A newer version of IMDG is available.

View latest

Want to try Hazelcast 5.0 beta?

We’ve combined the in-memory storage of IMDG with the stream processing power of Jet to bring you an all new Hazelcast platform.

Cluster Member Security

Hazelcast supports standard Java Security (JAAS) based authentication between cluster members. To implement it, you configure one or more LoginModules and an instance of com.hazelcast.security.ICredentialsFactory. Although Hazelcast has default implementations using cluster groups and UsernamePasswordCredentials on authentication, it is recommended that you implement the LoginModules and an instance of com.hazelcast.security.ICredentialsFactory according to your specific needs and environment.

<hazelcast>
    ...
    <security enabled="true">
        <member-credentials-factory
            class-name="com.hazelcast.examples.MyCredentialsFactory">
            <properties>
                <property name="property1">value1</property>
                <property name="property2">value2</property>
            </properties>
        </member-credentials-factory>
        <member-login-modules>
            <login-module usage="REQUIRED"
                class-name="com.hazelcast.examples.MyRequiredLoginModule">
                <properties>
                    <property name="property3">value3</property>
                </properties>
           </login-module>
           <login-module usage="SUFFICIENT"
               class-name="com.hazelcast.examples.MySufficientLoginModule">
               <properties>
                    <property name="property4">value4</property>
              </properties>
           </login-module>
           <login-module usage="OPTIONAL"
               class-name="com.hazelcast.examples.MyOptionalLoginModule">
               <properties>
                   <property name="property5">value5</property>
               </properties>
           </login-module>
       </member-login-modules>
    </security>
    ...
</hazelcast>

You can define as many as LoginModules as you want in configuration. They are executed in the order listed in configuration. The usage attribute has 4 values: 'required', 'requisite', 'sufficient' and 'optional' as defined in javax.security.auth.login.AppConfigurationEntry.LoginModuleControlFlag.

package com.hazelcast.security;
/**
 * ICredentialsFactory is used to create Credentials objects to be used
 * during member authentication before connection accepted by master member.
 */
public interface ICredentialsFactory {

  void configure( GroupConfig groupConfig, Properties properties );

  Credentials newCredentials();

  void destroy();
}

Properties defined in the configuration are passed to the ICredentialsFactory.configure() method as java.util.Properties and to the LoginModule.initialize() method as java.util.Map.