You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@geode.apache.org by ji...@apache.org on 2016/06/27 21:21:08 UTC
[18/50] [abbrv] incubator-geode git commit: Extract tests to their
own distributed test classes
Extract tests to their own distributed test classes
Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/6a45ca0c
Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/6a45ca0c
Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/6a45ca0c
Branch: refs/heads/feature/GEODE-1571
Commit: 6a45ca0cc8cd9283a84cc43f52c54bc4c17e95b9
Parents: 46017f9 2b32829
Author: gmeilen <gr...@gmail.com>
Authored: Thu Jun 23 15:20:23 2016 -0700
Committer: gmeilen <gr...@gmail.com>
Committed: Thu Jun 23 15:20:23 2016 -0700
----------------------------------------------------------------------
.../asyncqueue/AsyncEventQueueFactory.java | 2 +-
.../cache/tier/sockets/BaseCommand.java | 7 -
.../cache/tier/sockets/BaseCommandQuery.java | 11 +-
.../tier/sockets/command/CloseConnection.java | 13 +-
.../tier/sockets/command/CreateRegion.java | 122 +++++++-------
.../tier/sockets/command/DestroyRegion.java | 167 +++++++++----------
.../security/IntegratedClientAuthDUnitTest.java | 167 -------------------
...entDestroyInvalidateAuthDistributedTest.java | 78 +++++++++
...dClientDestroyRegionAuthDistributedTest.java | 50 ++++++
...tegratedClientGetPutAuthDistributedTest.java | 116 +++++++++++++
...ntegratedClientQueryAuthDistributedTest.java | 45 +++++
...tedClientRegionClearAuthDistributedTest.java | 54 ++++++
.../internal/security/clientServer.json | 7 +
13 files changed, 507 insertions(+), 332 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/6a45ca0c/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/BaseCommand.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/6a45ca0c/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientAuthDUnitTest.java
----------------------------------------------------------------------
diff --cc geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientAuthDUnitTest.java
index 506a171,4b7b573..10a8f73
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientAuthDUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientAuthDUnitTest.java
@@@ -14,23 -14,22 +14,10 @@@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
--
package com.gemstone.gemfire.security;
-import static com.gemstone.gemfire.security.SecurityTestUtils.*;
-import static org.assertj.core.api.Assertions.*;
--import static org.junit.Assert.*;
--
--import java.util.ArrayList;
--import java.util.HashMap;
--import java.util.List;
--import java.util.Map;
--import java.util.Set;
-
- import com.gemstone.gemfire.cache.Cache;
- import com.gemstone.gemfire.cache.Region;
- import com.gemstone.gemfire.test.dunit.AsyncInvocation;
- import com.gemstone.gemfire.test.dunit.SerializableRunnable;
+import com.gemstone.gemfire.test.junit.categories.DistributedTest;
-import org.assertj.core.api.ThrowableAssert.ThrowingCallable;
-import org.junit.After;
-import org.junit.Before;
import org.junit.Test;
import org.junit.experimental.categories.Category;
@@@ -48,160 -90,193 +35,6 @@@ public class IntegratedClientAuthDUnitT
SecurityTestUtils.createCacheClient("super-user", "wrong", port, SecurityTestUtils.AUTHFAIL_EXCEPTION);
});
}
-
- @Test
- public void testGetPutAuthorization() throws InterruptedException {
- Map<String, String> allValues = new HashMap<String, String>();
- allValues.put("key1", "value1");
- allValues.put("key2", "value2");
