One of the key elements in Hazelcast security is the Credentials object, which carries all credentials of an endpoint (member or client). Credentials is an interface which extends Serializable. You can either implement the three methods in the Credentials interface, or you can extend the AbstractCredentials class, which is an abstract implementation of Credentials.

Hazelcast calls the Credentials.setEndpoint() method when an authentication request arrives at the member before authentication takes place. Here are the methods of Credentials interface (see its Javadoc):

public interface Credentials extends Serializable {
    String getEndpoint();
    void setEndpoint( String endpoint ) ;
    String getPrincipal() ;

Here is the snippet from the abstract implementation of Credentials (see its Javadoc):

public abstract class AbstractCredentials implements Credentials, Portable {
    private String endpoint;
    private String principal;

UsernamePasswordCredentials, a custom implementation of Credentials, is in the Hazelcast package. UsernamePasswordCredentials is used for default configuration during the authentication process of both members and clients.

public class UsernamePasswordCredentials extends AbstractCredentials {
    private byte[] password;