Apache Shiro is a Java security framework that can perform authentication, authorization, session management, along with a host of other features for building secure applications. In this tutorial, you will build a simple Java REST application using JAX-RS. JAX-RS, like many Java APIs, is a set of interfaces, and you will need to pick an implementation

My favorite thing about Apache Shiro is how easy it makes handling authorization. You can use a role-based access control (RBAC) model of assigning roles to users and then permissions to roles. This makes dealing with the inevitable requirements change simple. Your code does not change, just the permissions associated with the roles. In this post I want to demonstrate just how simple it is, using a Spring Boot application and walking through how I’d handle the following scenario:

Security is probably the most important thing for your application, but it doesn’t have to be the hardest thing. Today I’ll show you how to use Shiro’s wildcard permissions to enable fine grained Role-Based Access Control (RBAC) which makes granting user permissions trivial (a single line). This will also make your application’s security policy more flexible, so when your business rules change (and you know they will) your code does not have to. You can read more about RBAC and Roles vs…

I am happy to announce the the 0.8.0-RC1 release of our Stormpath-Shiro integration. This release builds on top of the recent Apache Shiro 1.4.0-RC2 release.

Welcome to the new Apache Shiro Stormpath integration! This new release features a servlet plugin, plus deeper support for Spring and Spring Boot. Until now, we have only had a basic Apache Shiro realm for Stormpath. While sufficient, this basic realm never granted access to the full suite of Stormpath services. Today, that changed!