Skip to content

[pull] master from Snailclimb:master #9

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
pull merged 5 commits into from
Oct 16, 2020
Merged

[pull] master from Snailclimb:master #9

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
e4dbc8d
[refractor]认证授权部分图片地址
Snailclimb Oct 16, 2020
fe6bdb8
[refractor]消息队列部分文章目录结构调整
Snailclimb Oct 16, 2020
7100ddc
[feat]增加对负载均衡系统的介绍
Snailclimb Oct 16, 2020
3073040
[feat]readme格式完善
Snailclimb Oct 16, 2020
e71b0e4
Update README.md
Snailclimb Oct 16, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
92 changes: 49 additions & 43 deletions README.md
View file
Open in desktop

Large diffs are not rendered by default.

0 ...ation/JWT-advantages-and-disadvantages.md → ...ority-certification/JWT优缺点分析以及常见问题解决方案.md
View file
Open in desktop
File renamed without changes.
0 ...tem-design/authority-certification/sso.md → ...authority-certification/SSO单点登录看这一篇就够了.md
View file
Open in desktop
File renamed without changes.
18 changes: 8 additions & 10 deletions docs/system-design/authority-certification/basis-of-authority-certification.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,11 +6,11 @@

**认证 (Authentication):** 你是谁。

![](../pictures/authentication.png)
![](./images/basis-of-authority-certification/authentication.png)

**授权 (Authorization):** 你有权限干什么。

![](../pictures/authorization.png)
![](./images/basis-of-authority-certification/authorization.png)

稍微正式点(啰嗦点)的说法就是:

Expand All @@ -21,7 +21,7 @@

## 2. 什么是Cookie ? Cookie的作用是什么?如何在服务端使用 Cookie ?

![](../pictures/cookie-sessionId.png)
![](./images/basis-of-authority-certification/cookie-sessionId.png)

### 2.1 什么是Cookie ? Cookie的作用是什么?

Expand Down Expand Up @@ -90,7 +90,7 @@ public String readAllCookies(HttpServletRequest request) {

很多时候我们都是通过 SessionID 来实现特定的用户,SessionID 一般会选择存放在 Redis 中。举个例子:用户成功登陆系统,然后返回给客户端具有 SessionID 的 Cookie,当用户向后端发起请求的时候会把 SessionID 带上,这样后端就知道你的身份状态了。关于这种认证方式更详细的过程如下:

![Session Based Authentication flow](../pictures/Session-Based-Authentication-flow.png)
![Session Based Authentication flow](./images/basis-of-authority-certification/Session-Based-Authentication-flow.png)

1. 用户向服务器发送用户名和密码用于登陆系统。
2. 服务器验证通过后,服务器为用户创建一个 Session,并将 Session信息存储 起来。
Expand All @@ -105,7 +105,7 @@ public String readAllCookies(HttpServletRequest request) {

花了个图简单总结了一下Session认证涉及的一些东西。

<img src="../pictures/session-cookie-intro.png" style="zoom:50%;" />
<img src="./images/basis-of-authority-certification/session-cookie-intro.png" style="zoom:50%;" />

另外,Spring Session提供了一种跨多个应用程序或实例管理用户会话信息的机制。如果想详细了解可以查看下面几篇很不错的文章:

Expand Down Expand Up @@ -143,9 +143,7 @@ public String readAllCookies(HttpServletRequest request) {

XSS中攻击者会用各种方式将恶意代码注入到其他用户的页面中。就可以通过脚本盗用信息比如cookie。

推荐阅读:

1. [如何防止CSRF攻击?—美团技术团队](https://tech.meituan.com/2018/10/11/fe-security-csrf.html)
推荐阅读:[如何防止CSRF攻击?—美团技术团队](https://tech.meituan.com/2018/10/11/fe-security-csrf.html)

## 6. 什么是 Token?什么是 JWT?如何基于Token进行身份验证?

Expand All @@ -167,7 +165,7 @@ JWT 由 3 部分构成:

在基于 Token 进行身份验证的的应用程序中,服务器通过`Payload`、`Header`和一个密钥(`secret`)创建令牌(`Token`)并将 `Token` 发送给客户端,客户端将 `Token` 保存在 Cookie 或者 localStorage 里面,以后客户端发出的所有请求都会携带这个令牌。你可以把它放在 Cookie 里面自动发送,但是这样不能跨域,所以更好的做法是放在 HTTP Header 的 Authorization字段中:` Authorization: Bearer Token`。

![Token Based Authentication flow](../pictures/Token-Based-Authentication.png)
![Token Based Authentication flow](./images/basis-of-authority-certification/Token-Based-Authentication.png)

1. 用户向服务器发送用户名和密码用于登陆系统。
2. 身份验证服务响应并返回了签名的 JWT,上面包含了用户是谁的内容。
Expand All @@ -194,7 +192,7 @@ OAuth 2.0 比较常用的场景就是第三方登录,当你的网站接入了

微信支付账户相关参数:

<img src="../pictures/微信支付-fnglfdlgdfj.png" style="zoom:50%;" />
<img src="./images/basis-of-authority-certification/微信支付-fnglfdlgdfj.png" style="zoom:50%;" />

**推荐阅读:**

Expand Down
0 ...res/Session-Based-Authentication-flow.png → ...ion/Session-Based-Authentication-flow.png
View file
Open in desktop
File renamed without changes
0 ...n/pictures/Token-Based-Authentication.png → ...tification/Token-Based-Authentication.png
View file
Open in desktop
File renamed without changes
0 ...system-design/pictures/authentication.png → ...uthority-certification/authentication.png
View file
Open in desktop
File renamed without changes
0 .../system-design/pictures/authorization.png → ...authority-certification/authorization.png
View file
Open in desktop
File renamed without changes
0 ...stem-design/pictures/cookie-sessionId.png → ...hority-certification/cookie-sessionId.png
View file
Open in desktop
File renamed without changes
0 ...-design/pictures/session-cookie-intro.png → ...ty-certification/session-cookie-intro.png
View file
Open in desktop
File renamed without changes
0 ...stem-design/pictures/微信支付-fnglfdlgdfj.png → ...hority-certification/微信支付-fnglfdlgdfj.png
View file
Open in desktop
File renamed without changes
0 ...ign/data-communication/kafka-inverview.md → ...uted-system/message-queue/Kafka常见面试题总结.md
View file
Open in desktop
File renamed without changes.
0 ...tem-design/data-communication/rabbitmq.md → ...system/message-queue/RabbitMQ入门看这一篇就够了.md
View file
Open in desktop
File renamed without changes.
0 .../data-communication/RocketMQ-Questions.md → ...ystem/message-queue/RocketMQ-Questions.md
View file
Open in desktop
File renamed without changes.
0 ...tem-design/data-communication/RocketMQ.md → ...tributed-system/message-queue/RocketMQ.md
View file
Open in desktop
File renamed without changes.
0 ...esign/data-communication/message-queue.md → ...ted-system/message-queue/message-queue.md
View file
Open in desktop
File renamed without changes.
0 ...system-design/data-communication/dubbo.md → ...n/distributed-system/rpc/关于Dubbo的重要知识点.md
View file
Open in desktop
File renamed without changes.
2 changes: 1 addition & 1 deletion ...-design/data-communication/why-use-rpc.md → ...uted-system/rpc/服务之间的调用为啥不直接用HTTP而用RPC.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ http://www.importnew.com/22003.html

## 既有 HTTP ,为啥用 RPC 进行服务调用?

###RPC 只是一种设计而已
### RPC 只是一种设计而已

RPC 只是一种概念、一种设计,就是为了解决 **不同服务之间的调用问题**, 它一般会包含有 **传输协议** 和 **序列化协议** 这两个。

Expand Down
0 ...system-design/website-architecture/分布式.md → docs/system-design/distributed-system/分布式.md
View file
Open in desktop
File renamed without changes.