Unless clients are authenticated, access to grid data and JMX management operations that control the grid are left unprotected. This is true even if SSL is enabled.
When credentialAuthentication is set to Required or Supported, more configuration is needed, as described in the following steps. These steps are described in more detail, with examples of the changes to the configuration files in Java SE security tutorial - Step 3.