Tagged articles

authentication

669 articles · Page 1 of 7
Architect's Guide
Architect's Guide
Jun 27, 2026 · Information Security

A Comprehensive Guide to Front‑End and Back‑End Authentication Strategies

This article systematically explains ten common authentication approaches—from basic HTTP authentication and session‑cookie mechanisms to token, JWT, SSO, OAuth 2.0, QR‑code login, and one‑click login—detailing their principles, workflows, advantages, drawbacks, and typical usage scenarios with concrete examples and code snippets.

CookieJWTOAuth2.0
0 likes · 42 min read
A Comprehensive Guide to Front‑End and Back‑End Authentication Strategies
Black & White Path
Black & White Path
Jun 26, 2026 · Information Security

Step‑by‑Step Guide to Exploiting JWT Vulnerabilities

This article dissects common JWT weaknesses—including the None algorithm, missing signature verification, algorithm/key confusion, CVE‑2018‑0114 parsing bugs, kid‑parameter injection, and weak‑key brute‑forcing—showing how attackers manipulate tokens and offering concrete code‑level demonstrations.

CVE-2018-0114JWTNone algorithm
0 likes · 10 min read
Step‑by‑Step Guide to Exploiting JWT Vulnerabilities
Programmer XiaoFu
Programmer XiaoFu
Jun 17, 2026 · Information Security

Why JWT Requires Both Access and Refresh Tokens Instead of a Single Token

The article explains the inherent trade‑off of a single JWT’s expiration time, shows how using short‑lived Access Tokens together with long‑lived Refresh Tokens resolves both security and user‑experience issues, and provides detailed backend and frontend implementation guidance.

Access TokenJWTOAuth 2.0
0 likes · 11 min read
Why JWT Requires Both Access and Refresh Tokens Instead of a Single Token
IT Learning Made Simple
IT Learning Made Simple
Jun 15, 2026 · Information Security

Why Security Architects Are the Guardians of the Digital World

The article explains why security incidents are far from rare, defines the security architect role, outlines core responsibilities, design principles, essential tools, and career paths, and emphasizes the importance of security architecture in protecting data and meeting compliance in the digital age.

AuthorizationData ProtectionRisk Management
0 likes · 10 min read
Why Security Architects Are the Guardians of the Digital World
Architect Chen
Architect Chen
Jun 8, 2026 · Information Security

Complete Guide to Single Sign-On: Principles, Architecture, and Flow

This article explains Single Sign-On (SSO) fundamentals, detailing its three core components—CAS Server, CAS Client, and Browser—illustrating the overall architecture and walking through the complete authentication flow from accessing a service to ticket validation.

CASSSOSingle Sign-On
0 likes · 4 min read
Complete Guide to Single Sign-On: Principles, Architecture, and Flow
IoT Full-Stack Technology
IoT Full-Stack Technology
Jun 3, 2026 · Backend Development

Can We Achieve Seamless Account Interoperability Across Multiple Company Systems?

The article examines the challenges of multiple corporate systems requiring separate logins, explains traditional session mechanisms and their limitations in clustered environments, compares session replication versus centralized storage, and presents a complete Java Spring implementation of CAS‑based single sign‑on with code samples and a discussion of differences from OAuth2.

CASJavaRedis
0 likes · 13 min read
Can We Achieve Seamless Account Interoperability Across Multiple Company Systems?
Java Architect Essentials
Java Architect Essentials
May 19, 2026 · Backend Development

Why Storing Tokens in Redis Is the Right Answer in Interviews

The article explains why many interviewers mock the Redis‑based token design, then systematically presents technical and security reasons—controllable logout, multi‑device SSO, high performance, dynamic permissions—and provides concrete implementation details, comparison with pure JWT, and best‑practice responses.

Backend SecurityJWTRedis
0 likes · 6 min read
Why Storing Tokens in Redis Is the Right Answer in Interviews
Coder Trainee
Coder Trainee
May 16, 2026 · Cloud Native

Spring Cloud Gateway: Unified Entry Point for Microservice Calls

This tutorial walks through adding Spring Cloud Gateway as a single entry point for client calls to multiple microservices, covering why a gateway is needed, project structure, dependency and configuration setup, global logging and authentication filters, startup verification, and common pitfalls with solutions.

Global FilterLoad BalancerMicroservices
0 likes · 13 min read
Spring Cloud Gateway: Unified Entry Point for Microservice Calls
Java Tech Enthusiast
Java Tech Enthusiast
May 14, 2026 · Information Security

Why JWT Still Needs Redis Despite Its Stateless Promise

Although JWT is marketed as a stateless, database‑free authentication method, real‑world applications often store token identifiers in Redis to handle logout, password changes, and token renewal, which reintroduces state and a database lookup.

