PRODUCTS AND SERVICES INDUSTRIES SUPPORT PARTNERS COMMUNITIES ABOUT
  Coherence FAQ
  How can I restrict a Coherence*Extend client's access to a cache?
 Browse Space
Added by Tom Pfaeffle, last edited by Gene Gleyzer on Jul 21, 2009  (view change)

Labels

 

The attached example demonstrates how to authenticate a Coherence*Extend client and pass the client's identity to the cluster, where it is used to enforce entitlements on a target NamedCache. The attached JAR file includes both .NET and Java sample clients.

A Coherence*Extend client authenticates a user using either standard JAAS API calls or via the Coherence Security Framework. Once authenticated, the client accesses a target remote NamedCache by executing a PrivilegedAction on behalf of the user's authenticated Subject. The Coherence*Extend client transparently passes the user's Subject to the cluster, where an example NamedCache wrapper is used to enforce that the remote user has a specified Principal. The example NamedCache wrapper could easily be enhanced to enforce more sophisticated entitlements, such as transforming cached data or providing a filtered view of the target NamedCache.

This information is also included in the  README.txt file in the attached archive.

 

Coherence*Extend Security Example

This example demonstrates how to authenticate a Coherence*Extend user and pass the user's identity to the cluster, where it is used to enforce entitlements on a target NamedCache.

Prerequisites

To build the example, you must have the following software installed:

Additionally, to build the example .NET client, you must have the following software installed:

Build Instructions

To build the Java sample client:

  1. Update bin/set-env.sh to reflect your system environment.
  2. Open a shell and execute the following command in the bin directory: ./ant.sh build
  3. To completely remove all build artifacts from your filesystem, run: ./ant.sh clean

To build the .NET sample client:
To build the .NET example client, use the Visual Studio solution included under src/net/TestClient. You may need to update the Coherence library reference to reflect your installation location of Coherence for .NET.

Running the Example

To run the Java sample client:

  1. Start a cache server by executing the following script:./start-server.sh
  2. Launch the client using a user with insufficient privileges to access a target remote NamedCache:./start-client.sh guest secret
  3. Launch the client using a user with access privileges to a target remote NamedCache: ./start-client.sh admin secret

To run the .NET sample client:
To run the .NET sample client, execute the TestClient application from within Visual Studio.