      executeCqButExpectException(cq, user, regexForExpectedExceptions);
-    });
-  }
-
-  @Test
-  @Parameters(method = "getAllUsers")
-  public void cqExecuteWithInitialResultsWithMethodInvocationWithUsersWithCqPermissionsWithPrepopulatedRegionShouldBeDeniedBecauseOfInvocation(
-      String user) throws Exception {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    Object[] keys = {REGION_PUT_KEY};
-    Object[] values = {new QuerySecurityDUnitTest.QueryTestObject(1, "Mary")};
-    putIntoRegion(superUserClient, keys, values, UserPermissions.REGION_NAME);
-
-    String query = UserPermissions.SELECT_FROM_REGION_BY_IMPLICIT_GETTER;
-    List<String> expectedExceptionMessages =
-        userPerms.getMissingUserAuthorizationsForQuery(user, query);
-    String regexForExpectedExceptions = userPerms.regexForExpectedException(expectedExceptionMessages);
-
-    specificUserClient.invoke(() -> {
-      QueryService queryService = getClientCache().getQueryService();
-      CqSecurityTestCqListener cqListener = new CqSecurityTestCqListener();
-      CqSecurityDUnitTest.cqListener = cqListener;
-      CqQuery cq = createCq(queryService, query, cqListener);
-      executeCqWithInitialResultsButExpectException(cq, user,regexForExpectedExceptions);
-    });
-  }
-
-
-  @Test
-  @Parameters(method = "getAllUsersThatCanInvokeCq")
-  public void cqExecuteWithInitialResultsWithMethodInvocationWithUnpopulatedRegionAndFollowedByAPutShouldTriggerCqError(
-      String user) throws Exception {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    // execute cq
-    // put into region
-    // security should trigger listener with error
-    String query = UserPermissions.SELECT_FROM_REGION_BY_IMPLICIT_GETTER;
-    List<String> expectedExceptionMessages =
-        userPerms.getMissingUserAuthorizationsForQuery(user, query);
-
-    specificUserClient.invoke(() -> {
-      String regionName = UserPermissions.REGION_NAME;
-      QueryService queryService = getClientCache().getQueryService();
-      CqSecurityTestCqListener cqListener = new CqSecurityTestCqListener();
-      CqSecurityDUnitTest.cqListener = cqListener;
-      CqQuery cq = createCq(queryService, query, cqListener);
-      cq.executeWithInitialResults();
-    });
-
-    Object[] keys = {REGION_PUT_KEY};
-    Object[] values = {new QuerySecurityDUnitTest.QueryTestObject(1, "Mary")};
-    putIntoRegion(superUserClient, keys, values, UserPermissions.REGION_NAME);
-
-    specificUserClient.invoke(() -> {
-      Awaitility.await().atMost(30, TimeUnit.SECONDS)
-          .until(() -> assertEquals(1, cqListener.getNumErrors()));
-    });
-  }
-
-  @Test
-  @Parameters(method = "getAllUsersThatCannotInvokeCq")
-  public void cqExecuteWithInitialResultsWithMethodInvocationWithoutPermissionWithUnpopulatedRegionThrowSecurityException(
-      String user) throws Exception {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    // execute cq
-    // put into region
-    // security should trigger listener with error
-    String query = UserPermissions.SELECT_FROM_REGION_BY_IMPLICIT_GETTER;
-    List<String> expectedExceptionMessages =
-        userPerms.getMissingUserAuthorizationsForQuery(user, query);
-
-    String regexForExpectedExceptions = userPerms.regexForExpectedException(expectedExceptionMessages);
-    specificUserClient.invoke(() -> {
-      QueryService queryService = getClientCache().getQueryService();
-      CqSecurityTestCqListener cqListener = new CqSecurityTestCqListener();
-      CqSecurityDUnitTest.cqListener = cqListener;
-      CqQuery cq = createCq(queryService, query, cqListener);
-      executeCqWithInitialResultsButExpectException(cq, user,regexForExpectedExceptions);
-    });
-  }
-
-  @Test
-  @Parameters(method = "getAllUsersThatCanInvokeCq")
-  public void cqExecuteWithMethodInvocationWithUnpopulatedRegionAndFollowedByAPutShouldTriggerCqError(
-      String user) throws Exception {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    // execute cq
-    // put into region
-    // security should trigger listener wit gh error
-    String query = UserPermissions.SELECT_FROM_REGION_BY_IMPLICIT_GETTER;
-    List<String> expectedExceptionMessages =
-        userPerms.getMissingUserAuthorizationsForQuery(user, query);
-
-    specificUserClient.invoke(() -> {
-      QueryService queryService = getClientCache().getQueryService();
-      CqSecurityTestCqListener cqListener = new CqSecurityTestCqListener();
