The SecurityContext and SecurityContextHolder are two fundamental classes of Spring Security. The SecurityContext is used to store the details of the currently authenticated user, also known as a principle. So, if you have to get the username or any other user details, you need to get this SecurityContext first. The SecurityContextHolder is a helper class, which provides access to the security context. By default, it uses a ThreadLocal object to store security context, which means that the security context is always available to methods in the same thread of execution, even if you don't pass the SecurityContext object around
JWT
https://github.com/dwyl/learn-json-web-tokens
FreeIPA -- aims to provide an easily managed Identity, Policy, and Audit (IPA)
https://techtalk.gfi.com/to-split-or-not-to-split-that-is-the-question/
https://github.com/dwyl/learn-json-web-tokens
"JSON Web Token (JWT) is a compact URL-safe means of representing claims to be transferred between two parties. The claims in a JWT are encoded as a JSON object that is digitally signed using JSON Web Signature (JWS). ~ IETF
In English
To identify/authenticate people in your (web/mobile) app, put a standards-based token in the header or url of the page (or API endpoint) which proves the user has logged in and is allowed to access the desired content.
example:
https://www.yoursite.com/private-content/?token=eyJ0eXAiOiJKV1Qi.eyJrZXkiOi.eUiabuiKv
Tokens are a string of "url safe" characters which encode information. Tokens have three components (separated by periods) (shown here on multiple lines for readability but used as a single string of text)
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9 // header
.eyJrZXkiOiJ2YWwiLCJpYXQiOjE0MjI2MDU0NDV9 // payload
.eUiabuiKv-8PYk2AkGY4Fb5KMZeorYBLw261JPQD5lM // signature
What are "Claims"?
Claims are the predefined keys and their values:
- iss: issuer of the token
- exp: the expiration timestamp (reject tokens which have expired). Note: as defined in the spec, this must be in seconds.
- iat: The time the JWT was issued. Can be used to determine the age of the JWT
- nbf: "not before" is a future time when the token will become active.
- jti: unique identifier for the JWT. Used to prevent the JWT from being re-used or replayed.
FreeIPA -- aims to provide an easily managed Identity, Policy, and Audit (IPA)
As of 2014 FreeIPA uses 389 Directory Server for its LDAP implementation, MIT's Kerberos 5 for authentication and single sign-on, the Apache HTTP Server and Python for the management framework and Web UI, and (optionally) DogTag[5] for the integrated CA, and BIND with a custom plugin for the integrated DNS. Since version 3.0.0, FreeIPA also uses Samba to integrate with Microsoft's Active Directory by way of Cross Forest Trusts.
In the context of a VPN connection, split tunneling refers to the practice of routing only some traffic over the VPN, while letting other traffic directly access the Internet. Usually, what is routed over the VPN will be traffic destined for internal resources, while web surfing, email, etc. will go directly to the Internet. The VPN client is configured to route interesting traffic through the tunnel, while using the default gateway of the physical address for everything else.
Inverse split tunneling
In inverse split tunneling, once the VPN connection is established, all traffic is routed through the VPN except specific traffic that is routed to the default gateway.