read the comments that the separation of front and rear ends has nothing to do with permissions, but it does. In addition to the engineering level, the significance of front-end separation is to clarify the responsibility. The back-end is responsible for providing data, and the front-end is responsible for page interaction scheduling the interface data provided by the back-end. At this time, the security of the restful api interface provided by the backend becomes particularly important, such as authenticating the user when calling the interface, judging whether the user has access to the api interface, prohibiting malicious users from exceeding their authority, and so on.
for the existing framework, do not natively support rest apache shiro , or deep binding spring , slower performance, learning curve steep spring security , more or less these points will make us wonder which to choose. In fact, you can go according to your needs, whether you need to support restful api permissions, if you do not need or can modify shiro to support it, then choose shiro, because it is lightweight. Whether your project is based on spring, if that spring security is also very friendly, after all, my son.
of course, these two security frameworks are not the only two existing security frameworks in the jvm language. Let's also abruptly introduce the restful api-oriented high-performance authentication and authentication framework sureness, which natively supports rest, very quickly, has no characteristic framework dependency, and has a limited number of words. For more information, please see https://github.com/tomsun28/s. https://gitee.com/tomsun28/su., welcome to star