[25/50] [abbrv] geode git commit: GEODE-2919: Provide finer grained security

Tue, 27 Jun 2017 12:56:05 -0700 

http://git-wip-us.apache.org/repos/asf/geode/blob/451d12e8/geode-core/src/test/java/org/apache/geode/management/internal/cli/commands/CreateAlterDestroyRegionCommandsTest.java
----------------------------------------------------------------------
diff --git 
a/geode-core/src/test/java/org/apache/geode/management/internal/cli/commands/CreateAlterDestroyRegionCommandsTest.java
 
b/geode-core/src/test/java/org/apache/geode/management/internal/cli/commands/CreateAlterDestroyRegionCommandsTest.java
index 155b1ad..c281080 100644
--- 
a/geode-core/src/test/java/org/apache/geode/management/internal/cli/commands/CreateAlterDestroyRegionCommandsTest.java
+++ 
b/geode-core/src/test/java/org/apache/geode/management/internal/cli/commands/CreateAlterDestroyRegionCommandsTest.java
@@ -16,21 +16,16 @@
 package org.apache.geode.management.internal.cli.commands;
 
 
-import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
-import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.doReturn;
 import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.verify;
 
 import org.junit.Rule;
 import org.junit.Test;
 import org.junit.experimental.categories.Category;
-import org.mockito.ArgumentCaptor;
 
 import org.apache.geode.internal.cache.InternalCache;
 import org.apache.geode.management.DistributedSystemMXBean;
-import org.apache.geode.management.internal.cli.functions.RegionFunctionArgs;
 import org.apache.geode.test.dunit.rules.GfshParserRule;
 import org.apache.geode.test.junit.categories.IntegrationTest;
 
@@ -49,17 +44,7 @@ public class CreateAlterDestroyRegionCommandsTest {
     doReturn(cache).when(spy).getCache();
     doReturn(dsMBean).when(spy).getDSMBean(cache);
 
-    parser.executeLastCommandWithInstance(spy);
-
-    ArgumentCaptor<RegionFunctionArgs> argsCaptor =
-        ArgumentCaptor.forClass(RegionFunctionArgs.class);
-
-    verify(spy).validateRegionFunctionArgs(any(), argsCaptor.capture());
-
-    RegionFunctionArgs args = argsCaptor.getValue();
-    assertThat(args.getPartitionResolver()).isEqualTo("Foo");
-
-    assertThatThrownBy(() -> spy.validateRegionFunctionArgs(cache, args))
+    assertThatThrownBy(() -> parser.executeLastCommandWithInstance(spy))
         .hasMessageContaining("Foo is an invalid Partition Resolver");
   }
 }

http://git-wip-us.apache.org/repos/asf/geode/blob/451d12e8/geode-core/src/test/java/org/apache/geode/management/internal/security/CacheServerMBeanAuthenticationJUnitTest.java
----------------------------------------------------------------------
diff --git 
a/geode-core/src/test/java/org/apache/geode/management/internal/security/CacheServerMBeanAuthenticationJUnitTest.java
 
b/geode-core/src/test/java/org/apache/geode/management/internal/security/CacheServerMBeanAuthenticationJUnitTest.java
index 9a1605a..1d98087 100644
--- 
a/geode-core/src/test/java/org/apache/geode/management/internal/security/CacheServerMBeanAuthenticationJUnitTest.java
+++ 
b/geode-core/src/test/java/org/apache/geode/management/internal/security/CacheServerMBeanAuthenticationJUnitTest.java
@@ -16,28 +16,26 @@ package org.apache.geode.management.internal.security;
 
 import static 
org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANAGER;
 
-import org.apache.geode.management.CacheServerMXBean;
-import org.apache.geode.security.TestSecurityManager;
-import org.apache.geode.test.dunit.rules.ConnectionConfiguration;
-import org.apache.geode.test.dunit.rules.MBeanServerConnectionRule;
-import org.apache.geode.test.dunit.rules.ServerStarterRule;
-import org.apache.geode.test.junit.categories.IntegrationTest;
 import org.junit.Before;
 import org.junit.ClassRule;
 import org.junit.Rule;
 import org.junit.Test;
 import org.junit.experimental.categories.Category;
 
+import org.apache.geode.management.CacheServerMXBean;
+import org.apache.geode.security.SimpleTestSecurityManager;
+import org.apache.geode.test.dunit.rules.ConnectionConfiguration;
+import org.apache.geode.test.dunit.rules.MBeanServerConnectionRule;
+import org.apache.geode.test.dunit.rules.ServerStarterRule;
+import org.apache.geode.test.junit.categories.IntegrationTest;
+
 @Category(IntegrationTest.class)
 public class CacheServerMBeanAuthenticationJUnitTest {
   private CacheServerMXBean bean;
 
   @ClassRule
   public static ServerStarterRule server = new 
ServerStarterRule().withJMXManager()
-      .withProperty(SECURITY_MANAGER, TestSecurityManager.class.getName())
-      .withProperty(TestSecurityManager.SECURITY_JSON,
-          "org/apache/geode/management/internal/security/cacheServer.json")
-      .withAutoStart();
+      .withProperty(SECURITY_MANAGER, 
SimpleTestSecurityManager.class.getName()).withAutoStart();
 
   @Rule
   public MBeanServerConnectionRule connectionRule =
@@ -49,7 +47,7 @@ public class CacheServerMBeanAuthenticationJUnitTest {
   }
 
   @Test
-  @ConnectionConfiguration(user = "data-admin", password = "1234567")
+  @ConnectionConfiguration(user = "data,cluster", password = "data,cluster")
   public void testAllAccess() throws Exception {
     bean.removeIndex("foo");
     bean.fetchLoadProbe();

http://git-wip-us.apache.org/repos/asf/geode/blob/451d12e8/geode-core/src/test/java/org/apache/geode/management/internal/security/CacheServerMBeanAuthorizationJUnitTest.java
----------------------------------------------------------------------
diff --git 
a/geode-core/src/test/java/org/apache/geode/management/internal/security/CacheServerMBeanAuthorizationJUnitTest.java
 
b/geode-core/src/test/java/org/apache/geode/management/internal/security/CacheServerMBeanAuthorizationJUnitTest.java
index c7c76f6..de88614 100644
--- 
a/geode-core/src/test/java/org/apache/geode/management/internal/security/CacheServerMBeanAuthorizationJUnitTest.java
+++ 
b/geode-core/src/test/java/org/apache/geode/management/internal/security/CacheServerMBeanAuthorizationJUnitTest.java
@@ -17,6 +17,13 @@ package org.apache.geode.management.internal.security;
 import static 
org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANAGER;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 
+import org.assertj.core.api.SoftAssertions;
+import org.junit.Before;
+import org.junit.ClassRule;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
 import org.apache.geode.management.CacheServerMXBean;
 import org.apache.geode.security.TestSecurityManager;
 import org.apache.geode.test.dunit.rules.ConnectionConfiguration;
@@ -24,11 +31,6 @@ import 
org.apache.geode.test.dunit.rules.MBeanServerConnectionRule;
 import org.apache.geode.test.dunit.rules.ServerStarterRule;
 import org.apache.geode.test.junit.categories.IntegrationTest;
 import org.apache.geode.test.junit.categories.SecurityTest;
-import org.junit.Before;
-import org.junit.ClassRule;
-import org.junit.Rule;
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
 
 @Category({IntegrationTest.class, SecurityTest.class})
 public class CacheServerMBeanAuthorizationJUnitTest {
@@ -58,8 +60,10 @@ public class CacheServerMBeanAuthorizationJUnitTest {
         .hasMessageContaining(TestCommand.dataRead.toString());
     bean.fetchLoadProbe();
     bean.getActiveCQCount();
-    bean.stopContinuousQuery("bar");
-    bean.closeAllContinuousQuery("bar");
+    assertThatThrownBy(() -> bean.stopContinuousQuery("bar"))
+        .hasMessageContaining(TestCommand.clusterManageQuery.toString());
+    assertThatThrownBy(() -> bean.closeAllContinuousQuery("bar"))
+        .hasMessageContaining(TestCommand.clusterManageQuery.toString());
     bean.isRunning();
     bean.showClientQueueDetails("foo");
   }
@@ -88,21 +92,25 @@ public class CacheServerMBeanAuthorizationJUnitTest {
   @Test
   @ConnectionConfiguration(user = "stranger", password = "1234567")
   public void testNoAccess() throws Exception {
-    assertThatThrownBy(() -> bean.removeIndex("foo"))
+    SoftAssertions softly = new SoftAssertions();
+
+    softly.assertThatThrownBy(() -> bean.removeIndex("foo"))
         .hasMessageContaining(TestCommand.dataManage.toString());
-    assertThatThrownBy(() -> bean.executeContinuousQuery("bar"))
+    softly.assertThatThrownBy(() -> bean.executeContinuousQuery("bar"))
         .hasMessageContaining(TestCommand.dataRead.toString());
-    assertThatThrownBy(() -> bean.fetchLoadProbe())
+    softly.assertThatThrownBy(() -> bean.fetchLoadProbe())
         .hasMessageContaining(TestCommand.clusterRead.toString());
-    assertThatThrownBy(() -> bean.getActiveCQCount())
+    softly.assertThatThrownBy(() -> bean.getActiveCQCount())
         .hasMessageContaining(TestCommand.clusterRead.toString());
-    assertThatThrownBy(() -> bean.stopContinuousQuery("bar"))
-        .hasMessageContaining(TestCommand.dataManage.toString());
-    assertThatThrownBy(() -> bean.closeAllContinuousQuery("bar"))
-        .hasMessageContaining(TestCommand.dataManage.toString());
-    assertThatThrownBy(() -> bean.isRunning())
+    softly.assertThatThrownBy(() -> bean.stopContinuousQuery("bar"))
+        .hasMessageContaining(TestCommand.clusterManageQuery.toString());
+    softly.assertThatThrownBy(() -> bean.closeAllContinuousQuery("bar"))
+        .hasMessageContaining(TestCommand.clusterManageQuery.toString());
+    softly.assertThatThrownBy(() -> bean.isRunning())
         .hasMessageContaining(TestCommand.clusterRead.toString());
-    assertThatThrownBy(() -> bean.showClientQueueDetails("bar"))
+    softly.assertThatThrownBy(() -> bean.showClientQueueDetails("bar"))
         .hasMessageContaining(TestCommand.clusterRead.toString());
+
+    softly.assertAll();
   }
 }

http://git-wip-us.apache.org/repos/asf/geode/blob/451d12e8/geode-core/src/test/java/org/apache/geode/management/internal/security/CacheServerMBeanWithShiroIniIntegrationTest.java
----------------------------------------------------------------------
diff --git 
a/geode-core/src/test/java/org/apache/geode/management/internal/security/CacheServerMBeanWithShiroIniIntegrationTest.java
 
b/geode-core/src/test/java/org/apache/geode/management/internal/security/CacheServerMBeanWithShiroIniIntegrationTest.java
index 55f592e..dc1c01a 100644
--- 
a/geode-core/src/test/java/org/apache/geode/management/internal/security/CacheServerMBeanWithShiroIniIntegrationTest.java
+++ 
b/geode-core/src/test/java/org/apache/geode/management/internal/security/CacheServerMBeanWithShiroIniIntegrationTest.java
@@ -17,17 +17,18 @@ package org.apache.geode.management.internal.security;
 import static 
org.apache.geode.distributed.ConfigurationProperties.SECURITY_SHIRO_INIT;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 
+import org.junit.Before;
+import org.junit.ClassRule;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
 import org.apache.geode.management.CacheServerMXBean;
 import org.apache.geode.test.dunit.rules.ConnectionConfiguration;
 import org.apache.geode.test.dunit.rules.MBeanServerConnectionRule;
 import org.apache.geode.test.dunit.rules.ServerStarterRule;
 import org.apache.geode.test.junit.categories.IntegrationTest;
 import org.apache.geode.test.junit.categories.SecurityTest;
-import org.junit.Before;
-import org.junit.ClassRule;
-import org.junit.Rule;
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
 