-
- List<String> keys = new ArrayList<>();
- keys.add("key1");
- keys.add("key2");
-
- // client1 connects to server as a user not authorized to do any operations
- AsyncInvocation ai1 = client1.invokeAsync(()->{
- Cache cache = SecurityTestUtils.createCacheClient("stranger", "1234567", serverPort, SecurityTestUtils.NO_EXCEPTION);
- final Region region = cache.getRegion(SecurityTestUtils.REGION_NAME);
-
- assertNotAuthorized(()->region.put("key3", "value3"), "DATA:WRITE:AuthRegion:key3");
- assertNotAuthorized(()->region.get("key3"), "DATA:READ:AuthRegion:key3");
-
- //putall
- assertNotAuthorized(()->region.putAll(allValues), "DATA:WRITE:AuthRegion");
-
- // not authorized for either keys, get no record back
- Map keyValues = region.getAll(keys);
- assertEquals(0, keyValues.size());
-
- Set keySet = region.keySet();
- assertEquals(0, keySet.size());
-
- // Query query = cache.getQueryService().newQuery("select * from /AuthRegion");
- // Object result = query.execute();
-
- cache.close();
- });
-
-
- // client2 connects to user as a user authorized to use AuthRegion region
- AsyncInvocation ai2 = client2.invokeAsync(()->{
- Cache cache = SecurityTestUtils.createCacheClient("authRegionUser", "1234567", serverPort, SecurityTestUtils.NO_EXCEPTION);
- final Region region = cache.getRegion(SecurityTestUtils.REGION_NAME);
-
- region.put("key3", "value3");
- assertEquals("value3", region.get("key3"));
-
- // put all
- region.putAll(allValues);
-
- // get all
- Map keyValues = region.getAll(keys);
- assertEquals(2, keyValues.size());
-
- // keyset
- Set keySet = region.keySet();
- assertEquals(3, keySet.size());
- });
-
- // client3 connects to user as a user authorized to use key1 in AuthRegion region
- AsyncInvocation ai3 = client3.invokeAsync(()->{
- Cache cache = SecurityTestUtils.createCacheClient("key1User", "1234567", serverPort, SecurityTestUtils.NO_EXCEPTION);
- final Region region = cache.getRegion(SecurityTestUtils.REGION_NAME);
-
- assertNotAuthorized(()->region.put("key2", "value1"), "DATA:WRITE:AuthRegion:key2");
- assertNotAuthorized(()->region.get("key2"), "DATA:READ:AuthRegion:key2");
-
- assertNotAuthorized(()->region.putAll(allValues), "DATA:WRITE:AuthRegion");
-
- // only authorized for one recrod
- Map keyValues = region.getAll(keys);
- assertEquals(1, keyValues.size());
-
- // keyset
- Set keySet = region.keySet();
- assertEquals(1, keySet.size());
- });
-
- ai1.join();
- ai2.join();
- ai3.join();
-
- ai1.checkException();
- ai2.checkException();
- ai3.checkException();
- }
-
- @Test
- public void testDestroyInvalidate() throws InterruptedException {
-
- // Delete one key and invalidate another key with an authorized user.
- AsyncInvocation ai1 = client1.invokeAsync(() -> {
- Cache cache = SecurityTestUtils.createCacheClient("authRegionUser", "1234567", serverPort, SecurityTestUtils.NO_EXCEPTION);
- final Region region = cache.getRegion(SecurityTestUtils.REGION_NAME);
-
- assertEquals(region.get("key1"), "value1");
- assertTrue(region.containsKey("key1")); // will only be true after we first get it, then it's cached locally
-
- // Destroy key1
- region.destroy("key1");
- assertFalse(region.containsKey("key1"));
-
- // Invalidate key2
- assertNotNull("Value of key2 should not be null", region.get("key2"));
- region.invalidate("key2");
- assertNull("Value of key2 should have been null", region.get("key2"));
-
- });
-
- // Delete one key and invalidate another key with an unauthorized user.
