This guide explains the security challenges of WebSocket, outlines a step‑by‑step JWT authentication flow, and presents three practical token‑passing techniques—including URL parameters, post‑connection messages, and sub‑protocols—while emphasizing the use of wss:// and safe token storage.
MaxKey is an enterprise‑grade single sign‑on solution that supports OAuth 2.x, OpenID Connect, SAML 2.0, JWT, CAS and SCIM, offering secure identity management, RBAC, multi‑tenant capabilities, robust password policies, brute‑force protection, session control, and BCrypt‑based password encryption.
This article explains how a data security governance platform protects data across its entire lifecycle—from warehouse construction and collection to application—by implementing fine‑grained permission controls, encryption, masking, authentication, and comprehensive auditing, while addressing scalability, high availability, and regulatory compliance challenges.
This article explains what a bastion host (jump server) is, why it evolved from traditional jump servers, its core 4A design (authentication, authorization, account, audit), deployment options, common features, authentication methods, and how open‑source and commercial solutions differ, helping organizations improve security and compliance.
This article explains how to implement user authentication and role‑based authorization in PHP, covering password hashing with password_hash/password_verify, database queries for credential verification, and conditional logic for granting access based on user roles, with sample code snippets illustrating each step.
This article explains what JWT and Session are, compares their storage, state management, security, performance, cross‑domain support, expiration, use cases, logout mechanisms, and one‑time use scenarios, and helps you decide which authentication approach best suits your application’s needs.
This article walks through a complete security design for third‑party APIs, covering API‑key generation, request signing with timestamps and nonces, token handling, permission granularity, database schema, and practical implementation details such as rate limiting, idempotency, and TLS encryption.
This article walks through Spring Security fundamentals, covering authentication mechanisms, authorization configuration, dependency setup, custom user details with database integration, and how to replace the default login page with a custom one, all illustrated with code snippets and screenshots.
This article walks through eight concrete techniques—firewall rules, captchas, authentication checks, IP whitelists, HTTPS encryption, rate limiting, monitoring, and an API gateway—to prevent abusive requests from draining resources or compromising critical services.
This article explains how session‑based and token‑based (JWT) authentication work in backend applications, compares their workflows, shows practical Express.js code examples, and helps you decide which method best fits your project's security and scalability needs.
This article explains the motivations behind RocketMQ ACL 2.0, outlines its six major enhancements—including fine‑grained API permissions, flexible matching modes, and cluster‑wide access control—details the RBAC/ABAC model, authentication and authorization workflows, configuration examples, command‑line usage, and migration strategies, and discusses future planning for the access control system.
This article explains how to use PHP's LDAP functions to connect to an LDAP server, bind with credentials, and authenticate users, providing step‑by‑step code examples for each stage.
Websites cannot reveal original passwords because they store only salted, one‑way hashes, not the plaintext, making recovery impossible; therefore, when users forget their credentials, the secure approach is to verify identity and issue a password reset rather than expose any stored data.
The article explains the drawbacks of token pass‑through in microservice authentication, advocates explicit parameter passing, outlines unified gateway authentication with Feign or Dubbo, explores Kubernetes‑integrated deployment options, and concludes with a promotional invitation to a technical community.
This article compares JWT and session authentication, explains their differences, advantages, and drawbacks, and provides a complete Java implementation with Redis integration, token generation, validation, renewal, and related interceptor configuration for a robust backend authentication system.
This article explains the principles of Single Sign‑On (SSO) and OAuth2.0, compares their workflows, describes the main steps of each protocol, outlines the four OAuth2.0 grant types, and clarifies the distinctions between SSO, OAuth2.0, JWT, and Java security frameworks.
This article explains why user authentication is essential for mobile mini‑programs, outlines security measures using AccessToken and RefreshToken, and provides step‑by‑step techniques—including automatic login, token refresh, request queuing, and user‑state handling—to achieve a frictionless user experience.
