Permission management solutions-write memo

1. JSON web token (JWT ):

A json-Based Token used to declare a claim on the network ). JWT consists of three parts: Header, payload, and signature ).

Header information specifies the signature algorithm used by the JWT:

　　header = ‘{"alg":"HS256","typ":"JWT"}‘

HS256Indicates that a signature is generated using the HMAC-SHA256.

The message body contains the intent of JWT:

Payload = '{"loggedinas": "admin", "IAT": 1422779638}' // IAT indicates the Token Generation Time.

Unsigned tokenbase64urlThe encoded header information is spliced with the message body (separated by "."), and the signature is calculated using the private key:

key = ‘secretkey‘  unsignedToken = encodeBase64(header) + ‘.‘ + encodeBase64(payload)  signature = HMAC-SHA256(key, unsignedToken) 

Finally, it is spliced at the end of the unsigned token.base64urlThe encoded signature (also separated by ".") is JWT:

Token = encodebase64 (header) + '.' + encodebase64 (payload) + '.' + encodebase64 (Signature) # token looks like this: eyjhbgcioijiuzi1niisinr5cci6ikpxvcj9.eyjsb2dnzwrjbkfzijoiywrtaw4ilcjpyxqioje0mji3nzk2mzh9.gz srasys8exbxln_ownfsrgczcmjmmjliuyu5cspyhi

JWT is often used to protect resources on the server.AuthorizationThe header is sent to the server. The server uses its own key to calculate and verify the signature to determine whether the JWT is trusted:

Authorization: bearer eyjhbgci *... <snip>... * yu5cspyhi

2. oauth2.0:
A resource authorization protocol.
3. Spring security:
Perform two tasks: authentication and authorization.

 

Permission management solutions-write memo