This article explains why authentication loops occur when external user tokens and internal service tokens are handled together in Spring Security, and provides a step‑by‑step solution using distinct headers, custom filters, and Feign interceptors to break the cycle.
This article explains practical methods for protecting data exchanged with third‑party systems by using access tokens, timestamps, cryptographic signatures, and anti‑duplicate‑submission techniques, and provides complete Spring Boot code examples for token generation, validation, Redis storage, and request interception.
The article discusses why token transmission is discouraged in microservice authentication, proposes passing explicit parameters, compares Feign, Dubbo, and Spring Boot Web internal call approaches, and explains how to integrate these patterns with a unified gateway, regular authentication modules, and Kubernetes Ingress for scalable backend architectures.
This article demonstrates how to securely upload files to Minio, stream them for preview via KKFile without exposing the Minio endpoint, and protect download URLs with token validation, providing complete Java code examples for upload, download, and preview URL generation.
This article explains the fundamentals of QR code login, covering QR code basics, token‑based authentication, the step‑by‑step process from QR generation to device polling, scanning, confirmation, and token exchange, and discusses security considerations and implementation details for web, PC, and mobile platforms.
This article explains how to securely upload files to MinIO, generate token‑protected download links, and create kkfile preview URLs using Spring Boot, while avoiding exposure of the MinIO address and adding token authentication for enhanced security.
This article explains three backend strategies—session‑cookie, token, and JWT—to ensure an account can only be active on one device at a time, detailing the workflow, data structures, and Redis integration needed to implement forced logout across multiple endpoints.
The article compares token‑based authentication options for Java microservices—stateless JWTs, OAuth 2.0 with access and refresh tokens, a centralized API‑gateway authority, and internal service‑to‑service schemes—guiding readers on selecting the best approach according to security, scalability, and business needs.
Ensuring API data security involves encrypting transmission, using signatures, token authentication, timestamps, nonces, rate limiting, black/white lists, data masking, and parameter validation, with detailed explanations of symmetric/asymmetric encryption, HTTPS, RSA, MD5, and practical implementation steps for robust protection.
Instead of forwarding JWTs through every microservice, the gateway should validate the token, extract the userId and send it as a header, keeping internal services stateless, while developers can choose among Feign, Dubbo, or combined Spring‑Boot/Dubbo patterns, optionally using a shared auth module and Kubernetes ingress for discovery, as the optimal architecture depends on project needs.
The article compares several microservice internal‑call strategies—including token‑pass-through, Feign, Dubbo, Spring Boot Web with Dubbo, and K8s‑integrated approaches—explaining their advantages, drawbacks, and how to implement unified authentication while keeping APIs stateless and reusable.
This article explains how to replace JWT with a Redis‑backed Spring Security OAuth2 solution, detailing token storage, client types (WEB, PDA, PAD, patient app, mini‑program), password‑mode login requests, encryption of credentials, gateway filters, authentication converters, providers, token generation, persistence in Redis, and success handling, all illustrated with code snippets and diagrams.
This article explains the concepts, workflows, and key differences between Single Sign‑On (SSO) and OAuth2.0, illustrating how token‑based authentication replaces passwords, detailing typical CAS‑based SSO steps, OAuth2.0 authorization‑code flow, and clarifying related terminology and grant types.
This article traces the evolution from simple web page browsing to modern token‑based authentication, explaining the scalability and security problems of server‑side sessions and showing how signed, stateless tokens using HMAC‑SHA256 eliminate those issues while supporting horizontal scaling and cross‑platform access.
This article explains the terminology, background, goals, technical choices, workflow, and API design of a token‑based authentication solution that leverages OAuth2 password grant and JWT to provide secure, stateless, cross‑platform access for enterprise applications.
This article explains why enterprises need a standardized account management system, outlines the advantages of token‑based authentication over session‑based approaches, and details the OAuth2 and JWT design, workflow, and technical choices for building a scalable, secure, cross‑service authentication solution.
The article explains why enterprises need a unified account management system, defines key authentication terms, outlines the advantages of token‑based security, describes a complete OAuth2 password‑grant flow with JWT, and presents the technical choices and interface designs for implementing a robust, cross‑service authentication solution.
