This article explains what JWT is, outlines its workflow, and critically examines its drawbacks—including size overhead, redundant signatures, token revocation challenges, stale data, lack of encryption, and broader security concerns—concluding that JWT is suitable only for short‑lived authorization tokens rather than long‑term session management.
This article explains the evolution from traditional cookie‑session authentication to token‑based JWT, detailing its structure, security mechanisms, implementation steps, advantages, limitations, and practical Java code examples, while also comparing it with modern authentication challenges in web and mobile environments.
This article explains what JWT is, how it works in authentication flows, and details its major drawbacks—including large token size, redundant signatures, revocation difficulties, stale data risks, and lack of encryption—while concluding that JWT may be suitable only for short‑lived, single‑use scenarios.
This article provides a comprehensive walkthrough of Single Sign‑On (SSO) concepts, common protocols, login flow diagrams, and multiple implementation options, then dives into step‑by‑step deployment of an enterprise‑grade SSO system using Keycloak with Docker or Kubernetes, including configuration, client setup, custom extensions, and practical code snippets.
This article demonstrates how to create a custom HandlerMethodArgumentResolver in Spring Boot that automatically extracts JWT token data and injects the corresponding user object—or selected fields—directly into controller method parameters, reducing boilerplate and improving code readability.
This article demonstrates how to secure a Spring Boot 2.7.7 application using JWT, Spring Security, and a custom SM4‑based PasswordEncoder, covering dependency setup, security configuration, custom authentication components, token validation filter, and a login endpoint implementation.
This article explains how HTTP's stateless nature requires session or token mechanisms for preserving user state, compares session‑based and JWT‑based authentication, details JWT structure, and provides a complete Java implementation with code examples.
This article explains the fundamentals of Role‑Based Access Control (RBAC), its model classifications, permission concepts, and user‑group usage, then demonstrates how to implement RBAC in a Spring Security application, including in‑memory authentication, JWT integration, JSON login, and password encryption techniques.
This comprehensive guide walks you through the concepts of Single Sign-On, the mechanics of JWT, RSA asymmetric encryption, and step‑by‑step integration of Spring Security with JWT, providing full Maven project setup, configuration files, utility classes, custom filters, and testing instructions for a robust distributed authentication system.
This article explains how to prevent duplicate form submissions in Java web applications by generating and validating JWT tokens on the backend, provides complete utility classes and controller examples, and includes step‑by‑step usage instructions with full source code.
This article explains the fundamentals of role‑based access control (RBAC), its model variants, and user‑group usage, then demonstrates how to configure Spring Security with in‑memory authentication, integrate JWT for stateless token‑based authentication, customize JSON login, and securely encrypt passwords using BCrypt.
This guide explains the security challenges of WebSocket, outlines a step‑by‑step JWT authentication flow, and presents three practical token‑passing techniques—including URL parameters, post‑connection messages, and sub‑protocols—while emphasizing the use of wss:// and safe token storage.
This article explains what JWT and Session are, compares their storage, state management, security, performance, cross‑domain support, expiration, use cases, logout mechanisms, and one‑time use scenarios, and helps you decide which authentication approach best suits your application’s needs.
This article explains how session‑based and token‑based (JWT) authentication work in backend applications, compares their workflows, shows practical Express.js code examples, and helps you decide which method best fits your project's security and scalability needs.
This article compares JWT and session authentication, explains their differences, advantages, and drawbacks, and provides a complete Java implementation with Redis integration, token generation, validation, renewal, and related interceptor configuration for a robust backend authentication system.
This tutorial explains RBAC concepts and model classifications, demonstrates permission and user‑group management, and provides step‑by‑step guidance for implementing Spring Security with in‑memory authentication, JWT integration, JSON login, password encryption, and database authentication using Java code examples.
jwt_tool.py is a Python toolkit that validates, forges, scans, and manipulates JSON Web Tokens, offering features such as token validity checks, testing of known CVE‑related vulnerabilities, misconfiguration scanning, claim fuzzing, secret/key verification, dictionary‑based weak‑key detection, timestamp tampering, RSA/ECDSA key reconstruction, and interactive token editing.