Alibaba Cloud Log Service’s traditional STS password‑less login suffers from slow load times, fixed session limits, cross‑origin cookie restrictions, and hard‑to‑debug flows, prompting SLS to introduce a new ticket‑based authentication that streamlines access, extends sessions, improves security, and enables one‑click dashboard sharing.
QR‑code login lets a already‑authenticated mobile app scan a code shown on a PC, using a server‑issued token tied to the user’s account and device ID; the scan creates a temporary token, the user confirms, and a permanent token is issued to the PC, enabling password‑less, secure authentication.
This article explains the technical principles behind QR code login, covering QR code basics, token‑based authentication, the step‑by‑step flow between mobile and PC, and security considerations, providing a clear guide for developers implementing secure scan‑to‑login systems.
This article explains the Central Authentication Service (CAS) single sign‑on system, detailing its token‑based architecture, the roles of the CAS server, client, and protected services, and outlines typical scenarios such as e‑commerce, enterprise intranets, online platforms, and cloud services.
This article explains why invisible token refresh is needed, describes backend automatic token renewal using Java JWT, provides full Maven dependencies and JwtUtil implementation, shows unit‑test examples, and discusses frontend token extension strategies and edge‑case handling.
This article explains a comprehensive set of techniques—including firewalls, captchas, authentication checks, IP whitelists, data encryption, rate limiting, monitoring, and API gateways—to protect interfaces from malicious abuse and ensure secure, reliable service operation.
The IPAddresses field in a server certificate restricts its validity to specific IPs, adding an extra verification layer to TLS connections, which enhances security but requires careful management of IP changes, especially in dynamic or large‑scale cloud environments.
This article walks through the fundamentals of HTTP session handling, the challenges of session sharing in clustered environments, and presents a step‑by‑step design of a Single Sign‑On solution using CAS, including concrete code examples, Redis‑based session storage, and a comparison with OAuth2.
The article explains why passing tokens between microservices is a poor design, proposes exposing explicit userId parameters, describes unified authentication via an API gateway with Feign, Dubbo or Spring Boot Web implementations, compares their pros and cons, and shows how to integrate these patterns with Kubernetes and internal API path rules.
Single Sign-On (SSO) lets users log in once to access multiple trusted applications, and this article explains its necessity, core components like CAS Server, Client, and Service, the authentication flow, and common use cases in e‑commerce, enterprises, education, and finance.
The article critiques token pass‑through for microservice authentication, explains why internal APIs should stay stateless, and presents unified authorization patterns using Spring Cloud Gateway with Feign, Dubbo, or a gateway‑less design, plus Kubernetes integration and trade‑offs.
This guide explains how Spring Security configuration changed after version 5.7, covering the shift from WebSecurityConfigurerAdapter to SecurityFilterChain beans, multiple filter chain setup, in‑memory user definitions, custom authorization decisions, and shared authentication components, with full code examples.
This article provides a comprehensive overview of API security, covering authentication and authorization, privacy and encryption, input validation, detection, rate limiting, logging, secure coding, vulnerability management, lifecycle phases, and the importance of education and training to protect modern software ecosystems.
This article explains how to install the PHP‑JWT library with Composer, generate JSON Web Tokens using JWT::encode, validate them with JWT::decode, and configure custom expiration and not‑before times to enhance authentication security in PHP applications.
This article demonstrates how to replace heavyweight Spring Security with the lightweight Sa-Token framework by configuring token generation, session management, role and permission retrieval, and global gateway filters in a Spring Cloud micro‑service architecture, including complete code examples and deployment tips.
This article demonstrates how to replace heavyweight Spring Security with the lightweight Sa-Token framework by configuring token generation, session storage in Redis, service discovery via Nacos, and permission checks in a Spring Cloud Gateway micro‑service architecture, complete with code examples and deployment settings.
This article explains how to use Spring Boot Security for authentication and improve performance by caching user details in Redis, covering dependency setup, security configuration, Redis integration, testing endpoints, and optimization tips for a robust backend authentication solution.