JWTRedisToken blacklist
0 likes · 6 min read
Why JWT Still Needs Redis Despite Its Stateless Promise
James' Growth Diary
James' Growth Diary
May 13, 2026 · Backend Development

How Claude Code Bridges IDEs: Local IPC Meets Remote WebSocket

The article dissects Claude Code's bridge architecture, explaining how a local IDE extension communicates with a CLI via Unix domain sockets while a remote web UI talks to the same process through a WebSocket‑SSE‑polling fallback, and it details the three worker models, three‑layer transport downgrade, four‑layer authentication, the FlushGate pattern, observability design, and the trade‑offs and costs of this 31‑file system.

FlushGateIDE bridgeIPC
0 likes · 17 min read
How Claude Code Bridges IDEs: Local IPC Meets Remote WebSocket
Data STUDIO
Data STUDIO
Apr 28, 2026 · Backend Development

FastAPI in Production: Auth, Rate Limiting, and Zero‑Downtime with One Codebase

This article walks through a complete production‑ready FastAPI setup, covering secure OIDC/JWKS authentication, Redis‑backed token‑bucket rate limiting, zero‑downtime rolling deployments on Docker/Kubernetes, and observability best practices such as request‑ID middleware and structured JSON logging.

DockerFastAPIObservability
0 likes · 20 min read
FastAPI in Production: Auth, Rate Limiting, and Zero‑Downtime with One Codebase
SpringMeng
SpringMeng
Apr 26, 2026 · Backend Development

A 3‑Year‑Proven, Universal Multi‑Account Login Architecture

The article analyzes a company’s three‑year‑old multi‑account unified login system, detailing its original phone‑code design, an optimized password‑optional flow, third‑party OAuth integration, a split user‑basic and user‑auth table schema, and the benefits and trade‑offs of one‑click mobile number authentication.

Database DesignOAuthauthentication
0 likes · 13 min read
A 3‑Year‑Proven, Universal Multi‑Account Login Architecture
macrozheng
macrozheng
Apr 25, 2026 · Backend Development

A 3‑Year‑Proven Universal Multi‑Account Login Architecture

The article details a comprehensive multi‑account unified login design—including phone‑number registration, optional password login, third‑party integrations, a split user‑basic and user‑auth data model, its pros and cons, and a one‑click mobile number authentication flow—offering practical insights from three years of production use.

Database DesignMulti-Accountauthentication
0 likes · 14 min read
A 3‑Year‑Proven Universal Multi‑Account Login Architecture
Top Architect
Top Architect
Apr 22, 2026 · Backend Development

Unify Multi-Channel Login with Spring Boot Factory & Strategy Patterns

Learn how to replace tangled if‑else login code with a clean, extensible architecture using Spring Boot, combining the Factory pattern to instantiate strategy beans and the Strategy pattern to encapsulate each login method (password, WeChat, SMS, etc.), enabling easy addition of new authentication types.

Factory PatternJavaSpring Boot
0 likes · 14 min read
Unify Multi-Channel Login with Spring Boot Factory & Strategy Patterns
Java Tech Workshop
Java Tech Workshop
Apr 22, 2026 · Information Security

Stateless Authentication in SpringBoot with JWT: Complete Implementation Guide

This article explains why traditional session authentication is unsuitable for distributed micro‑service systems, introduces JWT as a stateless alternative, and provides a step‑by‑step SpringBoot implementation—including double‑token handling, Redis blacklist logout, interceptor configuration, and end‑to‑end testing—complete with code snippets and best‑practice recommendations.

JWTRedisToken
0 likes · 30 min read
Stateless Authentication in SpringBoot with JWT: Complete Implementation Guide
Java Captain
Java Captain
Apr 21, 2026 · Backend Development

Why Storing Tokens in Redis Beats Stateless JWT in Real‑World Interviews

The article explains why many interviewers dismiss Redis‑backed token storage as a bad design, then systematically demonstrates how Redis + token offers controllable logout, multi‑device support, high performance, dynamic permission refresh, and scenario‑driven architecture choices, providing concrete response scripts and advanced enhancements for interview success.

Interview TipsJWTRedis
0 likes · 6 min read
Why Storing Tokens in Redis Beats Stateless JWT in Real‑World Interviews
ZhiKe AI
ZhiKe AI
Apr 16, 2026 · Backend Development

Inside the MCP Client: A Deep Technical Walkthrough of Its Architecture

The article dissects the MCP Client used by Claude Code, detailing its layered architecture, type system, connection protocols, caching strategies, tool discovery and conversion, authentication flow, lifecycle management, reconnection logic, and design decisions, illustrating how external tool servers are seamlessly integrated as internal Claude tools.

