Expected Behavior
The identity token introduction should work in a very similar way for the different coherence-hibernate versions.
The Coherence*Extend client introduces the identity token using the identity transformer, which then will be checked by the coherence cache server using the identity asserter.
Actual Behavior
Coherence-hibernate-cache-52 seems to have difficulties loading the value on the client side from the identity transformer.
Keeping the settings, but changing only the coherence-hibernate version to coherence-hibernate-cache-4 will result in successful identity token management.
The identity token manager implementation for client and server that I'm using can be found in this repository.
The related link to the Oracle documentation.
Coherence cache server version
Oracle Coherence CE 20.12
Coherence-hibernate versions
artifactId |
version |
status |
coherence-hibernate-cache-4 |
2.0.0 |
working |
coherence-hibernate-cache-52 |
2.0.0 |
issue occurs |
coherence-hibernate-cache-52 |
2.0.1-SNAPSHOT |
issue occurs |
Not tested with coherence-hibernate-cache-5!
Involved coherence cluster settings
Coherence*Extend client configuration part
<security-config>
<identity-transformer>
<class-name>com.example.coherence.CoherenceTokenManagers.ClientSideTokenManager</class-name>
</identity-transformer>
</security-config>
Cache server configuration part
<security-config>
<identity-asserter>
<class-name>com.example.coherence.CoherenceTokenManagers.ServerSideTokenManager</class-name>
</identity-asserter>
</security-config>
Debug Output
Coherence*Extend client debug output
Oracle Coherence Version 20.12 Build 83712
Community Edition: Development mode
Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
2021-04-12 14:11:26.219/13.456 Oracle Coherence CE 20.12 <Error> (thread=main, member=n/a): Failed to configure the Security module
2021-04-12 14:11:26.219/13.456 Oracle Coherence CE 20.12 <Error> (thread=main, member=n/a):
(Wrapped: Unable to load class "com.example.coherence.CoherenceTokenManagers.ClientSideTokenManager" using null
<identity-transformer>
<class-name>com.example.coherence.CoherenceTokenManagers.ClientSideTokenManager</class-name>
</identity-transformer>) java.lang.ClassNotFoundException: com.tangosol.net.security.IdentityTransformer
at com.tangosol.util.Base.ensureRuntimeException(Base.java:251)
at com.tangosol.run.xml.XmlHelper.createInstance(XmlHelper.java:2895)
at com.tangosol.run.xml.XmlHelper.createInstance(XmlHelper.java:2779)
at com.tangosol.internal.net.security.LegacyXmlSecurityHelper.fromXml(LegacyXmlSecurityHelper.java:55)
at com.tangosol.internal.net.security.LegacyXmlStandardHelper.fromXml(LegacyXmlStandardHelper.java:43)
at com.tangosol.coherence.component.net.Security.configureSecurity(Security.CDB:25)
at com.tangosol.coherence.component.net.Security$ConfigAction.run(Security.CDB:3)
at java.security.AccessController.doPrivileged(Native Method)
at com.tangosol.coherence.component.net.Security.getInstance(Security.CDB:5)
at com.tangosol.coherence.component.net.Cluster.onStart(Cluster.CDB:28)
at com.tangosol.coherence.component.net.Cluster.start(Cluster.CDB:12)
at com.tangosol.coherence.component.util.SafeCluster.startCluster(SafeCluster.CDB:5)
at com.tangosol.coherence.component.util.SafeCluster.restartCluster(SafeCluster.CDB:10)
at com.tangosol.coherence.component.util.SafeCluster.ensureRunningCluster(SafeCluster.CDB:32)
at com.tangosol.coherence.component.util.SafeCluster.getRunningCluster(SafeCluster.CDB:7)
at com.tangosol.coherence.component.util.SafeCluster.start(SafeCluster.CDB:5)
at com.tangosol.net.CacheFactory.ensureCluster(CacheFactory.java:589)
at com.oracle.coherence.hibernate.cache.CoherenceRegionFactory.start(CoherenceRegionFactory.java:190)
at org.hibernate.cache.spi.RegionFactory.start(RegionFactory.java:63)
at org.hibernate.internal.CacheImpl.<init>(CacheImpl.java:71)
at org.hibernate.engine.spi.CacheInitiator.initiateService(CacheInitiator.java:28)
at org.hibernate.engine.spi.CacheInitiator.initiateService(CacheInitiator.java:20)
at org.hibernate.service.internal.SessionFactoryServiceRegistryImpl.initiateService(SessionFactoryServiceRegistryImpl.java:59)
at org.hibernate.service.internal.AbstractServiceRegistryImpl.createService(AbstractServiceRegistryImpl.java:259)
at org.hibernate.service.internal.AbstractServiceRegistryImpl.initializeService(AbstractServiceRegistryImpl.java:233)
at org.hibernate.service.internal.AbstractServiceRegistryImpl.getService(AbstractServiceRegistryImpl.java:210)
at org.hibernate.service.internal.SessionFactoryServiceRegistryImpl.getService(SessionFactoryServiceRegistryImpl.java:80)
at org.hibernate.internal.SessionFactoryImpl.<init>(SessionFactoryImpl.java:243)
at org.hibernate.boot.internal.SessionFactoryBuilderImpl.build(SessionFactoryBuilderImpl.java:462)