This article explains the concept, workflow, and step‑by‑step implementation of a seamless token refresh mechanism, providing code examples and security best practices to keep user sessions alive without interruption while maintaining strong protection against token theft and replay attacks.
This article explains how to design and implement a token generation, storage, and verification system for both PC and mobile clients in a distributed microservice architecture, using Spring Boot, Redis, custom annotations, AOP aspects, and Vue front‑end integration.
An in‑depth Spring Security guide covering custom configurations, authentication providers, user‑details services, path‑based authorization, role hierarchies, exception handling, custom filters, multiple filter chains, method security, internationalization, and session management, complete with practical code examples for Spring Boot 2.7.
This article explains the essential components of user authentication architecture, covering its importance, core principles, registration, login, session management, popular protocols like OAuth, OpenID Connect, SAML, JWT, and critical security considerations for robust protection.
This article explains the concept, advantages, and implementation methods of Single Sign‑On (SSO) and provides two complete hands‑on examples—including architecture diagrams, database schema, configuration, and Java code for token‑based, ticket‑based, and RSA/AES encrypted SSO flows—using SpringBoot, Vue and Uni‑App.
This article explains how to handle sudden login redirects caused by expired JWT access tokens in a web platform by using Axios response interceptors to automatically refresh tokens, queue failed requests, and retry them without disrupting the user experience.
This article introduces the ten most noteworthy Laravel packages for 2024, covering authentication, markdown rendering, real‑time UI, image processing, debugging, search, Excel import/export, queue handling, localization, and automatic API generation, each with concise explanations and code examples.
This guide explains how to add user impersonation to a Laravel application using the Lab404 Impersonate package, covering installation, service provider registration, session handling, helper functions, routing, and API methods for starting and ending impersonation sessions.
JustAuth is a Java library that simplifies third‑party OAuth login by providing unified interfaces, customizable state, scopes, HTTP clients, and support for dozens of platforms, with clear code examples for quick integration such as QQ login.
This article explains the concept, advantages, and three implementation methods of Single Sign-On (SSO), then provides two complete practical examples—including architecture diagrams, step‑by‑step flows, and full Java code for ticket‑based and encrypted data‑based SSO—followed by supplementary RSA key generation notes and a brief promotional note.
This article explains why WebSocket security matters, outlines authentication and authorization gaps, describes the Cross‑Site WebSocket Hijacking (CSWSH) attack, and provides practical PHP code for origin validation and signature‑based authentication to protect high‑concurrency WebSocket services.
SSH (Secure Shell) is a widely used network security protocol that replaces insecure methods like Telnet and FTP by encrypting data and authenticating users, typically operating on port 22, and employing both symmetric and asymmetric encryption, key exchange, and various authentication methods such as passwords and public‑key pairs.
This comprehensive guide walks you through setting up Spring Security in a Spring Boot project, configuring password encoding, implementing JWT-based authentication, building custom login and logout endpoints, managing user details with MyBatis Plus, and applying role‑based access control with custom permission handlers, all illustrated with complete code examples.
This article explains how to design a scalable multi‑account login system, covering self‑built phone‑number authentication, optimized password‑less flows, third‑party integrations such as Weibo and WeChat, a refactored user‑basic and authorization schema, and the steps for implementing one‑click carrier‑based login.
This article explains the SSH protocol, covering its default port, the step‑by‑step process of establishing a secure connection, the role of symmetric and asymmetric encryption, and how password and public‑key authentication work with tools like PuTTY and OpenSSH.
This article explains how the OpenAPI specification standardizes interfaces and improves security by using AppId/AppSecret pairs, RSA‑based signatures, timestamp and nonce mechanisms, parameter validation, rate limiting, and encryption best practices, accompanied by complete Java code examples.
This article outlines the design of a flexible multi‑account authentication system, covering self‑built phone‑number registration, optimized password‑less login, integration of third‑party providers such as Weibo and WeChat, a split user/base‑authorization database schema, and a carrier‑based one‑click login flow.
