You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@geode.apache.org by kl...@apache.org on 2016/05/04 22:57:39 UTC
[39/63] [abbrv] incubator-geode git commit: GEODE-17: move
GeodeSecurityUtil and two other classes to internal package
GEODE-17: move GeodeSecurityUtil and two other classes to internal package
Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/f04b6695
Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/f04b6695
Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/f04b6695
Branch: refs/heads/feature/GEODE-1276
Commit: f04b66956c8b98909b924f2ed648ba735610bebb
Parents: 7c38f0d
Author: Jinmei Liao <ji...@pivotal.io>
Authored: Fri Apr 29 10:06:12 2016 -0700
Committer: Jinmei Liao <ji...@pivotal.io>
Committed: Fri Apr 29 10:06:12 2016 -0700
----------------------------------------------------------------------
.../internal/security/GeodeSecurityUtil.java | 165 +++++++++++++++++
.../security/shiro/CustomAuthRealm.java | 177 +++++++++++++++++++
.../security/shiro/JMXShiroAuthenticator.java | 69 ++++++++
.../management/internal/ManagementAgent.java | 2 +-
.../internal/SystemManagementService.java | 2 +-
.../internal/cli/commands/DataCommands.java | 2 +-
.../internal/cli/remote/CommandProcessor.java | 2 +-
.../internal/security/AccessControlMBean.java | 2 +-
.../internal/security/MBeanServerWrapper.java | 2 +-
.../controllers/AbstractCommandsController.java | 2 +-
.../support/LoginHandlerInterceptor.java | 2 +-
.../gemfire/security/CustomAuthRealm.java | 174 ------------------
.../gemfire/security/GeodeSecurityUtil.java | 163 -----------------
.../gemfire/security/JMXShiroAuthenticator.java | 68 -------
.../GeodeSecurityUtilCustomRealmJUnitTest.java | 2 +-
.../GeodeSecurityUtilWithIniFileJUnitTest.java | 2 +-
.../gemfire/tools/pulse/tests/Server.java | 4 +-
17 files changed, 423 insertions(+), 417 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f04b6695/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java
new file mode 100644
index 0000000..4fd92ed
--- /dev/null
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java
@@ -0,0 +1,165 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.gemstone.gemfire.internal.security;
+
+import java.util.concurrent.Callable;
+
+import com.gemstone.gemfire.cache.operations.OperationContext;
+import com.gemstone.gemfire.cache.operations.OperationContext.OperationCode;
+import com.gemstone.gemfire.cache.operations.OperationContext.Resource;
+import com.gemstone.gemfire.internal.logging.LogService;
+import com.gemstone.gemfire.management.internal.security.ResourceOperation;
+import com.gemstone.gemfire.management.internal.security.ResourceOperationContext;
+import com.gemstone.gemfire.security.AuthenticationFailedException;
+import com.gemstone.gemfire.security.GemFireSecurityException;
+
+import org.apache.commons.lang.StringUtils;
+import org.apache.logging.log4j.Logger;
+import org.apache.shiro.SecurityUtils;
+import org.apache.shiro.ShiroException;
+import org.apache.shiro.UnavailableSecurityManagerException;
+import org.apache.shiro.authc.UsernamePasswordToken;
+import org.apache.shiro.subject.Subject;
+import org.apache.shiro.util.ThreadContext;
+
+public class GeodeSecurityUtil {
+
+ private static Logger logger = LogService.getLogger();
+
+ public static void login(String username, String password){
+ if(!isShiroConfigured())
+ return;
+
+ Subject currentUser = SecurityUtils.getSubject();
+
+ UsernamePasswordToken token =
+ new UsernamePasswordToken(username, password);
+ try {
+ logger.info("Logging in "+username+"/"+password);
+ currentUser.login(token);
+ } catch (ShiroException e) {
+ throw new AuthenticationFailedException(e.getMessage(), e);
+ }
+ }
+
+ public static void logout(){
+ if(!isShiroConfigured())
+ return;
+
+ Subject currentUser = SecurityUtils.getSubject();
+ try {
+ logger.info("Logging out "+currentUser.getPrincipal());
+ currentUser.logout();
+ }
+ catch(ShiroException e){
+ throw new AuthenticationFailedException(e.getMessage(), e);
+ }
+ // clean out Shiro's thread local content
+ ThreadContext.remove();
+ }
+
+ public static Callable associateWith(Callable callable){
+ if(!isShiroConfigured())
+ return callable;
+
+ Subject currentUser = SecurityUtils.getSubject();
+ return currentUser.associateWith(callable);
+ }
+
+ public static void authorize(ResourceOperation resourceOperation) {
+ if(resourceOperation==null)
+ return;
+
+ authorize(resourceOperation.resource().name(),
+ resourceOperation.operation().name(),
+ null);
+ }
+
+ public static void authorizeClusterManage(){
+ authorize("CLUSTER", "MANAGE");
+ }
+
+ public static void authorizeClusterWrite(){
+ authorize("CLUSTER", "WRITE");
+ }
+
+ public static void authorizeClusterRead(){
+ authorize("CLUSTER", "READ");
+ }
+
+ public static void authorizeDataManage(){
+ authorize("DATA", "MANAGE");
+ }
+
+ public static void authorizeDataWrite(){
+ authorize("DATA", "WRITE");
+ }
+
+ public static void authorizeDataRead(){
+ authorize("DATA", "READ");
+ }
+
+ public static void authorizeRegionWrite(String regionName){
