This article explains how JWT provides stateless authentication while Session adds an extra security layer and lifecycle management, and demonstrates their combined use with Java code to achieve both scalability and fine‑grained control over user sessions.
This guide walks through capturing a third‑party QR‑code login flow with Charles, converting the captured requests to cURL, analyzing them in Apifox, and reproducing the entire process to embed external platform authentication into a custom web and mobile application.
This beginner-friendly guide explains core authentication mechanisms, the OAuth2.0 flow, token types, the role of refresh tokens, JWT pitfalls, and RBAC design, providing a solid foundation for secure backend development.
This article explains Kubernetes' comprehensive security architecture, detailing the three critical gates—authentication, authorization, and admission control—along with token, basic, and certificate methods, RBAC policies, service accounts, kubeconfig setup, and practical examples for managing user permissions within clusters.
A newly disclosed critical vulnerability in Windows Remote Desktop Protocol (RDP) lets attackers bypass cloud authentication and maintain permanent access using revoked Microsoft or Azure account passwords, even after password changes, while Microsoft treats the issue as a design decision rather than a bug.
This article explains the design of an AI gateway that centralizes LLM access, detailing its background, overall architecture, authentication, quota management, multi‑model routing, load‑balancing strategies, multi‑tenant isolation, observability features, and the supported API protocols for enterprise integration.
This article explains the fundamentals of JSON Web Tokens (JWT), compares token‑based authentication with traditional session authentication, outlines common security threats such as theft, replay and forgery, and provides practical mitigation measures including HTTPS, token encryption, secure storage, expiration policies, two‑factor authentication and safe token refresh mechanisms.
The article explains how the @Authenticated annotation in SpringBoot can replace repetitive manual authentication code, offering automatic request validation, role‑based checks, and streamlined error handling, with practical examples and a clear list of benefits for developers.
This guide explains how FastAPI middleware works, outlines its request‑response lifecycle, shows built‑in examples like CORS and HTTPS redirect, and demonstrates how to create custom middleware for logging, authentication, and other cross‑cutting concerns.
This article explains how Istio secures micro‑service architectures by providing strong identity, fine‑grained access policies, transparent TLS encryption, and comprehensive AAA (authentication, authorization, audit) mechanisms, covering high‑level architecture, certificate management, peer and request authentication, and authorization policy design.
This article explains the fundamentals of JSON Web Tokens (JWT), compares token‑based authentication with traditional session authentication, outlines common token security threats such as theft, replay, and forgery, and presents practical mitigation measures including HTTPS, encryption, secure storage, short expiration, MFA, and safe token refresh mechanisms.
This article presents a comprehensive design for securing third‑party APIs by using Access Key/Secret Key pairs, timestamp and nonce validation, signature generation, token handling, HTTPS, rate limiting, logging, idempotency, versioning, standardized response formats and practical Java code examples to prevent tampering and replay attacks.
This tutorial explains how to use PHP's LDAP functions to connect to an LDAP server, bind a user, and authenticate credentials, providing complete example code for each step to enable secure authentication in web applications.
An in‑depth guide explains the Model Context Protocol (MCP) as the AI era’s operating‑system interface, outlines ecosystem pain points, and shows how Alibaba Cloud Function Compute’s serverless platform provides optimal hosting, authentication, variable management, CI/CD, and fast‑mode options for deploying MCP services.
This article explains how to use PHP's LDAP functions to connect to an LDAP server, bind an account, and authenticate users, providing clear code examples for each step in a typical web application authentication workflow.
This article explains how to protect MySQL connections by using SSL/TLS, various password authentication plugins, digital signatures, and client/server certificate verification to prevent impersonation, password leakage, and data tampering.
This article narrates a dramatic front‑end takeover during a high‑traffic promotion, then provides a step‑by‑step guide to building a Node.js backend service with Express, MongoDB, JWT authentication, and deployment considerations, illustrating performance trade‑offs between Java and Node.js.
