Coherence Rest Security and Usability Improvements

<Insert Picture Here>

REST Enhancements in 12cLuk HoCoherence Development Team, Cloud Application FoundationOracle Coherence

2 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.


Cloud Application FoundationCoherence 12c Demonstration – REST Enhancements

Complete

Open

Integrated

Best in Class

On Premise – Private Cloud

Public CloudCloud Application Foundation

Traffic Director/Web Tier

WebLogic Server Coherence Tuxedo

Virtual Assembly Builder

ORACLE Cloud

Exalogic Elastic Cloud

REST Enhancements12c


Agenda

• Key Set Retrieval

• Multiple Resource Providers

• Named Queries

• Pluggable Query Engines

• Security


Key Set Retrieval

• Return the entire or filtered key set

• Provide a more scalable approach

• Paging and sorting are not supported


Key Set Retrieval: Examples

http://host:port/cacheName/keys

http://host:port/cacheName/keys?q=query

http://host:port/cacheName/namedQuery/keys


Multiple Resource Providers<http-acceptor>

... <resource-config>

<instance>

<class-name>package.MyRootConfig</class-name>

</instance> </resource-config> <resource-config>

<context-path>/internal</context-path>

<instance> <class-name>package.MyInternalConfig</class-name>

</instance> </resource-config>

</http-acceptor>


Multiple Resource Providers: Examples

http://host:port/cacheName/key

http://host:port/internal/cacheName?q=query


Named Queries

• Define query expressions with Named

Queries in coherence-rest-config.xml

• Special characters (e.g. <, >) must be escaped

• Server-side mechanism to guard against execution of ad hoc client queries

• Direct query is disabled by default

• Add a <direct-query> element for each resource to enable it


Named Queries: Example<resource> <cache-name>persons</cache-name> <key-class>java.lang.Integer</key-class> <value-class>example.Person</value-class> <query>

<name>minors</name>

<expression>age < 18</expression> </query> <query>

<name>name-query</name>

<expression>name is :name</expression> </query>

<direct-query enabled="true"/>

</resource>


Named Queries: Examples

http://host:port/persons/minors

http://host:port/persons/name-query?name=Mark


Pluggable Query Engines

• Implement Custom Query Engine

- Interfaces: com.tangosol.coherence.rest.query.QueryEngine com.tangosol.coherence.rest.query.Query

• Configure and Enable Custom Query Engine - coherence-rest-config.xml


Pluggable Query Engines: Configure

In coherence-rest-config.xml file:<query-engines> <engine> <name>MY-ENGINE</name> <class-name> package.MyQueryEngine </class-name> </engine> </query-engines>


Pluggable Query Engines: ConfigureIn coherence-rest-config.xml file:<resource> <cache-name>persons</cache-name> <key-class>java.lang.Integer</key-class> <value-class>example.Person</value-class> <query engine="MY-ENGINE"> <name>less-than-1000</name> <expression> select * from PERSONS where id < 1000 </expression> </query> <direct-query enabled="true" engine="MY-ENGINE"/></resource>


Pluggable Query Engines: Examples

http://host:port/persons/less-than-1000

http://host:port/persons;start=0;count=10?q=age%3C18


Security

• Authentication

- HTTP Basic

- Client-side SSL Certificate

- HTTP basic + Client-side SSL certificate

• Authorization


Security: Authentication

• Specify the authentication method in <http-acceptor>

• Define the authentication configuration


Security: HTTP Basic

• Specify authentication method <http-acceptor> ... <auth-method>basic</auth-method>

</http-acceptor> • Requires a Java Authentication and Authorization

Service (JAAS) login module


Security: HTTP Basic

Specify a login module: Modify COHERENCE_HOME/lib/security/login.config file to

include a CoherenceREST entry, example:

CoherenceRest { com.tangosol.security.KeystoreLogin required keyStorePath="${user.dir}${/}security${/}keystore.jks"; }; Add COHERENCE_HOME/lib/security/coherence-login.jar to the

proxy server classpath


Security: SSL Certificate

• Specify authentication method <http-acceptor> ... <auth-method>cert</auth-method> </http-acceptor>

• Define an SSL socket provider in <http-acceptor>


Security: SSL Certificate<socket-provider> <ssl> <protocol>TLS</protocol> <identity-manager> <algorithm>SunX509</algorithm> <key-store> ...

</key-store> <password>password</password> </identity-manager> <trust-manager> <algorithm>SunX509</algorithm> <key-store> ... </key-store> </trust-manager> </ssl></socket-provider>


Security: SSL Certificate

Reference an SSL socket provider:<http-acceptor> … <socket-provider>mySsl</socket-provider> … <auth-method>cert</auth-method></http-acceptor>


Security: HTTP Basic + SSL<http-acceptor> ... <socket-provider> <ssl> ... </ssl> </socket-provider> ... <auth-method>cert+basic</auth-method></http-acceptor>


Security: Authorization

Coherence*Extend authorization framework: http://docs.oracle.com/cd/E24290_01/coh.371/

e22841/extend_security.htm#CDDHBCEF


Summary

• Key Set Retrieval

• Multiple Resource Providers

• Named Queries

• Pluggable Query Engines

• Security


Join the Coherence Communityhttp://coherence.oracle.com

@OracleCoherence

/OracleCoherence

blogs.oracle.com/OracleCoherence

Group: Oracle Coherence Users

/OracleCoherence

coherence.oracle.com/display/CSIGCoherence Special Interest Group

<Insert Picture Here>

REST Enhancements in Coherence 12cLuk HoCoherence Development Team, Cloud Application FoundationOracle Coherence

Coherence Rest Security and Usability Improvements

Technology

oracle andor

query http

sole discretion of oracle

examples http

ssl certificate http

portcachenamekeys http

query expressions

portpersonsminors http