Hi everyone! After 22 versions, I'm excited to announce that the JVM security framework for REST APIs, Sureness, is officially GA.
sureness - welcome to use and star. Thanks!
In the mainstream web architecture, how to protect the restful api provided by the back-end through effective and fast authentication has become particularly important.
For existing frameworks, whether it is apache shiro which does not natively support rest, or deeply bound spring, the slower performance and steep learning curve of spring security are not our ideal framework.
Ever since sureness was born, we hope to solve these, provide a restful api, no framework dependency, can dynamically modify permissions, multiple authentication policies, faster, easy to use and extend security framework.
Sureness is a new, permission project which we learn from apache shiro and add some ideas to create it.
Authentication for restful api, based on RBAC, mainly focused on the protection of restful api.
No specific framework dependency(support springboot, quarkus, javalin, ktor and more).
Support dynamic modification of permissions.
Support websocket, mainstream http container(servlet and jax-rs).
Supports JWT, Basic Auth, Digest Auth... Can extend custom supported authentication methods.
High performance due dictionary matching tree.
Good extension interface, demo and document.
The low configuration of sureness, easy to expand, and not coupled with other frameworks, enables developers to quickly and safely protect their projects in multiple scenarios.
|multi framework support||support||support need modify||not support|
|restful api||support||support need modify||support|
|websocket||support||not support||not support|
|path match||dictionary matching tree||ant match||ant match|
|jax-rs||support||not support||not support|
|dynamic modification of permissions||support||support need modify||support need modify|
Benchmark test shows sureness to lose 0.026ms performance compared to frameless application, shiro lose 0.088ms, spring security lose 0.116ms.
In contrast, sureness basically does not consume performance, and the performance (TPS loss) is 3 times that of shiro and 4 times that of spring security.
The performance gap will be further widened as the api matching chain increases.
Detail see Benchmark Test
- [x] sureness integration springboot sample(configuration file scheme) sample-bootstrap
- [x] sureness integration springboot sample(database scheme) sample-tom
- [x] sureness integration quarkus sample sample-quarkus
- [x] sureness integration javalin sample sample-javalin
- [x] sureness integration ktor sample sample-ktor
- [x] sureness integration spring webflux sample sample-spring-webflux
- [x] more samples todo