This article explains the technical selection between JWT and session for authentication, compares their differences, advantages, and disadvantages, and provides a complete Java implementation—including token generation, Redis storage, login/logout, password update, and request interception—demonstrating why JWT was chosen for a distributed backend system.
This article compares JWT and session-based authentication, detailing their differences, certification processes, advantages, disadvantages, security considerations, performance impacts, token renewal, and revocation strategies, and provides a complete Java implementation using Spring, Redis, and custom utility classes.
This article explains Kubernetes cluster security mechanisms, covering authentication methods, authorization strategies including RBAC, admission‑control plugins, service accounts, kubeconfig, and resource‑quota configurations to protect the API server and control access to cluster resources.
This article presents a comprehensive design scheme for third‑party APIs, covering permission segmentation, AK/SK generation, signature workflow and rules, secure API endpoint design, anti‑replay mechanisms, token handling, TLS encryption, database schema, and implementation examples in Java.
This article explains the fundamentals of OAuth2.0, outlines its roles and grant types, and provides a step‑by‑step Spring Boot implementation—including authorization server, security configuration, resource server, and a test controller—followed by detailed testing procedures and results.
This article explains the fundamentals of QR code login, detailing how QR codes convey unique IDs, the token‑based authentication process, the steps from QR generation to device verification, and the security considerations involved in implementing scan‑to‑login across web and mobile platforms.
This guide details a secure third‑party API design, covering API key generation, request signing with timestamps and nonces, permission division, CRUD endpoint definitions, unified response structures, and best‑practice security measures such as HTTPS, IP whitelisting, rate limiting, logging, and idempotency handling.
This article demonstrates practical implementations of session-based and token-based authentication, including JWT and a dual-token (access and refresh) mechanism, using Python's requests library, and explains how to obtain, use, and refresh tokens for protected API endpoints in automated testing.
This guide explains the FTP protocol, active and passive modes, authentication options, and step‑by‑step Linux vsftpd configuration—including local, anonymous, and virtual user setups, permission tweaks, chroot jail rules, and file download/upload commands.
This article introduces OAuth 2.0 fundamentals, explains its roles and four grant types, and provides a step‑by‑step Spring Boot implementation with configuration classes, code snippets, and testing procedures, while also containing promotional material for AI‑related products and services.
This article explains the concept of Single Sign-On, its advantages, and two practical implementations using ticket‑based authentication and encrypted user data exchange between Service A and Service B, complete with database schema, configuration files, and full Java code examples.
This article explains how to use PHP's LDAP functions to connect to an LDAP server, bind with credentials, and authenticate users, providing step‑by‑step code examples for each stage of the process.
This article explains how to correctly use PHP's session_start function, demonstrates basic usage, shows how to control session lifetime with session_set_cookie_params, and illustrates session destruction with session_destroy, providing code examples for each step.
This guide presents comprehensive Laravel API development best practices for 2025, covering authentication with Sanctum and Passport, resource formatting, versioning, rate limiting, error handling, caching, and logging, offering code examples and practical advice to build secure, scalable, high‑performance APIs.
Spring Security 6.4 introduces One-Time Token Login, allowing users to authenticate via a magic link sent by email instead of passwords; the article explains its core concepts, token lifecycle, essential components, and provides step‑by‑step code examples for configuring and implementing this secure, user‑friendly authentication method.
The article explains how to enforce single‑device login in web apps by contrasting token‑version control—incrementing a version field in the database and embedding it in JWTs to invalidate older tokens—with a WebSocket‑based method that pushes real‑time logout messages, comparing their trade‑offs and suggesting a hybrid solution.
This article introduces the lightweight Sa-Token Java authentication framework, explains why it is chosen over Spring Security and Shiro, details its login and permission APIs with code examples, shows how to configure it in Spring Boot and WebFlux projects, and lists its extensive feature set for secure backend development.