 @Category({IntegrationTest.class, SecurityTest.class})
 public class CacheServerMBeanWithShiroIniIntegrationTest {
@@ -71,9 +72,9 @@ public class CacheServerMBeanWithShiroIniIntegrationTest {
     assertThatThrownBy(() -> bean.getActiveCQCount())
         .hasMessageContaining(TestCommand.clusterRead.toString());
     assertThatThrownBy(() -> bean.stopContinuousQuery("bar"))
-        .hasMessageContaining(TestCommand.dataManage.toString());
+        .hasMessageContaining(TestCommand.clusterManageQuery.toString());
     assertThatThrownBy(() -> bean.closeAllContinuousQuery("bar"))
-        .hasMessageContaining(TestCommand.dataManage.toString());
+        .hasMessageContaining(TestCommand.clusterManageQuery.toString());
     assertThatThrownBy(() -> bean.isRunning())
         .hasMessageContaining(TestCommand.clusterRead.toString());
     assertThatThrownBy(() -> bean.showClientQueueDetails("bar"))

http://git-wip-us.apache.org/repos/asf/geode/blob/451d12e8/geode-core/src/test/java/org/apache/geode/management/internal/security/CliCommandsSecurityTest.java
----------------------------------------------------------------------
diff --git 
a/geode-core/src/test/java/org/apache/geode/management/internal/security/CliCommandsSecurityTest.java
 
b/geode-core/src/test/java/org/apache/geode/management/internal/security/CliCommandsSecurityTest.java
index a66f05b..dec4703 100644
--- 
a/geode-core/src/test/java/org/apache/geode/management/internal/security/CliCommandsSecurityTest.java
+++ 
b/geode-core/src/test/java/org/apache/geode/management/internal/security/CliCommandsSecurityTest.java
@@ -15,8 +15,15 @@
 package org.apache.geode.management.internal.security;
 
 import static 
org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANAGER;
-import static org.junit.Assert.assertTrue;
-import static org.junit.Assert.fail;
+
+import java.util.List;
+
+import org.assertj.core.api.SoftAssertions;
+import org.junit.Before;
+import org.junit.ClassRule;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
 
 import org.apache.geode.internal.logging.LogService;
 import org.apache.geode.management.MemberMXBean;
@@ -27,13 +34,6 @@ import 
org.apache.geode.test.dunit.rules.MBeanServerConnectionRule;
 import org.apache.geode.test.dunit.rules.ServerStarterRule;
 import org.apache.geode.test.junit.categories.IntegrationTest;
 import org.apache.geode.test.junit.categories.SecurityTest;
-import org.junit.Before;
-import org.junit.ClassRule;
-import org.junit.Rule;
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-
-import java.util.List;
 
 @Category({IntegrationTest.class, SecurityTest.class})
 public class CliCommandsSecurityTest {
@@ -60,22 +60,22 @@ public class CliCommandsSecurityTest {
   @Test
   @ConnectionConfiguration(user = "stranger", password = "1234567")
   public void testNoAccess() {
+    SoftAssertions softly = new SoftAssertions();
     for (TestCommand command : commands) {
       // skip query commands since query commands are only available in client 
shell
       if (command.getCommand().startsWith("query"))
         continue;
       LogService.getLogger().info("processing: " + command.getCommand());
       // for those commands that requires a permission, we expect an exception 
to be thrown
-      if (command.getPermission() != null) {
-        try {
-          String result = bean.processCommand(command.getCommand());
-          fail(command.getCommand() + " has result: " + result);
-        } catch (NotAuthorizedException e) {
-          assertTrue(e.getMessage() + " should contain " + 
command.getPermission(),
-              e.getMessage().contains(command.getPermission().toString()));
-        }
+      // This has the potential to become flaky for commands with more than 
one permission.
+      if (command.getPermissions() != null && command.getPermissions().length 
> 0) {
+        softly.assertThatThrownBy(() -> 
bean.processCommand(command.getCommand()))
+            
.describedAs(command.getCommand()).isInstanceOf(NotAuthorizedException.class)
+            .hasMessageContaining(command.getPermissions()[0].toString());
+        // }
       }
     }
+    softly.assertAll();
   }
 
   @Test

http://git-wip-us.apache.org/repos/asf/geode/blob/451d12e8/geode-core/src/test/java/org/apache/geode/management/internal/security/DataCommandsSecurityTest.java
----------------------------------------------------------------------
diff --git 
a/geode-core/src/test/java/org/apache/geode/management/internal/security/DataCommandsSecurityTest.java
 
b/geode-core/src/test/java/org/apache/geode/management/internal/security/DataCommandsSecurityTest.java
index f746aaf..6269cf5 100644
--- 
a/geode-core/src/test/java/org/apache/geode/management/internal/security/DataCommandsSecurityTest.java
+++ 
b/geode-core/src/test/java/org/apache/geode/management/internal/security/DataCommandsSecurityTest.java
@@ -17,6 +17,13 @@ package org.apache.geode.management.internal.security;
 import static 
org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANAGER;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.ClassRule;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
 import org.apache.geode.cache.Cache;
 import org.apache.geode.management.MemberMXBean;
 import org.apache.geode.security.GemFireSecurityException;
@@ -26,12 +33,6 @@ import 
org.apache.geode.test.dunit.rules.MBeanServerConnectionRule;
 import org.apache.geode.test.dunit.rules.ServerStarterRule;
 import org.apache.geode.test.junit.categories.IntegrationTest;
 import org.apache.geode.test.junit.categories.SecurityTest;
-import org.junit.Before;
-import org.junit.BeforeClass;
-import org.junit.ClassRule;
-import org.junit.Rule;
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
 
 @Category({IntegrationTest.class, SecurityTest.class})
 public class DataCommandsSecurityTest {

http://git-wip-us.apache.org/repos/asf/geode/blob/451d12e8/geode-core/src/test/java/org/apache/geode/management/internal/security/DeployCommandsSecurityTest.java
----------------------------------------------------------------------
diff --git 
a/geode-core/src/test/java/org/apache/geode/management/internal/security/DeployCommandsSecurityTest.java
 
b/geode-core/src/test/java/org/apache/geode/management/internal/security/DeployCommandsSecurityTest.java
index a4b8c67..9dd4d99 100644
--- 
a/geode-core/src/test/java/org/apache/geode/management/internal/security/DeployCommandsSecurityTest.java
+++ 
b/geode-core/src/test/java/org/apache/geode/management/internal/security/DeployCommandsSecurityTest.java
@@ -18,14 +18,8 @@ import static 
org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANA
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.junit.Assert.assertTrue;
 
-import org.apache.geode.management.MemberMXBean;
-import org.apache.geode.security.NotAuthorizedException;
-import org.apache.geode.security.SimpleTestSecurityManager;
-import org.apache.geode.test.dunit.rules.ConnectionConfiguration;
-import org.apache.geode.test.dunit.rules.MBeanServerConnectionRule;
-import org.apache.geode.test.dunit.rules.ServerStarterRule;
-import org.apache.geode.test.junit.categories.IntegrationTest;
-import org.apache.geode.test.junit.categories.SecurityTest;
+import java.io.File;
+
 import org.junit.Before;
 import org.junit.BeforeClass;
 import org.junit.ClassRule;
@@ -34,7 +28,14 @@ import org.junit.Test;
 import org.junit.experimental.categories.Category;
 import org.junit.rules.TemporaryFolder;
 
-import java.io.File;
+import org.apache.geode.management.MemberMXBean;
+import org.apache.geode.security.NotAuthorizedException;
+import org.apache.geode.security.SimpleTestSecurityManager;
+import org.apache.geode.test.dunit.rules.ConnectionConfiguration;
+import org.apache.geode.test.dunit.rules.MBeanServerConnectionRule;
+import org.apache.geode.test.dunit.rules.ServerStarterRule;
+import org.apache.geode.test.junit.categories.IntegrationTest;
+import org.apache.geode.test.junit.categories.SecurityTest;
 
 @Category({IntegrationTest.class, SecurityTest.class})
 public class DeployCommandsSecurityTest {
@@ -81,14 +82,7 @@ public class DeployCommandsSecurityTest {
         .isInstanceOf(NotAuthorizedException.class);
   }
 
-  @Test // only cluster access right is not enough to deploy
-  @ConnectionConfiguration(user = "cluster", password = "cluster")
-  public void testNoAccess3() {
-    assertThatThrownBy(() -> bean.processCommand(deployCommand))
-        .isInstanceOf(NotAuthorizedException.class);
-  }
-
-  @Test // not sufficient privalge
+  @Test // not sufficient privilege
   @ConnectionConfiguration(user = 
"clusterRead,clusterWrite,dataRead,dataWrite",
       password = "clusterRead,clusterWrite,dataRead,dataWrite")
   public void testNoAccess4() {

http://git-wip-us.apache.org/repos/asf/geode/blob/451d12e8/geode-core/src/test/java/org/apache/geode/management/internal/security/DiskStoreMXBeanSecurityJUnitTest.java
----------------------------------------------------------------------
diff --git 
a/geode-core/src/test/java/org/apache/geode/management/internal/security/DiskStoreMXBeanSecurityJUnitTest.java
 
b/geode-core/src/test/java/org/apache/geode/management/internal/security/DiskStoreMXBeanSecurityJUnitTest.java
index e6502c0..4d101e7 100644
--- 
a/geode-core/src/test/java/org/apache/geode/management/internal/security/DiskStoreMXBeanSecurityJUnitTest.java
+++ 
b/geode-core/src/test/java/org/apache/geode/management/internal/security/DiskStoreMXBeanSecurityJUnitTest.java
@@ -17,13 +17,7 @@ package org.apache.geode.management.internal.security;
 import static 
org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANAGER;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 
-import org.apache.geode.management.DiskStoreMXBean;
-import org.apache.geode.security.TestSecurityManager;
-import org.apache.geode.test.dunit.rules.ConnectionConfiguration;
-import org.apache.geode.test.dunit.rules.MBeanServerConnectionRule;
-import org.apache.geode.test.dunit.rules.ServerStarterRule;
-import org.apache.geode.test.junit.categories.IntegrationTest;
-import org.apache.geode.test.junit.categories.SecurityTest;
+import org.assertj.core.api.SoftAssertions;
 import org.junit.Before;
 import org.junit.BeforeClass;
 import org.junit.ClassRule;
@@ -31,16 +25,21 @@ import org.junit.Rule;
 import org.junit.Test;
 import org.junit.experimental.categories.Category;
 
