Skip to main content

Focus on Protection of API

Extendable

Focus on the protection of REST API. Based on RBAC.
Provides authentication and authorization, etc.
Extension custom interface is simple and really useful.

Compatible

Support WebSockets, HTTP containers (Servlet and JAX-RS).
No framework dependency.Native supports Spring Boot, Spring WebFlux, Javalin, Quarkus,Ktor, Solon, Jfinal, Micronaut etc.

Multi And Fast

Supports JWT, Basic Auth, Digest Auth etc.
Dynamic modification of permissions.
High performance with Dictionary Matching Tree.

Support for Jvm Modern Frameworks

Sureness allows you to security any server written with jvm modern frameworks such as Spring, Spring Boot, Spring WebFlux, Javalin, Quarkus, Micronaut, Solon, Jfinal or Ktor as well as frameworks for Kotlin.

The essence of Sureness is to use interceptor(like servlet filter or Spring interceptor) to intercept all rest requests for authenticating and authorizing.
So no matter any framework, as long as it has a interceptor, it can integrate with sureness. Sureness uses Exception Handling Process, checkIn() will return SubjectSum(user information) when auth success, or throw different types of auth exceptions when auth error.

Native Support for:

springJavalinMicronautQuarkusKtor

@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)
throws IOException, ServletException {
try {
SubjectSum subject = SurenessSecurityManager.getInstance().checkIn(servletRequest);
} catch (IncorrectCredentialsException | UnknownAccountException | ExpiredCredentialsException e1) {
logger.debug("this request account info is illegal");
responseWrite(ResponseEntity
.status(HttpStatus.UNAUTHORIZED).body(e1.getMessage()), servletResponse);
return;
} catch (UnauthorizedException e4) {
logger.debug("this account can not access this resource");
responseWrite(ResponseEntity
.status(HttpStatus.FORBIDDEN).body(e4.getMessage()), servletResponse);
return;
} catch (RuntimeException e) {
logger.error("other exception happen: ", e);
responseWrite(ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).build(),
servletResponse);
return;
}
filterChain.doFilter(servletRequest, servletResponse);
}

Multi Support Samples

Sureness integrate Spring Boot sample(configuration file scheme)
Sureness integrate Spring Boot sample(database scheme)
Sureness integrate Quarkus sample
Sureness integrate Javalin sample
Sureness integrate Ktor sample
Sureness integrate Spring Webflux sample
Sureness integrate Micronaut sample
Sureness integrate Jfinal sample
Sureness integrate Solon sample
Sureness integrate Spring Gateway sample
Sureness integrate Zuul sample
Sureness integrate Session sample
Sureness integrate Redis Session cache sample

Benchmark Compare

Benchmark test shows Sureness to lose 0.026ms performance compared to frameless application, Shiro lose 0.088ms, Spring Security lose 0.116ms.
In contrast, Sureness basically does not consume performance, and the performance (TPS loss) is 3 times that of Shiro and 4 times that of Spring Security.
The performance gap will be further widened as the api matching chain increases.

ab -n 4000 -c 50 -A root:23456 localhost:8088/api/v1/source1
Detail see Benchmark Test

Why Is High Performance

In a large number of requests, we found that the linear matching of the filter chain is a performance bottleneck.
So we used a dictionary matching tree instead of linear ant matching.
Practice has proved that it is very effective.

Get Started With Sureness within Minutes

We provide many tutorials and samples, you can refer to them to builda complete permission project within 10 minutes.
Have Fun!


<dependency>
<groupId>com.usthe.sureness</groupId>
<artifactId>sureness-core</artifactId>
<version>1.0.6</version>
</dependency>

compile group: 'com.usthe.sureness', name: 'sureness-core', version: '1.0.6'

Friend Links

MaxKey
TLog
Hutool
Sa-Token
LiteFlow
jpom