Tagged articles

290 articles

Page 1 of 3

May 30, 2026 · Information Security

Implementing Fine-Grained Permission Control with Spring Security and OAuth2 (Part 4)

This article walks through building a Spring Security resource server with OAuth2, enabling method‑level, object‑level and URL‑level permission checks using annotations like @PreAuthorize, @PostAuthorize, @PostFilter, and demonstrates configuration, utility helpers, controller examples, testing steps, best practices, and common pitfalls.

JavaOAuth2Spring Boot

0 likes · 17 min read

Implementing Fine-Grained Permission Control with Spring Security and OAuth2 (Part 4)

Coder Trainee

May 28, 2026 · Information Security

Deep Dive into JWT with Spring Security OAuth2: Token Enhancement Techniques

This tutorial explains the JWT structure, shows how to add custom claims such as user ID, department and roles, implements token blacklisting for logout, handles refresh token logic, and provides step‑by‑step code and testing instructions for a Spring Security OAuth2 authentication system.

OAuth2RedisRefresh Token

0 likes · 16 min read

Deep Dive into JWT with Spring Security OAuth2: Token Enhancement Techniques

Coder Trainee

May 27, 2026 · Information Security

Building an OAuth2 Authentication & Authorization Server with Spring Security from Scratch

This tutorial walks through why OAuth2 is needed, its advantages, the project layout, Maven dependencies, YAML configurations, Java security and JWT setup, resource‑server integration, testing steps, and a side‑by‑side comparison of the four OAuth2 grant types, all with complete code examples.

AuthenticationAuthorization ServerJava

0 likes · 21 min read

Building an OAuth2 Authentication & Authorization Server with Spring Security from Scratch

Java Architect Essentials

May 19, 2026 · Backend Development

Why Storing Tokens in Redis Is the Right Answer in Interviews

The article explains why many interviewers mock the Redis‑based token design, then systematically presents technical and security reasons—controllable logout, multi‑device SSO, high performance, dynamic permissions—and provides concrete implementation details, comparison with pure JWT, and best‑practice responses.

AuthenticationBackend SecurityRedis

0 likes · 6 min read

Why Storing Tokens in Redis Is the Right Answer in Interviews

Java Tech Enthusiast

May 14, 2026 · Information Security

Why JWT Still Needs Redis Despite Its Stateless Promise

Although JWT is marketed as a stateless, database‑free authentication method, real‑world applications often store token identifiers in Redis to handle logout, password changes, and token renewal, which reintroduces state and a database lookup.

AuthenticationRedisRefresh Token

0 likes · 6 min read

Why JWT Still Needs Redis Despite Its Stateless Promise

java1234

May 10, 2026 · Backend Development

Building a Spring Boot 4 + Vue 3 Student Archive System in 20 Minutes with Cursor AI

The article walks through creating a full‑stack university student archive management system—using Java 17, Spring Boot 4, MySQL 8 on the back end and Vue 3, Vite, Element Plus on the front end—generated in about 20 minutes with Cursor AI, and explains the architecture, role‑based access, JWT security, and data flow in detail.

AI codingCursor AIMySQL 8

0 likes · 10 min read

Building a Spring Boot 4 + Vue 3 Student Archive System in 20 Minutes with Cursor AI

Black & White Path

Apr 27, 2026 · Information Security

How I Exploited Multiple Vulnerabilities in a University System

This article details a step‑by‑step penetration test on a university’s web platform, covering XSS file uploads, JWT tampering for arbitrary login, massive personal data leakage, SQL injection payloads, and the exposure of several AK/SK secrets, all with concrete screenshots and commands.

SQL injectionSecurity ResearchXSS

0 likes · 5 min read

How I Exploited Multiple Vulnerabilities in a University System

Java Captain

Apr 21, 2026 · Backend Development

Why Storing Tokens in Redis Beats Stateless JWT in Real‑World Interviews

The article explains why many interviewers dismiss Redis‑backed token storage as a bad design, then systematically demonstrates how Redis + token offers controllable logout, multi‑device support, high performance, dynamic permission refresh, and scenario‑driven architecture choices, providing concrete response scripts and advanced enhancements for interview success.

AuthenticationInterview TipsRedis

0 likes · 6 min read

Why Storing Tokens in Redis Beats Stateless JWT in Real‑World Interviews

Coder Trainee

Apr 16, 2026 · Backend Development

Building a Tech Blog from Scratch (Part 2): Implementing Login Authentication with Spring Security and JWT

This article walks through creating a complete login authentication system—including registration, login, token refresh, and permission control—by replacing Spring Security's default session handling with JWT, configuring backend filters and utilities, and integrating a Vue 3 + Pinia front‑end with automatic token renewal.

AuthenticationSpring BootSpring Security

0 likes · 19 min read

Building a Tech Blog from Scratch (Part 2): Implementing Login Authentication with Spring Security and JWT

Coder Trainee

Apr 15, 2026 · Backend Development

Build a Tech Blog from Scratch: Spring Boot + Vue3 Full‑Stack Tutorial (Part 1)

This article launches a new series that walks through building a complete technical blog system from the ground up, detailing the chosen Spring Boot and Vue3 stack, phased feature roadmap, database schema, project structure, and initial unified response and global exception handling code.

RedisSpring BootTutorial

0 likes · 10 min read

Build a Tech Blog from Scratch: Spring Boot + Vue3 Full‑Stack Tutorial (Part 1)

Java Companion

Apr 14, 2026 · Information Security

Why Interviewers Mock Storing Tokens in Redis—and How to Answer Correctly

The article explains JWT fundamentals, why pure stateless tokens cannot be revoked, compares blacklist and whitelist Redis strategies, discusses token renewal with double‑token design, and shows how to articulate the right answer in an interview.

BlacklistRedisRefresh Token

0 likes · 13 min read

Why Interviewers Mock Storing Tokens in Redis—and How to Answer Correctly

Java Backend Technology

Apr 13, 2026 · Information Security

Why Storing JWTs in Redis Sparks Interview Controversy—and When It Makes Sense

In a recent interview question about placing authentication tokens in Redis, experts debate the trade‑offs between pure JWT statelessness and Redis‑backed session control, covering security risks, performance, token revocation, sliding expiration, and practical implementation guidelines.

