GEODE-1648: commits related to security-enabled-components.

Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/f77f46d4
Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/f77f46d4
Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/f77f46d4

Branch: refs/heads/GEODE-1648
Commit: f77f46d40ff512892e1fba04792429745132e030
Parents: efd0117
Author: Jinmei Liao <jil...@pivotal.io>
Authored: Tue Sep 20 10:40:31 2016 -0700
Committer: Jinmei Liao <jil...@pivotal.io>
Committed: Tue Sep 20 10:40:31 2016 -0700

----------------------------------------------------------------------
 .../client/internal/ConnectionFactoryImpl.java  |  11 +-
 .../distributed/ConfigurationProperties.java    |  16 ++
 .../internal/AbstractDistributionConfig.java    |  26 +++
 .../internal/DistributionConfig.java            |  29 ++++
 .../internal/DistributionConfigImpl.java        |  20 +++
 .../membership/gms/auth/GMSAuthenticator.java   |   2 +-
 .../membership/gms/fd/GMSHealthMonitor.java     |   1 +
 .../internal/tcpserver/TcpClient.java           |   1 +
 .../internal/tcpserver/TcpServer.java           |   1 +
 .../apache/geode/internal/admin/SSLConfig.java  |   1 +
 .../cache/tier/sockets/AcceptorImpl.java        |   4 +-
 .../geode/internal/net/SocketCreator.java       |   1 +
 .../security/IntegratedSecurityService.java     | 145 +++++++++++++++--
 .../internal/security/SecurableComponent.java   |  55 +++++++
 .../internal/security/SecurityService.java      |  73 ++-------
 .../apache/geode/internal/tcp/TCPConduit.java   |   1 +
 .../geode/management/GemFireProperties.java     |   1 +
 .../management/internal/ManagementAgent.java    |  13 +-
 .../geode/security/SecurableComponents.java     |  62 +++++++
 .../CacheServerSSLConnectionDUnitTest.java      |   7 +-
 .../LocatorLauncherRemoteIntegrationTest.java   |  29 ++--
 .../ServerLauncherRemoteIntegrationTest.java    |  34 ++--
 .../AbstractDistributionConfigTest.java         |  78 +++++++++
 .../internal/DistributionConfigJUnitTest.java   |  89 +++++++++-
 .../security/IntegratedSecurityServiceTest.java | 163 +++++++++++++++++--
 .../security/SecurityConfigIntegrationTest.java |  57 +++++++
 .../ConnectToLocatorSSLDUnitTest.java           |   1 +
 .../geode/management/JMXMBeanDUnitTest.java     |   1 +
 ...edSecurityCacheLifecycleDistributedTest.java |  14 +-
 .../security/P2PAuthenticationDUnitTest.java    |  32 ++--
 .../geode/codeAnalysis/excludedClasses.txt      |   1 +
 31 files changed, 800 insertions(+), 169 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f77f46d4/geode-core/src/main/java/org/apache/geode/cache/client/internal/ConnectionFactoryImpl.java
----------------------------------------------------------------------
diff --git 
a/geode-core/src/main/java/org/apache/geode/cache/client/internal/ConnectionFactoryImpl.java
 
b/geode-core/src/main/java/org/apache/geode/cache/client/internal/ConnectionFactoryImpl.java
index 92b3dae..b6460eb 100644
--- 
a/geode-core/src/main/java/org/apache/geode/cache/client/internal/ConnectionFactoryImpl.java
+++ 
b/geode-core/src/main/java/org/apache/geode/cache/client/internal/ConnectionFactoryImpl.java
@@ -16,10 +16,6 @@
  */
 package org.apache.geode.cache.client.internal;
 
-import java.util.HashSet;
-import java.util.Set;
-import java.util.concurrent.ScheduledExecutorService;
-
 import org.apache.geode.CancelCriterion;
 import org.apache.geode.CancelException;
 import org.apache.geode.cache.GatewayConfigurationException;
@@ -28,6 +24,7 @@ import 
org.apache.geode.cache.client.internal.ServerBlackList.FailureTracker;
 import org.apache.geode.cache.wan.GatewaySender;
 import org.apache.geode.distributed.internal.InternalDistributedSystem;
 import org.apache.geode.distributed.internal.ServerLocation;
+import org.apache.geode.internal.net.SocketCreator;
 import org.apache.geode.internal.cache.tier.Acceptor;
 import org.apache.geode.internal.cache.tier.sockets.CacheClientUpdater;
 import org.apache.geode.internal.cache.tier.sockets.ClientProxyMembershipID;
@@ -35,12 +32,16 @@ import 
org.apache.geode.internal.cache.tier.sockets.HandShake;
 import org.apache.geode.internal.i18n.LocalizedStrings;
 import org.apache.geode.internal.logging.LogService;
 import org.apache.geode.internal.logging.log4j.LocalizedMessage;
-import org.apache.geode.internal.net.SocketCreator;
 import org.apache.geode.internal.net.SocketCreatorFactory;
 import org.apache.geode.internal.security.SecurableCommunicationChannel;
+import org.apache.geode.internal.security.SecurableComponent;
 import org.apache.geode.security.GemFireSecurityException;
 import org.apache.logging.log4j.Logger;
 
+import java.util.HashSet;
+import java.util.Set;
+import java.util.concurrent.ScheduledExecutorService;
+
 /**
  * Creates connections, using a connection source to determine
  * which server to connect to.

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f77f46d4/geode-core/src/main/java/org/apache/geode/distributed/ConfigurationProperties.java
----------------------------------------------------------------------
diff --git 
a/geode-core/src/main/java/org/apache/geode/distributed/ConfigurationProperties.java
 
b/geode-core/src/main/java/org/apache/geode/distributed/ConfigurationProperties.java
index 66b1472..d2dd371 100644
--- 
a/geode-core/src/main/java/org/apache/geode/distributed/ConfigurationProperties.java
+++ 
b/geode-core/src/main/java/org/apache/geode/distributed/ConfigurationProperties.java
@@ -1347,6 +1347,22 @@ public interface ConfigurationProperties {
    */
   String SECURITY_PEER_VERIFY_MEMBER_TIMEOUT = SECURITY_PREFIX + 
"peer-verifymember-timeout";
   /**
+   * The static String definition of the <i>"security-enabled-components"</i> 
property
+   * <a name="security-enabled-components"/>
+   * <p>
+   * <u>Description</u>: This setting is a comma delimited list of
+   * {@link org.apache.geode.security.SecurableComponents} specifying which 
components will be secured
+   * by a {@link #SECURITY_MANAGER}.
+   * <p>
+   * This property has no effect unless a {@link #SECURITY_MANAGER} is
+   * specified.
+   * <p>
+   * <u>Options</u>: "all","server","cluster","gateway","http","jmx"
+   * <p>
+   * <u>Since</u>: Geode 1.0
+   */
+  String SECURITY_ENABLED_COMPONENTS = SECURITY_PREFIX + "enabled-components";
+  /**
    * The static String definition of the <i>"server-bind-address"</i> property
    * <a name="server-bind-address"/a><p>
    * <U>Description</U>: The IP address that this distributed system's

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f77f46d4/geode-core/src/main/java/org/apache/geode/distributed/internal/AbstractDistributionConfig.java
----------------------------------------------------------------------
diff --git 
a/geode-core/src/main/java/org/apache/geode/distributed/internal/AbstractDistributionConfig.java
 
b/geode-core/src/main/java/org/apache/geode/distributed/internal/AbstractDistributionConfig.java
index 31fa4f6..727c5ab 100644
--- 
a/geode-core/src/main/java/org/apache/geode/distributed/internal/AbstractDistributionConfig.java
+++ 
b/geode-core/src/main/java/org/apache/geode/distributed/internal/AbstractDistributionConfig.java
@@ -42,6 +42,7 @@ import org.apache.geode.internal.i18n.LocalizedStrings;
 import org.apache.geode.internal.logging.LogWriterImpl;
 import org.apache.geode.internal.net.SocketCreator;
 import org.apache.geode.internal.security.SecurableCommunicationChannel;
+import org.apache.geode.internal.security.SecurableComponent;
 import org.apache.geode.memcached.GemFireMemcachedServer;
 
 /**
@@ -495,6 +496,29 @@ public abstract class AbstractDistributionConfig extends 
AbstractConfig implemen
     return value;
   }
 
+  /**
+   * First check if sslComponents are in the list of valid components. If so, 
check that no other *-ssl-* properties other than cluster-ssl-* are set.
+   * This would mean one is mixing the "old" with the "new"
+   */
+  @ConfigAttributeChecker(name = SECURITY_ENABLED_COMPONENTS)
+  protected String checkSecurityEnabledComponents(String value) {
+    // value with no commas
+    // empty value
+    // null
+    if (StringUtils.isEmpty(value) || 
SecurableComponent.NONE.name().equalsIgnoreCase(value)) {
+      return value;
+    }
+    if (!value.contains(",")) {
+      SecurableComponent.getEnum(value);
+      return value;
+    }
+    StringTokenizer stringTokenizer = new StringTokenizer(value, ",");
+    while (stringTokenizer.hasMoreTokens()) {
+      SecurableComponent.getEnum(stringTokenizer.nextToken());
+    }
+    return value;
+  }
+
   // AbstractConfig overriding methods
 
   @Override
@@ -950,6 +974,8 @@ public abstract class AbstractDistributionConfig extends 
AbstractConfig implemen
     m.put(SECURITY_MANAGER, "User defined fully qualified class name 
implementing SecurityManager interface for integrated security. Defaults to 
\"{0}\". Legal values can be any \"class name\" implementing SecurityManager 
that is present in the classpath.");
     m.put(SECURITY_POST_PROCESSOR, "User defined fully qualified class name 
implementing PostProcessor interface for integrated security. Defaults to 
\"{0}\". Legal values can be any \"class name\" implementing PostProcessor that 
is present in the classpath.");
 
+    m.put(SECURITY_ENABLED_COMPONENTS, "A comma delimited list of components 
that should be secured");
+
     m.put(SSL_ENABLED_COMPONENTS, "A comma delimited list of components that 
require SSL communications");
 
     m.put(SSL_CIPHERS, "List of available SSL cipher suites that are to be 
enabled. Defaults to \"" + DEFAULT_SSL_CIPHERS + "\" meaning your provider''s 
defaults.");

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f77f46d4/geode-core/src/main/java/org/apache/geode/distributed/internal/DistributionConfig.java
----------------------------------------------------------------------
diff --git 
a/geode-core/src/main/java/org/apache/geode/distributed/internal/DistributionConfig.java
 
b/geode-core/src/main/java/org/apache/geode/distributed/internal/DistributionConfig.java
index 9da08da..692c2b9 100644
--- 
a/geode-core/src/main/java/org/apache/geode/distributed/internal/DistributionConfig.java
+++ 
b/geode-core/src/main/java/org/apache/geode/distributed/internal/DistributionConfig.java
@@ -4595,6 +4595,35 @@ public interface DistributionConfig extends Config, 
LogConfig {
    */
   boolean DEFAULT_SSL_HTTP_SERVICE_REQUIRE_AUTHENTICATION = false;
 
