Hazelcast supports standard Java Security (JAAS) based authentication between cluster members. You should configure one or moreLoginModules and an instance of com.hazelcast.security.ICredentialsFactory
. Although Hazelcast has default implementations using cluster group and group-password and UsernamePasswordCredentials on authentication, it is advised to implement these according to specific needs and environment.
<security enabled="true">
<member-credentials-factory class-name="com.hazelcast.examples.MyCredentialsFactory">
<properties>
<property name="property1">value1</property>
<property name="property2">value2</property>
</properties>
</member-credentials-factory>
<member-login-modules>
<login-module class-name="com.hazelcast.examples.MyRequiredLoginModule" usage="required">
<properties>
<property name="property3">value3</property>
</properties>
</login-module>
<login-module class-name="com.hazelcast.examples.MySufficientLoginModule" usage="sufficient">
<properties>
<property name="property4">value4</property>
</properties>
</login-module>
<login-module class-name="com.hazelcast.examples.MyOptionalLoginModule" usage="optional">
<properties>
<property name="property5">value5</property>
</properties>
</login-module>
</member-login-modules>
...
</security>
You can define as many asLoginModules you wanted in configuration. Those are executed in given order. Usage attribute has 4 values; 'required', 'requisite', 'sufficient' and 'optional' as defined in javax.security.auth.login.AppConfigurationEntry.LoginModuleControlFlag
.
package com.hazelcast.security;
/**
* ICredentialsFactory is used to create Credentials objects to be used
* during node authentication before connection accepted by master node.
*/
public interface ICredentialsFactory {
void configure(GroupConfig groupConfig, Properties properties);
Credentials newCredentials();
void destroy();
}
Properties defined in configuration are passed to ICredentialsFactory.configure()
method as java.util.Properties and to LoginModule.initialize()
method asjava.util.Map.