This article explains how to install the PHP‑JWT library with Composer, generate JSON Web Tokens using JWT::encode, validate them with JWT::decode, and configure custom expiration and not‑before times to enhance authentication security in PHP applications.
This article explains how to handle sudden login redirects caused by expired JWT access tokens in a web platform by using Axios response interceptors to automatically refresh tokens, queue failed requests, and retry them without disrupting the user experience.
This article explains how to combine Spring AOP and Spring Security in a Spring Boot 2.7.12 application to implement permission verification, covering concepts, required dependencies, custom filters, annotations, aspect logic, global exception handling, test endpoints, JWT token handling, and extensions for SpEL‑based role checks.
This comprehensive guide walks you through setting up Spring Security in a Spring Boot project, configuring password encoding, implementing JWT-based authentication, building custom login and logout endpoints, managing user details with MyBatis Plus, and applying role‑based access control with custom permission handlers, all illustrated with complete code examples.
This article explains why using JSON Web Tokens (JWT) for session handling is a flawed and risky practice, debunks common misconceptions about its benefits, outlines the security and operational drawbacks, and clarifies the scenarios where JWT can be appropriately applied.
This article explains why using JSON Web Tokens for session management is unsafe, detailing misconceptions about their benefits, highlighting security, scalability, and usability drawbacks, and finally outlining appropriate use cases such as short‑lived one‑time authorization tokens.
This article explains the fundamentals of Role‑Based Access Control (RBAC), its model variants, permission concepts, and user‑group usage, then demonstrates practical Spring Security setups ranging from simple in‑memory authentication to JWT integration, JSON‑based login, password encryption, and database‑backed authentication with full code examples.
This guide explains the limitations of traditional session authentication, introduces JSON Web Token (JWT) as a scalable cross‑domain solution, and provides step‑by‑step instructions for installing, configuring, generating, and validating JWTs in PHP applications, including supported algorithms and practical code examples.
This article explains JWT payload claims, lists standard and custom claims, shows how to generate a token with expiration in Java, and compares single‑token and double‑token renewal strategies—including OAuth 2.0 approaches and Redis‑based storage—to manage token expiration securely.
This article explains the standard JWT claims, shows how to add custom claims with Java code, and compares single‑token and double‑token renewal approaches, including practical examples such as WeChat web authorization and Redis‑based token storage.
This article summarizes a performance comparison between Spring Boot applications using virtual threads and those built with Spring WebFlux, detailing the test scenario of JWT verification and MySQL queries, the environment, code implementations, benchmark results across various concurrency levels, and concluding that WebFlux outperforms virtual‑threaded Spring Boot.
This guide explains how to protect API data exchange by implementing HTTPS, JWT, rate limiting, MAC, and symmetric encryption (AES/DES) in a Spring Boot backend, while using Vue and Axios on the frontend, including custom annotations, request/response advice, and crypto‑js utilities for end‑to‑end encryption.
This article walks through the evolution of a Spring‑based JWT token validation solution, from passing HttpServletRequest into service methods to using a custom @NeedToken annotation, reflection, a base class, and finally ThreadLocal to ensure each request’s token is safely isolated in high‑concurrency environments.
This tutorial explains how to integrate Spring Security with JWT in a Spring Boot application, covering authentication and authorization concepts, filter chain principles, project setup, dependency configuration, security configuration classes, custom token filters, and the complete request‑authentication flow.
WeBlog is a front‑end/back‑end separated blogging platform built with Spring Boot, MyBatis‑Plus, MySQL, Spring Security, JWT, Minio, and Vue 3.2 + Element Plus, offering Markdown editing, category/tag management, dashboard statistics, and a complete set of admin and front‑end features.
This article provides a comprehensive overview of authentication and authorization concepts, explains the roles of credentials, compares cookies and sessions, discusses session scaling strategies, introduces token‑based authentication and JWT structure, and highlights security considerations and common encryption algorithms.