+  /**
+   * Returns the value of the {@link 
ConfigurationProperties#SECURITY_ENABLED_COMPONENTS}
+   * property.
+   * @since Geode 1.0
+   */
+  @ConfigAttributeGetter(name = SECURITY_ENABLED_COMPONENTS)
+  String getSecurityEnabledComponents();
+
+  /**
+   * Sets the value of the {@link 
ConfigurationProperties#SECURITY_ENABLED_COMPONENTS}
+   * property.
+   * @since Geode 1.0
+   */
+  @ConfigAttributeSetter(name = SECURITY_ENABLED_COMPONENTS)
+  void setSecurityEnabledComponents(String securityEnabledComponents);
+
+  /**
+   * The name of the {@link 
ConfigurationProperties#SECURITY_ENABLED_COMPONENTS} property
+   * @since Geode 1.0
+   */
+  @ConfigAttribute(type = String.class)
+  String SECURITY_ENABLED_COMPONENTS_NAME = SECURITY_ENABLED_COMPONENTS;
+
+  /**
+   * The default ssl enabled components
+   * @since Geode 1.0
+   */
+  String DEFAULT_SECURITY_ENABLED_COMPONENTS = "all";
+
   //*************** Initializers to gather all the annotations in this class 
************************
 
   Map<String, ConfigAttribute> attributes = new HashMap<>();

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f77f46d4/geode-core/src/main/java/org/apache/geode/distributed/internal/DistributionConfigImpl.java
----------------------------------------------------------------------
diff --git 
a/geode-core/src/main/java/org/apache/geode/distributed/internal/DistributionConfigImpl.java
 
b/geode-core/src/main/java/org/apache/geode/distributed/internal/DistributionConfigImpl.java
index 4d3d751..5a3ec27 100644
--- 
a/geode-core/src/main/java/org/apache/geode/distributed/internal/DistributionConfigImpl.java
+++ 
b/geode-core/src/main/java/org/apache/geode/distributed/internal/DistributionConfigImpl.java
@@ -38,6 +38,7 @@ import org.apache.commons.lang.StringUtils;
 import org.apache.commons.lang.builder.EqualsBuilder;
 import org.apache.commons.lang.builder.HashCodeBuilder;
 import org.apache.geode.redis.GeodeRedisServer;
+import org.apache.geode.security.SecurableComponents;
 
 import org.apache.geode.GemFireConfigException;
 import org.apache.geode.GemFireIOException;
@@ -49,6 +50,7 @@ import org.apache.geode.internal.i18n.LocalizedStrings;
 import org.apache.geode.internal.net.SocketCreator;
 import org.apache.geode.internal.process.ProcessLauncherContext;
 import org.apache.geode.internal.security.SecurableCommunicationChannel;
+import org.apache.geode.internal.security.SecurableComponent;
 import org.apache.geode.memcached.GemFireMemcachedServer;
 
 /**
@@ -572,6 +574,8 @@ public class DistributionConfigImpl extends 
AbstractDistributionConfig implement
 
   protected String userCommandPackages = DEFAULT_USER_COMMAND_PACKAGES;
 
+  private String securityEnabledComponents = 
DEFAULT_SECURITY_ENABLED_COMPONENTS;
+
   /**
    * "off-heap-memory-size" with value of "" or "<size>[g|m]"
    */
@@ -763,6 +767,7 @@ public class DistributionConfigImpl extends 
AbstractDistributionConfig implement
     this.securityManager = other.getSecurityManager();
     this.postProcessor = other.getPostProcessor();
 
+    this.securityEnabledComponents = ((DistributionConfigImpl) 
other).securityEnabledComponents;
     this.clusterSSLAlias = other.getClusterSSLAlias();
     this.gatewaySSLAlias = other.getGatewaySSLAlias();
     this.httpServiceSSLAlias = other.getHTTPServiceSSLAlias();
@@ -2188,6 +2193,9 @@ public class DistributionConfigImpl extends 
AbstractDistributionConfig implement
   }
 
   public Properties getSecurityProps() {
+    if (security.containsKey(SECURITY_MANAGER) && 
!security.containsKey(SECURITY_ENABLED_COMPONENTS)) {
+      security.setProperty(SECURITY_ENABLED_COMPONENTS, 
SecurableComponents.ALL);
+    }
     return security;
   }
 
@@ -2506,6 +2514,16 @@ public class DistributionConfigImpl extends 
AbstractDistributionConfig implement
   }
 
   @Override
+  public String getSecurityEnabledComponents() {
+    return securityEnabledComponents;
+  }
+
+  @Override
+  public void setSecurityEnabledComponents(final String 
securityEnabledComponents) {
+    this.securityEnabledComponents = securityEnabledComponents;
+  }
+
+  @Override
   public String getClusterSSLAlias() {
     return clusterSSLAlias;
   }
@@ -2862,6 +2880,7 @@ public class DistributionConfigImpl extends 
AbstractDistributionConfig implement
                               .append(sslDefaultAlias, that.sslDefaultAlias)
                               .append(sourceMap, that.sourceMap)
                               .append(userCommandPackages, 
that.userCommandPackages)
+                              .append(securityEnabledComponents, 
that.securityEnabledComponents)
                               .append(offHeapMemorySize, 
that.offHeapMemorySize)
                               .append(shiroInit, that.shiroInit)
                               .isEquals();
@@ -3037,6 +3056,7 @@ public class DistributionConfigImpl extends 
AbstractDistributionConfig implement
                                       .append(sslDefaultAlias)
                                       .append(sourceMap)
                                       .append(userCommandPackages)
+                                      .append(securityEnabledComponents)
                                       .append(offHeapMemorySize)
                                       .append(lockMemory)
                                       .append(shiroInit)

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f77f46d4/geode-core/src/main/java/org/apache/geode/distributed/internal/membership/gms/auth/GMSAuthenticator.java
----------------------------------------------------------------------
diff --git 
a/geode-core/src/main/java/org/apache/geode/distributed/internal/membership/gms/auth/GMSAuthenticator.java
 
b/geode-core/src/main/java/org/apache/geode/distributed/internal/membership/gms/auth/GMSAuthenticator.java
index 3f030c9..a448d8c 100755
--- 
a/geode-core/src/main/java/org/apache/geode/distributed/internal/membership/gms/auth/GMSAuthenticator.java
+++ 
b/geode-core/src/main/java/org/apache/geode/distributed/internal/membership/gms/auth/GMSAuthenticator.java
@@ -106,7 +106,7 @@ public class GMSAuthenticator implements Authenticator {
    * Method is package protected to be used in testing.
    */
   String authenticate(DistributedMember member, Properties credentials, 
Properties secProps, DistributedMember localMember) throws 
AuthenticationFailedException {
-    if (!securityService.isPeerSecurityRequired()) {
+    if (!this.securityService.isPeerSecurityRequired()) {
       return null;
     }
 

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f77f46d4/geode-core/src/main/java/org/apache/geode/distributed/internal/membership/gms/fd/GMSHealthMonitor.java
----------------------------------------------------------------------
diff --git 
a/geode-core/src/main/java/org/apache/geode/distributed/internal/membership/gms/fd/GMSHealthMonitor.java
 
b/geode-core/src/main/java/org/apache/geode/distributed/internal/membership/gms/fd/GMSHealthMonitor.java
index aafb498..5717c30 100644
--- 
a/geode-core/src/main/java/org/apache/geode/distributed/internal/membership/gms/fd/GMSHealthMonitor.java
+++ 
b/geode-core/src/main/java/org/apache/geode/distributed/internal/membership/gms/fd/GMSHealthMonitor.java
@@ -66,6 +66,7 @@ import org.apache.geode.internal.ConnectionWatcher;
 import org.apache.geode.internal.Version;
 import org.apache.geode.internal.net.SocketCreatorFactory;
 import org.apache.geode.internal.security.SecurableCommunicationChannel;
+import org.apache.geode.internal.security.SecurableComponent;
 
 /**
  * Failure Detection

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f77f46d4/geode-core/src/main/java/org/apache/geode/distributed/internal/tcpserver/TcpClient.java
----------------------------------------------------------------------
diff --git 
a/geode-core/src/main/java/org/apache/geode/distributed/internal/tcpserver/TcpClient.java
 
b/geode-core/src/main/java/org/apache/geode/distributed/internal/tcpserver/TcpClient.java
index def631f..495a85b 100644
--- 
a/geode-core/src/main/java/org/apache/geode/distributed/internal/tcpserver/TcpClient.java
+++ 
b/geode-core/src/main/java/org/apache/geode/distributed/internal/tcpserver/TcpClient.java
@@ -41,6 +41,7 @@ import org.apache.geode.internal.logging.LogService;
 import org.apache.geode.internal.net.SocketCreator;
 import org.apache.geode.internal.net.SocketCreatorFactory;
 import org.apache.geode.internal.security.SecurableCommunicationChannel;
+import org.apache.geode.internal.security.SecurableComponent;
 
 /**
  * <p>Client for the TcpServer component of the Locator.

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f77f46d4/geode-core/src/main/java/org/apache/geode/distributed/internal/tcpserver/TcpServer.java
----------------------------------------------------------------------
diff --git 
a/geode-core/src/main/java/org/apache/geode/distributed/internal/tcpserver/TcpServer.java
 
b/geode-core/src/main/java/org/apache/geode/distributed/internal/tcpserver/TcpServer.java
index 3c07771..bd6a8f8 100755
--- 
a/geode-core/src/main/java/org/apache/geode/distributed/internal/tcpserver/TcpServer.java
+++ 
b/geode-core/src/main/java/org/apache/geode/distributed/internal/tcpserver/TcpServer.java
@@ -61,6 +61,7 @@ import org.apache.geode.internal.logging.LogService;
 import org.apache.geode.internal.net.SocketCreator;
 import org.apache.geode.internal.net.SocketCreatorFactory;
 import org.apache.geode.internal.security.SecurableCommunicationChannel;
+import org.apache.geode.internal.security.SecurableComponent;
 
 /**
  * TCP server which listens on a port and delegates requests to a request

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f77f46d4/geode-core/src/main/java/org/apache/geode/internal/admin/SSLConfig.java
----------------------------------------------------------------------
diff --git 
a/geode-core/src/main/java/org/apache/geode/internal/admin/SSLConfig.java 
b/geode-core/src/main/java/org/apache/geode/internal/admin/SSLConfig.java
index 6f0c52f..4b96d55 100755
--- a/geode-core/src/main/java/org/apache/geode/internal/admin/SSLConfig.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/admin/SSLConfig.java
@@ -23,6 +23,7 @@ import java.util.Properties;
 
 import org.apache.geode.distributed.internal.DistributionConfig;
 import org.apache.geode.internal.security.SecurableCommunicationChannel;
+import org.apache.geode.internal.security.SecurableComponent;
 import org.apache.geode.management.internal.SSLUtil;
 
 /**

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f77f46d4/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/AcceptorImpl.java
----------------------------------------------------------------------
diff --git 
a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/AcceptorImpl.java
 
b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/AcceptorImpl.java
index 74fca50..5bddfa5 100644
--- 
a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/AcceptorImpl.java
+++ 
b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/AcceptorImpl.java
@@ -87,6 +87,7 @@ import org.apache.geode.internal.logging.LoggingThreadGroup;
 import org.apache.geode.internal.logging.log4j.LocalizedMessage;
 import org.apache.geode.internal.security.IntegratedSecurityService;
 import org.apache.geode.internal.security.SecurableCommunicationChannel;
+import org.apache.geode.internal.security.SecurableComponent;
 import org.apache.geode.internal.security.SecurityService;
 import org.apache.geode.internal.net.SocketCreatorFactory;
 import org.apache.geode.internal.tcp.ConnectionTable;
@@ -629,7 +630,8 @@ public class AcceptorImpl extends Acceptor implements 
Runnable
       this.hsPool = tmp_hsPool;
     }
 
