JWT and RBAC permissions model

Others 2019-12-17 15:07:31 views: null

JWT

What JWT that?

Json web token (JWT) is a statement in order to pass between the network application execution environment JSON-based development standards (RFC7519), the token is designed to be compact and safe, especially for distributed sites of single sign-on (SSO )Scenes. JWT's statement is generally used to pass the authenticated user identity information among identity providers and service providers, in order to obtain resources from the server, you can also add some additional business logic other information necessary to declare that the token can be is directly used for authentication may be encrypted.

Log in keeping with the traditional authority interfaces is how to achieve?

  1. User sends the username and password to the server.
  2. After the server is verified, in the current session (session) which holds the relevant data, such as user roles, login time, and so on.
  3. Session_id a server returns to the user, the user writes Cookie.
  4. The user then every request will by Cookie, the session_id back to the server.
  5. Server receives session_id, find pre-stored data, therefore represents the user's identity.

JWT data structure

image.png

image.png

image.png

composition


image.png

JWT features

  1. JWT default are not encrypted, but also can be encrypted. After generating the original Token, the encryption key may be used again.
  2. JWT case without encryption, secret data can not be written to JWT.
  3. JWT not only can be used for authentication, it can also be used to exchange information. Effective use of JWT, the number of server queries the database can be reduced.
  4. JWT's biggest drawback is that the server does not save session state, and therefore can not be abolished in the course of a token, token or change permissions. That is, once issued JWT, will remain in effect until maturity, unless the server to deploy additional logic.
  5. JWT itself contains authentication information, when disclosed, anyone can get all the permissions of the token. To reduce theft, JWT's validity should be set relatively short. For some of the more important rights, should once again to authenticate the user during use.
  6. To reduce theft, JWT should not use the HTTP protocol transmission codes, to use the HTTPS protocol.

RBAC permissions model

Relationship based on a common model of authority

image.png

RBAC module function

image.png

RBAC access control process

image.png
Original Address: https: //www.jianshu.com/p/e0a816287789

Guess you like

Origin www.cnblogs.com/jpfss/p/12054494.html
jwt
Recommended
Arc Browser for Windows 1.0 officially GA
A programmer born in the 1990s developed a video porting software and made over 7 million in less than a year. The ending was very punishing!
Ranking
1. Select Sort
Create a thread thread
3 press to play ball that reach 6
Programmation CUDA (4) : gestion de la mémoire
SpringBoot database connection pool Druid error
E Diudiu App redesign summary
4EVERLAND Hosting now supports SNS+IPFS
About HTTPS
[vue3+vite+ts+element-plu+sass] uses bug records in sass
Interpretation of HUAWEI CLOUD GaussDB (for Influx): Best Practice Data Modeling
Daily
More
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)

Code World

© 2018 codetd.com