directory

background

The body of the

I. Responsibilities of Security:

Second, OAuth2.0 process

What is Jwt

Four,

background

In front of writing a Springboot + Security + JWT combat, and did not put the context clearly, so I want to write a security certification of the past life completely clear. Mainly from what security, OAuth2.0 process, what is Jwt to elaborate.

The body of the

I. Responsibilities of Security:

Spring Security is a Security framework provided by Spring. It provides authentication and authorization functions. The most important thing is that it provides a simple way to use, but also has high flexibility.

Security itself is a complete set of authentication and authorization solutions, but we followed the OAuth2.0 specification and introduced its implementation when we built the system. The server does not need to maintain session management, but only needs to verify the validity of tokens. The purpose of using JWT to generate tokens is to obtain user information directly by decrypting tokens, simplify the operation process of standard OAuth2.0, and also meet the actual needs of the current server architecture design.

Authentication: User Authentication. Generally, the user name and password are used to check whether the user is a legitimate entity in the system. Verify that the user name and password are valid.

Authorization: Grants resource access permissions to legitimate subjects in the system. It’s access management and access control.

SpringSecurity follows the chain of responsibility design pattern, with a long chain of filters. Define the OAuth2.0 or Jwt implementation in the filter chain.

Second, OAuth2.0 process

It is an authorization protocol, a specification, not an implementation.

Roles: Resource owner, client (third-party application), preferred server, resource server

Spring Security OAuth2: Spring’s open source implementation of OAuth2.

Specific cases such as Baidu development platform, wechat development platform

It is mainly used to obtain user information

The token or token is merely an identifier and does not contain user information

What is Jwt

JSON Web Token // is a concrete Token implementation framework

Is the implementation of token-based authentication protocol

It is used to generate tokens, verify the validity and expiration of tokens, and obtain user information

The token contains user information

Four,

Security is the base, and OAuth and Jwt are concrete implementations that work on security

OAuth2.0 is specification

JWT is the implementation of token

If our system is going to authorize a third party, implement OAuth2.0

If we want to do back-end separation, we can just implement token. JWT is just one way to implement token

The relationship between the three, I should say clearly, I hope to help you

mo4tech.com (Moment For Technology) is a global community with thousands techies from across the global hang out!Passionate technologists, be it gadget freaks, tech enthusiasts, coders, technopreneurs, or CIOs, you would find them all here.

Springboot – Security authentication security+ JWT +OAuth2.0

background

The body of the

I. Responsibilities of Security:

Second, OAuth2.0 process

What is Jwt

Four,

Springboot – Security authentication security+ JWT +OAuth2.0

background

The body of the

I. Responsibilities of Security:

Second, OAuth2.0 process

What is Jwt

Four,

Related Posts

SpringBoot source code parsing – Controller layer parameter encapsulation

An in-depth tutorial on the three concurrent features of the concurrent programming model

MyBatis three kinds of batch insertion method comparison, I recommend the third!