+ authorize("DATA", "WRITE", regionName);
+ }
+
+ public static void authorizeRegionRead(String regionName){
+ authorize("DATA", "READ", regionName);
+ }
+
+ public static void authorize(String resource, String operation){
+ authorize(resource, operation, null);
+ }
+
+ private static void authorize(String resource, String operation, String regionName){
+ regionName = StringUtils.stripStart(regionName, "/");
+ authorize(new ResourceOperationContext(resource, operation, regionName));
+ }
+
+ public static void authorize(OperationContext context) {
+ if(context==null)
+ return;
+
+ if(context.getResource()== Resource.NULL && context.getOperationCode()== OperationCode.NULL)
+ return;
+
+ if(!isShiroConfigured())
+ return;
+
+
+ Subject currentUser = SecurityUtils.getSubject();
+ try {
+ currentUser.checkPermission(context);
+ }
+ catch(ShiroException e){
+ logger.info(currentUser.getPrincipal() + " not authorized for " + context);
+ throw new GemFireSecurityException(e.getMessage(), e);
+ }
+ }
+
+ private static boolean isShiroConfigured(){
+ try{
+ SecurityUtils.getSecurityManager();
+ }
+ catch(UnavailableSecurityManagerException e){
+ return false;
+ }
+ return true;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f04b6695/geode-core/src/main/java/com/gemstone/gemfire/internal/security/shiro/CustomAuthRealm.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/security/shiro/CustomAuthRealm.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/security/shiro/CustomAuthRealm.java
new file mode 100644
index 0000000..afc3125
--- /dev/null
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/security/shiro/CustomAuthRealm.java
@@ -0,0 +1,177 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.internal.security.shiro;
+
+import static com.gemstone.gemfire.management.internal.security.ResourceConstants.*;
+
+import java.lang.reflect.Method;
+import java.security.AccessControlContext;
+import java.security.AccessController;
+import java.security.Principal;
+import java.util.Properties;
+import java.util.Set;
+import java.util.concurrent.ConcurrentHashMap;
+import java.util.concurrent.ConcurrentMap;
+import javax.management.remote.JMXPrincipal;
+import javax.security.auth.Subject;
+
+import com.gemstone.gemfire.cache.operations.OperationContext;
+import com.gemstone.gemfire.distributed.internal.DistributionConfig;
+import com.gemstone.gemfire.internal.ClassLoadUtil;
+import com.gemstone.gemfire.internal.i18n.LocalizedStrings;
+import com.gemstone.gemfire.internal.lang.StringUtils;
+import com.gemstone.gemfire.management.internal.security.ResourceConstants;
+import com.gemstone.gemfire.security.AccessControl;
+import com.gemstone.gemfire.security.AuthenticationFailedException;
+import com.gemstone.gemfire.security.Authenticator;
+
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
+import org.apache.shiro.authc.AuthenticationException;
+import org.apache.shiro.authc.AuthenticationInfo;
+import org.apache.shiro.authc.AuthenticationToken;
+import org.apache.shiro.authc.SimpleAuthenticationInfo;
+import org.apache.shiro.authc.UsernamePasswordToken;
+import org.apache.shiro.authz.AuthorizationInfo;
+import org.apache.shiro.authz.Permission;
+import org.apache.shiro.realm.AuthorizingRealm;
+import org.apache.shiro.subject.PrincipalCollection;
+
+public class CustomAuthRealm extends AuthorizingRealm{
+ public static final String REALM_NAME = "CUSTOMAUTHREALM";
+
+ private static final Logger logger = LogManager.getLogger(CustomAuthRealm.class);
+ private String authzFactoryName;
+ private String postAuthzFactoryName;
+ private String authenticatorFactoryName;
+ private Properties securityProps = null;
+ private ConcurrentMap<Principal, AccessControl> cachedAuthZCallback;
+ private ConcurrentMap<Principal, AccessControl> cachedPostAuthZCallback;
+
+ public CustomAuthRealm(Properties securityProps) {
+ this.securityProps = securityProps;
+ this.authzFactoryName = securityProps.getProperty(DistributionConfig.SECURITY_CLIENT_ACCESSOR_NAME);
+ this.postAuthzFactoryName = securityProps.getProperty(DistributionConfig.SECURITY_CLIENT_ACCESSOR_PP_NAME);
+ this.authenticatorFactoryName = securityProps.getProperty(DistributionConfig.SECURITY_CLIENT_AUTHENTICATOR_NAME);
+ this.cachedAuthZCallback = new ConcurrentHashMap<>();
+ this.cachedPostAuthZCallback = new ConcurrentHashMap<>();
+ }
+
+ @Override
+ protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
+ UsernamePasswordToken authToken = (UsernamePasswordToken) token;
+ String username = authToken.getUsername();
+ String password = new String(authToken.getPassword());
+
+ Properties credentialProps = new Properties();
+ credentialProps.put(ResourceConstants.USER_NAME, username);
+ credentialProps.put(ResourceConstants.PASSWORD, password);
+
+ Principal principal = getAuthenticator(securityProps).authenticate(credentialProps);
+
+ return new SimpleAuthenticationInfo(principal, authToken.getPassword(), REALM_NAME);
+ }
+
+
+ @Override
+ protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