-      CqSecurityDUnitTest.cqListener = cqListener;
-      CqQuery cq = createCq(queryService, query, cqListener);
-      cq.execute();
-    });
-
-    Object[] keys = {REGION_PUT_KEY};
-    Object[] values = {new QuerySecurityDUnitTest.QueryTestObject(1, "Mary")};
-    putIntoRegion(superUserClient, keys, values, UserPermissions.REGION_NAME);
-
-    specificUserClient.invoke(() -> {
-      Awaitility.await().atMost(30, TimeUnit.SECONDS)
-          .until(() -> assertEquals(1, cqListener.getNumErrors()));
-    });
-  }
-
-  @Test
-  @Parameters(method = "getAllUsersThatCannotInvokeCq")
-  public void cqExecuteWithOutPermissionsWithUnpopulatedRegionShouldNotAllowCq(String user)
-      throws Exception {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    // execute cq
-    // put into region
-    String query = UserPermissions.SELECT_FROM_REGION_BY_IMPLICIT_GETTER;
-    List<String> expectedExceptionMessages =
-        userPerms.getMissingUserAuthorizationsForQuery(user, query);
-
-    String regexForExpectedExceptions = userPerms.regexForExpectedException(expectedExceptionMessages);
-
-    specificUserClient.invoke(() -> {
-      QueryService queryService = getClientCache().getQueryService();
-      CqSecurityTestCqListener cqListener = new CqSecurityTestCqListener();
-      CqSecurityDUnitTest.cqListener = cqListener;
-      CqQuery cq = createCq(queryService, query, cqListener);
-      executeCqButExpectException(cq, user, regexForExpectedExceptions);
-    });
-  }
-
-  @Test
-  @Parameters(method = "getAllUsersOnlyAllowedWrite")
-  public void cqCreatedByAllowedUserButPutDoneByUnallowedReaderShouldStillExecuteWithCqEvent(
-      String user) throws Exception {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    String query = UserPermissions.SELECT_FROM_REGION_BY_PUBLIC_FIELD;
-
-    superUserClient.invoke(() -> {
-      QueryService queryService = getClientCache().getQueryService();
-      CqSecurityTestCqListener cqListener = new CqSecurityTestCqListener();
-      CqSecurityDUnitTest.cqListener = cqListener;
-      CqQuery cq = createCq(queryService, query, cqListener);
-      cq.execute();
-    });
-
-    Object[] keys = {REGION_PUT_KEY};
-    Object[] values = {new QuerySecurityDUnitTest.QueryTestObject(1, "Mary")};
-    putIntoRegion(specificUserClient, keys, values, UserPermissions.REGION_NAME);
-
-    superUserClient.invoke(() -> {
-      Awaitility.await().atMost(30, TimeUnit.SECONDS)
-          .until(() -> assertEquals(1, cqListener.getNumEvent()));
-    });
-  }
-
-  @Test
-  @Parameters(method = "getAllUsersThatCanInvokeCq")
-  public void cqCanBeClosedByTheCreator(
-      String user) throws Exception {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    String query = UserPermissions.SELECT_FROM_REGION_BY_PUBLIC_FIELD;
-
-    specificUserClient.invoke(() -> {
-      QueryService queryService = getClientCache().getQueryService();
-      CqSecurityTestCqListener cqListener = new CqSecurityTestCqListener();
-      CqSecurityDUnitTest.cqListener = cqListener;
-      CqQuery cq = createCq(queryService, query, cqListener);
-      cq.execute();
-      cq.close();
-      assertTrue(cq.isClosed());
-    });
-    assertEquals(0,  server.getCache().getCqService().getAllCqs().size());
-  }
-
-
-  protected CqQuery createCq(QueryService queryService, String query, CqListener cqListener)
-      throws CqException {
-    CqAttributesFactory cqaf = new CqAttributesFactory();
-    cqaf.addCqListener(cqListener);
-    CqQuery cq = queryService.newCq(query, cqaf.create());
-    return cq;
-  }
-
-  protected void executeCqButExpectException(CqQuery cq, String user,
-      String regexForExpectedException) {
-    try {
-      cq.execute();
-      fail("Expected an exception when executing cq:" + cq.getQueryString() + " with user:" + user);
-    } catch (RegionNotFoundException | CqException e) {
-      if (!e.getMessage().matches(regexForExpectedException)) {
-        Throwable cause = e.getCause();
-        while (cause != null) {
-          if (cause.getMessage().matches(regexForExpectedException)) {
-            return;
-          }
-          cause = cause.getCause();
-        }
-        e.printStackTrace();
-        fail("Exception thrown did not match:" + regexForExpectedException + ".  Instead was:" + e);
-      }
-    }
-  }
-
-  private void executeCqWithInitialResultsButExpectException(CqQuery cq, String user,
-      String regexForExpectedException) {
