InfoQ: Application Security With Apache Shiro - 0 views
-
Hendy Irawan on 06 Apr 11Apache Shiro (pronounced "shee-roh", the Japanese word for 'castle') is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management and can be used to secure any application - from the command line applications, mobile applications to the largest web and enterprise applications. Shiro provides the application security API to perform the following aspects (I like to call these the 4 cornerstones of application security): Authentication - proving user identity, often called user 'login'. Authorization - access control Cryptography - protecting or hiding data from prying eyes Session Management - per-user time-sensitive state Shiro also supports some auxiliary features, such as web application security, unit testing, and multithreading support, but these exist to reinforce the above four primary concerns.