This article walks through the complete design and implementation of a reusable permission module for a Java e‑commerce backend, covering functional design, database schema, API contracts, and key technical points such as Spring Security, JWT authentication, and Redis‑based performance optimizations.
This article explains the principles, structure, and workflow of token‑based authentication—including access and refresh tokens, JWT, CSRF attacks, same‑origin policy, cross‑origin solutions, and common encryption algorithms—highlighting their advantages, limitations, and practical usage in modern web and mobile applications.
This tutorial shows how to integrate Keycloak 21.1.1 with Spring Boot 3.1 and Spring Security, covering realm and client setup, token acquisition, Maven dependencies, JWT configuration, a protected test endpoint, and verification of authentication behavior.
This guide demonstrates how to build a Spring Cloud Gateway for microservices, covering system setup, CORS handling, rate‑limiting with the token‑bucket algorithm, password hashing with BCrypt, and secure JWT‑based authentication, complete with Maven dependencies, configuration files, and filter implementations.
This article compares JWT and session authentication, explains their differences, security and performance trade‑offs, and provides a complete Java implementation with Redis integration, guiding developers on selecting and implementing the most suitable authentication method for distributed backend systems.
This article critically examines the common misconceptions about JWT advantages, explains the security and practical drawbacks of using JWT for session management, and outlines the scenarios where JWT is appropriate, such as short‑lived, one‑time authorization tokens.
This article compares session‑based and JWT‑based authentication, discusses their advantages, disadvantages, security and performance considerations, and provides a complete Java Spring Boot implementation—including dependency configuration, utility classes, login/logout/password update logic, and interceptor handling—using Redis for token management.
This article provides a comprehensive guide to configuring Spring Security in a Java backend, covering Maven dependencies, global security settings, JWT token parsing, custom authentication providers, user details services, dynamic URL permission metadata, access decision management, and custom handlers for login, logout, and error responses, along with sample application.yml and database schema.
This article introduces the FACE-UI project, a web‑based face‑login system built with a Spring Boot backend, MySQL database, JWT authentication, and a Vue 2.x frontend, detailing setup steps, code snippets, and configuration of Tencent Cloud facial comparison API.
This article explains traditional session‑based authentication, introduces JWT and JJWT, and presents two microservice authentication patterns—service‑side verification and gateway‑side verification—detailing their workflows, code examples, advantages, drawbacks, and practical challenges.
This article explains the fundamentals of authentication and authorization, the role of credentials, the differences between cookies and sessions, various token types including access and refresh tokens, and the principles, usage, and security considerations of JSON Web Tokens (JWT).
This article explains what JSON Web Tokens are, their structure and security considerations, introduces the JJWT Java library, and provides a complete Spring Boot and Angular example—including Maven setup, Java filters, controllers, and front‑end code—to demonstrate secure token‑based authentication.
This comprehensive guide walks you through Spring Security fundamentals, setting up a Spring Boot project, configuring authentication with JWT and Redis, implementing RBAC permission management, customizing error handling, enabling CORS, and addressing CSRF, providing complete code examples and detailed explanations for secure backend development.
This article provides a step‑by‑step guide to building a Spring Cloud Gateway for microservices, covering system setup, request routing, cross‑origin handling, token‑bucket rate limiting, password hashing with BCrypt, an overview of symmetric and asymmetric encryption, and JWT‑based authentication with code examples and configuration details.
This roundup highlights key frontend engineering topics, including optimal Git workflows for monorepos, the importance of clean code communication, techniques for hybrid remote debugging on mobile devices, practical JWT token handling, and advanced CSS Painting API methods for creating irregular borders.
This tutorial walks through building a single sign‑on (SSO) solution using OAuth2, Spring Security, and JWT in a Java Spring Boot backend, covering preparation, Maven dependencies, server and client configurations, custom login pages, token handling, logout strategies, project structure, and a full demo with source code.
This article provides a step‑by‑step guide on building a Single Sign‑On solution using OAuth2, JWT tokens, and Spring Security within a Spring Boot application, covering the underlying concepts, Maven dependencies, configuration files, server setup, client integration, and logout handling.
