Step-by-step tutorial for securing a web application with Apache Shiro.

Learn how Shiro handles permissions, roles and users.

1.5.2 available with fix CVE-2020-1957 (2020-3-23)

Apache Shiro™ is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management. With Shiro’s easy-to-understand API, you can quickly and easily secure any application – from the smallest mobile applications to the largest web and enterprise applications.

Authentication Support logins across one or more pluggable data sources (LDAP, JDBC, Active Directory... Read More >>> Authorization Perform access control based on roles or fine grained permissions, also using plug... Read More >>>

Cryptography Secure data with the easiest possible Cryptography API’s available, giving you... Read More >>> Session Management Use sessions in any environment, even outside web or EJB containers. Easily... Read More >>>