Java*C#/.NETC++SQLIntegrationsIgnite for SparkTools
JavadocExamplesAsk a Question

Advanced Security

Securing an Ignite cluster.

❗️

This is a legacy Apache Ignite documentation

The new documentation is hosted here: https://ignite.apache.org/docs/latest/

Authentication

You can secure your Ignite cluster by enabling authentication on the server and providing user credentials on clients. Currently, authentication is supported only when Ignite persistence is enabled. This requirement may be relaxed in future releases.

📘

This authentication mechanism only applies to thin clients/JDBC/ODBC connections.

Enable Authentication

To enable authentication on the server, set the authenticationEnabled property of IgniteConfiguration to true in your Spring XML config file, or via code, like so:

<bean id="ignite.cfg" class="org.apache.ignite.configuration.IgniteConfiguration">
    <!-- Enabling Apache Ignite Persistent Store. -->
    <property name="dataStorageConfiguration">
        <bean class="org.apache.ignite.configuration.DataStorageConfiguration">
            <property name="defaultDataRegionConfiguration">
                <bean class="org.apache.ignite.configuration.DataRegionConfiguration">
                    <property name="persistenceEnabled" value="true"/>
                </bean>
            </property>
        </bean>
    </property>

    <!-- Enabling authentication. -->
    <property name="authenticationEnabled" value="true"/>
   
  <!-- Other Ignite configurations. -->
  ...
    
</bean>

// Apache Ignite node configuration.
IgniteConfiguration cfg = new IgniteConfiguration();

// Ignite persistence configuration.
DataStorageConfiguration storageCfg = new DataStorageConfiguration();

// Enabling the persistence.
storageCfg.getDefaultDataRegionConfiguration().setPersistenceEnabled(true);

// Applying settings.
cfg.setDataStorageConfiguration(storageCfg);

// Enable authentication
cfg.setAuthenticationEnabled(true);

// Other configurations
...

Provide User Credentials

When authentication is enabled, Ignite creates the superuser account under the name ignite and password ignite on the first cluster startup. Presently, you can't rename the superuser account nor grant its privileges to any other account. However, you can CREATE, ALTER, and DROP a user, using DDL commands supported by Ignite. Note, that a new user can only be created using a superuser account.

Authorization

Apache Ignite does not provide authorization features out-of-the-box. However, for such advanced level security features, you can implement the GridSecurityProcessor interface as part of a custom plugin or choose to use a 3rd party implementation such as this one.

Updated over 3 years ago