Spring Boot+JWT+Shiro+MyBatisPlus Restful rapid development of back-end scaffolding

The background,

Front-end and back-end separation has become the standard for Internet project development and will lay the foundation for future large distributed architectures. SpringBoot makes coding, configuration and deployment easy, and more and more Internet companies have chosen SpringBoot as an entry-level microframework for microservices.

Mybatis-Plus is a Mybatis enhancement tool with a code generator, and provides a hibernate-like single table CRUD operation, while retaining Mybatis features to support customized SQL.

Apache Shiro is a powerful and easy to use Java Security framework. Shiro is officially recommended by Java and is easier to use than Spring Security. Spring’s own series, Spring side4, has expanded the rights to Shiro.

As apis become more and more popular, how do you secure them? JSON Web Tokens(JWT) provides security authentication in the JSON format. JWT can carry its own identity across different languages and is very easy to transfer.

Ii. Project characteristics

1. Custom @log annotation automatically logs to the database.

2. The custom @pass annotation interface does not require identity authentication.

3. Use JSONObject to uniformly obtain body request parameters and reduce the number of entity classes. Complete the custom @validationParam annotation to verify that the request parameter is null.

4. Use Bcrypt, the same algorithm used by Github and the U.S. Military firewall, to secure most accounts that don’t have very strong passwords.

5. With Shiro annotations to configure permissions, highly flexible, provide push-button level permissions control, back-end interface only verify permissions, not roles. Get the current logged-in user with custom @CurrentUser annotation, Controlle layer unified exception handling:

6. Use SpringAOP aspect programming for declarative transactions to filter request parameters and prevent XSS attacks.

7. Use POST to request login to return token and permission information (service layer add, delete, change method naming convention will automatically add things), ensure stateless request, return entity if the attribute is empty will not display.

Third, program logic

1. Enter the user name and password. Use POST to access the /login interface and return information such as the token.

2. Add Authorization and the token returned during login to the Headers of subsequent authentication requests.

3. The server fails to perform token authentication, and the 401 page is displayed.

4. JWT for authentication (login), Shiro for authorization.

Iv. Running projects

Project Structure:

• Download source code through Git, this project is based on JDK1.8

• Using Maven project management, modularization, import IDE directly selected liugh-parent POM import

• Create database liugh, database code utF-8, execute liugh. SQL file, initialize data

• Modify application-dev.properties to update the MySQL account and password

• Eclipse, the IDEA of running SpringbootApplication. Java, can start the project. Or run the MVN clean package command in the liugh-parent directory and then run the Java-jar liugh-web.jar command in the liugh-web/target directory

• Start a Redis service

• Access login interface: localhost:8081/ API /login

• Account password: 138888888888 /123456

• Obtain the token to access other interfaces

• Attention!!!!!!!!!!! / API /v1 will be added to the url of the accessed interface. Compiler install Lombok plug-in, otherwise red

Run screenshot:

Easter egg: Project annotation complete, and custom start pattern ~