-    try {
-      cq.executeWithInitialResults();
-      fail("Expected an exception when executing cq:" + cq + " with user:" + user);
-    } catch (RegionNotFoundException | CqException e) {
-      e.printStackTrace();
-      if (!e.getMessage().matches(regexForExpectedException)) {
-        Throwable cause = e.getCause();
-        while (cause != null) {
-          if (cause.getMessage() != null && cause.getMessage().matches(regexForExpectedException)) {
-            return;
-          }
-          cause = cause.getCause();
-        }
-        e.printStackTrace();
-        fail("Exception thrown did not match:" + regexForExpectedException + ".  Instead was:" + e);
-      }
-    }
-
-  }
-
-  public class CqSecurityTestCqListener implements CqListener {
-
-    private int numEvents = 0;
-    private int numErrors = 0;
-
-    @Override
-    public void onEvent(CqEvent aCqEvent) {
-      numEvents++;
-    }
-
-    @Override
-    public void onError(CqEvent aCqEvent) {
-      numErrors++;
-    }
-
-    public int getNumEvent() {
-      return numEvents;
-    }
-
-    public int getNumErrors() {
-      return numErrors;
-    }
-
-    @Override
-    public void close() {
-
-    }
-  }
-}
diff --git a/geode-cq/src/test/java/org/apache/geode/cache/query/cq/dunit/CqSecurityPartitionedAuthorizedUserDUnitTest.java b/geode-cq/src/test/java/org/apache/geode/cache/query/cq/dunit/CqSecurityPartitionedAuthorizedUserDUnitTest.java
new file mode 100644
index 0000000..6fe9f87
--- /dev/null
+++ b/geode-cq/src/test/java/org/apache/geode/cache/query/cq/dunit/CqSecurityPartitionedAuthorizedUserDUnitTest.java
@@ -0,0 +1,65 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.geode.cache.query.cq.dunit;
+
+import static org.junit.Assert.assertEquals;
+
+import java.util.concurrent.TimeUnit;
+
+import org.awaitility.Awaitility;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
+
+import org.apache.geode.cache.RegionShortcut;
+import org.apache.geode.cache.query.CqQuery;
+import org.apache.geode.cache.query.QueryService;
+import org.apache.geode.test.junit.categories.DistributedTest;
+import org.apache.geode.test.junit.categories.SecurityTest;
+import org.apache.geode.test.junit.runners.CategoryWithParameterizedRunnerFactory;
+
+@Category({DistributedTest.class, SecurityTest.class})
+@RunWith(Parameterized.class)
+@Parameterized.UseParametersRunnerFactory(CategoryWithParameterizedRunnerFactory.class)
+public class CqSecurityPartitionedAuthorizedUserDUnitTest
+    extends CqSecurityAuthorizedUserDUnitTest {
+  public RegionShortcut getRegionType() {
+    return RegionShortcut.PARTITION;
+  }
+
+  @Test
+  public void cqExecuteWithMethodInvocationWithUsersWithCqPermissionsWithPrepopulatedRegionIsGettingExceptionInReplicatedRegion()
+      throws Exception {
+    putIntoRegion(superUserClient, keys, values, regionName);
+
+    String query = "select * from /" + regionName + " r where r.name = 'Beth'";
+
+    specificUserClient.invoke(() -> {
+      QueryService queryService = getClientCache().getQueryService();
+      CqSecurityTestCqListener cqListener = new CqSecurityTestCqListener();
+      CqSecurityAuthorizedUserDUnitTest.cqListener = cqListener;
+      CqQuery cq = createCq(queryService, query, cqListener);
+      cq.execute();
+    });
+
+    putIntoRegion(superUserClient, keys, values, regionName);
+
+    specificUserClient.invoke(() -> {
+      Awaitility.await().atMost(30, TimeUnit.SECONDS)
+          .until(() -> assertEquals(1, cqListener.getNumErrors()));
+    });
+  }
+}
diff --git a/geode-cq/src/test/java/org/apache/geode/cache/query/cq/dunit/CqSecurityPartitionedDUnitTest.java b/geode-cq/src/test/java/org/apache/geode/cache/query/cq/dunit/CqSecurityPartitionedDUnitTest.java
deleted file mode 100644
index e542e0e..0000000
--- a/geode-cq/src/test/java/org/apache/geode/cache/query/cq/dunit/CqSecurityPartitionedDUnitTest.java
+++ /dev/null
@@ -1,98 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
- * agreements. See the NOTICE file distributed with this work for additional information regarding
- * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance with the License. You may obtain a
- * copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software distributed under the License
- * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
- * or implied. See the License for the specific language governing permissions and limitations under
- * the License.
