3-4 Programming JTA for Oracle WebLogic Server

3.3 Configuring Secure Inter-Domain and Intra-Domain Transaction Communication

For a transaction manager to manage distributed transactions, the transaction manager must be able to communicate with all participating servers and resources to prepare and then commit or rollback the transactions. How a communication channel is configured depends on whether the transaction route is: ■ Inter-domain—The transaction communication is between servers participating in transactions that are not in the same domain. ■ Intra-domain—The transaction communication is between servers participating in transactions within the same domain. Communication channels must be secure to prevent a malicious third-party from using man-in-the-middle attacks to affect transaction outcomes and potentially gaining administrative control over one or more domains. WebLogic Server provides the following options to secure a communication channel: ■ Cross Domain Security—Uses a credential mapper to enable you to configure compatible communication channels between servers in Inter-domain transactions. Although it requires a more complex configuration, Cross Domain Security enables you to tailor trust between individual domains. ■ Security Interoperability Mode—Establishes trust between all domains that participate in a transaction by setting a security credential of all domains to the same value so that principals in a Subject from one WebLogic Server instance are accepted as principals in another instance. It is simpler to configure than Cross Domain Security but some settings of Security Interoperability Mode rely on domain trust and offer less security than Cross Domain Security. The following sections provide information on how to configure secure communication between servers during a transaction: ■ Section 3.3.1, Requirements for Transaction Communication ■ Section 3.3.2, Configuring Communication for Inter-Domain Transactions ■ Section 3.3.3, Configuring Domains for Intra-Domain Transactions ■ Section 3.3.4, Configuring Cross Domain Security ■ Section 3.3.5, Configuring Security Interoperability Mode

3.3.1 Requirements for Transaction Communication

Please note the following requirements when configuring communication channels for your transaction environment: ■ The domains and all participating resources must have unique names. That is, you cannot have a JDBC data source, a server, or a domain with the same name as an object in another domain or the domain itself. ■ Keep all the domains used by your process symmetric with respect to Cross Domain Security configuration and Security Interoperability Mode. Because both settings are set at the domain level, it is possible for a domain to be in a mixed mode, meaning the domain has both Cross Domain Security and Security Interoperability Mode set. ■ If you are interoperating with WebLogic Server 8.1 domains, there is a known issue which may occur when performing inter-domain transactions due to incompatibilities between JMX 1.0 and JMX 1.2. To correct this incompatibility, use Configuring Transactions 3-5 the JVM flag -Djmx.serial.form=1.0 as described in “JMX 1.2 Implementation” in Upgrade Guide for Oracle WebLogic Server ■ Only one data source with both of the following attribute conditions participate in a global transaction, regardless of the domain in which the data source is configured: – Logging Last Resource or Emulate Two-Phase Commit is selected. – The data source uses a non-XA driver to create database connections.

3.3.2 Configuring Communication for Inter-Domain Transactions

You must correctly configure compatible communication channels using either Cross Domain Security or Security Interoperability Mode for all participating domains in global transactions. See: ■ Section 3.3.4, Configuring Cross Domain Security ■ Section 3.3.5, Configuring Security Interoperability Mode Use the following table to determine when to use Cross Domain Security or Security Interoperability Mode: Table 3–2 Selecting a Channel Configuration Channel Configuration Advantage Disadvantage Cross Domain Security ■ specific users are configured to establish communication between a domain pair. ■ With SSL, prevents man-in-the-middle attacks. ■ More complex configuration. ■ Any change to the transaction flow, such as changing participants, participant roles coordinator versus resource or subcoordinator, adding or removing a domain, or changing the transaction route, requires a configuration change. Security Interoperability Mode ■ Very easy to configure. ■ No need to understand the transaction flow when configuring Security Interoperability Mode. ■ Backward compatible with WebLogic 8.1.] ■ When in default mode, using the admin channel prevents man-in-the-middle attacks. ■ Trust is transitive: if Domain A trusts Domain B and Domain B trusts Domain C, then Domain A will trust Domain C. ■ When set to compatibility , inter-domain trust grants administrator privileges across domains. That is, with trust established between domains, an Administrator in Domain A has administrator privileges in Domain B. ■ In some configurations, there is a narrow possibility of man-in-the-middle attacks. 3-6 Programming JTA for Oracle WebLogic Server Use the following table to determine the type of communication channel configuration required for inter-domain transactions. Table 3–3 Communication Channel Configurations for Inter-Domain Transactions Domain 10.x and 9.2 MP2 and higher MPs 9.0, 9.1, 9.2 MP1 and lower 8.1 SP5 and higher 8.1 SP4 and lower