+ // we intercepted the call to this method by overriding the isPermitted call
+ return null;
+ }
+
+ @Override
+ public boolean isPermitted(PrincipalCollection principals, Permission permission) {
+ OperationContext context =(OperationContext)permission;
+ Principal principal = (Principal)principals.getPrimaryPrincipal();
+ // if no access control is specified, then we allow all
+ if(StringUtils.isBlank(authzFactoryName))
+ return true;
+ AccessControl accessControl = getAccessControl(principal, false);
+ return accessControl.authorizeOperation(context.getRegionName(), context);
+ }
+
+ public AccessControl getAccessControl(Principal principal, boolean isPost) {
+ if (!isPost) {
+ if (cachedAuthZCallback.containsKey(principal)) {
+ return cachedAuthZCallback.get(principal);
+ } else if (!StringUtils.isBlank(authzFactoryName)) {
+ try {
+ Method authzMethod = ClassLoadUtil.methodFromName(authzFactoryName);
+ AccessControl authzCallback = (AccessControl) authzMethod.invoke(null, (Object[]) null);
+ authzCallback.init(principal, null);
+ cachedAuthZCallback.put(principal, authzCallback);
+ return authzCallback;
+ } catch (Exception ex) {
+ throw new AuthenticationFailedException(
+ LocalizedStrings.HandShake_FAILED_TO_ACQUIRE_AUTHENTICATOR_OBJECT.toLocalizedString(), ex);
+ }
+ }
+ } else {
+ if (cachedPostAuthZCallback.containsKey(principal)) {
+ return cachedPostAuthZCallback.get(principal);
+ } else if (!StringUtils.isBlank(postAuthzFactoryName)) {
+ try {
+ Method authzMethod = ClassLoadUtil.methodFromName(postAuthzFactoryName);
+ AccessControl postAuthzCallback = (AccessControl) authzMethod.invoke(null, (Object[]) null);
+ postAuthzCallback.init(principal, null);
+ cachedPostAuthZCallback.put(principal, postAuthzCallback);
+ return postAuthzCallback;
+ } catch (Exception ex) {
+ throw new AuthenticationFailedException(
+ LocalizedStrings.HandShake_FAILED_TO_ACQUIRE_AUTHENTICATOR_OBJECT.toLocalizedString(), ex);
+ }
+ }
+ }
+ return null;
+ }
+
+ private Authenticator getAuthenticator(Properties gfSecurityProperties) throws AuthenticationFailedException {
+ Authenticator auth;
+ try {
+ Method instanceGetter = ClassLoadUtil.methodFromName(this.authenticatorFactoryName);
+ auth = (Authenticator) instanceGetter.invoke(null, (Object[]) null);
+ } catch (Exception ex) {
+ throw new AuthenticationFailedException(
+ LocalizedStrings.HandShake_FAILED_TO_ACQUIRE_AUTHENTICATOR_OBJECT.toLocalizedString(), ex);
+ }
+ if (auth == null) {
+ throw new AuthenticationFailedException(
+ LocalizedStrings.HandShake_AUTHENTICATOR_INSTANCE_COULD_NOT_BE_OBTAINED.toLocalizedString());
+ }
+ auth.init(gfSecurityProperties);
+ return auth;
+ }
+
+ public void postAuthorize(OperationContext context) {
+ if (StringUtils.isBlank(postAuthzFactoryName)){
+ return ;
+ }
+
+ AccessControlContext acc = AccessController.getContext();
+ Subject subject = Subject.getSubject(acc);
+ Set<JMXPrincipal> principals = subject.getPrincipals(JMXPrincipal.class);
+ if (principals == null || principals.isEmpty()) {
+ throw new SecurityException(ACCESS_DENIED_MESSAGE);
+ }
+ Principal principal = principals.iterator().next();
+ AccessControl accessControl = getAccessControl(principal, true);
+ if (!accessControl.authorizeOperation(null, context)) {
+ throw new SecurityException(ACCESS_DENIED_MESSAGE);
+ }
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f04b6695/geode-core/src/main/java/com/gemstone/gemfire/internal/security/shiro/JMXShiroAuthenticator.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/security/shiro/JMXShiroAuthenticator.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/security/shiro/JMXShiroAuthenticator.java
new file mode 100644
index 0000000..4a4cc28
--- /dev/null
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/security/shiro/JMXShiroAuthenticator.java
@@ -0,0 +1,69 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.internal.security.shiro;
+
+import static com.gemstone.gemfire.management.internal.security.ResourceConstants.*;
+
+import java.util.Collections;
+import java.util.Properties;
+import javax.management.Notification;
+import javax.management.NotificationListener;
+import javax.management.remote.JMXAuthenticator;
+import javax.management.remote.JMXConnectionNotification;
+import javax.management.remote.JMXPrincipal;
+import javax.security.auth.Subject;
+
+import com.gemstone.gemfire.internal.security.GeodeSecurityUtil;
+import com.gemstone.gemfire.management.internal.security.ResourceConstants;
+
+/**
+ * this will make JMX authentication to use Shiro for Authentication
+ */
+
+public class JMXShiroAuthenticator implements JMXAuthenticator, NotificationListener {
+
+ @Override
+ public Subject authenticate(Object credentials) {
+ String username = null, password = null;
+ if (credentials instanceof String[]) {
+ final String[] aCredentials = (String[]) credentials;
+ username = aCredentials[0];
+ password = aCredentials[1];
+ } else if (credentials instanceof Properties) {
+ username = ((Properties) credentials).getProperty(ResourceConstants.USER_NAME);