Redisjwtstateless

0 likes · 13 min read

Why Storing JWTs in Redis Sparks Interview Controversy—and When It Makes Sense

dbaplus Community

Apr 8, 2026 · Information Security

Why Storing JWT Tokens in Redis Isn’t a Flaw – When and How to Do It

The article analyzes the debate over placing JWT tokens in Redis, compares traditional session and JWT approaches, discusses security and performance trade‑offs, shows practical blacklist code, and explains when a centralized store is justified versus when true stateless JWTs are preferable.

AuthenticationRedisjwt

0 likes · 13 min read

Why Storing JWT Tokens in Redis Isn’t a Flaw – When and How to Do It

Java Tech Enthusiast

Apr 8, 2026 · Information Security

Why JWT Is a Bad Choice for Session Management and Safer Alternatives

This article critically examines the pitfalls of using JSON Web Tokens (JWT) as a session mechanism, highlighting security risks, scalability issues, and practical drawbacks, while outlining when JWTs are appropriate and recommending safer session strategies.

AuthenticationSecurity RisksSession Management

0 likes · 14 min read

Why JWT Is a Bad Choice for Session Management and Safer Alternatives

Wu Shixiong's Large Model Academy

Mar 27, 2026 · Artificial Intelligence

Securing RAG Systems: A Three‑Layer Permission Framework for Banking AI

This article explains why vector databases lack row‑level security, presents a three‑layer permission architecture—including JWT authentication, Milvus metadata or partition filtering, and post‑retrieval validation—covers document security levels, PostgreSQL RLS, audit logging, caching strategies, and offers interview‑ready talking points.

MilvusPostgreSQL RLSRAG

0 likes · 18 min read

Securing RAG Systems: A Three‑Layer Permission Framework for Banking AI

Selected Java Interview Questions

Mar 22, 2026 · Information Security

Why JWT Is a Bad Choice for Session Management (And When It Works)

Although JSON Web Tokens have legitimate uses, this article explains why they are unsuitable for storing session data, detailing the security risks, scalability issues, and practical drawbacks compared to traditional session cookies, and finally outlines scenarios where JWTs are appropriate.

AuthenticationSession ManagementWeb Development

0 likes · 15 min read

Why JWT Is a Bad Choice for Session Management (And When It Works)

Java Architect Handbook

Mar 16, 2026 · Backend Development

Cookie vs Session vs Token: Master Java Authentication for Interviews

This guide outlines interview focus points, core definitions, and deep analysis of Cookie, Session, and Token (JWT), compares their storage, security, scalability, and cross‑origin support, and provides high‑frequency follow‑up questions, common variants, memory mnemonics, and selection principles for Java authentication.

AuthenticationCookieInterview

0 likes · 15 min read

Cookie vs Session vs Token: Master Java Authentication for Interviews

Senior Tony

Feb 26, 2026 · Information Security

Why Most Projects Choose Token + Redis Over Stateless JWT

Although JWT is marketed as a decentralized, stateless solution, the majority of real‑world applications still rely on a Token + Redis approach because it simplifies logout handling, avoids Redis outages, and aligns better with practical security requirements.

AuthenticationRedisToken

0 likes · 7 min read

Why Most Projects Choose Token + Redis Over Stateless JWT

Senior Tony

Jan 27, 2026 · Backend Development

Why Cookies, Sessions, Tokens, and JWT Matter for Secure Web Authentication

This article explains how HTTP's stateless nature leads to the use of cookies, sessions, tokens, and JWTs for authentication, comparing their mechanisms, security trade‑offs, and practical interaction flows with clear diagrams.

AuthenticationCookieHTTP

0 likes · 5 min read

Why Cookies, Sessions, Tokens, and JWT Matter for Secure Web Authentication

Open Source Tech Hub

Jan 21, 2026 · Information Security

JWT Explained: When to Use Stateless Tokens and What to Watch Out For

JSON Web Tokens (JWT) provide a compact, signed, self-contained way to authenticate API requests without server-side session storage, offering scalability and speed, while introducing trade-offs such as revocation challenges, token size, and exposure of unencrypted payloads, making them ideal for distributed systems but unsuitable for scenarios requiring immediate logout or sensitive data.

API SecurityAuthenticationBest Practices

0 likes · 10 min read

JWT Explained: When to Use Stateless Tokens and What to Watch Out For

Data STUDIO

Jan 14, 2026 · Backend Development

Why FastAPI Is the Ideal Choice for High‑Performance Python Microservices – A Hands‑On Guide

This article explains how FastAPI’s async support, type‑hint integration, automatic OpenAPI docs, and rich ecosystem enable Python developers to build scalable, secure microservices with layered architecture, JWT authentication, performance optimizations, comprehensive testing, Docker/Kubernetes deployment, and structured logging.

DockerFastAPIKubernetes

0 likes · 22 min read

Why FastAPI Is the Ideal Choice for High‑Performance Python Microservices – A Hands‑On Guide

Architect's Guide

Jan 11, 2026 · Information Security

10 Common Authentication Techniques Explained: From Basic Auth to OAuth and QR‑Login

This article systematically introduces ten widely used authentication methods—including HTTP Basic Auth, Session‑Cookie, Token, JWT, Single Sign‑On, OAuth 2.0, federated login, unique‑device login, QR‑code login, and one‑click mobile login—explaining their principles, workflows, advantages, drawbacks, and typical implementation libraries.

AuthenticationOAuthSSO

0 likes · 45 min read

10 Common Authentication Techniques Explained: From Basic Auth to OAuth and QR‑Login

JavaScript

Jan 1, 2026 · Information Security

Why Storing JWT in localStorage Is No Longer Safe and What to Use Instead

Storing JWT tokens in localStorage has become a serious security risk because XSS attacks can steal them, so developers should adopt safer alternatives such as HttpOnly cookies, BFF‑backed sessions, or Service Worker‑based in‑memory storage, each with its own trade‑offs.

AuthenticationBFFCSRF

0 likes · 10 min read

Why Storing JWT in localStorage Is No Longer Safe and What to Use Instead

Tech Freedom Circle

Dec 31, 2025 · Information Security

Unified SSO via Gateway: Multi‑App Auth & Authz and JWT vs Auth vs Authz

This article walks through a complete design and implementation of a unified single sign‑on system using OAuth2.0 authorization‑code flow, Spring Cloud Gateway, JWT, Redis, and Nacos, comparing JWT, authentication, and authorization while presenting performance metrics, security considerations, and interview‑ready answers.

