DEV Community

Cover image for A security framework that focus on the protection of rest api

Posted on

A security framework that focus on the protection of rest api

Hi everyone! After 22 versions, I'm excited to announce that the JVM security framework for REST APIs, Sureness, is officially GA.

sureness - welcome to use and star. Thanks!

📫 Background

In the mainstream web architecture, how to protect the restful api provided by the back-end through effective and fast authentication has become particularly important.

For existing frameworks, whether it is apache shiro which does not natively support rest, or deeply bound spring, the slower performance and steep learning curve of spring security are not our ideal framework.

Ever since sureness was born, we hope to solve these, provide a restful api, no framework dependency, can dynamically modify permissions, multiple authentication policies, faster, easy to use and extend security framework.

🎡 Introduction

Sureness is a new, permission project which we learn from apache shiro and add some ideas to create it.

Authentication for restful api, based on RBAC, mainly focused on the protection of restful api.

No specific framework dependency(support springboot, quarkus, javalin, ktor and more).

Support dynamic modification of permissions.

Support websocket, mainstream http container(servlet and jax-rs).

Supports JWT, Basic Auth, Digest Auth... Can extend custom supported authentication methods.

High performance due dictionary matching tree.

Good extension interface, demo and document.

The low configuration of sureness, easy to expand, and not coupled with other frameworks, enables developers to quickly and safely protect their projects in multiple scenarios.

🔍 Compare
~ sureness shiro spring security
multi framework support support support need modify not support
restful api support support need modify support
websocket support not support not support
path match dictionary matching tree ant match ant match
annotation support support support support
servlet support support support
jax-rs support not support not support
dynamic modification of permissions support support need modify support need modify
performance fast slower slower
learning curve simple simple steep
📈 Benchmark


Benchmark test shows sureness to lose 0.026ms performance compared to frameless application, shiro lose 0.088ms, spring security lose 0.116ms.

In contrast, sureness basically does not consume performance, and the performance (TPS loss) is 3 times that of shiro and 4 times that of spring security.

The performance gap will be further widened as the api matching chain increases.

Detail see Benchmark Test

✌ Framework Sample Support

Discussion (0)