This article explains how to design a non‑intrusive, easy‑to‑configure, fine‑grained RBAC permission system using OAuth2, JWT, and Spring Cloud micro‑services, covering architecture, expression syntax, URL patterns, and micro‑frontend integration for scalable, maintainable access control.
This article explains why enterprises need a standardized account management system, outlines the advantages of token‑based authentication over session‑based approaches, and details the OAuth2 and JWT design, workflow, and technical choices for building a scalable, secure, cross‑service authentication solution.
The brief explains how Lombok’s @Builder can clash with JSON libraries and how adding no‑args and all‑args constructors resolves it, shows how to adjust log levels at runtime via Arthas or Spring’s LoggingSystem, outlines JWT structure and security cautions, and warns of common Java 8 parallelStream performance and correctness pitfalls.
This article details the overall backend architecture, module relationships, RESTful API design, database schemas, authentication flow, activity creation process, JSON schema validation, component platform APIs, and server‑side rendering considerations for a Node.js‑based service supporting editors, components, and end‑user pages.
The article explains why enterprises need a unified account management system, defines key authentication terms, outlines the advantages of token‑based security, describes a complete OAuth2 password‑grant flow with JWT, and presents the technical choices and interface designs for implementing a robust, cross‑service authentication solution.
This tutorial walks through setting up Spring Security with JWT in a Spring Boot project, covering environment configuration, Maven dependencies, custom authentication handlers, permission evaluation, JWT filtering, and testing, providing complete code examples and explanations for building a robust backend authentication system.
This article provides an in‑depth overview of authentication, authorization, and permission control concepts and compares ten common front‑end authentication techniques—including HTTP Basic Auth, Session‑Cookie, Token, JWT, SSO, OAuth 2.0, QR‑code login and one‑click login—detailing their workflows, advantages, drawbacks, and typical usage scenarios.
This article introduces a SpringBoot-based backend scaffold that integrates JWT for authentication, Apache Shiro for authorization, Mybatis‑Plus for data access, and includes custom annotations, bcrypt password encryption, AOP transaction management, and step‑by‑step deployment instructions, targeting developers seeking a ready‑to‑use microservice starter.
This article explains the concepts, relationships, and practical implementations of authentication, authorization, and access control, and compares ten common frontend authentication methods—including HTTP Basic, Session‑Cookie, Token, JWT, SSO, OAuth, and QR‑code login—detailing their workflows, advantages, disadvantages, and suitable scenarios.
This article compares JWT and session authentication, outlines their differences, advantages, security considerations, performance impacts, and provides a complete Java implementation with Redis integration, helping developers decide the best approach for their projects.
This article explains RBAC concepts and model classifications, demonstrates basic Spring Security setup, shows how to configure in‑memory and database authentication, integrates JWT for stateless token‑based access, implements JSON‑based login, and covers password encryption with BCrypt in a Spring Boot backend.
This article compares JWT and session-based authentication, outlines their differences, security and performance trade‑offs, and demonstrates a Java backend implementation using JWT, Redis for token storage, and interceptor-based validation and renewal, providing complete code examples and practical guidance.
This article compares JWT and session authentication, discusses their differences, security, performance, and lifecycle considerations, and provides a complete Java implementation—including dependency configuration, token utilities, Redis integration, login/logout flows, password updates, and request interception—guiding developers to select the most suitable approach for their projects.
This article compares JWT and session-based authentication, detailing their differences, advantages, disadvantages, security considerations, performance impacts, and provides a complete Java implementation with token generation, Redis storage, login, logout, password update, and interceptor configuration.
This guide explains the JWT format, standard and custom claims, signature algorithms, and presents practical single‑token and double‑token renewal schemes—including a WeChat OAuth example—along with a complete PHP implementation using the tinywan/jwt library.
This article explains the fundamentals of Role‑Based Access Control (RBAC), its model variants, permission concepts, and user‑group usage, then demonstrates practical Spring Security setups including basic configuration, JWT integration, JSON‑based login, password encryption, and database authentication with complete code examples.
