Shulou(Shulou.com)05/31 Report--

SpringBoot+JWT+Shiro+MybatisPlus how to achieve Restful rapid development of back-end scaffolding, many novices are not very clear about this, in order to help you solve this problem, the following editor will explain in detail for you, people with this need can come to learn, I hope you can gain something.

I. background

Front-end separation has become the standard of Internet project development, which will lay the foundation for large-scale distributed architecture in the future. SpringBoot makes coding configuration and deployment easy, and more and more Internet companies have chosen SpringBoot as the entry-level micro-framework for micro-services.

Mybatis-Plus is an enhancement tool for Mybatis, has a code generator, and provides single-table CRUD operations similar to hibernate, while retaining the features of mybatis to support customized SQL.

Apache Shiro is a powerful and easy-to-use Java security framework. Java officially recommends Shiro, which is easier to use than Spring Security. Spring's own series of Spring side4 has also expanded its permissions to Shiro.

Now that API is becoming more and more popular, how to protect these API safely? JSON Web Tokens (JWT) can provide security authentication based on JSON format. JWT can carry its own identity information across different languages, and it is very easy to communicate.

II. Project characteristics

1. The custom @ Log annotation automatically logs to the database.

two。 The custom @ Pass annotation interface does not require authentication.

3. Use JSONObject to obtain body request parameters uniformly to reduce the number of entity classes. Complete the custom @ ValidationParam annotation to verify that the request parameter is empty.

4. Using the bcrypt algorithm to encrypt passwords, the famous code hosting website Github and the US military firewall also use this algorithm. Relying on the bcrypt algorithm will successfully keep most accounts whose password strength is not very high.

5. Configure permissions with Shiro annotations, highly flexible, and provide permission control at the button level. Backend APIs only verify permissions, regardless of roles. Use the custom @ CurrentUser annotation to get the current login user, and the Controlle layer unifies exception handling:

6. Use SpringAOP aspect programming to carry out declarative transactions, filter request parameters and prevent XSS attacks.

7. Log in using POST to return token and permission information (the naming specification of service layer addition and deletion method will automatically add things) to ensure that the request is stateless, and the returned entity will not be displayed if the attribute is empty.

III. Program logic

1. Fill in the username and password and use POST to request access to the / login interface and return information such as token tokens. If you fail, you will directly jump to the 401 error page.

two。 Add the Authorization and the token token returned at login to the Headers of the request that needs to be authenticated later.

3. The server performs token authentication and fails to jump to the 401 page.

4. Use JWT for authentication (login) and Shiro for authorization.

IV. Running the project

Project structure:

Download the source code through git. This project is based on JDK1.8.

Using Maven project management, modularization, when importing IDE, directly select the pom import of liugh-parent

Create the database liugh, code the database as UTF-8, execute the liugh.sql file, and initialize the data

Modify application-dev.properties, update MySQL account and password

Eclipse, IDEA run SpringbootApplication.java, you can start the project. Or run the command mvn clean package in the liugh-parent directory, and then run the java-jar liugh-web.jar command in the liugh-web/target directory

Start a redis service

Access login interface: localhost:8081/api/login

Account password: 13888888888Accord 123456

Get token to access other interfaces

Attention! / api/v1; compiler will be added to the accessed interface url. Please install the lombok plug-in, otherwise it will be red.

Run the screenshot:

Is it helpful for you to read the above content? If you want to know more about the relevant knowledge or read more related articles, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.