-    isAuthenticationRequired = this.securityService.isClientSecurityRequired();
+    isAuthenticationRequired = (this.isGatewayReceiver && 
this.securityService.isGatewaySecurityRequired()) ||
+                               (! this.isGatewayReceiver && 
this.securityService.isClientSecurityRequired());
 
     isIntegratedSecurity = this.securityService.isIntegratedSecurity();
 

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f77f46d4/geode-core/src/main/java/org/apache/geode/internal/net/SocketCreator.java
----------------------------------------------------------------------
diff --git 
a/geode-core/src/main/java/org/apache/geode/internal/net/SocketCreator.java 
b/geode-core/src/main/java/org/apache/geode/internal/net/SocketCreator.java
index bc1e896..c6ad9ce 100755
--- a/geode-core/src/main/java/org/apache/geode/internal/net/SocketCreator.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/net/SocketCreator.java
@@ -97,6 +97,7 @@ import org.apache.geode.internal.i18n.LocalizedStrings;
 import org.apache.geode.internal.logging.LogService;
 import org.apache.geode.internal.logging.log4j.LocalizedMessage;
 import org.apache.geode.internal.security.SecurableCommunicationChannel;
+import org.apache.geode.internal.security.SecurableComponent;
 import org.apache.geode.internal.util.PasswordUtil;
 
 /**

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f77f46d4/geode-core/src/main/java/org/apache/geode/internal/security/IntegratedSecurityService.java
----------------------------------------------------------------------
diff --git 
a/geode-core/src/main/java/org/apache/geode/internal/security/IntegratedSecurityService.java
 
b/geode-core/src/main/java/org/apache/geode/internal/security/IntegratedSecurityService.java
index a515de5..a328acb 100644
--- 
a/geode-core/src/main/java/org/apache/geode/internal/security/IntegratedSecurityService.java
+++ 
b/geode-core/src/main/java/org/apache/geode/internal/security/IntegratedSecurityService.java
@@ -20,6 +20,7 @@ import static 
org.apache.geode.distributed.ConfigurationProperties.*;
 
 import java.io.IOException;
 import java.io.Serializable;
+import java.lang.reflect.Method;
 import java.security.AccessController;
 import java.util.Properties;
 import java.util.Set;
@@ -27,22 +28,11 @@ import java.util.concurrent.Callable;
 
 import org.apache.commons.lang.SerializationException;
 import org.apache.commons.lang.StringUtils;
-import org.apache.geode.GemFireIOException;
-import org.apache.geode.internal.cache.EntryEventImpl;
-import org.apache.geode.internal.logging.LogService;
-import org.apache.geode.internal.security.shiro.CustomAuthRealm;
-import org.apache.geode.internal.security.shiro.GeodeAuthenticationToken;
-import org.apache.geode.internal.security.shiro.ShiroPrincipal;
-import org.apache.geode.internal.util.BlobHelper;
-import org.apache.geode.management.internal.security.ResourceConstants;
-import org.apache.geode.management.internal.security.ResourceOperation;
-import org.apache.geode.security.AuthenticationFailedException;
-import org.apache.geode.security.GemFireSecurityException;
-import org.apache.geode.security.NotAuthorizedException;
 import org.apache.geode.security.PostProcessor;
 import org.apache.geode.security.ResourcePermission;
 import org.apache.geode.security.ResourcePermission.Operation;
 import org.apache.geode.security.ResourcePermission.Resource;
+import org.apache.geode.security.SecurableComponents;
 import org.apache.geode.security.SecurityManager;
 import org.apache.logging.log4j.Logger;
 import org.apache.shiro.SecurityUtils;
@@ -56,6 +46,21 @@ import org.apache.shiro.subject.support.SubjectThreadState;
 import org.apache.shiro.util.ThreadContext;
 import org.apache.shiro.util.ThreadState;
 
+import org.apache.geode.GemFireIOException;
+import org.apache.geode.distributed.internal.DistributionConfig;
+import org.apache.geode.internal.ClassLoadUtil;
+import org.apache.geode.internal.cache.EntryEventImpl;
+import org.apache.geode.internal.logging.LogService;
+import org.apache.geode.internal.security.shiro.CustomAuthRealm;
+import org.apache.geode.internal.security.shiro.GeodeAuthenticationToken;
+import org.apache.geode.internal.security.shiro.ShiroPrincipal;
+import org.apache.geode.internal.util.BlobHelper;
+import org.apache.geode.management.internal.security.ResourceConstants;
+import org.apache.geode.management.internal.security.ResourceOperation;
+import org.apache.geode.security.AuthenticationFailedException;
+import org.apache.geode.security.GemFireSecurityException;
+import org.apache.geode.security.NotAuthorizedException;
+
 public class IntegratedSecurityService implements SecurityService{
 
   private static Logger logger = 
LogService.getLogger(LogService.SECURITY_LOGGER_NAME);
@@ -77,6 +82,12 @@ public class IntegratedSecurityService implements 
SecurityService{
   private boolean isClientAuthenticator; // is there a 
SECURITY_CLIENT_AUTHENTICATOR
   private boolean isPeerAuthenticator; // is there a 
SECURITY_PEER_AUTHENTICATOR
 
+  private boolean isJmxSecurityRequired;
+  private boolean isHttpSecurityRequired;
+  private boolean isGatewaySecurityRequired;
+  private boolean isClusterSecurityRequired;
+  private boolean isServerSecurityRequired;
+
   /**
    * It first looks the shiro subject in AccessControlContext since JMX will
    * use multiple threads to process operations from the same client, then it
@@ -311,6 +322,17 @@ public class IntegratedSecurityService implements 
SecurityService{
       return;
     }
 
+    String enabledComponentsString = 
securityProps.getProperty(SECURITY_ENABLED_COMPONENTS);
+    if (enabledComponentsString == null) {
+      enabledComponentsString = 
DistributionConfig.DEFAULT_SECURITY_ENABLED_COMPONENTS;
+    }
+
+    boolean isClusterSecured = 
enabledComponentsString.contains(SecurableComponents.ALL) || 
enabledComponentsString.contains(SecurableComponents.CLUSTER);
+    boolean isGatewaySecured = 
enabledComponentsString.contains(SecurableComponents.ALL) || 
enabledComponentsString.contains(SecurableComponents.GATEWAY);
+    boolean isHttpSecured = 
enabledComponentsString.contains(SecurableComponents.ALL) || 
enabledComponentsString.contains(SecurableComponents.HTTP_SERVICE);
+    boolean isJmxSecured = 
enabledComponentsString.contains(SecurableComponents.ALL) || 
enabledComponentsString.contains(SecurableComponents.JMX);
+    boolean isServerSecured = 
enabledComponentsString.contains(SecurableComponents.ALL) || 
enabledComponentsString.contains(SecurableComponents.SERVER);
+
     String shiroConfig = securityProps.getProperty(SECURITY_SHIRO_INIT);
     String securityConfig = securityProps.getProperty(SECURITY_MANAGER);
     String clientAuthenticatorConfig = 
securityProps.getProperty(SECURITY_CLIENT_AUTHENTICATOR);
@@ -332,7 +354,7 @@ public class IntegratedSecurityService implements 
SecurityService{
     }
     // only set up shiro realm if user has implemented SecurityManager
     else if (!StringUtils.isBlank(securityConfig)) {
-      securityManager = 
SecurityService.getObjectOfTypeFromClassName(securityConfig, 
SecurityManager.class);
+      securityManager = getObjectOfTypeFromClassName(securityConfig, 
SecurityManager.class);
       securityManager.init(securityProps);
       Realm realm = new CustomAuthRealm(securityManager);
       org.apache.shiro.mgt.SecurityManager shiroManager = new 
DefaultSecurityManager(realm);
@@ -351,10 +373,17 @@ public class IntegratedSecurityService implements 
SecurityService{
       isPeerAuthenticator = false;
     }
 
+    isServerSecurityRequired = isClientAuthenticator || (isIntegratedSecurity 
&& isServerSecured);
+    isClusterSecurityRequired = isPeerAuthenticator || (isIntegratedSecurity 
&& isClusterSecured);
+
+    isGatewaySecurityRequired = isClientAuthenticator || (isIntegratedSecurity 
&& isGatewaySecured);
+    isHttpSecurityRequired = isIntegratedSecurity && isHttpSecured;
+    isJmxSecurityRequired = isIntegratedSecurity && isJmxSecured;
+
     // this initializes the post processor
     String customPostProcessor = 
securityProps.getProperty(SECURITY_POST_PROCESSOR);
     if( !StringUtils.isBlank(customPostProcessor)) {
-      postProcessor = 
SecurityService.getObjectOfTypeFromClassName(customPostProcessor, 
PostProcessor.class);
+      postProcessor = getObjectOfTypeFromClassName(customPostProcessor, 
PostProcessor.class);
       postProcessor.init(securityProps);
     }
     else{
@@ -424,6 +453,74 @@ public class IntegratedSecurityService implements 
SecurityService{
     return newValue;
   }
 
+  private static void checkSameClass(Object obj1, Object obj2){
+
+  }
+
+  /**
+   * this method would never return null, it either throws an exception or
+   * returns an object
+   */
+  public static <T> T getObjectOfTypeFromClassName(String className, Class<T> 
expectedClazz) {
+    Class actualClass = null;
+    try {
+      actualClass = ClassLoadUtil.classFromName(className);
+    }
+    catch (Exception ex) {
+      throw new GemFireSecurityException("Instance could not be obtained, 
"+ex.toString(), ex);
+    }
+
+    if(!expectedClazz.isAssignableFrom(actualClass)){
+      throw new GemFireSecurityException("Instance could not be obtained. 
Expecting a "+expectedClazz.getName()+" class.");
+    }
+
+    T actualObject = null;
+    try {
+      actualObject =  (T)actualClass.newInstance();
+    } catch (Exception e) {
+      throw new GemFireSecurityException("Instance could not be obtained. 
Error instantiating "+actualClass.getName(), e);
+    }
+    return actualObject;
+  }
+
+  /**
+   * this method would never return null, it either throws an exception or
+   * returns an object
+   */
+  public static <T> T getObjectOfTypeFromFactoryMethod(String 
factoryMethodName, Class<T> expectedClazz){
+    T actualObject = null;
+    try {
+      Method factoryMethod = ClassLoadUtil.methodFromName(factoryMethodName);
+      actualObject = (T)factoryMethod.invoke(null, (Object[])null);
+    } catch (Exception e) {
+      throw new GemFireSecurityException("Instance could not be obtained from 
"+factoryMethodName, e);
+    }
+
+    if(actualObject == null){
+      throw new GemFireSecurityException("Instance could not be obtained from 
"+factoryMethodName);
+    }
+
+    return actualObject;
+  }
+
+  /**
+   * this method would never return null, it either throws an exception or
+   * returns an object
+   *
+   * @return an object of type expectedClazz. This method would never return
+   * null. It either returns an non-null object or throws exception.
+   */
+  public static <T> T getObjectOfType(String classOrMethod, Class<T> 
expectedClazz) {
+    T object = null;
+    try{
+      object = getObjectOfTypeFromClassName(classOrMethod, expectedClazz);
+    }
+    catch (Exception e){
+      object = getObjectOfTypeFromFactoryMethod(classOrMethod, expectedClazz);
+    }
+    return object;
+  }
+
   public SecurityManager getSecurityManager(){
     return securityManager;
   }
@@ -436,11 +533,23 @@ public class IntegratedSecurityService implements 
SecurityService{
     return isIntegratedSecurity;
   }
 
