Good Monday, everybody. After 22 versions and more than 2 years of iteration, we are excited to announce that our security framework for REST APIs, Sureness, is officially GA.
📫 background
In the mainstream front-end separation architecture, it is important to protect the RESTful APIs provided by the back end with efficient and rapid authentication. For existing frameworks, Apache Shiro, which does not support REST natively, or Spring Security, which is deeply bound, slow and has a steep learning curve, are more or less not our ideal type. So Sureness was born, and we wanted to solve this problem by providing a RESTful oriented API, no framework dependencies, dynamically changing permissions, multiple authentication policies, faster, easy to use and extensible authentication authentication framework.
🎡 introduction
surenessWe are using the permission framework in depth
apache shiroThen, absorb some of its advantages of a new design and development of a certification authentication framework
oriented
restful apiBased on
rbac(User-Role-Resources) focuses on the
restful apiThe safety protection of
No specific framework dependencies (essentially, filters that intercept judgment, already exist
springboot,quarkus,javalin,ktorEtc integration sample)
Support for dynamic modification of permission configuration (dynamically modify configuration for each
rest apiWho has access)
support
websocketThe mainstream,
httpThe container
servlet和
jax-rs
Support for multiple authentication policies,
jwt, basic auth, digest auth. Extensible custom supported authentication methods
High performance based on improved dictionary matching tree
Good extension interface, samples and documentationWith its low configuration, easy extensibility and non-coupling with other frameworks, Sureness is expected to help developers quickly and safely protect multiple scenarios of their projects
🔍 Frame comparison
| ~ | sureness | shiro | spring security |
|---|---|---|---|
| Multi-framework support | support | Need to change support | Does not support |
| restful api | support | Need to change support | support |
| websocket | support | Does not support | Does not support |
| Filter chain matching | Optimized dictionary matching tree | Ant matching | Ant matching |
| Annotation support | support | support | support |
| servlet | support | support | support |
| jax-rs | support | Does not support | Does not support |
| Dynamic permission modification | support | Need to change support | Need to change support |
| Performance speed | faster | The slower | The slower |
| The learning curve | simple | simple | steep |
📈 Benchmark performance testing
** Benchmarks show that Sureness consumes 0.026ms performance compared to non-access framework applications, Shiro consumes 0.088ms, and Spring Security consumes 0.116ms. By comparison, Sureness consumes almost no performance, and its performance (reference TPS loss) is three times that of Shiro. Spring Security’s 4x performance gap is further widened by increasing the chain of API matches as detailed in the benchmarks
The ✌ framework supports samples
- Sureness integrates SpringBoot sample (configuration file scheme) Sample-Bootstrap
- Sureness integrates SpringBoot sample (database scheme) Sample-Tom
- Sureness Integration Quarkus Sample Sample-Quarkus
- Sureness Integration Javalin Sample Sample-Javalin
- Sureness integrates ktor sample sample-ktor
- Sureness integrates Spring WebFlux sample Sample-Spring-WebFlux
- more samples todo
Project warehouse address, welcome to use, open source is not easy, feel good, please give encouragement to the bosses under the star, bow thanks.
Gitee repository address Gitee repository address