This comprehensive tutorial explains RBAC concepts, model classifications, and permission handling, then walks through implementing Spring Security with in‑memory authentication, JWT integration, custom JSON login filters, password encryption, and database‑backed authentication, providing complete code examples and configuration details.
This article provides a comprehensive tutorial on role‑based access control (RBAC) concepts, model classifications, permission definitions, user‑group usage, and step‑by‑step implementations of Spring Security, JWT integration, JSON login, password encryption, and database authentication with extensive code examples.
This article compares JWT and session authentication, explains their differences, outlines the authentication flows, evaluates advantages, disadvantages, security, performance and one‑time use issues, and provides a complete Java implementation with JWT, Redis, interceptor and utility classes.
This article explains why JWT is not ideal for logout and token renewal, recommends using a Redis‑backed token store, and provides three Redis‑based blacklist implementations with detailed Java code snippets for extending JwtTokenStore, custom converters, and global filters in Spring Security OAuth2.
This article introduces ten widely used frontend authentication techniques—including HTTP Basic Auth, Session‑Cookie, Token, JWT, SSO, OAuth 2.0, QR‑code login, one‑click login, and more—explaining their scenarios, advantages, and security considerations.
This tutorial walks through implementing login authentication using Spring Cloud Gateway and JWT, covering core concepts of authentication, authorization, credential handling, token generation, gateway validation, service integration, and token refresh strategies within a microservice architecture.
This article provides a comprehensive guide to Role‑Based Access Control (RBAC) concepts, model classifications, and permission management, then walks through practical Spring Security setups—including basic usage, in‑memory authentication, JWT integration, JSON‑based login, password encryption, and database‑backed authentication, complete with code snippets and diagrams.
This article provides an in‑depth guide to authentication, authorization, and access control, covering basic HTTP authentication, session‑cookie mechanisms, token‑based approaches, JWT structure, single sign‑on (SSO), OAuth 2.0 flows, unique login enforcement, QR‑code login, and one‑click mobile login, with practical code examples and diagrams.
This article provides a comprehensive guide on implementing role‑based access control (RBAC) with Spring Security, covering RBAC models, password encryption, in‑memory authentication, JWT integration, custom authentication filters for JSON login, and detailed configuration examples with full source code snippets.
This article explains RBAC concepts and model classifications, demonstrates role‑based permission management, and provides step‑by‑step guides for using Spring Security with simple authentication, JWT token generation, JSON‑based login, password encryption, and database‑backed user authentication in Java applications.
This article explains how to integrate JWT-based login authentication into a Spring Cloud micro‑service architecture using Spring Cloud Gateway, detailing the authentication flow, token generation, gateway validation, service‑side user handling, and token refresh strategies with practical code examples.
This article uses the Journey to the West story as a metaphor to explain credentials, the Cookie‑Session authentication model, and the JWT token scheme, comparing their mechanisms, advantages, disadvantages, and practical implications for modern microservice security.
This article provides a comprehensive guide to building a JWT authentication service in Java, covering JWT fundamentals, Spring Boot configuration, entity and DAO definitions, service interfaces, token generation and parsing, RSA key handling, controller endpoints, testing procedures, and a comparison with traditional session-based authentication.
This article explains why HTTP is a stateless protocol, introduces authentication and authorization concepts, and compares cookies, sessions, and token-based mechanisms such as JWT, detailing their characteristics, workflows, and security considerations for modern web applications.
This article explains how to design and implement a stateless JWT‑based authentication center in Java, covering JWT fundamentals, token structure, RSA signing, Spring Boot microservice setup, JPA entity and DAO creation, service interfaces, REST endpoints, and a comparison with traditional session authentication.
This article examines the challenges of microservice authorization and reviews common authentication solutions such as CAS SSO, distributed sessions with gateways, client‑token approaches, and finally proposes a Spring Cloud architecture combining Spring Security, OAuth2, JWT and Zuul for unified access control.
This article describes the challenges of fragmented user management in enterprise applications and presents a unified, standardized account management solution based on token authentication, detailing OAuth2 password flow, JWT usage, system architecture, authorization processes, credential renewal, and interface design for secure, scalable access control.
