Authentication

Protecting a Spring Boot App with Apache Shiro

July 13, 2017 bdemers

My favorite thing about Apache Shiro is how easy it makes handling authorization. You can use a role-based access control (RBAC) model of assigning roles to users and then permissions to roles. This makes dealing with the inevitable requirements change simple. Your code does not change, just the permissions associated with the roles. In this post I want to demonstrate just how simple it is, using a Spring Boot application and walking through how I’d handle the following scenario:

Brian Demers

Home

Blog

Recent Posts

From Hour-Long Builds to Streamlined Productivity: The Spring Boot Journey

Add Auth to Any App with OAuth2 Proxy

Authenticate from the Command Line with Java

Three Ways to Run Your Java Locally with HTTPS

Five Anti-Patterns with Secrets in Java