+import org.apache.geode.management.DiskStoreMXBean;
+import org.apache.geode.security.SimpleTestSecurityManager;
+import org.apache.geode.test.dunit.rules.ConnectionConfiguration;
+import org.apache.geode.test.dunit.rules.MBeanServerConnectionRule;
+import org.apache.geode.test.dunit.rules.ServerStarterRule;
+import org.apache.geode.test.junit.categories.IntegrationTest;
+import org.apache.geode.test.junit.categories.SecurityTest;
+
 @Category({IntegrationTest.class, SecurityTest.class})
 public class DiskStoreMXBeanSecurityJUnitTest {
   private DiskStoreMXBean bean;
 
   @ClassRule
   public static ServerStarterRule server = new 
ServerStarterRule().withJMXManager()
-      .withProperty(SECURITY_MANAGER, TestSecurityManager.class.getName())
-      .withProperty(TestSecurityManager.SECURITY_JSON,
-          "org/apache/geode/management/internal/security/cacheServer.json")
-      .withAutoStart();
+      .withProperty(SECURITY_MANAGER, 
SimpleTestSecurityManager.class.getName()).withAutoStart();
 
   @BeforeClass
   public static void beforeClass() throws Exception {
@@ -57,7 +56,48 @@ public class DiskStoreMXBeanSecurityJUnitTest {
   }
 
   @Test
-  @ConnectionConfiguration(user = "data-admin", password = "1234567")
+  @ConnectionConfiguration(user = "clusterRead", password = "clusterRead")
+  public void testClusterReadAccess() throws Exception {
+    assertThatThrownBy(() -> 
bean.flush()).hasMessageContaining(TestCommand.diskManage.toString());
+    assertThatThrownBy(() -> bean.forceCompaction())
+        .hasMessageContaining(TestCommand.diskManage.toString());
+    assertThatThrownBy(() -> bean.forceRoll())
+        .hasMessageContaining(TestCommand.diskManage.toString());
+    assertThatThrownBy(() -> bean.setDiskUsageCriticalPercentage(0.5f))
+        .hasMessageContaining(TestCommand.diskManage.toString());
+    assertThatThrownBy(() -> bean.setDiskUsageWarningPercentage(0.5f))
+        .hasMessageContaining(TestCommand.diskManage.toString());
+
+    bean.getCompactionThreshold();
+    bean.getDiskDirectories();
+    bean.getDiskReadsRate();
+    bean.isAutoCompact();
+    bean.isForceCompactionAllowed();
+  }
+
+  @Test
+  @ConnectionConfiguration(user = "clusterManageDisk", password = 
"clusterManageDisk")
+  public void testDiskManageAccess() throws Exception {
+    assertThatThrownBy(() -> bean.getCompactionThreshold())
+        .hasMessageContaining(TestCommand.clusterRead.toString());
+    assertThatThrownBy(() -> bean.getDiskDirectories())
+        .hasMessageContaining(TestCommand.clusterRead.toString());
+    assertThatThrownBy(() -> bean.getDiskReadsRate())
+        .hasMessageContaining(TestCommand.clusterRead.toString());
+    assertThatThrownBy(() -> bean.isAutoCompact())
+        .hasMessageContaining(TestCommand.clusterRead.toString());
+    assertThatThrownBy(() -> bean.isForceCompactionAllowed())
+        .hasMessageContaining(TestCommand.clusterRead.toString());
+
+    bean.flush();
+    bean.forceCompaction();
+    bean.forceRoll();
+    bean.setDiskUsageCriticalPercentage(0.5f);
+    bean.setDiskUsageWarningPercentage(0.5f);
+  }
+
+  @Test
+  @ConnectionConfiguration(user = "data,cluster", password = "data,cluster")
   public void testAllAccess() throws Exception {
     bean.flush();
     bean.forceCompaction();
@@ -72,26 +112,30 @@ public class DiskStoreMXBeanSecurityJUnitTest {
   }
 
   @Test
-  @ConnectionConfiguration(user = "data-user", password = "1234567")
+  @ConnectionConfiguration(user = "noAccess", password = "noAccess")
   public void testNoAccess() throws Exception {
-    assertThatThrownBy(() -> 
bean.flush()).hasMessageContaining(TestCommand.dataManage.toString());
-    assertThatThrownBy(() -> bean.forceCompaction())
-        .hasMessageContaining(TestCommand.dataManage.toString());
-    assertThatThrownBy(() -> bean.forceRoll())
-        .hasMessageContaining(TestCommand.dataManage.toString());
-    assertThatThrownBy(() -> bean.getCompactionThreshold())
+    SoftAssertions softly = new SoftAssertions();
+
+    softly.assertThatThrownBy(() -> bean.flush())
+        .hasMessageContaining(TestCommand.clusterManageDisk.toString());
+    softly.assertThatThrownBy(() -> bean.forceCompaction())
+        .hasMessageContaining(TestCommand.clusterManageDisk.toString());
+    softly.assertThatThrownBy(() -> bean.forceRoll())
+        .hasMessageContaining(TestCommand.clusterManageDisk.toString());
+    softly.assertThatThrownBy(() -> bean.getCompactionThreshold())
         .hasMessageContaining(TestCommand.clusterRead.toString());
-    assertThatThrownBy(() -> bean.getDiskDirectories())
+    softly.assertThatThrownBy(() -> bean.getDiskDirectories())
         .hasMessageContaining(TestCommand.clusterRead.toString());
-    assertThatThrownBy(() -> bean.getDiskReadsRate())
+    softly.assertThatThrownBy(() -> bean.getDiskReadsRate())
         .hasMessageContaining(TestCommand.clusterRead.toString());
-    assertThatThrownBy(() -> bean.isAutoCompact())
+    softly.assertThatThrownBy(() -> bean.isAutoCompact())
         .hasMessageContaining(TestCommand.clusterRead.toString());
-    assertThatThrownBy(() -> bean.isForceCompactionAllowed())
+    softly.assertThatThrownBy(() -> bean.isForceCompactionAllowed())
         .hasMessageContaining(TestCommand.clusterRead.toString());
-    assertThatThrownBy(() -> bean.setDiskUsageCriticalPercentage(0.5f))
-        .hasMessageContaining(TestCommand.dataManage.toString());
-    assertThatThrownBy(() -> bean.setDiskUsageWarningPercentage(0.5f))
-        .hasMessageContaining(TestCommand.dataManage.toString());
+    softly.assertThatThrownBy(() -> bean.setDiskUsageCriticalPercentage(0.5f))
+        .hasMessageContaining(TestCommand.clusterManageDisk.toString());
+    softly.assertThatThrownBy(() -> bean.setDiskUsageWarningPercentage(0.5f))
+        .hasMessageContaining(TestCommand.clusterManageDisk.toString());
+    softly.assertAll();
   }
 }

http://git-wip-us.apache.org/repos/asf/geode/blob/451d12e8/geode-core/src/test/java/org/apache/geode/management/internal/security/DistributedSystemMXBeanSecurityTest.java
----------------------------------------------------------------------
diff --git 
a/geode-core/src/test/java/org/apache/geode/management/internal/security/DistributedSystemMXBeanSecurityTest.java
 
b/geode-core/src/test/java/org/apache/geode/management/internal/security/DistributedSystemMXBeanSecurityTest.java
new file mode 100644
index 0000000..138aba6
--- /dev/null
+++ 
b/geode-core/src/test/java/org/apache/geode/management/internal/security/DistributedSystemMXBeanSecurityTest.java
@@ -0,0 +1,77 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more 
contributor license
+ * agreements. See the NOTICE file distributed with this work for additional 
information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache 
License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the 
License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software 
distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 
KIND, either express
+ * or implied. See the License for the specific language governing permissions 
and limitations under
+ * the License.
+ */
+
+package org.apache.geode.management.internal.security;
+
+import static 
org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANAGER;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
+
+import org.junit.Before;
+import org.junit.ClassRule;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+import org.apache.geode.management.DistributedSystemMXBean;
+import org.apache.geode.security.NotAuthorizedException;
+import org.apache.geode.security.SimpleTestSecurityManager;
+import org.apache.geode.security.TestSecurityManager;
+import org.apache.geode.test.dunit.rules.ConnectionConfiguration;
+import org.apache.geode.test.dunit.rules.MBeanServerConnectionRule;
+import org.apache.geode.test.dunit.rules.ServerStarterRule;
+import org.apache.geode.test.junit.categories.DistributedTest;
+import org.apache.geode.test.junit.categories.SecurityTest;
+
+@Category({DistributedTest.class, SecurityTest.class})
+public class DistributedSystemMXBeanSecurityTest {
+
+  private DistributedSystemMXBean bean;
+
+  @ClassRule
+  public static ServerStarterRule server = new 
ServerStarterRule().withJMXManager()
+      .withProperty(SECURITY_MANAGER, TestSecurityManager.class.getName())
+      .withSecurityManager(SimpleTestSecurityManager.class).withAutoStart();
+
+  @Rule
+  public MBeanServerConnectionRule connectionRule =
+      new MBeanServerConnectionRule(server::getJmxPort);
+
+  @Before
+  public void setUp() throws Exception {
+    bean = connectionRule.getProxyMBean(DistributedSystemMXBean.class);
+  }
+
+  @Test
+  @ConnectionConfiguration(user = "dataRead", password = "dataRead")
+  public void testDataReadAccess() throws Exception {
+    assertThatThrownBy(() -> bean.backupAllMembers(null, null))
+        .isInstanceOf(NotAuthorizedException.class);
+  }
+
+  @Test
+  @ConnectionConfiguration(user = "clusterManageDisk", password = 
"clusterManageDisk")
+  public void testDiskManageAccess() throws Exception {
+    assertThatThrownBy(() -> bean.backupAllMembers(null, null))
+        .isInstanceOf(NotAuthorizedException.class);
+  }
+
+  @Test
+  @ConnectionConfiguration(user = "dataRead,clusterWriteDisk",
+      password = "dataRead,clusterWriteDisk")
+  public void testBothAccess() throws Exception {
+    assertThatThrownBy(() -> bean.backupAllMembers(null, null))
+        .isNotInstanceOf(NotAuthorizedException.class);
+  }
+}

http://git-wip-us.apache.org/repos/asf/geode/blob/451d12e8/geode-core/src/test/java/org/apache/geode/management/internal/security/GatewayReceiverMBeanSecurityTest.java
----------------------------------------------------------------------
diff --git 
a/geode-core/src/test/java/org/apache/geode/management/internal/security/GatewayReceiverMBeanSecurityTest.java
 
b/geode-core/src/test/java/org/apache/geode/management/internal/security/GatewayReceiverMBeanSecurityTest.java
index 73783d5..3257edb 100644
--- 
a/geode-core/src/test/java/org/apache/geode/management/internal/security/GatewayReceiverMBeanSecurityTest.java
+++ 
b/geode-core/src/test/java/org/apache/geode/management/internal/security/GatewayReceiverMBeanSecurityTest.java
@@ -15,17 +15,11 @@
 package org.apache.geode.management.internal.security;
 
 import static 
org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANAGER;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.mockito.Mockito.mock;
 