- */
-package org.apache.geode.cache.query.cq.dunit;
-
-import static org.junit.Assert.assertEquals;
-
-import java.util.List;
-import java.util.concurrent.TimeUnit;
-
-import junitparams.JUnitParamsRunner;
-import junitparams.Parameters;
-import org.awaitility.Awaitility;
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-import org.junit.runner.RunWith;
-
-import org.apache.geode.cache.RegionShortcut;
-import org.apache.geode.cache.query.CqQuery;
-import org.apache.geode.cache.query.QueryService;
-import org.apache.geode.security.query.QuerySecurityDUnitTest;
-import org.apache.geode.security.query.UserPermissions;
-import org.apache.geode.test.junit.categories.DistributedTest;
-import org.apache.geode.test.junit.categories.SecurityTest;
-
-@Category({DistributedTest.class, SecurityTest.class})
-@RunWith(JUnitParamsRunner.class)
-public class CqSecurityPartitionedDUnitTest extends CqSecurityDUnitTest {
-  public RegionShortcut getRegionType() {
-    return RegionShortcut.PARTITION;
-  }
-
-
-//  @Test
-//  @Parameters(method = "getAllUsersThatCannotInvokeCq")
-//  public void cqExecuteWithMethodInvocationWithUsersWithCqPermissionsWithPrepopulatedRegionIsGettingExceptionInReplicatedRegion(
-//      String user) throws Exception {
-//    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-//    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-//
-//    Object[] keys = {REGION_PUT_KEY};
-//    Object[] values = {new QuerySecurityDUnitTest.QueryTestObject(1, "Mary")};
-//    putIntoRegion(superUserClient, keys, values, UserPermissions.REGION_NAME);
-//
-//    String query = UserPermissions.SELECT_FROM_REGION_BY_IMPLICIT_GETTER;
-//    List<String> expectedExceptionMessages =
-//        userPerms.getMissingUserAuthorizationsForQuery(user, query);
-//    String regexForExpectedExceptions = userPerms.regexForExpectedException(expectedExceptionMessages);
-//
-//    specificUserClient.invoke(() -> {
-//      QueryService queryService = getClientCache().getQueryService();
-//      CqSecurityTestCqListener cqListener = new CqSecurityTestCqListener();
-//      CqSecurityDUnitTest.cqListener = cqListener;
-//      CqQuery cq = createCq(queryService, query, cqListener);
-//      executeCqButExpectException(cq, user, regexForExpectedExceptions);
-//    });
-//  }
-//
-  @Test
-  @Parameters(method = "getAllUsersThatCanInvokeCq")
-  public void cqExecuteWithMethodInvocationWithUsersWithCqPermissionsWithPrepopulatedRegionIsGettingExceptionInReplicatedRegion(
-      String user) throws Exception {
-    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-    createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
-    Object[] keys = {REGION_PUT_KEY};
-    Object[] values = {new QuerySecurityDUnitTest.QueryTestObject(1, "Mary")};
-    putIntoRegion(superUserClient, keys, values, UserPermissions.REGION_NAME);
-
-    String query = UserPermissions.SELECT_FROM_REGION_BY_IMPLICIT_GETTER;
-
-    specificUserClient.invoke(() -> {
-      QueryService queryService = getClientCache().getQueryService();
-      CqSecurityTestCqListener cqListener = new CqSecurityTestCqListener();
-      CqSecurityDUnitTest.cqListener = cqListener;
-      CqQuery cq = createCq(queryService, query, cqListener);
-      cq.execute();
-    });
-
-    putIntoRegion(superUserClient, keys, values, UserPermissions.REGION_NAME);
-
-    specificUserClient.invoke(() -> {
-      Awaitility.await().atMost(30, TimeUnit.SECONDS)
-          .until(() -> assertEquals(1, cqListener.getNumErrors()));
-    });
-  }
-}
diff --git a/geode-core/src/test/java/org/apache/geode/security/query/PartitionedQuerySecurityDUnitTest.java b/geode-cq/src/test/java/org/apache/geode/cache/query/cq/dunit/CqSecurityPartitionedUnauthorizedUserDUnitTest.java
similarity index 61%
rename from geode-core/src/test/java/org/apache/geode/security/query/PartitionedQuerySecurityDUnitTest.java
rename to geode-cq/src/test/java/org/apache/geode/cache/query/cq/dunit/CqSecurityPartitionedUnauthorizedUserDUnitTest.java
index 4d81034..d3e3adb 100644
--- a/geode-core/src/test/java/org/apache/geode/security/query/PartitionedQuerySecurityDUnitTest.java
+++ b/geode-cq/src/test/java/org/apache/geode/cache/query/cq/dunit/CqSecurityPartitionedUnauthorizedUserDUnitTest.java
@@ -12,19 +12,32 @@
  * or implied. See the License for the specific language governing permissions and limitations under
  * the License.
