How can I restrict a Coherence*Extend client's access to a cache?

The attached example demonstrates how to authenticate a Coherence*Extend client and pass the client's identity to the cluster, where it is used to enforce entitlements on a target NamedCache. The attached JAR file includes both .NET and Java sample clients.

A Coherence*Extend client authenticates a user using either standard JAAS API calls or via the Coherence Security Framework. Once authenticated, the client accesses a target remote NamedCache by executing a PrivilegedAction on behalf of the user's authenticated Subject. The Coherence*Extend client transparently passes the user's Subject to the cluster, where an example NamedCache wrapper is used to enforce that the remote user has a specified Principal. The example NamedCache wrapper could easily be enhanced to enforce more sophisticated entitlements, such as transforming cached data or providing a filtered view of the target NamedCache.

This information is also included in the  README.txt file in the attached archive.

Coherence*Extend Security Example

This example demonstrates how to authenticate a Coherence*Extend user and pass the user's identity to the cluster, where it is used to enforce entitlements on a target NamedCache.

Prerequisites

To build the example, you must have the following software installed:

• Java SE SDK 1.4 or later (http://java.sun.com/)
• Apache Ant (http://ant.apache.org/)
• Coherence 3.4 (http://www.oracle.com/technology/products/coherence/index.html)

Additionally, to build the example .NET client, you must have the following software installed:

• Microsoft Visual Studio 2005 or later (http://www.microsoft.com/)
• Oracle Coherence for .NET 3.4

Build Instructions

To build the Java sample client:

1. Update bin/set-env.sh to reflect your system environment.
2. Open a shell and execute the following command in the bin directory: ./ant.sh build
3. To completely remove all build artifacts from your filesystem, run: ./ant.sh clean

To build the .NET sample client:
To build the .NET example client, use the Visual Studio solution included under src/net/TestClient. You may need to update the Coherence library reference to reflect your installation location of Coherence for .NET.

Running the Example

To run the Java sample client:

1. Start a cache server by executing the following script:./start-server.sh
2. Launch the client using a user with insufficient privileges to access a target remote NamedCache:./start-client.sh guest secret
3. Launch the client using a user with access privileges to a target remote NamedCache: ./start-client.sh admin secret

To run the .NET sample client:
To run the .NET sample client, execute the TestClient application from within Visual Studio.

security.jar (application/octet-stream)
security.jar (application/octet-stream)
security.jar (application/octet-stream)
security.jar (application/octet-stream)
security.jar (application/x-zip-compressed)