This chapter provides an introduction to Coherence security features. Coherence security features provide varying levels of security and can be implemented as required. The security features include industry standards and Coherence-specific features.
Note:This guide does not provide detailed instructions for setting up a cluster or creating Coherence*Extend clients. See the Oracle Coherence Developer's Guide and Oracle Coherence Client Guide, respectively, for details on setting up a cluster or creating Coherence*Extend clients.
The following sections are included in this chapter:
Coherence security includes securing both cluster members and extend clients. Security is enabled as required based on the application or cluster implementation and an organization's security concerns and security tolerances. This section provides a brief discussion of each security feature and describes the area of concern that each addresses. The features are presented here (and throughout the book) from basic security measures to more advanced security measures.
Coherence provides a Java security policy file that contains the minimum set of security permissions necessary to run Coherence. The file is edited to change the permissions based on an application's requirement. The security policy protects against malicious use and alterations of the Coherence library and configuration files. See Chapter 2, "Enabling General Security Measures," for details.
Host-based authorization is used to explicitly specify which hosts can become members of a cluster and which extend clients can connect to a cluster. This type of access control is ideal in environments where host names (or IP addresses) are known in advance. Host-based authorization protects against unauthorized hosts joining or accessing a cluster. See Chapter 2, "Enabling General Security Measures," for details.
The client suspect protocol is used to automatically determine if an extend client is acting malicious. If the client is determined to be malicious, it is automatically blocked from connecting to a cluster. The suspect protocol protects against denial of service attacks. See Chapter 2, "Enabling General Security Measures," for details.
Client identity tokens are used to control whether an extend client can access the cluster. Only clients that present a valid token are permitted to connect to a proxy server. This feature can leverage existing client authentication implementations. Identity tokens protect against unwanted or malicious clients from accessing the cluster. See Chapter 4, "Securing Extend Client Connections," for details.
Client authorization is used to control which actions a particular user can perform based on their access control rights. Client authorization is performed on a proxy server and occurs before an extend client is allowed to access a resource (cache, cache service, or invocation service). Client authorization is application-specific and protects against unauthorized use of cluster resources. See Chapter 4, "Securing Extend Client Connections," for details.
The access controller manages access to clustered resources, such as clustered services and caches, and controls the operations that a user can perform on those resources. Cluster members use login modules to provide proof of identity and encrypting/decrypting communication acts as proof of trustworthiness. The framework requires the use of a keystore and defines permissions within a permissions file. The access controller protects against malicious cluster members from accessing and also creating clustered resources. See Chapter 3, "Using the Access Controller," for details.
SSL is used to secure TCMP communication between cluster nodes and the TCP communication between Coherence*Extend clients and proxies. SSL uses digital signatures to establish identity/trust and key-based encryption to ensure data is secure. SSL is an industry standard that is used to protect against unauthorized access and data tampering by malicious clients and cluster members. See Chapter 5, "Using SSL to Secure Communication," for details.
Coherence security features are generally enabled and configured in either an operational override file or the cache configuration file. See Oracle Coherence Developer's Guide for detailed information on Coherence configuration.
Operational Override File – The
tangosol-coherence-override.xml file is used to override the operational deployment descriptor, which is used to specify the operational and run-time settings that are used to create, configure and maintain clustering, communication, and data management services. This file is used to configure security for the cluster. That is, security between cluster members.
Cache Configuration File – The
coherence-cache-config.xml file is the default cache configuration file and is used to specify the various types of caches that can be used within a cluster. This configuration file is used to configure security for Coherence*Extend. A cache configuration file is required on both the client-side and cluster-side for Coherence*Extend. See Oracle Coherence Client Guide for details on setting up Coherence*Extend.