AuthenticationAuthorizationMicroservices

0 likes · 59 min read

Unified SSO via Gateway: Multi‑App Auth & Authz and JWT vs Auth vs Authz

Code Wrench

Dec 20, 2025 · Backend Development

How to Build a High‑Performance Stateless OAuth2 Auth Server in Go

This article walks through a production‑grade OAuth2 authentication center built with Go and Gin, covering a three‑layer architecture, stateless JWT handling, key‑rotation, short‑hash token revocation, high‑availability design, and practical open‑source references.

AuthenticationGoMicroservices

0 likes · 11 min read

How to Build a High‑Performance Stateless OAuth2 Auth Server in Go

Top Architect

Dec 13, 2025 · Information Security

Why Many Developers Avoid Using JWT: Risks and Drawbacks Explained

This article introduces JSON Web Tokens (JWT), explains how they work in authentication flows, and examines their major drawbacks such as token size overhead, redundant signatures, revocation challenges, stale data risks, and lack of encryption, concluding that JWTs are suited for short‑lived claims but not for long‑term session management.

Access ControlTokenWeb Development

0 likes · 11 min read

Why Many Developers Avoid Using JWT: Risks and Drawbacks Explained

Ray's Galactic Tech

Dec 12, 2025 · Information Security

Mastering Double Token Authentication: Secure & Seamless Access for Web and Mobile Apps

This article explains the double token (Access Token + Refresh Token) authentication model, compares it with single‑token approaches, outlines production‑grade security measures, recommends token lifetimes, and provides a complete Java Spring Boot implementation with code examples.

Refresh TokenSpring Bootaccess_token

0 likes · 12 min read

Mastering Double Token Authentication: Secure & Seamless Access for Web and Mobile Apps

JavaScript

Nov 30, 2025 · Information Security

Why Storing JWT in localStorage Is a Security Nightmare and Safer Alternatives

Storing JWT tokens in localStorage, once a common practice for front‑end authentication, now poses severe XSS risks; this article explains the vulnerabilities, compares HttpOnly cookies, BFF with cookies, and Service Worker‑based solutions, and recommends safer strategies for modern web applications.

BFFCSRFHttpOnly cookie

0 likes · 11 min read

Why Storing JWT in localStorage Is a Security Nightmare and Safer Alternatives

JavaGuide

Nov 27, 2025 · Backend Development

Xiaomi Java Interview Insights: Reflection, Dynamic Proxies, Redis & JWT

The article starts by highlighting Xiaomi's competitive software developer salaries, then provides a detailed Java interview guide covering reflection fundamentals, static vs dynamic proxies, SPI vs API, synchronization behavior, Redis caching strategies, and JWT authentication, complete with code examples and practical comparisons.

Dynamic ProxyJavaRedis

0 likes · 25 min read

Xiaomi Java Interview Insights: Reflection, Dynamic Proxies, Redis & JWT

Ray's Galactic Tech

Nov 19, 2025 · Information Security

Mastering Modern Login Mechanisms: Cookies, Sessions, JWT, OAuth2 & SSO

This comprehensive guide explains why authentication is needed for stateless HTTP, walks through the workflows, advantages, and drawbacks of Cookies, Sessions, Tokens, JWTs, Refresh Tokens, blacklist strategies, and OAuth2/OAuth2.1, and provides practical security best‑practice recommendations for web, mobile, and micro‑service architectures.

AuthenticationOAuth2Session

0 likes · 12 min read

Mastering Modern Login Mechanisms: Cookies, Sessions, JWT, OAuth2 & SSO

Dunmao Tech Hub

Nov 17, 2025 · Backend Development

How to Integrate WebSocket into Spring Boot for Real‑Time Communication

This guide shows how to add Spring Boot WebSocket support, configure a server endpoint, implement lifecycle callbacks, and secure connections with JWT validation, providing a complete solution for high‑frequency real‑time data exchange.

Javabackendjwt

0 likes · 7 min read

How to Integrate WebSocket into Spring Boot for Real‑Time Communication

Java Architect Essentials

Nov 13, 2025 · Backend Development

Build a Stateless JWT Authentication System with Spring Boot 3 & Spring Security 6

This tutorial walks you through creating a scalable, stateless authentication and authorization solution for Spring Boot 3.x applications using JWT, covering project setup, token generation, method‑level security, automatic token renewal, blacklist handling, and common troubleshooting tips.

AuthenticationBlacklistJava

0 likes · 7 min read

Build a Stateless JWT Authentication System with Spring Boot 3 & Spring Security 6

JavaGuide

Nov 12, 2025 · Backend Development

Shopee Backend 2023 Salary Offers and In-Depth Interview Guide

Shopee’s 2023 backend positions offer competitive salaries ranging from 23.5k to 32k in Shenzhen, and the article provides a comprehensive interview guide covering network models, TCP handshake, HTTP/HTTPS differences, MySQL isolation levels, foreign keys, slow query optimization, JWT authentication, RBAC, and Redis sorted sets.

InterviewRedisShopee

0 likes · 31 min read

Shopee Backend 2023 Salary Offers and In-Depth Interview Guide

Top Architect

Nov 11, 2025 · Information Security

Mastering Authentication & Authorization: Cookies, Sessions, Tokens, and JWT Explained

This comprehensive guide explores the fundamentals of authentication and authorization, detailing how credentials, cookies, and sessions work together, and compares traditional session-based approaches with modern token-based solutions such as JWT, covering their mechanisms, advantages, drawbacks, and best practices for secure, scalable web applications.

AuthenticationAuthorizationSession

0 likes · 38 min read

Mastering Authentication & Authorization: Cookies, Sessions, Tokens, and JWT Explained

Open Source Tech Hub

Nov 11, 2025 · Information Security

Understanding Authentication vs Authorization: From Basics to JWT & Casbin

This article explains the fundamental differences between authentication and authorization, outlines various authentication factors, details the JWT signing process, and introduces Casbin as a powerful open‑source authorization framework, helping developers secure API access effectively.

APIAuthenticationAuthorization

0 likes · 8 min read

Understanding Authentication vs Authorization: From Basics to JWT & Casbin

Architect's Guide

Nov 9, 2025 · Information Security

Understanding Authentication, Authorization, and Tokens: From Cookies to JWT

This article explains the fundamentals of authentication, authorization, and credentials, compares cookies, sessions, and tokens, introduces JWT structure and usage, discusses common security concerns, and outlines practical solutions for distributed systems and modern web applications.

