backup/springboot-security-jwt
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Work on blog.

Browse Source
This commit is contained in:
svlada 2016-08-26 17:47:11 +02:00
parent a438d0793b
commit 46de95ea2b
1 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
etc/blog.md
View File

@ -457,13 +457,21 @@ Token based authentication schema's became immensely popular in recent times, as
4. Reduced load on authorization server 4. Reduced load on authorization server
5. No need for distributed session store 5. No need for distributed session store
Some trade-offs have to be made with this approach:
1. More vulnerable to XSS attacks
2. Access token can contain outdated authorization claims (e.g when some of the user privileges is revoked)
3. Access tokens can grow in size in case of increased number of claims
4. File download API can be tricky to implement
In this article we'll explain approach where JWT's are used for token based authentication. In this article we'll explain approach where JWT's are used for token based authentication.
Authentication flow is very simple: Authentication flow is very simple:
1. User obtains Refresh and Access tokens by providing credentials to Authorization server 1. User obtains Refresh and Access tokens by providing credentials to Authorization server
2. User sends Access token with each request to access protected API resource 2. User sends Access token with each request to access protected API resource
3. Access token is signed and contains user identity(e.g. user id) and authorization claims. It's important to note that authorization claims will be included with Access token. 3. Access token is signed and contains user identity(e.g. user id) and authorization claims. It's important to note that authorization claims will be included with Access token.
#### WebSecurityConfig #### WebSecurityConfig