- AsyncInvocation ai2 = client2.invokeAsync(() -> {
- Cache cache = SecurityTestUtils.createCacheClient("authRegionReader", "1234567", serverPort, SecurityTestUtils.NO_EXCEPTION);
- final Region region = cache.getRegion(SecurityTestUtils.REGION_NAME);
-
- assertEquals(region.get("key3"), "value3");
- assertTrue(region.containsKey("key3")); // will only be true after we first get it, then it's cached locally
-
- // Destroy key1
- assertNotAuthorized(() -> region.destroy("key3"), "DATA:WRITE:AuthRegion");
- assertTrue(region.containsKey("key3"));
-
- // Invalidate key2
- assertNotNull("Value of key4 should not be null", region.get("key4"));
- assertNotAuthorized(() -> region.invalidate("key4"), "DATA:WRITE:AuthRegion");
- assertNotNull("Value of key4 should not be null", region.get("key4"));
- cache.close();
- });
- ai1.join();
- ai2.join();
- ai1.checkException();
- ai2.checkException();
- }
-
- @Test
- public void testRegionClear() throws InterruptedException {
- // Verify that an unauthorized user can't clear the region
- SerializableRunnable clearUnauthorized = new SerializableRunnable() {
- @Override
- public void run() {
- Cache cache = SecurityTestUtils.createCacheClient("stranger", "1234567", serverPort, SecurityTestUtils.NO_EXCEPTION);
- final Region region = cache.getRegion(SecurityTestUtils.REGION_NAME);
- assertNotAuthorized(() -> region.clear(), "DATA:WRITE:AuthRegion");
- }
- };
- client1.invoke(clearUnauthorized);
-
- // Verify that an authorized user can clear the region
- SerializableRunnable clearAuthorized = new SerializableRunnable() {
- @Override
- public void run() {
- Cache cache = SecurityTestUtils.createCacheClient("authRegionUser", "1234567", serverPort, SecurityTestUtils.NO_EXCEPTION);
- final Region region = cache.getRegion(SecurityTestUtils.REGION_NAME);
- region.clear();
- }
- };
- client2.invoke(clearAuthorized);
- }
+}
- @Test
- public void testGetPutAuthorization() throws InterruptedException {
- Map<String, String> allValues = new HashMap<String, String>();
- allValues.put("key1", "value1");
- allValues.put("key2", "value2");
-
- List<String> keys = new ArrayList<>();
- keys.add("key1");
- keys.add("key2");
-
- // client1 connects to server as a user not authorized to do any operations
- AsyncInvocation ai1 = client1.invokeAsync(()->{
- Cache cache = SecurityTestUtils.createCacheClient("stranger", "1234567", serverPort, SecurityTestUtils.NO_EXCEPTION);
- final Region region = cache.getRegion(SecurityTestUtils.REGION_NAME);
-
- assertNotAuthorized(()->region.put("key3", "value3"), "DATA:WRITE:AuthRegion:key3");
- assertNotAuthorized(()->region.get("key3"), "DATA:READ:AuthRegion:key3");
-
- //putall
- assertNotAuthorized(()->region.putAll(allValues), "DATA:WRITE:AuthRegion");
-
- // not authorized for either keys, get no record back
- Map keyValues = region.getAll(keys);
- assertEquals(0, keyValues.size());
-
- Set keySet = region.keySet();
- assertEquals(0, keySet.size());
- });
-
-
- // client2 connects to user as a user authorized to use AuthRegion region
- AsyncInvocation ai2 = client2.invokeAsync(()->{
- Cache cache = SecurityTestUtils.createCacheClient("authRegionUser", "1234567", serverPort, SecurityTestUtils.NO_EXCEPTION);
- final Region region = cache.getRegion(SecurityTestUtils.REGION_NAME);
-
- region.put("key3", "value3");
- assertEquals("value3", region.get("key3"));
-
- // put all
- region.putAll(allValues);
-
- // get all
- Map keyValues = region.getAll(keys);
- assertEquals(2, keyValues.size());
-
- // keyset
- Set keySet = region.keySet();
- assertEquals(3, keySet.size());
- });
-
- // client3 connects to user as a user authorized to use key1 in AuthRegion region
- AsyncInvocation ai3 = client3.invokeAsync(()->{
- Cache cache = SecurityTestUtils.createCacheClient("key1User", "1234567", serverPort, SecurityTestUtils.NO_EXCEPTION);
- final Region region = cache.getRegion(SecurityTestUtils.REGION_NAME);
-
- assertNotAuthorized(()->region.put("key2", "value1"), "DATA:WRITE:AuthRegion:key2");
- assertNotAuthorized(()->region.get("key2"), "DATA:READ:AuthRegion:key2");
-
- assertNotAuthorized(()->region.putAll(allValues), "DATA:WRITE:AuthRegion");
-
- // only authorized for one recrod
- Map keyValues = region.getAll(keys);
- assertEquals(1, keyValues.size());
-
- // keyset
- Set keySet = region.keySet();
- assertEquals(1, keySet.size());
- });
-
- ai1.join();
- ai2.join();
- ai3.join();
-
- ai1.checkException();
- ai2.checkException();
- ai3.checkException();
- }
-
- @Test
- public void testQuery(){
- client1.invoke(()-> {
- Cache cache = SecurityTestUtils.createCacheClient("stranger", "1234567", serverPort, SecurityTestUtils.NO_EXCEPTION);
- final Region region = cache.getRegion(SecurityTestUtils.REGION_NAME);
-
- String query = "select * from /AuthRegion";
- assertNotAuthorized(()->region.query(query), "DATA:READ:AuthRegion");