AuthenticationAuthorizationCookie

0 likes · 36 min read

Understanding Authentication, Authorization, and Tokens: From Cookies to JWT

JavaGuide

Nov 4, 2025 · Backend Development

JD Backend Salary Ranges 2024 & How to Ace the Interview

The article shares recent JD backend salary data ranging from 24k to 32k RMB per month, explains the compensation structure, and provides a step‑by‑step interview preparation guide covering project presentation, JWT, Redis, thread pools, MySQL‑Elasticsearch sync, isolation levels and performance analysis.

Backend DevelopmentInterview preparationJD

0 likes · 21 min read

JD Backend Salary Ranges 2024 & How to Ace the Interview

Spring Full-Stack Practical Cases

Oct 31, 2025 · Backend Development

How to Implement JWT Blacklist in Spring Boot 3 with Caffeine & Redis

This article explains how to build a JWT blacklist in Spring Boot 3, covering token fingerprinting, storage options using Caffeine or Redis, request interception, configuration, and sample login/logout endpoints to revoke tokens before they expire.

BlacklistCaffeineRedis

0 likes · 12 min read

How to Implement JWT Blacklist in Spring Boot 3 with Caffeine & Redis

Selected Java Interview Questions

Oct 24, 2025 · Backend Development

How to Secure a Spring Boot Application with Spring Security and JWT

This step‑by‑step guide shows how to integrate Spring Security into a Spring Boot project, configure Maven dependencies, define User, Role and Permission entities, set up MyBatis mappers, implement JWT generation and validation, and build the service, controller, and configuration layers for a complete authentication system.

AuthenticationAuthorizationBackend Development

0 likes · 28 min read

How to Secure a Spring Boot Application with Spring Security and JWT

IT Services Circle

Sep 22, 2025 · Information Security

JWT vs Token+Redis: Which Authentication Strategy Wins for Your Apps?

This article provides a comprehensive comparison of JWT and Token‑Redis authentication schemes, covering their underlying principles, Java implementations, advantages and disadvantages, performance and security trade‑offs, suitable use‑cases, and practical guidance for choosing the optimal solution in modern web and mobile applications.

AuthenticationJavaRedis

0 likes · 15 min read

JWT vs Token+Redis: Which Authentication Strategy Wins for Your Apps?

Su San Talks Tech

Sep 19, 2025 · Information Security

JWT vs Token+Redis: Which Authentication Strategy Wins for Your Backend?

This article thoroughly compares JWT and Token‑plus‑Redis authentication approaches, detailing their underlying principles, Java implementations, performance, security trade‑offs, and ideal use‑cases, and even proposes a hybrid solution that combines the strengths of both methods for modern applications.

AuthenticationTokenjwt

0 likes · 16 min read

JWT vs Token+Redis: Which Authentication Strategy Wins for Your Backend?

Architect's Tech Stack

Sep 18, 2025 · Information Security

Understanding Tokens, Sessions, Cookies, JWT, and OAuth2: A Complete Guide

This article demystifies authentication concepts—Cookie, Session, Token, JWT, and OAuth2—using clear analogies, explains their inner workings, advantages, drawbacks, and provides practical guidance on when to choose each mechanism for modern web applications.

AuthenticationCookieOAuth2

0 likes · 8 min read

Understanding Tokens, Sessions, Cookies, JWT, and OAuth2: A Complete Guide

Code Ape Tech Column

Sep 9, 2025 · Information Security

Why Using JWT for Sessions Is a Bad Idea and Safer Alternatives

This article explains why JSON Web Tokens are unsuitable for session storage, outlines the security risks and practical drawbacks, and shows the scenarios where JWTs are appropriate, helping developers make informed authentication choices.

AuthenticationSession Managementjwt

0 likes · 15 min read

Why Using JWT for Sessions Is a Bad Idea and Safer Alternatives

Selected Java Interview Questions

Sep 3, 2025 · Information Security

Cookies, Sessions, Tokens, JWT & OAuth2: Choosing the Right Secure Authentication Method

This article explains the differences, technical details, and best‑practice implementations of Cookies, Sessions, Tokens, JWT and OAuth 2.0, helping developers decide which authentication mechanism fits various web and API scenarios while addressing security considerations.

AuthenticationOAuth2Session

0 likes · 11 min read

Cookies, Sessions, Tokens, JWT & OAuth2: Choosing the Right Secure Authentication Method

Architecture Digest

Aug 27, 2025 · Backend Development

How to Implement Seamless Token Refresh in Spring Boot & Axios

This article explains how to implement seamless, invisible token refresh in a Spring Boot authentication server and a Vue/axios frontend, covering gateway interceptors, JWT expiration handling, Axios response interceptors, timer‑based proactive refresh, and complete code examples for both backend and client sides.

axiosbackendjwt

0 likes · 23 min read

How to Implement Seamless Token Refresh in Spring Boot & Axios

Lobster Programming

Aug 25, 2025 · Information Security

Storing User Sessions in SSO: Cookie+Session, Redis, and JWT Solutions

This article explains common approaches for storing user login state in distributed single sign‑on systems, covering the simple cookie‑plus‑session method, session storage in Redis for high‑availability, and token‑based JWT solutions, while discussing their architectures, advantages, and potential drawbacks.

Session ManagementSingle Sign-Onjwt

0 likes · 6 min read

Storing User Sessions in SSO: Cookie+Session, Redis, and JWT Solutions

Su San Talks Tech

Aug 23, 2025 · Information Security

Cookie, Session, Token, JWT, OAuth2: Which One Fits Your Project?

This article demystifies the differences between Cookie, Session, Token, JWT, and OAuth2, explains their underlying mechanisms, shows practical Spring code examples, compares their security properties and suitable scenarios, and provides clear guidance on choosing the right authentication strategy for modern web applications.

CookieOAuth2Session

0 likes · 13 min read

Cookie, Session, Token, JWT, OAuth2: Which One Fits Your Project?

Code Wrench

Aug 23, 2025 · Backend Development

How to Build a Unified Authentication & Authorization System for Microservices with easyms

Learn how to design and implement a unified authentication and authorization system for complex microservice architectures using the open‑source easyms project, covering core components, JWT handling, token revocation, API‑gateway integration, security best practices, and extensible features.

AuthenticationAuthorizationMicroservices

0 likes · 7 min read

How to Build a Unified Authentication & Authorization System for Microservices with easyms

Code Mala Tang

Jul 24, 2025 · Information Security

Boost FastAPI Security: OAuth2, JWT, RBAC, Refresh Tokens & MFA

This guide explains how to secure FastAPI applications using OAuth2 with JWT, role‑based access control, refresh‑token workflows, multi‑factor authentication, and integration with external providers such as Auth0, Keycloak, and Firebase.