This article introduces OAuth 2.0 concepts, explains its roles and grant types, and provides a complete Spring Boot implementation—including configuration classes, dependency setup, and test endpoints—followed by step‑by‑step testing results with screenshots.
This article presents a comprehensive design for securing third‑party API calls by generating unique Access Key/Secret Key pairs, defining permission granularity, implementing signature generation with timestamps and nonces, handling token lifecycle, and providing concrete Java and SQL code examples for practical deployment.
This article demonstrates how to integrate Spring Cloud Gateway with OAuth2.0 to build a unified authentication and authorization solution for microservices, covering architecture design, service setup, JWT token handling, custom authentication and authorization managers, exception handling, and end‑to‑end testing.
The article shows how to keep Flutter UI code clean by moving authentication logic into an AsyncNotifier controller that interacts with an AuthRepository, letting the SignInScreen watch AsyncValue states for loading, success, and errors, thus improving testability and maintainability.
This article explains how to create various parameter‑less decorators in Python, providing clear examples for logging, performance measurement, authentication checks, result caching, and log‑level control, along with complete code snippets and explanations of their behavior.
This article explains what JSON Web Tokens are, outlines their typical usage flow, and critically examines their drawbacks such as size overhead, redundant signatures, revocation challenges, stale data, lack of encryption, and broader security concerns.
This article introduces three top‑tier authentication solutions—Clerk, Supabase Auth, and Better Auth—detailing their key features, supported strategies, customization options, and integration benefits, helping developers decide which framework best fits their user management and security needs.
This article explains the design and implementation of a dual‑token authentication system—short‑lived AccessToken and long‑lived RefreshToken—for WeChat Mini‑Programs, covering token generation, login flow, client‑side handling of 401/403 errors, and best‑practice testing strategies.
This guide reveals nine frequent security mistakes in Node.js applications—from misconfigured CORS and vulnerable dependencies to weak authentication and missing HTTPS—offering concrete code‑level solutions and best‑practice recommendations to protect your backend.
This article explains how QR code login works by describing QR code fundamentals, token‑based authentication, and the step‑by‑step process—including QR generation, scanning, state transitions, and final confirmation—that enables a mobile device to securely authenticate a PC session.
This article explains the limitations of traditional HTTP session handling, explores session sharing strategies for clustered environments, and demonstrates how to build a single sign‑on solution using CAS and OAuth2 concepts with complete Java code examples for filters, controllers, and login pages.
This article explains the concepts, importance, various forms, and practical implementation details of MFA and 2FA—including the Google Authenticator TOTP mechanism—while also discussing their limitations, costs, and future directions in modern identity security.
This article presents a comprehensive design for securing third‑party APIs, covering permission segmentation, AK/SK generation, signature workflow and rules, anti‑replay mechanisms, token handling, detailed API endpoint specifications, and best‑practice security measures with illustrative Java code examples.
This article demonstrates how to move authentication from the gateway to downstream microservices in a Spring Cloud Alibaba setup by disabling the gateway’s ReactiveAuthorizationManager, defining three custom security annotations, creating an AOP aspect to enforce them, and showing practical usage examples with role‑based access control and Feign calls.
This article explains the complementary roles of JWT and server‑side Session in user authentication and authorization, outlines why Session is needed for added security and lifecycle management, and provides Java code examples demonstrating their integrated usage.
This article explains the pain points of multiple logins in enterprises, introduces Single Sign‑On concepts and protocols, outlines its benefits, and provides a step‑by‑step guide to deploy an open‑source Golang‑Vue SSO solution using Docker Compose.
This article provides a comprehensive overview of Single Sign-On (SSO), explaining its core concepts, authentication flow, token generation and validation, and practical use cases across enterprises, education, finance, and e‑commerce, while also offering insights into security benefits and implementation details.
