Watch 23 Star 112 Fork 21

tomsun28 / surenessJavaApache-2.0

Join us
Explore and code with more than 5 million developers,Free private repositories !:)
Sign up
一个开箱即用的高效认证鉴权框架,专注于Restful Api的保护 spread retract

Clone or download





Sureness is a new, permission project which author learn from apache shiro and add some ideas to create it
Authentication for restful api, based on RBAC, Mainly focused on the protection of restful api
Native supports restful api, websocket's protection
Native supports dynamic permissions
Native supports JWT, Basic Auth... Can extend custom supported authentication methods
[High performance due dictionary matching tree](#Why Is High Performance)
Sorry about google english.

Components of Repository:

Some Conventions

  • Based RBAC, but only has role-resource, no permission action
  • We treat restful requests as a resource, resource format like requestUri===httpMethod.
    That is the request uri + request method(post,get,put,delete...) is considered as a resource as a whole.
    eg: /api/v2/book===get
  • User belong some Role -- Role owns Resource -- User can access the resource



<!-- -->


compile group: 'com.usthe.sureness', name: 'sureness-core', version: ''

Portal, always is a filter intercepting all requests:


Authentication passed directly, failure throw exception, catch exception and do something:

        try {
            SubjectSum subject = SurenessSecurityManager.getInstance().checkIn(servletRequest);
        } catch (ProcessorNotFoundException | UnknownAccountException | UnsupportedSubjectException e4) {
            // Create subject error related execption 
        } catch (DisabledAccountException | ExcessiveAttemptsException e2 ) {
            // Account disable related exception
        } catch (IncorrectCredentialsException | ExpiredCredentialsException e3) {
            // Authentication failure related exception
        } catch (UnauthorizedException e5) {
            // Authorization failure related exception
        } catch (RuntimeException e) {
            // other sureness exception
sureness exception exception note
SurenessAuthenticationException basic authenticated exception,Authentication related extend it
SurenessAuthorizationException basic authorized exception,Authorization related extend it
ProcessorNotFoundException authenticated,not found process support this subject
UnknownAccountException authenticated,unknown account
UnSupportedSubjectException authenticated,unSupport request
DisabledAccountException authenticated,account disable
ExcessiveAttemptsException authenticated,excessive attempts
IncorrectCredentialsException authenticated, incorrect credential
ExpiredCredentialsException authenticated,expired credential
UnauthorizedException authorized,no permission access this resource

custom exception should extend SurenessAuthenticationException or SurenessAuthorizationException

If the configuration resource data comes from text, please refer to 10 Minute Tutorial's Program--sample-bootstrap
If the configuration resource data comes from database, please refer to 30 Minute Tutorial's Program--sample-tom

Have Fun

Advanced Use

if know sureness [Process flow](#Process flow), maybe know the extend point

sureness support custom subject, custom subjectCreator, custom processor and more.

suggest look these interface before extending:

  • Subject: Authenticated authorized user's account interface, provide the account's username,password, request resources, roles, etc.
  • SubjectCreate: create subject interface, provider create method
  • Processor: process subject interface, where happen authentication and authorization
  • PathTreeProvider: resource data provider, it can load data from txt or database,etc
  • SurenessAccountProvider: account data provider, it can load data from txt or database,etc
  1. custom datasource

implment PathTreeProvider, load in DefaultPathRoleMatcher
implment SurenessAccountProvide, load in processor

  1. custom subject

implment Subject, add custom subject content
implment SubjectCreate to create custom subject
implment Processor to support custom subject

  1. custom processor

a subject also can support by different processor, so we can custom processor to support custom subject implment Processor, set which subject can support and implment processing details

Detail please refer to 30 Minute Tutorial's Program--sample-tom

Why Is High Performance


Process flow



Apache License, Version 2.0

Comments ( 8 )

Sign in for post a comment


Help Search

205735 778617b6 1899542 205747 347fc4a1 1899542