LoopAuth是一种低侵入、精简、轻量级、细粒度的Java Web权限管理框架目前包括以下功能:注释认证码认证登录功能有/无状态登录Redis登录业务存储分离后续扩展计划(按开发顺序排列):ABAC权限扩展微服务支持帐户风险监控官方地址:Gitee GitHub官方文档尝试它
LoopAuth是一个低侵入性、精简、轻量级、细粒度的Java Web权限管理框架
目前包括以下功能:
- 注释的身份验证
- 代码验证
- 登录功能
- 支持/不支持有状态登录
- Redis登录业务存储分离
后续扩建计划(按开发顺序排列):
- ABAC权限扩展
- Microservice支持
- 账户风险监控
官方地址:
- 吉蒂
- GitHub
- 官方文件
尝试一下
添加依赖关系
<! -- LoopAuth's Springboot plugin -->
<dependency>
<groupId>com.sobercoding</groupId>
<artifactId>LoopAuth-spring-boot-starter</artifactId>
<version>1.0.2</version>
</dependency>配置文件
无需配置的快速体验
扬明文件,完成其他配置后直接启动
- 需要启用登录规则和持久层的配置
令牌-persistence配置项 -
访问模式从请求中获取令牌位置,并且成功登录或登录续订操作也将主动返回令牌到达头或饼干中间
loop-auth:
time-out: 5 # 令牌 valid time (in seconds) default 24 hours
令牌-persistence: true # 令牌 persistence configuration default false
令牌-name: 令牌 # 令牌 name is also used as the default LoopAuth
mutualism: true # Token symbiosis is false by default, and if it is enabled, accounts can be online at the same time
exclusion: true # Mutually exclusive login, if the default is false, if multiple people operate the same device to log in, they will squeeze each other out (this configuration is only valid when mutualism=true)
max-login-count: 3 # The maximum number of logins of the same account defaults to 1 -1 means unlimited
renew: false # Auto-renewal defaults to true. Every time an isLogin operation is perf或med, the validity period of the 令牌 will be automatically refreshed
访问模式: # The 令牌 acquisition method defaults to [饼干, 头] 或der. That is, if the authentication is successful in the 饼干, it will not go to the 头 to obtain
- 头
- 饼干
secret-key: secret # Default LoopAuth Token generates key
令牌-persistence-prefix: 令牌Prefix # The prefix st或ed in the default LoopAuthToken 令牌 persistence layer
login-id-persistence-prefix: loginIdPrefix # The prefix st或ed by the default LoopAuthLoginId LoginId persistence layer
cookie-config: # cookie configuration
remember: true # Is it valid f或 a long time? The default is false. If it is turned on, the effective time of the cookie is time-out. If it is turned off, the cookie will be lost after the webpage is closed.
domain: localhost # domain default server domain
path: /test # default '/' path
http-only: true # default false whether to allow js operation
secure: true # Whether the default false is only transmitted in the https security protocol
# Security level Strict (third-party cookies are completely prohibited, and cookies will not be sent under any circumstances when crossing sites)
# Lax does not send third-party cookies, except f或 Get requests navigating to the target URL
# None does not limit the default parameters
same-site: Strict易于使用
- 新构建
控制器种类
@Rest控制器
public class Demo控制器 {
@GetMapping("/login")
public String register(){
// login method
LoopAuthFaceImpl.login("1");
return "login successful";
}
@GetMapping("/islogin")
public String isLogin(){
// verify login
LoopAuthFaceImpl.isLogin(;
return "logged in";
}
@GetMapping("/out")
public String loginOut(){
// verify login
LoopAuthFaceImpl.isLogin(;
// logout
LoopAuthFaceImpl.logout();
return "Logout successful";
}
}认证或登录验证
完成PermissionInterface接口
- 要实现角色/权限码认证,需要获取当前登录帐号的角色列表和权限码列表
- 需要手动实现
PermissionInterface接口和注入
public class PermissionInterfaceImpl implements PermissionInterface {
@Override
public Set<String> getPermissionSet(String userId, String loginType) {
// This is only f或 demonstration, so it is hard-coded to query the database 或 other operations acc或ding to the business
return new HashSet<String>() {
{
add("user-*");
}
};
}
@Override
public Set<String> getRoleSet(String userId, String loginType) {
// This is only f或 demonstration, so it is hard-coded to query the database 或 other operations acc或ding to the business
return new HashSet<String>() {
{
add("user");
}
};
}
}自动注入
- 存在
PermissionInterface添加到实现类@ component只是评论
@ component
public class PermissionInterfaceImpl implements PermissionInterface {
...
}手动注射
- 确保在项目启动时执行以下语句
LoopAuthStrategy.setPermissionInterface(new PermissionInterfaceImpl());循环身份验证验证模式
-
循环身份验证验证模式枚举类包含或、和、不 -
或代表或 -
和代表与 -
不代表非 - 所有需要的
循环身份验证验证模式方法,如果未填充,则默认和
代码验证
- 默认情况下,所有需要登录的方法都会在内部调用一次
LoopAuthFaceImpl.isLogin(;,现在checkByRole当使用wait方法时,不需要手动调用isLogin
// determine whether to log in
LoopAuthFaceImpl.isLogin(;
// Determine whether the user has the user role
LoopAuthFaceImpl.checkByRole("user")
// Determine whether the user has the permission code in user-** 或 或der-get
LoopAuthFaceImpl.checkByPermission(循环身份验证验证模式.或, "user-**","或der-get")注释的身份验证
- 所有需要登录的方法将默认执行
@LoopAutoCheckLogin,现在@LoopAuthPermission不需要使用@LoopAutoCheckLogin - 注释可以添加到类中,以避免重复工作
- 注释身份验证需要依赖于拦截器
注入拦截器
@ component
public class LoopAuthMvcConfigure implements WebMvcConfigurer {
/**
* Register the LoopAuth intercept或 and enable the annotation authentication function
*/
@Override
public void addIntercept或s(Intercept或Registry registry) {
// register annotation intercept或
registry.addIntercept或(new LoopAuthAnnotationIntercept或()).addPathPatterns("/**");
}
}使用注释进行拦截
// verify login
@LoopAutoCheckLogin
// Determine whether the user has the permission code in user-** 或 或der-get
@LoopAuthPermission(value= {"user-**","或der-get"},mode = 循环身份验证验证模式.或)
@GetMapping("/testPermission")
public String testPermission(){
return "Detected successfully";
}
// verify login
@LoopAutoCheckLogin
// Determine whether the user has the user role
@LoopAuthRole(value="user")
@GetMapping("/testRole")
public String testRole(){
return "Detected successfully";
}更多功能,请查看官方文档
