Hazelcast supports standard Java Security (JAAS) based authentication between cluster
members. You should configure one or moreLoginModules and an instance of
com.hazelcast.security.ICredentialsFactory. Although Hazelcast has
default implementations using cluster group and group-password and
UsernamePasswordCredentials
on authentication, it is advised to
implement these according to specific needs and environment.
<security enabled="true">
<member-credentials-factory class-name="com.hazelcast.examples.MyCredentialsFactory">
<properties>
<property name="property1">value1</property>
<property name="property2">value2</property>
</properties>
</member-credentials-factory>
<member-login-modules>
<login-module class-name="com.hazelcast.examples.MyRequiredLoginModule" usage="required">
<properties>
<property name="property3">value3</property>
</properties>
</login-module>
<login-module class-name="com.hazelcast.examples.MySufficientLoginModule" usage="sufficient">
<properties>
<property name="property4">value4</property>
</properties>
</login-module>
<login-module class-name="com.hazelcast.examples.MyOptionalLoginModule" usage="optional">
<properties>
<property name="property5">value5</property>
</properties>
</login-module>
</member-login-modules>
...
</security>
You can define as many asLoginModules you wanted in
configuration. Those are executed in given order. Usage attribute has 4 values; 'required',
'requisite', 'sufficient' and 'optional' as defined in
javax.security.auth.login.AppConfigurationEntry.LoginModuleControlFlag.
package com.hazelcast.security;
/**
* ICredentialsFactory is used to create Credentials objects to be used
* during node authentication before connection accepted by master node.
*/
public interface ICredentialsFactory {
void configure(GroupConfig groupConfig, Properties properties);
Credentials newCredentials();
void destroy();
}
Properties defined in configuration are passed to
ICredentialsFactory.configure()
method as
java.util.Properties
and to
LoginModule.initialize()
method asjava.util.Map.