+ password = ((Properties) credentials).getProperty(ResourceConstants.PASSWORD);
+ } else {
+ throw new SecurityException(WRONGE_CREDENTIALS_MESSAGE);
+ }
+
+ GeodeSecurityUtil.login(username, password);
+
+ return new Subject(true, Collections.singleton(new JMXPrincipal(username)), Collections.EMPTY_SET,
+ Collections.EMPTY_SET);
+ }
+
+ @Override
+ public void handleNotification(Notification notification, Object handback) {
+ if (notification instanceof JMXConnectionNotification) {
+ JMXConnectionNotification cxNotification = (JMXConnectionNotification) notification;
+ String type = cxNotification.getType();
+ if (JMXConnectionNotification.CLOSED.equals(type)) {
+ GeodeSecurityUtil.logout();
+ }
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f04b6695/geode-core/src/main/java/com/gemstone/gemfire/management/internal/ManagementAgent.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/ManagementAgent.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/ManagementAgent.java
index d6c18df..adc69c4 100755
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/ManagementAgent.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/ManagementAgent.java
@@ -61,7 +61,7 @@ import com.gemstone.gemfire.management.internal.security.AccessControlMBean;
import com.gemstone.gemfire.management.internal.security.MBeanServerWrapper;
import com.gemstone.gemfire.management.internal.security.ResourceConstants;
import com.gemstone.gemfire.management.internal.unsafe.ReadOpFileAccessController;
-import com.gemstone.gemfire.security.JMXShiroAuthenticator;
+import com.gemstone.gemfire.internal.security.shiro.JMXShiroAuthenticator;
import org.apache.logging.log4j.Logger;
import org.eclipse.jetty.server.Server;
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f04b6695/geode-core/src/main/java/com/gemstone/gemfire/management/internal/SystemManagementService.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/SystemManagementService.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/SystemManagementService.java
index 7fec9b7..dac016e 100755
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/SystemManagementService.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/SystemManagementService.java
@@ -54,7 +54,7 @@ import com.gemstone.gemfire.management.RegionMXBean;
import com.gemstone.gemfire.management.internal.beans.ManagementAdapter;
import com.gemstone.gemfire.management.membership.MembershipEvent;
import com.gemstone.gemfire.management.membership.MembershipListener;
-import com.gemstone.gemfire.security.CustomAuthRealm;
+import com.gemstone.gemfire.internal.security.shiro.CustomAuthRealm;
import org.apache.logging.log4j.Logger;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.config.IniSecurityManagerFactory;
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f04b6695/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DataCommands.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DataCommands.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DataCommands.java
index 61803fe..fafea9a 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DataCommands.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DataCommands.java
@@ -73,7 +73,7 @@ import com.gemstone.gemfire.management.internal.cli.result.ResultBuilder;
import com.gemstone.gemfire.management.internal.cli.result.TabularResultData;
import com.gemstone.gemfire.management.internal.cli.shell.Gfsh;
import com.gemstone.gemfire.management.internal.security.ResourceOperation;
-import com.gemstone.gemfire.security.GeodeSecurityUtil;
+import com.gemstone.gemfire.internal.security.GeodeSecurityUtil;
import org.springframework.shell.core.CommandMarker;
import org.springframework.shell.core.annotation.CliAvailabilityIndicator;
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f04b6695/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/remote/CommandProcessor.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/remote/CommandProcessor.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/remote/CommandProcessor.java
index c3b0b7f..7edc3e4 100755
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/remote/CommandProcessor.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/remote/CommandProcessor.java
@@ -31,7 +31,7 @@ import com.gemstone.gemfire.management.internal.cli.result.ResultBuilder;
import com.gemstone.gemfire.management.internal.cli.util.CommentSkipHelper;
import com.gemstone.gemfire.management.internal.security.ResourceOperation;
import com.gemstone.gemfire.security.GemFireSecurityException;
-import com.gemstone.gemfire.security.GeodeSecurityUtil;
+import com.gemstone.gemfire.internal.security.GeodeSecurityUtil;
import org.springframework.shell.core.Parser;
import org.springframework.shell.event.ParseResult;
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f04b6695/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/AccessControlMBean.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/AccessControlMBean.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/AccessControlMBean.java