This guide explains how to use Postman's pre‑request and test scripts to automate request signing, switch between multiple environments, and handle JWT‑based authentication, providing step‑by‑step instructions, execution order details, and practical code snippets.
This article explains how to use OpenAPI standards to standardize interfaces, generate unique AppId/AppSecret pairs, create RSA‑based signatures, and implement practical security measures such as timestamps, nonces, rate limiting, and data validation, all illustrated with full Java code examples.
This article explains why using JSON Web Tokens for session management is unsafe, detailing misconceptions about their benefits, highlighting security, scalability, and usability drawbacks, and finally outlining appropriate use cases such as short‑lived one‑time authorization tokens.
This guide explains the limitations of traditional session authentication, introduces JSON Web Token (JWT) as a scalable cross‑domain solution, and provides step‑by‑step instructions for installing, configuring, generating, and validating JWTs in PHP applications, including supported algorithms and practical code examples.
SSH (Secure Shell) is a widely used network security protocol that replaces insecure methods like Telnet and FTP, operating over default port 22, supporting key exchange, encryption algorithms, multiple authentication methods, and session management, with tools such as PuTTY and OpenSSH for client connections.
This article explains how PHP sessions and cookies work together to manage user data, improve authentication, shopping carts, and personalization, providing code examples and best practices for secure, seamless web application development.
This article explains JWT payload claims, lists standard and custom claims, shows how to generate a token with expiration in Java, and compares single‑token and double‑token renewal strategies—including OAuth 2.0 approaches and Redis‑based storage—to manage token expiration securely.
This article walks through the requirements, backend API design, and front‑end implementation—including TypeScript code snippets—for a QR‑code login system where the code expires after two minutes, users confirm login on mobile, and the web client polls for status updates.
This article explains how to generate, store, and validate login tokens across PC and mobile clients in a distributed microservice architecture, covering Redis storage, custom token entities, Spring service implementation, exception handling, client‑side storage utilities, and a custom annotation with an AOP aspect for request verification.
This article explains the three-stage design of a QR code login system—including pending scan, scanned‑pending‑confirmation, and confirmed phases—detailing how unique QR IDs, token exchange, and user confirmation ensure secure authentication across PC and mobile devices.
This article outlines practical strategies for building a flexible multi‑account login architecture, covering traditional phone‑number/password registration, optimized password‑less flows, integration of third‑party providers such as Weibo, WeChat and QQ, a unified user‑base and authorization schema, and the implementation of carrier‑based one‑click authentication.
This tutorial explains digital certificate fundamentals, common formats, the principles of one‑way and two‑way HTTPS authentication, and provides step‑by‑step Kubernetes configurations—including secret creation and Ingress setup—to implement secure TLS communication.
This article compares storing authentication tokens in cookies versus the Authorization header, outlining each method's implementation, advantages, drawbacks, security implications such as XSS and CSRF risks, cross‑domain considerations, and compliance with authentication standards.
This tutorial explains how to integrate Spring Security with JWT in a Spring Boot application, covering authentication and authorization concepts, filter chain principles, project setup, dependency configuration, security configuration classes, custom token filters, and the complete request‑authentication flow.
Didi hardened its massive Elasticsearch deployment—spanning 66 clusters and thousands of nodes—by adding a custom security plugin that authenticates requests at the cluster level, implementing a one‑click toggle and staged rolling upgrades, ultimately enabling authentication across all clusters and dramatically reducing data‑leak risk.
This article explains the technical principles behind QR code login, covering QR code basics, token‑based authentication, the step‑by‑step workflow between mobile and PC, and security considerations for implementing a reliable cross‑device sign‑in system.
This article provides a comprehensive introduction to OAuth 2.0, its core concepts, advantages and disadvantages, details four authorization flows, and presents step‑by‑step Java Spring Boot implementations for GitHub, QQ, and WeChat third‑party login, including database design considerations and code examples.