-  public boolean isClientSecurityRequired() {
-    return isClientAuthenticator || isIntegratedSecurity;
+  public boolean isClientSecurityRequired() { // TODO: rename as 
isServerSecurityRequired
+    return isServerSecurityRequired;
+  }
+
+  public boolean isPeerSecurityRequired() { // TODO: rename as 
isClusterSecurityRequired
+    return isClusterSecurityRequired;
+  }
+
+  public boolean isJmxSecurityRequired() {
+    return isJmxSecurityRequired;
+  }
+
+  public boolean isGatewaySecurityRequired() {
+    return isGatewaySecurityRequired;
   }
 
-  public boolean isPeerSecurityRequired() {
-    return isPeerAuthenticator || isIntegratedSecurity;
+  public boolean isHttpSecurityRequired() {
+    return isHttpSecurityRequired;
   }
 }

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f77f46d4/geode-core/src/main/java/org/apache/geode/internal/security/SecurableComponent.java
----------------------------------------------------------------------
diff --git 
a/geode-core/src/main/java/org/apache/geode/internal/security/SecurableComponent.java
 
b/geode-core/src/main/java/org/apache/geode/internal/security/SecurableComponent.java
new file mode 100644
index 0000000..1eac87c
--- /dev/null
+++ 
b/geode-core/src/main/java/org/apache/geode/internal/security/SecurableComponent.java
@@ -0,0 +1,55 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geode.internal.security;
+
+import org.apache.geode.GemFireConfigException;
+import org.apache.geode.security.SecurableComponents;
+
+public enum SecurableComponent {
+  ALL(SecurableComponents.ALL),
+  CLUSTER(SecurableComponents.CLUSTER),
+  SERVER(SecurableComponents.SERVER),
+  JMX(SecurableComponents.JMX),
+  HTTP_SERVICE(SecurableComponents.HTTP_SERVICE),
+  GATEWAY(SecurableComponents.GATEWAY),
+  LOCATOR(SecurableComponents.LOCATOR),
+  NONE("NO_COMPONENT");
+
+  private final String constant;
+
+  SecurableComponent(final String constant) {
+    this.constant = constant;
+  }
+
+  public static SecurableComponent getEnum(String enumString) {
+    for (SecurableComponent securableComponent : SecurableComponent.values()) {
+      if (securableComponent.constant.equalsIgnoreCase(enumString)) {
+        return securableComponent;
+      }
+    }
+    throw new GemFireConfigException("There is no registered component for the 
name: " + enumString);
+  }
+
+  public String getConstant() {
+    return constant;
+  }
+
+  @Override
+  public String toString() {
+    return constant;
+  }
+}

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f77f46d4/geode-core/src/main/java/org/apache/geode/internal/security/SecurityService.java
----------------------------------------------------------------------
diff --git 
a/geode-core/src/main/java/org/apache/geode/internal/security/SecurityService.java
 
b/geode-core/src/main/java/org/apache/geode/internal/security/SecurityService.java
index d645bbf..4d4fcfa 100644
--- 
a/geode-core/src/main/java/org/apache/geode/internal/security/SecurityService.java
+++ 
b/geode-core/src/main/java/org/apache/geode/internal/security/SecurityService.java
@@ -16,14 +16,11 @@
  */
 package org.apache.geode.internal.security;
 
-import java.lang.reflect.Method;
 import java.util.Properties;
 import java.util.concurrent.Callable;
 
-import org.apache.geode.internal.ClassLoadUtil;
 import org.apache.geode.management.internal.security.ResourceConstants;
 import org.apache.geode.management.internal.security.ResourceOperation;
-import org.apache.geode.security.GemFireSecurityException;
 import org.apache.geode.security.PostProcessor;
 import org.apache.geode.security.ResourcePermission;
 import org.apache.geode.security.SecurityManager;
@@ -59,73 +56,24 @@ public interface SecurityService {
   Object postProcess(String regionPath, Object key, Object value, boolean 
valueIsSerialized);
   Object postProcess(Object principal, String regionPath, Object key, Object 
value, boolean valueIsSerialized);
   boolean isClientSecurityRequired();
-  boolean isIntegratedSecurity();
+  boolean isJmxSecurityRequired();
+  boolean isGatewaySecurityRequired();
+  boolean isHttpSecurityRequired();
   boolean isPeerSecurityRequired();
+  boolean isIntegratedSecurity();
   SecurityManager getSecurityManager();
   PostProcessor getPostProcessor();
 
-  /**
-   * this method would never return null, it either throws an exception or
-   * returns an object
-   */
-  public static <T> T getObjectOfTypeFromClassName(String className, Class<T> 
expectedClazz) {
-    Class actualClass = null;
-    try {
-      actualClass = ClassLoadUtil.classFromName(className);
-    }
-    catch (Exception ex) {
-      throw new GemFireSecurityException("Instance could not be obtained, " + 
ex.toString(), ex);
-    }
-
-    if(!expectedClazz.isAssignableFrom(actualClass)){
-      throw new GemFireSecurityException("Instance could not be obtained. 
Expecting a "+expectedClazz.getName()+" class.");
-    }
-
-    T actualObject = null;
-    try {
-      actualObject =  (T)actualClass.newInstance();
-    } catch (Exception e) {
-      throw new GemFireSecurityException("Instance could not be obtained. 
Error instantiating "+actualClass.getName(), e);
-    }
-    return actualObject;
+  static <T> T getObjectOfType(String factoryName, Class<T> clazz) {
+    return IntegratedSecurityService.getObjectOfType(factoryName, clazz);
   }
 
-  /**
-   * this method would never return null, it either throws an exception or
-   * returns an object
-   */
-  public static <T> T getObjectOfTypeFromFactoryMethod(String 
factoryMethodName, Class<T> expectedClazz){
-    T actualObject = null;
-    try {
-      Method factoryMethod = ClassLoadUtil.methodFromName(factoryMethodName);
-      actualObject = (T)factoryMethod.invoke(null, (Object[])null);
-    } catch (Exception e) {
-      throw new GemFireSecurityException("Instance could not be obtained from 
"+factoryMethodName, e);
-    }
-
-    if(actualObject == null){
-      throw new GemFireSecurityException("Instance could not be obtained from 
" + factoryMethodName);
-    }
-
-    return actualObject;
+  static <T> T getObjectOfTypeFromFactoryMethod(String factoryMethodName, 
Class<T> expectedClazz) {
+    return 
IntegratedSecurityService.getObjectOfTypeFromFactoryMethod(factoryMethodName, 
expectedClazz);
   }
 
-  /**
-   * this method would never return null, it either throws an exception or
-   * returns an object
-   *
-   * @return an object of type expectedClazz. This method would never return
-   * null. It either returns an non-null object or throws exception.
-   */
-  public static <T> T getObjectOfType(String classOrMethod, Class<T> 
expectedClazz) {
-    T object = null;
-    try{
-      object = getObjectOfTypeFromClassName(classOrMethod, expectedClazz);
-    }
-    catch (Exception e){
-      object = getObjectOfTypeFromFactoryMethod(classOrMethod, expectedClazz);
-    }
-    return object;
+  static <T> T getObjectOfTypeFromClassName(String className, Class<T> 
expectedClazz) {
+    return IntegratedSecurityService.getObjectOfTypeFromClassName(className, 
expectedClazz);
   }
 
   public static Properties getCredentials(Properties securityProps){
@@ -141,5 +89,4 @@ public interface SecurityService {
   static SecurityService getSecurityService(){
     return IntegratedSecurityService.getSecurityService();
   }
-
 }

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f77f46d4/geode-core/src/main/java/org/apache/geode/internal/tcp/TCPConduit.java
----------------------------------------------------------------------
diff --git 
a/geode-core/src/main/java/org/apache/geode/internal/tcp/TCPConduit.java 
b/geode-core/src/main/java/org/apache/geode/internal/tcp/TCPConduit.java
index 08f4e10..20083cf 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/tcp/TCPConduit.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/tcp/TCPConduit.java
@@ -62,6 +62,7 @@ import org.apache.geode.internal.logging.log4j.LogMarker;
 import org.apache.geode.internal.net.SocketCreator;
 import org.apache.geode.internal.net.SocketCreatorFactory;
 import org.apache.geode.internal.security.SecurableCommunicationChannel;
+import org.apache.geode.internal.security.SecurableComponent;
 
 /**
  * <p>TCPConduit manages a server socket and a collection of connections to

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f77f46d4/geode-core/src/main/java/org/apache/geode/management/GemFireProperties.java
----------------------------------------------------------------------
diff --git 
a/geode-core/src/main/java/org/apache/geode/management/GemFireProperties.java 
b/geode-core/src/main/java/org/apache/geode/management/GemFireProperties.java
index 2b2c1a6..592bfdd 100644
--- 
a/geode-core/src/main/java/org/apache/geode/management/GemFireProperties.java
+++ 
b/geode-core/src/main/java/org/apache/geode/management/GemFireProperties.java
@@ -18,6 +18,7 @@ package org.apache.geode.management;
 
 
 import org.apache.geode.internal.security.SecurableCommunicationChannel;
+import org.apache.geode.internal.security.SecurableComponent;
 
 /**
  * Composite Data type to be used by member to depict gemfire properties in 
key value manner

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f77f46d4/geode-core/src/main/java/org/apache/geode/management/internal/ManagementAgent.java
----------------------------------------------------------------------
diff --git 
a/geode-core/src/main/java/org/apache/geode/management/internal/ManagementAgent.java
 
b/geode-core/src/main/java/org/apache/geode/management/internal/ManagementAgent.java
index f1daa78..ad4b3b7 100755
--- 
a/geode-core/src/main/java/org/apache/geode/management/internal/ManagementAgent.java
+++ 
b/geode-core/src/main/java/org/apache/geode/management/internal/ManagementAgent.java
@@ -56,7 +56,7 @@ import org.apache.geode.internal.GemFireVersion;
 import org.apache.geode.internal.cache.GemFireCacheImpl;
 import org.apache.geode.internal.lang.StringUtils;
 import org.apache.geode.internal.logging.LogService;
-import org.apache.geode.internal.security.SecurityService;
+import org.apache.geode.internal.security.IntegratedSecurityService;
 import org.apache.geode.internal.net.SSLConfigurationFactory;
 import org.apache.geode.internal.net.SocketCreator;
 import org.apache.geode.internal.net.SocketCreatorFactory;
@@ -95,7 +95,7 @@ public class ManagementAgent {
   private JMXConnectorServer jmxConnectorServer;
   private JMXShiroAuthenticator shiroAuthenticator;
   private final DistributionConfig config;
-  private SecurityService securityService = 
SecurityService.getSecurityService();
+  // TODO: add this -- private boolean isSecured;
   private boolean isHttpServiceRunning = false;
 
