This article explains the concept, purpose, design principles, functional modules, authentication methods, deployment options, and open‑source implementations of bastion hosts, highlighting how they centralize control, audit, and protect privileged access to servers and network devices.
Learn how to install Cntlm on Debian‑based Linux or Windows, configure its authentication and proxy settings, obtain NTLM hashes, and apply changes by reloading or restarting the systemd service, enabling secure multi‑user HTTP proxy access within restricted networks.
This article explains how Single Sign‑On works in browser‑server applications, compares three implementation methods—parent‑domain cookies, a dedicated authentication center, and cross‑domain LocalStorage with iframe/postMessage—and provides sample code for the latter technique.
This article explains what a bastion host (jump server) is, why it is needed, its 4A design philosophy, core objectives, functional modules, authentication methods, common operation modes, additional features, various deployment architectures, and examples of commercial and open‑source solutions.
This article analyzes token-based identity authentication in multi‑client information systems, classifies various token types, compares their natural and controllable attributes, proposes a four‑layer hierarchy, and discusses practical usage scenarios and design principles to improve security and privacy.
This article provides a hands‑on guide to using IdentityServer4 in the Fuluteng project, covering signing credentials, client and resource stores, persisted grant storage with Redis, various OAuth2 grant types including client credentials, authorization code, password, and custom extensions such as SMS and third‑party logins, and demonstrates role‑based authorization and JWT configuration.
This article explores how Spring Security processes OAuth2 login callbacks, detailing the role of AuthenticationManager, the creation of OAuth2LoginAuthenticationToken, the selection of appropriate AuthenticationProvider such as OAuth2LoginAuthenticationProvider and OidcAuthorizationCodeAuthenticationProvider, and the subsequent generation of OAuth2User and token objects.
This article provides a comprehensive overview of JSON Web Tokens, explaining their purpose, structure (header, payload, signature), key concepts such as JWS and JWE, the various claim types, encryption and signing algorithms, and practical usage considerations for secure web authentication.
The article explains how to secure API interfaces by using AccessKey/SecretKey or Token/AppKey for identity verification, generating request signatures to prevent parameter tampering, and applying timestamp‑nonce mechanisms to defend against replay attacks, while providing concrete implementation examples in code.
This guide walks through the prerequisites, installation via Composer, key generation, and detailed configuration of Laravel's authentication system, including environment setup, file settings, controller examples, route definitions, middleware validation, and testing procedures for a functional backend.
This article explains how to diagnose MySQL client connection failures by checking whether the mysqld process is running, verifying network communication settings such as skip‑networking and bind‑address, and examining authentication or password issues via the error log.
This guide shows how to import Swagger-generated API definitions into Postman, configure environment variables, handle authentication tokens, and use Postman for efficient API debugging, while noting the limitations of documentation display compared to Swagger.
This article walks through Spring Security's OAuth2 authorization flow, revealing the entry URL, key resolver and filter classes, core request‑handling logic, and how the framework redirects users to third‑party providers.
This tutorial explains the fundamentals of HTTP API authentication versus authorization, introduces Casbin's model and policy syntax for role‑based access control, and provides step‑by‑step PHP code examples to add permissions, assign roles, and enforce RBAC checks.
This article explains the principles and workflows of typical authentication mechanisms—including HTTP Basic authentication, cookie‑based sessions, JSON Web Tokens, and OAuth—detailing their encryption processes, storage strategies, token refresh techniques, and security considerations for modern web applications.
This article provides a comprehensive guide to customizing Laravel's built‑in authentication system, covering route parameters, controller generation, password confirmation, device logout, redirect logic, user creation via Tinker and factories, login throttling, and additional credential checks, all with practical code examples.
This article explains how to create an iOS 14 home‑screen Widget for the Hema Town mini‑game, covering design goals, platform restrictions, authentication handling, data timeline updates, SwiftUI UI implementation, bundle splitting, Swift bridging, analytics, review pitfalls, and post‑release considerations.
This guide walks you through using the Python httpx library to perform various HTTP methods—including GET, POST, PUT, DELETE, HEAD, and OPTIONS—handle query parameters, decode responses, work with JSON, custom headers, form data, file uploads, streaming, cookies, redirects, and authentication, all with clear code examples.
This article explains the concepts, structures, and cryptographic processes of JWT, JWS, and JWE, covering their components, claim types, signature algorithms, encryption steps, and practical code examples for secure token handling in web applications.