This guide walks through designing a User_Token table, defining roles and APIs, implementing QR‑code generation and validation endpoints, and wiring a Spring Boot WebSocket server with front‑end AJAX to achieve secure, real‑time QR‑code login for Android, web and PC clients.
This article explains the concepts, architecture, core tickets, and practical implementation steps of CAS-based Single Sign-On, including detailed API specifications, security considerations, and example code snippets for integrating SSO across multiple applications.
This tutorial explains how to secure a Spring Boot REST API using API‑key authentication by adding the necessary Maven dependency, creating a custom filter, extending AbstractAuthenticationToken, configuring Spring Security, implementing a controller, and testing the endpoint with and without the API key.
This article surveys the most common API security flaws—including information disclosure, broken object‑level and function‑level authorization, over‑exposure of data, missing rate limits, mass‑assignment, misconfigurations, injection attacks, improper asset management, and business‑logic bugs—providing examples, code snippets, and practical testing tips for security professionals.
This article outlines a comprehensive approach to building a scalable multi‑account login system that supports phone‑number/password, phone‑number/verification‑code, and various third‑party OAuth providers, detailing workflow steps, database schema, advantages, drawbacks, and a one‑click login integration.
This article explains what Kubernetes Ingress is, its core components, how to define Ingress rules with YAML, and provides practical examples using the Nginx Ingress Controller, including TLS support and basic authentication, to help manage traffic routing and load balancing in cloud‑native environments.
This article explains Spring Security's core functions, underlying filter‑based mechanism, various request‑access control methods, the distinction between hasRole and hasAuthority, how to encrypt passwords with BCryptPasswordEncoder, and the complete username‑password authentication process for securing backend applications.
This article explains how to move authentication from the gateway to individual Spring Cloud microservices by defining three custom annotations and an AOP aspect, while also covering Feign‑based calls and providing practical code examples for implementation.
This article explains the principles, structure, and workflow of token‑based authentication—including access and refresh tokens, JWT, CSRF attacks, same‑origin policy, cross‑origin solutions, and common encryption algorithms—highlighting their advantages, limitations, and practical usage in modern web and mobile applications.
This article explains OceanBase's MySQL‑compatible security features, covering the MAPI authentication process, user naming conventions, password complexity and expiration settings, and mechanisms for handling repeated login failures, with detailed comparisons to MySQL.
This article explains how the default title of the open‑source ChatGPT‑web project makes deployments vulnerable to discovery by asset‑search engines like FOFA and Shodan, leading to unauthorized API usage, and provides practical steps—changing the title and adding authentication—to protect the site and prevent unexpected costs.
This article introduces FACE-UI, a front‑back separated web application that implements facial login by capturing a photo via the browser, sending it to a Spring Boot backend, and using Tencent Cloud's face comparison API for authentication, with full setup instructions and code examples.
This tutorial explains how to build a PHP-based single sign‑on system using a main login application, a shared authentication service backed by MySQL and Redis, and multiple external applications, providing complete code examples for database setup, login handling, session sharing, and logout.
This article explains why remote access to industrial control systems is essential, outlines the risks demonstrated by high‑profile attacks, and provides detailed best‑practice guidance—including DMZ architecture, authentication, jump hosts, file transfer, and policies for direct connections—to securely manage OT environments.
This article introduces Sa-Token, a lightweight Java permission authentication framework, explains why it was chosen over Spring Security and Shiro, details its core login and permission APIs, demonstrates integration with Spring Boot and WebFlux, and lists its extensive feature set for modern backend development.
This article explains OAuth2 fundamentals, key terminology, and authorization flows, then guides you through setting up database tables, Spring Boot dependencies, resource and authorization server configurations, multiple grant types, token refresh, permission checks, and common pitfalls, providing complete code snippets and diagrams for a practical implementation.