   /**
@@ -205,7 +205,7 @@ public class ManagementAgent {
         if (logger.isDebugEnabled()) {
           logger.debug(message);
         }
-      } else if (securityService.isIntegratedSecurity()) {
+      } else if (isIntegratedSecurity()) {
         System.setProperty("spring.profiles.active", 
"pulse.authentication.gemfire");
       }
 
@@ -437,7 +437,7 @@ public class ManagementAgent {
       }
     };
 
-    if (securityService.isIntegratedSecurity()) {
+    if (isIntegratedSecurity()) {
       shiroAuthenticator = new JMXShiroAuthenticator();
       env.put(JMXConnectorServer.AUTHENTICATOR, shiroAuthenticator);
       jmxConnectorServer.addNotificationListener(shiroAuthenticator, null, 
jmxConnectorServer.getAttributes());
@@ -494,6 +494,11 @@ public class ManagementAgent {
     }
   }
 
+
+  private boolean isIntegratedSecurity() {
+    return 
IntegratedSecurityService.getSecurityService().isJmxSecurityRequired();
+  }
+
   private static class GemFireRMIClientSocketFactory implements 
RMIClientSocketFactory, Serializable {
 
     private static final long serialVersionUID = -7604285019188827617L;

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f77f46d4/geode-core/src/main/java/org/apache/geode/security/SecurableComponents.java
----------------------------------------------------------------------
diff --git 
a/geode-core/src/main/java/org/apache/geode/security/SecurableComponents.java 
b/geode-core/src/main/java/org/apache/geode/security/SecurableComponents.java
new file mode 100644
index 0000000..beb5600
--- /dev/null
+++ 
b/geode-core/src/main/java/org/apache/geode/security/SecurableComponents.java
@@ -0,0 +1,62 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geode.security;
+
+import org.apache.geode.distributed.ConfigurationProperties;
+
+/**
+ * This class defines all the static definitions for the {@link 
ConfigurationProperties#SECURITY_ENABLED_COMPONENTS}
+ * <U>Since</U>: Geode 1.0
+ */
+public interface SecurableComponents {
+
+  /**
+   * This determines that all components will be secured.
+   * <U>Since</U>: Geode 1.0
+   */
+  String ALL = "all";
+  /**
+   * This determines that the client-server communication will be secured.
+   * <U>Since</U>: Geode 1.0
+   */
+  String SERVER = "server";
+  /**
+   * This determines that the inter-server (or server-to-server) communication 
will be secured.
+   * <U>Since</U>: Geode 1.0
+   */
+  String CLUSTER = "cluster";
+  /**
+   * This determines that test jmx communication will be secured.
+   * <U>Since</U>: Geode 1.0
+   */
+  String JMX = "jmx";
+  /**
+   * This determines that the http service communication will be secured.
+   * <U>Since</U>: Geode 1.0
+   */
+  String HTTP_SERVICE = "http";
+  /**
+   * This determines that the gateway communication will be secured.
+   * <U>Since</U>: Geode 1.0
+   */
+  String GATEWAY = "gateway";
+  /**
+   * This determines that the locator communication will be secured.
+   * <U>Since</U>: Geode 1.0
+   */
+  String LOCATOR = "locator";
+}

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f77f46d4/geode-core/src/test/java/org/apache/geode/cache/client/internal/CacheServerSSLConnectionDUnitTest.java
----------------------------------------------------------------------
diff --git 
a/geode-core/src/test/java/org/apache/geode/cache/client/internal/CacheServerSSLConnectionDUnitTest.java
 
b/geode-core/src/test/java/org/apache/geode/cache/client/internal/CacheServerSSLConnectionDUnitTest.java
index 9d53265..e1ee4b1 100644
--- 
a/geode-core/src/test/java/org/apache/geode/cache/client/internal/CacheServerSSLConnectionDUnitTest.java
+++ 
b/geode-core/src/test/java/org/apache/geode/cache/client/internal/CacheServerSSLConnectionDUnitTest.java
@@ -24,6 +24,9 @@ import java.io.PrintWriter;
 import java.io.StringWriter;
 import java.util.Properties;
 
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
 import org.apache.geode.cache.Cache;
 import org.apache.geode.cache.CacheFactory;
 import org.apache.geode.cache.Region;
@@ -34,7 +37,9 @@ import org.apache.geode.cache.client.ClientCacheFactory;
 import org.apache.geode.cache.client.ClientRegionFactory;
 import org.apache.geode.cache.client.ClientRegionShortcut;
 import org.apache.geode.cache.server.CacheServer;
+import org.apache.geode.internal.net.SocketCreatorFactory;
 import org.apache.geode.internal.security.SecurableCommunicationChannel;
+import org.apache.geode.internal.security.SecurableComponent;
 import org.apache.geode.security.AuthenticationRequiredException;
 import org.apache.geode.test.dunit.Host;
 import org.apache.geode.test.dunit.IgnoredException;
@@ -42,8 +47,6 @@ import org.apache.geode.test.dunit.VM;
 import org.apache.geode.test.dunit.internal.JUnit4DistributedTestCase;
 import org.apache.geode.test.junit.categories.DistributedTest;
 import org.apache.geode.util.test.TestUtil;
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
 
 /**
  * Tests cacheserver ssl support added. See 
https://svn.gemstone.com/trac/gemfire/ticket/48995 for details

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f77f46d4/geode-core/src/test/java/org/apache/geode/distributed/LocatorLauncherRemoteIntegrationTest.java
----------------------------------------------------------------------
diff --git 
a/geode-core/src/test/java/org/apache/geode/distributed/LocatorLauncherRemoteIntegrationTest.java
 
b/geode-core/src/test/java/org/apache/geode/distributed/LocatorLauncherRemoteIntegrationTest.java
index 312ca56..2aa0c7d 100755
--- 
a/geode-core/src/test/java/org/apache/geode/distributed/LocatorLauncherRemoteIntegrationTest.java
+++ 
b/geode-core/src/test/java/org/apache/geode/distributed/LocatorLauncherRemoteIntegrationTest.java
@@ -16,20 +16,6 @@
  */
 package org.apache.geode.distributed;
 
-import static org.apache.geode.distributed.ConfigurationProperties.*;
-import static org.hamcrest.CoreMatchers.*;
-import static org.junit.Assert.*;
-
-import java.io.File;
-import java.io.FileNotFoundException;
-import java.io.FileOutputStream;
-import java.io.PrintStream;
-import java.lang.management.ManagementFactory;
-import java.net.InetAddress;
-import java.util.ArrayList;
-import java.util.List;
-import java.util.concurrent.atomic.AtomicBoolean;
-
 import org.apache.geode.distributed.AbstractLauncher.Status;
 import org.apache.geode.distributed.LocatorLauncher.Builder;
 import org.apache.geode.distributed.LocatorLauncher.LocatorState;
@@ -44,6 +30,7 @@ import 
org.apache.geode.internal.process.ProcessControllerFactory;
 import org.apache.geode.internal.process.ProcessStreamReader;
 import org.apache.geode.internal.process.ProcessType;
 import org.apache.geode.internal.process.ProcessUtils;
+import org.apache.geode.internal.security.SecurableComponent;
 import org.apache.geode.test.junit.categories.FlakyTest;
 import org.apache.geode.test.junit.categories.IntegrationTest;
 import 
org.apache.geode.test.junit.runners.CategoryWithParameterizedRunnerFactory;
@@ -55,6 +42,20 @@ import org.junit.experimental.categories.Category;
 import org.junit.runner.RunWith;
 import org.junit.runners.Parameterized;
 
+import java.io.File;
+import java.io.FileNotFoundException;
+import java.io.FileOutputStream;
+import java.io.PrintStream;
+import java.lang.management.ManagementFactory;
+import java.net.InetAddress;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.concurrent.atomic.AtomicBoolean;
+
+import static org.apache.geode.distributed.ConfigurationProperties.MCAST_PORT;
+import static org.hamcrest.CoreMatchers.*;
+import static org.junit.Assert.*;
+
 /**
  * Integration tests for launching a Locator in a forked process.
  *

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f77f46d4/geode-core/src/test/java/org/apache/geode/distributed/ServerLauncherRemoteIntegrationTest.java
----------------------------------------------------------------------
diff --git 
a/geode-core/src/test/java/org/apache/geode/distributed/ServerLauncherRemoteIntegrationTest.java
 
b/geode-core/src/test/java/org/apache/geode/distributed/ServerLauncherRemoteIntegrationTest.java
index 3b3d11e..98ee86f 100755
--- 
a/geode-core/src/test/java/org/apache/geode/distributed/ServerLauncherRemoteIntegrationTest.java
+++ 
b/geode-core/src/test/java/org/apache/geode/distributed/ServerLauncherRemoteIntegrationTest.java
@@ -16,22 +16,6 @@
  */
 package org.apache.geode.distributed;
 
-import static org.apache.geode.distributed.ConfigurationProperties.*;
-import static org.hamcrest.CoreMatchers.*;
-import static org.junit.Assert.*;
-
-import java.io.File;
-import java.io.FileOutputStream;
-import java.io.FileWriter;
-import java.io.IOException;
-import java.io.PrintStream;
-import java.io.PrintWriter;
-import java.lang.management.ManagementFactory;
-import java.net.InetAddress;
-import java.util.ArrayList;
-import java.util.List;
-import java.util.concurrent.atomic.AtomicBoolean;
-
 import org.apache.geode.cache.DataPolicy;
 import org.apache.geode.cache.Scope;
 import org.apache.geode.distributed.AbstractLauncher.Status;
@@ -48,11 +32,8 @@ import 
org.apache.geode.internal.cache.xmlcache.RegionAttributesCreation;
 import org.apache.geode.internal.logging.InternalLogWriter;
 import org.apache.geode.internal.logging.LocalLogWriter;
 import org.apache.geode.internal.net.SocketCreatorFactory;
-import org.apache.geode.internal.process.PidUnavailableException;
-import org.apache.geode.internal.process.ProcessControllerFactory;
-import org.apache.geode.internal.process.ProcessStreamReader;
-import org.apache.geode.internal.process.ProcessType;
-import org.apache.geode.internal.process.ProcessUtils;
+import org.apache.geode.internal.process.*;
+import org.apache.geode.internal.security.SecurableComponent;
 import org.apache.geode.test.junit.categories.FlakyTest;
 import org.apache.geode.test.junit.categories.IntegrationTest;
 import org.apache.geode.test.process.ProcessWrapper;
@@ -60,6 +41,17 @@ import org.junit.Ignore;
 import org.junit.Test;
 import org.junit.experimental.categories.Category;
 
+import java.io.*;
+import java.lang.management.ManagementFactory;
+import java.net.InetAddress;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.concurrent.atomic.AtomicBoolean;
+
+import static org.apache.geode.distributed.ConfigurationProperties.*;
+import static org.hamcrest.CoreMatchers.*;
+import static org.junit.Assert.*;
+
 /**
  * Integration tests for launching a Server in a forked process.
  *

