Shulou(Shulou.com)06/01 Report--

This article is to share with you about Spring Boot+JWT+Shiro+MybatisPlus how to achieve Restful rapid development of back-end scaffolding, the editor feels very practical, so share with you to learn, I hope you can get something after reading this article, say no more, follow the editor to have a look.

I. background

Front-end separation has become the standard of Internet project development, which will lay the foundation for large-scale distributed architecture in the future. SpringBoot makes coding configuration and deployment easy, and more and more Internet companies have chosen SpringBoot as the entry-level micro-framework for micro-services.

Mybatis-Plus is an enhancement tool for Mybatis, has a code generator, and provides single-table CRUD operations similar to hibernate, while retaining the features of mybatis to support customized SQL.

Apache Shiro is a powerful and easy-to-use Java security framework. Java officially recommends Shiro, which is easier to use than Spring Security. Spring's own series of Spring side4 has also expanded its permissions to Shiro.

Now that API is becoming more and more popular, how to protect these API safely? JSON Web Tokens (JWT) can provide security authentication based on JSON format. JWT can carry its own identity information across different languages, and it is very easy to communicate.

II. Project characteristics

1. The custom @ Log annotation automatically logs to the database.

two。 The custom @ Pass annotation interface does not require authentication.

3. Use JSONObject to obtain body request parameters uniformly to reduce the number of entity classes. Complete the custom @ ValidationParam annotation to verify that the request parameter is empty.

4. Using the bcrypt algorithm to encrypt passwords, the famous code hosting website Github and the US military firewall also use this algorithm. Relying on the bcrypt algorithm will successfully keep most accounts whose password strength is not very high.

5. Configure permissions with Shiro annotations, highly flexible, and provide permission control at the button level. Backend APIs only verify permissions, regardless of roles. Use the custom @ CurrentUser annotation to get the current login user, and the Controlle layer unifies exception handling:

6. Use SpringAOP aspect programming to carry out declarative transactions, filter request parameters and prevent XSS attacks.

7. Log in using POST to return token and permission information (the naming specification of service layer addition and deletion method will automatically add things) to ensure that the request is stateless, and the returned entity will not be displayed if the attribute is empty.

III. Program logic

1. Fill in the username and password and use POST to request access to the / login interface and return information such as token tokens. If you fail, you will directly jump to the 401 error page.

two。 Add the Authorization and the token token returned at login to the Headers of the request that needs to be authenticated later.

3. The server performs token authentication and fails to jump to the 401 page.

4. Use JWT for authentication (login) and Shiro for authorization.

IV. Running the project

Project structure:

Download the source code through git. This project is based on JDK1.8.

Using Maven project management, modularization, when importing IDE, directly select the pom import of liugh-parent

Create the database liugh, code the database as UTF-8, execute the liugh.sql file, and initialize the data

Modify application-dev.properties, update MySQL account and password

Eclipse, IDEA run SpringbootApplication.java, you can start the project. Or run the command mvn clean package in the liugh-parent directory, and then run the java-jar liugh-web.jar command in the liugh-web/target directory

Start a redis service

Access login interface: localhost:8081/api/login

Account password: 13888888888Accord 123456

Get token to access other interfaces

Attention! / api/v1; compiler will be added to the accessed interface url. Please install the lombok plug-in, otherwise it will be red.

Run the screenshot:

Colored eggs: the project notes are complete, and the startup pattern is customized ~

This is how Spring Boot+JWT+Shiro+MybatisPlus implements Restful rapid development of back-end scaffolding. The editor believes that there are some knowledge points that we may see or use in our daily work. I hope you can learn more from this article. For more details, please follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.