问题
I am working on a Spring boot project which uses Hazelcast as Cache. I am using the community edition of that. I have couple of questions,
- I wanted to know whether there is minimal provision provided in community edition for security features. I know that we can provide unique group name so other nodes cannot join the cluster. But is there any other way?.
- I also tried with
hazelcast.application.validation.tokenbut it is not working. What is the correct way to check with this property. - Also, hazelcast communicating using TCP is not blocked by spring boot. Is there any way in spring security to add some security feature to hazelcast?
回答1:
I suppose, you're using Hazelcast 4.0 or later. The property hazelcast.application.validation.token was removed in version 4.
Maybe you've already looked into this answer - it's related to Hazelcast 3.y versions. Some info is still valid though.
The basic protection approach in Hazelcast version 4 (OS) is to set different cluster names (equivalent of group name in Hazelcast 3).
You can use the advanced network feature which allows you to have separated port numbers for different protocols (member protocol, client protocol, REST, ...). Then you can use OS level protection - such as firewall - to protect these endpoints.
You can also disable binding server sockets to all network interfaces (default behavior) and control which interface is used.
I don't think the Spring security provides a feature which would help you with protecting Hazelcast endpoints, but I'm not Spring expert, so maybe I'm wrong.
来源:https://stackoverflow.com/questions/62537398/hazelcast-community-edition-security