-import org.apache.geode.management.GatewayReceiverMXBean;
-import org.apache.geode.management.ManagementService;
-import org.apache.geode.security.TestSecurityManager;
-import org.apache.geode.test.dunit.rules.ConnectionConfiguration;
-import org.apache.geode.test.dunit.rules.MBeanServerConnectionRule;
-import org.apache.geode.test.dunit.rules.ServerStarterRule;
-import org.apache.geode.test.junit.categories.IntegrationTest;
-import org.apache.geode.test.junit.categories.SecurityTest;
+import javax.management.ObjectName;
+
+import org.assertj.core.api.SoftAssertions;
 import org.junit.AfterClass;
 import org.junit.Before;
 import org.junit.BeforeClass;
@@ -34,7 +28,14 @@ import org.junit.Rule;
 import org.junit.Test;
 import org.junit.experimental.categories.Category;
 
-import javax.management.ObjectName;
+import org.apache.geode.management.GatewayReceiverMXBean;
+import org.apache.geode.management.ManagementService;
+import org.apache.geode.security.SimpleTestSecurityManager;
+import org.apache.geode.test.dunit.rules.ConnectionConfiguration;
+import org.apache.geode.test.dunit.rules.MBeanServerConnectionRule;
+import org.apache.geode.test.dunit.rules.ServerStarterRule;
+import org.apache.geode.test.junit.categories.IntegrationTest;
+import org.apache.geode.test.junit.categories.SecurityTest;
 
 @Category({IntegrationTest.class, SecurityTest.class})
 public class GatewayReceiverMBeanSecurityTest {
@@ -47,10 +48,7 @@ public class GatewayReceiverMBeanSecurityTest {
 
   @ClassRule
   public static ServerStarterRule server = new 
ServerStarterRule().withJMXManager()
-      .withProperty(SECURITY_MANAGER, TestSecurityManager.class.getName())
-      .withProperty(TestSecurityManager.SECURITY_JSON,
-          "org/apache/geode/management/internal/security/cacheServer.json")
-      .withAutoStart();
+      .withProperty(SECURITY_MANAGER, 
SimpleTestSecurityManager.class.getName()).withAutoStart();
 
   @Rule
   public MBeanServerConnectionRule connectionRule =
@@ -58,7 +56,7 @@ public class GatewayReceiverMBeanSecurityTest {
 
   @BeforeClass
   public static void beforeClass() throws Exception {
-    // the server does not have a GAtewayReceiverMXBean registered initially, 
has to register a mock
+    // the server does not have a GatewayReceiverMXBean registered initially, 
has to register a mock
     // one.
     service = ManagementService.getManagementService(server.getCache());
     mockBeanName = ObjectName.getInstance("GemFire", "key", "value");
@@ -76,7 +74,7 @@ public class GatewayReceiverMBeanSecurityTest {
   }
 
   @Test
-  @ConnectionConfiguration(user = "data-admin", password = "1234567")
+  @ConnectionConfiguration(user = "data,cluster", password = "data,cluster")
   public void testAllAccess() throws Exception {
     bean.getAverageBatchProcessingTime();
     bean.getBindAddress();
@@ -87,12 +85,16 @@ public class GatewayReceiverMBeanSecurityTest {
   }
 
   @Test
-  @ConnectionConfiguration(user = "data-user", password = "1234567")
+  @ConnectionConfiguration(user = "user", password = "user")
   public void testNoAccess() throws Exception {
-    assertThatThrownBy(() -> bean.getTotalConnectionsTimedOut())
+    SoftAssertions softly = new SoftAssertions();
+    softly.assertThatThrownBy(() -> bean.getTotalConnectionsTimedOut())
         .hasMessageContaining(TestCommand.clusterRead.toString());
-    assertThatThrownBy(() -> 
bean.start()).hasMessageContaining(TestCommand.dataManage.toString());
-    assertThatThrownBy(() -> 
bean.stop()).hasMessageContaining(TestCommand.dataManage.toString());
+    softly.assertThatThrownBy(() -> bean.start())
+        .hasMessageContaining(TestCommand.clusterManageGateway.toString());
+    softly.assertThatThrownBy(() -> bean.stop())
+        .hasMessageContaining(TestCommand.clusterManageGateway.toString());
+    softly.assertAll();
   }
 
 }

http://git-wip-us.apache.org/repos/asf/geode/blob/451d12e8/geode-core/src/test/java/org/apache/geode/management/internal/security/GatewaySenderMBeanSecurityTest.java
----------------------------------------------------------------------
diff --git 
a/geode-core/src/test/java/org/apache/geode/management/internal/security/GatewaySenderMBeanSecurityTest.java
 
b/geode-core/src/test/java/org/apache/geode/management/internal/security/GatewaySenderMBeanSecurityTest.java
index 887d0dc..3faa73e 100644
--- 
a/geode-core/src/test/java/org/apache/geode/management/internal/security/GatewaySenderMBeanSecurityTest.java
+++ 
b/geode-core/src/test/java/org/apache/geode/management/internal/security/GatewaySenderMBeanSecurityTest.java
@@ -15,18 +15,11 @@
 package org.apache.geode.management.internal.security;
 
 import static 
org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANAGER;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.mockito.Mockito.mock;
 
-import org.apache.geode.management.GatewaySenderMXBean;
-import org.apache.geode.management.ManagementService;
-import org.apache.geode.management.internal.beans.GatewaySenderMBean;
-import org.apache.geode.security.TestSecurityManager;
-import org.apache.geode.test.dunit.rules.ConnectionConfiguration;
-import org.apache.geode.test.dunit.rules.MBeanServerConnectionRule;
-import org.apache.geode.test.dunit.rules.ServerStarterRule;
-import org.apache.geode.test.junit.categories.IntegrationTest;
-import org.apache.geode.test.junit.categories.SecurityTest;
+import javax.management.ObjectName;
+
+import org.assertj.core.api.SoftAssertions;
 import org.junit.AfterClass;
 import org.junit.Before;
 import org.junit.BeforeClass;
@@ -35,7 +28,15 @@ import org.junit.Rule;
 import org.junit.Test;
 import org.junit.experimental.categories.Category;
 
-import javax.management.ObjectName;
+import org.apache.geode.management.GatewaySenderMXBean;
+import org.apache.geode.management.ManagementService;
+import org.apache.geode.management.internal.beans.GatewaySenderMBean;
+import org.apache.geode.security.SimpleTestSecurityManager;
+import org.apache.geode.test.dunit.rules.ConnectionConfiguration;
+import org.apache.geode.test.dunit.rules.MBeanServerConnectionRule;
+import org.apache.geode.test.dunit.rules.ServerStarterRule;
+import org.apache.geode.test.junit.categories.IntegrationTest;
+import org.apache.geode.test.junit.categories.SecurityTest;
 
 @Category({IntegrationTest.class, SecurityTest.class})
 public class GatewaySenderMBeanSecurityTest {
@@ -47,10 +48,7 @@ public class GatewaySenderMBeanSecurityTest {
 
   @ClassRule
   public static ServerStarterRule server = new 
ServerStarterRule().withJMXManager()
-      .withProperty(SECURITY_MANAGER, TestSecurityManager.class.getName())
-      .withProperty(TestSecurityManager.SECURITY_JSON,
-          "org/apache/geode/management/internal/security/cacheServer.json")
-      .withAutoStart();
+      .withProperty(SECURITY_MANAGER, 
SimpleTestSecurityManager.class.getName()).withAutoStart();
 
   @Rule
   public MBeanServerConnectionRule connectionRule =
@@ -58,7 +56,7 @@ public class GatewaySenderMBeanSecurityTest {
 
   @BeforeClass
   public static void beforeClass() throws Exception {
-    // the server does not have a GAtewaySenderMXBean registered initially, 
has to register a mock
+    // the server does not have a GatewaySenderMXBean registered initially, 
has to register a mock
     // one.
     service = ManagementService.getManagementService(server.getCache());
     mockBeanName = ObjectName.getInstance("GemFire", "key", "value");
@@ -76,7 +74,7 @@ public class GatewaySenderMBeanSecurityTest {
   }
 
   @Test
-  @ConnectionConfiguration(user = "data-admin", password = "1234567")
+  @ConnectionConfiguration(user = "data,cluster", password = "data,cluster")
   public void testAllAccess() throws Exception {
     bean.getAlertThreshold();
     bean.getAverageDistributionTimePerBatch();
@@ -93,28 +91,36 @@ public class GatewaySenderMBeanSecurityTest {
   }
 