CachingClaudeMCP
0 likes · 18 min read
Inside the MCP Client: A Deep Technical Walkthrough of Its Architecture
Coder Trainee
Coder Trainee
Apr 16, 2026 · Backend Development

Building a Tech Blog from Scratch (Part 2): Implementing Login Authentication with Spring Security and JWT

This article walks through creating a complete login authentication system—including registration, login, token refresh, and permission control—by replacing Spring Security's default session handling with JWT, configuring backend filters and utilities, and integrating a Vue 3 + Pinia front‑end with automatic token renewal.

JWTSpring BootSpring Security
0 likes · 19 min read
Building a Tech Blog from Scratch (Part 2): Implementing Login Authentication with Spring Security and JWT
AndroidPub
AndroidPub
Apr 13, 2026 · Artificial Intelligence

Why AI Agents Are Abandoning Model Context Protocol for CLI‑First Toolchains

In early 2026 the AI community witnessed a sharp shift away from Model Context Protocol (MCP) toward CLI‑first approaches, driven by token‑cost inflation, fragmented authentication, and loss of composability, with developers favoring the lightweight, text‑based nature of command‑line tools for building robust agent pipelines.

CLIModel Context Protocolauthentication
0 likes · 15 min read
Why AI Agents Are Abandoning Model Context Protocol for CLI‑First Toolchains
dbaplus Community
dbaplus Community
Apr 8, 2026 · Information Security

Why Storing JWT Tokens in Redis Isn’t a Flaw – When and How to Do It

The article analyzes the debate over placing JWT tokens in Redis, compares traditional session and JWT approaches, discusses security and performance trade‑offs, shows practical blacklist code, and explains when a centralized store is justified versus when true stateless JWTs are preferable.

JWTRedisToken Management
0 likes · 13 min read
Why Storing JWT Tokens in Redis Isn’t a Flaw – When and How to Do It
Java Companion
Java Companion
Apr 3, 2026 · Cloud Native

Why Every Microservice Architecture Needs an API Gateway

The article explains that without a gateway each microservice must duplicate authentication, rate‑limiting, logging and other cross‑cutting concerns, leading to maintenance overhead and security risks, and shows how a gateway centralises these functions while providing routing, load‑balancing, circuit‑breaking and observability, backed by real‑world code examples and a comparative analysis of popular gateway solutions.

API GatewayLoggingMicroservices
0 likes · 19 min read
Why Every Microservice Architecture Needs an API Gateway
Java Architect Handbook
Java Architect Handbook
Mar 16, 2026 · Backend Development

Cookie vs Session vs Token: Master Java Authentication for Interviews

This guide outlines interview focus points, core definitions, and deep analysis of Cookie, Session, and Token (JWT), compares their storage, security, scalability, and cross‑origin support, and provides high‑frequency follow‑up questions, common variants, memory mnemonics, and selection principles for Java authentication.

CookieJWTJava
0 likes · 15 min read
Cookie vs Session vs Token: Master Java Authentication for Interviews
Java Tech Enthusiast
Java Tech Enthusiast
Mar 6, 2026 · Backend Development

Simplify Spring Boot Authentication with Sa-Token: A Complete Guide

This article introduces Sa-Token, a lightweight Java authentication framework, explains why it outperforms Spring Security, shows how to configure it in Spring Boot, and provides multiple code examples—including login, logout, role and permission checks, global interceptors, front‑end token handling, and Redis storage.

AuthorizationSa-TokenSpring Boot
0 likes · 7 min read
Simplify Spring Boot Authentication with Sa-Token: A Complete Guide
Senior Tony
Senior Tony
Feb 26, 2026 · Information Security

Why Most Projects Choose Token + Redis Over Stateless JWT

Although JWT is marketed as a decentralized, stateless solution, the majority of real‑world applications still rely on a Token + Redis approach because it simplifies logout handling, avoids Redis outages, and aligns better with practical security requirements.

JWTRedisToken
0 likes · 7 min read
Why Most Projects Choose Token + Redis Over Stateless JWT
Mike Chen's Internet Architecture
Mike Chen's Internet Architecture
Feb 11, 2026 · Information Security

Mastering Single Sign-On: Cookie, Token, and CAS Approaches Explained

This article explains three core Single Sign-On architectures—same‑domain cookie/session, distributed token‑based (JWT/OAuth2), and Central Authentication Service—detailing their workflows, advantages, drawbacks, and ideal use cases, helping architects choose the right SSO solution for web, mobile, and micro‑service environments.