This article explains how to design an open API authentication mechanism by creating app credentials, storing them in a MySQL table, generating short‑lived access tokens with a utility class, exposing a token endpoint, and securing all /openApi/* routes with a Spring interceptor, complete with code examples.
This article outlines ten practical methods to secure API data, covering encryption of transmission, digital signing, token authentication, timestamp and nonce replay protection, rate limiting, blacklist/whitelist controls, data masking, and parameter validation, with detailed explanations and implementation steps.
The article explains how Distribution, an OCI‑compliant artifact registry, implements three authentication strategies—htpasswd, silly, and token—detailing their configuration formats, runtime checks, and request‑handling flows.
This article outlines ten practical methods for protecting API data, covering transmission encryption, digital signatures, token authentication, timestamp and nonce mechanisms, rate limiting, blacklist/whitelist controls, data masking, and parameter validation to ensure comprehensive interface security.
This article describes the challenges of fragmented user management in enterprise applications and presents a unified, standardized account management solution based on token authentication, detailing OAuth2 password flow, JWT usage, system architecture, authorization processes, credential renewal, and interface design for secure, scalable access control.
This article explains the need for a unified account management platform in enterprises, defines key authentication terms, compares session‑based and token‑based approaches, outlines a complete OAuth2 password‑grant flow with JWT tokens, and discusses technical choices, security features, and interface design for modern microservice architectures.
This document explains the need for a unified account management system in enterprise cloud platforms, defines key terminology, outlines the advantages of token‑based authentication, describes the OAuth2 password‑grant flow and JWT usage, and details the technical design, interface specifications, and credential renewal process for secure cross‑service access.
The article explains how to design a unified, token‑based authentication system for enterprise applications, covering OAuth2 password grant, JWT usage, token issuance, validation, renewal processes, and interface design, while highlighting the benefits of stateless security and cross‑service single sign‑on.
This article explains the necessity of a unified account management system for enterprise applications, defines key authentication terms, outlines the background and goals of token-based security, details the OAuth2 password‑grant flow with JWT, and discusses technical choices, interface design, and token renewal processes.
This article provides a comprehensive overview of a token‑based security authentication system, covering terminology, development background, objectives, functional points, technology selection, OAuth2 grant types, JWT fundamentals, authentication flow, credential renewal, and interface design for unified access control across microservices.
The article outlines the need for a unified account management system in enterprise platforms and details a token‑based authentication solution using OAuth2 password grant and JWT, describing its advantages, workflow, technical selection, and interface design for secure cross‑service integration.
This article outlines the design rationale, objectives, and technical choices for a unified, token‑based authentication system based on OAuth2 password grant and JWT, detailing terminology, workflow steps, security benefits, and interface specifications to enable cross‑system single sign‑on and secure access control.
This article explains why enterprises need a unified, token‑based OAuth2 authentication system, outlines its advantages over session‑based methods, describes the standard OAuth2 password flow, JWT usage, and details the authorization, authentication, and credential‑renewal processes with architectural diagrams.
This article explains the necessity of a unified account management system for enterprise applications and details a token‑based authentication solution using OAuth2 password grant and JWT, covering definitions, advantages, workflow steps, technical choices, and interface design for secure microservice integration.
This article explains practical API security techniques—including access tokens, timestamps, cryptographic signatures, and anti‑replay measures—illustrated with Java Spring Boot code, Redis storage, custom annotations, and ThreadLocal usage to protect data exchange between services.
This article explains the fundamentals of QR code login, detailing how QR codes convey identity, the token‑based authentication mechanism, and the step‑by‑step process that enables a mobile device to securely authenticate a PC session without exposing passwords.
GitHub permanently disabled password authentication for Git operations on August 13, 2021, urging developers to adopt token‑based methods such as personal access tokens, OAuth, or SSH keys, and outlines the timeline, security benefits, workflow impacts, and steps required to transition.