index 33b80e2..1a7191b 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/AccessControlMBean.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/AccessControlMBean.java
@@ -17,7 +17,7 @@
package com.gemstone.gemfire.management.internal.security;
import com.gemstone.gemfire.security.GemFireSecurityException;
-import com.gemstone.gemfire.security.GeodeSecurityUtil;
+import com.gemstone.gemfire.internal.security.GeodeSecurityUtil;
/**
* AccessControlMBean Implementation. This retrieves JMXPrincipal from AccessController
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f04b6695/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/MBeanServerWrapper.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/MBeanServerWrapper.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/MBeanServerWrapper.java
index 8d1031a..99cbe2e 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/MBeanServerWrapper.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/MBeanServerWrapper.java
@@ -46,7 +46,7 @@ import javax.management.remote.MBeanServerForwarder;
import com.gemstone.gemfire.management.internal.ManagementConstants;
import com.gemstone.gemfire.security.GemFireSecurityException;
-import com.gemstone.gemfire.security.GeodeSecurityUtil;
+import com.gemstone.gemfire.internal.security.GeodeSecurityUtil;
/**
* This class intercepts all MBean requests for GemFire MBeans and passed it to
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f04b6695/geode-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/AbstractCommandsController.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/AbstractCommandsController.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/AbstractCommandsController.java
index 08865b4..c411972 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/AbstractCommandsController.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/AbstractCommandsController.java
@@ -50,7 +50,7 @@ import com.gemstone.gemfire.management.internal.cli.util.CommandStringBuilder;
import com.gemstone.gemfire.management.internal.web.controllers.support.LoginHandlerInterceptor;
import com.gemstone.gemfire.management.internal.web.controllers.support.MemberMXBeanAdapter;
import com.gemstone.gemfire.management.internal.web.util.UriUtils;
-import com.gemstone.gemfire.security.GeodeSecurityUtil;
+import com.gemstone.gemfire.internal.security.GeodeSecurityUtil;
import org.apache.logging.log4j.Logger;
import org.springframework.beans.propertyeditors.StringArrayPropertyEditor;
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f04b6695/geode-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/support/LoginHandlerInterceptor.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/support/LoginHandlerInterceptor.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/support/LoginHandlerInterceptor.java
index 5465ea3..e6cdbee 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/support/LoginHandlerInterceptor.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/support/LoginHandlerInterceptor.java
@@ -27,7 +27,7 @@ import com.gemstone.gemfire.cache.Cache;
import com.gemstone.gemfire.internal.logging.LogService;
import com.gemstone.gemfire.management.internal.security.ResourceConstants;
import com.gemstone.gemfire.security.Authenticator;
-import com.gemstone.gemfire.security.GeodeSecurityUtil;
+import com.gemstone.gemfire.internal.security.GeodeSecurityUtil;
import org.apache.logging.log4j.Logger;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f04b6695/geode-core/src/main/java/com/gemstone/gemfire/security/CustomAuthRealm.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/security/CustomAuthRealm.java b/geode-core/src/main/java/com/gemstone/gemfire/security/CustomAuthRealm.java
deleted file mode 100644
index 706a7cc..0000000
--- a/geode-core/src/main/java/com/gemstone/gemfire/security/CustomAuthRealm.java
+++ /dev/null
@@ -1,174 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.security;
-
-import static com.gemstone.gemfire.management.internal.security.ResourceConstants.*;
-
-import java.lang.reflect.Method;
-import java.security.AccessControlContext;
-import java.security.AccessController;
-import java.security.Principal;
-import java.util.Properties;
-import java.util.Set;
-import java.util.concurrent.ConcurrentHashMap;
-import java.util.concurrent.ConcurrentMap;
-import javax.management.remote.JMXPrincipal;
-import javax.security.auth.Subject;
-
-import com.gemstone.gemfire.cache.operations.OperationContext;
-import com.gemstone.gemfire.distributed.internal.DistributionConfig;
-import com.gemstone.gemfire.internal.ClassLoadUtil;
-import com.gemstone.gemfire.internal.i18n.LocalizedStrings;
-import com.gemstone.gemfire.internal.lang.StringUtils;
-import com.gemstone.gemfire.management.internal.security.ResourceConstants;
-
-import org.apache.logging.log4j.LogManager;
-import org.apache.logging.log4j.Logger;
-import org.apache.shiro.authc.AuthenticationException;
-import org.apache.shiro.authc.AuthenticationInfo;