CASSSOToken
0 likes · 5 min read
Mastering Single Sign-On: Cookie, Token, and CAS Approaches Explained
php Courses
php Courses
Jan 22, 2026 · Backend Development

Secure Your PHP Apps: Mastering password_hash for Safe Password Storage

This guide explains why password hashing is essential in modern web applications, introduces PHP's password_hash function, demonstrates its usage with clear code examples, and highlights automatic salting and verification with password_verify to protect user credentials.

Hashingauthenticationpassword_hash
0 likes · 4 min read
Secure Your PHP Apps: Mastering password_hash for Safe Password Storage
LuTiao Programming
LuTiao Programming
Jan 21, 2026 · Information Security

Stop Hand‑Coding Login Checks: One Spring Boot 4.0 Annotation Enables Full MFA

The article explains why relying solely on username‑password authentication is risky, introduces multi‑factor authentication (MFA) as the only effective solution, and shows how Spring Boot 4.0’s @EnableMultiFactorAuthentication annotation together with Spring Security 7 lets developers implement MFA with just an annotation, automatic factor tracking, smart redirects, and minimal configuration.

MFASpring BootSpring Security
0 likes · 11 min read
Stop Hand‑Coding Login Checks: One Spring Boot 4.0 Annotation Enables Full MFA
Open Source Tech Hub
Open Source Tech Hub
Jan 21, 2026 · Information Security

JWT Explained: When to Use Stateless Tokens and What to Watch Out For

JSON Web Tokens (JWT) provide a compact, signed, self-contained way to authenticate API requests without server-side session storage, offering scalability and speed, while introducing trade-offs such as revocation challenges, token size, and exposure of unencrypted payloads, making them ideal for distributed systems but unsuitable for scenarios requiring immediate logout or sensitive data.

API SecurityJWTauthentication
0 likes · 10 min read
JWT Explained: When to Use Stateless Tokens and What to Watch Out For
360 Smart Cloud
360 Smart Cloud
Jan 20, 2026 · Information Security

How to Secure APIs: Core Risks and Multi‑Layer Defense Strategies

This article outlines the four primary API security risks—malicious calls, data tampering, sensitive data leakage, and XSS propagation—and presents a comprehensive, multi‑layered protection framework spanning frontend safeguards, firewalls, gateways, and fine‑grained API design guidelines within APICloud.

API SecurityEncryptionauthentication
0 likes · 12 min read
How to Secure APIs: Core Risks and Multi‑Layer Defense Strategies
Architect's Guide
Architect's Guide
Jan 11, 2026 · Information Security

10 Common Authentication Techniques Explained: From Basic Auth to OAuth and QR‑Login

This article systematically introduces ten widely used authentication methods—including HTTP Basic Auth, Session‑Cookie, Token, JWT, Single Sign‑On, OAuth 2.0, federated login, unique‑device login, QR‑code login, and one‑click mobile login—explaining their principles, workflows, advantages, drawbacks, and typical implementation libraries.

JWTOAuthSSO
0 likes · 45 min read
10 Common Authentication Techniques Explained: From Basic Auth to OAuth and QR‑Login
LuTiao Programming
LuTiao Programming
Jan 9, 2026 · Backend Development

Tame Messy Login Logic: 3‑Step Spring Boot Factory & Strategy Pattern for Multi‑Channel Auth

The article shows how tangled if‑else login code caused by adding password, SMS, WeChat, and Alipay authentication can be refactored using the Strategy and Factory patterns in Spring Boot, resulting in a clean, extensible, plug‑in‑style login module that requires no changes to existing code when new methods are added.

Factory PatternJavaSpring Boot
0 likes · 10 min read
Tame Messy Login Logic: 3‑Step Spring Boot Factory & Strategy Pattern for Multi‑Channel Auth
Architect Chen
Architect Chen
Jan 8, 2026 · Information Security

How Single Sign-On (SSO) Simplifies Access Across Multiple Apps

Single Sign-On (SSO) lets users authenticate once and automatically gain access to all trusted applications, eliminating repeated logins and streamlining user experience across heterogeneous systems such as e‑commerce, payment, and collaboration platforms.

Access ControlCASSSO
0 likes · 5 min read
How Single Sign-On (SSO) Simplifies Access Across Multiple Apps
Senior Tony
Senior Tony
Jan 7, 2026 · Information Security

How to Implement Seamless Token Auto‑Renewal: Frontend Refresh, Sliding Window, and Double‑Token Strategies

Token expiration can be handled with three main strategies—frontend‑driven periodic refresh, backend sliding‑window renewal, and the industry‑standard double‑token (access + refresh) scheme—each balancing implementation simplicity, user experience, and security, with the double‑token approach offering the most robust solution.