  */
-package org.apache.geode.security.query;
+package org.apache.geode.cache.query.cq.dunit;
 
-import junitparams.JUnitParamsRunner;
+import static org.junit.Assert.assertEquals;
+
+import java.util.concurrent.TimeUnit;
+
+import org.awaitility.Awaitility;
+import org.junit.Test;
 import org.junit.experimental.categories.Category;
 import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
 
 import org.apache.geode.cache.RegionShortcut;
+import org.apache.geode.cache.query.CqQuery;
+import org.apache.geode.cache.query.QueryService;
+import org.apache.geode.security.query.UserPermissions;
+import org.apache.geode.security.query.data.QueryTestObject;
 import org.apache.geode.test.junit.categories.DistributedTest;
 import org.apache.geode.test.junit.categories.SecurityTest;
+import org.apache.geode.test.junit.runners.CategoryWithParameterizedRunnerFactory;
 
 @Category({DistributedTest.class, SecurityTest.class})
-@RunWith(JUnitParamsRunner.class)
-public class PartitionedQuerySecurityDUnitTest extends QuerySecurityDUnitTest {
+@RunWith(Parameterized.class)
+@Parameterized.UseParametersRunnerFactory(CategoryWithParameterizedRunnerFactory.class)
+public class CqSecurityPartitionedUnauthorizedUserDUnitTest
+    extends CqSecurityUnauthorizedUserDUnitTest {
   public RegionShortcut getRegionType() {
     return RegionShortcut.PARTITION;
   }
diff --git a/geode-cq/src/test/java/org/apache/geode/cache/query/cq/dunit/CqSecurityUnauthorizedUserDUnitTest.java b/geode-cq/src/test/java/org/apache/geode/cache/query/cq/dunit/CqSecurityUnauthorizedUserDUnitTest.java
new file mode 100644
index 0000000..2e9fc8a
--- /dev/null
+++ b/geode-cq/src/test/java/org/apache/geode/cache/query/cq/dunit/CqSecurityUnauthorizedUserDUnitTest.java
@@ -0,0 +1,215 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.geode.cache.query.cq.dunit;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.fail;
+import static org.junit.Assume.assumeTrue;
+
+import java.util.Arrays;
+import java.util.List;
+import java.util.concurrent.TimeUnit;
+
+import org.awaitility.Awaitility;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
+
+import org.apache.geode.cache.query.CqAttributesFactory;
+import org.apache.geode.cache.query.CqEvent;
+import org.apache.geode.cache.query.CqException;
+import org.apache.geode.cache.query.CqListener;
+import org.apache.geode.cache.query.CqQuery;
+import org.apache.geode.cache.query.QueryService;
+import org.apache.geode.cache.query.RegionNotFoundException;
+import org.apache.geode.security.query.QuerySecurityBase;
+import org.apache.geode.security.query.data.QueryTestObject;
+import org.apache.geode.test.junit.categories.DistributedTest;
+import org.apache.geode.test.junit.categories.SecurityTest;
+import org.apache.geode.test.junit.runners.CategoryWithParameterizedRunnerFactory;
+
+@Category({DistributedTest.class, SecurityTest.class})
+@RunWith(Parameterized.class)
+@Parameterized.UseParametersRunnerFactory(CategoryWithParameterizedRunnerFactory.class)
+public class CqSecurityUnauthorizedUserDUnitTest extends QuerySecurityBase {
+
+  @Parameterized.Parameters
+  public static Object[] usersAllowed() {
+    return new Object[] {"stranger", "dataReaderRegionKey", "clusterManagerQuery",
+        "clusterManagerDataReaderRegionKey", "dataWriter"};
+  }
+
+  @Parameterized.Parameter
+  public String user;
+
+  @Before
+  public void configureSpecificClientAndKeyAndValues() {
+    createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
+    createProxyRegion(specificUserClient, regionName);
+
+    keys = new Object[] {"key-0"};
+    values = new Object[] {new QueryTestObject(0, "John")};
+  }
+
+  // Variables that need to be shared across invoke calls.
