The new features
- Support seesion authentication #86
- Add Seesion using example #87
- Add a distributed cache session using example #88
- Removed the (–) string re match in anti-SQL injection to prevent it from misidentifying JWT
BugFix
- Fix the problem that authentication is still needed when the resource… # 84
- fix api can be accessed by any role when accessRole not config #83
use
< the dependency > < groupId > com. Usthe. Sureness < / groupId > < artifactId > sureness - core < / artifactId > < version > 1.0.2 < / version > </dependency>Copy the code📫 background
In the mainstream back-end separation architecture, it is very important to protect restful apis provided by the back-end through effective and fast authentication. Apache Shiro, which does not natively support REST, or deep spring binding, a slower capability, and a steep learning curve for Spring Security, are more or less not our ideal models for existing frameworks. Therefore, Sureness was born. We hope to solve these problems by providing a restful API, no framework dependence, dynamic modification of permissions, multiple authentication policies, faster, easy to use and extensible authentication framework.
🎡 introduction
Sureness is a new authentication authentication framework designed and developed by us after we deeply use the authorization framework Apache Shiro and learn some of its advantages. It is oriented to restful API authentication and based on RBAC (user-role-resource), mainly focusing on restful API Rely on the safety protection without specific framework (essence filter interceptor judgment, existing springboot, quarkus, javalin, ktor integrated sample) such as support for dynamic change permissions configuration (dynamic modify configuration each who has access to the rest API) support websocket , mainstream HTTP container servlets and JAX-RS support a variety of authentication strategies, JWT, Basic Auth, Digest Auth… Extensible customization supports authentication based on the improved dictionary matching tree with high-performance extension interfaces, samples and documentation
Sureness is low configuration, easy to expand, uncoupled from other frameworks, hope to help developers quickly and safely protect their own projects for multiple scenarios
🔍 Framework comparison
| ~ | sureness | shiro | spring security |
|---|---|---|---|
| Multi-framework support | support | Change support | Does not support |
| restful api | support | Change support | support |
| websocket | support | Does not support | Does not support |
| Filter chain matching | Optimized dictionary matching tree | Ant matching | Ant matching |
| Annotation support | support | support | support |
| servlet | support | support | support |
| jax-rs | support | Does not support | Does not support |
| Dynamic Permission Change | support | Change support | Change support |
| Performance speed | faster | The slower | The slower |
| The learning curve | simple | simple | steep |
📈 Benchmark performance tests
Benchmarking shows that Sureness consumes 0.026ms of performance compared to no permissions framework applications, Shiro loses 0.088ms, and Spring Security loses 0.116ms. By comparison, Sureness consumes little or no performance, and its performance (see TPS losses) is three times that of Shiro. The 4-fold performance gap for Spring Security is further widened as the API matching chain increases as shown in the benchmark
✌ framework supports samples
- Sureness Integrates the Springboot sample (configuration file solution) sample-bootstrap
- Sureness Integrates springboot sample (database solution) sample-Tom
- Sureness quarkus example sample- Quarkus
- Sureness integration with Javalin example sample-Javalin
- Sureness Integrates the KTOR sample sample-ktor
- Sureness Integrates Spring Webflux sample sample-spring-webflux
- more samples todo
Project warehouse address, welcome to use, open source is not easy, feel good please big guys star to give encouragement, bow thank you.
GITHUB warehouse Address GITEE warehouse address