Apache Shiro, originally called JSecurity, is Java security framework. It was accepted and became Apache top level project in 2010. It aims to be powerful and easy to be used.
The project is in active development with active both users and developers mailing lists. Most important areas are documented on its web page. However, it has lot of gaps in documentation. It is not possible to learn to use most Shiro features from documentation alone. Luckily, the code is well commented and where I tried it was also easily readable.
Main Shiro features are:
- authentication,
- authorization,
- cryptography,
- session management.
In this article article we try and demonstrate various Shiro features. We start with simple unsecured web application, then we add security features into it. All code code is available in SimpleShiroSecuredApplication project on Github.