-
- Pool pool = PoolManager.find(region);
- assertNotAuthorized(()->pool.getQueryService().newQuery(query).execute(), "DATA:READ:AuthRegion");
- });
- }
-
- @Test
- public void testDestroyRegion() throws InterruptedException {
- client1.invoke(()-> {
- Cache cache = SecurityTestUtils.createCacheClient("dataWriter", "1234567", serverPort, SecurityTestUtils.NO_EXCEPTION);
- Region region = cache.getRegion(SecurityTestUtils.REGION_NAME);
- assertNotAuthorized(()->region.destroyRegion(), "DATA:MANAGE");
- });
-
- client2.invoke(()-> {
- Cache cache = SecurityTestUtils.createCacheClient("authRegionManager", "1234567", serverPort, SecurityTestUtils.NO_EXCEPTION);
- Region region = cache.getRegion(SecurityTestUtils.REGION_NAME);
- assertNotAuthorized(()->region.destroyRegion(), "DATA:MANAGE");
- });
-
- client3.invoke(()-> {
- Cache cache = SecurityTestUtils.createCacheClient("super-user", "1234567", serverPort, SecurityTestUtils.NO_EXCEPTION);
- Region region = cache.getRegion(SecurityTestUtils.REGION_NAME);
- region.destroyRegion();
- });
- }
-
- @Test
- public void testDestroyInvalidate() throws InterruptedException {
-
- // Delete one key and invalidate another key with an authorized user.
- AsyncInvocation ai1 = client1.invokeAsync(() -> {
- Cache cache = SecurityTestUtils.createCacheClient("authRegionUser", "1234567", serverPort, SecurityTestUtils.NO_EXCEPTION);
- final Region region = cache.getRegion(SecurityTestUtils.REGION_NAME);
-
- assertEquals(region.get("key1"), "value1");
- assertTrue(region.containsKey("key1")); // will only be true after we first get it, then it's cached locally
-
- // Destroy key1
- region.destroy("key1");
- assertFalse(region.containsKey("key1"));
-
- // Invalidate key2
- assertNotNull("Value of key2 should not be null", region.get("key2"));
- region.invalidate("key2");
- assertNull("Value of key2 should have been null", region.get("key2"));
-
- });
-
- // Delete one key and invalidate another key with an unauthorized user.
- AsyncInvocation ai2 = client2.invokeAsync(() -> {
- Cache cache = SecurityTestUtils.createCacheClient("authRegionReader", "1234567", serverPort, SecurityTestUtils.NO_EXCEPTION);
- final Region region = cache.getRegion(SecurityTestUtils.REGION_NAME);
-
- assertEquals(region.get("key3"), "value3");
- assertTrue(region.containsKey("key3")); // will only be true after we first get it, then it's cached locally
-
- // Destroy key1
- assertNotAuthorized(() -> region.destroy("key3"), "DATA:WRITE:AuthRegion");
- assertTrue(region.containsKey("key3"));
-
- // Invalidate key2
- assertNotNull("Value of key4 should not be null", region.get("key4"));
- assertNotAuthorized(() -> region.invalidate("key4"), "DATA:WRITE:AuthRegion");
- assertNotNull("Value of key4 should not be null", region.get("key4"));
- cache.close();
- });
- ai1.join();
- ai2.join();
- ai1.checkException();
- ai2.checkException();
- }
-
- public static void assertNotAuthorized(ThrowingCallable shouldRaiseThrowable, String permString) {
- assertThatThrownBy(shouldRaiseThrowable).hasMessageContaining(permString);
- }
-
- @Test
- public void testRegionClear() throws InterruptedException {
- // Verify that an unauthorized user can't clear the region
- SerializableRunnable clearUnauthorized = new SerializableRunnable() {
- @Override
- public void run() {
- Cache cache = SecurityTestUtils.createCacheClient("stranger", "1234567", serverPort, SecurityTestUtils.NO_EXCEPTION);
- final Region region = cache.getRegion(SecurityTestUtils.REGION_NAME);
- assertNotAuthorized(() -> region.clear(), "DATA:WRITE:AuthRegion");
- }
- };
- client1.invoke(clearUnauthorized);
-
- // Verify that an authorized user can clear the region
- SerializableRunnable clearAuthorized = new SerializableRunnable() {
- @Override
- public void run() {
- Cache cache = SecurityTestUtils.createCacheClient("authRegionUser", "1234567", serverPort, SecurityTestUtils.NO_EXCEPTION);
- final Region region = cache.getRegion(SecurityTestUtils.REGION_NAME);
- region.clear();
- }
- };
- client2.invoke(clearAuthorized);
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/6a45ca0c/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientDestroyInvalidateAuthDistributedTest.java
----------------------------------------------------------------------
diff --cc geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientDestroyInvalidateAuthDistributedTest.java
index 0000000,0000000..e78ed62
new file mode 100644
--- /dev/null
+++ b/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientDestroyInvalidateAuthDistributedTest.java
@@@ -1,0 -1,0 +1,78 @@@
++/*
++ * Licensed to the Apache Software Foundation (ASF) under one or more
++ * contributor license agreements. See the NOTICE file distributed with
++ * this work for additional information regarding copyright ownership.
