This manual is for an old version of Hazelcast IMDG, use the latest stable version.
Chapter 4. Security (Enterprise Edition Only)

Chapter 4. Security (Enterprise Edition Only)

Table of Contents

4.1. Credentials
4.2. ClusterLoginModule
4.3. Cluster Member Security
4.4. Native Client Security
4.4.1. Authentication
4.4.2. Authorization
4.4.3. Permissions

Hazelcast has an extensible, JAAS based security feature which can be used to authenticate both cluster members and clients and to do access control checks on client operations. Access control can be done according to endpoint principal and/or endpoint address. Security can be enabled and configured either in configuration xml or using Config api.

<hazelcast xsi:schemaLocation="http://www.hazelcast.com/schema/config hazelcast-config-2.0.xsd"
    xmlns="http://www.hazelcast.com/schema/config"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    
    ...
    <security enabled="true">
    ...
    </security>
</hazelcast>

Config cfg = new Config();
SecurityConfig securityCfg = cfg.getSecurityConfig();
securityCfg.setEnabled(true);

Also see how to configure license key.

4.1. Credentials

One of the key elements in Hazelcast security is Credentials object. It is used to carry all credentials of an endpoint (member or client). Credentials is an interface which extends Serializable and has three methods to be implemented. Users, according to their needs, can either implement Credentials interface or extend AbstractCredentials class which is an abstract implementation of Credentials.

package com.hazelcast.security;
...
public interface Credentials extends Serializable {

    String getEndpoint();

    void setEndpoint(String endpoint) ;
    
    String getPrincipal() ;    
}

Credentials.setEndpoint() method is called by Hazelcast when auth request arrives to node before authentication takes place.

package com.hazelcast.security;
...
public abstract class AbstractCredentials implements Credentials, DataSerializable {
    private transient String endpoint;
    private String principal;

    ...
}

UsernamePasswordCredentials, a custom implementation of Credentials can be found in Hazelcast com.hazelcast.security package. It is used by default configuration during authentication process of both members and clients.

package com.hazelcast.security;
...
public class UsernamePasswordCredentials extends Credentials {
    private byte[] password;
    ...
}