Stack Overflow
Stack Overflow

Questions tagged [shiro]

Apache Shiro is a Java security framework that performs authentication, authorization, cryptography, and session management.

Apache Shiro is a Java security framework that performs authentication, authorization, cryptography, and session management. Shiro's API provides mechanisms to secure a variety of application types, including mobile software, web apps, and enterprise systems.

Shiro can be configured using .ini files, programmatic setup, or a combination of both. For more information see:

1252 questions
133
votes
3 answers

Shiro vs. SpringSecurity

I have currently evaluating Java based security frameworks, I am a Spring 3.0 user so it seemed that SpringSecurity would be the right Choice, but Spring security seems to suffer from excessive complexity, it certainly does not seem like it is…
ams
  • 60,316
  • 68
  • 200
  • 288
64
votes
1 answer

How can I delegate JAAS authorization checks to Shiro?

I'm developing a server-side application that needs authentication and authorization based on objects. I like Shiro's simplicity, but for being compatible with JAAS, I wrote a LoginModule that uses Apache Shiro as the underlying mechanism. But my…
Deniz Acay
  • 1,609
  • 1
  • 13
  • 24
48
votes
5 answers

Spring security vs Apache Shiro

What I have researched so far most people are saying Apache Shiro is easy to use and easy to integrate with CAS (for SSO etc). Just to ask if anyone has experience using both of them and which one to use and why one is better than other?
Java SE
  • 2,073
  • 4
  • 19
  • 25
35
votes
2 answers

Can I use expressions in Apache Shiro security annotations?

I've been doing some comparisons between Apache Shiro and Spring Security - I'm really loving the security model that Shiro uses and believe it to be far cleaner that Spring Security. However, one big nice-to-have would be to be able to reference…
DrewEaster
  • 3,316
  • 3
  • 35
  • 39
26
votes
4 answers

NoSuchMethodError: org.slf4j.impl.StaticLoggerBinder.getSingleton()

The issue was caused by one of the dependencies in my pom.xml [cxf-bundle-jaxrs] which internally uses lower version of slf4j. I managed to resolve this issue by upgrading this dependency to the latest release. Thanks everyone. I'm trying to add…
enfany
  • 875
  • 2
  • 15
  • 33
23
votes
7 answers

Remove jsessionid from URL

I'm working on a project with the following technologies: Spring ShiroFilter PrettyFaces Tomcat server While I'm deploying it on tomcat server, I'm getting a "JSESSIONID 456jghd787aa" added at the end of the URL. I was trying to resolve this but…
Cijo
  • 345
  • 3
  • 5
  • 10
19
votes
3 answers

When to move from Container managed security to alternatives like Apache Shiro, Spring Security?

I am trying to secure my application which is built using JSF2.0. I am confused about when do people choose to go with security alternatives like Shiro, Spring Security or owasp's esapi leaving behind container managed security. Having seen some of…
Rajat Gupta
  • 25,853
  • 63
  • 179
  • 294
19
votes
4 answers

High level Java security framework

What security framework do you use in your Java projects? I used Spring Security and Apache Shiro and they both look immature. Spring Security flaws: no native support for permissions; no ability to use explicitly in Java code (sometimes it's…
Andrey Minogin
  • 4,521
  • 6
  • 38
  • 60
17
votes
2 answers

apache shiro allowing multiple roles to Access a url not working

I have a simple web project. I want to have access to more than one role in this project is a URL. sihor.ini section of the url [urls] /login.xhtml = authc /logout = logout /admin/** = user, roles[admin] /guest/** = user, roles[admin,guest] I'm…
Rhododendron
  • 559
  • 2
  • 7
  • 15
16
votes
4 answers

How to configure JDBCRealm to obtain its DataSource from JNDI

How do you use a JDBCRealm to handle authenticating and authorizing users in servlets? The only example I can find is to create the DataSource in web.xml (such as Authentication against database using shiro 1.2.1). I do not want to include database…
Recurse
  • 3,557
  • 1
  • 23
  • 36
15
votes
1 answer

Shiro authentication with sessionId or username+password

I do not have much experience in Java authentication frameworks and authentication workflow in general (only some theoretical knowledge), so for educational purposes I'm trying to create this type of authentication for my HTTP application: Client…
bezmax
  • 25,562
  • 10
  • 53
  • 84
14
votes
1 answer

Understanding authentication in a Java Application Server

I'm currently working on a project running on JBoss AS 7 that requires authentication from a variety of sources. I'm trying to get an understanding of the various components that combine to provide authentication. I have some assumptions / guesses…
Phyxx
  • 15,730
  • 13
  • 73
  • 112
14
votes
1 answer

Apache Shiro 1.4.0 initialization

I installed Apache Shiro 1.4.0 and was following this official tutorial in order to set it up. When I tried to initialize SecurityUtils with SecurityManager using this code from tutorial: Factory factory = new…
Vasiliy
  • 16,221
  • 11
  • 71
  • 127
13
votes
3 answers

What database tables does Apache Shiro require?

I want to use Apache Shiro and MySQL for my Realm. What tables and fields does Shiro need to work?
mehdi shahdoost
  • 1,469
  • 5
  • 17
  • 27
13
votes
1 answer

Apache Shiro - using database to read users, roles and permissions

Currently I've a Swing app and I wan't to integrate Apache Shiro in order to authenticate and delegate permissions to certain roles. I've already managed to read the users from the shiro.ini file that I've created for tests, it looks something like…
Abstract
  • 664
  • 1
  • 5
  • 15
1
2 3
83 84