AuthenticationFastAPIMFA

0 likes · 9 min read

Boost FastAPI Security: OAuth2, JWT, RBAC, Refresh Tokens & MFA

Architect

Jul 19, 2025 · Backend Development

How to Enforce Single-Device Login and Auto Token Refresh with Spring Boot 3, JWT, and Redis

Learn how to build a secure authentication system in Spring Boot 3 that restricts each user to a single active session, stores tokens in Redis, and implements automatic JWT token refresh, with detailed code examples and step‑by‑step explanations.

Backend SecurityRedisSpring Boot

0 likes · 11 min read

How to Enforce Single-Device Login and Auto Token Refresh with Spring Boot 3, JWT, and Redis

Selected Java Interview Questions

Jul 10, 2025 · Information Security

Is JWT Really Secure? Pros, Cons, and Common Pitfalls Explained

This article demystifies JSON Web Tokens (JWT), explaining how they work, outlining their advantages and disadvantages, and highlighting security and implementation concerns that developers should consider before using JWT in production environments.

AuthenticationTokenWeb Development

0 likes · 7 min read

Is JWT Really Secure? Pros, Cons, and Common Pitfalls Explained

macrozheng

Jul 7, 2025 · Backend Development

Mastering RBAC with Spring Security and JWT: A Hands‑On Guide

This article walks through the fundamentals of role‑based access control (RBAC), explains RBAC model variants, demonstrates how to configure Spring Security with in‑memory, database, and JWT authentication, and shows JSON‑based login and password encryption techniques for secure backend development.

AuthenticationRBACSpring Security

0 likes · 15 min read

Mastering RBAC with Spring Security and JWT: A Hands‑On Guide

Code Mala Tang

Jul 7, 2025 · Backend Development

Secure FastAPI APIs with JWT: Step‑by‑Step Guide & Best Practices

This tutorial explains the fundamentals of JSON Web Tokens, their structure, how to encode them with base64Url, and provides a complete FastAPI implementation—including installation, token generation, verification, protected routes, and practical security recommendations—for building robust authentication in distributed systems.

AuthenticationBackend DevelopmentFastAPI

0 likes · 10 min read

Secure FastAPI APIs with JWT: Step‑by‑Step Guide & Best Practices

Top Architect

Jul 4, 2025 · Information Security

How to Secure JWT Tokens: Preventing Theft, Replay, and Forgery

With the rise of digital economies, token security—especially JWT—has become critical; this article compares token and traditional session authentication, outlines token-based authentication flow, identifies theft, replay, and forgery threats, and presents comprehensive safeguards such as HTTPS, encryption, secure storage, expiration policies, 2FA, and safe refresh mechanisms.

Information Securityjwttoken security

0 likes · 14 min read

How to Secure JWT Tokens: Preventing Theft, Replay, and Forgery

Java Architect Essentials

Jul 2, 2025 · Information Security

How to Bulletproof JWTs: Prevent Token Theft, None Attacks, and Brute‑Force

This article examines common JWT vulnerabilities—including token exposure via localStorage, algorithm‑tampering “none” attacks, weak signing keys, and lack of revocation—and presents a robust solution using HTTPS transmission, HttpOnly Secure cookies, SM9 cryptographic signatures, and a Redis‑based blacklist to achieve dramatically improved security.

FlaskPythonSM9

0 likes · 12 min read

How to Bulletproof JWTs: Prevent Token Theft, None Attacks, and Brute‑Force

php Courses

Jun 26, 2025 · Backend Development

Build a Full JWT Authentication System in Native PHP Without Frameworks

Learn how to implement a complete JWT authentication workflow in pure PHP—from generating and verifying tokens, creating a simple login system, protecting routes with middleware, to adding token refresh logic—while covering essential security best practices without relying on any framework.

backendjwt

0 likes · 8 min read

Build a Full JWT Authentication System in Native PHP Without Frameworks

Java Backend Technology

Jun 25, 2025 · Information Security

How to Seamlessly Refresh JWT Tokens: Backend and Frontend Strategies

This article explains why sudden logouts occur due to expired JWT tokens stored in Redis, and presents both backend automatic token renewal and frontend double‑token (access‑token and refresh‑token) approaches, complete with code examples, testing tips, and handling edge cases such as long‑idle form submissions.

Authenticationbackendjwt

0 likes · 10 min read

How to Seamlessly Refresh JWT Tokens: Backend and Frontend Strategies

Java Tech Enthusiast

Jun 22, 2025 · Backend Development

How to Implement Seamless Token Refresh in Spring Boot for Continuous User Sessions

This article explains how to achieve invisible token renewal in modern web systems using Spring Boot, JWT, and Redis, detailing backend auto‑renewal, frontend interception, dual‑token strategies, and handling edge cases like silent form timeouts to keep user sessions uninterrupted.

Spring BootVue.jsjwt

0 likes · 9 min read

How to Implement Seamless Token Refresh in Spring Boot for Continuous User Sessions

Architecture Digest

Jun 20, 2025 · Backend Development

How to Implement Seamless Token Refresh in Java Backend with JWT

This article explains why silent token refresh is needed, outlines backend and front‑end strategies for automatically renewing JWTs, provides a complete Java implementation with Maven dependencies, utility methods, unit tests, and discusses handling edge cases such as long‑idle forms.

AuthenticationJavabackend

0 likes · 10 min read

How to Implement Seamless Token Refresh in Java Backend with JWT

JavaScript

Jun 19, 2025 · Information Security

Why Storing JWT in localStorage Is Dangerous and Safer Alternatives for 2025

Storing JWT tokens in localStorage, once a common practice for front‑end authentication, now poses severe XSS risks, prompting developers to adopt more secure methods such as HttpOnly cookies with SameSite protection, BFF‑backed session cookies, or Service Worker‑based token handling, each with trade‑offs.

BFFCSRFService Worker

0 likes · 8 min read

Why Storing JWT in localStorage Is Dangerous and Safer Alternatives for 2025

Open Source Tech Hub

Jun 15, 2025 · Backend Development

Secure WebSocket Connections with JWT Using GatewayWorker and PHP

This guide explains how to implement JWT‑based authentication for WebSocket connections in PHP using the GatewayWorker framework, covering token generation, server‑side validation, client‑side usage, and practical code examples.

