Evolve
1.1 stateful service
Monomers in the original system, there are service state, i.e., the server needs to be recorded per session client information, thereby identifying the identity of the client, the request process, session + cookie based on user identity. In most of today's distributed systems, exposed many shortcomings
- Server to save large amounts of data, increase the service side pressure
- The server saves the user state level can not be extended
- Client requests depend on the service side, repeated requests must access the same server
1.2 stateless service
In a distributed / micro services, stateless services is more important, namely:
- The server does not store any client information requester
- Each client must have the self-describing information request, information identifying the Client by side
What benefits is it?
- The client requests information does not depend on the service side, do not need any more requests to have access to the same services
- Server clustering and state transparent to the client
- The server can migrate any and telescopic
- Reducing the pressure storage server
Implement stateless services
The entire login process, what is the most critical point?
security token
token is the unique identifier to identify the client's identity, if encryption is not tight, it finished being forged.
How secure is the encryption using it?
We will useJWT + RSA非对称加密
JWT
1.1 Introduction
JWT, stands for Json Web Token, JSON is a lightweight style authorization and authentication specification, enabling stateless, distributed Web applications authorized; reference jwt official website
JWT data comprising three parts:
Header: the head, the head usually has two pieces of information:
- Declared type, here is the JWT
- Encryption algorithms, custom
We will head base64-encrypt (decrypt available), to give the first portion of the data
Payload: payload is valid data, typically contains the following information:
- User identity information (note that here because the use of base64 encryption, decryption, so do not store sensitive information)
- Registration Statement: As token of the issue of time, the expiration time, the issuer, etc.
This part will be base64 encrypted data to give a second portion
Signature: Signature, authentication information is the whole data. The first two steps of the general data, coupled with the service key (Secret) (not leak, preferably replaced periodically), generated by the encryption algorithm. It used to verify data integrity and reliability of the entire
Generated data:
1.2 JWT interaction flow
1, a user logs
2, the authentication service, by generating a token according to the secret
3, the generated token back to the browser
4, each request carries the user token
5, jwt interpretation service using the public key signature, the signature is valid after the determination, the user information acquired from the Payload
6, processes the request, it returns a response result
Reference: https://www.jianshu.com/p/fe67b4bb6f2c