Base Admin: Overview of a Simple General‑Purpose Backend Management System

Introduction

This Base Admin is a simple, generic backend management system offering permission management, menu management, user management, system settings, real‑time logs, monitoring, API encryption, and user‑customizable menus.

Technology Stack

Frontend: layui; Backend: SpringBoot + Thymeleaf + WebSocket + Spring Security + Spring Data JPA + MySQL.

Project Structure

The Java, HTML, JS, and CSS files are organized under a main directory with sub‑directories for each database table.

Key Features

Login

Demonstrates login with text‑type password field, dev environment bypasses captcha, and supports multiple login restrictions.

Account Restrictions

Supports allowing or forbidding multiple online sessions, soft deletion, IP address restrictions, and account expiration.

System Settings

Provides basic system property configuration with extensibility for additional settings such as initial user management and password reset.

Menu Management

Implements a layui Tree for menu hierarchy with add, delete, edit capabilities.

Permission Management

Offers CRUD operations for permissions, with dynamic loading from the database rather than hard‑coded values.

Dynamic Permission Loading

Permissions are read from the database and updated each time the save method is called; examples show how ROLE_USER gains access after permission assignment.

User Management

Handles user information, login restrictions, menu and permission assignments, with changes taking effect on next login or after a page refresh; includes a "current online users" feature.

Login User Information

Allows users to modify basic profile data and password (MD5‑hashed to hex); also supports custom quick‑access menus.

Real‑time Log

Uses WebSocket to push logs to the web page, refreshing every second (note: only dev environment configured).

Real‑time Monitoring

Monitors system hardware and JVM memory via WebSocket, refreshing every second (tested on Windows).

API Encryption

Provides request parameter encryption and response data encryption with a toggle switch; includes screenshots for enabling/disabling encryption.

Key Points Explanation

1. Custom URL access control with dynamic permission loading requires custom authentication data source, manager, and interceptor.

2. API encryption must decrypt request parameters before UsernamePasswordAuthenticationFilter processes them, using a custom RequestWrapper in CaptchaFilterConfig.

3. RSA key pair generation at startup can cause mismatched keys after hot‑deployment; fetching the public key on the index page resolves this issue.

Updates

1. Added Baidu UEditor integration (MySQL column type changed to LONGTEXT).

2. Implemented "remember me" functionality (reference blog link provided).

3. Added system color customization.

4. Added real‑time online user management with forced logout capability.

Code Repository

GitHub: https://github.com/huanzi-qch/base-admin

Gitee: https://gitee.com/huanzi-qch/base-admin