AuthenticationGatewayWorkerPHP

0 likes · 5 min read

Secure WebSocket Connections with JWT Using GatewayWorker and PHP

Java Captain

Jun 3, 2025 · Information Security

Integrating Spring Security with Spring Boot for JWT Authentication and Authorization

This article demonstrates how to integrate Spring Security into a Spring Boot application, configure JWT‑based authentication, implement custom AES encryption, define user and role entities, set up service and controller layers, and configure security, filter, and CORS settings to achieve secure login and permission management.

AuthenticationAuthorizationJava

0 likes · 19 min read

Integrating Spring Security with Spring Boot for JWT Authentication and Authorization

Code Ape Tech Column

May 27, 2025 · Information Security

Combining JWT and Session for Secure and Scalable User Authentication

This article explains how JWT provides stateless authentication while Session adds an extra security layer and lifecycle management, and demonstrates their combined use with Java code to achieve both scalability and fine‑grained control over user sessions.

AuthenticationJavaSession

0 likes · 8 min read

Combining JWT and Session for Secure and Scalable User Authentication

Lin is Dream

May 16, 2025 · Backend Development

Mastering Authentication & Authorization: From Basic Auth to JWT and RBAC

This beginner-friendly guide explains core authentication mechanisms, the OAuth2.0 flow, token types, the role of refresh tokens, JWT pitfalls, and RBAC design, providing a solid foundation for secure backend development.

AuthenticationAuthorizationBackend Development

0 likes · 5 min read

Mastering Authentication & Authorization: From Basic Auth to JWT and RBAC

Top Architect

May 7, 2025 · Information Security

Understanding JWT Token Security and Mitigation Strategies

This article explains the fundamentals of JSON Web Tokens (JWT), compares token‑based authentication with traditional session authentication, outlines common security threats such as theft, replay and forgery, and provides practical mitigation measures including HTTPS, token encryption, secure storage, expiration policies, two‑factor authentication and safe token refresh mechanisms.

AuthenticationInformation SecurityWeb Development

0 likes · 14 min read

Understanding JWT Token Security and Mitigation Strategies

Top Architect

Apr 21, 2025 · Information Security

Understanding JWT Token Security and Mitigation Strategies

This article explains the fundamentals of JSON Web Tokens (JWT), compares token‑based authentication with traditional session authentication, outlines common token security threats such as theft, replay, and forgery, and presents practical mitigation measures including HTTPS, encryption, secure storage, short expiration, MFA, and safe token refresh mechanisms.

AuthenticationHTTPSInformation Security

0 likes · 14 min read

Selected Java Interview Questions

Apr 8, 2025 · Backend Development

Authentication Implementation: Choosing Between JWT and Session in Backend Development

This article explains the technical selection between JWT and session for authentication, compares their differences, advantages, and disadvantages, and provides a complete Java implementation—including token generation, Redis storage, login/logout, password update, and request interception—demonstrating why JWT was chosen for a distributed backend system.

AuthenticationRedisSession

0 likes · 13 min read

Authentication Implementation: Choosing Between JWT and Session in Backend Development

Architect

Apr 6, 2025 · Information Security

Technical Selection and Implementation of Authentication: JWT vs Session

This article compares JWT and session-based authentication, detailing their differences, certification processes, advantages, disadvantages, security considerations, performance impacts, token renewal, and revocation strategies, and provides a complete Java implementation using Spring, Redis, and custom utility classes.

AuthenticationJavaRedis

0 likes · 12 min read

Technical Selection and Implementation of Authentication: JWT vs Session

Code Mala Tang

Apr 5, 2025 · Information Security

Secure FastAPI APIs with JWT: Step‑by‑Step Authentication & Role‑Based Authorization

Learn how to implement stateless JWT authentication and role‑based authorization in FastAPI, covering token structure, installation of PyJWT, creating login and protected endpoints, custom dependencies, and testing via Swagger UI, while highlighting security benefits and best practices for robust backend APIs.

AuthorizationFastAPIPython

0 likes · 11 min read

Secure FastAPI APIs with JWT: Step‑by‑Step Authentication & Role‑Based Authorization

Spring Full-Stack Practical Cases

Mar 9, 2025 · Backend Development

Spring Boot 3 Security Tutorial: AOP, Custom Annotations & JWT

This article presents a continuously updated collection of over 100 Spring Boot 3 practical cases, demonstrating how to implement permission authentication using Spring AOP, custom annotations, JWT utilities, interceptors, a global exception handler, a security context, and a custom argument resolver, complete with test examples and screenshots.

AOPJavaSpring Boot

0 likes · 12 min read

Spring Boot 3 Security Tutorial: AOP, Custom Annotations & JWT

Rare Earth Juejin Tech Community

Feb 27, 2025 · Frontend Development

Token Silent Refresh in Frontend Development: Concepts, Strategies, and Implementation

This article explains the fundamentals of token‑based authentication, the drawbacks of fixed token lifetimes, and presents multiple silent‑refresh techniques—including double‑token mechanisms, front‑end timers, server‑side proactive refresh, and concurrency‑safe lock strategies—along with practical code examples and performance considerations for high‑concurrency scenarios.

axiosjwtsilent refresh

0 likes · 15 min read

Token Silent Refresh in Frontend Development: Concepts, Strategies, and Implementation

Architect's Guide

Feb 21, 2025 · Information Security

Technical Selection and Implementation of Authentication: JWT vs Session in a Java Backend

This article compares JWT and session authentication, discusses their differences, advantages, security and performance considerations, and provides a complete Java implementation with Redis integration, including token generation, validation, renewal, and interceptor configuration for secure backend services.

JavaRedisbackend

0 likes · 13 min read

Technical Selection and Implementation of Authentication: JWT vs Session in a Java Backend

Architect's Guide

Jan 25, 2025 · Information Security

Understanding Session and Token‑Based Authentication with JWT in Java

This article explains the stateless nature of HTTP, compares session‑based and token‑based authentication, describes JWT structure and security considerations, and provides Java code examples for implementing login, token generation, verification, and extraction in a backend application.

Javabackendjwt

0 likes · 8 min read

Understanding Session and Token‑Based Authentication with JWT in Java

Top Architect

Jan 9, 2025 · Information Security

Understanding JWT Token Security and Mitigation Strategies

This article explains the fundamentals of JSON Web Tokens (JWT), compares token‑based authentication with traditional session methods, outlines common token security threats such as theft, replay and forgery, and provides practical measures—including HTTPS, encryption, secure storage, expiration policies, two‑factor authentication, and safe token refresh—to protect token integrity in modern web applications.

jwttoken security

0 likes · 12 min read

dbaplus Community

Dec 29, 2024 · Information Security

Why Many Developers Warn Against Using JWTs for Authentication

This article explains what JSON Web Tokens are, outlines their typical usage flow, and critically examines their drawbacks such as size overhead, redundant signatures, revocation challenges, stale data, lack of encryption, and broader security concerns.