This article explains the need for a unified account management platform in enterprises, defines key authentication terms, compares session‑based and token‑based approaches, outlines a complete OAuth2 password‑grant flow with JWT tokens, and discusses technical choices, security features, and interface design for modern microservice architectures.
This article provides an in‑depth overview of JSON Web Tokens (JWT), explaining their structure, authentication workflow, advantages such as statelessness and CSRF protection, drawbacks like revocation difficulty, and presents practical solutions including blacklist, secret rotation, short‑lived tokens and refresh‑token strategies.
This article explains the standard JWT claims, shows how to generate a token with custom claims in Java, and compares single‑token and double‑token renewal strategies, including practical steps, Redis storage tips, and a brief overview of WeChat web authorization.
This article explains the standard JWT claims, demonstrates how to generate a token with custom claims in Java, and compares single‑token and double‑token renewal schemes, including practical steps for handling expiration, refresh logic, and Redis‑based token storage.
This document explains the need for a unified account management system in enterprise cloud platforms, defines key terminology, outlines the advantages of token‑based authentication, describes the OAuth2 password‑grant flow and JWT usage, and details the technical design, interface specifications, and credential renewal process for secure cross‑service access.
The article explains how to design a unified, token‑based authentication system for enterprise applications, covering OAuth2 password grant, JWT usage, token issuance, validation, renewal processes, and interface design, while highlighting the benefits of stateless security and cross‑service single sign‑on.
The article explains the challenges of authentication in microservice architectures and compares several solutions—including CAS single sign‑on, distributed session with Redis, client‑side token with JWT, and a recommended Spring Cloud + Spring Security + OAuth2 + JWT approach—detailing their workflows, advantages, and drawbacks.
This article provides a detailed, step‑by‑step tutorial on building a Spring Security‑based Single Sign‑On solution using JWT, covering SSO concepts, JWT structure, RSA encryption, custom authentication filters, Maven project setup, configuration files, and full code examples for both authentication and resource services.
This article provides a comprehensive 20,000‑word guide on building a Spring Security‑based single sign‑on solution using JWT, covering the SSO concept, token structure, RSA encryption, Maven project setup, configuration files, custom authentication and verification filters, and end‑to‑end testing with Postman.
This article explains what JSON Web Token (JWT) is, its underlying mechanism and data structure, compares it with traditional session authentication, and demonstrates how JWT can be used for cross‑domain single sign‑on, access/refresh token handling, and secure API authentication.
This article explains what JSON Web Tokens are, how they are composed of a header, payload, and signature, demonstrates creating and encoding each part with Base64 and Node.js, and discusses the security purpose of signatures and appropriate use cases for JWTs in web applications.
This article explains the lightweight JWT specification, demonstrates how to build a token with header, payload, and signature using Base64 encoding and Node.js, and discusses its security properties, verification process, and suitable use cases for web authentication.
This article explains the lightweight JWT specification, walks through its three-part structure (header, payload, signature), shows how to encode and sign a token with Node.js, and demonstrates using a JWT‑based link to perform a friend‑request operation without requiring the recipient to log in.
This article explains the necessity of a unified account management system for enterprise applications, defines key authentication terms, outlines the background and goals of token-based security, details the OAuth2 password‑grant flow with JWT, and discusses technical choices, interface design, and token renewal processes.
This article provides a comprehensive overview of a token‑based security authentication system, covering terminology, development background, objectives, functional points, technology selection, OAuth2 grant types, JWT fundamentals, authentication flow, credential renewal, and interface design for unified access control across microservices.
This article explains the fundamental differences between JSON Web Token (JWT) and OAuth2, describes their structures, security considerations, and provides guidance on when to choose each method for protecting API access in modern applications.
This article explains the fundamental differences between JSON Web Token (JWT) and OAuth2, describes how each works, provides code examples of JWT structure, outlines OAuth2 roles and flows, and discusses practical scenarios, advantages, and drawbacks for securing APIs.
