Hazelcast Community Edition安全性 [英] Hazelcast Community Edition security

问题描述

我正在研究一个使用Hazelcast作为缓存的Spring引导项目.我正在使用社区版.我有几个问题，

I am working on a Spring boot project which uses Hazelcast as Cache. I am using the community edition of that. I have couple of questions,

1. 我想知道社区版中是否提供了最低限度的安全性功能.我知道我们可以提供唯一的组名，以便其他节点无法加入集群.但是还有其他方法吗?.
2. 我还尝试了 hazelcast.application.validation.token ，但是它不起作用.使用此属性检查的正确方法是什么.
3. 此外，Spring Boot不会阻止使用TCP的hazelcast通信.春季安全性有什么办法可以向hazelcast添加一些安全性功能?

1. I wanted to know whether there is minimal provision provided in community edition for security features. I know that we can provide unique group name so other nodes cannot join the cluster. But is there any other way?.
2. I also tried with hazelcast.application.validation.token but it is not working. What is the correct way to check with this property.
3. Also, hazelcast communicating using TCP is not blocked by spring boot. Is there any way in spring security to add some security feature to hazelcast?

推荐答案

我想，您使用的是Hazelcast 4.0或更高版本.在版本4中删除了属性 hazelcast.application.validation.token .

I suppose, you're using Hazelcast 4.0 or later. The property hazelcast.application.validation.token was removed in version 4.

也许您已经研究过此答案-与Hazelcast 3.y版本有关.某些信息仍然有效.

Maybe you've already looked into this answer - it's related to Hazelcast 3.y versions. Some info is still valid though.

Hazelcast版本4(OS)中的基本保护方法是设置不同的群集名称(相当于Hazelcast 3中的组名称).

The basic protection approach in Hazelcast version 4 (OS) is to set different cluster names (equivalent of group name in Hazelcast 3).

您可以使用高级网络功能，可让您为不同的协议(成员协议，客户端协议，REST等)使用单独的端口号.然后，您可以使用操作系统级别的保护(例如防火墙)来保护这些端点.

You can use the advanced network feature which allows you to have separated port numbers for different protocols (member protocol, client protocol, REST, ...). Then you can use OS level protection - such as firewall - to protect these endpoints.

您还可以禁用将服务器套接字绑定到所有网络接口(默认行为)，并控制使用哪个接口.

You can also disable binding server sockets to all network interfaces (default behavior) and control which interface is used.

我认为Spring安全性没有提供可以帮助您保护Hazelcast端点的功能，但是我不是Spring专家，所以也许我错了.

I don't think the Spring security provides a feature which would help you with protecting Hazelcast endpoints, but I'm not Spring expert, so maybe I'm wrong.

这篇关于Hazelcast Community Edition安全性的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！