1 Introduction to Oracle Coherence Security

Oracle Coherence includes many security features that provide varying levels of security. Understanding the security features and the uses cases they cover are important first steps when learning how to secure a Coherence solution.

This chapter includes the following sections:

Conceptual Overview of Oracle Coherence Security

Oracle Coherence provide security features that support standards such as Java policies and Secure Sockets Layer (SSL) and also includes features that are native to Oracle Coherence. Evaluate the security feature descriptions and determine which features to use based on your security requirements, concerns, and tolerances.

The security features are presented from basic security measures to more advanced security measures.

Java Policy Security

A Java security policy file is provided that contains the minimum set of security permissions necessary to run Oracle Coherence. Edit the file to change the permissions based on an application's requirement. The security policy protects against malicious use and alterations of the Oracle Coherence library and configuration files. See Using the Java Security Manager.

Host-Based Authorization

Host-based authorization explicitly specifies which hosts become members of a cluster and which extend clients connect to a cluster. This type of access control is ideal in environments where host names (or IP addresses) are known in advance. Host-based authorization protects against unauthorized hosts joining or accessing a cluster. See Using Host-Based Authorization.

Client Suspect Protocol

The client suspect protocol automatically determines if an extend client is acting malicious and blocks the client from connecting to a cluster. The suspect protocol protects against denial of service attacks. See Managing Rogue Clients.

Client Identity Tokens

Client identity tokens control which extend clients access the cluster. A proxy server allows a connection only if the client presents a valid token. Identity tokens are application-specific and typically reuse existing client authentication implementations. Identity tokens protect against unwanted or malicious clients accessing the cluster. See Using Identity Tokens to Restrict Client Connections.

Client Authorization

Client authorization controls which actions a particular client can perform based on its access control rights. A proxy server performs the authorization check before an extend client accesses a resource (cache, cache service, or invocation service). Client authorization is application-specific and protects against unauthorized use of cluster resources. See Implementing Extend Client Authorization.

Access Controller Security Framework

The access controller manages access to clustered resources, such as clustered services and caches, and controls which operations a user can perform on those resources. Cluster members use login modules to provide proof of identity; while, encrypting and decrypting communication acts as proof of trustworthiness. The framework requires the use of a keystore and defines permissions within a permissions file. The access controller prevents malicious cluster members from accessing and creating clustered resources. See Using an Access Controller.

SSL

SSL secures the Tangosol Cluster Management Protocol (TCMP) communication between cluster nodes. SSL also secures the TCP communication between Oracle Coherence*Extend clients and proxies. SSL uses digital signatures to establish identity and trust, and key-based encryption to ensure that data is secure. SSL is an industry standard that protects against unauthorized access and data tampering by malicious clients and cluster members. See Using SSL to Secure Communication.

Coherence Security Quick Start

Coherence security features are disabled by default and are enabled as required to address specific security requirements or concerns. Different levels of security can be achieved based on the security features that are enabled. You can quickly get started securing Coherence by configuring a solution to use file permissions, SSL, and role-based authorization.

Overview of Security Configuration

Coherence security requires the use of multiple configuration files. The configuration files enable, control, and customize security features as required. See Understanding Configuration in Developing Applications with Oracle Coherence.

The following files are used to configure security:

  • Operational Override File – The tangosol-coherence-override.xml file overrides the operational deployment descriptor, which specifies the operational and runtime settings that maintain clustering, communication, and data management services. This file includes security settings for cluster members.

  • Cache Configuration File – The coherence-cache-config.xml file is the default cache configuration file. It specifies the various types of caches within a cluster. This configuration file includes security settings for cache services, proxy services, and Coherence*Extend clients.