++ * The ASF licenses this file to You under the Apache License, Version 2.0
++ * (the "License"); you may not use this file except in compliance with
++ * the License. You may obtain a copy of the License at
++ *
++ * http://www.apache.org/licenses/LICENSE-2.0
++ *
++ * Unless required by applicable law or agreed to in writing, software
++ * distributed under the License is distributed on an "AS IS" BASIS,
++ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
++ * See the License for the specific language governing permissions and
++ * limitations under the License.
++ */
++package com.gemstone.gemfire.security;
++
++import static org.junit.Assert.*;
++
++import com.gemstone.gemfire.cache.Cache;
++import com.gemstone.gemfire.cache.Region;
++import com.gemstone.gemfire.test.dunit.AsyncInvocation;
++import com.gemstone.gemfire.test.junit.categories.DistributedTest;
++
++import org.junit.Test;
++import org.junit.experimental.categories.Category;
++
++@Category(DistributedTest.class)
++public class IntegratedClientDestroyInvalidateAuthDistributedTest extends AbstractIntegratedClientAuthDistributedTest {
++
++ @Test
++ public void testDestroyInvalidate() throws InterruptedException {
++
++ // Delete one key and invalidate another key with an authorized user.
++ AsyncInvocation ai1 = client1.invokeAsync(() -> {
++ Cache cache = SecurityTestUtils.createCacheClient("authRegionUser", "1234567", serverPort, SecurityTestUtils.NO_EXCEPTION);
++ final Region region = cache.getRegion(SecurityTestUtils.REGION_NAME);
++
++ assertEquals(region.get("key1"), "value1");
++ assertTrue(region.containsKey("key1")); // will only be true after we first get it, then it's cached locally
++
++ // Destroy key1
++ region.destroy("key1");
++ assertFalse(region.containsKey("key1"));
++
++ // Invalidate key2
++ assertNotNull("Value of key2 should not be null", region.get("key2"));
++ region.invalidate("key2");
++ assertNull("Value of key2 should have been null", region.get("key2"));
++
++ });
++
++ // Delete one key and invalidate another key with an unauthorized user.
++ AsyncInvocation ai2 = client2.invokeAsync(() -> {
++ Cache cache = SecurityTestUtils.createCacheClient("authRegionReader", "1234567", serverPort, SecurityTestUtils.NO_EXCEPTION);
++ final Region region = cache.getRegion(SecurityTestUtils.REGION_NAME);
++
++ assertEquals(region.get("key3"), "value3");
++ assertTrue(region.containsKey("key3")); // will only be true after we first get it, then it's cached locally
++
++ // Destroy key1
++ assertNotAuthorized(() -> region.destroy("key3"), "DATA:WRITE:AuthRegion");
++ assertTrue(region.containsKey("key3"));
++
++ // Invalidate key2
++ assertNotNull("Value of key4 should not be null", region.get("key4"));
++ assertNotAuthorized(() -> region.invalidate("key4"), "DATA:WRITE:AuthRegion");
++ assertNotNull("Value of key4 should not be null", region.get("key4"));
++ cache.close();
++ });
++ ai1.join();
++ ai2.join();
++ ai1.checkException();
++ ai2.checkException();
++ }
++
++}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/6a45ca0c/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientDestroyRegionAuthDistributedTest.java
----------------------------------------------------------------------
diff --cc geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientDestroyRegionAuthDistributedTest.java
index 0000000,0000000..a9cc354
new file mode 100644
--- /dev/null
+++ b/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientDestroyRegionAuthDistributedTest.java
@@@ -1,0 -1,0 +1,50 @@@
++/*
++ * Licensed to the Apache Software Foundation (ASF) under one or more
++ * contributor license agreements. See the NOTICE file distributed with
++ * this work for additional information regarding copyright ownership.
