• Shiro + JWT authority verification


    1. What is Shiro Shiro is a very well-known authentication (Authentication) and authorization (Authorization) framework in the Java field, which is used to replace the JAAS function in JavaEE. Compared with other authentication and authorization frameworks, Shiro’s design is very simple, so it is widely acclaimed. Any JavaWeb project can use the Shiro framework, but […]

  • KubeCube user management and authentication


    forewordKubeCube (https://kubecube.io) is a lightweight enterprise-level container platform recently open-sourced by Netease Shufan, which provides enterprises with visual management of kubernetes resources and unified multi-cluster multi-tenant management functions. The KubeCube community will explain the design features and technical implementation of KubeCube through a series of technical articles to help developers and users understand and get […]

  • How to use jwt to complete the logout (logout) function


    original Magical JSON Web Tokens (JWT) JSON Web Tokens (JWT) are a stateless way of handling user authentication. What’s the meaning?JWT helps to establish authentication mechanism without storing authentication state in any storage, be it session memory or database, therefore, when checking user’s authentication state, there is no need to access session memory or perform […]

  • The application and practice of jwt in node


    Introduction: Since http is stateless, user identity information is not stored and recorded during the request response process, so there are many methods for user identification and storage of user identity, such as cookie, session, and jwt. An interface service I made recently uses jwt to store and manage user information. Compared with local cookie […]

  • Talking about Cookie, Session, Token, JWT


    What is certification?Simply put, it is to tell the server who you are (your name, gender…)Authentication in the Internet:Login with username and passwordSend login link by emailMobile phone number to receive SMS verification codeWhat is authorization?Simply put, it is the administrator’s permission to grant users accessFor example: when a mobile phone downloads a new app […]

  • Two sides of Shopee: What is JWT? How to authenticate based on JWT?


    Share the real interview questions about JWT that the group of friends encountered in the interview with Shopee. Related interview questions are as follows: What is JWT? Why use JWT? What are the parts of JWT? How to do authentication based on JWT? How does JWT prevent Token from being tampered with? How to strengthen […]

  • Follow-up on Shopee Two Sides: Advantages and Disadvantages of JWT Identity Authentication


    In this article, let’s discuss the advantages and disadvantages of JWT authentication and solutions to common problems. Advantages of JWTs Compared with Session authentication, using JWT for identity authentication has two main advantages and four advantages. no status JWT itself contains all the information required for authentication, so our server does not need to store […]

  • jwt generates token and token analysis basis


    1. jwt structure The token generated by jwt to the client (browser) contains three parts separated by “.”: header (Base64Url encoded) payload (Base64Url encoded) signature Shaped like:xxxxx.yyyyy.zzzzz 1.1 Example: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJuYW1lIjoiYW5keSIsImV4cCI6MTY1NTg5NzEwMCwiYWdlIjozMH0.32hfc-oBxGg2Lgk3QR48HCbadsbOfCUxexw9aiQ_FQk Split into 3 parts: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.(header) eyJuYW1lIjoiYW5keSIsImV4cCI6MTY1NTg5NzEwMCwiYWdlIjozMH0.(payload) 32hfc-oBxGg2Lgk3QR48HCbadsbOfCUxexw9aiQ_FQk(signature) 2. Introduction to header+payload+signature 2.1 header The header section above:eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9After base64Url decoding: { “typ”: “JWT”, “alg”: “HS256” } […]

  • Actual combat simulation│JWT login authentication


    Token authentication process As the most popular cross-domain authentication solution at present,JWT(JSON Web Token)Deeply loved by developers, the main process is as follows: Client sends account and password to request login The server receives the request and verifies whether the account password is passed After the verification is successful, the server will generate a uniquetoken, […]

  • EMQX Cloud Update: Added Redis and JWT external authentication and authorization


    Following the previous HTTP custom authentication and MySQL, PostgreSQL external authentication, recentlyEMQX CloudTwo external authentication and authorization methods, Redis and JWT, have been opened. Users can have more choices when performing authentication and authentication, and flexibly realize safer and faster access to massive devices. Flexible and diverse authentication methods As a fully managed cloud-native MQTT […]

  • Analysis of the correct posture of using JWT


    Analysis of the correct posture of using JWT For a long time, I have not used jwt correctly. After realizing this problem, I will share my most real thoughts and conclusions with you. Welcome to discuss together status quo Let me tell you how I used it before: After successful login, put userId into the […]

  • Analysis of JWT security issues


    When I researched websocket not long ago, I found that port-swigger has a new shooting range. At first glance, I found that it was about jwt security, just to summarize and recall. Introduction to JWT Json web token (JWT), a JSON-based open standard (RFC 7519) for passing claims between web application environments RFC 7519:https://datatracker.ietf.org/… He […]