I'm trying to upgrade a Hazelcast cluster in a Java Spring-powered app from v3 to v5, mostly by following the official migration guide, where it is stated that the terminology has been changed and that Groups have become Clusters.
Here, it's stated that configuration before v4 that looked as follows:
<hazelcast>
<group>
<name>dev</name>
<password>dev-pass</password>
</group>
</hazelcast>
Now transforms into:
<hazelcast>
<cluster-name>dev</cluster-name>
</hazelcast>
Which, in turn, I converted to:
<hz:cluster-name>my-cluster-name</hz:cluster-name>
However, there is no such thing as a Cluster password, as was the case with Groups, apparently since v3.11, according to the GroupConfig javadoc:
since 3.11, password check is removed. Passwords are only checked in default LoginModule when Hazelcast security is enabled (Enterprise edition only).
Is there no way for free edition users to set a password on their cluster anymore?
Security realms seem a bit overly complicated for this purpose, and it's my understanding they are not available for community-edition users either.
You are right. The security features (including authentication or socket interceptors) are only available in the Enterprise edition.
You can still improve the security of the community edition by following steps:
hazelcast.socket.server.bind.any). It binds to all interfaces by default (0.0.0.0).You can see all the security recommendations in the Hazelcast member log by starting the server with the following system property (available in version 5 or newer): -Dhazelcast.security.recommendations