This article provides an in-depth overview of Nginx, covering its introduction, architecture, and various modules, including real IP and rewrite modules, with practical examples and configuration details.
This comprehensive Spring Security guide explains core concepts of authentication and access control, details the AuthenticationManager and ProviderManager interfaces, shows how to customize authentication managers, configure authorization with AccessDecisionManager, secure web requests with filter chains, and apply method-level security, including asynchronous contexts.
This article traces the evolution from early stateless web browsing to modern token‑based authentication, explaining how session management challenges led to centralized stores, their drawbacks, and how signed tokens using HMAC‑SHA256 provide a scalable, secure, and truly stateless alternative.
This article explains how to automatically renew JWT tokens in a front‑end/back‑end separated system by storing tokens in a cache, checking them in a filter, and refreshing them when expired, thereby preventing frequent logins and preserving form data.
This article explains what GraphQL is, how its type system and Relay standard work, the N+1 problem, and presents three architectural approaches—prefixing, schema stitching, and RPC composition—for integrating GraphQL into microservices, along with authentication, authorization, and routing considerations.
This article explains three practical methods for achieving Single Sign‑On in web systems—using a parent‑domain cookie, deploying a dedicated authentication center, and leveraging front‑end LocalStorage with iframe postMessage—to share session or token information across multiple domains.
This article explains why session management is needed, compares cookies, sessions and JWT, describes JWT's structure and workflow, and provides a complete Node.js/Koa implementation with code examples and a discussion of its advantages and drawbacks.
This article provides a comprehensive overview of the PASSPORT account system, detailing its registration process, login mechanisms, authentication methods, security challenges, system evolution, and stability considerations to guide developers in building robust and secure user identity services.
This article explains the technical solutions for unified multi‑account login in web applications, covering early‑stage username/password and mobile verification flows, detailed process steps, OAuth2.0 third‑party integration, and comprehensive database schema design for local and third‑party user authentication.
This tutorial walks you through registering a QQ Connect application, adding the required Maven dependency, creating the login page, implementing the Spring Boot controller and AuthComment utility class, configuring Freemarker, and handling the OAuth flow to achieve seamless QQ authentication in a Java backend.
The article shows how a Vue login page can request a SpringBoot endpoint that creates a four‑character captcha image, encodes it as a Base64 data URL, returns it together with a UUID, stores the code in Redis with a two‑minute expiration, and validates the UUID during login.
This article explains the concept of multi‑account unified login in internet applications, detailing early‑stage username/password and mobile‑based authentication flows, the evolution to third‑party OAuth2 integration, and provides comprehensive database schema designs for local and third‑party user accounts.
This article explains the stateless nature of HTTP, session and cookie mechanisms, the challenges of multi‑system authentication, and then details the concept, workflow, token handling, and step‑by‑step Java code for building a basic Single Sign‑On solution with login and logout support.
This article explains the background, principles, key concepts, workflow, and step‑by‑step deployment of Kerberos authentication on a Cloudera CDH big‑data cluster to protect sensitive medical data, and discusses its reliability and best‑practice configurations.
This guide demonstrates how to integrate Apache Shiro into a Spring Boot application, covering project setup, Maven dependencies, configuration of Redis-backed session and cache management, creation of utility and realm classes, and implementation of role‑based permission controls with example controllers and Postman testing.
This article explains Apache Shiro's core architecture, demonstrates how to create authentication tokens, configure realms with caching and hashing, and shows step‑by‑step integration with Spring MVC including filter setup and login controller code.
This article explains the fundamentals of authentication and authorization, the roles of credentials, cookies, sessions, various token types including access and refresh tokens, and details the structure, generation, and usage of JWTs, while comparing security considerations and distributed session sharing strategies.
This guide explains how to configure Jenkins user authentication and authorization, covering the built‑in user database, LDAP integration, and single sign‑on setups for GitLab and GitHub, with practical steps, configuration files, and troubleshooting tips.
This article explains the critical importance of securing RESTful APIs—covering data protection, DoS risks, and business impact—and outlines practical measures such as authentication, API keys, access control, rate limiting, and input validation with code examples.
This comprehensive tutorial covers MongoDB fundamentals, including CRUD operations, display commands, conditional queries, updates, deletions, essential tools like mongod and mongostat, authentication mechanisms, role definitions, configuration settings, and step‑by‑step user and admin creation for secure database management.
This guide explains Kubernetes' security pipeline—authentication, authorization, and admission control—detailing token and SSL authentication, service accounts, RBAC, ABAC, Node and Webhook authorizers, and the essential admission plugins, with practical kubectl commands and configuration examples.
