Apache Shiro > Index
Apache Shiro
Index
Edit Page   Browse Space   Add Page   Add News
Added by Gavin, last edited by Alex Salazar on Dec 02, 2009  (view change)

Welcome to Apache Shiro

Apache Shiro is a powerful and flexible open-source security framework that cleanly handles authentication, authorization, enterprise session management and cryptography.

Our mission: To provide the most robust and comprehensive application security framework available while also being very easy to understand and extremely simple to use.

Please feel free to read a little about us and check out the QuickStart.  Then Download the project and try it out.  Use the community resources at your disposal for support like the Mailing Lists and Forums, or maybe follow along with development issues. There are also a number of community Articles that you might find useful.

Features

Apache Shiro aims to be the most comprehensive, but also the easiest to use Java security framework available. Here are some of the frameworks finer points:

  • The easiest to understand Java Security API anywhere. Class and Interface names are intuitive and make sense. Anything is pluggable but good defaults exist for everything.
  • Simple authentication (login) supported by one or more pluggable data sources (LDAP, JDBC, Kerberos, ActiveDirectory, etc).
  • Simple authorization ('access control') with roles and fine-grained permissions support also using the above pluggable data sources.
  • First-class caching support for enhanced application performance.
  • Built-in POJO-based Enterprise Session Management. Use in both web and non-web environments or in any environment where Single Sign On (SSO) or clustered or distributed sessions are desired.
  • Heterogeneous client session access. You are no longer forced to use only the HttpSession or Stateful Session Beans, which often unnecessarily tied applications to specific environments. Flash applets, C# applications, Java Web Start, and Web Applications, etc. can now all share session state regardless of deployment environment.
  • Simple Single Sign-On (SSO) support piggybacking the above Enterprise Session Management. If sessions are federated across multiple applications, the user's authentication state can be shared too. Log in once to any application and the others all recognize that log-in.
  • Simplest possible Cryptography APIs. Our Ciphers and Hashes (aka Digests) wrap the more complicated Java Cryptography Extensions (JCE) infrastructure, and are much easier to understand and use. For example, new Md5Hash("blah").toHex(); gives you the hex-encoded MD5 hash of "blah".
  • An incredibly robust yet low-configuration web framework that can secure any url or resource, automatically handle logins and logouts, perform Remember Me services, and more.
  • Extremely low number of required dependencies. Standalone configuration requires only slf4j-api.jar and one of slf4j's binding .jars. Web configuration additionally requires commons-beanutils-core.jar. Feature-based dependencies (Ehcache caching, Quartz-based Session validation, Spring dependency injection, etc.) can be added when needed.

News

No news found.

Stay current with All Apache Shiro News

Generated by Atlassian Confluence (Version: 2.10.3 Build: 1519 Apr 15, 2009) Auto Export Plugin (Version: 1.0.0.beta1)