AuthenticationSession ManagementToken Revocation

0 likes · 6 min read

Why Many Developers Warn Against Using JWTs for Authentication

Eric Tech Circle

Dec 16, 2024 · Backend Development

Implementing Secure Double‑Token Authentication in WeChat Mini‑Programs

This article explains the design and implementation of a dual‑token authentication system—short‑lived AccessToken and long‑lived RefreshToken—for WeChat Mini‑Programs, covering token generation, login flow, client‑side handling of 401/403 errors, and best‑practice testing strategies.

API SecurityAccessTokenAuthentication

0 likes · 6 min read

Implementing Secure Double‑Token Authentication in WeChat Mini‑Programs

Top Architect

Nov 27, 2024 · Information Security

Understanding RBAC and Implementing Spring Security with JWT in Java

This article explains the concepts and models of Role‑Based Access Control (RBAC), demonstrates how to configure RBAC permissions in Spring Security, and provides step‑by‑step Java code for integrating JWT authentication, password encryption, and custom login filters for secure backend development.

Backend DevelopmentJavaRBAC

0 likes · 18 min read

Understanding RBAC and Implementing Spring Security with JWT in Java

Top Architect

Nov 23, 2024 · Backend Development

RBAC Permission Analysis and Spring Security Tutorial with JWT Integration

This comprehensive tutorial explains RBAC concepts and models, demonstrates basic Spring Security setup, shows how to integrate JWT for stateless authentication, covers JSON‑based login, password encryption with BCrypt, and database‑backed authentication, providing full code examples for each step.

JavaRBACSpring Security

0 likes · 16 min read

RBAC Permission Analysis and Spring Security Tutorial with JWT Integration

Huolala Tech

Nov 19, 2024 · Information Security

Understanding JWT Security Risks and How to Test Them

This article explains the structure of JSON Web Tokens, outlines common attack vectors such as algorithm confusion, weak keys, replay, and header injection, and provides practical mitigation strategies and a testing checklist with recommended security tools.

Information SecurityReplay attackalgorithm confusion

0 likes · 13 min read

Understanding JWT Security Risks and How to Test Them

37 Interactive Technology Team

Nov 11, 2024 · Information Security

Background, Definition, Structure, and Authentication Process of JWT (JSON Web Token)

JSON Web Token (JWT) is a compact, self‑contained, stateless token that encodes header, payload, and signature in Base64URL, enabling secure, signature‑verified authentication without server‑side session storage, simplifying scaling, supporting cross‑domain use, while offering advantages like lightweight extensibility and drawbacks such as revocation difficulty and secret‑key reliance.

AuthenticationAuthorizationJSON

0 likes · 16 min read

Background, Definition, Structure, and Authentication Process of JWT (JSON Web Token)

Java Architecture Stack

Nov 6, 2024 · Information Security

Mastering Apache Shiro: Core Concepts, Real‑World Usage, and JWT Microservice Integration

This article explains Apache Shiro’s fundamental components—Subject, SecurityManager, Realm, Session, authentication, authorization, and cryptography—then walks through a complete configuration example, a custom Realm, JWT integration, and a Spring Boot microservice scenario to illustrate secure, stateless authentication and fine‑grained permission control.

Apache ShiroAuthenticationAuthorization

0 likes · 13 min read

Mastering Apache Shiro: Core Concepts, Real‑World Usage, and JWT Microservice Integration

Java Tech Enthusiast

Nov 3, 2024 · Backend Development

Explore WeBlog: A Spring Boot & Vue 3.2 Full‑Stack Blog Platform

WeBlog is a Spring Boot and Vue 3.2 based full‑stack blog that combines a MySQL‑backed backend with JWT authentication, MinIO storage, and a hand‑crafted Element Plus admin UI, offering markdown publishing, analytics dashboards, and open‑source repository links for developers to explore.

Element PlusFull-Stack BlogSpring Boot

0 likes · 6 min read

Explore WeBlog: A Spring Boot & Vue 3.2 Full‑Stack Blog Platform

Huolala Safety Emergency Response Center

Oct 31, 2024 · Information Security

Understanding JWT Attack Surfaces and How to Test Them

This article explains the structure of JSON Web Tokens, enumerates common attack vectors such as algorithm confusion, weak keys, replay, header injection, and provides practical mitigation steps and a step‑by‑step testing methodology with relevant tools and code examples.

AuthenticationInfoSecJSON Web Token

0 likes · 14 min read

Understanding JWT Attack Surfaces and How to Test Them

Top Architect

Oct 29, 2024 · Information Security

Understanding JWT Token Security: Threats and Mitigation Strategies

This article explains the fundamentals of JSON Web Tokens (JWT), compares token‑based authentication with traditional session authentication, outlines common security threats such as theft, replay and forgery, and provides practical mitigation measures including HTTPS, token encryption, secure storage, short expiration, two‑factor authentication and safe token refresh mechanisms.

jwttoken security

0 likes · 13 min read

Spring Full-Stack Practical Cases

Oct 24, 2024 · Backend Development

Master Fine-Grained Permission Control in Spring Boot 3 with JWT and SpEL

This article demonstrates how to implement fine‑grained permission checks in Spring Boot 3 without using Spring Security, by creating custom HandlerInterceptors, JWT utilities, DAO and service layers, and integrating SpEL expressions for dynamic authorization, complete with code snippets and test results.

Backend DevelopmentSpring Boothandlerinterceptor

0 likes · 13 min read

Master Fine-Grained Permission Control in Spring Boot 3 with JWT and SpEL

Lobster Programming

Oct 23, 2024 · Backend Development

How to Enforce Single-Device Login with Session, Token, and JWT

This article explains three backend strategies—session‑cookie, token, and JWT—to ensure an account can only be active on one device at a time, detailing the workflow, data structures, and Redis integration needed to implement forced logout across multiple endpoints.

RedisSession ManagementSingle Sign-On

0 likes · 6 min read

How to Enforce Single-Device Login with Session, Token, and JWT

Top Architect

Oct 2, 2024 · Backend Development

Combining JWT and Session for Secure User Authentication

This article explains how JWT provides stateless user authentication while Session adds an extra security layer and state management, detailing their individual roles, reasons for using Session, combined benefits, and includes Java code examples for implementing login and token validation.

