This article explains how to replace Shiro with jCasbin in a Spring Boot application, covering Maven dependencies, configuration files, Enforcer initialization, policy definition, and practical usage through a servlet filter and REST endpoints for adding or removing permissions.
This article examines traditional RBAC, ABAC, and PBAC access‑control models, evaluates their strengths and weaknesses, and presents a hybrid permission architecture tailored for 微盟's WOS system that combines role‑based and attribute‑based rules to achieve high flexibility and fine‑grained authorization.
This tutorial walks through setting up Spring Security with JWT in a Spring Boot project, covering environment configuration, Maven dependencies, custom authentication handlers, permission evaluation, JWT filtering, and testing, providing complete code examples and explanations for building a robust backend authentication system.
This article provides an in‑depth overview of authentication, authorization, and permission control concepts and compares ten common front‑end authentication techniques—including HTTP Basic Auth, Session‑Cookie, Token, JWT, SSO, OAuth 2.0, QR‑code login and one‑click login—detailing their workflows, advantages, drawbacks, and typical usage scenarios.
This article explains the principles and workflow of Single Sign‑On using OAuth2.0, illustrates the process with a real‑life analogy, and provides a complete Spring Boot example—including authorization server, client configuration, and role‑based access control—suitable for microservice architectures.
This article provides a detailed tutorial on Spring Security, covering its core concepts, project setup, authentication flow, custom user details service, password encoding, login handling, role-based access control, CSRF protection, and integration with Thymeleaf, complete with code examples.
This article provides a comprehensive, step‑by‑step guide to OAuth 2.0, covering its background, usage scenarios, core roles, token types, redirect handling, scope definition, the four grant flows, request/response examples, token refresh mechanisms, and security considerations.
This article provides a comprehensive introduction to the OAuth 2.0 authorization framework, covering its core roles, token concepts, common usage scenarios, the four standard grant types with request/response examples, security considerations, and reference specifications.
This comprehensive tutorial explains RBAC concepts, model classifications, and permission handling, then walks through implementing Spring Security with in‑memory authentication, JWT integration, custom JSON login filters, password encryption, and database‑backed authentication, providing complete code examples and configuration details.
This article explains single sign‑on concepts, compares SAML, OAuth2 and OpenID Connect, outlines their benefits and typical workflows, and provides guidance on choosing the right protocol for different security and user‑experience scenarios.
This comprehensive guide walks you through Spring Security fundamentals, authentication flow, project setup, custom user details, password encoding, login handling, 403 error pages, remember‑me functionality, method security annotations, and CSRF protection, providing clear code examples for each topic.
This guide demonstrates how to implement Spring Security authentication and authorization using web expression-based rules, custom beans, path variables, multi‑condition expressions, and advanced @PreAuthorize methods, including parameter‑based checks, custom annotations, and custom logic services within a Spring Boot 2.4 application.
This guide walks through Spring Security fundamentals, including its core authentication and authorization mechanisms, project setup with Maven, customizing usernames, implementing UserDetailsService, creating custom PasswordEncoders, configuring login handling, role and authority checks, CSRF protection, remember‑me functionality, and using security annotations.
This article explains the design and implementation of a unified data security control platform that protects user privacy and corporate data across multiple big‑data components (Hive, Hetu, GaussDB) by integrating Apache Ranger, custom authorization APIs, asynchronous processing, distributed locking, and SDK‑based authentication to achieve fine‑grained, one‑stop permission management.
This guide explains how Spring Security processes authentication and authorization failures, walks through the default exception flow, and demonstrates multiple ways to customize error handling—including custom failure handlers, access‑denied pages, and JSON responses—using Spring Boot 2.4.12.
This article provides an in‑depth guide to authentication, authorization, and access control, covering basic HTTP authentication, session‑cookie mechanisms, token‑based approaches, JWT structure, single sign‑on (SSO), OAuth 2.0 flows, unique login enforcement, QR‑code login, and one‑click mobile login, with practical code examples and diagrams.
This article explains how Kubernetes secures its API Server through authentication and authorization, covering user types, authentication methods such as client certificates, bearer tokens, OIDC, and static token files, and then details the RBAC model, role bindings, and service account usage for fine‑grained access control.
This article explains why HTTP is a stateless protocol, introduces authentication and authorization concepts, and compares cookies, sessions, and token-based mechanisms such as JWT, detailing their characteristics, workflows, and security considerations for modern web applications.
This article provides a comprehensive step‑by‑step guide on building a permission management system with Spring Security, covering database design, entity classes, Maven configuration, security configuration, dynamic menu loading, front‑end rendering using Thymeleaf, and complete testing with sample code and screenshots.
This article provides a comprehensive introduction to the OAuth 2.0 protocol, covering its core concepts, authorization flow, four grant types (authorization code, implicit, resource owner password credentials, client credentials), request and response parameters, token handling, and practical examples with code snippets.
KubeVela 1.4 introduces built‑in multi‑cluster authentication and authorization, a resource‑topology visualizer, the lightweight VelaD runtime, dozens of new plugins, and a host of workflow enhancements, while outlining the project’s roadmap for observability, workflow and application management.
This article provides a comprehensive introduction to the OAuth 2.0 protocol, explaining its core concepts, the roles of resource owner, client, authorization server and resource server, and detailing the four grant types—authorization code, implicit, resource‑owner password credentials, and client credentials—along with token request/response formats and refresh token usage.
This article provides a comprehensive introduction to OAuth 2.0, covering its purpose, core roles, token types, four main grant flows (authorization code, implicit, resource‑owner password, client credentials), token refresh mechanisms, and practical request/response examples for developers.
This article introduces the problems of the legacy permission approach at Zhuanzhuan, compares industry‑standard RBAC and ABAC models, explains the design rationale for a hybrid RBAC‑based system, and outlines the core modules, role hierarchy, and permission types for the new unified permission management platform.
This article explains how to shift authentication and authorization from the gateway to downstream Spring Cloud microservices by removing the gateway's ReactiveAuthorizationManager, defining three custom annotations (@RequiresLogin, @RequiresPermissions, @RequiresRoles), creating an AOP aspect to enforce them, and demonstrating their usage in controller methods.
Baidu’s ToB Account Permission Platform provides a unified, configurable login and permission service—including multi‑tenant account management, SSO, OAuth, and the GD‑RBAC model—delivering secure, high‑performance access for over ten million enterprise accounts across multiple product lines.
This article explains the fundamental differences between JSON Web Token (JWT) and OAuth2, describes their structures, security considerations, and provides guidance on when to choose each method for protecting API access in modern applications.
This article explains how to integrate the Apache Shiro security framework into a Spring Boot application, covering core components, Maven configuration, bean definitions, custom realms, filter chains, and the complete login authentication process with code examples.
This article explains the fundamental differences between JSON Web Token (JWT) and OAuth2, describes how each works, provides code examples of JWT structure, outlines OAuth2 roles and flows, and discusses practical scenarios, advantages, and drawbacks for securing APIs.
This article explains the fundamentals of OAuth2.0, distinguishes it from SSO, describes the three main participants, outlines the complete authorization flow with step‑by‑step details, defines key terminology, and discusses deployment scenarios such as web servers, user‑agent apps, and native applications.
This article provides a comprehensive guide on integrating Apache Shiro into a Spring Boot application, covering core components, Maven configuration, bean definitions, security manager setup, custom realms, filter chain configuration, and the complete login authentication flow with code examples.
This article traces the evolution from DAC through MAC to RBAC and ABAC, critiques common implementations, and presents a practical, tag‑based permission system that cleanly separates roles, policies, and objects for scalable, secure access control.
This article provides an in‑depth tutorial on Spring Security, covering its core concepts, authentication flow, project setup, dependency imports, custom UserDetailsService, password encoding, login handling, role‑based access control, CSRF protection, and integration with Thymeleaf, complete with practical code examples.
This article explains the principles and workflow of Single Sign-On (SSO) using OAuth2.0, illustrates the process with a real‑life scenario, compares multi‑point and single‑point login, and provides a complete Spring Boot example for building an authorization server, client, and role‑based access control in micro‑service architectures.
This article explains the fundamentals of web session management, compares server‑side, cookie‑based, and token‑based storage methods, discusses authentication versus authorization, and outlines security considerations and best‑practice recommendations for managing user sessions in modern web applications.
This article explains the principles of Single Sign‑On using OAuth2.0, illustrates the workflow with a real‑world analogy, and provides a complete SpringBoot example—including authorization server, client configuration, role‑based access control, and micro‑service integration—so readers can master SSO implementation and security design.
This article demystifies Single Sign-On using OAuth2.0 by illustrating the authentication and authorization flow through a real‑world analogy, explaining HTTP redirects, detailing the four grant types, and providing a complete Spring Boot implementation with role‑based access control for both client and server sides in microservice architectures.
This article explains the OAuth2 authorization framework, illustrates its principles with a delivery‑person analogy, details the four main grant types, and provides a step‑by‑step Spring Boot implementation including server configuration, resource protection, and Postman testing.
BanYu’s early data warehouse lacked any access controls, prompting the creation of a comprehensive big‑data permission system that integrates authentication and authorization across Hive, Presto, HDFS, and Metabase using LDAP, Ranger policies, workflow automation, and both synchronous and asynchronous policy initialization.
This tutorial walks through building a Spring Boot application with Apache Shiro, covering core concepts, database schema design, Maven dependencies, configuration files, entity and DAO layers, service implementations, Shiro realm and security configuration, login handling, role and permission testing, and future extension ideas.
This article explains why OAuth2.0 is needed, clarifies the differences between tokens and passwords, describes the OAuth2.0 protocol and its four grant types, and provides a step‑by‑step Spring Boot + Spring Cloud Alibaba implementation of an authorization server and a resource server with full code examples.
This article explains how to use Spring Security together with JWT to build a stateless authentication system for front‑end/back‑end separated applications, covering token issuance, refresh logic, custom filters, handlers, UserDetailsService implementation, global security configuration, and testing procedures.
This article compares Apache Shiro and Spring Security, outlining their core concepts, execution flows, key features, and practical guidance to help developers choose the most suitable Java security framework based on project requirements and team expertise.
This extensive guide explains Apache Shiro's core concepts, demonstrates how to set up simple authentication, configure various Realm types, apply multi‑realm authentication strategies, encrypt passwords with hashing and salting, implement custom authorization, integrate Shiro with Spring MVC, explore different login methods, use JSP tags for UI control, and enable caching with Ehcache, providing complete code examples throughout.
This article explains the principles of Single Sign-On using OAuth2.0, illustrates the flow with a real‑world analogy, details HTTP redirection, compares grant types, and provides a complete Spring Boot implementation of an authorization server, client application, and role‑based access control for microservices.
This article explains the fundamentals of authentication, authorization, and credentials, compares cookies, sessions, and tokens, details token types such as access and refresh tokens, introduces JWT principles and usage, and discusses security considerations and distributed session‑sharing strategies for modern web applications.
This article explains the fundamentals of authentication, authorization, and credentials, compares cookies, sessions, and token‑based approaches, discusses token and JWT structures, outlines common authentication patterns, and provides practical guidance on their use and pitfalls in distributed systems.
Airbnb replaced duplicated, latency‑prone authorization checks in its new service‑oriented architecture by moving them into data services and building Himeji, a Zanzibar‑inspired centralized permission store that uses triple‑based policies, configurable unions, sharded caching, and Aurora backing to deliver sub‑10 ms latency for millions of checks per second with 99.999 % availability.