This article explains the fundamentals, architecture, workflow, and practical scenarios of Single Sign-On (SSO), illustrating how a centralized authentication server enables users to log in once and seamlessly access multiple trusted applications, while also offering resources for deeper study.
This article outlines essential Laravel security practices, including built‑in authentication, CSRF protection, input validation, HTTPS enforcement, secure session handling, regular dependency updates, and rate limiting, providing developers with concrete steps to protect web applications from common attacks.
This article explains the fundamental differences between HTTP and HTTPS, covering security vulnerabilities, authentication mechanisms, encryption methods, default ports, and performance impacts, helping developers understand why HTTPS is essential for protecting sensitive data on the web.
JSON Web Token (JWT) is a compact, self‑contained, stateless token that encodes header, payload, and signature in Base64URL, enabling secure, signature‑verified authentication without server‑side session storage, simplifying scaling, supporting cross‑domain use, while offering advantages like lightweight extensibility and drawbacks such as revocation difficulty and secret‑key reliance.
This article explains Apache Shiro’s fundamental components—Subject, SecurityManager, Realm, Session, authentication, authorization, and cryptography—then walks through a complete configuration example, a custom Realm, JWT integration, and a Spring Boot microservice scenario to illustrate secure, stateless authentication and fine‑grained permission control.
This article explains the structure of JSON Web Tokens, enumerates common attack vectors such as algorithm confusion, weak keys, replay, header injection, and provides practical mitigation steps and a step‑by‑step testing methodology with relevant tools and code examples.
This article explains what password salting is, why it is essential for protecting stored passwords against rainbow‑table and brute‑force attacks, outlines step‑by‑step how to generate, apply, and verify salted hashes, and lists additional best practices for enhancing overall credential security.
This guide explains the challenges of multiple logins in enterprises, introduces Single Sign‑On concepts and protocols, and provides a step‑by‑step deployment of an open‑source Go‑Vue SSO solution, covering authentication methods, supported protocols, security features, and Docker‑based installation.
This article demonstrates how to create various parameterized decorators in Python—including logging, performance measurement, authentication, caching, and file logging—by providing clear explanations and complete code examples for each use case in practical applications.
This article explains how to define token retrieval methods as pytest fixtures to reuse authentication tokens across multiple test cases, ensuring fresh tokens for each test and demonstrating fixture scope, cleanup, and global usage patterns.
This article explains the fundamentals of JSON Web Tokens (JWT), compares token‑based authentication with traditional session authentication, outlines common security threats such as theft, replay, and forgery, and presents practical measures—including HTTPS, encryption, secure storage, short lifetimes, two‑factor authentication, and safe token refresh—to protect token integrity in modern web applications.
This article demonstrates how to generate, store, and validate login tokens for both PC and mobile clients in a distributed micro‑service architecture using Spring Boot, Redis, custom annotations, AOP verification, and a Vue front‑end that manages token lifecycle and expiration.
This article explains how to implement invisible token refresh for authentication servers using Spring Boot gateway filters, JWT handling, Axios interceptors, and a client‑side timer, compares client‑ and server‑side approaches, and provides complete code examples and practical recommendations.
This article explains how JWT provides stateless user authentication while Session adds an extra security layer and state management, detailing their respective roles, the reasons for using Session alongside JWT, and offering Java code examples that illustrate their combined implementation.
This article explains the fundamentals of JSON Web Tokens (JWT), compares token-based authentication with traditional session methods, outlines common security threats such as theft, replay and forgery, and provides practical measures—including HTTPS, encryption, proper storage, expiration policies, and two-factor authentication—to safeguard token integrity.
This article explains the fundamentals of JSON Web Tokens (JWT), compares token-based authentication with traditional session methods, outlines common security threats such as theft, replay and forgery, and provides practical mitigation measures including HTTPS, encryption, secure storage, short lifetimes, two‑factor authentication, and safe token refresh strategies.