This article introduces the lightweight Sa-Token Java framework, explains its login and permission authentication mechanisms, demonstrates essential API usage with code examples, and provides step‑by‑step integration guides for SpringBoot and WebFlux, covering configuration, session handling, role checks, wildcard permissions, and global exception handling.
This article explains the most frequent API security weaknesses—including information disclosure, broken object‑level and function‑level authorization, authentication bypass, over‑exposure of data, missing rate limits, mass‑assignment, misconfiguration, injection, asset mismanagement, and business‑logic flaws—providing detection techniques and illustrative code examples.
This article compares JWT and session authentication, explains their differences, security and performance trade‑offs, and provides a complete Java implementation with Redis integration, guiding developers on selecting and implementing the most suitable authentication method for distributed backend systems.
This article explains the principles and workflow of Single Sign‑On (SSO) and OAuth 2.0, compares their concepts, details implementation steps and grant types, and concludes with a promotional invitation to join a community offering related resources and discounts.
This article critically examines the common misconceptions about JWT advantages, explains the security and practical drawbacks of using JWT for session management, and outlines the scenarios where JWT is appropriate, such as short‑lived, one‑time authorization tokens.
This article explains the fundamental concepts, roles, and step‑by‑step flow of OAuth 2.0, compares it with single sign‑on, describes the architecture of authorization, resource, and client servers, and clarifies related terminology such as authentication, federation, and delegated access.
This article provides a comprehensive guide to configuring Spring Security in a Java backend, covering Maven dependencies, global security settings, JWT token parsing, custom authentication providers, user details services, dynamic URL permission metadata, access decision management, and custom handlers for login, logout, and error responses, along with sample application.yml and database schema.
This article demonstrates how to integrate account username and WeChat web‑authorization login into a Spring Security application by configuring custom authentication providers, filters, tokens, and handlers, allowing users to log in without a password while leveraging WeChat OpenID verification.
This article explains the fundamentals of OAuth2.0, distinguishes it from SSO, describes the roles of resource owner, client, authorization server and resource server, outlines the step‑by‑step authorization flow, and clarifies related terminology such as authentication, federated identity, and delegated authorization.
The article investigates why MySQL 8.0.27 repeatedly logs a deprecation warning for the sha256_password plugin, tracing the issue to authentication attempts with non‑existent users, analyzing source code, and proposing configuration and code‑level fixes.
This article explains the underlying mechanism of front‑end QR‑code login, detailing the roles of the PC page, mobile device, and server, and walks through the step‑by‑step process from generating the QR code to confirming login and issuing a token.
This article provides a comprehensive analysis of Spring Security's authentication mechanism, detailing the filter chain, core components such as SecurityContextHolder, AuthenticationManager, ProviderManager, and AuthenticationProvider, and illustrating the step‑by‑step flow of username‑password verification with extensive code examples.
This article provides a comprehensive walkthrough of Spring Security’s authentication mechanism, detailing the filter chain, core security components, and the underlying source‑code flow—from UsernamePasswordAuthenticationFilter through AuthenticationManager, ProviderManager, and DaoAuthenticationProvider—illustrated with code examples and diagrams.
This article explains the concept, background, and definition of Single Sign‑On (SSO), outlines three SSO deployment types, introduces the Central Authentication Service (CAS) with detailed ticket mechanisms, and provides step‑by‑step SSO and Single Logout (SLO) processes for multiple applications.
MaxKey is an open-source, Apache-licensed SSO platform that supports major authentication protocols, offers extensive login methods, provides multi-tenant IAM features, and includes detailed Linux deployment steps with code snippets and interface screenshots, making it a comprehensive solution for enterprise identity management.
The article outlines Berserker’s comprehensive data‑security framework—built on the CIA triad and 5A methodology—that unifies authentication, authorization, access control, asset protection, and auditing across Hive, Kafka, ClickHouse and ETL tasks, describes the migration from version 1.0 to 2.0 with a redesigned permission system, workspaces, Casbin performance tweaks, and previews future fine‑grained, lifecycle‑wide security enhancements.