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f77f46d4/geode-core/src/test/java/org/apache/geode/distributed/internal/AbstractDistributionConfigTest.java
----------------------------------------------------------------------
diff --git 
a/geode-core/src/test/java/org/apache/geode/distributed/internal/AbstractDistributionConfigTest.java
 
b/geode-core/src/test/java/org/apache/geode/distributed/internal/AbstractDistributionConfigTest.java
new file mode 100644
index 0000000..293cbd2
--- /dev/null
+++ 
b/geode-core/src/test/java/org/apache/geode/distributed/internal/AbstractDistributionConfigTest.java
@@ -0,0 +1,78 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geode.distributed.internal;
+
+import static org.assertj.core.api.Assertions.*;
+import static org.mockito.Answers.*;
+
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+import org.junit.runner.RunWith;
+import org.mockito.Mock;
+import org.mockito.runners.MockitoJUnitRunner;
+
+import org.apache.geode.GemFireConfigException;
+import org.apache.geode.security.SecurableComponents;
+import org.apache.geode.test.junit.categories.UnitTest;
+
+@Category(UnitTest.class)
+@RunWith(MockitoJUnitRunner.class)
+public class AbstractDistributionConfigTest {
+
+  @Mock(answer = CALLS_REAL_METHODS)
+  private AbstractDistributionConfig abstractDistributionConfig;
+
+  @Test
+  public void testNoCommaInvalidStringThrows() {
+    assertThatThrownBy(() -> 
abstractDistributionConfig.checkSecurityEnabledComponents("This has no commas 
in it")).isExactlyInstanceOf(GemFireConfigException.class);
+  }
+
+  @Test
+  public void testOneSecurityEnabledComponents() {
+    String returnValue = 
abstractDistributionConfig.checkSecurityEnabledComponents(SecurableComponents.JMX);
+    assertThat(returnValue).isEqualTo(SecurableComponents.JMX);
+  }
+
+  @Test
+  public void testEmptySecurityEnabledComponents() {
+    String returnValue = 
abstractDistributionConfig.checkSecurityEnabledComponents("");
+    assertThat(returnValue).isEqualTo("");
+  }
+
+  @Test
+  public void testNoneSecurityEnabledComponents() {
+    String returnValue = 
abstractDistributionConfig.checkSecurityEnabledComponents("none");
+    assertThat(returnValue).isEqualTo("none");
+  }
+
+  @Test
+  public void testNullSecurityEnabledComponents() {
+    String returnValue = 
abstractDistributionConfig.checkSecurityEnabledComponents(null);
+    assertThat(returnValue).isEqualTo(null);
+  }
+
+  @Test
+  public void testTwoSecurityEnabledComponents() {
+    String returnValue = 
abstractDistributionConfig.checkSecurityEnabledComponents(SecurableComponents.JMX
 + "," + SecurableComponents.SERVER);
+    assertThat(returnValue).isEqualTo(SecurableComponents.JMX + "," + 
SecurableComponents.SERVER);
+  }
+
+  @Test
+  public void testOneValidSecurityEnabledComponentAndOneInvalid() {
+    assertThatThrownBy(() -> 
abstractDistributionConfig.checkSecurityEnabledComponents(SecurableComponents.JMX
 + "," + SecurableComponents.SERVER + "," + "this should 
throw")).isExactlyInstanceOf(GemFireConfigException.class);
+  }
+}

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f77f46d4/geode-core/src/test/java/org/apache/geode/distributed/internal/DistributionConfigJUnitTest.java
----------------------------------------------------------------------
diff --git 
a/geode-core/src/test/java/org/apache/geode/distributed/internal/DistributionConfigJUnitTest.java
 
b/geode-core/src/test/java/org/apache/geode/distributed/internal/DistributionConfigJUnitTest.java
index 04bfad6..978a0d0 100644
--- 
a/geode-core/src/test/java/org/apache/geode/distributed/internal/DistributionConfigJUnitTest.java
+++ 
b/geode-core/src/test/java/org/apache/geode/distributed/internal/DistributionConfigJUnitTest.java
@@ -17,6 +17,7 @@
 package org.apache.geode.distributed.internal;
 
 import static org.apache.geode.distributed.ConfigurationProperties.*;
+import static org.assertj.core.api.Assertions.*;
 import static org.junit.Assert.*;
 import static org.mockito.Matchers.any;
 import static org.mockito.Mockito.*;
@@ -30,16 +31,19 @@ import java.util.List;
 import java.util.Map;
 import java.util.Properties;
 
-import org.apache.geode.InternalGemFireException;
-import org.apache.geode.UnmodifiableException;
-import org.apache.geode.internal.ConfigSource;
 import org.apache.geode.security.templates.SamplePostProcessor;
 import org.apache.geode.security.templates.SampleSecurityManager;
-import org.apache.geode.test.junit.categories.UnitTest;
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.experimental.categories.Category;
 
+import org.apache.geode.GemFireConfigException;
+import org.apache.geode.InternalGemFireException;
+import org.apache.geode.UnmodifiableException;
+import org.apache.geode.security.SecurableComponents;
+import org.apache.geode.internal.ConfigSource;
+import org.apache.geode.test.junit.categories.UnitTest;
+
 @Category(UnitTest.class)
 public class DistributionConfigJUnitTest {
 
@@ -77,7 +81,7 @@ public class DistributionConfigJUnitTest {
   @Test
   public void testGetAttributeNames() {
     String[] attNames = AbstractDistributionConfig._getAttNames();
-    assertEquals(attNames.length, 156);
+    assertEquals(attNames.length, 157);
 
     List boolList = new ArrayList();
     List intList = new ArrayList();
@@ -112,7 +116,7 @@ public class DistributionConfigJUnitTest {
     //TODO - This makes no sense. One has no idea what the correct expected 
number of attributes are.
     assertEquals(29, boolList.size());
     assertEquals(33, intList.size());
-    assertEquals(85, stringList.size());
+    assertEquals(86, stringList.size());
     assertEquals(5, fileList.size());
     assertEquals(4, otherList.size());
   }
@@ -339,7 +343,7 @@ public class DistributionConfigJUnitTest {
 
     DistributionConfig config = new DistributionConfigImpl(props);
     // SECURITY_ENABLED_COMPONENTS is automatically added to getSecurityProps
-    assertEquals(config.getSecurityProps().size(), 3);
+    assertEquals(config.getSecurityProps().size(), 4);
   }
 
   @Test
@@ -354,7 +358,76 @@ public class DistributionConfigJUnitTest {
 
     DistributionConfig config = new DistributionConfigImpl(props);
     // SECURITY_ENABLED_COMPONENTS is automatically added to getSecurityProps
-    assertEquals(config.getSecurityProps().size(), 4);
+    assertEquals(config.getSecurityProps().size(), 5);
+  }
+
+  @Test
+  public void securityEnabledComponentsDefaultShouldBeAll() throws Exception {
+    Properties props = new Properties();
+    props.put(SECURITY_MANAGER, SampleSecurityManager.class.getName());
+
+    DistributionConfig config = new DistributionConfigImpl(props);
+
+    
assertThat(config.getSecurityEnabledComponents()).contains(SecurableComponents.ALL);
+  }
+
+  @Test
+  public void oneSecurityEnabledComponent() throws Exception {
+    Properties props = new Properties();
+    props.put(SECURITY_MANAGER, SampleSecurityManager.class.getName());
+    props.put(SECURITY_ENABLED_COMPONENTS, SecurableComponents.JMX);
+
+    DistributionConfig config = new DistributionConfigImpl(props);
+
+    assertThat(config.getSecurityEnabledComponents())
+      .doesNotContain(SecurableComponents.ALL)
+      .doesNotContain(SecurableComponents.GATEWAY)
+      .doesNotContain(SecurableComponents.SERVER)
+      .doesNotContain(SecurableComponents.HTTP_SERVICE)
+      .doesNotContain(SecurableComponents.CLUSTER)
+      .contains(SecurableComponents.JMX);
+  }
+
+  @Test
+  public void twoSecurityEnabledComponents() throws Exception {
+    Properties props = new Properties();
+    props.put(SECURITY_MANAGER, SampleSecurityManager.class.getName());
+    props.put(SECURITY_ENABLED_COMPONENTS, SecurableComponents.JMX + "," + 
SecurableComponents.CLUSTER);
+
+    DistributionConfig config = new DistributionConfigImpl(props);
+
+    assertThat(config.getSecurityEnabledComponents())
+      .doesNotContain(SecurableComponents.ALL)
+      .doesNotContain(SecurableComponents.GATEWAY)
+      .doesNotContain(SecurableComponents.SERVER)
+      .doesNotContain(SecurableComponents.HTTP_SERVICE)
+      .contains(SecurableComponents.CLUSTER)
+      .contains(SecurableComponents.JMX);
+  }
+
+  @Test
+  public void multipleSecurityEnabledComponents() throws Exception {
+    Properties props = new Properties();
+    props.put(SECURITY_MANAGER, SampleSecurityManager.class.getName());
+    props.put(SECURITY_ENABLED_COMPONENTS, SecurableComponents.JMX + "," + 
SecurableComponents.CLUSTER+ "," + SecurableComponents.HTTP_SERVICE);
+
+    DistributionConfig config = new DistributionConfigImpl(props);
+
+    assertThat(config.getSecurityEnabledComponents())
+      .doesNotContain(SecurableComponents.ALL)
+      .doesNotContain(SecurableComponents.GATEWAY)
+      .doesNotContain(SecurableComponents.SERVER)
+      .contains(SecurableComponents.HTTP_SERVICE)
+      .contains(SecurableComponents.CLUSTER)
+      .contains(SecurableComponents.JMX);
+  }
+
+  @Test
+  public void nonExistentSecurityEnabledComponentShouldThrow() throws 
Exception {
+    Properties props = new Properties();
+    props.put(SECURITY_ENABLED_COMPONENTS, "notapplicable");
+
+    assertThatThrownBy(() -> new 
DistributionConfigImpl(props)).isExactlyInstanceOf(GemFireConfigException.class);
   }
 
   @Test

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f77f46d4/geode-core/src/test/java/org/apache/geode/internal/security/IntegratedSecurityServiceTest.java
----------------------------------------------------------------------
diff --git 
a/geode-core/src/test/java/org/apache/geode/internal/security/IntegratedSecurityServiceTest.java
 
b/geode-core/src/test/java/org/apache/geode/internal/security/IntegratedSecurityServiceTest.java
index e3e140e..333875e 100644
--- 
a/geode-core/src/test/java/org/apache/geode/internal/security/IntegratedSecurityServiceTest.java
+++ 
b/geode-core/src/test/java/org/apache/geode/internal/security/IntegratedSecurityServiceTest.java
@@ -27,6 +27,7 @@ import org.junit.Before;
 import org.junit.Test;
 import org.junit.experimental.categories.Category;
 
+import org.apache.geode.security.SecurableComponents;
 import org.apache.geode.security.GemFireSecurityException;
 import org.apache.geode.test.junit.categories.UnitTest;
 
@@ -45,42 +46,47 @@ public class IntegratedSecurityServiceTest {
 
   @Test
   public void testGetObjectFromConstructor() {
-    String string = SecurityService.getObjectOfType(String.class.getName(), 
String.class);
+    String string = 
IntegratedSecurityService.getObjectOfType(String.class.getName(), String.class);
     assertNotNull(string);
 
