All geek questions in one place

Jhipster 2: What is the difference between an authentication parameter?

I updated the jhipster generator from version 1 to version 2. In the previous version, we had to choose authentication when creating a new project. We had a choice between Cookie authentication and Token authentication (with OAuth). It was very clear to me. But in version 2.1.1 we have three options:

1 > HTTP Session Authentication (stateful, default Spring Security mechanism) 2 > OAuth2 Authentication (stateless, with an OAuth2 server implementation) 3 > Token-based authentication (stateless, with a token)

I want to use authentication for both web applications and mobile applications (ion-frame), which are one to one between 2 and 3? Does this choice make my application scalable with clusters? Thanks

+5
source share
1 answer

you will get basic jhipster authentication type information here

 http://jhipster.imtqy.com/security/

from my personal experience in the ionic structure working with REST api jhipster, I can say that I do not use HTTP session authentication for a mobile application (ionic infrastructure) , because mobile applications do not play along with cookies, which HTTP authentication depends on .

Both Oauth2 and JWT work fine with an ionic hybrid app

HTTP Session Authentication

This is the "classic" Spring authentication mechanism, but we have significantly improved it. It uses an HTTP session, so it is a stateful mechanism: if you plan to scale your application on multiple servers, you need to have a load balancer with sticky sessions so that each user remains on the same server.

OAuth2 Authentication

OAuth2 is a stateless security mechanism, so you might prefer it if you want to scale the application across multiple machines. Spring Security provides the OAuth2 implementation that we have configured for you.

The biggest problem with OAuth2 is that it requires multiple database tables to store its security tokens. If you use an SQL database, we provide the necessary Liquibase change log so that these tables are automatically created for you.

As Spring Security only supports OAuth2 with SQL databases, we have also implemented our own version of MongoDB. We generate for you the entire OAuth2 implementation for MongoDB, as well as the necessary MongoDB configuration.

This solution uses a secret key that must be configured in the application.yml file as the authentication.oauth.secret property.

JWT Authentication

JSON Web Token Authentication (JWT), such as OAuth2, is a stateless security mechanism, so this is another good option if you want to scale on several different servers.

This default authentication mechanism does not exist with Spring Security; it is a JHipster-specific Java integration of a JWT project. It is easier to use and implement than OAuth2, because it does not require a persistence mechanism, so it works with all SQL and NoSQL parameters.

This solution uses a secure token that contains the username and user credentials. When a token is signed, it cannot be changed by the user.

The private key must be configured in the application.yml file as the jhipster.security.authentication.jwt.secret property.

+1
source

Source: https://habr.com/ru/post/1212933/

More articles:


All Articles