++ * The ASF licenses this file to You under the Apache License, Version 2.0
++ * (the "License"); you may not use this file except in compliance with
++ * the License. You may obtain a copy of the License at
++ *
++ * http://www.apache.org/licenses/LICENSE-2.0
++ *
++ * Unless required by applicable law or agreed to in writing, software
++ * distributed under the License is distributed on an "AS IS" BASIS,
++ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
++ * See the License for the specific language governing permissions and
++ * limitations under the License.
++ */
++package com.gemstone.gemfire.security;
++
++import com.gemstone.gemfire.cache.Cache;
++import com.gemstone.gemfire.cache.Region;
++import com.gemstone.gemfire.test.junit.categories.DistributedTest;
++
++import org.junit.Test;
++import org.junit.experimental.categories.Category;
++
++@Category(DistributedTest.class)
++public class IntegratedClientDestroyRegionAuthDistributedTest extends AbstractIntegratedClientAuthDistributedTest {
++
++ @Test
++ public void testDestroyRegion() throws InterruptedException {
++ client1.invoke(()-> {
++ Cache cache = SecurityTestUtils.createCacheClient("dataWriter", "1234567", serverPort, SecurityTestUtils.NO_EXCEPTION);
++ Region region = cache.getRegion(SecurityTestUtils.REGION_NAME);
++ assertNotAuthorized(()->region.destroyRegion(), "DATA:MANAGE");
++ });
++
++ client2.invoke(()-> {
++ Cache cache = SecurityTestUtils.createCacheClient("authRegionManager", "1234567", serverPort, SecurityTestUtils.NO_EXCEPTION);
++ Region region = cache.getRegion(SecurityTestUtils.REGION_NAME);
++ assertNotAuthorized(()->region.destroyRegion(), "DATA:MANAGE");
++ });
++
++ client3.invoke(()-> {
++ Cache cache = SecurityTestUtils.createCacheClient("super-user", "1234567", serverPort, SecurityTestUtils.NO_EXCEPTION);
++ Region region = cache.getRegion(SecurityTestUtils.REGION_NAME);
++ region.destroyRegion();
++ });
++ }
++
++}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/6a45ca0c/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientGetPutAuthDistributedTest.java
----------------------------------------------------------------------
diff --cc geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientGetPutAuthDistributedTest.java
index 0000000,0000000..854e2f6
new file mode 100644
--- /dev/null
+++ b/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientGetPutAuthDistributedTest.java
@@@ -1,0 -1,0 +1,116 @@@
++/*
++ * Licensed to the Apache Software Foundation (ASF) under one or more
++ * contributor license agreements. See the NOTICE file distributed with
++ * this work for additional information regarding copyright ownership.
++ * The ASF licenses this file to You under the Apache License, Version 2.0
++ * (the "License"); you may not use this file except in compliance with
++ * the License. You may obtain a copy of the License at
++ *
++ * http://www.apache.org/licenses/LICENSE-2.0
++ *
++ * Unless required by applicable law or agreed to in writing, software
++ * distributed under the License is distributed on an "AS IS" BASIS,
++ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
++ * See the License for the specific language governing permissions and
++ * limitations under the License.