This article explains why HTTP is a stateless protocol and how authentication and authorization are achieved using cookies, sessions, and token-based mechanisms such as JWT, detailing their characteristics, workflows, and security considerations for modern web applications.
This guide explains the five authorization methods supported by Postman—No Auth, Basic, Digest, Hawk, and OAuth 1.0—providing configuration details, example requests, and sample responses to help developers secure API calls effectively.
Apache APISIX 2.9 introduces the authz‑casbin authorization plugin, dynamic per‑route real‑ip configuration, and significant enhancements to external plugin mechanisms, including unique keys for Plugin Runner and reverse information retrieval, alongside richer features for existing plugins such as request‑id and error‑log‑logger.
This tutorial walks through building a microservice authentication and authorization solution using Sa-Token, Spring Cloud Gateway, Nacos, and Redis, detailing the setup of gateway, authentication, and protected API services, configuration files, custom permission handling, and a complete demo with Postman.
This guide walks you through integrating the lightweight Sa-Token framework into a SpringBoot project, covering dependency setup, configuration, login, role and permission checks, as well as global exception handling, with complete code examples and practical screenshots.
This article outlines the most commonly used Keycloak adapter configuration properties for Spring Security integration, explaining each setting such as realm, resource, auth-server-url, SSL requirements, CORS, bearer-only mode, and client credentials, and provides guidance on when and how to apply them.
This tutorial walks through installing Keycloak via Docker, exploring its admin console, configuring realms, users, and clients, and demonstrates both authorization code and password grant flows before integrating Keycloak with a SpringBoot application to protect APIs using OAuth2.
This article explains the principles of Single Sign‑On using OAuth2.0, illustrates the flow with a real‑world analogy, and provides a complete SpringBoot implementation for both the authorization server and client, including role‑based permission control and microservice integration.
This article explains how OpenID Connect (OIDC) builds on OAuth 2.0 to provide authentication, demonstrates a practical Keycloak integration with a Spring Boot app, and walks through a complete authorization flow for a photo‑storage service using client credentials and secure token exchange.
This guide walks you through creating a Keycloak realm, registering a client, defining roles and mappings, obtaining and refreshing JWT tokens, and configuring a Spring Boot application with the Keycloak Spring Boot starter to protect endpoints via OIDC authentication.
This article walks you through installing Keycloak 14.0.0 via Docker, configuring the admin console, creating custom realms and users, and explains core concepts such as realms, authentication, authorization, roles, groups, clients, and identity providers for practical security integration.
This article details the challenges encountered when developing WeChat H5 pages—such as authorization‑loop redirects, cross‑origin poster creation with html2canvas, iPhone 100vh scrolling bugs, and precise performance timing using window.performance—and presents practical code‑based solutions and compatibility tips for both iOS and Android devices.
Keycloak, Red Hat’s open‑source identity and access management platform, offers a comprehensive SSO solution with extensive protocols, admin UI, Spring Security integration, and customizable features, but its complexity and steep learning curve may pose challenges for smaller projects.
This article explains the fundamentals of permission management, detailing the classic RBAC0 model and its extensions RBAC1‑RBAC3, and explores how roles, users, groups, organizations, and positions interrelate in both single‑system and distributed micro‑service architectures, including practical table designs and framework options.
This article explains the fundamentals of permission management, detailing the RBAC0‑RBAC3 models, user‑role‑permission relationships, user groups, organizational and positional structures, and how to design database schemas and authorization workflows for complex distributed systems.
This guide explains why Spring Boot 2’s OAuth2 authorization code flow skips the user‑approval page, walks through the relevant source code, and shows how to customize the confirmation and login pages, configure controllers and security settings, and verify the changes with tests.
This guide explains how to use PHP‑Casbin to enforce attribute‑based access control (ABAC) by defining request, policy, and matcher sections, creating attribute‑rich objects, and calling the enforcer to obtain true or false decisions for different subjects and resources.