   @Test
-  @ConnectionConfiguration(user = "stranger", password = "1234567")
+  @ConnectionConfiguration(user = "stranger", password = "stranger")
   public void testNoAccess() throws Exception {
-    assertThatThrownBy(() -> bean.getAlertThreshold())
+    SoftAssertions softly = new SoftAssertions();
+
+    softly.assertThatThrownBy(() -> bean.getAlertThreshold())
         .hasMessageContaining(TestCommand.clusterRead.toString());
-    assertThatThrownBy(() -> bean.getAverageDistributionTimePerBatch())
+    softly.assertThatThrownBy(() -> bean.getAverageDistributionTimePerBatch())
         .hasMessageContaining(TestCommand.clusterRead.toString());
-    assertThatThrownBy(() -> bean.getBatchSize())
+    softly.assertThatThrownBy(() -> bean.getBatchSize())
         .hasMessageContaining(TestCommand.clusterRead.toString());
-    assertThatThrownBy(() -> bean.getMaximumQueueMemory())
+    softly.assertThatThrownBy(() -> bean.getMaximumQueueMemory())
         .hasMessageContaining(TestCommand.clusterRead.toString());
-    assertThatThrownBy(() -> bean.getOrderPolicy())
+    softly.assertThatThrownBy(() -> bean.getOrderPolicy())
         .hasMessageContaining(TestCommand.clusterRead.toString());
-    assertThatThrownBy(() -> bean.isBatchConflationEnabled())
+    softly.assertThatThrownBy(() -> bean.isBatchConflationEnabled())
         .hasMessageContaining(TestCommand.clusterRead.toString());
-    assertThatThrownBy(() -> bean.isManualStart())
+    softly.assertThatThrownBy(() -> bean.isManualStart())
         .hasMessageContaining(TestCommand.clusterRead.toString());
-    assertThatThrownBy(() -> 
bean.pause()).hasMessageContaining(TestCommand.dataManage.toString());
-    assertThatThrownBy(() -> bean.rebalance())
-        .hasMessageContaining(TestCommand.dataManage.toString());
-    assertThatThrownBy(() -> 
bean.resume()).hasMessageContaining(TestCommand.dataManage.toString());
-    assertThatThrownBy(() -> 
bean.start()).hasMessageContaining(TestCommand.dataManage.toString());
-    assertThatThrownBy(() -> 
bean.stop()).hasMessageContaining(TestCommand.dataManage.toString());
+    softly.assertThatThrownBy(() -> bean.pause())
+        .hasMessageContaining(TestCommand.clusterManageGateway.toString());
+    softly.assertThatThrownBy(() -> bean.rebalance())
+        .hasMessageContaining(TestCommand.clusterManageGateway.toString());
+    softly.assertThatThrownBy(() -> bean.resume())
+        .hasMessageContaining(TestCommand.clusterManageGateway.toString());
+    softly.assertThatThrownBy(() -> bean.start())
+        .hasMessageContaining(TestCommand.clusterManageGateway.toString());
+    softly.assertThatThrownBy(() -> bean.stop())
+        .hasMessageContaining(TestCommand.clusterManageGateway.toString());
+
+    softly.assertAll();
   }
 
 }

http://git-wip-us.apache.org/repos/asf/geode/blob/451d12e8/geode-core/src/test/java/org/apache/geode/management/internal/security/GfshCommandsPostProcessorTest.java
----------------------------------------------------------------------
diff --git 
a/geode-core/src/test/java/org/apache/geode/management/internal/security/GfshCommandsPostProcessorTest.java
 
b/geode-core/src/test/java/org/apache/geode/management/internal/security/GfshCommandsPostProcessorTest.java
index 1486866..5603eab 100644
--- 
a/geode-core/src/test/java/org/apache/geode/management/internal/security/GfshCommandsPostProcessorTest.java
+++ 
b/geode-core/src/test/java/org/apache/geode/management/internal/security/GfshCommandsPostProcessorTest.java
@@ -18,19 +18,20 @@ import static 
org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANA
 import static 
org.apache.geode.distributed.ConfigurationProperties.SECURITY_POST_PROCESSOR;
 import static org.assertj.core.api.Assertions.assertThat;
 
+import org.junit.BeforeClass;
+import org.junit.ClassRule;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
 import org.apache.geode.cache.RegionShortcut;
+import org.apache.geode.security.SimpleTestSecurityManager;
 import org.apache.geode.security.TestPostProcessor;
-import org.apache.geode.security.TestSecurityManager;
 import org.apache.geode.test.dunit.rules.ConnectionConfiguration;
 import org.apache.geode.test.dunit.rules.GfshShellConnectionRule;
 import org.apache.geode.test.dunit.rules.ServerStarterRule;
 import org.apache.geode.test.junit.categories.IntegrationTest;
 import org.apache.geode.test.junit.categories.SecurityTest;
-import org.junit.BeforeClass;
-import org.junit.ClassRule;
-import org.junit.Rule;
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
 
 @Category({IntegrationTest.class, SecurityTest.class})
 public class GfshCommandsPostProcessorTest {
@@ -38,10 +39,7 @@ public class GfshCommandsPostProcessorTest {
   @ClassRule
   public static ServerStarterRule serverStarter = new 
ServerStarterRule().withJMXManager()
       .withProperty(SECURITY_POST_PROCESSOR, TestPostProcessor.class.getName())
-      .withProperty(SECURITY_MANAGER, TestSecurityManager.class.getName())
-      .withProperty("security-json",
-          "org/apache/geode/management/internal/security/cacheServer.json")
-      .withAutoStart();
+      .withProperty(SECURITY_MANAGER, 
SimpleTestSecurityManager.class.getName()).withAutoStart();
 
   @Rule
   public GfshShellConnectionRule gfshConnection = new GfshShellConnectionRule(
@@ -53,7 +51,7 @@ public class GfshCommandsPostProcessorTest {
   }
 
   @Test
-  @ConnectionConfiguration(user = "data-user", password = "1234567")
+  @ConnectionConfiguration(user = "dataWrite,dataRead", password = 
"dataWrite,dataRead")
   public void testGetPostProcess() throws Exception {
     gfshConnection.executeCommand("put --region=region1 --key=key1 
--value=value1");
     gfshConnection.executeCommand("put --region=region1 --key=key2 
--value=value2");
@@ -61,12 +59,12 @@ public class GfshCommandsPostProcessorTest {
 
     // for get command, assert the return value is processed
     String result = gfshConnection.execute("get --region=region1 --key=key1");
-    assertThat(result).contains("data-user/region1/key1/value1");
+    assertThat(result).contains("dataWrite,dataRead/region1/key1/value1");
 
     // for query command, assert the return values are processed
     result = gfshConnection.execute("query --query=\"select * from 
/region1\"");
-    assertThat(result).contains("data-user/null/null/value1");
-    assertThat(result).contains("data-user/null/null/value2");
-    assertThat(result).contains("data-user/null/null/value3");
+    assertThat(result).contains("dataWrite,dataRead/null/null/value1");
+    assertThat(result).contains("dataWrite,dataRead/null/null/value2");
+    assertThat(result).contains("dataWrite,dataRead/null/null/value3");
   }
 }

http://git-wip-us.apache.org/repos/asf/geode/blob/451d12e8/geode-core/src/test/java/org/apache/geode/management/internal/security/GfshCommandsSecurityTest.java
----------------------------------------------------------------------
diff --git 
a/geode-core/src/test/java/org/apache/geode/management/internal/security/GfshCommandsSecurityTest.java
 
b/geode-core/src/test/java/org/apache/geode/management/internal/security/GfshCommandsSecurityTest.java
index 84ef3fc..c2be173 100644
--- 
a/geode-core/src/test/java/org/apache/geode/management/internal/security/GfshCommandsSecurityTest.java
+++ 
b/geode-core/src/test/java/org/apache/geode/management/internal/security/GfshCommandsSecurityTest.java
@@ -15,12 +15,20 @@
 package org.apache.geode.management.internal.security;
 
 import static 
org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANAGER;
-import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
-import static org.junit.Assert.assertNotEquals;
 import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertTrue;
 
+import java.util.List;
+
+import org.apache.shiro.authz.permission.WildcardPermission;
+import org.assertj.core.api.SoftAssertions;
+import org.junit.BeforeClass;
+import org.junit.ClassRule;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
 import org.apache.geode.cache.RegionShortcut;
 import org.apache.geode.internal.logging.LogService;
 import org.apache.geode.management.cli.Result;
@@ -33,14 +41,6 @@ import 
org.apache.geode.test.dunit.rules.GfshShellConnectionRule;
 import org.apache.geode.test.dunit.rules.ServerStarterRule;
 import org.apache.geode.test.junit.categories.IntegrationTest;
 import org.apache.geode.test.junit.categories.SecurityTest;
-import org.apache.shiro.authz.permission.WildcardPermission;
-import org.junit.BeforeClass;
-import org.junit.ClassRule;
-import org.junit.Rule;
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-
-import java.util.List;
 
 @Category({IntegrationTest.class, SecurityTest.class})
 public class GfshCommandsSecurityTest {
@@ -49,7 +49,7 @@ public class GfshCommandsSecurityTest {
       .withProperty(SECURITY_MANAGER, TestSecurityManager.class.getName())
       .withProperty("security-json",
           "org/apache/geode/management/internal/security/cacheServer.json")
-      .withAutoStart();
+      .withRegion(RegionShortcut.REPLICATE_PERSISTENT, "persistentRegion");
 
   @Rule
   public GfshShellConnectionRule gfshConnection = new GfshShellConnectionRule(
@@ -75,82 +75,89 @@ public class GfshCommandsSecurityTest {
   @Test
   @ConnectionConfiguration(user = "cluster-reader", password = "1234567")
   public void testClusterReader() throws Exception {
-    runCommandsWithAndWithout("CLUSTER:READ");
+    runCommandsPermittedAndForbiddenBy("CLUSTER:READ");
   }
 
   @Test
   @ConnectionConfiguration(user = "cluster-writer", password = "1234567")
   public void testClusterWriter() throws Exception {
-    runCommandsWithAndWithout("CLUSTER:WRITE");
+    runCommandsPermittedAndForbiddenBy("CLUSTER:WRITE");
   }
 
   @Test
   @ConnectionConfiguration(user = "cluster-manager", password = "1234567")
   public void testClusterManager() throws Exception {
-    runCommandsWithAndWithout("CLUSTER:MANAGE");
+    runCommandsPermittedAndForbiddenBy("CLUSTER:MANAGE");
   }
 
   @Test
   @ConnectionConfiguration(user = "data-reader", password = "1234567")
   public void testDataReader() throws Exception {
-    runCommandsWithAndWithout("DATA:READ");
+    runCommandsPermittedAndForbiddenBy("DATA:READ");
   }
 
   @Test
   @ConnectionConfiguration(user = "data-writer", password = "1234567")
   public void testDataWriter() throws Exception {
-    runCommandsWithAndWithout("DATA:WRITE");
+    runCommandsPermittedAndForbiddenBy("DATA:WRITE");
   }
 
   @Test
   @ConnectionConfiguration(user = "data-manager", password = "1234567")
   public void testDataManager() throws Exception {
-    runCommandsWithAndWithout("DATA:MANAGE");
+    runCommandsPermittedAndForbiddenBy("DATA:MANAGE");
   }
 