++ */
++package com.gemstone.gemfire.security;
++
++import static org.junit.Assert.assertEquals;
++
++import java.util.ArrayList;
++import java.util.HashMap;
++import java.util.List;
++import java.util.Map;
++import java.util.Set;
++
++import com.gemstone.gemfire.cache.Cache;
++import com.gemstone.gemfire.cache.Region;
++import com.gemstone.gemfire.test.dunit.AsyncInvocation;
++import com.gemstone.gemfire.test.junit.categories.DistributedTest;
++
++import org.junit.Test;
++import org.junit.experimental.categories.Category;
++
++@Category(DistributedTest.class)
++public class IntegratedClientGetPutAuthDistributedTest extends AbstractIntegratedClientAuthDistributedTest {
++
++ @Test
++ public void testGetPutAuthorization() throws InterruptedException {
++ Map<String, String> allValues = new HashMap<String, String>();
++ allValues.put("key1", "value1");
++ allValues.put("key2", "value2");
++
++ List<String> keys = new ArrayList<>();
++ keys.add("key1");
++ keys.add("key2");
++
++ // client1 connects to server as a user not authorized to do any operations
++ AsyncInvocation ai1 = client1.invokeAsync(()->{
++ Cache cache = SecurityTestUtils.createCacheClient("stranger", "1234567", serverPort, SecurityTestUtils.NO_EXCEPTION);
++ final Region region = cache.getRegion(SecurityTestUtils.REGION_NAME);
++
++ assertNotAuthorized(()->region.put("key3", "value3"), "DATA:WRITE:AuthRegion:key3");
++ assertNotAuthorized(()->region.get("key3"), "DATA:READ:AuthRegion:key3");
++
++ //putall
++ assertNotAuthorized(()->region.putAll(allValues), "DATA:WRITE:AuthRegion");
++
++ // not authorized for either keys, get no record back
++ Map keyValues = region.getAll(keys);
++ assertEquals(0, keyValues.size());
++
++ Set keySet = region.keySet();
++ assertEquals(0, keySet.size());
++ });
++
++
++ // client2 connects to user as a user authorized to use AuthRegion region
++ AsyncInvocation ai2 = client2.invokeAsync(()->{
++ Cache cache = SecurityTestUtils.createCacheClient("authRegionUser", "1234567", serverPort, SecurityTestUtils.NO_EXCEPTION);
++ final Region region = cache.getRegion(SecurityTestUtils.REGION_NAME);
++
++ region.put("key3", "value3");
++ assertEquals("value3", region.get("key3"));
++
++ // put all
++ region.putAll(allValues);
++
++ // get all
++ Map keyValues = region.getAll(keys);
++ assertEquals(2, keyValues.size());
++
++ // keyset
++ Set keySet = region.keySet();
++ assertEquals(3, keySet.size());
++ });
++
++ // client3 connects to user as a user authorized to use key1 in AuthRegion region
++ AsyncInvocation ai3 = client3.invokeAsync(()->{
++ Cache cache = SecurityTestUtils.createCacheClient("key1User", "1234567", serverPort, SecurityTestUtils.NO_EXCEPTION);
++ final Region region = cache.getRegion(SecurityTestUtils.REGION_NAME);
++
++ assertNotAuthorized(()->region.put("key2", "value1"), "DATA:WRITE:AuthRegion:key2");
++ assertNotAuthorized(()->region.get("key2"), "DATA:READ:AuthRegion:key2");
++
++ assertNotAuthorized(()->region.putAll(allValues), "DATA:WRITE:AuthRegion");
++
++ // only authorized for one recrod
++ Map keyValues = region.getAll(keys);
++ assertEquals(1, keyValues.size());
++
++ // keyset
++ Set keySet = region.keySet();
++ assertEquals(1, keySet.size());
++ });
++
++ ai1.join();
++ ai2.join();
++ ai3.join();
++
++ ai1.checkException();
++ ai2.checkException();
++ ai3.checkException();
++ }
++
++}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/6a45ca0c/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientQueryAuthDistributedTest.java
----------------------------------------------------------------------
diff --cc geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientQueryAuthDistributedTest.java
index 0000000,0000000..8651a2f
new file mode 100644
--- /dev/null
+++ b/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientQueryAuthDistributedTest.java
@@@ -1,0 -1,0 +1,45 @@@
++/*
++ * Licensed to the Apache Software Foundation (ASF) under one or more
++ * contributor license agreements. See the NOTICE file distributed with
++ * this work for additional information regarding copyright ownership.
