Skip to main content


A simple and efficient jvm security framework that focus on the protection of REST API.

License Maven GitHub pull request check contexts Gitter GitHub Release Date star star

🎡 Introduction

Sureness is a simple and efficient open-source security framework that focus on the protection of REST API.
Provide authentication and authorization, based on RBAC.
No specific framework dependency (supports Javalin, Spring Boot, Quarkus, Ktor, Micronaut and more).
Supports dynamic modification of permissions.
Supports WebSockets and HTTP containers (Servlet and JAX-RS).
Supports JWT, Basic Auth, Digest Auth, and can custom auth methods.
High performance with Dictionary Matching Tree.
Good extension interface, demos and documentation.

Sureness has a sensible default configuration, is easy to customize, and is not couple to any one framework, which enables developers to quickly and safely protect their projects in multiple scenarios.

🔍 Compare

~SurenessShiroSpring Security
Multi Framework Supportsupportsupport need modifynot support
REST APIsupportsupport need modifysupport
Websocketsupportnot supportnot support
Path Matchdictionary matching treeant matchant match
Annotation Supportsupportsupportsupport
JAX-RSsupportnot supportnot support
Dynamic Permissionssupportsupport need modifysupport need modify
Learning Curvesimplesimplesteep

📈 Benchmark


Benchmark test shows Sureness to lose 0.026ms performance compared to frameless application, Shiro lose 0.088ms, Spring Security lose 0.116ms.
In contrast, Sureness basically does not consume performance, and the performance (TPS loss) is 3 times that of Shiro and 4 times that of Spring Security.
The performance gap will be further widened as the api matching chain increases.

Detail see Benchmark Test

✌ Framework Sample Support