Google’s fingerprint API, introduced in Android 6.0, can be integrated via the legacy FingerprintManager or the newer BiometricPrompt, using a wrapper that abstracts version differences, handling permissions, hardware checks, authentication callbacks, and optional reflection to retrieve fingerprint IDs and enrolled fingerprint lists for advanced login scenarios.
This article explains the technical design of a unified multi‑account login system, covering early‑stage username/password and phone‑based authentication, detailed flow steps, database schema, and integration of third‑party OAuth (e.g., QQ) while highlighting practical considerations and limitations.
This article explains Apache Shiro's security architecture, demonstrates how to create authentication tokens, configure realms, use caching and hashing for password protection, and integrate Shiro with Spring MVC through XML and Java code examples.
This article provides a comprehensive tutorial on Kerberos fundamentals, its authentication workflow, and detailed procedures for installing, configuring, and enabling Kerberos security on a Cloudera (Hadoop) cluster running on CentOS, including code snippets, configuration files, and post‑deployment testing steps.
This article explains the QR code login process, detailing how a web page requests a QR code, how the mobile app scans it, exchanges tokens via Redis, and ultimately authenticates the user across web and mobile platforms.
This article explains how Spring Security integrates with Servlet‑based Java web applications by detailing the servlet filter chain, DelegatingFilterProxy, FilterChainProxy, SecurityFilterChain, and providing code examples to help readers grasp authentication and authorization mechanisms.
This article explains how to extend the default OAuth2 token response by embedding business-related fields such as tenant_id, user_id, and username, and walks through the underlying Spring Security code—including the password grant flow, token creation, and enhancement process—illustrated with code snippets and diagrams.
This guide explains the concepts of apiserver clients, authentication methods, service accounts, RBAC authorization, admission control, and provides step‑by‑step instructions for installing and accessing the Kubernetes Dashboard 2.0.
This article outlines key security mechanisms for public APIs—including data encryption, signing, timestamp validation, AppId authentication, rate limiting, blacklist handling, and data validation—and provides practical Java code examples for each technique.
This guide walks through installing the tymon/jwt-auth package, configuring Laravel, creating middleware for CORS and JWT verification, defining API routes, building an authentication controller, and testing the registration and login endpoints using tools like Postman or AJAX.
This guide walks you through Laravel's built‑in authentication scaffolding, database requirements, route and view generation, customizing redirects, usernames, guards, validation, and storage, plus advanced techniques like manual authentication, HTTP basic auth, custom guards, and user providers, all with clear code examples.
This guide explains how to enable Laravel's built‑in password reset feature by running the make:auth command, configuring the user model, migrating the reset token table, setting up routes and views, customizing guards, brokers, and notification emails, and adjusting token expiration.
This article explains how cookies and sessions compensate for HTTP's stateless nature, details their creation, types, and limitations, compares them with JSON Web Tokens, and provides guidance on choosing the appropriate authentication method for different application scales and security requirements.
This article explains the complete OAuth2 token lifecycle—including how resource servers validate incoming tokens, how the authorization server creates and reuses access tokens, and the mechanisms for passive and active token refresh—complete with Java code examples and practical client‑side strategies.
This article explains the differences between authentication and authorization, compares session‑based and token‑based (JWT) authentication flows, details JWT structure and signing, and outlines the advantages, disadvantages, and suitable scenarios for each method.
This guide walks through setting up Crowd 3.7.1 with Jenkins 2.220 by creating user directories, groups, and applications in Crowd, then configuring Jenkins to use the Crowd2 plugin for global security and login, including screenshots for each step.
This article explains the technical principles behind QR‑code login, detailing the end‑to‑end workflow between browsers, mobile apps and servers, and provides concrete implementations from Taobao and WeChat, including code snippets, polling mechanisms, Redis usage, and error handling.
This article explains the fundamentals of Single Sign‑On (SSO), covering same‑origin policy, cookies and sessions, browser login flows, challenges of multi‑system authentication across subdomains and different domains, front‑end cross‑origin techniques, and an overview of the CAS protocol.
This article walks through step‑by‑step how to integrate Jenkins with LDAP, GitLab, and GitHub for unified authentication, covering preparation, plugin installation, configuration details, testing, and the final login experience, illustrated with screenshots.
This article explains why storing session data in JWTs is unsafe and inefficient, debunks common claimed benefits, and highlights the security, scalability, and revocation issues compared to traditional cookie‑based sessions.