   @Test
   @ConnectionConfiguration(user = "regionA-reader", password = "1234567")
   public void testRegionAReader() throws Exception {
-    runCommandsWithAndWithout("DATA:READ:RegionA");
+    runCommandsPermittedAndForbiddenBy("DATA:READ:RegionA");
   }
 
   @Test
   @ConnectionConfiguration(user = "regionA-writer", password = "1234567")
   public void testRegionAWriter() throws Exception {
-    runCommandsWithAndWithout("DATA:WRITE:RegionA");
+    runCommandsPermittedAndForbiddenBy("DATA:WRITE:RegionA");
   }
 
   @Test
   @ConnectionConfiguration(user = "regionA-manager", password = "1234567")
   public void testRegionAManager() throws Exception {
-    runCommandsWithAndWithout("DATA:MANAGE:RegionA");
+    runCommandsPermittedAndForbiddenBy("DATA:MANAGE:RegionA");
+  }
+
+  @Test
+  @ConnectionConfiguration(user = "super-user", password = "1234567")
+  public void testRegionSuperUser() throws Exception {
+    runCommandsPermittedAndForbiddenBy("*");
   }
 
-  private void runCommandsWithAndWithout(String permission) throws Exception {
+  private void runCommandsPermittedAndForbiddenBy(String permission) throws 
Exception {
     List<TestCommand> allPermitted =
         TestCommand.getPermittedCommands(new WildcardPermission(permission, 
true));
+    SoftAssertions softly = new SoftAssertions();
+
     for (TestCommand permitted : allPermitted) {
       System.out.println("Processing authorized command: " + 
permitted.getCommand());
       CommandResult result = 
gfshConnection.executeCommand(permitted.getCommand());
       assertNotNull(result);
 
       if (result.getResultData() instanceof ErrorResultData) {
-        assertNotEquals(ResultBuilder.ERRORCODE_UNAUTHORIZED,
-            ((ErrorResultData) result.getResultData()).getErrorCode());
+        
softly.assertThat(ResultBuilder.ERRORCODE_UNAUTHORIZED).describedAs(permitted.getCommand())
+            .isNotEqualTo(((ErrorResultData) 
result.getResultData()).getErrorCode());
       } else {
-        assertEquals(Result.Status.OK, result.getStatus());
+        softly.assertThat(Result.Status.OK).describedAs(permitted.toString())
+            .isEqualTo(result.getStatus());
       }
     }
 
-    List<TestCommand> others = TestCommand.getCommands();
+    // skip no permission commands
+    List<TestCommand> others = TestCommand.getOnlineCommands();
     others.removeAll(allPermitted);
     for (TestCommand other : others) {
-      // skip no permission commands
-      if (other.getPermission() == null)
-        continue;
 
       System.out.println("Processing unauthorized command: " + 
other.getCommand());
-      CommandResult result = (CommandResult) 
gfshConnection.executeCommand(other.getCommand());
+      CommandResult result = gfshConnection.executeCommand(other.getCommand());
       int errorCode = ((ErrorResultData) 
result.getResultData()).getErrorCode();
 
       // for some commands there are pre execution checks to check for user 
input error, will skip
@@ -160,13 +167,12 @@ public class GfshCommandsSecurityTest {
         continue;
       }
 
-      assertEquals(ResultBuilder.ERRORCODE_UNAUTHORIZED,
-          ((ErrorResultData) result.getResultData()).getErrorCode());
-      String resultMessage = result.getContent().toString();
-      String permString = other.getPermission().toString();
-      assertTrue(resultMessage + " does not contain " + permString,
-          resultMessage.contains(permString));
+      
softly.assertThat(ResultBuilder.ERRORCODE_UNAUTHORIZED).describedAs(other.getCommand())
+          .isEqualTo(((ErrorResultData) 
result.getResultData()).getErrorCode());
     }
+
+    softly.assertAll();
+
   }
 
   @Test

http://git-wip-us.apache.org/repos/asf/geode/blob/451d12e8/geode-core/src/test/java/org/apache/geode/management/internal/security/LockServiceMBeanAuthorizationJUnitTest.java
----------------------------------------------------------------------
diff --git 
a/geode-core/src/test/java/org/apache/geode/management/internal/security/LockServiceMBeanAuthorizationJUnitTest.java
 
b/geode-core/src/test/java/org/apache/geode/management/internal/security/LockServiceMBeanAuthorizationJUnitTest.java
index dad2e9c..dd5cd13 100644
--- 
a/geode-core/src/test/java/org/apache/geode/management/internal/security/LockServiceMBeanAuthorizationJUnitTest.java
+++ 
b/geode-core/src/test/java/org/apache/geode/management/internal/security/LockServiceMBeanAuthorizationJUnitTest.java
@@ -15,25 +15,26 @@
 package org.apache.geode.management.internal.security;
 
 import static 
org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANAGER;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
+
+import org.assertj.core.api.SoftAssertions;
+import org.junit.AfterClass;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.ClassRule;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
 
 import org.apache.geode.cache.Cache;
 import org.apache.geode.distributed.internal.InternalDistributedSystem;
 import org.apache.geode.distributed.internal.locks.DLockService;
 import org.apache.geode.management.LockServiceMXBean;
-import org.apache.geode.security.TestSecurityManager;
+import org.apache.geode.security.SimpleTestSecurityManager;
 import org.apache.geode.test.dunit.rules.ConnectionConfiguration;
 import org.apache.geode.test.dunit.rules.MBeanServerConnectionRule;
 import org.apache.geode.test.dunit.rules.ServerStarterRule;
 import org.apache.geode.test.junit.categories.IntegrationTest;
 import org.apache.geode.test.junit.categories.SecurityTest;
-import org.junit.AfterClass;
-import org.junit.Before;
-import org.junit.BeforeClass;
-import org.junit.ClassRule;
-import org.junit.Rule;
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
 
 @Category({IntegrationTest.class, SecurityTest.class})
 public class LockServiceMBeanAuthorizationJUnitTest {
@@ -41,10 +42,7 @@ public class LockServiceMBeanAuthorizationJUnitTest {
 
   @ClassRule
   public static ServerStarterRule server = new 
ServerStarterRule().withJMXManager()
-      .withProperty(SECURITY_MANAGER, TestSecurityManager.class.getName())
-      .withProperty(TestSecurityManager.SECURITY_JSON,
-          "org/apache/geode/management/internal/security/cacheServer.json")
-      .withAutoStart();
+      .withProperty(SECURITY_MANAGER, 
SimpleTestSecurityManager.class.getName()).withAutoStart();
 
   @Rule
   public MBeanServerConnectionRule connectionRule =
@@ -68,7 +66,8 @@ public class LockServiceMBeanAuthorizationJUnitTest {
   }
 
   @Test
-  @ConnectionConfiguration(user = "data-admin", password = "1234567")
+  @ConnectionConfiguration(user = "clusterRead,clusterManage",
+      password = "clusterRead,clusterManage")
   public void testAllAccess() throws Exception {
     lockServiceMBean.becomeLockGrantor();
     lockServiceMBean.fetchGrantorMember();
@@ -78,24 +77,50 @@ public class LockServiceMBeanAuthorizationJUnitTest {
   }
 
   @Test
-  @ConnectionConfiguration(user = "cluster-admin", password = "1234567")
-  public void testSomeAccess() throws Exception {
-    assertThatThrownBy(() -> lockServiceMBean.becomeLockGrantor());
+  @ConnectionConfiguration(user = "clusterManage", password = "clusterManage")
+  public void testClusterManage() throws Exception {
+    SoftAssertions softly = new SoftAssertions();
+    lockServiceMBean.becomeLockGrantor(); // c:m
+    softly.assertThatThrownBy(() -> lockServiceMBean.fetchGrantorMember())
+        .hasMessageContaining(TestCommand.clusterRead.toString());
+    softly.assertThatThrownBy(() -> lockServiceMBean.getMemberCount())
+        .hasMessageContaining(TestCommand.clusterRead.toString());
+    softly.assertThatThrownBy(() -> lockServiceMBean.isDistributed())
+        .hasMessageContaining(TestCommand.clusterRead.toString());
+    softly.assertThatThrownBy(() -> lockServiceMBean.listThreadsHoldingLock())
+        .hasMessageContaining(TestCommand.clusterRead.toString());
+    softly.assertAll();
+  }
+
+  @Test
+  @ConnectionConfiguration(user = "clusterRead", password = "clusterRead")
+  public void testClusterRead() throws Exception {
+    SoftAssertions softly = new SoftAssertions();
+    softly.assertThatThrownBy(() -> lockServiceMBean.becomeLockGrantor())
+        .hasMessageContaining(TestCommand.clusterManage.toString());
+    lockServiceMBean.fetchGrantorMember();
     lockServiceMBean.getMemberCount();
+    lockServiceMBean.isDistributed();
+    lockServiceMBean.listThreadsHoldingLock();
+    softly.assertAll();
   }
 
   @Test
-  @ConnectionConfiguration(user = "data-user", password = "1234567")
+  @ConnectionConfiguration(user = "user", password = "user")
   public void testNoAccess() throws Exception {
-    assertThatThrownBy(() -> lockServiceMBean.becomeLockGrantor())
-        .hasMessageContaining(TestCommand.dataManage.toString());
-    assertThatThrownBy(() -> lockServiceMBean.fetchGrantorMember())
+    SoftAssertions softly = new SoftAssertions();
+
+    softly.assertThatThrownBy(() -> lockServiceMBean.becomeLockGrantor())
+        .hasMessageContaining(TestCommand.clusterManage.toString());
+    softly.assertThatThrownBy(() -> lockServiceMBean.fetchGrantorMember())
         .hasMessageContaining(TestCommand.clusterRead.toString());
-    assertThatThrownBy(() -> lockServiceMBean.getMemberCount())
+    softly.assertThatThrownBy(() -> lockServiceMBean.getMemberCount())
         .hasMessageContaining(TestCommand.clusterRead.toString());
-    assertThatThrownBy(() -> lockServiceMBean.isDistributed())
+    softly.assertThatThrownBy(() -> lockServiceMBean.isDistributed())
         .hasMessageContaining(TestCommand.clusterRead.toString());
-    assertThatThrownBy(() -> lockServiceMBean.listThreadsHoldingLock())
+    softly.assertThatThrownBy(() -> lockServiceMBean.listThreadsHoldingLock())
         .hasMessageContaining(TestCommand.clusterRead.toString());
+
+    softly.assertAll();
   }
 }

http://git-wip-us.apache.org/repos/asf/geode/blob/451d12e8/geode-core/src/test/java/org/apache/geode/management/internal/security/MBeanSecurityJUnitTest.java
----------------------------------------------------------------------
diff --git 
a/geode-core/src/test/java/org/apache/geode/management/internal/security/MBeanSecurityJUnitTest.java
 
b/geode-core/src/test/java/org/apache/geode/management/internal/security/MBeanSecurityJUnitTest.java
index 091b1db..187246d 100644
--- 
a/geode-core/src/test/java/org/apache/geode/management/internal/security/MBeanSecurityJUnitTest.java
+++ 
b/geode-core/src/test/java/org/apache/geode/management/internal/security/MBeanSecurityJUnitTest.java
@@ -19,6 +19,22 @@ import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.mockito.Mockito.mock;
 