+  protected static CqSecurityTestCqListener cqListener = null;
+
+  public List<String> getAllUsersOnlyAllowedWrite() {
+    return Arrays.asList("dataWriter");
+  }
+
+
+  private String regexForExpectedExceptions = ".*DATA:READ:.*";
+
+  @Test
+  public void cqExecuteNoMethodInvocationWithUsersWithoutCqPermissionsWithPrepopulatedRegionShouldThrowSecurityException()
+      throws Exception {
+    putIntoRegion(superUserClient, keys, values, regionName);
+    String query = "select * from /" + regionName + " r where r.id = 0";
+
+    specificUserClient.invoke(() -> {
+      QueryService queryService = getClientCache().getQueryService();
+      CqSecurityTestCqListener cqListener = new CqSecurityTestCqListener();
+      CqSecurityUnauthorizedUserDUnitTest.cqListener = cqListener;
+      CqQuery cq = createCq(queryService, query, cqListener);
+      executeCqButExpectException(cq, user, regexForExpectedExceptions);
+    });
+  }
+
+  @Test
+  public void cqExecuteWithInitialResultsWithMethodInvocationWithoutPermissionWithUnpopulatedRegionThrowSecurityException()
+      throws Exception {
+    String query = "select * from /" + regionName + " r where r.name = 'Beth'";
+    specificUserClient.invoke(() -> {
+      QueryService queryService = getClientCache().getQueryService();
+      CqSecurityTestCqListener cqListener = new CqSecurityTestCqListener();
+      CqSecurityUnauthorizedUserDUnitTest.cqListener = cqListener;
+      CqQuery cq = createCq(queryService, query, cqListener);
+      executeCqWithInitialResultsButExpectException(cq, user, regexForExpectedExceptions);
+    });
+  }
+
+  @Test
+  public void cqExecuteWithOutPermissionsWithUnpopulatedRegionShouldNotAllowCq() throws Exception {
+    String query = "select * from /" + regionName + " r where r.name = 'Beth'";
+    specificUserClient.invoke(() -> {
+      QueryService queryService = getClientCache().getQueryService();
+      CqSecurityTestCqListener cqListener = new CqSecurityTestCqListener();
+      CqSecurityUnauthorizedUserDUnitTest.cqListener = cqListener;
+      CqQuery cq = createCq(queryService, query, cqListener);
+      executeCqButExpectException(cq, user, regexForExpectedExceptions);
+    });
+  }
+
+  @Test
+  public void cqCreatedByAllowedUserButPutDoneByUnallowedReaderShouldStillExecuteWithCqEvent()
+      throws Exception {
+    assumeTrue(user.equals("dataWriter"));
+    String query = "select * from /" + regionName + " r where r.id = 1";
+    superUserClient.invoke(() -> {
+      QueryService queryService = getClientCache().getQueryService();
+      CqSecurityTestCqListener cqListener = new CqSecurityTestCqListener();
+      CqSecurityUnauthorizedUserDUnitTest.cqListener = cqListener;
+      CqQuery cq = createCq(queryService, query, cqListener);
+      cq.execute();
+    });
+
+    Object[] keys = {"key-0"};
+    Object[] values = {new QueryTestObject(1, "Mary")};
+    putIntoRegion(specificUserClient, keys, values, regionName);
+
+    superUserClient.invoke(() -> {
+      Awaitility.await().atMost(30, TimeUnit.SECONDS)
+          .until(() -> assertEquals(1, cqListener.getNumEvent()));
+    });
+  }
+
+
+  protected CqQuery createCq(QueryService queryService, String query, CqListener cqListener)
+      throws CqException {
+    CqAttributesFactory cqaf = new CqAttributesFactory();
+    cqaf.addCqListener(cqListener);
+    CqQuery cq = queryService.newCq(query, cqaf.create());
+    return cq;
+  }
+
+  protected void executeCqButExpectException(CqQuery cq, String user,
+      String regexForExpectedException) {
+    try {
+      cq.execute();
+      fail("Expected an exception when executing cq:" + cq.getQueryString() + " with user:" + user);
+    } catch (RegionNotFoundException | CqException e) {
+      if (!e.getMessage().matches(regexForExpectedException)) {
+        Throwable cause = e.getCause();
+        while (cause != null) {
+          if (cause.getMessage().matches(regexForExpectedException)) {
+            return;
+          }
+          cause = cause.getCause();
+        }
+        e.printStackTrace();
+        fail("Exception thrown did not match:" + regexForExpectedException + ".  Instead was:" + e);
+      }
+    }
+  }
+
+  private void executeCqWithInitialResultsButExpectException(CqQuery cq, String user,
+      String regexForExpectedException) {
+    try {
+      cq.executeWithInitialResults();
+      fail("Expected an exception when executing cq:" + cq + " with user:" + user);
+    } catch (RegionNotFoundException | CqException e) {
+      e.printStackTrace();
+      if (!e.getMessage().matches(regexForExpectedException)) {
+        Throwable cause = e.getCause();
+        while (cause != null) {
+          if (cause.getMessage() != null && cause.getMessage().matches(regexForExpectedException)) {