Access TokenBackend DevelopmentToken
0 likes · 7 min read
How to Implement Seamless Token Auto‑Renewal: Frontend Refresh, Sliding Window, and Double‑Token Strategies
Woodpecker Software Testing
Woodpecker Software Testing
Jan 5, 2026 · Information Security

Deep Dive into the Five Core Security Attributes for Robust Testing

This article analyses the five fundamental security attributes—confidentiality, integrity, non‑repudiation, auditability and authenticity—detailing their definitions, testing goals, key techniques, a comprehensive banking transfer case study, discovered vulnerabilities, remediation measures, metrics and best‑practice recommendations for continuous security testing.

auditabilityauthenticationconfidentiality
0 likes · 16 min read
Deep Dive into the Five Core Security Attributes for Robust Testing
JavaScript
JavaScript
Jan 1, 2026 · Information Security

Why Storing JWT in localStorage Is No Longer Safe and What to Use Instead

Storing JWT tokens in localStorage has become a serious security risk because XSS attacks can steal them, so developers should adopt safer alternatives such as HttpOnly cookies, BFF‑backed sessions, or Service Worker‑based in‑memory storage, each with its own trade‑offs.

BFFCSRFJWT
0 likes · 10 min read
Why Storing JWT in localStorage Is No Longer Safe and What to Use Instead
Tech Freedom Circle
Tech Freedom Circle
Dec 31, 2025 · Information Security

Unified SSO via Gateway: Multi‑App Auth & Authz and JWT vs Auth vs Authz

This article walks through a complete design and implementation of a unified single sign‑on system using OAuth2.0 authorization‑code flow, Spring Cloud Gateway, JWT, Redis, and Nacos, comparing JWT, authentication, and authorization while presenting performance metrics, security considerations, and interview‑ready answers.

AuthorizationJWTMicroservices
0 likes · 59 min read
Unified SSO via Gateway: Multi‑App Auth & Authz and JWT vs Auth vs Authz
Lobster Programming
Lobster Programming
Dec 23, 2025 · Information Security

Understanding the Difference Between SSO and OAuth2.0: Authentication vs Authorization

SSO (Single Sign‑On) and OAuth2.0 are both widely used identity frameworks; SSO handles user authentication across multiple applications with a single login, while OAuth2.0 is an authorization protocol that lets users grant third‑party apps limited access to resources without sharing passwords.

AuthorizationIdentity ManagementOAuth2.0
0 likes · 6 min read
Understanding the Difference Between SSO and OAuth2.0: Authentication vs Authorization
Java Companion
Java Companion
Dec 21, 2025 · Backend Development

Eliminate Messy Login Logic: Unified Multi‑Channel Authentication with Spring Boot Factory & Strategy Patterns

This article demonstrates how to replace tangled if‑else login code with a clean Spring Boot solution that combines the Factory and Strategy patterns, enabling easy addition of multiple authentication methods such as password, WeChat, SMS, and future providers while improving extensibility, readability, and testability.

Factory PatternJavaSpring Boot
0 likes · 12 min read
Eliminate Messy Login Logic: Unified Multi‑Channel Authentication with Spring Boot Factory & Strategy Patterns
Code Wrench
Code Wrench
Dec 20, 2025 · Backend Development

How to Build a High‑Performance Stateless OAuth2 Auth Server in Go

This article walks through a production‑grade OAuth2 authentication center built with Go and Gin, covering a three‑layer architecture, stateless JWT handling, key‑rotation, short‑hash token revocation, high‑availability design, and practical open‑source references.

GoJWTMicroservices
0 likes · 11 min read
How to Build a High‑Performance Stateless OAuth2 Auth Server in Go
php Courses
php Courses
Dec 13, 2025 · Backend Development

How to Build PHP SOAP Web Services: Step‑by‑Step Guide with Code

This guide explains how to use PHP’s built‑in SOAP extension to create a SOAP client, call web‑service methods with simple or complex parameters, handle responses and exceptions, and add authentication headers, providing complete code examples for each step.

Backend DevelopmentPHPSOAP
0 likes · 6 min read
How to Build PHP SOAP Web Services: Step‑by‑Step Guide with Code
Ray's Galactic Tech
Ray's Galactic Tech
Dec 9, 2025 · Information Security

Master Elasticsearch Security: Complete Network, Auth, TLS & Hardening Guide

This comprehensive guide walks you through securing Elasticsearch by isolating the network, enabling authentication and role‑based access, encrypting traffic with TLS, upgrading legacy versions, configuring audit logging, setting up reverse‑proxy protection, and applying enterprise‑grade best practices to prevent data leaks.

