The open source project recommended to everyone today is super awesome, and may be the most fully functional Java authorization framework in history!
This open source project is: sa-token.
For more interview materials and video tutorials from major manufacturers, you can click to enter directly and get them for free! Password: CSDN
What is Sa-Token?
sa-token is a lightweight Java permission authentication framework, which mainly solves a series of permission related issues such as login authentication, permission authentication, Session session, single sign-on, OAuth2.0, etc.
The framework is adapted to common services such as kicking people offline, automatic renewal, front-end and back-end separation, distributed sessions, etc., and through sa-token, you can implement the authorization authentication part of the system in a minimalist way
Compared with other authorization frameworks, sa-token has the following advantages:
- Simple: Zero configuration startup framework, real out-of-the-box use, low cost to get started
- Powerful: Dozens of permissions-related features have been integrated, and solutions covering most business scenarios
- Ease of use: Silky and smooth API calls, and a large number of advanced features can be implemented with just one line of code
- High expansion: Almost all components provide expansion interfaces, and more than 90% of the logic can be rewritten on demand
With sa-token, all your authority authentication problems are no longer a problem!
What can Sa-Token do?
- Login authentication-easy login authentication, and provide five kinds of sub-scenario values
- Permission verification-adapt to the RBAC permission model, different roles have different authorizations
- Session-a professional data cache center
- Kick people offline-immediately remove the offending users offline
- Persistence layer extension-can integrate Redis, Memcached and other professional cache middleware, restart data without loss
- Distributed session-provides two distributed session solutions of jwt integration and shared data center
- Single sign-on-one place to log in, everywhere
- Simulate another person's account-real-time operation of any user status data
- Temporary identity switch-temporarily switch the session identity to another account
- Cookie-free mode-front and back separation scenarios such as APP and applet
- Mutual exclusive login on the same end-like QQ mobile phone and computer are online at the same time, but mutually exclusive login on two mobile phones
- Multi-account authentication system-such as separate authentication of user table and admin table of a mall project
- Fancy token generation-six built-in token styles, and custom token generation strategies
- Annotated authentication-elegantly separates authentication from business code
- Route interception authentication-according to route interception authentication, it can be adapted to restful mode
- Automatic renewal-provides two token expiration strategies, which can be used flexibly, and can be automatically renewed
- Conversation management-provide a convenient and flexible conversation query interface
- Automatic component injection-zero configuration integration with Spring and other frameworks
- More functions are being integrated... —— If you have good ideas or suggestions, welcome to join the group communication ( click to directly enter the group communication, password: CSDN )
Code example
The API call of sa-token is very simple, how simple is it? Take login verification as an example, you only need:
// 在登录时写入当前会话的账号id
StpUtil.setLoginId(10001);
// 然后在任意需要校验登录处调用以下API
// 如果当前会话未登录,这句代码会抛出 `NotLoginException`异常
StpUtil.checkLogin();
So far, we have completed the login authorization with the help of the sa-token framework!
Your little head may be full of question marks at this time, it's that simple? What about custom Realm? What about global filters? Don't I need to write various configuration files?
In fact, I am responsible for telling you here that in sa-token, login authorization is so simple, there is no need for global filters, and no messy configuration! Only this simple API call is required to complete the login authorization of the session!
When you are fed up with Shiro, Security and other frameworks, you will understand how refreshing the API design of sa-token is relative to these traditional old-fashioned frameworks!
Permission authentication example (only sessions with user:add permission can enter the request)
@SaCheckPermission("user:add")
@RequestMapping("/user/insert")
public String insert(SysUser user) {
return "用户增加";
}
Take an account offline (it will throw a NotLoginException when the other party accesses the system again)
// 使账号id为10001的会话注销登录
StpUtil.logoutByLoginId(10001);
In addition to the above examples, sa-token can also complete the following functions with one line of code:
StpUtil.setLoginId(10001); // 标记当前会话登录的账号id
StpUtil.getLoginId(); // 获取当前会话登录的账号id
StpUtil.isLogin(); // 获取当前会话是否已经登录, 返回true或false
StpUtil.logout(); // 当前会话注销登录
StpUtil.logoutByLoginId(10001); // 让账号为10001的会话注销登录(踢人下线)
StpUtil.hasRole("super-admin"); // 查询当前账号是否含有指定角色标识, 返回true或false
StpUtil.hasPermission("user:add"); // 查询当前账号是否含有指定权限, 返回true或false
StpUtil.getSession(); // 获取当前账号id的Session
StpUtil.getSessionByLoginId(10001); // 获取账号id为10001的Session
StpUtil.getTokenValueByLoginId(10001); // 获取账号id为10001的token令牌值
StpUtil.setLoginId(10001, "PC"); // 指定设备标识登录
StpUtil.logoutByLoginId(10001, "PC"); // 指定设备标识进行强制注销 (不同端不受影响)
StpUtil.switchTo(10044); // 将当前会话身份临时切换为其它账号
Open source project address:
https://github.com/click33/sa-token
Reader benefits
Thank you for seeing here!
I have compiled a lot of 2021 latest Java interview questions (including answers) and Java study notes here, as shown below
The answers to the above interview questions are organized into document notes. As well as interviews also compiled some information on some of the manufacturers & interview Zhenti latest 2021 collection (both documenting a small portion of the screenshot) free for everyone to share, in need can click to enter signal: CSDN! Free to share~
If you like this article, please forward it and like it.
Remember to follow me!
