foreword
In the java world, there are many excellent authority authentication frameworks, such as Apache Shiro, , Spring Securityand so on. These frameworks have a strong background, a long history, and their ecology is relatively complete.
But at the same time, these frameworks are not perfect. In the Internet era where the separation of front and back has become standard, many design concepts of these old frameworks have lagged behind and cannot perfectly fit our project.
And the framework I’m going to introduce today is specially designed for the separation of front-end and back-end architectures. It has powerful functions and is easy to use — sa-token.
What is sa-token?
sa-tokenIt is a lightweight Java authority authentication framework, which mainly solves a series of authority-related issues such as login authentication, authority authentication, and session session
The API call of sa-token is very simple. One line of code can handle the login authorization. Without further ado, let’s go directly to the example:
1. Add pom dependencies
<!-- sa-token 权限认证, 在线文档:http://sa-token.dev33.cn/ -->
<dependency>
<groupId>cn.dev33</groupId>
<artifactId>sa-token-spring-boot-starter</artifactId>
<version>1.12.0</version>
</dependency>
2. Call the framework API to log in
// 在用户账号密码验证成功后,直接调用以下API进行登录授权
StpUtil.setLoginId(10001);
So far, we have completed the login authorization with the help of the sa-token framework!
At this time, your little head may be full of question marks, is it that simple? What about custom Realms? What about global filters? Don't I have to write various configuration files?
In fact, I can tell you responsibly here that in sa-token, login authorization is so simple, no global filters are needed, and all kinds of messy configurations are not required! Only this simple API call is needed to complete the login authorization of the session!
When you are fed up with Shiro, Security and other frameworks, you will understand how refreshing the API design of sa-token is compared to these traditional old frameworks!
Refuse to introduce complicated concepts, and take the actual business needs as the first goal to make directional breakthroughs. Whatever is needed in the business, sa-token will do what it does. Don't engage in all kinds of cloudy and lofty concepts, and simplify the complexity. One goal!
In addition to the above login authorization, sa-token can also complete the following functions with one line of code:
StpUtil.setLoginId(10001); // 标记当前会话登录的账号id
StpUtil.getLoginId(); // 获取当前会话登录的账号id
StpUtil.isLogin(); // 获取当前会话是否已经登录, 返回true或false
StpUtil.logout(); // 当前会话注销登录
StpUtil.logoutByLoginId(10001); // 让账号为10001的会话注销登录(踢人下线)
StpUtil.hasRole("super-admin"); // 查询当前账号是否含有指定角色标识, 返回true或false
StpUtil.hasPermission("user:add"); // 查询当前账号是否含有指定权限, 返回true或false
StpUtil.getSession(); // 获取当前账号id的Session
StpUtil.getSessionByLoginId(10001); // 获取账号id为10001的Session
StpUtil.getTokenValueByLoginId(10001); // 获取账号id为10001的token令牌值
StpUtil.setLoginId(10001, "PC"); // 指定设备标识登录
StpUtil.logoutByLoginId(10001, "PC"); // 指定设备标识进行强制注销 (不同端不受影响)
StpUtil.switchTo(10044); // 将当前会话身份临时切换为其它账号
There are many APIs of sa-token, please forgive me that I cannot show you one by one here, the above examples are only a small part of the capabilities of the framework.
In sa-token, various functions related to login authentication: kicking people offline, automatic renewal, mutual exclusive login on the same end and other common services can be implemented with one line of code.
The authorized login is introduced here first, and I will introduce other powerful capabilities of the framework sa-tokenin the next chapterssa-token
If you think the article is well written, please don’t hesitate to give it a thumbs up. Your support is the biggest motivation for me to update!
Finally, attach the project link:
- Official website document: http://sa-token.dev33.cn/
- Gitee open source address: https://gitee.com/sz6/sa-token
- GitHub open source address: https://github.com/click33/sa-token