ElasticsearchMonitoringauthentication
0 likes · 10 min read
Master Elasticsearch Security: Complete Network, Auth, TLS & Hardening Guide
Top Architect
Top Architect
Dec 7, 2025 · Backend Development

How QR‑Code Login Works: From Token Generation to Authentication

This article explains the technical principles behind QR‑code login, covering QR‑code basics, token‑based authentication, the complete client‑server workflow, state transitions, and implementation details such as token structures and polling mechanisms.

Mobile AppTokenauthentication
0 likes · 13 min read
How QR‑Code Login Works: From Token Generation to Authentication
Xiao Liu Lab
Xiao Liu Lab
Nov 24, 2025 · Information Security

Why MySQL Returns ‘Plugin Not Loaded’ for One Missing User but ‘Access Denied’ for Another

When logging into a new MySQL 8.4 instance with a non‑existent user, one login attempt yields a "Plugin 'mysql_native_password' is not loaded" error while another returns the usual "Access denied", a difference caused by MySQL's hidden decoy‑user mechanism that randomizes authentication plugins for nonexistent accounts.

Pluginauthenticationdatabase
0 likes · 7 min read
Why MySQL Returns ‘Plugin Not Loaded’ for One Missing User but ‘Access Denied’ for Another
Ray's Galactic Tech
Ray's Galactic Tech
Nov 19, 2025 · Information Security

Mastering Modern Login Mechanisms: Cookies, Sessions, JWT, OAuth2 & SSO

This comprehensive guide explains why authentication is needed for stateless HTTP, walks through the workflows, advantages, and drawbacks of Cookies, Sessions, Tokens, JWTs, Refresh Tokens, blacklist strategies, and OAuth2/OAuth2.1, and provides practical security best‑practice recommendations for web, mobile, and micro‑service architectures.

JWTSessionWeb Development
0 likes · 12 min read
Mastering Modern Login Mechanisms: Cookies, Sessions, JWT, OAuth2 & SSO
Top Architect
Top Architect
Nov 11, 2025 · Information Security

Mastering Authentication & Authorization: Cookies, Sessions, Tokens, and JWT Explained

This comprehensive guide explores the fundamentals of authentication and authorization, detailing how credentials, cookies, and sessions work together, and compares traditional session-based approaches with modern token-based solutions such as JWT, covering their mechanisms, advantages, drawbacks, and best practices for secure, scalable web applications.

AuthorizationJWTSession
0 likes · 38 min read
Mastering Authentication & Authorization: Cookies, Sessions, Tokens, and JWT Explained
Architect
Architect
Nov 10, 2025 · Backend Development

How to Build Secure, Idempotent APIs: Keys, Tokens, and Anti‑Replay Strategies

This article explains how to design secure and reliable APIs for third‑party integration by covering API key generation, AK/SK authentication, callback URLs, permission models, token mechanisms, signature creation, replay‑attack prevention, HTTPS encryption, rate limiting, logging, data masking, idempotency, versioning, standardized response formats and documentation tools.

API designauthenticationidempotency
0 likes · 28 min read
How to Build Secure, Idempotent APIs: Keys, Tokens, and Anti‑Replay Strategies
Su San Talks Tech
Su San Talks Tech
Nov 7, 2025 · Backend Development

Designing a Scalable Multi-Account Login System: From Phone Verification to One-Click Auth

This article outlines a comprehensive approach to building a flexible login architecture, covering self‑built phone‑based authentication, third‑party account integration, optimized account schemas, and one‑click mobile number verification, with detailed flow diagrams and database designs for backend developers.

account designauthenticationlogin
0 likes · 14 min read
Designing a Scalable Multi-Account Login System: From Phone Verification to One-Click Auth
Top Architect
Top Architect
Nov 1, 2025 · Information Security

Mastering CAS SSO: Step‑by‑Step Guide to Build Single Sign‑On with Java

This article explains the concepts of Single Sign‑On (SSO) and the Central Authentication Service (CAS), then provides a detailed, code‑rich tutorial for setting up a CAS server, configuring clients, disabling HTTPS for development, and testing the end‑to‑end SSO workflow using Java and Spring.

CASJavaSSO
0 likes · 10 min read
Mastering CAS SSO: Step‑by‑Step Guide to Build Single Sign‑On with Java
Top Architect
Top Architect
Oct 30, 2025 · Information Security

Understanding SSL VPN: Architecture, Features, and Deployment Scenarios

This article explains SSL VPN technology, its advantages over IPSec, core components such as virtual gateways, web proxies, file sharing, port forwarding, network expansion, terminal security, logging, and authentication methods, and provides practical configuration steps and deployment scenarios for secure remote access.