This article compares Apache Shiro and Spring Security, outlining each framework's features, execution flow, and strengths, and provides guidance on when to choose Shiro for lightweight, framework-agnostic projects versus Spring Security for deeper Spring integration and broader community support.
This article explains the fundamental differences between JSON Web Token (JWT) and OAuth2, describes their structures, security considerations, implementation details, and outlines appropriate scenarios for using each method to protect APIs.
Casbin is an open‑source access‑control framework that supports multiple programming languages, offers customizable request formats, role inheritance, super‑user shortcuts, and built‑in matchers, while delegating authentication and user management to other components.
This guide explains how to set up an Auth class in ThinkPHP, create the necessary database tables for groups and rules, design admin and permission tables, configure user‑group relationships, handle login sessions, and integrate the Auth class into a common controller to enforce RBAC checks.
This article explains the fundamental differences between JSON Web Tokens (JWT) and OAuth2, outlines their structures, security considerations, implementation details, and compares their advantages, drawbacks, and suitable use cases to help developers choose the appropriate method for securing APIs.
This article explains the fundamental differences between JSON Web Tokens (JWT) and OAuth 2.0, outlines their structures, roles, and grant types, compares implementation effort and risk, and provides guidance on choosing the right approach for various API security scenarios.
This tutorial explains the concept of Single Sign‑On, demonstrates a simple ticket‑based analogy, introduces JWT structure and RSA signing, and walks through a complete Spring Boot implementation—including project layout, Maven dependencies, configuration files, utility classes, custom authentication and verification filters, security configuration, and Postman testing—so readers can build a secure SSO service from scratch.
This article introduces Apache Shiro, a lightweight Java security framework, covering its authentication, authorization, cryptography, session management, core components, module functions, and overall architecture to help developers grasp its practical use in permission management.
This guide explains Kafka's authentication and authorization mechanisms, covering SASL/PLAIN and SASL/SCRAM setups, JAAS file creation, server property configuration, ACL management, and provides complete Java producer and consumer examples for secure communication.
Didi’s big‑data platform secures user access by adding a custom password‑based Hadoop authentication stored on the NameNode and managed through its Shumeng user‑management service, while enforcing column‑level, role‑based permissions via an Apache Ranger‑powered system that classifies data, generates policies, and now governs millions of assets.
The article presents a systematic, automated platform that captures, replays, and compares API requests using intelligent sampling and vertical/horizontal privilege checks to detect authorization flaws, dramatically reducing manual testing effort, uncovering over twenty issues monthly, and outlining future CI integration and AI‑enhanced detection.
This article walks through Spring Security's OAuth2 authorization flow, revealing the entry URL, key resolver and filter classes, core request‑handling logic, and how the framework redirects users to third‑party providers.
This tutorial explains the fundamentals of HTTP API authentication versus authorization, introduces Casbin's model and policy syntax for role‑based access control, and provides step‑by‑step PHP code examples to add permissions, assign roles, and enforce RBAC checks.
This article introduces the background, technical stack, core features, step‑by‑step deployment instructions, and future plans of a .NET Core and React based unified authentication and authorization system designed to replace disparate login mechanisms across multiple company applications.
This article presents a comprehensive design for WeChat Mini Program login and authorization, detailing business scenarios, silent‑login flow with token management, fault‑tolerant session handling, step‑wise UI components for user and phone permissions, and a clear front‑end/back‑end API contract within a layered architecture.
This comprehensive Spring Security guide explains core concepts of authentication and access control, details the AuthenticationManager and ProviderManager interfaces, shows how to customize authentication managers, configure authorization with AccessDecisionManager, secure web requests with filter chains, and apply method-level security, including asynchronous contexts.
This guide introduces Casbin, an efficient open‑source authorization library, outlines its supported languages, key features, what it does not handle, core concepts, installation via Composer, and provides a complete PHP example with model and policy files to enforce access control.