+import java.io.IOException;
+import java.util.Set;
+
+import javax.management.DynamicMBean;
+import javax.management.MBeanServer;
+import javax.management.MBeanServerConnection;
+import javax.management.MalformedObjectNameException;
+import javax.management.ObjectInstance;
+import javax.management.ObjectName;
+import javax.management.ReflectionException;
+
+import org.junit.ClassRule;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
 import org.apache.geode.management.ManagementException;
 import org.apache.geode.management.ManagementService;
 import org.apache.geode.management.MemberMXBean;
@@ -29,20 +45,6 @@ import 
org.apache.geode.test.dunit.rules.MBeanServerConnectionRule;
 import org.apache.geode.test.dunit.rules.ServerStarterRule;
 import org.apache.geode.test.junit.categories.IntegrationTest;
 import org.apache.geode.test.junit.categories.SecurityTest;
-import org.junit.ClassRule;
-import org.junit.Rule;
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-
-import java.io.IOException;
-import java.util.Set;
-import javax.management.DynamicMBean;
-import javax.management.MBeanServer;
-import javax.management.MBeanServerConnection;
-import javax.management.MalformedObjectNameException;
-import javax.management.ObjectInstance;
-import javax.management.ObjectName;
-import javax.management.ReflectionException;
 
 @Category({IntegrationTest.class, SecurityTest.class})
 public class MBeanSecurityJUnitTest {

http://git-wip-us.apache.org/repos/asf/geode/blob/451d12e8/geode-core/src/test/java/org/apache/geode/management/internal/security/ManagerMBeanAuthorizationJUnitTest.java
----------------------------------------------------------------------
diff --git 
a/geode-core/src/test/java/org/apache/geode/management/internal/security/ManagerMBeanAuthorizationJUnitTest.java
 
b/geode-core/src/test/java/org/apache/geode/management/internal/security/ManagerMBeanAuthorizationJUnitTest.java
index 77f68c3..73ffe97 100644
--- 
a/geode-core/src/test/java/org/apache/geode/management/internal/security/ManagerMBeanAuthorizationJUnitTest.java
+++ 
b/geode-core/src/test/java/org/apache/geode/management/internal/security/ManagerMBeanAuthorizationJUnitTest.java
@@ -15,9 +15,20 @@
 package org.apache.geode.management.internal.security;
 
 import static 
org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANAGER;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.mockito.Mockito.mock;
 
+import java.lang.management.ManagementFactory;
+
+import javax.management.ObjectName;
+
+import org.assertj.core.api.SoftAssertions;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.ClassRule;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
 import org.apache.geode.management.ManagerMXBean;
 import org.apache.geode.management.internal.beans.ManagerMBean;
 import org.apache.geode.security.TestSecurityManager;
@@ -26,15 +37,6 @@ import 
org.apache.geode.test.dunit.rules.MBeanServerConnectionRule;
 import org.apache.geode.test.dunit.rules.ServerStarterRule;
 import org.apache.geode.test.junit.categories.IntegrationTest;
 import org.apache.geode.test.junit.categories.SecurityTest;
-import org.junit.Before;
-import org.junit.BeforeClass;
-import org.junit.ClassRule;
-import org.junit.Rule;
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-
-import java.lang.management.ManagementFactory;
-import javax.management.ObjectName;
 
 @Category({IntegrationTest.class, SecurityTest.class})
 public class ManagerMBeanAuthorizationJUnitTest {
@@ -76,10 +78,14 @@ public class ManagerMBeanAuthorizationJUnitTest {
   @Test
   @ConnectionConfiguration(user = "data-admin", password = "1234567")
   public void testSomeAccess() throws Exception {
-    assertThatThrownBy(() -> managerMXBean.start())
+    SoftAssertions softly = new SoftAssertions();
+
+    softly.assertThatThrownBy(() -> managerMXBean.start())
         .hasMessageContaining(TestCommand.clusterManage.toString());
-    assertThatThrownBy(() -> managerMXBean.getPulseURL())
+    softly.assertThatThrownBy(() -> managerMXBean.getPulseURL())
         .hasMessageContaining(TestCommand.clusterWrite.toString());
+
+    softly.assertAll();
     managerMXBean.isRunning();
   }
 }

http://git-wip-us.apache.org/repos/asf/geode/blob/451d12e8/geode-core/src/test/java/org/apache/geode/management/internal/security/MemberMBeanSecurityJUnitTest.java
----------------------------------------------------------------------
diff --git 
a/geode-core/src/test/java/org/apache/geode/management/internal/security/MemberMBeanSecurityJUnitTest.java
 
b/geode-core/src/test/java/org/apache/geode/management/internal/security/MemberMBeanSecurityJUnitTest.java
index 77ddcc9..e6b50d2 100644
--- 
a/geode-core/src/test/java/org/apache/geode/management/internal/security/MemberMBeanSecurityJUnitTest.java
+++ 
b/geode-core/src/test/java/org/apache/geode/management/internal/security/MemberMBeanSecurityJUnitTest.java
@@ -17,6 +17,13 @@ package org.apache.geode.management.internal.security;
 import static 
org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANAGER;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 
+import org.assertj.core.api.SoftAssertions;
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.contrib.java.lang.system.RestoreSystemProperties;
+import org.junit.experimental.categories.Category;
+
 import org.apache.geode.management.MemberMXBean;
 import org.apache.geode.security.TestSecurityManager;
 import org.apache.geode.test.dunit.rules.ConnectionConfiguration;
@@ -24,11 +31,6 @@ import 
org.apache.geode.test.dunit.rules.MBeanServerConnectionRule;
 import org.apache.geode.test.dunit.rules.ServerStarterRule;
 import org.apache.geode.test.junit.categories.IntegrationTest;
 import org.apache.geode.test.junit.categories.SecurityTest;
-import org.junit.Before;
-import org.junit.Rule;
-import org.junit.Test;
-import org.junit.contrib.java.lang.system.RestoreSystemProperties;
-import org.junit.experimental.categories.Category;
 
 @Category({IntegrationTest.class, SecurityTest.class})
 public class MemberMBeanSecurityJUnitTest {
@@ -67,7 +69,6 @@ public class MemberMBeanSecurityJUnitTest {
     bean.isCacheServer();
     bean.isServer();
     bean.listConnectedGatewayReceivers();
-    // bean.processCommand("create region --name=Region_A");
     bean.showJVMMetrics();
     bean.status();
   }
@@ -75,8 +76,7 @@ public class MemberMBeanSecurityJUnitTest {
   @Test
   @ConnectionConfiguration(user = "cluster-admin", password = "1234567")
   public void testClusterAdmin() throws Exception {
-    assertThatThrownBy(() -> bean.compactAllDiskStores())
-        .hasMessageContaining(TestCommand.dataManage.toString());
+    bean.compactAllDiskStores();
     bean.shutDownMember();
     bean.createManager();
     bean.fetchJvmThreads();
@@ -93,7 +93,8 @@ public class MemberMBeanSecurityJUnitTest {
   @Test
   @ConnectionConfiguration(user = "data-admin", password = "1234567")
   public void testDataAdmin() throws Exception {
-    bean.compactAllDiskStores();
+    assertThatThrownBy(() -> bean.compactAllDiskStores())
+        .hasMessageContaining(TestCommand.clusterManageDisk.toString());
     assertThatThrownBy(() -> bean.shutDownMember())
         .hasMessageContaining(TestCommand.clusterManage.toString());
     assertThatThrownBy(() -> bean.createManager())
@@ -105,31 +106,35 @@ public class MemberMBeanSecurityJUnitTest {
   @Test
   @ConnectionConfiguration(user = "data-user", password = "1234567")
   public void testDataUser() throws Exception {
-    assertThatThrownBy(() -> bean.shutDownMember())
+    SoftAssertions softly = new SoftAssertions();
+
+    softly.assertThatThrownBy(() -> bean.shutDownMember())
         .hasMessageContaining(TestCommand.clusterManage.toString());
-    assertThatThrownBy(() -> bean.createManager())
+    softly.assertThatThrownBy(() -> bean.createManager())
         .hasMessageContaining(TestCommand.clusterManage.toString());
-    assertThatThrownBy(() -> bean.compactAllDiskStores())
-        .hasMessageContaining(TestCommand.dataManage.toString());
-    assertThatThrownBy(() -> bean.fetchJvmThreads())
+    softly.assertThatThrownBy(() -> bean.compactAllDiskStores())
+        .hasMessageContaining(TestCommand.clusterManageDisk.toString());
+    softly.assertThatThrownBy(() -> bean.fetchJvmThreads())
         .hasMessageContaining(TestCommand.clusterRead.toString());
-    assertThatThrownBy(() -> bean.getName())
+    softly.assertThatThrownBy(() -> bean.getName())
         .hasMessageContaining(TestCommand.clusterRead.toString());
-    assertThatThrownBy(() -> bean.getDiskStores())
+    softly.assertThatThrownBy(() -> bean.getDiskStores())
         .hasMessageContaining(TestCommand.clusterRead.toString());
-    assertThatThrownBy(() -> bean.hasGatewayReceiver())
+    softly.assertThatThrownBy(() -> bean.hasGatewayReceiver())
         .hasMessageContaining(TestCommand.clusterRead.toString());
-    assertThatThrownBy(() -> bean.isCacheServer())
+    softly.assertThatThrownBy(() -> bean.isCacheServer())
         .hasMessageContaining(TestCommand.clusterRead.toString());
-    assertThatThrownBy(() -> bean.isServer())
+    softly.assertThatThrownBy(() -> bean.isServer())
         .hasMessageContaining(TestCommand.clusterRead.toString());
-    assertThatThrownBy(() -> bean.listConnectedGatewayReceivers())
+    softly.assertThatThrownBy(() -> bean.listConnectedGatewayReceivers())
         .hasMessageContaining(TestCommand.clusterRead.toString());
-    assertThatThrownBy(() -> bean.processCommand("create region 
--name=Region_A"))
+    softly.assertThatThrownBy(() -> bean.processCommand("create region 
--name=Region_A"))
         .hasMessageContaining(TestCommand.dataManage.toString());
-    assertThatThrownBy(() -> bean.showJVMMetrics())
+    softly.assertThatThrownBy(() -> bean.showJVMMetrics())
         .hasMessageContaining(TestCommand.clusterRead.toString());
-    assertThatThrownBy(() -> bean.status())
+    softly.assertThatThrownBy(() -> bean.status())
         .hasMessageContaining(TestCommand.clusterRead.toString());
+
+    softly.assertAll();
   }
 }

