Sureness: Focusing on the Protection of REST API
In this article, a developer discusses an open-source project called Sureness, a framework that offers support for REST API security.
Join the DZone community and get the full member experience.Join For Free
Hi guys! In the mainstream web architecture, protecting the REST API provided by the back-end through effective and fast authentication has become particularly important.
For existing frameworks, whether it is apache shiro which does not natively support rest or deeply bound spring of spring security is not our ideal framework.
Ever since Sureness was born, we've hoped to solve these and provide a RESTful API with no framework dependency that can:
- dynamically modify permissions.
- provide multiple authentication policies, faster.
- provide an easy-to-use and extendable security framework.
Sureness is a simple and efficient open-source security framework that focuses on the protection of REST API. It features the following:
- Provide authentication and authorization, based on RBAC.
- No specific framework dependency (supports Javalin, Spring Boot, Quarkus, Ktor, and more).
- Supports dynamic modification of permissions.
- Supports WebSockets and mainstream HTTP containers (Servlet and JAX-RS).
- Supports JWT, Basic Auth, Digest Auth, and can be extended to support custom authentication methods.
- High performance due to a dictionary matching tree.
- Good extension interface, demo, and document.
Sureness has a sensible default configuration, is easy to customize, and is not coupled to any one framework, which enables developers to quickly and safely protect their projects in multiple scenarios.
The above benchmark test shows that Sureness loses by a small edge to frameless solutions, but beats out Shiro and Spring Security.
Additionally, Sureness basically does not consume performance, and the performance (TPS loss) is 3x that of Shiro and 4x that of Spring Security.
The performance gap will be further widened as the API matching chain increases.
You can see a more detailed benchmark test here.
Framework Sample Support
You can find a complete list of the frameworks that support Sureness integration below:
- Spring Boot sample (configuration file scheme) sample-bootstrap
- Spring Boot sample(database scheme) sample-tom
- Quarkus sample sample-quarkus
- Javalin sample sample-javalin
- Ktor sample sample-ktor
- Spring Webflux sample sample-spring-webflux
- Session sample sureness-session
- Redis Cache session sample sureness-redis-session
Hope you'll appreciate it! Thanks!
Published at DZone with permission of gong tom. See the original article here.
Opinions expressed by DZone contributors are their own.