+            return;
+          }
+          cause = cause.getCause();
+        }
+        e.printStackTrace();
+        fail("Exception thrown did not match:" + regexForExpectedException + ".  Instead was:" + e);
+      }
+    }
+  }
+
+  public class CqSecurityTestCqListener implements CqListener {
+
+    private int numEvents = 0;
+
+    @Override
+    public void onEvent(CqEvent aCqEvent) {
+      numEvents++;
+    }
+
+    @Override
+    public void onError(CqEvent aCqEvent) {
+
+    }
+
+    public int getNumEvent() {
+      return numEvents;
+    }
+
+
+    @Override
+    public void close() {
+
+    }
+  }
+}
diff --git a/geode-cq/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/CloseCQTest.java b/geode-cq/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/CloseCQTest.java
index ddbf558..6cffb31 100644
--- a/geode-cq/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/CloseCQTest.java
+++ b/geode-cq/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/CloseCQTest.java
@@ -15,7 +15,6 @@
 
 package org.apache.geode.internal.cache.tier.sockets.command;
 
-import static org.mockito.ArgumentMatchers.anyString;
 import static org.mockito.Mockito.doCallRealMethod;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
diff --git a/geode-cq/src/test/java/org/apache/geode/security/ClientQueryAuthDUnitTest.java b/geode-cq/src/test/java/org/apache/geode/security/ClientQueryAuthDUnitTest.java
index 9d66290..a18a4c6 100644
--- a/geode-cq/src/test/java/org/apache/geode/security/ClientQueryAuthDUnitTest.java
+++ b/geode-cq/src/test/java/org/apache/geode/security/ClientQueryAuthDUnitTest.java
@@ -18,27 +18,16 @@ import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANA
 import static org.apache.geode.security.SecurityTestUtil.assertNotAuthorized;
 import static org.apache.geode.security.SecurityTestUtil.createClientCache;
 import static org.apache.geode.security.SecurityTestUtil.createProxyRegion;
-import static org.junit.Assert.assertEquals;
 
-import java.util.Collection;
-
-import junitparams.JUnitParamsRunner;
 import org.junit.Rule;
 import org.junit.Test;
 import org.junit.experimental.categories.Category;
-import org.junit.runner.RunWith;
 
 import org.apache.geode.cache.Region;
 import org.apache.geode.cache.RegionShortcut;
 import org.apache.geode.cache.client.ClientCache;
 import org.apache.geode.cache.client.Pool;
 import org.apache.geode.cache.client.PoolManager;
-import org.apache.geode.cache.query.CqAttributes;
-import org.apache.geode.cache.query.CqAttributesFactory;
-import org.apache.geode.cache.query.CqEvent;
-import org.apache.geode.cache.query.CqListener;
-import org.apache.geode.cache.query.CqQuery;
-import org.apache.geode.cache.query.QueryService;
 import org.apache.geode.test.dunit.Host;
 import org.apache.geode.test.dunit.VM;
 import org.apache.geode.test.dunit.internal.JUnit4DistributedTestCase;
@@ -46,45 +35,27 @@ import org.apache.geode.test.junit.rules.ServerStarterRule;
 import org.apache.geode.test.junit.categories.DistributedTest;
 import org.apache.geode.test.junit.categories.SecurityTest;
 
-// TODO pdx field look up
-// DataManage with region read key
-
 @Category({DistributedTest.class, SecurityTest.class})
-@RunWith(JUnitParamsRunner.class)
 public class ClientQueryAuthDUnitTest extends JUnit4DistributedTestCase {
 
-  private static final String AUTH_REGION_NAME = "AuthRegion";
-  private static final String NO_AUTH_REGION_NAME = "NoAuthRegion";
-  private static final String REP_REGION_NAME = "Rep" + AUTH_REGION_NAME;
-  private static final String PART_REGION_NAME = "Part" + AUTH_REGION_NAME;
-
-  private static final String USER_PASSWORD = "1234567";
-
-  private static final String PUT_KEY = "key1";
-  private static final String PUT_VALUE = "value1";
-
+  private static String REGION_NAME = "AuthRegion";
   final Host host = Host.getHost(0);
   final VM client1 = host.getVM(1);
   final VM client2 = host.getVM(2);
   final VM client3 = host.getVM(3);
 
-  static TestSecurityManager scManager = new TestSecurityManager();
-
   @Rule
   public ServerStarterRule server =
       new ServerStarterRule().withProperty(SECURITY_MANAGER, TestSecurityManager.class.getName())
           .withProperty(TestSecurityManager.SECURITY_JSON,
               "org/apache/geode/management/internal/security/clientServer.json")
-          .withRegion(RegionShortcut.REPLICATE, REP_REGION_NAME)
-          .withRegion(RegionShortcut.PARTITION, PART_REGION_NAME)
-          .withRegion(RegionShortcut.PARTITION, AUTH_REGION_NAME)
-          .withRegion(RegionShortcut.PARTITION, NO_AUTH_REGION_NAME);
+          .withRegion(RegionShortcut.REPLICATE, REGION_NAME);
 
   @Test
   public void testQuery() {
     client1.invoke(() -> {