The article explains JWT fundamentals, shows how to integrate it with SpringBoot, compares JWT with a Token‑plus‑Redis approach, and argues why using JWT alone can be problematic in a system that already relies on Redis for session management.
This guide explains the JWT standard, its three‑part structure, the authentication flow, and a double‑token solution using short‑lived access tokens and long‑lived refresh tokens, with full PHP code examples, middleware interception, configuration, and client‑side renewal logic.
This tutorial walks through RBAC fundamentals, model classifications (RBAC0‑3), permission and user‑group concepts, then demonstrates practical Spring Security setups including in‑memory authentication, JWT integration, JSON‑based login, password encryption with BCrypt, and database‑backed authentication, providing complete code examples.
This tutorial explains how to use PHP's LDAP functions—ldap_connect, ldap_bind, ldap_search, and ldap_get_entries—to establish a connection to an LDAP server, bind an administrator account, and perform user authentication with example code for each step.
This article provides an in‑depth analysis of Spring Security 6.x architecture, explaining its filter‑chain design, authentication and authorization mechanisms, key components such as DelegatingFilterProxy, FilterChainProxy, SecurityFilterChain, and offers code examples and practical guidance for developers.
This article explains traditional session‑based authentication, introduces JWT and JJWT usage with Java code examples, and compares two microservice authentication designs—service‑side verification and API‑gateway unified verification—while discussing their trade‑offs, challenges, and practical implementation tips.
This article explains how to implement seamless, invisible token refresh for authentication systems, covering client‑side strategies using Axios interceptors and timers, server‑side gateway filters with Spring Boot, code examples for detecting token expiration, obtaining new tokens, and choosing between client and server approaches based on security and performance considerations.
This article explains how to implement invisible token refresh for authentication systems, covering server‑side gateway filtering in Spring Boot, client‑side Axios interceptors, timer‑based proactive checks, and practical code examples to address token expiration, parsing, and renewal challenges.
This article explains the concepts and models of Role‑Based Access Control (RBAC), demonstrates how to configure Spring Security for in‑memory and JWT‑based authentication, and provides complete Java code examples for permissions, user groups, password encryption, and custom login filters.
This article explains the OAuth 2.0 authorization framework, its core concepts, architecture, key roles, and implementation patterns for web, user‑agent, and native applications, helping readers grasp how delegated access works without sharing user credentials.
This article provides a comprehensive analysis of Spring Security 6's architecture, explaining how the framework uses a chain of servlet Filters, the DelegatingFilterProxy, and the SecurityFilterChain to implement authentication, authorization, and protection against common attacks, while also offering practical debugging tips and configuration guidance.
This article explains the key changes in Spring Boot 3, outlines the new OAuth2 components, and provides a detailed design for secure microservice authentication and authorization using Spring Authorization Server, JWT, API Gateway, and client applications, complete with architecture diagrams and implementation steps.
The article explains how HTTP’s stateless nature requires session or token mechanisms for preserving user state, compares session‑based and JWT token authentication, details JWT structure, and provides Java code examples for generating, verifying, and extracting token information, while also promoting related services.
This article demonstrates how to use PHP's LDAP functions to connect to an LDAP server, bind with credentials, and authenticate users by searching the directory, providing complete example code for each step.
This article explains what JSON Web Tokens are, outlines their typical workflow, and critically examines their drawbacks—including size overhead, redundant signatures, revocation challenges, lack of encryption, and broader security concerns—before concluding with practical recommendations for their use.
This article explains how Istio provides comprehensive security for microservices by using traffic encryption, flexible access control, TLS, mutual authentication, JWT request validation, and fine‑grained authorization policies, enabling zero‑trust networking across Kubernetes and other environments.
This article explains the OAuth2.0 authorization protocol, distinguishes it from single sign‑on, describes its core entities and step‑by‑step flow, and outlines how web servers, user agents, and native applications interact to securely obtain access tokens for protected resources.