http://git-wip-us.apache.org/repos/asf/geode/blob/451d12e8/geode-core/src/test/java/org/apache/geode/management/internal/security/MultiUserDUnitTest.java
----------------------------------------------------------------------
diff --git 
a/geode-core/src/test/java/org/apache/geode/management/internal/security/MultiUserDUnitTest.java
 
b/geode-core/src/test/java/org/apache/geode/management/internal/security/MultiUserDUnitTest.java
index 255048d..e3fe173 100644
--- 
a/geode-core/src/test/java/org/apache/geode/management/internal/security/MultiUserDUnitTest.java
+++ 
b/geode-core/src/test/java/org/apache/geode/management/internal/security/MultiUserDUnitTest.java
@@ -18,12 +18,21 @@ import static 
org.apache.geode.distributed.ConfigurationProperties.NAME;
 import static 
org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANAGER;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertNotEquals;
-import static org.junit.Assert.assertTrue;
+
+import java.io.IOException;
+import java.util.List;
+import java.util.Properties;
+import java.util.concurrent.TimeUnit;
+
+import org.awaitility.Awaitility;
+import org.json.JSONException;
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
 
 import org.apache.geode.internal.logging.LogService;
 import org.apache.geode.management.cli.Result.Status;
-import org.apache.geode.management.internal.cli.HeadlessGfsh;
-import org.apache.geode.management.internal.cli.commands.CliCommandTestBase;
 import org.apache.geode.management.internal.cli.result.CommandResult;
 import org.apache.geode.management.internal.cli.result.ErrorResultData;
 import org.apache.geode.management.internal.cli.result.ResultBuilder;
@@ -32,67 +41,62 @@ import org.apache.geode.test.dunit.AsyncInvocation;
 import org.apache.geode.test.dunit.Host;
 import org.apache.geode.test.dunit.IgnoredException;
 import org.apache.geode.test.dunit.VM;
+import org.apache.geode.test.dunit.rules.GfshShellConnectionRule;
+import org.apache.geode.test.dunit.rules.GfshShellConnectionRule.PortType;
+import org.apache.geode.test.dunit.rules.LocatorServerStartupRule;
+import org.apache.geode.test.dunit.rules.Member;
 import org.apache.geode.test.junit.categories.DistributedTest;
 import org.apache.geode.test.junit.categories.FlakyTest;
 import org.apache.geode.test.junit.categories.SecurityTest;
-import org.awaitility.Awaitility;
-import org.json.JSONException;
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-
-import java.io.IOException;
-import java.util.List;
-import java.util.Properties;
-import java.util.concurrent.TimeUnit;
 
 @Category({DistributedTest.class, SecurityTest.class})
-public class MultiUserDUnitTest extends CliCommandTestBase {
+public class MultiUserDUnitTest {
 
-  @Category(FlakyTest.class) // GEODE-1579
-  @Test
-  public void testMultiUser() throws IOException, JSONException, 
InterruptedException {
-    IgnoredException.addIgnoredException("java.util.zip.ZipException: zip file 
is empty");
+  @Rule
+  public LocatorServerStartupRule lsRule = new LocatorServerStartupRule();
+
+  private Member server;
 
+  @Before
+  public void setup() throws Exception {
     Properties properties = new Properties();
     properties.put(NAME, MultiUserDUnitTest.class.getSimpleName());
     properties.put(SECURITY_MANAGER, TestSecurityManager.class.getName());
-
-    // set up vm_0 the secure jmx manager
-    Object[] results = setUpJMXManagerOnVM(0, properties,
+    properties.put("security-json",
         "org/apache/geode/management/internal/security/cacheServer.json");
-    String gfshDir = this.gfshDir;
+    server = lsRule.startServerAsJmxManager(0, properties);
+  }
+
+  @Category(FlakyTest.class) // GEODE-1579
+  @Test
+  public void testMultiUser() throws IOException, JSONException, 
InterruptedException {
+
+    IgnoredException.addIgnoredException("java.util.zip.ZipException: zip file 
is empty");
+    int jmxPort = server.getJmxPort();
 
     // set up vm_1 as a gfsh vm, data-reader will login and log out constantly 
in this vm until the
     // test is done.
     VM vm1 = Host.getHost(0).getVM(1);
     AsyncInvocation vm1Invoke = vm1.invokeAsync("run as data-reader", () -> {
-      String shellId = getClass().getSimpleName() + "_vm1";
-      HeadlessGfsh shell = new HeadlessGfsh(shellId, 30, gfshDir);
-      while (true) {
-        connect((String) results[0], (Integer) results[1], (Integer) 
results[2], shell,
-            "data-reader", "1234567");
-        Awaitility.waitAtMost(5, TimeUnit.MILLISECONDS);
-        shell.executeCommand("disconnect");
-      }
+      GfshShellConnectionRule gfsh = new GfshShellConnectionRule();
+      gfsh.secureConnectAndVerify(jmxPort, PortType.jmxManger, "data-reader", 
"1234567");
+
+      Awaitility.waitAtMost(5, TimeUnit.MILLISECONDS);
+      gfsh.close();
     });
 
     VM vm2 = Host.getHost(0).getVM(2);
     // set up vm_2 as a gfsh vm, and then connect as "stranger" and try to 
execute the commands and
     // assert errors comes back are NotAuthorized
     AsyncInvocation vm2Invoke = vm2.invokeAsync("run as guest", () -> {
-      String shellId = getClass().getSimpleName() + "_vm2";
-      HeadlessGfsh shell = new HeadlessGfsh(shellId, 30, gfshDir);
-      connect((String) results[0], (Integer) results[1], (Integer) results[2], 
shell, "stranger",
-          "1234567");
+      GfshShellConnectionRule gfsh = new GfshShellConnectionRule();
+      gfsh.secureConnectAndVerify(jmxPort, PortType.jmxManger, "stranger", 
"1234567");
 
-      List<TestCommand> allCommands = TestCommand.getCommands();
+      List<TestCommand> allCommands = TestCommand.getOnlineCommands();
       for (TestCommand command : allCommands) {
         LogService.getLogger().info("executing: " + command.getCommand());
-        if (command.getPermission() == null) {
-          continue;
-        }
 
-        CommandResult result = executeCommand(shell, command.getCommand());
+        CommandResult result = gfsh.executeCommand(command.getCommand());
 
         int errorCode = ((ErrorResultData) 
result.getResultData()).getErrorCode();
 
@@ -106,11 +110,9 @@ public class MultiUserDUnitTest extends CliCommandTestBase 
{
         assertEquals("Not an expected result: " + result.toString(),
             ResultBuilder.ERRORCODE_UNAUTHORIZED,
             ((ErrorResultData) result.getResultData()).getErrorCode());
-        String resultMessage = result.getContent().toString();
-        String permString = command.getPermission().toString();
-        assertTrue(resultMessage + " does not contain " + permString,
-            resultMessage.contains(permString));
+
       }
+      gfsh.close();
       LogService.getLogger().info("vm 2 done!");
     });
 
@@ -123,28 +125,22 @@ public class MultiUserDUnitTest extends 
CliCommandTestBase {
     // set up vm_3 as another gfsh vm, and then connect as "super-user" and 
try to execute the
     // commands and assert we don't get a NotAuthorized Exception
     AsyncInvocation vm3Invoke = vm3.invokeAsync("run as superUser", () -> {
-      String shellId = getClass().getSimpleName() + "_vm3";
-      HeadlessGfsh shell = new HeadlessGfsh(shellId, 30, gfshDir);
-      connect((String) results[0], (Integer) results[1], (Integer) results[2], 
shell, "super-user",
-          "1234567");
+      GfshShellConnectionRule gfsh = new GfshShellConnectionRule();
+      gfsh.secureConnectAndVerify(jmxPort, PortType.jmxManger, "super-user", 
"1234567");
 
-      List<TestCommand> allCommands = TestCommand.getCommands();
+      List<TestCommand> allCommands = TestCommand.getOnlineCommands();
       for (TestCommand command : allCommands) {
         LogService.getLogger().info("executing: " + command.getCommand());
-        if (command.getPermission() == null) {
-          continue;
-        }
 
-        CommandResult result = executeCommand(shell, command.getCommand());
+        CommandResult result = gfsh.executeCommand(command.getCommand());
         if (result.getResultData().getStatus() == Status.OK) {
           continue;
         }
-
         assertNotEquals("Did not expect an Unauthorized exception: " + 
result.toString(),
             ResultBuilder.ERRORCODE_UNAUTHORIZED,
             ((ErrorResultData) result.getResultData()).getErrorCode());
       }
-
+      gfsh.close();
       LogService.getLogger().info("vm 3 done!");
     });
 

http://git-wip-us.apache.org/repos/asf/geode/blob/451d12e8/geode-core/src/test/java/org/apache/geode/management/internal/security/ResourcePermissionTest.java
----------------------------------------------------------------------
diff --git 
a/geode-core/src/test/java/org/apache/geode/management/internal/security/ResourcePermissionTest.java
 
b/geode-core/src/test/java/org/apache/geode/management/internal/security/ResourcePermissionTest.java
index 51f8c5e..54db58e 100644
--- 
a/geode-core/src/test/java/org/apache/geode/management/internal/security/ResourcePermissionTest.java
+++ 
b/geode-core/src/test/java/org/apache/geode/management/internal/security/ResourcePermissionTest.java
@@ -16,18 +16,17 @@ package org.apache.geode.management.internal.security;
 
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertTrue;
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
+
+import org.apache.shiro.authz.permission.WildcardPermission;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
 
 import org.apache.geode.security.ResourcePermission;
-import org.apache.geode.security.ResourcePermission.Target;
 import org.apache.geode.security.ResourcePermission.Operation;
 import org.apache.geode.security.ResourcePermission.Resource;
+import org.apache.geode.security.ResourcePermission.Target;
 import org.apache.geode.test.junit.categories.SecurityTest;
 import org.apache.geode.test.junit.categories.UnitTest;
-import org.apache.shiro.authz.permission.WildcardPermission;
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
 
 @Category({UnitTest.class, SecurityTest.class})
 public class ResourcePermissionTest {
@@ -110,7 +109,7 @@ public class ResourcePermissionTest {
   }
 
   @Test
-  public void testImples() {
+  public void testImplies() {
     WildcardPermission role = new WildcardPermission("*:read");
     role.implies(new ResourcePermission(Resource.DATA, Operation.READ));
     role.implies(new ResourcePermission(Resource.CLUSTER, Operation.READ));

Reply via email to