Shiro is too complicated? Come and try this lightweight authority authentication framework!

Language 2023-04-16 21:30:41 views: null

foreword

In the java world, there are many excellent authority authentication frameworks, such as Apache Shiro, , Spring Securityand so on. These frameworks have a strong background, a long history, and their ecology is relatively complete.

But at the same time, these frameworks are not perfect. In the Internet era where the separation of front and back has become standard, many design concepts of these old frameworks have lagged behind and cannot perfectly fit our project.

And the framework I’m going to introduce today is specially designed for the separation of front-end and back-end architectures. It has powerful functions and is easy to use — sa-token.

What is Sa-Token?

sa-token is a lightweight Java permission authentication framework, which mainly solves a series of permission-related issues such as login authentication, permission authentication, Session session, single sign-on, OAuth2.0, etc.

The framework is adapted to many common businesses such as kicking people offline, automatic renewal, separation of front and back, distributed conversations, etc. With sa-token, you can realize the authority authentication part of the system in a very simple way

Compared with other permission authentication frameworks, sa-tokenit has the following advantages:

  1. Simple : zero-configuration startup framework, real out-of-the-box, low-cost to get started
  2. Powerful : At present, dozens of permission-related features have been integrated, covering solutions for most business scenarios
  3. Ease of use : Silky-smooth API calls, a large number of advanced features can be implemented with just one line of code
  4. High scalability : almost all components provide extension interfaces, and more than 90% of the logic can be rewritten on demand

With sa-token, all your authority authentication problems are no longer a problem!

What can Sa-Token do?

  • Login verification - easy login authentication, and provide five subdivided scene values
  • Permission verification - Adapt to RBAC permission model, different roles have different authorizations
  • Session session - professional data cache center
  • Kick someone off the line - immediately remove the offending user from the line
  • Persistence layer extension - can integrate Redis, Memcached and other professional caching middleware, and restart the data without loss
  • Distributed session - provide jwt integration and shared data center two distributed session solutions
  • Single sign-on - one login, everywhere
  • Simulate other people's accounts - operate any user status data in real time
  • Temporary identity switching - temporarily switch the session identity to another account
  • No cookie mode - APP, small program and other front-end and background separation scenarios
  • Mutually exclusive login on the same terminal - like QQ, the mobile phone and computer are online at the same time, but the two mobile phones are mutually exclusive login
  • Multi-account authentication system —for example, the user table and admin table of a mall project are authenticated separately
  • Fancy token generation - six built-in token styles, and you can also customize the token generation strategy
  • Annotation authentication - elegantly separate authentication from business code
  • Route interception authentication - based on route interception authentication, it can be adapted to restful mode
  • Auto-renewal ——Provide two token expiration strategies, which can be used flexibly and automatically renewed
  • Session management - provide a convenient and flexible session query interface
  • Remember me mode - Adapt to [Remember me] mode, restart the browser without verification
  • Password encryption - provide password encryption module, which can quickly encrypt MD5, SHA1, SHA256, AES, RSA
  • Component automatic injection - zero configuration integration with frameworks such as Spring
  • More functions are being integrated... —— If you have good ideas or suggestions, welcome to join the group to communicate

code example

The API call of sa-token is very simple, how simple is it? Taking login verification as an example, you only need to:

// 在登录时写入当前会话的账号id
StpUtil.setLoginId(10001);

// 然后在任意需要校验登录处调用以下API
// 如果当前会话未登录,这句代码会抛出 `NotLoginException`异常
StpUtil.checkLogin();

So far, we have completed the login authorization with the help of the sa-token framework!

At this time, your little head may be full of question marks, is it that simple? What about custom Realms? What about global filters? Don't I have to write various configuration files?

In fact, I can tell you responsibly here that in sa-token, login authorization is so simple, no global filter is needed, no messy configuration is needed! Only this simple API call is needed to complete the login authorization of the session!

When you are fed up with Shiro, Security and other frameworks, you will understand how refreshing the API design of sa-token is compared to these traditional old frameworks!

Example of authority authentication (only user:addsessions with authority can enter the request)

@SaCheckPermission("user:add")
@RequestMapping("/user/insert")
public String insert(SysUser user) {
    
    
	// ... 
	return "用户增加";
}

Kick an account offline ( NotLoginExceptionan exception will be thrown when the other party accesses the system again)

// 使账号id为10001的会话注销登录
StpUtil.logoutByLoginId(10001);

In addition to the above examples, sa-token can also complete the following functions with one line of code:

StpUtil.setLoginId(10001);                // 标记当前会话登录的账号id
StpUtil.getLoginId();                     // 获取当前会话登录的账号id
StpUtil.isLogin();                        // 获取当前会话是否已经登录, 返回true或false
StpUtil.logout();                         // 当前会话注销登录
StpUtil.logoutByLoginId(10001);           // 让账号为10001的会话注销登录(踢人下线)
StpUtil.hasRole("super-admin");           // 查询当前账号是否含有指定角色标识, 返回true或false
StpUtil.hasPermission("user:add");        // 查询当前账号是否含有指定权限, 返回true或false
StpUtil.getSession();                     // 获取当前账号id的Session
StpUtil.getSessionByLoginId(10001);       // 获取账号id为10001的Session
StpUtil.getTokenValueByLoginId(10001);    // 获取账号id为10001的token令牌值
StpUtil.setLoginId(10001, "PC");          // 指定设备标识登录
StpUtil.logoutByLoginId(10001, "PC");     // 指定设备标识进行强制注销 (不同端不受影响)
StpUtil.switchTo(10044);                  // 将当前会话身份临时切换为其它账号

There are many APIs of sa-token, please forgive me that I can’t show you one by one here, please click the official online document for more examples

Finally, attach the project link:

Guess you like

Origin blog.csdn.net/shengzhang_/article/details/114856566
Recommended
Ranking
A quick primer on numpy basics
Two sister tease python project
Java | Multiple keywords in the replacement content are returned to the front end in red style
C ++: references
The string leetcood 1018 is a binary prefix divisible by 5
Flutter 布局组件
Java combat spingboot-redis
PMP pre-exam sprint and wrong questions sorting
ActiveMq C# Message Features: Delayed and Timed Message Delivery
DSP28377S_ copy a program from the RAM to FLASH portion DETAILS
Daily
More
2024-05-16(23)
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)

Code World

© 2018 codetd.com