-    CharSequence charSequence = 
SecurityService.getObjectOfType(String.class.getName(), CharSequence.class);
+    CharSequence charSequence = 
IntegratedSecurityService.getObjectOfType(String.class.getName(), 
CharSequence.class);
     assertNotNull(charSequence);
 
-    assertThatThrownBy(() -> 
SecurityService.getObjectOfType("com.abc.testString", 
String.class)).isInstanceOf(GemFireSecurityException.class);
+    assertThatThrownBy(() -> 
IntegratedSecurityService.getObjectOfType("com.abc.testString", 
String.class)).isInstanceOf(GemFireSecurityException.class);
 
-    assertThatThrownBy(() -> 
SecurityService.getObjectOfType(String.class.getName(), 
Boolean.class)).isInstanceOf(GemFireSecurityException.class);
+    assertThatThrownBy(() -> 
IntegratedSecurityService.getObjectOfType(String.class.getName(), 
Boolean.class)).isInstanceOf(GemFireSecurityException.class);
 
-    assertThatThrownBy(() -> SecurityService.getObjectOfType("", 
String.class)).isInstanceOf(GemFireSecurityException.class);
+    assertThatThrownBy(() -> IntegratedSecurityService.getObjectOfType("", 
String.class)).isInstanceOf(GemFireSecurityException.class);
 
-    assertThatThrownBy(() -> SecurityService.getObjectOfType(null, 
String.class)).isInstanceOf(GemFireSecurityException.class);
+    assertThatThrownBy(() -> IntegratedSecurityService.getObjectOfType(null, 
String.class)).isInstanceOf(GemFireSecurityException.class);
 
-    assertThatThrownBy(() -> SecurityService.getObjectOfType("  ", 
String.class)).isInstanceOf(GemFireSecurityException.class);
+    assertThatThrownBy(() -> IntegratedSecurityService.getObjectOfType("  ", 
String.class)).isInstanceOf(GemFireSecurityException.class);
   }
 
   @Test
   public void testGetObjectFromFactoryMethod() {
-    String string = SecurityService.getObjectOfType(Factories.class.getName() 
+ ".getString", String.class);
+    String string = 
IntegratedSecurityService.getObjectOfType(Factories.class.getName() + 
".getString", String.class);
     assertNotNull(string);
 
-    CharSequence charSequence = 
SecurityService.getObjectOfType(Factories.class.getName() + ".getString", 
String.class);
+    CharSequence charSequence = 
IntegratedSecurityService.getObjectOfType(Factories.class.getName() + 
".getString", String.class);
     assertNotNull(charSequence);
 
-    assertThatThrownBy(() -> 
SecurityService.getObjectOfType(Factories.class.getName() + 
".getStringNonStatic", String.class))
+    assertThatThrownBy(() -> 
IntegratedSecurityService.getObjectOfType(Factories.class.getName() + 
".getStringNonStatic", String.class))
       .isInstanceOf(GemFireSecurityException.class);
 
-    assertThatThrownBy(() -> 
SecurityService.getObjectOfType(Factories.class.getName() + ".getNullString", 
String.class))
+    assertThatThrownBy(() -> 
IntegratedSecurityService.getObjectOfType(Factories.class.getName() + 
".getNullString", String.class))
       .isInstanceOf(GemFireSecurityException.class);
   }
+
   @Test
   public void testInitialSecurityFlags() {
     // initial state of IntegratedSecurityService
     assertFalse(securityService.isIntegratedSecurity());
+
     assertFalse(securityService.isClientSecurityRequired());
+    assertFalse(securityService.isGatewaySecurityRequired());
+    assertFalse(securityService.isHttpSecurityRequired());
+    assertFalse(securityService.isJmxSecurityRequired());
     assertFalse(securityService.isPeerSecurityRequired());
   }
 
@@ -92,7 +98,11 @@ public class IntegratedSecurityServiceTest {
     securityService.initSecurity(properties);
 
     assertTrue(securityService.isIntegratedSecurity());
+
     assertTrue(securityService.isClientSecurityRequired());
+    assertTrue(securityService.isGatewaySecurityRequired());
+    assertTrue(securityService.isHttpSecurityRequired());
+    assertTrue(securityService.isJmxSecurityRequired());
     assertTrue(securityService.isPeerSecurityRequired());
   }
 
@@ -101,8 +111,14 @@ public class IntegratedSecurityServiceTest {
     properties.setProperty(SECURITY_CLIENT_AUTHENTICATOR, "org.abc.test");
 
     securityService.initSecurity(properties);
+
     assertFalse(securityService.isIntegratedSecurity());
+
     assertTrue(securityService.isClientSecurityRequired());
+    assertTrue(securityService.isGatewaySecurityRequired());
+    
+    assertFalse(securityService.isHttpSecurityRequired());
+    assertFalse(securityService.isJmxSecurityRequired());
     assertFalse(securityService.isPeerSecurityRequired());
   }
 
@@ -113,7 +129,11 @@ public class IntegratedSecurityServiceTest {
     securityService.initSecurity(properties);
 
     assertFalse(securityService.isIntegratedSecurity());
+
     assertFalse(securityService.isClientSecurityRequired());
+    assertFalse(securityService.isGatewaySecurityRequired());
+    assertFalse(securityService.isHttpSecurityRequired());
+    assertFalse(securityService.isJmxSecurityRequired());
     assertTrue(securityService.isPeerSecurityRequired());
   }
 
@@ -124,7 +144,128 @@ public class IntegratedSecurityServiceTest {
     securityService.initSecurity(properties);
 
     assertTrue(securityService.isIntegratedSecurity());
+
+    assertTrue(securityService.isClientSecurityRequired());
+    assertTrue(securityService.isGatewaySecurityRequired());
+    assertTrue(securityService.isHttpSecurityRequired());
+    assertTrue(securityService.isJmxSecurityRequired());
+    assertTrue(securityService.isPeerSecurityRequired());
+  }
+
+  @Test
+  public void allEnabledWithSecurityManager() {
+    properties.setProperty(SECURITY_MANAGER, 
"org.apache.geode.security.templates.SampleSecurityManager");
+    properties.setProperty(SampleSecurityManager.SECURITY_JSON, 
"org/apache/geode/security/templates/security.json");
+    properties.setProperty(SECURITY_ENABLED_COMPONENTS, 
SecurableComponents.ALL);
+
+    securityService.initSecurity(properties);
+
+    assertTrue(securityService.isIntegratedSecurity());
+
+    assertTrue(securityService.isClientSecurityRequired());
+    assertTrue(securityService.isGatewaySecurityRequired());
+    assertTrue(securityService.isHttpSecurityRequired());
+    assertTrue(securityService.isJmxSecurityRequired());
+    assertTrue(securityService.isPeerSecurityRequired());
+  }
+
+  @Test
+  public void emptyEnabledWithSecurityManager() {
+    properties.setProperty(SECURITY_MANAGER, 
"org.apache.geode.security.templates.SampleSecurityManager");
+    properties.setProperty(SampleSecurityManager.SECURITY_JSON, 
"org/apache/geode/security/templates/security.json");
+    properties.setProperty(SECURITY_ENABLED_COMPONENTS,"");
+
+    securityService.initSecurity(properties);
+
+    assertTrue(securityService.isIntegratedSecurity());
+
+    assertFalse(securityService.isClientSecurityRequired());
+    assertFalse(securityService.isGatewaySecurityRequired());
+    assertFalse(securityService.isHttpSecurityRequired());
+    assertFalse(securityService.isJmxSecurityRequired());
+    assertFalse(securityService.isPeerSecurityRequired());
+  }
+
+  @Test
+  public void noneEnabledWithSecurityManager() {
+    properties.setProperty(SECURITY_MANAGER, 
"org.apache.geode.security.templates.SampleSecurityManager");
+    properties.setProperty(SampleSecurityManager.SECURITY_JSON, 
"org/apache/geode/security/templates/security.json");
+    properties.setProperty(SECURITY_ENABLED_COMPONENTS,"none");
+
+    securityService.initSecurity(properties);
+
+    assertTrue(securityService.isIntegratedSecurity());
+
+    assertFalse(securityService.isClientSecurityRequired());
+    assertFalse(securityService.isGatewaySecurityRequired());
+    assertFalse(securityService.isHttpSecurityRequired());
+    assertFalse(securityService.isJmxSecurityRequired());
+    assertFalse(securityService.isPeerSecurityRequired());
+  }
+
+  @Test
+  public void allSecurableComponentsWithoutAnySecurity() {
+    properties.setProperty(SECURITY_ENABLED_COMPONENTS, 
SecurableComponents.ALL);
+
+    securityService.initSecurity(properties);
+
+    assertFalse(securityService.isIntegratedSecurity());
+
+    assertFalse(securityService.isClientSecurityRequired());
+    assertFalse(securityService.isGatewaySecurityRequired());
+    assertFalse(securityService.isHttpSecurityRequired());
+    assertFalse(securityService.isJmxSecurityRequired());
+    assertFalse(securityService.isPeerSecurityRequired());
+  }
+
+  @Test
+  public void oneSecurableComponentEnabledWithSecurityManager() {
+    properties.setProperty(SECURITY_MANAGER, 
"org.apache.geode.security.templates.SampleSecurityManager");
+    properties.setProperty(SampleSecurityManager.SECURITY_JSON, 
"org/apache/geode/security/templates/security.json");
+    properties.setProperty(SECURITY_ENABLED_COMPONENTS, 
SecurableComponents.JMX);
+
+    securityService.initSecurity(properties);
+
+    assertTrue(securityService.isIntegratedSecurity());
+
+    assertFalse(securityService.isClientSecurityRequired());
+    assertFalse(securityService.isGatewaySecurityRequired());
+    assertFalse(securityService.isHttpSecurityRequired());
+    assertTrue(securityService.isJmxSecurityRequired());
+    assertFalse(securityService.isPeerSecurityRequired());
+  }
+
+  @Test
+  public void twoSecurableComponentEnabledWithSecurityManager() {
+    properties.setProperty(SECURITY_MANAGER, 
"org.apache.geode.security.templates.SampleSecurityManager");
+    properties.setProperty(SampleSecurityManager.SECURITY_JSON, 
"org/apache/geode/security/templates/security.json");
+    properties.setProperty(SECURITY_ENABLED_COMPONENTS, 
SecurableComponents.JMX + "," + SecurableComponents.SERVER);
+
+    securityService.initSecurity(properties);
+
+    assertTrue(securityService.isIntegratedSecurity());
+
+    assertTrue(securityService.isClientSecurityRequired());
+    assertFalse(securityService.isGatewaySecurityRequired());
+    assertFalse(securityService.isHttpSecurityRequired());
+    assertTrue(securityService.isJmxSecurityRequired());
+    assertFalse(securityService.isPeerSecurityRequired());
+  }
+
+  @Test
+  public void manySecurableComponentEnabledWithSecurityManager() {
+    properties.setProperty(SECURITY_MANAGER, 
"org.apache.geode.security.templates.SampleSecurityManager");
+    properties.setProperty(SampleSecurityManager.SECURITY_JSON, 
"org/apache/geode/security/templates/security.json");
+    properties.setProperty(SECURITY_ENABLED_COMPONENTS, 
SecurableComponents.JMX + "," + SecurableComponents.SERVER + "," + 
SecurableComponents.CLUSTER);
+
+    securityService.initSecurity(properties);
+
+    assertTrue(securityService.isIntegratedSecurity());
+
     assertTrue(securityService.isClientSecurityRequired());
+    assertFalse(securityService.isGatewaySecurityRequired());
+    assertFalse(securityService.isHttpSecurityRequired());
+    assertTrue(securityService.isJmxSecurityRequired());
     assertTrue(securityService.isPeerSecurityRequired());
   }
 

