preface

In the past, we used Shiro and Spring Security the most. Shiro is lightweight, low barrier to entry and relatively powerful. Spring Security has a strong background, rich features, relatively high threshold of entry, slightly complex configuration, and is open source by the Spring team. Now we will introduce a lightweight, powerful and almost zero configuration sa-token authorization framework, sa-token is a JavaWeb authorization framework, powerful, simple and easy to use.

1. Core knowledge

1. What is an SA-Token

Sa-token is a JavaWeb permission authentication framework that is powerful, simple, and easy to use

Login authentication, permission authentication, custom session session, kicking people offline, persistence layer extension, Cookieless mode, simulating others’ accounts, multi-account system, annotation authentication, Spring integration…

Zero configuration out of the box, covering all application scenarios, all the functions you need are here

Compared with other permission authentication frameworks, SA-Token has the following advantages:

  • Easy to get started: all the configurations that can be automated are automated, and you don’t have to think about it
  • Powerful function: can cover all the functions covered, do not let you use a framework but also their own framework to hit various patches

2. The sa – token 😋

Online documentation: sa-token.dev33.cn/

3. Framework advantages

Compared to other permission authentication frameworks, SA-Token tries to ensure two things:

Get started simple: can automatic configuration all automation, do not let you take the brain function is powerful: can cover all the functions covered, do not let you use a framework but also their own to the framework hit various patches

Ii. Cover functions

  • Login authentication
  • Permission to verify
  • User-defined session Session
  • Kicking off
  • Impersonate other’s account
  • Persistence Layer extension (with Redis)
  • Multi-account authentication system (e.g. user and admin tables for a mall project)
  • Cookie-free mode (front and background separation scenarios such as APP and small program)
  • Annotated authentication (elegantly separating authentication from business code)
  • Zero configuration integration with frameworks such as Spring
  • .

Three, integration,

1. The maven dependencies

Import the sa-token dependencies directly in the project via pom.xml

<dependency>
    <groupId>cn.dev33</groupId>
    <artifactId>sa-token</artifactId>
    <version>1.4.0</version>
</dependency>
Copy the code

2. Obtain the source code

  • Making address: Github.com/click33/sa-…
  • Gitee address: Gitee.com/sz6/sa-toke…

3. Download the JAR package

Click to download: sa-token-1.4.0.jar

Iv. Preparation

This article will take you through the integration of Sa-Tokens from scratch to quickly familiarize you with the use of Sa-Tokens, using Maven + Springboot as an example

5. Project construction

1. Create a SpringBoot project

1.2 Introducing the Sa-Token Dependency

<! -- Sa-Token permission authentication: http://sa-token.dev33.cn/ -->
<dependency>
   <groupId>cn.dev33</groupId>
   <artifactId>sa-token</artifactId>
   <version>1.4.0</version>
</dependency>
Copy the code

2. Introduce JAR dependencies

  • Add a dependency to pom.xml. The complete POM looks like this:
<! -- Web application dependencies -->
<dependency>
   <groupId>org.springframework.boot</groupId>
   <artifactId>spring-boot-starter-web</artifactId>
</dependency>

<! Lombok code Simplification Tool -->
<dependency>
   <groupId>org.projectlombok</groupId>
   <artifactId>lombok</artifactId>
   <optional>true</optional>
</dependency>

<! -- Sa-Token permission authentication: http://sa-token.dev33.cn/ -->
<dependency>
   <groupId>cn.dev33</groupId>
   <artifactId>sa-token</artifactId>
   <version>1.4.0</version>
</dependency>
Copy the code

3. Configuration file

  • You can start projects with zero configuration
  • But you can also add the following configuration to application.yml to customize the framework:
server:
  port: 8070

spring:
  # sa - token configuration
  sa-token:
    # token name (also cookie name)
    token-name: satoken
    The token is valid for 30 days
    timeout: 2592000
    # Whether to share a session when multiple users log in to the same account (if true, share the same session; if false, new login replaces old login)
    is-share: true
    If the cookie cannot read the token, continue to read the request header
    is-read-head: true
    If the header fails to read the token, continue to read the token
    is-read-body: true
    Whether to print version characters during initial configuration
    is-v: true
Copy the code
  • If you’re used to configuration files of type application.properties, that’s fine too:
  • Springboot Properties and YML configuration files

4. Create the main class

In the project of new package com. Pj, within this package to build the main class SaTokenDemoApplication. Java, enter the following code:

@SaTokenSetup // Annotate enable sa-token
@SpringBootApplication
public class SaTokenDemoApplication {
    public static void main(String[] args) throws JsonProcessingException {
        SpringApplication.run(SaTokenDemoApplication.class, args); // run-->
        System.out.println("Startup successful: The sa-token configuration is as follows:"+ SaTokenManager.getConfig()); }}Copy the code

5. Run

Run the code, and when you see something like the following from the console, it means the framework has been successfully integrated

6. Normal Spring environment

A common Spring environment is similar to a SpringBoot environment, but you need to manually create a configuration file sa-token.properties in the root directory of the project to complete the configuration.

7. Introduction to common SA-Token apis

Official provides a series of common API interfaces, here is a brief introduction to the login related API interface: sa-token.dev33.cn/doc/#/use/l…

1. Login authentication

1.1 Core Ideas

  • Login authentication is basically restricting access to certain interfaces only after login (e.g., querying my account information).
  • How to tell if you are logged in? Of course, I will make a mark for you after login
  • Check the mark in the interface that requires authentication. If there are markers, they are considered logged in. If there are no markers, they are considered not logged in
  • With this in mind, it’s easy to come up with the following API:

1.2 the specific API

StpUtil.setLoginId(Object loginId)

  • Marks the id of the current session login account
  • Suggested parameter types: long | int | String, not can be introduced into the complex type, such as: User, Admin, etc

StpUtil.logout()

  • The current session is logged out

StpUtil.isLogin()

  • Gets whether the current session is logged in, returns true= logged in, false= not logged in

StpUtil.checkLogin()

  • Verifies that the current session is logged in, and throws NotLoginException if not
  • Extension: The NotLoginException object gets the exception thrown by which StpLogic using the getLoginKey() method

StpUtil.getLoginId()

Get the current session login ID, if not login, throw an exception: NotLoginException

StpUtil. GetLoginIdAsString () for the current session login id, and translated into type String

Stputil.getloginidasint () gets the current session login ID and converts it to an int

Stputil.getloginidaslong () gets the current session login ID and converts it to long

StpUtil.getLoginId(T defaultValue)

  • Gets the current session login ID, or returns the default if not logged in (defaultValue can be any type)
  • Similar apis include:

Stputil.getloginid_defaultnull () gets the current session login ID, or null if not logged in

getLoginIdByToken(String tokenValue)

  • Gets the login ID of the specified token. If the token is not logged in, null is returned

Viii. Project test

1. Start the SpringBoot project

When the SpringBoot example project is started, the following sa-token information is displayed on the control day:

Download the source code

1. The source code

Github.com/Thinkingcao…

Reference 2.

Official document: sa-token.dev33.cn/

conclusion

Each Java framework has its own advantages and disadvantages at different times. Compared to Shiro and Spring Security, Sa-Token is relatively lightweight. Because sa-Token only encapsulates some common functions such as login authentication, permission authentication, custom session session, and kicking people offline, it is a powerful, simple, and easy to use permission framework.

Long press the qr code below, follow the public account “Thinking Cao”, ON the way to Java architecture, I want to move forward with you and make progress together!