-import org.apache.shiro.authc.AuthenticationToken;
-import org.apache.shiro.authc.SimpleAuthenticationInfo;
-import org.apache.shiro.authc.UsernamePasswordToken;
-import org.apache.shiro.authz.AuthorizationInfo;
-import org.apache.shiro.authz.Permission;
-import org.apache.shiro.realm.AuthorizingRealm;
-import org.apache.shiro.subject.PrincipalCollection;
-
-public class CustomAuthRealm extends AuthorizingRealm{
- public static final String REALM_NAME = "CUSTOMAUTHREALM";
-
- private static final Logger logger = LogManager.getLogger(CustomAuthRealm.class);
- private String authzFactoryName;
- private String postAuthzFactoryName;
- private String authenticatorFactoryName;
- private Properties securityProps = null;
- private ConcurrentMap<Principal, AccessControl> cachedAuthZCallback;
- private ConcurrentMap<Principal, AccessControl> cachedPostAuthZCallback;
-
- public CustomAuthRealm(Properties securityProps) {
- this.securityProps = securityProps;
- this.authzFactoryName = securityProps.getProperty(DistributionConfig.SECURITY_CLIENT_ACCESSOR_NAME);
- this.postAuthzFactoryName = securityProps.getProperty(DistributionConfig.SECURITY_CLIENT_ACCESSOR_PP_NAME);
- this.authenticatorFactoryName = securityProps.getProperty(DistributionConfig.SECURITY_CLIENT_AUTHENTICATOR_NAME);
- this.cachedAuthZCallback = new ConcurrentHashMap<>();
- this.cachedPostAuthZCallback = new ConcurrentHashMap<>();
- }
-
- @Override
- protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
- UsernamePasswordToken authToken = (UsernamePasswordToken) token;
- String username = authToken.getUsername();
- String password = new String(authToken.getPassword());
-
- Properties credentialProps = new Properties();
- credentialProps.put(ResourceConstants.USER_NAME, username);
- credentialProps.put(ResourceConstants.PASSWORD, password);
-
- Principal principal = getAuthenticator(securityProps).authenticate(credentialProps);
-
- return new SimpleAuthenticationInfo(principal, authToken.getPassword(), REALM_NAME);
- }
-
-
- @Override
- protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
- // we intercepted the call to this method by overriding the isPermitted call
- return null;
- }
-
- @Override
- public boolean isPermitted(PrincipalCollection principals, Permission permission) {
- OperationContext context =(OperationContext)permission;
- Principal principal = (Principal)principals.getPrimaryPrincipal();
- // if no access control is specified, then we allow all
- if(StringUtils.isBlank(authzFactoryName))
- return true;
- AccessControl accessControl = getAccessControl(principal, false);
- return accessControl.authorizeOperation(context.getRegionName(), context);
- }
-
- public AccessControl getAccessControl(Principal principal, boolean isPost) {
- if (!isPost) {
- if (cachedAuthZCallback.containsKey(principal)) {
- return cachedAuthZCallback.get(principal);
- } else if (!StringUtils.isBlank(authzFactoryName)) {
- try {
- Method authzMethod = ClassLoadUtil.methodFromName(authzFactoryName);
- AccessControl authzCallback = (AccessControl) authzMethod.invoke(null, (Object[]) null);
- authzCallback.init(principal, null);
- cachedAuthZCallback.put(principal, authzCallback);
- return authzCallback;
- } catch (Exception ex) {
- throw new AuthenticationFailedException(
- LocalizedStrings.HandShake_FAILED_TO_ACQUIRE_AUTHENTICATOR_OBJECT.toLocalizedString(), ex);
- }
- }
- } else {
- if (cachedPostAuthZCallback.containsKey(principal)) {
- return cachedPostAuthZCallback.get(principal);
- } else if (!StringUtils.isBlank(postAuthzFactoryName)) {
- try {
- Method authzMethod = ClassLoadUtil.methodFromName(postAuthzFactoryName);
- AccessControl postAuthzCallback = (AccessControl) authzMethod.invoke(null, (Object[]) null);
- postAuthzCallback.init(principal, null);
- cachedPostAuthZCallback.put(principal, postAuthzCallback);
- return postAuthzCallback;
- } catch (Exception ex) {
- throw new AuthenticationFailedException(
- LocalizedStrings.HandShake_FAILED_TO_ACQUIRE_AUTHENTICATOR_OBJECT.toLocalizedString(), ex);
- }
- }
- }
- return null;
- }
-
- private Authenticator getAuthenticator(Properties gfSecurityProperties) throws AuthenticationFailedException {
- Authenticator auth;
- try {
- Method instanceGetter = ClassLoadUtil.methodFromName(this.authenticatorFactoryName);
- auth = (Authenticator) instanceGetter.invoke(null, (Object[]) null);
- } catch (Exception ex) {
- throw new AuthenticationFailedException(
- LocalizedStrings.HandShake_FAILED_TO_ACQUIRE_AUTHENTICATOR_OBJECT.toLocalizedString(), ex);
- }
- if (auth == null) {
- throw new AuthenticationFailedException(
- LocalizedStrings.HandShake_AUTHENTICATOR_INSTANCE_COULD_NOT_BE_OBTAINED.toLocalizedString());
- }
- auth.init(gfSecurityProperties);
- return auth;
- }
-
- public void postAuthorize(OperationContext context) {
- if (StringUtils.isBlank(postAuthzFactoryName)){
- return ;
- }
-
- AccessControlContext acc = AccessController.getContext();
- Subject subject = Subject.getSubject(acc);
- Set<JMXPrincipal> principals = subject.getPrincipals(JMXPrincipal.class);
