Explore a Java SpringBoot Base Admin System with Dynamic Permissions

Preface

This Base Admin is a simple, generic backend management system providing permission, menu, user management, system settings, real‑time logs, monitoring, API encryption, and features such as password change and personalized menus.

Technology Stack

Frontend: layui

Backend: SpringBoot, Thymeleaf, WebSocket, Spring Security, Spring Data JPA, MySQL

Project Structure

Java, HTML, JS, and CSS files are organized under a main directory with sub‑directories for each module.

Feature Demonstration

Login

For demonstration, the password field is shown as text and the dev environment bypasses captcha.

Account Online Restriction

Supports allowing or forbidding multiple simultaneous logins.

Soft Delete

Implements soft deletion of records.

Login IP Restriction

Limits login to specific IP addresses.

Account Expiration

Handles account expiration.

System Settings

Simple system property configuration; can be extended for additional settings such as initial user management and password reset.

Additional system settings are described at the end of the article.

Menu Management

Menu is displayed as a layui Tree with add, edit, delete operations.

Permission Management

CRUD operations for permissions.

Dynamic Permission Loading

Permissions are loaded from the database at runtime; changes take effect after saving.

Example: ROLE_USER initially has no access to /sys/**; after editing to include /sys/** the role gains access.

User Management

Manages user information, login restrictions, menu and permission assignments. Changes to permissions take effect after the next login; menu changes apply after a page refresh.

Includes online user management for forced logout.

Real‑time Log

Uses WebSocket to push log output to the web page, refreshing every second.

Note: Log configuration is only set for the dev environment; configure the prod environment before deployment.

Real‑time Monitoring

Monitors system hardware and JVM memory, updating every second via WebSocket.

API Encryption

Request parameters are encrypted; response data is also encrypted. A toggle in system settings enables or disables API encryption.

Encryption uses RSA key pairs generated at application startup.

Key Points

1. Custom URL access permissions require dynamic permission loading and custom authentication data source configuration.

2. API encryption must decrypt request parameters before Spring Security authentication, implemented in CaptchaFilterConfig.

3. During hot‑deployment, ensure the frontend fetches the latest public key to avoid encryption failures.

Updates

1. Added Baidu UEditor integration (upload interface not configured).

2. Implemented “remember me” functionality.

3. Added system color customization.

4. Added online user management with forced logout.

Code Repository

GitHub: https://github.com/huanzi-qch/base-admin

Gitee: https://gitee.com/huanzi-qch/base-admin