shiro-action: A RESTful permission management system based on shiro
Summary:
With the widespread use of RESTful APIs, the need for permission management is also increasing. SHIRO-Action is a SHIRO-based permission management system that focuses on RESTful-style URL authorization. This article will delve into the design ideas, technical implementation, and application value of shiro-action in practical projects.
I. Introduction
RESTful APIs are widely used in modern software development because of their simplicity and ease of extension. However, as the number of APIs increases, how to ensure the security of each API has become an important problem for developers. Shiro-Action was born to solve this problem, and it is based on the Shiro framework and provides powerful permission control capabilities for RESTful APIs.
2. Shiro-Action Project J
Shiro-Action uses Spring Boot 20.6.release as the base framework, integrated with Shiro 14.0、mybatis 1.3.2、druid 1.1.10、pagehelper 1.2.9 and shiro-redis 32.3 and other technologies. Such a technology stack ensures the stability, high performance, and easy scalability of the system.
This project is built with Spring Boot, which is used to deepen the learning of Spring Boot and Shiro, and the project features support RESTful style permission control, support permission control for the same URL and different HTTP Mehtods, which is suitable for more scenarios.
Preview address:
Document address:
Default administrator account: admin, password: 123456
Common user account: user, password: 123456
In order not to affect the browsing experience of others, please try not to perform sensitive operations such as deleting classes. admin is a super administrator and automatically has full permissions.Support to verify permissions according to the same URL and different HTTP methods, and support RESTful scenarios.
It integrates OAuth2 login and provides an interface for easy expansion and development.
Global exception handling. Distinguish between returning JSON data and error pages depending on how the request is made.
Logback MDC support, which adds the IP address of the current login holder and operator to the log.
JSR-303 Data Validation.
jdk 1.8
mysql 5.7
redis
git cloneUse your own IDE to import, both Eclipse and IntelliJ Idea.
To create a database, select UTF8 for the character set and UTF8 General CI. for the collation
Then import the shiro actionsql to the database.
Open the applicationproperties to modify MySQL and Redis connection information.
spring.redis.host=127.0.0.1spring.redis.port=6379spring.cache.type=redisspring.datasource.username=rootspring.datasource.password=123456spring.datasource.url=jdbc:mysql:Once you've completed the above steps, find the ShiroActionApplication startup class and start it.
After startup, the access address is: http: localhost:8080, username: admin, password: 123456
Front-end framework: layui
Background template: z-admin
springboot 2.0.6.release
shiro 1.4.0
mybatis 1.3.2
druid 1.1.10
pagehelper 1.2.9
shiro-redis 3.2.3
OAuth2 Authentication Utility Class: JustAuth
hutool :
3. The core features of shiro-action
RESTful style permission control:shiro-action supports permission control based on different HTTP methods of the same URL, which enables the system to manage permissions more granularly and adapt to more scenarios.
oauth2 login integration:shiro-action integrates the oauth2 login mechanism, provides an easy-to-expand interface, and enhances the security of the system.
Global exception handling. : The system distinguishes between returned JSON data and error pages based on the request mode, improving the user experience.
Logback MDC support:shiro-action integrates logback MDC to add the current login and operator IP to the log, which is convenient for problem tracking.
JSR-303 Data Validation. : JSR-303 data verification ensures the accuracy and completeness of the data.
Fourth, the choice of front-end and back-end frameworks
SHIRO-Action's front-end framework chose LayUI, a lightweight, modular front-end UI framework that enables quick building of beautiful, easy-to-use user interfaces. The backend template is z-admin, which is a backend management system template based on Bootstrap that provides rich features and a good user experience.
5. Application cases and prospects
Shiro-Action has been successfully applied in real projects, providing secure and efficient permission management for multiple RESTful APIs. With the popularization of RESTful APIs, the application of Shiro-Action is very promising.
VI. Conclusions
As a RESTful permission management system based on SHIRO, Shiro-Action has become an indispensable part of modern software development due to its powerful functions, flexible configuration and good user experience. Through an in-depth analysis of its technology stack, core features, and use cases, we can see the great value of Shiro-Action in real projects.
Project ** Address:
Front-end Open Source Vue Open Source Project Selected J**a Backend