Apache Shiro
Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management. It provides a clean API for securing applications from the smallest mobile applications to the largest enterprise systems.
APIs
Apache Shiro
Shiro provides a Java API for authentication (login/logout), authorization (access control), cryptography (hashing/encryption), and session management, with support for web appl...
Capabilities
Features
Pluggable authentication with username/password, remember-me, and token support
Role-based and permission-based access control with wildcard permissions
Native session management independent of HTTP containers
Password hashing with salt, bcrypt, Argon2, and SHA-256
JDBC, LDAP, properties file, and custom realm support
Filter-based web application security with URL pattern matching
AOP and annotation-based security for method-level authorization
Use Cases
Secure Java web applications with authentication and URL-based access control
Protect REST APIs with token authentication and permission checks
Stateless JWT authentication for microservice architectures
Role-based admin interface with fine-grained permissions
Integrations
Shiro Spring integration for bean-level security
Java EE web filter integration for servlet containers
LDAP realm for enterprise user directory authentication
Database-backed realm for user and permission storage
Distributed session management with Hazelcast