- if (principals == null || principals.isEmpty()) {
- throw new SecurityException(ACCESS_DENIED_MESSAGE);
- }
- Principal principal = principals.iterator().next();
- AccessControl accessControl = getAccessControl(principal, true);
- if (!accessControl.authorizeOperation(null, context)) {
- throw new SecurityException(ACCESS_DENIED_MESSAGE);
- }
- }
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f04b6695/geode-core/src/main/java/com/gemstone/gemfire/security/GeodeSecurityUtil.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/security/GeodeSecurityUtil.java b/geode-core/src/main/java/com/gemstone/gemfire/security/GeodeSecurityUtil.java
deleted file mode 100644
index 148a963..0000000
--- a/geode-core/src/main/java/com/gemstone/gemfire/security/GeodeSecurityUtil.java
+++ /dev/null
@@ -1,163 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.gemstone.gemfire.security;
-
-import java.util.concurrent.Callable;
-
-import com.gemstone.gemfire.cache.operations.OperationContext;
-import com.gemstone.gemfire.cache.operations.OperationContext.OperationCode;
-import com.gemstone.gemfire.cache.operations.OperationContext.Resource;
-import com.gemstone.gemfire.internal.logging.LogService;
-import com.gemstone.gemfire.management.internal.security.ResourceOperation;
-import com.gemstone.gemfire.management.internal.security.ResourceOperationContext;
-
-import org.apache.commons.lang.StringUtils;
-import org.apache.logging.log4j.Logger;
-import org.apache.shiro.SecurityUtils;
-import org.apache.shiro.ShiroException;
-import org.apache.shiro.UnavailableSecurityManagerException;
-import org.apache.shiro.authc.UsernamePasswordToken;
-import org.apache.shiro.subject.Subject;
-import org.apache.shiro.util.ThreadContext;
-
-public class GeodeSecurityUtil {
-
- private static Logger logger = LogService.getLogger();
-
- public static void login(String username, String password){
- if(!isShiroConfigured())
- return;
-
- Subject currentUser = SecurityUtils.getSubject();
-
- UsernamePasswordToken token =
- new UsernamePasswordToken(username, password);
- try {
- logger.info("Logging in "+username+"/"+password);
- currentUser.login(token);
- } catch (ShiroException e) {
- throw new AuthenticationFailedException(e.getMessage(), e);
- }
- }
-
- public static void logout(){
- if(!isShiroConfigured())
- return;
-
- Subject currentUser = SecurityUtils.getSubject();
- try {
- logger.info("Logging out "+currentUser.getPrincipal());
- currentUser.logout();
- }
- catch(ShiroException e){
- throw new AuthenticationFailedException(e.getMessage(), e);
- }
- // clean out Shiro's thread local content
- ThreadContext.remove();
- }
-
- public static Callable associateWith(Callable callable){
- if(!isShiroConfigured())
- return callable;
-
- Subject currentUser = SecurityUtils.getSubject();
- return currentUser.associateWith(callable);
- }
-
- public static void authorize(ResourceOperation resourceOperation) {
- if(resourceOperation==null)
- return;
-
- authorize(resourceOperation.resource().name(),
- resourceOperation.operation().name(),
- null);
- }
-
- public static void authorizeClusterManage(){
- authorize("CLUSTER", "MANAGE");
- }
-
- public static void authorizeClusterWrite(){
- authorize("CLUSTER", "WRITE");
- }
-
- public static void authorizeClusterRead(){
- authorize("CLUSTER", "READ");
- }
-
- public static void authorizeDataManage(){
- authorize("DATA", "MANAGE");
- }
-
- public static void authorizeDataWrite(){
- authorize("DATA", "WRITE");
- }
-
- public static void authorizeDataRead(){
- authorize("DATA", "READ");
- }
-
- public static void authorizeRegionWrite(String regionName){
- authorize("DATA", "WRITE", regionName);
- }
-
- public static void authorizeRegionRead(String regionName){
- authorize("DATA", "READ", regionName);
- }
-
- public static void authorize(String resource, String operation){
- authorize(resource, operation, null);
- }
-
- private static void authorize(String resource, String operation, String regionName){
- regionName = StringUtils.stripStart(regionName, "/");
- authorize(new ResourceOperationContext(resource, operation, regionName));
- }
-
- public static void authorize(OperationContext context) {
- if(context==null)
- return;
-
- if(context.getResource()== Resource.NULL && context.getOperationCode()== OperationCode.NULL)
- return;
-
- if(!isShiroConfigured())
- return;
-
-
- Subject currentUser = SecurityUtils.getSubject();
- try {
- currentUser.checkPermission(context);
- }
- catch(ShiroException e){
- logger.info(currentUser.getPrincipal() + " not authorized for " + context);
- throw new GemFireSecurityException(e.getMessage(), e);
- }
- }
-
- private static boolean isShiroConfigured(){
- try{
- SecurityUtils.getSecurityManager();
- }
- catch(UnavailableSecurityManagerException e){
- return false;
- }
- return true;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f04b6695/geode-core/src/main/java/com/gemstone/gemfire/security/JMXShiroAuthenticator.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/security/JMXShiroAuthenticator.java b/geode-core/src/main/java/com/gemstone/gemfire/security/JMXShiroAuthenticator.java
