SpringBoot Backend Scaffold with JWT Authentication and Shiro Authorization

Hello, I am a senior architect sharing a ready‑to‑use SpringBoot scaffold project that demonstrates how to combine JWT authentication with Apache Shiro authorization.

1. Background

Front‑end and back‑end separation has become the standard for internet projects, laying the foundation for large‑scale distributed architectures. SpringBoot simplifies coding, configuration, and deployment, and many companies adopt it as the entry‑level microservice framework.

Mybatis‑Plus is an enhancement tool for Mybatis that provides a code generator and convenient single‑table CRUD operations while retaining Mybatis’s flexibility for custom SQL.

Apache Shiro is a powerful and easy‑to‑use Java security framework; it is officially recommended by the Java community and is considered simpler than Spring Security.

2. Project Features

Custom @Log annotation automatically records logs to the database.

Custom @Pass annotation allows endpoints to bypass authentication.

Unified request body handling via JSONObject reduces the number of DTO classes; a custom @ValidationParam annotation validates that parameters are not null.

Password encryption using the bcrypt algorithm, the same method employed by GitHub and US military firewalls.

Shiro‑based permission annotations provide fine‑grained, button‑level access control; a custom @CurrentUser annotation retrieves the logged‑in user.

Spring AOP is used for declarative transactions and request‑parameter filtering to prevent XSS attacks.

Login endpoint returns a JWT token and permission information; the service layer follows naming conventions that automatically apply transactional behavior.

3. Program Logic

POST /login with username and password; on success a token is returned, otherwise a 401 error page is shown.

Subsequent requests must include the token in the Authorization header.

The server validates the token; failure results in a 401 response.

JWT handles authentication while Shiro handles authorization.

4. Running the Project

Project structure:

Clone the source code from GitHub (requires JDK 1.8).

Use Maven for project management; import the liugh‑parent pom into your IDE.

Create a MySQL database named liugh with UTF‑8 encoding and execute liugh.sql to initialize data.

Update application‑dev.properties with your MySQL credentials.

Run SpringbootApplication.java from Eclipse/IDEA, or execute mvn clean package and then java -jar liugh‑web.jar in the liugh‑web/target directory.

Start a Redis service.

Access the login API at http://localhost:8081/api/login using the credentials 13888888888/123456 .

Use the returned token to call other APIs; note that all API URLs are prefixed with /api/v1 .

Install the Lombok plugin in your IDE to avoid compilation errors.

Running screenshots and further details are provided in the original article.

The project includes comprehensive comments and a custom startup banner.

GitHub repository: github.com/qq53182347/liugh-parent

Feel free to discuss, ask questions, or share your thoughts with the author.