++ * The ASF licenses this file to You under the Apache License, Version 2.0
++ * (the "License"); you may not use this file except in compliance with
++ * the License. You may obtain a copy of the License at
++ *
++ * http://www.apache.org/licenses/LICENSE-2.0
++ *
++ * Unless required by applicable law or agreed to in writing, software
++ * distributed under the License is distributed on an "AS IS" BASIS,
++ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
++ * See the License for the specific language governing permissions and
++ * limitations under the License.
++ */
++package com.gemstone.gemfire.security;
++
++import com.gemstone.gemfire.cache.Cache;
++import com.gemstone.gemfire.cache.Region;
++import com.gemstone.gemfire.cache.client.Pool;
++import com.gemstone.gemfire.cache.client.PoolManager;
++import com.gemstone.gemfire.test.junit.categories.DistributedTest;
++
++import org.junit.Test;
++import org.junit.experimental.categories.Category;
++
++@Category(DistributedTest.class)
++public class IntegratedClientQueryAuthDistributedTest extends AbstractIntegratedClientAuthDistributedTest {
++
++ @Test
++ public void testQuery(){
++ client1.invoke(()-> {
++ Cache cache = SecurityTestUtils.createCacheClient("stranger", "1234567", serverPort, SecurityTestUtils.NO_EXCEPTION);
++ final Region region = cache.getRegion(SecurityTestUtils.REGION_NAME);
++
++ String query = "select * from /AuthRegion";
++ assertNotAuthorized(()->region.query(query), "DATA:READ:AuthRegion");
++
++ Pool pool = PoolManager.find(region);
++ assertNotAuthorized(()->pool.getQueryService().newQuery(query).execute(), "DATA:READ:AuthRegion");
++ });
++ }
++
++}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/6a45ca0c/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientRegionClearAuthDistributedTest.java
----------------------------------------------------------------------
diff --cc geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientRegionClearAuthDistributedTest.java
index 0000000,0000000..b344ce1
new file mode 100644
--- /dev/null
+++ b/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientRegionClearAuthDistributedTest.java
@@@ -1,0 -1,0 +1,54 @@@
++/*
++ * Licensed to the Apache Software Foundation (ASF) under one or more
++ * contributor license agreements. See the NOTICE file distributed with
++ * this work for additional information regarding copyright ownership.
++ * The ASF licenses this file to You under the Apache License, Version 2.0
++ * (the "License"); you may not use this file except in compliance with
++ * the License. You may obtain a copy of the License at
++ *
++ * http://www.apache.org/licenses/LICENSE-2.0
++ *
++ * Unless required by applicable law or agreed to in writing, software
++ * distributed under the License is distributed on an "AS IS" BASIS,
++ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
++ * See the License for the specific language governing permissions and
++ * limitations under the License.
++ */
++package com.gemstone.gemfire.security;
++
++import com.gemstone.gemfire.cache.Cache;
++import com.gemstone.gemfire.cache.Region;
++import com.gemstone.gemfire.test.dunit.SerializableRunnable;
++import com.gemstone.gemfire.test.junit.categories.DistributedTest;
++
++import org.junit.Test;
++import org.junit.experimental.categories.Category;
++
++@Category(DistributedTest.class)
++public class IntegratedClientRegionClearAuthDistributedTest extends AbstractIntegratedClientAuthDistributedTest {
++
++ @Test
++ public void testRegionClear() throws InterruptedException {
++ // Verify that an unauthorized user can't clear the region
++ SerializableRunnable clearUnauthorized = new SerializableRunnable() {
++ @Override
++ public void run() {
++ Cache cache = SecurityTestUtils.createCacheClient("stranger", "1234567", serverPort, SecurityTestUtils.NO_EXCEPTION);
++ final Region region = cache.getRegion(SecurityTestUtils.REGION_NAME);
++ assertNotAuthorized(() -> region.clear(), "DATA:WRITE:AuthRegion");
++ }
++ };
++ client1.invoke(clearUnauthorized);
++
++ // Verify that an authorized user can clear the region
++ SerializableRunnable clearAuthorized = new SerializableRunnable() {
++ @Override
++ public void run() {
++ Cache cache = SecurityTestUtils.createCacheClient("authRegionUser", "1234567", serverPort, SecurityTestUtils.NO_EXCEPTION);
++ final Region region = cache.getRegion(SecurityTestUtils.REGION_NAME);
++ region.clear();
++ }
++ };
++ client2.invoke(clearAuthorized);
++ }
++}