SSL VPNVirtual Gatewayauthentication
0 likes · 12 min read
Understanding SSL VPN: Architecture, Features, and Deployment Scenarios
Selected Java Interview Questions
Selected Java Interview Questions
Oct 24, 2025 · Backend Development

How to Secure a Spring Boot Application with Spring Security and JWT

This step‑by‑step guide shows how to integrate Spring Security into a Spring Boot project, configure Maven dependencies, define User, Role and Permission entities, set up MyBatis mappers, implement JWT generation and validation, and build the service, controller, and configuration layers for a complete authentication system.

AuthorizationBackend DevelopmentJWT
0 likes · 28 min read
How to Secure a Spring Boot Application with Spring Security and JWT
Raymond Ops
Raymond Ops
Oct 20, 2025 · Information Security

Mastering Kubernetes Security: Authentication, Authorization, and Admission Control Explained

This article provides a comprehensive guide to Kubernetes security mechanisms, covering the three core layers of authentication, authorization, and admission control, various authentication methods, RBAC policies, service accounts, certificates, kubeconfig setup, and practical examples for managing access within a cluster.

AdmissionControlAuthorizationRBAC
0 likes · 26 min read
Mastering Kubernetes Security: Authentication, Authorization, and Admission Control Explained
DeWu Technology
DeWu Technology
Oct 20, 2025 · Backend Development

How Apex Turns AI into a Seamless VSCode Plugin: Architecture, Auth, and Automation Explained

This article details the technical design of the Apex VSCode plugin, covering its background, overall architecture, activation flow, SSO authentication, rule‑knowledge‑base engineering, remote Webview integration, version orchestration, project service handling, logging, and future enhancements for AI‑driven development efficiency.

VSCodeauthenticationplugin architecture
0 likes · 12 min read
How Apex Turns AI into a Seamless VSCode Plugin: Architecture, Auth, and Automation Explained
IT Architects Alliance
IT Architects Alliance
Oct 4, 2025 · Information Security

How Zero Trust and Service Mesh Secure Modern Microservices

This article examines the rising security risks in microservice architectures, explains why traditional perimeter defenses fall short, and presents a comprehensive zero‑trust strategy that combines service‑mesh mTLS, API‑gateway hardening, token‑exchange authentication, OPA policies, data‑level encryption, observability, and container‑level safeguards.

MicroservicesService Meshauthentication
0 likes · 11 min read
How Zero Trust and Service Mesh Secure Modern Microservices
Architect
Architect
Oct 1, 2025 · Information Security

How to Secure Third‑Party APIs with AK/SK, Signatures, Tokens and Anti‑Replay Measures

This article presents a comprehensive guide to designing secure third‑party APIs, covering the generation and management of Access Key/Secret Key pairs, signature creation, timestamp and nonce anti‑replay techniques, token handling, request throttling, IP whitelisting, idempotency, versioning, response standards, and practical code examples in Java and SQL.

AK/SKAPI SecurityToken
0 likes · 32 min read
How to Secure Third‑Party APIs with AK/SK, Signatures, Tokens and Anti‑Replay Measures
macrozheng
macrozheng
Sep 23, 2025 · Information Security

Mastering Token Renewal: 5 Proven Strategies to Boost Security and Performance

This article examines common token‑renewal pitfalls and presents five practical solutions—including single‑token, blacklist, double‑token with triple validation, automatic renewal, and distributed‑environment techniques—while offering best‑practice guidelines to enhance security, user experience, and system scalability.

JavaToken Renewalauthentication
0 likes · 9 min read
Mastering Token Renewal: 5 Proven Strategies to Boost Security and Performance
IT Services Circle
IT Services Circle
Sep 22, 2025 · Information Security

JWT vs Token+Redis: Which Authentication Strategy Wins for Your Apps?

This article provides a comprehensive comparison of JWT and Token‑Redis authentication schemes, covering their underlying principles, Java implementations, advantages and disadvantages, performance and security trade‑offs, suitable use‑cases, and practical guidance for choosing the optimal solution in modern web and mobile applications.

JWTJavaRedis
0 likes · 15 min read
JWT vs Token+Redis: Which Authentication Strategy Wins for Your Apps?
Su San Talks Tech
Su San Talks Tech
Sep 19, 2025 · Information Security

JWT vs Token+Redis: Which Authentication Strategy Wins for Your Backend?

This article thoroughly compares JWT and Token‑plus‑Redis authentication approaches, detailing their underlying principles, Java implementations, performance, security trade‑offs, and ideal use‑cases, and even proposes a hybrid solution that combines the strengths of both methods for modern applications.

