Programmer Think

1, Spring security dynamic authorization In the last article, we introduced the dynamic authentication of spring security. The last article said that the two main functions of spring security are authentication and authorization. Since authentication and learning, this article learned the dynamic authorization of spring security together. ...

The blogger has previously worked in the collection and payment system of Hengfeng Bank (equivalent to the payment interface), including the current OLTP API transaction interface and the external data interface of virtual business. In short, when you have done a lot of projects and written a lot of code, you need to go back and summarize more, ...

Canokeys F2A Canokey uses Yubikey Authenticator to manage F2A. Download Yubikey Authenticator. The following is the official download website of Yubikey Authenticator https://www.yubico.com/products/yubico-authenticator/#h-download-yubico-authenticator Run Yubikey Authenticator Enter the custom reader and fill in the CanoKey in the custo ...

How to ensure the security of external network open interface. Signature is used to prevent data tampering Information encryption and key management Build oauth2 0 authentication authorization Use Token Mode Build a gateway to realize blacklist and whitelist 1, Build API open platform in token mode Scheme design: 1. The third-party o ...

catalogue 1. Configuring mysql for cas server 2. cas server custom password encryption method 3. The cas server can customize the theme, that is, the login page, or other pages 4. The cas server adds fields to the form submitted during login 5. cas server custom login verification 6. cas server custom return exception 7. The cas server uses aj ...

The project is advanced to build a safe and efficient enterprise service Spring Security The bottom layer of Spring Security intercepts the whole request by using filter (many special login, permission, exit...) and Java EE specification. The control of permission is relatively advanced. If the permission is not available, you can't get to ...

catalogue preface install Tomcat analysis Main documents Upload directory Tomcat penetration Tomcat arbitrary file write (CVE-2017-12615) Tomcat remote code execution (CVE-2019-0232) Tomcat weak password & background getshell vulnerability Tomcat manager App brute force cracking Tomcat AJP file contains vulnerability analysis (CV ...

DASCTF July X CBCTF 4th web part WP ezrce Yapi remote command execution vulnerability YAPI uses mock data / script as the intermediate interaction layer, in which mock data returns fixed content by setting fixed data. For the case that the response content needs to be customized according to the user's request, the mock script processes the ...

What is Nessus? This is a vulnerability scanning system based on C/S architecture What is vulnerability scanning? Vulnerability scanning is a technical means to find the vulnerabilities of the target system, and further use the discovered vulnerabilities to do something they have always wanted to do but couldn't do before, such as penetratio ...

Introduction to SSTI MVC MVC is a framework mode. Its full name is Model View Controller. That is, model - View - controller Under the guidance of MVC, in the development, a method of separating business logic, data and interface display is used to organize the code, gather the business logic into one component, and get better development a ...