This article explains how to design and implement elegant RESTful APIs using ThinkJS, covering routing conventions, controller generation, custom router configuration, CRUD action mapping, token‑based authentication, permission validation with Logic layers, inheritance for reusable checks, and database operations with chainable queries.
This article introduces the role‑based access control (RBAC) model, outlines its historical development, explains its core principles and various extensions (RBAC0‑RBAC3), and discusses how RBAC simplifies permission management in software systems for enterprise.
This article explains what GraphQL is, how its type system and Relay standard work, the N+1 problem, and presents three architectural approaches—prefixing, schema stitching, and RPC composition—for integrating GraphQL into microservices, along with authentication, authorization, and routing considerations.
This article provides a comprehensive overview of the PASSPORT account system, detailing its registration process, login mechanisms, authentication methods, security challenges, system evolution, and stability considerations to guide developers in building robust and secure user identity services.
This article explains the fundamentals and extensions of role‑based access control (RBAC), covering user, role, permission, organization, and group models, authorization workflows, database schema, and common frameworks such as Apache Shiro and Spring Security for building robust permission systems.
This article explains the core RBAC0 model and its extensions (RBAC1, RBAC2, RBAC3), discusses user groups, organizations and positions, and outlines manual and approval-based authorization workflows along with a sample database schema for implementing role‑based access control in complex systems.
This guide demonstrates how to integrate Apache Shiro into a Spring Boot application, covering project setup, Maven dependencies, configuration of Redis-backed session and cache management, creation of utility and realm classes, and implementation of role‑based permission controls with example controllers and Postman testing.
This article explains Apache Shiro's core architecture, demonstrates how to create authentication tokens, configure realms with caching and hashing, and shows step‑by‑step integration with Spring MVC including filter setup and login controller code.
This article explains the fundamentals of authentication and authorization, the roles of credentials, cookies, sessions, various token types including access and refresh tokens, and details the structure, generation, and usage of JWTs, while comparing security considerations and distributed session sharing strategies.
This guide explains Kubernetes' security pipeline—authentication, authorization, and admission control—detailing token and SSL authentication, service accounts, RBAC, ABAC, Node and Webhook authorizers, and the essential admission plugins, with practical kubectl commands and configuration examples.
This article explains Apache Shiro's security architecture, demonstrates how to create authentication tokens, configure realms, use caching and hashing for password protection, and integrate Shiro with Spring MVC through XML and Java code examples.
This cheat sheet provides a concise reference of Laravel's Auth facade methods for user authentication and session handling, as well as Gate-based authorization techniques, including ability definitions, permission checks, policy generation, and controller or middleware integration.
This guide explains the concepts of apiserver clients, authentication methods, service accounts, RBAC authorization, admission control, and provides step‑by‑step instructions for installing and accessing the Kubernetes Dashboard 2.0.
This guide explains Laravel's built‑in authorization features, covering how to define and register Gates and Policies, how to check permissions via the Gate facade, middleware, controller helpers, Blade directives, and includes practical code examples for common CRUD actions.
This article explains the OAuth 2.0 authorization framework, describes its four core roles and various grant types, and demonstrates how to configure a Spring Security OAuth2 client for GitHub login, including endpoint details, request parameters, and code examples.
This guide introduces Spring Security fundamentals, explaining authentication and authorization concepts, the core interfaces such as AuthenticationManager and AccessDecisionManager, how to configure them with Spring Boot, customize filter chains, apply method‑level security, and handle thread‑bound security contexts for asynchronous processing.
This article explains REST architecture, why security is essential, and compares Basic authentication, OAuth 2.0, OAuth 2.0 + JWT, and Amazon's HTTP signature method, evaluating their scalability and load impact in a micro‑service environment.
This article explains how to implement role‑based access control in Spring Security by embedding roles into UserDetails, configuring HttpSecurity with hasRole/hasAnyRole/hasAuthority, handling anonymous users, and using permitAll, providing code examples and detailed explanations for each approach.