at org.hibernate.jpa.boot.internal.EntityManagerFactoryBuilderImpl.build(EntityManagerFactoryBuilderImpl.java:892)
at org.springframework.orm.jpa.vendor.SpringHibernateJpaPersistenceProvider.createContainerEntityManagerFactory(SpringHibernateJpaPersistenceProvider.java:57)
at org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean.createNativeEntityManagerFactory(LocalContainerEntityManagerFactoryBean.java:365)
at org.springframework.orm.jpa.AbstractEntityManagerFactoryBean.buildNativeEntityManagerFactory(AbstractEntityManagerFactoryBean.java:390)
at org.springframework.orm.jpa.AbstractEntityManagerFactoryBean.afterPropertiesSet(AbstractEntityManagerFactoryBean.java:377)
at org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean.afterPropertiesSet(LocalContainerEntityManagerFactoryBean.java:341)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1758)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1695)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:573)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:495)
at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:317)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:315)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:199)
at org.springframework.context.support.AbstractApplicationContext.getBean(AbstractApplicationContext.java:1089)
at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:859)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:550)
at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.refresh(ServletWebServerApplicationContext.java:140)
at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:780)
at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:412)
at org.springframework.boot.SpringApplication.run(SpringApplication.java:333)
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1277)
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1265)
at com.example.coherence.CoherenceApplication.main(CoherenceApplication.java:13)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:48)
at org.springframework.boot.loader.Launcher.launch(Launcher.java:87)
at org.springframework.boot.loader.Launcher.launch(Launcher.java:50)
at org.springframework.boot.loader.PropertiesLauncher.main(PropertiesLauncher.java:593)
Caused by: java.lang.NoClassDefFoundError: com/tangosol/net/security/IdentityTransformer
at java.lang.ClassLoader.defineClass1(Native Method)
at java.lang.ClassLoader.defineClass(ClassLoader.java:756)
at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:142)
at java.net.URLClassLoader.defineClass(URLClassLoader.java:468)
at java.net.URLClassLoader.access$100(URLClassLoader.java:74)
at java.net.URLClassLoader$1.run(URLClassLoader.java:369)
at java.net.URLClassLoader$1.run(URLClassLoader.java:363)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:362)
at java.lang.ClassLoader.loadClass(ClassLoader.java:418)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:352)
at java.lang.ClassLoader.loadClass(ClassLoader.java:405)
at org.springframework.boot.loader.LaunchedURLClassLoader.loadClass(LaunchedURLClassLoader.java:93)
at java.lang.ClassLoader.loadClass(ClassLoader.java:351)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:348)
at com.tangosol.util.ExternalizableHelper.loadClass(ExternalizableHelper.java:3740)
at com.tangosol.run.xml.XmlHelper.createInstance(XmlHelper.java:2853)
... 59 more
Caused by: java.lang.ClassNotFoundException: com.tangosol.net.security.IdentityTransformer
at java.net.URLClassLoader.findClass(URLClassLoader.java:382)
at java.lang.ClassLoader.loadClass(ClassLoader.java:418)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:352)
at java.lang.ClassLoader.loadClass(ClassLoader.java:351)
... 77 more
Cache server debug output
2021-04-12 14:37:59.298/398.545 Oracle Coherence CE 20.12 <Warning> (thread=Proxy:ExtendTcpCacheService:TcpAcceptor, member=3): An exception occurred while processing the identity token: java.lang.SecurityException: Access denied
2021-04-12 14:37:59.427/398.673 Oracle Coherence CE 20.12 <D6> (thread=Proxy:ExtendTcpCacheService:TcpAcceptor:TcpProcessor, member=3): Released: TcpConnection(Id=0x00000178C616B2010A644DEDC656E65D18D8049630B1778ECC741F6D607C9B8A, Open=false, Member(Id=1, Timestamp=2021-04-12 14:37:54.329, Address=XXX.XXX.XXX.XXX:9000, MachineId=59023, Location=site:k8s-ims-b,rack:AD-B,machine:coherence-test-client-deployment-84db96fd88-s748g,process:coherence-cache-process,member:coherence-cache-thread, Role=CoherenceClient), LocalAddress=XXX.XXX.XXX.XXX:9000, RemoteAddress=XXX.XXX.XXX.XXX:50360)
Steps to reproduce
- Start the Coherence cache server configured to have
security-config
- Start the Coherence*Extend client configured to have
security-config
and the start up will fail.