SpringBoot Scaffold Project with JWT and Shiro: Features, Setup, and Usage Guide

The author presents a SpringBoot scaffold project that combines JWT and Apache Shiro for authentication and authorization, aiming to simplify project initialization while avoiding future regrets.

Background : Front‑back separation is now standard for large distributed systems. SpringBoot streamlines coding, configuration, and deployment, and is widely adopted for micro‑service entry points. Mybatis‑Plus enhances Mybatis with code generation and convenient CRUD operations, while Apache Shiro offers a simple yet powerful Java security framework.

Project Features :

Custom @Log annotation automatically records logs to the database.

Custom @Pass annotation allows endpoints to bypass authentication.

Unified request body handling via JSONObject and a custom @ValidationParam annotation for null‑check validation.

Password encryption using the bcrypt algorithm.

Shiro annotations for fine‑grained, button‑level permission control; @CurrentUser retrieves the logged‑in user; global exception handling in controllers.

Spring AOP for declarative transactions and XSS protection.

Stateless POST login returning a token and permission data; service methods follow naming conventions that automatically apply transactions.

Program Logic :

POST to /login with username and password to obtain a JWT token; failure redirects to a 401 page.

Subsequent requests include the token in the Authorization header.

The server validates the token; invalid tokens also result in a 401 response.

JWT handles authentication while Shiro handles authorization.

Running the Project :

Steps include cloning the repository (JDK 1.8 required), using Maven for project management, creating a MySQL database named liugh with UTF‑8 encoding, importing liugh.sql , configuring application-dev.properties , starting a Redis service, and launching the application via IDE or mvn clean package followed by java -jar liugh-web.jar . The login endpoint is localhost:8081/api/login with credentials 13888888888/123456 . All API URLs are prefixed with /api/v1 . Lombok plugin is required for compilation.

The project includes complete comments, a custom startup banner, and the source code is available at GitHub .