This guide walks you through setting up LDAP authentication for Zabbix, covering Active Directory OU creation, Zabbix server LDAP module verification, configuration parameters, user provisioning, fallback to internal authentication, and the related database tables and SQL commands.
This guide introduces Spring Security fundamentals, explaining authentication and authorization concepts, the core interfaces such as AuthenticationManager and AccessDecisionManager, how to configure them with Spring Boot, customize filter chains, apply method‑level security, and handle thread‑bound security contexts for asynchronous processing.
This article compares key new features of MySQL 8.0 and MariaDB 10.4—including authentication plugin changes, Unix‑socket auth, atomic DDL, instant column adds, clone plugin usage, optimizer enhancements, resource groups, query‑rewrite, and backup tools—providing step‑by‑step commands, code snippets, and practical caveats for database upgrades.
This article explains the background, architecture, and step‑by‑step authentication flow of Single Sign‑On systems, covering the classic CAS framework, Java implementation details, and Taobao's extended SSO design with code examples.
This guide walks you through the various HTTP authentication methods, explains JWT Bearer authentication, and demonstrates how to implement a custom JwtAuthenticationFilter in Spring Security, configure it, and use JWT tokens for securing API endpoints, including token refresh handling.
This tutorial walks through customizing Spring Security to create a scalable, extensible form‑login mechanism, covering the basic login flow, Spring Security's built‑in login options, FormLoginConfigurer settings, practical controller code, security configuration, and how to add multiple login types such as JSON or CAPTCHA.
This article explains the fundamental differences between cookies, sessions, and tokens, outlines how each works in web authentication, compares their security and performance trade‑offs, and offers practical guidance on storage, encryption, and best practices for implementing token‑based authentication.
This article explains the stateless nature of HTTP and how cookies, server‑side sessions, and token‑based authentication work together to maintain user state across requests, including their storage limits, lifecycle, and practical implementation steps.
This article compares Spring Security and Apache Shiro, explaining their authentication and authorization features, filter‑chain mechanisms, RBAC model, and related security concepts to help Java developers choose the right framework for production‑grade web applications.
This article explains the principles of single sign‑on and compares several practical implementations—including shared session via Redis, OpenID‑based authentication, cookie‑based OpenID storage, and cross‑domain JSONP techniques—while also discussing their limitations and security considerations.
The article explains how the project login system was upgraded to Single Sign-On (SSO), details two performance testing scenarios for single‑user logins, and provides Groovy and Java code examples for concurrent testing, token handling, and CAS credential verification.
This article explores practical approaches to Single Sign‑On, comparing shared Session, OpenID‑based, and cookie‑based implementations, addressing scalability, cross‑domain challenges, and security considerations to help developers choose the right SSO solution for their architecture.
This guide details how to design the backend, database schema, authentication flow, and Java code required to integrate QQ and Weibo one‑click login for a website, covering token handling, user data retrieval, and practical security considerations.
This article outlines the design of a unified multi‑account login system, covering self‑built phone‑number authentication, optimized password‑less login, third‑party integrations, database schema separation, and a one‑click carrier‑based login to improve user experience and scalability.
This article explains what an API gateway is, why it is essential in microservice architectures, and how it handles cross‑cutting concerns such as authentication, transport security, load balancing, request routing, dependency resolution, and data transformation, illustrated with a simple Node.js gateway example and code snippets.
This tutorial demonstrates how to integrate the lightweight Apache Shiro security framework into a Spring Boot 2.1.5 project, covering environment setup, Maven dependencies, Redis session storage, custom utilities, Shiro configuration, permission annotations, test controllers, and Postman verification.
This tutorial walks you through building a lightweight OAuth2 authentication server using Spring Cloud Hoxton, covering required dependencies, web security configuration, client details, grant types, testing with the password flow, and key insights on Spring Security password handling.
This article walks through integrating Apache Shiro into a Spring Boot project to handle authentication, authorization, session management, and caching, including custom realms, Redis-backed sessions, and cache managers, while providing detailed code examples and configuration guidance.
A July 3 CAS extension caused login failures due to inconsistent JSESSIONID handling across servers, leading to redirects and authentication errors, which were traced to missing memory‑cache configuration and resolved by removing the misconfigured node and restoring proper session sharing.
A developer recounts how a misconfigured production environment led to the accidental deletion of both content and user databases, the frantic scramble to diagnose the issue, the discovery of a backup oversight, and the hard‑earned lessons on backups, testing, and authentication security.
