堆栈内存溢出
  简体   繁体   English

jhipster 2:认证选项有什么区别?

[英]jhipster 2 : What is the difference between the authentication option?

 原文  2015-02-09 05:42:31       spring/ authentication/ oauth/ ionic-framework/ jhipster

问题描述

I have updated the jhipster generator from version 1 to version 2. In the previous version we had to choices of authentication when generating a new project. 我已经将jhipster生成器从版本1更新到版本2.在之前的版本中,我们必须在生成新项目时选择身份验证。 We had the choice between Cookie authentication and Token authentication (with OAuth). 我们可以选择Cookie身份验证和令牌身份验证(使用OAuth)。 This was very clear for me. 这对我来说非常清楚。 But in version 2.1.1, we have now three choices : 但是在2.1.1版本中,我们现在有三种选择: 

1 > HTTP Session Authentication (stateful, default Spring Security mechanism)
2 > OAuth2 Authentication (stateless, with an OAuth2 server implementation)
3 > Token-based authentication (stateless, with a token)

I want to used the authentication both for web and mobile app (ionic-framework), which one to one between 2 and 3 ? 我想对网络和移动应用程序(离子框架)使用身份验证,在2和3之间一对一? Is this choice make my app scalable using clusters ? 这个选择是否使我的应用程序可以使用群集进 Thanks 谢谢

1 个解决方案

解决方案1
 3  2016-05-14 11:10:04

you will the basic info about jhipster authentication type here 您将在此处获得有关jhipster身份验证类型的基本信息 

http://jhipster.github.io/security/

from my personal experience in ionic-framework working with REST api of jhipster, I can say that don't use HTTP Session Authentication for mobile app (ionic-framework) because mobile apps don not play along with cookies in general which HTTP Session Authentication depends upon. 根据我在离子框架中使用jhipster的REST api的个人经验,我可以说不要对移动应用程序(离子框架)使用HTTP会话身份验证,因为移动应用程序不能与一般的HTTP会话认证所依赖的cookie一起使用根据。

Both Oauth2 and JWT work fine with ionic hybrid app Oauth2和JWT都可以与离子混合应用程序一起使用

HTTP Session Authentication HTTP会话认证

This is the "classical" Spring Security authentication mechanism, but we have improved it quite significantly. 这是“经典”Spring Security身份验证机制,但我们对其进行了相当大的改进。 It uses the HTTP Session, so it is a stateful mechanism: if you plan to scale your application on multiple servers, you need to have a load balancer with sticky sessions so that each user stays on the same server. 它使用HTTP会话,因此它是一种有状态机制:如果您计划在多个服务器上扩展应用程序,则需要使用具有粘性会话的负载均衡器,以便每个用户都保持在同一服务器上。

OAuth2 Authentication OAuth2身份验证

OAuth2 is a stateless security mechanism, so you might prefer it if you want to scale your application across several machines. OAuth2是一种无状态安全机制,因此如果要跨多台计算机扩展应用程序,可能更喜欢它。 Spring Security provides an OAuth2 implementation, which we have configured for you. Spring Security提供了我们为您配置的OAuth2实现。

The biggest issue with OAuth2 is that requires to have several database tables in order to store its security tokens. OAuth2的最大问题是需要拥有多个数据库表才能存储其安全性令牌。 If you are using an SQL database, we provide the necessary Liquibase changlog so that those tables are automatically created for you. 如果您使用的是SQL数据库,我们会提供必要的Liquibase changlog,以便为您自动创建这些表。

As Spring Security only supports OAuth2 with SQL databases, we have also implemented our own MongoDB version. 由于Spring Security仅支持带有SQL数据库的OAuth2,因此我们还实现了自己的MongoDB版本。 We generate for you all the OAuth2 implementation for MongoDB, as well as the necessary MongoDB configuration. 我们为您生成MongoDB的所有OAuth2实现,以及必要的MongoDB配置。

This solution uses a secret key, which should be configured in your application.yml file, as the "authentication.oauth.secret" property. 此解决方案使用密钥(应在application.yml文件中配置)作为“authentication.oauth.secret”属性。

JWT authentication JWT身份验证

JSON Web Token (JWT) authentication, like OAuth2, is a stateless security mechanism, so it's another good option if you want to scale on several different servers. JSON Web Token(JWT)身份验证(如OAuth2)是一种无状态安全机制,因此如果您想在多个不同的服务器上进行扩展,这是另一个不错的选择。

This authentication mechanism doesn't exist by default with Spring Security, it's a JHipster-specific integration of the Java JWT project. 使用Spring Security时,此身份验证机制不存在,它是Java JWT项目的特定于JHipster的集成。 It is easier to use and implement than OAuth2, as it does not require a persistence mechanism, so it works on all SQL and NoSQL options. 它比OAuth2更容易使用和实现,因为它不需要持久性机制,因此它适用于所有SQL和NoSQL选项。

This solution uses a secure token that holds the user's login name and authorities. 此解决方案使用保存用户登录名和权限的安全令牌。 As the token is signed, it cannot be altered by a user. 由于令牌已签名,因此用户无法更改。

The secret key should be configured in the application.yml file, as the jhipster.security.authentication.jwt.secret property. 应在application.yml文件中配置密钥,作为jhipster.security.authentication.jwt.secret属性。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 jhipster身份验证使用电子邮件登录 - jhipster authentication login with email jhipster上的身份验证控制器 - authentication controller on jhipster spring security中全局认证和本地认证的区别 - difference between global authentication and local authentication in spring security registerShutdownHook()和close()之间有什么区别 - what is the difference between registerShutdownHook() and close() DataSourceTransactionManager 和 ResourcelessTransactionManager 有什么区别? - what is the difference between DataSourceTransactionManager and ResourcelessTransactionManager? @RequestBody 和 @RequestParam 有什么区别? - What is difference between @RequestBody and @RequestParam? MockMvc 和 WebTestClient 有什么区别? - What is the difference between MockMvc and WebTestClient? PropertyOverrideConfigurer 和 PropertyPlaceholderConfigurer 有什么区别? - What is difference between PropertyOverrideConfigurer and PropertyPlaceholderConfigurer? FilterRegistrationBean和DelegatingFilterProxy有什么区别? - What is the difference between FilterRegistrationBean and DelegatingFilterProxy? @RequestMapping 和@PostMapping 有什么区别 - What is the difference between @RequestMapping and @PostMapping
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM