Table of Contents
Hazelcast has an extensible, JAAS based security feature which can be used to authenticate both cluster members and clients and to do access control checks on client operations. Access control can be done according to endpoint principal and/or endpoint address. Security can be enabled and configured either in configuration xml or using Config api.
<hazelcast xsi:schemaLocation="http://www.hazelcast.com/schema/config hazelcast-config-2.0.xsd"
xmlns="http://www.hazelcast.com/schema/config"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
...
<security enabled="true">
...
</security>
</hazelcast>
Config cfg = new Config(); SecurityConfig securityCfg = cfg.getSecurityConfig(); securityCfg.setEnabled(true);
Also see how to configure license key.
One of the key elements in Hazelcast security is
Credentials
object. It
is used to carry all credentials of an endpoint (member or client).
Credentials
is an interface which extends
Serializable
and has three methods to be implemented. Users,
according to their needs, can either implement
Credentials
interface or
extend
AbstractCredentials
class which is an abstract implementation of
Credentials.
package com.hazelcast.security;
...
public interface Credentials extends Serializable {
String getEndpoint();
void setEndpoint(String endpoint) ;
String getPrincipal() ;
}
Credentials.setEndpoint()
method is called by Hazelcast when auth request arrives to node
before authentication takes place.
package com.hazelcast.security;
...
public abstract class AbstractCredentials implements Credentials, DataSerializable {
private transient String endpoint;
private String principal;
...
}
UsernamePasswordCredentials, a custom implementation of
Credentials
can be found in Hazelcast
com.hazelcast.security
package. It is used by default configuration during
authentication process of both members and clients.
package com.hazelcast.security;
...
public class UsernamePasswordCredentials extends Credentials {
private byte[] password;
...
}