| 技术论坛 |
|
|
| ≡技术区≡ ① |
| DELPHI技术 |
| lazarus/fpc/Free Pascal |
| 移动应用开发 |
| Web应用开发 |
| 数据库专区 |
| 报表专区 |
| 网络通讯 |
| 开源项目 |
| 论坛精华贴 |
| ≡发布区≡ ② |
| 发布代码 |
| 发布控件 |
| 文档资料 |
| 经典工具 |
| ≡事务区≡ ③ |
| 网站意见 |
| 盒子之家 |
| 招聘应聘 |
| 信息交换 |
| 论坛信息 |
|||
|
| 导航: | 论坛 -> DELPHI技术 斑竹:liumazi,sephil | |||||
| 作者: |
|
2020/4/20 8:57:08 | ||||
| 标题: |
|
加入我的收藏 | ||||
| 楼主: | Introducing mORMot-JWT: a "new"” JWT implementation JWT stands for JSON Web Tokens and it is a very popular technology used to implement custom-content tokens across REST services. JWT:  https://jwt.io/Even if it is generally much over-rated and have its own drawbacks (especially when dealing with security), it is becoming something like a de facto standard for Web and REST applications authorization/authorization mechanisms. You can read a nice introduction to JWT here. https://jwt.io/introduction/I have used JWT since the end of 2015 as a default implementation for authentication/authorization mechanisms in MARS-Curiosity (a REST library for Embarcadero Delphi). The central topic of a JWT library is of course about token signing (through HMAC SHA256, for example) and so far I used (a fork of mine of) a library named JOSE JWT that relies on OpenSSL to implement cryptographic functions and thus forces you to distribute OpenSSL with your software. https://github.com/andrea-magni/MARS https://en.wikipedia.org/wiki/OpenSSL Given deploying OpenSSL is becoming more and more a burden to match security requirements and given the Synopse team implemented JWT in mORMot project a while ago (link), I decided (after having discussed this a couple of times with Arnaud) to “steal” a mORMot JWT subset implementing JWT 🙂 https://synopse.info/fossil/wiki/Synopse+OpenSource https://github.com/synopse/mORMot If you have been to some of my sessions about MARS, you surely have seen me struggling with OpenSSL DLLs missing here and there… well, this is the day this will come to an end! Apart from this, there are a number of reasons this is a move forward for the MARS projects: as I said, one less external dependency for your application servers (on Windows platform); the mORMot implementation is faster (at least 5 times faster in some scenarios even I didn’t do serious benchmarking yet); the mORMot implementation has a stronger community behind and so I am more confident about feature and bugfixes; this is not the first piece of mORMot I integrate to MARS (see the dMustache integration covered by the “mustache” demo in MARS) and maybe it will not be the last (I always wanted to have MARS running on top of the mORMot’s http server http.sys implementation [as well as on top of TMS Sparkle, BTW] and I am also considering adding built-in compression for MARS using mORMot highly optimized compression utilities). So I created the mORMot-JWT repository on github.com with a relatively small subset of mORMot files needed to implement JWT in any Windows application (feel free to use it wherever you may need! I will soon ask jwt.io to inlcude it in the library list for Delphi). Obviously all the code is by Synopse team and I did nothing else than copying some files in the new repository, trying to get the smallest part (but not tampering too much with the original files, in order to ease upgrading to newer versions). https://github.com/andrea-magni/mORMot-JWT Here is an example of use (link): https://github.com/andrea-magni/mORMot-JWT/tree/master/ExampleOfUseuses (...) , SynCommons, SynCrypto, SynEcc, SynLZ; var LJWT: TJWTAbstract; LToken: string; begin LJWT := TJWTHS256.Create(StringToUTF8(ASecret), 0, [jrcIssuer, jrcSubject], [], 60); try LToken := UTF8ToString( LJWT.Compute(['LanguageId', 'IT', 'CurrencyId', 'EUR'], 'MyApp', 'TheUser') ); WriteLn('Token: ' + LToken); finally LJWT.Free; end; end; Then I refactored MARS to support both JOSE and mORMot-JWT library in a manner that mORMot-JWT will be the default implementation for all Windows platforms and still keeping JOSE for non-Windows ones (mORMot does not currently support Delphi Linux compiler and ARC-enabled Delphi compilers) and also added tests to ensure the two libraries would have a coherent behavior throughout MARS. Please upgrade your MARS projects by adding the following units inclusion IFDEF (in the Server.Ignition.pas file or wherever you are defining your TMARSEngine instance): {$IFDEF MSWINDOWS} , MARS.mORMotJWT.Token {$ELSE} , MARS.JOSEJWT.Token {$ENDIF} And also remember to add ‘(…)MARS/ThirdParty/mORMot/Source’ to your library path before recompiling the MARS package groups. Enjoy! 🙂 PS: this is not the only new feature I added to MARS recently (more blog posts will come) ---------------------------------------------- The higher the degree, the greater the respect given to the humblest!RAD 11.3 |
|||||
| 信息 |
| 登陆以后才能回复 |
