Strange Call Backs On Cluster Side For Entitled Cache
(Doc ID 2749128.1)
Last updated on FEBRUARY 09, 2021
Applies to:Oracle Coherence - Version 184.108.40.206.0 and later
Information in this document applies to any platform.
On : 220.127.116.11.0 version, Clustering,Network,Membership
Strange Call Backs on Cluster Side for Entitled Cache
We have used the Wrapper Classes EntitledCacheService & EntitledNamedCache and have noticed strange call backs being made. To demonstrate I have made miinor modifications to the "security" example shipped with Coherence 18.104.22.168 and captured the changes in a git repository which I have attached so the messages can be reproduced. The majority of my changes are adding System.out messages to the call backs from Coherence to the Entitlement Classes.
The security example as shipped allows for authentication and authorisation using the security sample. Where a secure cluster is launched and then a secure client connects under the profile of a particular user and either succeeds or fails in performing operations depending on their role.
While this works - when I run sequential accesses from the client but under different user profiles I see strange messages relating to previous users being granted access. The client runs are sequential - not concurrent. Further more the more the client runs result in a constant increase in the strange call backs. It is perhaps best if we have a call where I can talk through the issue.
But you can see the log messages I have annotated cache-server-log.txt (lines 108 - 112 and 147 - 151) and corresponding client runs in client-run-log.txt. The zip file examples.modified.zip contains a cloned version of the Coherence 22.214.171.124 examples directory. If you change to the examples.modified\java directory and type "git status" and "git diff" you will see the modifications I have made (mostly logging as mentioend before) to highlight the strange behaviour I am observing.
As we are migrating to version 14 in production with Authentication and Authroisation - it is essential for us to be assured that these messages will not compromise the performance and security of the production systems.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document