Gremlin Server didn't get authentication built into it in time for GA, but having it as a feature soon after GA was always in my mind. I guess the future 3.0.1 release qualifies as "soon after".
With some good work from Mike Adamson (
https://github.com/mike-tr-adamson) Gremlin Server now has a nice authentication model. For websockets and nio communication Gremlin Server supports a SASL (
https://en.wikipedia.org/wiki/Simple_Authentication_and_Security_Layer) based authentication scheme and for the REST configuration it support basic http authentication. Gremlin Server packages with a default implementation where both of those models authenticate against a specified Graph instance which must contain a "credentials graph" (containing usernames/passwords). This model is pluggable, so you could supply your own implementation if you liked (e.g. authenticate to ldap, mysql, etc.). When combining this feature with the built-in SSL capabilities of Gremlin Server, you can have a reasonably secure deployment.
You can read more about this feature here:
For those adventurous souls who wish to give it a try, this work is in the "tp30" branch of the repo.
Enjoy!
Stephen