This article explains what JWT (JSON Web Token) is, its compact self‑contained structure, how it replaces traditional session‑cookie authentication, and discusses its benefits, limitations, and practical usage in stateless web security.
This article explains the QR‑code login process, detailing how the web front‑end, server, Redis store, and mobile application cooperate to generate a QR code, verify the scan, and complete user authentication using tokens and UUIDs.
This article analyses various client‑side authentication scenarios, classifies tokens into password, session, and API categories, compares their natural and controllable attributes, and proposes a four‑layer hierarchical token architecture to improve security, usability, and decoupling across multiple platforms.
The article surveys authentication from ancient token methods to modern password and session techniques, explains OAuth 2.0 flows and their adaptation for WeChat Mini‑Programs—including access‑token retrieval, simplified client‑credentials grants, and cloud‑call automation—while also previewing future trends such as biometrics, blockchain‑based decentralization, and AI‑driven trust models.
This article explains microservice architecture and the role of API gateways, introduces Kong as a high‑availability gateway, and provides a step‑by‑step guide for deploying containerized AI services (face, pet, and content moderation) and integrating them with Kong for authentication, rate‑limiting, and secure access.
This article explains the fundamentals of SSH, covering its purpose, architecture, password and key authentication methods, how to verify installation and service status, and practical commands for connecting, transferring files with scp, and using sftp on Linux systems.
The article details the evolution and current architecture of the 58 Open Platform, covering its API gateway, multi‑protocol support, authentication mechanisms, distributed rate‑limiting, circuit‑breaking, thread‑pool isolation, and a Netty‑based real‑time message‑push system, while outlining future service‑marketplace and serverless plans.
This article explains how to customize the default OAuth2 check‑token flow in Spring Cloud by extending the token converter to assemble complete user information—including IDs, department and tenant data—directly into the security context, eliminating extra database queries and improving performance.
This article explains what API gateways are, why they are essential in micro‑service architectures, outlines the cross‑cutting concerns they address such as authentication, transport security, load balancing, request routing, dependency resolution and data transformation, and provides a practical Node.js implementation with code samples.
This guide explains how to download, install, and configure the SonarQube GitLab authentication plugin, including plugin installation via Maven, setting up a GitLab application with HTTPS, configuring SonarQube authentication parameters, and troubleshooting common redirect URL errors.
Cloud development for mini programs streamlines backend creation by offering a document database, CDN‑linked storage, and server‑less functions, letting developers focus on business logic while eliminating server purchases, domain setup, and complex configuration, and providing unified authentication, one‑click provisioning, and future‑ready API extensions.
Designing a relatively secure account system requires integrating strong multi-factor authentication, fine-grained authorization models like RBAC or ABAC, and continuous real-time and offline auditing to mitigate breaches, while recognizing that absolute security is impossible and ongoing vigilance is essential.
This article reviews the weaknesses of cookie‑based single sign‑on, explains the unified authentication center approach, and details the complete CAS (Central Authentication Server) login flow—including first, second, and cross‑domain accesses—illustrated with diagrams.
This article introduces Laravel, a modern PHP framework, highlighting its MVC architecture, robust ORM, Blade templating, streamlined routing, controller organization, and built‑in authentication, while providing code examples to show how these features boost developer productivity.
This article examines the challenges of unifying multiple independent account systems within 58 Group and presents three technical approaches—full account merging, account linking with single sign‑on, and a unified cloud account platform—detailing their benefits, difficulties, and implementation considerations.
This tutorial explains how to set up Laravel 5's built‑in password reset feature, covering the required data tables, model contracts, route definitions, view templates, email configuration, and the complete reset workflow with code examples.
This article explains the architecture and step‑by‑step workflow of QR code login, covering how the web front‑end, mobile client, and server (including Redis storage and token verification) cooperate to generate a QR code, poll for authentication, and complete a secure user login.
This article explains the fundamentals of CAS-based Single Sign‑On, detailing the roles of CAS Server and Client, the ticket‑granting process, login and logout flows, session handling, and how global and local sessions interact to provide seamless authentication across multiple web applications.
This article explores the critical role of API gateways in securing APIs, covering their advantages, drawbacks, common threats, authentication methods, communication safeguards, logging practices, and a shortlist of popular open‑source gateway solutions.
This article introduces eight indispensable Laravel packages—ranging from debugging and JWT authentication to ACL management, data transformation, UUID generation, image handling, push notifications, and automated backups—that together streamline and enhance the development of API‑centric backend applications.
