Sureness 1.0.2, an authentication framework for restful API

Time:2021-5-31

New features

  • Support seesion authentication
  • Add the use sample of seesion
  • Add distributed cache session usage example
  • Remove the (- -) string regular matching in anti SQL injection to prevent it from mistaking JWT

BugFix

  • Fix the problem that authentication is still needed when the resource… #84
  • fix api can be accessed by any role when accessRole not config #83

use

<dependency>
    <groupId>com.usthe.sureness</groupId>
    <artifactId>sureness-core</artifactId>
    <version>1.0.2</version>
</dependency>

background

In the mainstream front-end and back-end separation architecture, how to protect the information provided by the back-end through effective and fast authenticationrestful apiIt has become particularly important. No native support for existing frameworksrestOfapache shiro
Or deep bindingspring, slow performance, steep learning curvespring securityIt’s more or less not our ideal type.
sosurenessBorn, we hope to solve these problems and provide an orientationrestful apiFrameless dependency, yesDynamically modify permissionsMulti authentication strategyFasterEasy to use and expandThe authentication framework of.

introduce

surenessWe are using the permission framework in depthapache shiroAfter that, a new authentication framework is designed and developed
facerestful apiAuthentication based onrbac(user role resource) focuses onrestful apiSafety protection of
There is no specific framework dependency (the essence is the interception judgment at the filter, which has been used for a long time)springboot,quarkus,javalin,ktor(example of equal integration)
Support dynamic modification of permission configuration (dynamic modification of configuration)rest apiWho has access to)
supportwebsocket, mainstreamhttpcontainerservletandjax-rs
Support multiple authentication policies,jwt, basic auth, digest auth… extensible custom supported authentication methods
High performance based on improved dictionary matching tree
Good extension interface, sample and documentation

surenessLow configuration, easy to expand, uncoupled with other frameworks, hope to help developers quickly and safely protect their own projects in multiple scenarios

Frame comparison
~ sureness shiro spring security
Multi framework support support Need to change support I won’t support it
restful api support Need to change support support
websocket support I won’t support it I won’t support it
Filter chain matching Optimized dictionary matching tree Ant matching Ant matching
Annotation support support support support
servlet support support support
jax-rs support I won’t support it I won’t support it
Dynamic modification of permissions support Need to change support Need to change support
Performance speed Faster slower slower
learning curve simple simple steep
Benchmark performance test

Sureness 1.0.2, an authentication framework for restful API

**The benchmark test shows that the performance loss of sureness is 0.026 MS, Shiro is 0.088 MS, and spring security is 0.116 Ms,
In contrast, sureness does not consume performance, and its performance (TPS loss) is three times that of Shiro and four times that of spring security**
The performance gap will widen with the increase of API matching chain
SeeBenchmarking

✌ Framework support sample
Project warehouse address, welcome to use, open source is not easy, feel good, please give encouragement under the star, bow to thank.

GitHub warehouse address
Gitee warehouse address