Security

❗️
This is a legacy Apache Ignite documentation
The new documentation is hosted here: https://ignite.apache.org/docs/latest/

Encryption

Make sure thin client data is encrypted by enabling SSL/TLS on the communication channel:

ClientConfiguration clientCfg = new ClientConfiguration()
  .setAddresses("127.0.0.1:10800");

clientCfg
    .setSslMode(SslMode.REQUIRED)
    .setSslClientCertificateKeyStorePath("client.jks")
    .setSslClientCertificateKeyStoreType("JKS")
    .setSslClientCertificateKeyStorePassword("123456")
    .setSslTrustCertificateKeyStorePath("trust.jks")
    .setSslTrustCertificateKeyStoreType("JKS")
    .setSslTrustCertificateKeyStorePassword("123456")
    .setSslKeyAlgorithm("SunX509")
    .setSslTrustAll(false)
    .setSslProtocol(SslProtocol.TLS);

try (IgniteClient client = Ignition.startClient(clientCfg)) {
	...
}

Authentication

User credentials must be provided if authentication is enabled on the server.

ClientAuthenticationException indicates authentication failed.

ClientConfiguration clientCfg = new ClientConfiguration()
  .setAddresses("127.0.0.1:10800")
  .setUserName("joe")
  .setUserPassword("passw0rd!");

try (IgniteClient client = Ignition.startClient(clientCfg)) {
    ...
}
catch (ClientAuthenticationException e) {
    // Handle authentication failure
}

📘
Make sure Authentication is enabled on the server
Make sure authentication is enabled on the server and the client credentials are provisioned in the credentials store.

Authorization

At the moment Apache Ignite does not support authorization out-of-the-box but provides authorization infrastructure that allows developing a custom Authorization plugin or getting the plugin from 3rd party vendors such as this one.

Updated 2 months ago