GitHub has ended password‑based Git authentication as of August 13 2021, mandating token‑based methods such as personal access tokens, OAuth, or SSH keys, and the article explains the timeline, security reasons, affected workflows, and steps developers must take to avoid disruption.
This article examines why enterprises need a unified account management system, explains token‑based authentication advantages, defines key OAuth2 and JWT concepts, outlines the typical token flow, and details the technical choices and process logic for secure, stateless access control across microservices.
The article explains how to secure API endpoints by combining token authentication, timestamp validation, and cryptographic signatures to prevent data tampering, replay attacks, and denial‑of‑service attempts, while offering guidance on practical trade‑offs.
This article compares token-based and signature-based API authentication methods, discusses their advantages and drawbacks, and provides complete Java code examples—including JWT token utilities, authentication interceptors, and signature verification—to help developers implement robust API security in real-world projects.
This article explains how QR code login works by describing QR code basics, token‑based authentication, and the step‑by‑step process that enables a mobile app to securely authenticate a PC or web client without transmitting passwords.
This article explains how to secure app open‑API endpoints by using HTTPS, token‑based authentication, timestamp validation, and a URL‑signature algorithm implemented in Java, including detailed steps, interception rules, and sample code for generating and verifying signatures.
This article explains how to secure mobile app open APIs by enforcing HTTPS, designing request signatures with timestamps and tokens, validating them on the server, and managing token‑UID relationships using Redis, complete with Java code examples for parameter extraction and signature generation.
This article explains how to protect API endpoints that interact with front‑end applications by using token‑based authentication, timestamp checks, and MD5 signatures, detailing the implementation of open and secured controllers, login logic, signature verification, replay‑attack mitigation, and a Spring interceptor.
This article examines the classification, security attributes, and hierarchical design of various authentication tokens for multi‑client systems, offering a layered approach that balances usage cost, change cost, and privacy while outlining practical scenarios and implementation principles.
This article explains how to construct a reliable, high‑throughput microservice platform using open‑source components such as Consul, an access layer, and token‑based multi‑tenant service discovery, covering architecture, registration, heartbeat handling, performance optimizations, high‑availability strategies, graceful shutdown, and deployment best practices.
This article explains how to design a secure token mechanism with timestamp validation, describes common DoS attack types, and provides practical Spring Boot code examples—including Redis configuration, token generation, interceptor logic, MD5 signing utilities, and ThreadLocal usage—to prevent repeat submissions and protect APIs.
This article explains common API security mechanisms such as token and user token usage, timestamp validation, signature generation, anti‑replay strategies, DoS attack types, and provides Java Spring Boot code examples for token handling, request interception, custom annotations, and ThreadLocal utilities.
This article explores the cat‑and‑mouse battle between crawlers and API endpoints, detailing how dynamic signatures, token‑based authentication, time‑bound hashes, rate‑limiting, and code obfuscation can be used to defend against scraping while also showing how attackers can reverse‑engineer and bypass these defenses.
This article demystifies QR code login by covering what QR codes are, how mobile token‑based authentication works, and the step‑by‑step flow that enables secure PC login via scanning, confirming, and token exchange.
This article examines the security challenges of mobile web marketing pages, explains how bot-driven API abuse harms users and businesses, and presents a comprehensive solution involving front‑end behavior tracking, risk‑control services, token‑based HTTPS communication, data encryption, and JavaScript obfuscation to protect against automated attacks.
This article explains the security challenges of mobile web activity pages in e‑commerce, outlines a risk‑control workflow that includes human‑verification algorithms, token‑based communication protection, data encryption, and front‑end code obfuscation, and provides a step‑by‑step technical solution to mitigate abuse and improve user experience.
This article explains token authentication, the structure and claims of JSON Web Tokens (JWT), their relationship with OAuth, and demonstrates how to create, sign, and verify JWTs in Java using the JJWT library, while also covering security best practices and useful tooling.
The internal Application Center, created in 2013, provides a unified system for naming applications, managing permissions, issuing encrypted tokens, and authenticating app identity to securely control access to configuration data and other resources, replacing fragile IP‑based restrictions with logical app‑based authorization.
