Ensure secure interaction with Terracotta

MashZone NextGen interacts as a Terracotta client with the Terracotta server. The Terracotta server uses the following security features to ensure a secure connection to MashZone NextGen.

The security features in Terracotta are configured using a security root directory. The security root directory is a file system location for all security-related files, such as certificates. The client as well as the server must provide a security root directory. Both must match in their security configuration, that is, if the server has been configured for LDAP in its security root directory, the client must also have a corresponding LDAP configuration file in its security root directory. Therefore, MashZone NextGen as a Terracotta client must point to a security root directory in order to securely interact with a Terracotta server. This security root directory must contain the appropriate security files in advance and these files must match the security configuration of the server. Detailed information on the various security configurations and the structure of a security root directory can be found in the Terracotta documentation.

Brcause different Terracotta connections configured in MashZone NextGen can point to Terracotta servers with possibly different security configurations, each Terracotta connection in MashZone NextGen must point to a separate security root directory with a matching security configuration. Good practice is to manage all required security root directories in one central location. This location must be <MashZone NextGen installation>/apache-tomcat/conf/terracotta-security.

Ensure that the security root directories used by MashZone NextGen are accessible only by the user who is permitted to run the MashZone NextGen server.