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f77f46d4/geode-core/src/test/java/org/apache/geode/internal/security/SecurityConfigIntegrationTest.java
----------------------------------------------------------------------
diff --git 
a/geode-core/src/test/java/org/apache/geode/internal/security/SecurityConfigIntegrationTest.java
 
b/geode-core/src/test/java/org/apache/geode/internal/security/SecurityConfigIntegrationTest.java
new file mode 100644
index 0000000..aab934e
--- /dev/null
+++ 
b/geode-core/src/test/java/org/apache/geode/internal/security/SecurityConfigIntegrationTest.java
@@ -0,0 +1,57 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geode.internal.security;
+
+import static org.apache.geode.distributed.ConfigurationProperties.*;
+import static org.assertj.core.api.Assertions.*;
+
+import java.util.Properties;
+
+import org.apache.geode.security.templates.SampleSecurityManager;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+import org.apache.geode.security.SecurableComponents;
+import org.apache.geode.distributed.internal.DistributionConfig;
+import org.apache.geode.distributed.internal.DistributionConfigImpl;
+import org.apache.geode.test.junit.categories.IntegrationTest;
+
+@Category(IntegrationTest.class)
+public class SecurityConfigIntegrationTest {
+
+  @Test
+  public void securityEnabledComponentsDefaultShouldBeAll() throws Exception {
+    SecurityService securityService = SecurityService.getSecurityService();
+    Properties props = new Properties();
+    props.put(SECURITY_MANAGER, SampleSecurityManager.class.getName());
+    props.put(SampleSecurityManager.SECURITY_JSON, 
"org/apache/geode/security/templates/security.json");
+
+    DistributionConfig config = new DistributionConfigImpl(props);
+    Properties securityProps = config.getSecurityProps();
+
+    assertThat(securityProps).containsKeys(SECURITY_MANAGER, 
SECURITY_ENABLED_COMPONENTS);
+    
assertThat(securityProps.getProperty(SECURITY_ENABLED_COMPONENTS)).isEqualTo(SecurableComponents.ALL);
+
+    securityService.initSecurity(securityProps);
+
+    assertThat(securityService.isClientSecurityRequired());
+    assertThat(securityService.isGatewaySecurityRequired());
+    assertThat(securityService.isPeerSecurityRequired());
+    assertThat(securityService.isJmxSecurityRequired());
+    assertThat(securityService.isHttpSecurityRequired());
+  }
+}

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f77f46d4/geode-core/src/test/java/org/apache/geode/management/ConnectToLocatorSSLDUnitTest.java
----------------------------------------------------------------------
diff --git 
a/geode-core/src/test/java/org/apache/geode/management/ConnectToLocatorSSLDUnitTest.java
 
b/geode-core/src/test/java/org/apache/geode/management/ConnectToLocatorSSLDUnitTest.java
index 41ffa48..1bf1056 100644
--- 
a/geode-core/src/test/java/org/apache/geode/management/ConnectToLocatorSSLDUnitTest.java
+++ 
b/geode-core/src/test/java/org/apache/geode/management/ConnectToLocatorSSLDUnitTest.java
@@ -37,6 +37,7 @@ import org.junit.rules.TemporaryFolder;
 import org.apache.geode.distributed.Locator;
 import org.apache.geode.internal.AvailablePortHelper;
 import org.apache.geode.internal.security.SecurableCommunicationChannel;
+import org.apache.geode.internal.security.SecurableComponent;
 import org.apache.geode.management.cli.Result.Status;
 import org.apache.geode.management.internal.cli.CliUtil;
 import org.apache.geode.management.internal.cli.HeadlessGfsh;

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f77f46d4/geode-core/src/test/java/org/apache/geode/management/JMXMBeanDUnitTest.java
----------------------------------------------------------------------
diff --git 
a/geode-core/src/test/java/org/apache/geode/management/JMXMBeanDUnitTest.java 
b/geode-core/src/test/java/org/apache/geode/management/JMXMBeanDUnitTest.java
index ffa024f..05c9022 100644
--- 
a/geode-core/src/test/java/org/apache/geode/management/JMXMBeanDUnitTest.java
+++ 
b/geode-core/src/test/java/org/apache/geode/management/JMXMBeanDUnitTest.java
@@ -41,6 +41,7 @@ import org.junit.experimental.categories.Category;
 import org.apache.geode.distributed.LocatorLauncher;
 import org.apache.geode.internal.AvailablePortHelper;
 import org.apache.geode.internal.security.SecurableCommunicationChannel;
+import org.apache.geode.internal.security.SecurableComponent;
 import org.apache.geode.test.dunit.DistributedTestCase;
 import org.apache.geode.test.dunit.DistributedTestUtils;
 import org.apache.geode.test.dunit.Host;

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f77f46d4/geode-core/src/test/java/org/apache/geode/security/IntegratedSecurityCacheLifecycleDistributedTest.java
----------------------------------------------------------------------
diff --git 
a/geode-core/src/test/java/org/apache/geode/security/IntegratedSecurityCacheLifecycleDistributedTest.java
 
b/geode-core/src/test/java/org/apache/geode/security/IntegratedSecurityCacheLifecycleDistributedTest.java
index 040bbf0..494c4d4 100644
--- 
a/geode-core/src/test/java/org/apache/geode/security/IntegratedSecurityCacheLifecycleDistributedTest.java
+++ 
b/geode-core/src/test/java/org/apache/geode/security/IntegratedSecurityCacheLifecycleDistributedTest.java
@@ -22,12 +22,17 @@ import static org.assertj.core.api.Assertions.*;
 import java.io.IOException;
 import java.util.Properties;
 
+import org.apache.geode.security.templates.SampleSecurityManager;
+import org.junit.Ignore;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
 import org.apache.geode.cache.server.CacheServer;
-import org.apache.geode.internal.AvailablePortHelper;
+import org.apache.geode.internal.AvailablePort;
 import org.apache.geode.internal.security.IntegratedSecurityService;
 import org.apache.geode.internal.security.SecurityService;
+import org.apache.geode.internal.AvailablePortHelper;
 import org.apache.geode.management.ManagementService;
-import org.apache.geode.security.templates.SampleSecurityManager;
 import org.apache.geode.test.dunit.DistributedTestUtils;
 import org.apache.geode.test.dunit.Host;
 import org.apache.geode.test.dunit.NetworkUtils;
@@ -35,9 +40,6 @@ import org.apache.geode.test.dunit.VM;
 import org.apache.geode.test.dunit.cache.internal.JUnit4CacheTestCase;
 import org.apache.geode.test.junit.categories.DistributedTest;
 import org.apache.geode.test.junit.categories.SecurityTest;
-import org.junit.Ignore;
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
 
 @Ignore("This is broken but fixed on feature/GEODE-1673")
 @Category({DistributedTest.class, SecurityTest.class})
@@ -67,6 +69,7 @@ public class IntegratedSecurityCacheLifecycleDistributedTest 
extends JUnit4Cache
       properties.setProperty(SampleSecurityManager.SECURITY_JSON, 
"org/apache/geode/management/internal/security/clientServer.json");
       properties.setProperty(LOCATORS, locators);
       properties.setProperty(MCAST_PORT, "0");
+      properties.setProperty(SECURITY_ENABLED_COMPONENTS, "");
       properties.setProperty(SECURITY_MANAGER, 
SpySecurityManager.class.getName());
       properties.setProperty(START_LOCATOR, locators);
       properties.setProperty(JMX_MANAGER, "true");
@@ -104,6 +107,7 @@ public class 
IntegratedSecurityCacheLifecycleDistributedTest extends JUnit4Cache
     properties.setProperty(SampleSecurityManager.SECURITY_JSON, 
"org/apache/geode/management/internal/security/clientServer.json");
     properties.setProperty(LOCATORS, locators);
     properties.setProperty(MCAST_PORT, "0");
+    properties.setProperty(SECURITY_ENABLED_COMPONENTS, "");
     properties.setProperty(SECURITY_MANAGER, 
SpySecurityManager.class.getName());
     properties.setProperty(USE_CLUSTER_CONFIGURATION, "false");
 

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f77f46d4/geode-core/src/test/java/org/apache/geode/security/P2PAuthenticationDUnitTest.java
----------------------------------------------------------------------
diff --git 
a/geode-core/src/test/java/org/apache/geode/security/P2PAuthenticationDUnitTest.java
 
b/geode-core/src/test/java/org/apache/geode/security/P2PAuthenticationDUnitTest.java
index 9fcf4cd..ba4cb59 100644
--- 
a/geode-core/src/test/java/org/apache/geode/security/P2PAuthenticationDUnitTest.java
+++ 
b/geode-core/src/test/java/org/apache/geode/security/P2PAuthenticationDUnitTest.java
@@ -18,6 +18,22 @@
  */
 package org.apache.geode.security;
 
+import static org.apache.geode.distributed.ConfigurationProperties.*;
+import static org.apache.geode.internal.AvailablePort.*;
+import static org.apache.geode.security.SecurityTestUtils.*;
+import static org.apache.geode.test.dunit.Assert.*;
+import static org.apache.geode.test.dunit.IgnoredException.*;
+import static org.apache.geode.test.dunit.NetworkUtils.*;
+import static org.apache.geode.test.dunit.Wait.*;
+
+import java.util.Properties;
+
+import javax.net.ssl.SSLHandshakeException;
+
+import org.junit.Ignore;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
 import org.apache.geode.distributed.ConfigurationProperties;
 import org.apache.geode.distributed.DistributedSystem;
 import org.apache.geode.distributed.Locator;
@@ -36,22 +52,6 @@ import 
org.apache.geode.test.dunit.internal.JUnit4DistributedTestCase;
 import org.apache.geode.test.junit.categories.DistributedTest;
 import org.apache.geode.test.junit.categories.FlakyTest;
 import org.apache.geode.test.junit.categories.SecurityTest;
-import org.junit.Ignore;
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-
-import javax.net.ssl.SSLHandshakeException;
-import java.util.Properties;
-
-import static org.apache.geode.distributed.ConfigurationProperties.*;
-import static org.apache.geode.internal.AvailablePort.SOCKET;
-import static org.apache.geode.internal.AvailablePort.getRandomAvailablePort;
-import static org.apache.geode.security.SecurityTestUtils.startLocator;
-import static org.apache.geode.security.SecurityTestUtils.stopLocator;
-import static org.apache.geode.test.dunit.Assert.*;
-import static org.apache.geode.test.dunit.IgnoredException.addIgnoredException;
-import static org.apache.geode.test.dunit.NetworkUtils.getIPLiteral;
-import static org.apache.geode.test.dunit.Wait.pause;
 
 /**
  * Tests peer to peer authentication in Gemfire


Reply via email to