JWTTokenauthentication
0 likes · 16 min read
JWT vs Token+Redis: Which Authentication Strategy Wins for Your Backend?
Programmer XiaoFu
Programmer XiaoFu
Sep 15, 2025 · Information Security

SSO vs OAuth2.0: Key Differences Explained for Interviews

This article compares Single Sign‑On (SSO) and OAuth2.0, detailing their conceptual distinctions, token‑based workflows, implementation frameworks like CAS, the four OAuth2.0 grant types, and how each can be used to achieve seamless authentication across applications.

AuthorizationCASJWT
0 likes · 8 min read
SSO vs OAuth2.0: Key Differences Explained for Interviews
Lobster Programming
Lobster Programming
Sep 13, 2025 · Information Security

Mobile SMS Verification Login: How It Works and How to Secure It

This article explains the workflow of mobile SMS verification login, outlines its main security risks such as code leakage, SMS bombing, and replay attacks, and provides practical mitigation strategies for developers and platform operators to protect user accounts.

SMS verificationauthenticationinformation security
0 likes · 6 min read
Mobile SMS Verification Login: How It Works and How to Secure It
Selected Java Interview Questions
Selected Java Interview Questions
Aug 25, 2025 · Information Security

Why 90% of Token Bugs Come from Renewal Mistakes – 5 Proven Solutions

Token renewal is a critical yet often misunderstood component of authentication, balancing security, user experience, and performance; this article examines common pitfalls, compares five practical strategies—including single‑token, double‑token, automatic renewal, and distributed solutions—and offers concrete best‑practice guidelines to avoid security holes and concurrency storms.

Token Renewalauthenticationbackend
0 likes · 10 min read
Why 90% of Token Bugs Come from Renewal Mistakes – 5 Proven Solutions
Java Captain
Java Captain
Aug 20, 2025 · Information Security

Build a Secure Spring Boot App in Minutes with Spring Security

This tutorial walks you through adding Spring Security to a Spring Boot project, from adding the starter dependency and creating a simple controller to observing the default login page, understanding the auto‑generated password mechanism, and customizing usernames and passwords for production use.

AuthorizationJavaSpring Boot
0 likes · 9 min read
Build a Secure Spring Boot App in Minutes with Spring Security
Su San Talks Tech
Su San Talks Tech
Aug 18, 2025 · Information Security

Mastering Token Renewal: 5 Strategies to Boost Security and Performance

This article explores the fundamentals of token renewal, analyzes common pitfalls, and presents five practical schemes—including single‑token, blacklist, double‑token, automatic renewal, and distributed‑environment solutions—while offering a comparison matrix, selection guidance, and best‑practice recommendations for secure, high‑performance authentication systems.

JavaToken Renewalauthentication
0 likes · 10 min read
Mastering Token Renewal: 5 Strategies to Boost Security and Performance
Aikesheng Open Source Community
Aikesheng Open Source Community
Aug 7, 2025 · Databases

Unlock MySQL REST Service: Step‑by‑Step Installation and API Guide

This tutorial walks you through installing MySQL REST Service on Oracle Linux, configuring the metadata schema, using MySQL Shell in VS Code, loading the component, managing variables, handling X‑protocol settings, creating services, and authenticating via MRS, MySQL Internal, cookie or JWT, with full command‑line examples and code snippets.

MySQL ShellREST ServiceSQL
0 likes · 17 min read
Unlock MySQL REST Service: Step‑by‑Step Installation and API Guide
Code Mala Tang
Code Mala Tang
Jul 24, 2025 · Information Security

Boost FastAPI Security: OAuth2, JWT, RBAC, Refresh Tokens & MFA

This guide explains how to secure FastAPI applications using OAuth2 with JWT, role‑based access control, refresh‑token workflows, multi‑factor authentication, and integration with external providers such as Auth0, Keycloak, and Firebase.

FastAPIJWTMFA
0 likes · 9 min read
Boost FastAPI Security: OAuth2, JWT, RBAC, Refresh Tokens & MFA
Architect
Architect
Jul 17, 2025 · Backend Development

Why Token Passing Is a Bad Idea and Better Alternatives for Microservice Calls

This article critiques the common practice of token passthrough for microservice authentication, explains why it hampers design and code reuse, and compares several internal call strategies—including Feign, Dubbo, Spring Boot Web with Dubbo, and K8s‑integrated approaches—highlighting their pros, cons, and best‑practice recommendations.

Feignauthenticationgateway
0 likes · 10 min read
Why Token Passing Is a Bad Idea and Better Alternatives for Microservice Calls