deleted file mode 100644
index c55e700..0000000
--- a/geode-core/src/main/java/com/gemstone/gemfire/security/JMXShiroAuthenticator.java
+++ /dev/null
@@ -1,68 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.security;
-
-import static com.gemstone.gemfire.management.internal.security.ResourceConstants.*;
-
-import java.util.Collections;
-import java.util.Properties;
-import javax.management.Notification;
-import javax.management.NotificationListener;
-import javax.management.remote.JMXAuthenticator;
-import javax.management.remote.JMXConnectionNotification;
-import javax.management.remote.JMXPrincipal;
-import javax.security.auth.Subject;
-
-import com.gemstone.gemfire.management.internal.security.ResourceConstants;
-
-/**
- * this will make JMX authentication to use Shiro for Authentication
- */
-
-public class JMXShiroAuthenticator implements JMXAuthenticator, NotificationListener {
-
- @Override
- public Subject authenticate(Object credentials) {
- String username = null, password = null;
- if (credentials instanceof String[]) {
- final String[] aCredentials = (String[]) credentials;
- username = aCredentials[0];
- password = aCredentials[1];
- } else if (credentials instanceof Properties) {
- username = ((Properties) credentials).getProperty(ResourceConstants.USER_NAME);
- password = ((Properties) credentials).getProperty(ResourceConstants.PASSWORD);
- } else {
- throw new SecurityException(WRONGE_CREDENTIALS_MESSAGE);
- }
-
- GeodeSecurityUtil.login(username, password);
-
- return new Subject(true, Collections.singleton(new JMXPrincipal(username)), Collections.EMPTY_SET,
- Collections.EMPTY_SET);
- }
-
- @Override
- public void handleNotification(Notification notification, Object handback) {
- if (notification instanceof JMXConnectionNotification) {
- JMXConnectionNotification cxNotification = (JMXConnectionNotification) notification;
- String type = cxNotification.getType();
- if (JMXConnectionNotification.CLOSED.equals(type)) {
- GeodeSecurityUtil.logout();
- }
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f04b6695/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilCustomRealmJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilCustomRealmJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilCustomRealmJUnitTest.java
index cc6af0e..0bf3cab 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilCustomRealmJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilCustomRealmJUnitTest.java
@@ -20,7 +20,7 @@ package com.gemstone.gemfire.management.internal.security;
import java.util.Properties;
import com.gemstone.gemfire.distributed.internal.DistributionConfig;
-import com.gemstone.gemfire.security.CustomAuthRealm;
+import com.gemstone.gemfire.internal.security.shiro.CustomAuthRealm;
import com.gemstone.gemfire.test.junit.categories.UnitTest;
import org.apache.shiro.SecurityUtils;
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f04b6695/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilWithIniFileJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilWithIniFileJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilWithIniFileJUnitTest.java
index 4ad390d..fe80180 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilWithIniFileJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilWithIniFileJUnitTest.java
@@ -21,7 +21,7 @@ import static org.assertj.core.api.Assertions.*;
import com.gemstone.gemfire.cache.operations.OperationContext;
import com.gemstone.gemfire.security.GemFireSecurityException;
-import com.gemstone.gemfire.security.GeodeSecurityUtil;
+import com.gemstone.gemfire.internal.security.GeodeSecurityUtil;
import com.gemstone.gemfire.test.junit.categories.UnitTest;
import org.apache.shiro.SecurityUtils;
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f04b6695/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/Server.java
----------------------------------------------------------------------
diff --git a/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/Server.java b/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/Server.java
index 0ae5d26..3759895 100644
--- a/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/Server.java
+++ b/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/Server.java
@@ -42,8 +42,8 @@ import com.gemstone.gemfire.management.internal.security.AccessControlMBean;
import com.gemstone.gemfire.management.internal.security.JSONAuthorization;
import com.gemstone.gemfire.management.internal.security.MBeanServerWrapper;
import com.gemstone.gemfire.management.internal.security.ResourceConstants;
-import com.gemstone.gemfire.security.CustomAuthRealm;
-import com.gemstone.gemfire.security.JMXShiroAuthenticator;
+import com.gemstone.gemfire.internal.security.shiro.CustomAuthRealm;
+import com.gemstone.gemfire.internal.security.shiro.JMXShiroAuthenticator;
import com.vmware.gemfire.tools.pulse.internal.data.PulseConstants;
import org.apache.shiro.SecurityUtils;