This guide does not provide detailed instructions for setting up a cluster or creating Oracle Coherence*Extend clients. See Developing Applications with Oracle Coherence and Developing Remote Clients for Oracle Coherence, respectively, for details on setting up a cluster and creating Oracle Coherence*Extend clients.
This chapter includes the following sections:
This section lists and describes the security features available for Oracle Coherence and Oracle Coherence*Extend. Evaluate the security features and determine which features to use based on your security requirements, concerns, and tolerances. The organization in this section (and throughout the book) presents basic security measures before more advanced security measures.
Java Policy Security
A Java security policy file is provided that contains the minimum set of security permissions necessary to run Oracle Coherence. Edit the file to change the permissions based on an application's requirement. The security policy protects against malicious use and alterations of the Oracle Coherence library and configuration files. See "Using the Java Security Manager" for details.
Host-based authorization explicitly specifies which hosts become members of a cluster and which extend clients connect to a cluster. This type of access control is ideal in environments where host names (or IP addresses) are known in advance. Host-based authorization protects against unauthorized hosts joining or accessing a cluster. See "Using Host-Based Authorization" for details.
Client Suspect Protocol
The client suspect protocol automatically determines if an extend client is acting malicious and blocks the client from connecting to a cluster. The suspect protocol protects against denial of service attacks. See "Managing Rogue Clients" for details.
Client Identity Tokens
Client identity tokens control which extend clients access the cluster. A proxy server allows a connection only if the client presents a valid token. Identity tokens are application-specific and typically reuse existing client authentication implementations. Identity tokens protect against unwanted or malicious clients accessing the cluster. See "Using Identity Tokens to Restrict Client Connections" for details.
Client authorization controls which actions a particular client can perform based on its access control rights. A proxy server performs the authorization check before an extend client accesses a resource (cache, cache service, or invocation service). Client authorization is application-specific and protects against unauthorized use of cluster resources. See "Implementing Extend Client Authorization" for details.
Access Controller Security Framework
The access controller manages access to clustered resources, such as clustered services and caches, and controls which operations a user can perform on those resources. Cluster members use login modules to provide proof of identity; while, encrypting and decrypting communication acts as proof of trustworthiness. The framework requires the use of a keystore and defines permissions within a permissions file. The access controller prevents malicious cluster members from accessing and creating clustered resources. See Using an Access Controller, for details.
SSL secures the Tangosol Cluster Management Protocol (TCMP) communication between cluster nodes. SSL also secures the TCP communication between Oracle Coherence*Extend clients and proxies. SSL uses digital signatures to establish identity and trust, and key-based encryption to ensure that data is secure. SSL is an industry standard that protects against unauthorized access and data tampering by malicious clients and cluster members. See Using SSL to Secure Communication, for details.
Coherence security features are disabled by default and are enabled as required to address specific security requirements or concerns. Different levels of security can be achieved based on the security features that are enabled. The following list provides a quick start to security and results in a Coherence environment that includes file permissions, SSL, and authorization.
Configure file system permissions and Java policy permissions to protect against reads and writes of Coherence files. See "Using the Java Security Manager" for details.
Configure and enable SSL to secure communication between cluster members and protect against unauthorized members joining the cluster. See "Using SSL to Secure TCMP Communication".
When using Coherence*Extend or Coherence REST, configure and enable SSL to secure communication between external clients and Coherence proxy servers. SSL protects against unauthorized clients from using cluster services. See "Using SSL to Secure Extend Client Communication" and "Using SSL Authentication With Oracle Coherence REST", respectively, for details.
Implement authorization policies to restrict client access to specific Coherence operations based on user roles. See "Implementing Extend Client Authorization".
Security configuration occurs in both an operational override file and the cache configuration file. See Developing Applications with Oracle Coherence for detailed information about configuration.
Operational Override File – The
tangosol-coherence-override.xml file overrides the operational deployment descriptor, which specifies the operational and runtime settings that maintain clustering, communication, and data management services. This file includes security settings for cluster members.
Cache Configuration File – The
coherence-cache-config.xml file is the default cache configuration file. It specifies the various types of caches within a cluster. This configuration file includes security settings for Oracle Coherence*Extend. Both the extend client side and the cluster side require a cache configuration file. See Developing Remote Clients for Oracle Coherence for details on setting up Oracle Coherence*Extend.