       ClientCache cache = createClientCache("stranger", "1234567", server.getPort());
-      final Region region = createProxyRegion(cache, AUTH_REGION_NAME);
+      final Region region = createProxyRegion(cache, REGION_NAME);
 
       String query = "select * from /AuthRegion";
       assertNotAuthorized(() -> region.query(query), "DATA:READ:AuthRegion");
@@ -94,120 +65,4 @@ public class ClientQueryAuthDUnitTest extends JUnit4DistributedTestCase {
           "DATA:READ:AuthRegion");
     });
   }
-
-  private void createRegionIndex(String indexName, String regionName) {
-    ClientCache cache = createClientCache("super-user", USER_PASSWORD, server.getPort());
-    final Region region = createProxyRegion(cache, regionName);
-    // cache.getQueryService().createIndex(indexName, "id", "/" + regionName);
-
-    cache.close();
-  }
-
-  protected void putIntoRegion(Object value, String regionName) {
-    ClientCache cache = createClientCache("super-user", USER_PASSWORD, server.getPort());
-    final Region region = createProxyRegion(cache, regionName);
-    region.put(PUT_KEY, value);
-    cache.close();
-  }
-
-  // @Test
-  // public void testQueryWithRegionsAsBindParameters() {
-  // client1.invoke(() -> {
-  // putIntoRegion(PUT_VALUE, NO_AUTH_REGION_NAME);
-  // ClientCache cache = createClientCache("authRegionUser", "1234567", server.getPort());
-  // final Region authRegion = createProxyRegion(cache, AUTH_REGION_NAME);
-  // final Region noAuthRegion = createProxyRegion(cache, NO_AUTH_REGION_NAME);
-  //
-  // String query = "select * from /AuthRegion";
-  // authRegion.put("A", "B");
-  // Pool pool = PoolManager.find(authRegion);
-  // assertEquals(1, ((Collection) cache.getQueryService().newQuery(query).execute()).size());
-  // HashSet regions = new HashSet();
-  // regions.add(noAuthRegion);
-  //
-  // assertNotAuthorized(() -> pool.getQueryService().newQuery("select v from $1 r, r.values()
-  // v").execute(new Object[] {regions}),
-  // "DATA:READ:NoAuthRegion");
-  // });
-  // }
-
-  @Test
-  public void testCQ() {
-    String query = "select * from /AuthRegion";
-    client1.invoke(() -> {
-      ClientCache cache = createClientCache("dataWriter", "1234567", server.getPort());
-      Region region = createProxyRegion(cache, AUTH_REGION_NAME);
-      Pool pool = PoolManager.find(region);
-      QueryService qs = pool.getQueryService();
-
-      CqAttributes cqa = new CqAttributesFactory().create();
-
-      // Create the CqQuery
-      CqQuery cq = qs.newCq("CQ1", query, cqa);
-
-      // try {
-      // cq.executeWithInitialResults();
-      // }
-      // catch (Exception e) {
-      // System.out.println("JASON:" + e.getCause().getCause());
-      //
-      // }
-
-      // assertNotAuthorized(() -> cq.executeWithInitialResults(), "DATA:READ:AuthRegion");
-      // assertNotAuthorized(() -> cq.execute(), "DATA:READ:AuthRegion");
-      cq.execute();
-      region.put(PUT_KEY + "xxx", PUT_VALUE + "xxx");
-      cq.close();
-      // assertNotAuthorized(() -> cq.close(), "DATA:MANAGE");
-    });
-
-    client2.invoke(() -> {
-      ClientCache cache = createClientCache("authRegionReader", "1234567", server.getPort());
-      Region region = createProxyRegion(cache, AUTH_REGION_NAME);
-      Pool pool = PoolManager.find(region);
-      QueryService qs = pool.getQueryService();
-
-      CqAttributes cqa = new CqAttributesFactory().create();
-      // Create the CqQuery
-      CqQuery cq = qs.newCq("CQ1", query, cqa);
-      cq.execute();
-
-      assertNotAuthorized(() -> cq.stop(), "DATA:MANAGE");
-      assertNotAuthorized(() -> qs.getAllDurableCqsFromServer(), "CLUSTER:READ");
-    });
-
-    client3.invoke(() -> {
-      ClientCache cache = createClientCache("super-user", "1234567", server.getPort());
-      Region region = createProxyRegion(cache, AUTH_REGION_NAME);
-      Pool pool = PoolManager.find(region);
-      QueryService qs = pool.getQueryService();
-
-      CqAttributesFactory factory = new CqAttributesFactory();
-      factory.addCqListener(new CqListener() {
-        @Override
-        public void onEvent(final CqEvent aCqEvent) {
-          System.out.println(aCqEvent);
-        }
-
-        @Override
-        public void onError(final CqEvent aCqEvent) {
-
-        }
-
-        @Override
-        public void close() {
-
-        }
-      });
-
-
-      CqAttributes cqa = factory.create();
-
-      // Create the CqQuery
-      CqQuery cq = qs.newCq("CQ1", query, cqa);
-      System.out.println("query result: " + cq.executeWithInitialResults());
-
-      cq.stop();
-    });
-  }
 }

-- 
To stop receiving notification emails like this one, please contact
"commits@geode.apache.org" <commits@geode.apache.org>.

Mime
View raw message