Coherence Rest Security and Usability Improvements
Post on 11-May-2015
783 Views
Preview:
DESCRIPTION
Transcript
<Insert Picture Here>
REST Enhancements in 12cLuk HoCoherence Development Team, Cloud Application FoundationOracle Coherence
2 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.
3 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Cloud Application FoundationCoherence 12c Demonstration – REST Enhancements
Complete
Open
Integrated
Best in Class
On Premise – Private Cloud
Public CloudCloud Application Foundation
Traffic Director/Web Tier
WebLogic Server Coherence Tuxedo
Virtual Assembly Builder
ORACLE Cloud
Exalogic Elastic Cloud
REST Enhancements12c
4 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Agenda
• Key Set Retrieval
• Multiple Resource Providers
• Named Queries
• Pluggable Query Engines
• Security
5 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Key Set Retrieval
• Return the entire or filtered key set
• Provide a more scalable approach
• Paging and sorting are not supported
6 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Key Set Retrieval: Examples
http://host:port/cacheName/keys
http://host:port/cacheName/keys?q=query
http://host:port/cacheName/namedQuery/keys
7 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Multiple Resource Providers<http-acceptor>
... <resource-config>
<instance>
<class-name>package.MyRootConfig</class-name>
</instance> </resource-config> <resource-config>
<context-path>/internal</context-path>
<instance> <class-name>package.MyInternalConfig</class-name>
</instance> </resource-config>
</http-acceptor>
8 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Multiple Resource Providers: Examples
http://host:port/cacheName/key
http://host:port/internal/cacheName?q=query
9 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Named Queries
• Define query expressions with Named
Queries in coherence-rest-config.xml
• Special characters (e.g. <, >) must be escaped
• Server-side mechanism to guard against execution of ad hoc client queries
• Direct query is disabled by default
• Add a <direct-query> element for each resource to enable it
10 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Named Queries: Example<resource> <cache-name>persons</cache-name> <key-class>java.lang.Integer</key-class> <value-class>example.Person</value-class> <query>
<name>minors</name>
<expression>age < 18</expression> </query> <query>
<name>name-query</name>
<expression>name is :name</expression> </query>
<direct-query enabled="true"/>
</resource>
11 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Named Queries: Examples
http://host:port/persons/minors
http://host:port/persons/name-query?name=Mark
12 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Pluggable Query Engines
• Implement Custom Query Engine
- Interfaces: com.tangosol.coherence.rest.query.QueryEngine com.tangosol.coherence.rest.query.Query
• Configure and Enable Custom Query Engine - coherence-rest-config.xml
13 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Pluggable Query Engines: Configure
In coherence-rest-config.xml file:<query-engines> <engine> <name>MY-ENGINE</name> <class-name> package.MyQueryEngine </class-name> </engine> </query-engines>
14 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Pluggable Query Engines: ConfigureIn coherence-rest-config.xml file:<resource> <cache-name>persons</cache-name> <key-class>java.lang.Integer</key-class> <value-class>example.Person</value-class> <query engine="MY-ENGINE"> <name>less-than-1000</name> <expression> select * from PERSONS where id < 1000 </expression> </query> <direct-query enabled="true" engine="MY-ENGINE"/></resource>
15 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Pluggable Query Engines: Examples
http://host:port/persons/less-than-1000
http://host:port/persons;start=0;count=10?q=age%3C18
16 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Security
• Authentication
- HTTP Basic
- Client-side SSL Certificate
- HTTP basic + Client-side SSL certificate
• Authorization
17 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Security: Authentication
• Specify the authentication method in <http-acceptor>
• Define the authentication configuration
18 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Security: HTTP Basic
• Specify authentication method <http-acceptor> ... <auth-method>basic</auth-method>
</http-acceptor> • Requires a Java Authentication and Authorization
Service (JAAS) login module
19 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Security: HTTP Basic
Specify a login module: Modify COHERENCE_HOME/lib/security/login.config file to
include a CoherenceREST entry, example:
CoherenceRest { com.tangosol.security.KeystoreLogin required keyStorePath="${user.dir}${/}security${/}keystore.jks"; }; Add COHERENCE_HOME/lib/security/coherence-login.jar to the
proxy server classpath
20 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Security: SSL Certificate
• Specify authentication method <http-acceptor> ... <auth-method>cert</auth-method> </http-acceptor>
• Define an SSL socket provider in <http-acceptor>
21 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Security: SSL Certificate<socket-provider> <ssl> <protocol>TLS</protocol> <identity-manager> <algorithm>SunX509</algorithm> <key-store> ...
</key-store> <password>password</password> </identity-manager> <trust-manager> <algorithm>SunX509</algorithm> <key-store> ... </key-store> </trust-manager> </ssl></socket-provider>
22 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Security: SSL Certificate
Reference an SSL socket provider:<http-acceptor> … <socket-provider>mySsl</socket-provider> … <auth-method>cert</auth-method></http-acceptor>
23 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Security: HTTP Basic + SSL<http-acceptor> ... <socket-provider> <ssl> ... </ssl> </socket-provider> ... <auth-method>cert+basic</auth-method></http-acceptor>
24 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Security: Authorization
Coherence*Extend authorization framework: http://docs.oracle.com/cd/E24290_01/coh.371/
e22841/extend_security.htm#CDDHBCEF
25 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Summary
• Key Set Retrieval
• Multiple Resource Providers
• Named Queries
• Pluggable Query Engines
• Security
26 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Join the Coherence Communityhttp://coherence.oracle.com
@OracleCoherence
/OracleCoherence
blogs.oracle.com/OracleCoherence
Group: Oracle Coherence Users
/OracleCoherence
coherence.oracle.com/display/CSIGCoherence Special Interest Group
top related