MySQL 9.0, released July 2 2024, introduces EXPLAIN JSON output stored in variables, native EVENT DDL statements, and two new performance‑schema tables for variable metadata, while deprecating the old variables_info columns and removing the mysql_native_password plugin in favor of caching_sha2_password, enhancing observability and security.
This article explains the evolution from traditional cookie‑session authentication to token‑based JWT, detailing its structure, security mechanisms, implementation steps, advantages, limitations, and practical Java code examples, while also comparing it with modern authentication challenges in web and mobile environments.
This article explains the core architecture of Spring Security 6.x, detailing how a chain of servlet Filters implements authentication and authorization, the role of DelegatingFilterProxy, SecurityFilterChain, and the extensible components such as AuthenticationManager, UserDetailsService, and PasswordEncoder.
This article provides a comprehensive analysis of Spring Security 6.1, covering its core architecture, the role of FilterChainProxy, detailed authentication and authorization flows, key interfaces such as SecurityFilterChain, AuthenticationManager, and practical code examples to help developers understand and debug the framework.
This article explains the concept, definitions, and three deployment types of Single Sign-On (SSO), introduces the Central Authentication Service (CAS) mechanism, and details step‑by‑step login and logout processes across multiple web applications, illustrating each flow with diagrams and examples.
This article provides a comprehensive walkthrough of Single Sign‑On (SSO) concepts, common protocols, login flow diagrams, and multiple implementation options, then dives into step‑by‑step deployment of an enterprise‑grade SSO system using Keycloak with Docker or Kubernetes, including configuration, client setup, custom extensions, and practical code snippets.
This tutorial walks you through installing Laravel 11, adding Sanctum for API authentication, creating migrations, models, resources, controllers, and routes, and finally testing the API with Postman, providing complete code snippets and configuration details for a functional backend.
This tutorial walks through generating certificates, configuring kubeconfig, creating regular users, assigning roles and role bindings, using static token authentication, and managing ClusterRoles in a Kubernetes cluster to enforce the principle of least privilege.
A former NCS QA engineer in Singapore, feeling wronged after his dismissal, illegally accessed the company's internal systems, wrote malicious scripts, and deleted 180 virtual servers, causing $678,000 in losses and prompting security experts to stress the importance of account deactivation, continuous monitoring, and the impact of employee emotions on corporate security.
This article explains how HTTP's stateless nature requires session or token mechanisms for preserving user state, compares session‑based and JWT‑based authentication, details JWT structure, and provides a complete Java implementation with code examples.
This article explains the fundamentals of Role‑Based Access Control (RBAC), its model classifications, permission concepts, and user‑group usage, then demonstrates how to implement RBAC in a Spring Security application, including in‑memory authentication, JWT integration, JSON login, and password encryption techniques.
This article traces the evolution of login authentication across system architectures—from monolithic apps using cookies and sessions, through front‑end/back‑end separation and CORS, to distributed systems employing SSO and stateless JWT, highlighting their mechanisms, challenges, and trade‑offs.
This tutorial explains how to use PHP's LDAP functions to connect to an LDAP server, bind with credentials, and authenticate users by searching the directory and verifying passwords, providing complete code examples for each step.
This comprehensive guide walks you through the concepts of Single Sign-On, the mechanics of JWT, RSA asymmetric encryption, and step‑by‑step integration of Spring Security with JWT, providing full Maven project setup, configuration files, utility classes, custom filters, and testing instructions for a robust distributed authentication system.
This article explains the fundamentals of role‑based access control (RBAC), its model variants, and user‑group usage, then demonstrates how to configure Spring Security with in‑memory authentication, integrate JWT for stateless token‑based authentication, customize JSON login, and securely encrypt passwords using BCrypt.
This article provides a comprehensive guide to using Python's requests library for API testing, covering basic GET/POST requests, error handling, authentication, and concurrent requests with practical code examples.
