Backend generates public and private keys Use the RSA.ToXmlString(Boolean) method to generate public and private keys. RSACryptoServiceProvider rSA = new(); string pubKey = rSA.ToXmlString(false);//Public key string priKey = rSA.ToXmlString(true);//Private key The backend sends the generated public key to the frontend Create a get request and send the public key generated by the back-end to the […]
Tag: jwt
JAVA uses JWT to generate token
Definition JWT (JSON Web Token) In short, JWT is an encrypted string. The information transmitted by JWT is digitally signed, so the transmitted information can be verified and trusted. It is generally used to transfer the identity information of the authenticated user between the identity provider and the service provider in order to obtain resources […]
40 JAVA security-JWT security and precompiled CASE injection, etc.
Directory SQL Injection(mitigation) Demonstration case: Javaweb-SQL injection attack-precompilation mechanism bypass Javaweb-Authentication Attack-JWT Modification Forgery Attack jwt encryption and decryption: https://jwt.io/#debugger-io Through the early study of WEB vulnerabilities, I have mastered the principles and utilization of most security vulnerabilities. However, due to the differences in various scripting language development environments, new security issues will exist. Among […]
[springboot+jwt] Implement more complex token verification (with source code)
JWT official website: jwt official website link Source code address: springboot-token What is 1.jwt Json web token (JWT), is a JSON-based open standard (RFC 7519) for conveying claims between web application environments. It defines a concise, self-contained method Used to securely transfer information in the form of JSON objects between communicating parties. Because of the […]
XSS types || Defense methods || Bypass || Principle || Miscellaneous knowledge || mxss || uxss || cookie || session || jwt
XSS types || Defense methods || Bypass || Principle || Miscellaneous knowledge || mxss || uxss || cookie || session || jwt Three types of XS attacks **Reflective XSS: **Not persistent. It is a type that needs to trick users into clicking on a specific link to trigger. Usually, it is necessary to trick users […]
JWT unauthorized access vulnerability
JWT unauthorized access vulnerability Article directory JWT unauthorized access vulnerability Original reference: [xiu](http://www.xiusafe.com/2023/02/08/JWT/) 1 Shooting range setup: 2 Header composition of JWT 2.1 Head 2.1.1 alg: 2.1.2 type: 2.2 payload 2.3 Signature 3 Vulnerability recurrence 3.1 Attack point token (third level) 3.2 Parse and encrypt the token value base64 encryption method, which can only be […]
SpringBoot-jwt framework
Today I saw a jwt framework written by a big guy which is quite interesting. I tried it myself and I have to say that it looked easy but it was really not easy to do it. Fortunately, I succeeded in the end. . . (The getUserList interface is what I use to test the […]
Get user id in springboot–threadLocal && jwt
threadLocal # 1. Create a threadLocal tool class # 1. Create a threadLocal tool class public class BaseContext { public static ThreadLocal<Long> threadLocal = new ThreadLocal<>(); //Get the current id from the jwt interceptor public static void setCurrentId(Long id) { threadLocal.set(id); } //After obtaining it, bring it to the place where you want to use […]
The front end refreshes the token and determines whether the token has expired (jwt authentication)
4.1 What is JWT JWT is a solution proposed by Auth0 to implement authorization verification by encrypting and signing JSON; After successful login, the relevant user information is composed into a JSON object, and then the object is encrypted in some way and returned to the client; The client brings this Token with the next […]
One article to understand login authentication (Cookie, Session, Jwt, CAS, SSO)
1 Foreword Login authentication is an unavoidable part of any website. Before the system is officially launched, it will require access to the unified login system. On the one hand, it allows the website to only allow legal users to access. On the other hand, when users perform operations on the website, The user of […]