Sessionjwt

0 likes · 9 min read

Combining JWT and Session for Secure User Authentication

Selected Java Interview Questions

Sep 26, 2024 · Information Security

Understanding JWT Token Security: Threats and Mitigation Strategies

This article explains the fundamentals of JSON Web Tokens (JWT), compares token‑based authentication with traditional session authentication, outlines common security threats such as theft, replay, and forgery, and presents practical measures—including HTTPS, encryption, secure storage, short lifetimes, two‑factor authentication, and safe token refresh—to protect token integrity in modern web applications.

Access ControlAuthenticationWeb Security

0 likes · 14 min read

Top Architect

Sep 18, 2024 · Backend Development

Combining JWT and Session for Secure User Authentication

This article explains the distinct roles of JWT and Session in user authentication, why a Session layer is needed alongside JWT, and demonstrates with Java code how to create and validate tokens while managing session state for enhanced security and scalability.

JavaSessionjwt

0 likes · 9 min read

Architect

Sep 16, 2024 · Backend Development

Seamless Token Refresh in Spring Boot & Axios: Full Implementation Guide

This article explains how to implement invisible token refresh for authentication servers using Spring Boot gateway filters, JWT handling, Axios interceptors, and a client‑side timer, compares client‑ and server‑side approaches, and provides complete code examples and practical recommendations.

AuthenticationSpring Bootaxios

0 likes · 21 min read

Seamless Token Refresh in Spring Boot & Axios: Full Implementation Guide

Architecture Digest

Sep 8, 2024 · Information Security

Combining JWT and Session for Secure Authentication and State Management

This article explains how JWT provides stateless user authentication while Session adds an extra security layer and state management, detailing their respective roles, the reasons for using Session alongside JWT, and offering Java code examples that illustrate their combined implementation.

AuthenticationJavaSession

0 likes · 7 min read

Combining JWT and Session for Secure Authentication and State Management

Top Architect

Sep 1, 2024 · Information Security

Understanding JWT Token Security: Threats and Protection Strategies

This article explains the fundamentals of JSON Web Tokens (JWT), compares token-based authentication with traditional session methods, outlines common security threats such as theft, replay and forgery, and provides practical measures—including HTTPS, encryption, proper storage, expiration policies, and two-factor authentication—to safeguard token integrity.

AuthenticationInformation SecurityWeb Development

0 likes · 13 min read

Understanding JWT Token Security: Threats and Protection Strategies

Architect

Aug 26, 2024 · Information Security

Understanding JWT Token Security: Threats and Mitigation Strategies

This article explains the fundamentals of JSON Web Tokens (JWT), compares token-based authentication with traditional session methods, outlines common security threats such as theft, replay and forgery, and provides practical mitigation measures including HTTPS, encryption, secure storage, short lifetimes, two‑factor authentication, and safe token refresh strategies.

AuthenticationInformation SecurityWeb Security

0 likes · 12 min read

Rare Earth Juejin Tech Community

Aug 26, 2024 · Information Security

Why JWT May Not Be Suitable for My System and a Comparison with Token+Redis

The article explains JWT fundamentals, shows how to integrate it with SpringBoot, compares JWT with a Token‑plus‑Redis approach, and argues why using JWT alone can be problematic in a system that already relies on Redis for session management.

AuthenticationRedisSpringBoot

0 likes · 11 min read

Why JWT May Not Be Suitable for My System and a Comparison with Token+Redis

Top Architect

Aug 25, 2024 · Information Security

RBAC Permission Analysis and Spring Security Integration with JWT

This article explains the concepts of role‑based access control (RBAC), compares RBAC models, shows how to configure permissions and user groups, and provides step‑by‑step code examples for integrating Spring Security with JWT, JSON login, password encryption and database authentication in Java backend applications.

Access ControlBackend DevelopmentJava

0 likes · 20 min read

RBAC Permission Analysis and Spring Security Integration with JWT

Open Source Tech Hub

Aug 20, 2024 · Information Security

How to Implement Secure JWT Double‑Token (Access & Refresh) Authentication in PHP

This guide explains the JWT standard, its three‑part structure, the authentication flow, and a double‑token solution using short‑lived access tokens and long‑lived refresh tokens, with full PHP code examples, middleware interception, configuration, and client‑side renewal logic.

AuthenticationBackend SecurityPHP

0 likes · 12 min read

How to Implement Secure JWT Double‑Token (Access & Refresh) Authentication in PHP

Su San Talks Tech

Aug 19, 2024 · Information Security

Mastering RBAC with Spring Security and JWT: A Complete Guide

This tutorial walks through RBAC fundamentals, model classifications (RBAC0‑3), permission and user‑group concepts, then demonstrates practical Spring Security setups including in‑memory authentication, JWT integration, JSON‑based login, password encryption with BCrypt, and database‑backed authentication, providing complete code examples.

AuthenticationAuthorizationJava

0 likes · 19 min read

Mastering RBAC with Spring Security and JWT: A Complete Guide

Java Tech Enthusiast

Aug 8, 2024 · Information Security

Token Authentication Strategies for Java Microservices

The article compares token‑based authentication options for Java microservices—stateless JWTs, OAuth 2.0 with access and refresh tokens, a centralized API‑gateway authority, and internal service‑to‑service schemes—guiding readers on selecting the best approach according to security, scalability, and business needs.

JavaOAuth2api-gateway

0 likes · 7 min read

Token Authentication Strategies for Java Microservices

Code Ape Tech Column

Jul 31, 2024 · Information Security

Designing User Authentication in Microservice Architecture with JWT and Spring Cloud Gateway

This article explains traditional session‑based authentication, introduces JWT and JJWT usage with Java code examples, and compares two microservice authentication designs—service‑side verification and API‑gateway unified verification—while discussing their trade‑offs, challenges, and practical implementation tips.

AuthenticationJavajwt

0 likes · 15 min read

Designing User Authentication in Microservice Architecture with JWT and Spring Cloud Gateway

Java Architect Essentials

Jul 30, 2024 · Backend Development

Transparent Token Refresh: Client‑Side and Server‑Side Implementations

This article explains how to implement seamless, invisible token refresh for authentication systems, covering client‑side strategies using Axios interceptors and timers, server‑side gateway filters with Spring Boot, code examples for detecting token expiration, obtaining new tokens, and choosing between client and server approaches based on security and performance considerations.

AuthenticationTokenaxios

0 likes · 23 min read

Transparent Token Refresh: Client‑Side and Server‑Side Implementations