Home » Tag Archives: Apache Shiro

Tag Archives: Apache Shiro

A Grails plugin to bridge Spring Security and Shiro

grails-logo

I started using Spring Security in 2007 when I was tasked with adding security to a Spring/Hibernate application at the company I was working for. There were a few options to choose from, none of them particularly friendly to work with, and we chose Acegi Security because it was the most popular option for Spring applications. My experience was like ...

Read More »

Apache Shiro Part 3 – Cryptography

apache-shiro-logo

Besides securing web pages and managing access rights Apache Shiro does also basic cryptography tasks. The framework is able to: encrypt and decrypt data, hash data, generate random numbers. Shiro does not implement any cryptography algorithms. All calculations are delegated to Java Cryptography Extension (JCE) API. The main benefit of using Shiro instead of what is already present in Java ...

Read More »

Apache Shiro Part 2 – Realms, Database and PGP Certificates

apache-shiro-logo

This is second part of series dedicated to Apache Shiro. We started previous part with simple unsecured web application. When we finished, the application had basic authentication and authorization. Users could log in and log out. All web pages and buttons had access rights assigned and enforced. Both authorization and authentication data have been stored in static configuration file. As ...

Read More »

Apache Shiro Part 1 – Basics

apache-shiro-logo

Apache Shiro, originally called JSecurity, is Java security framework. It was accepted and became Apache top level project in 2010. It aims to be powerful and easy to be used. The project is in active development with active both users and developers mailing lists. Most important areas are documented on its web page. However, it has lot of gaps in ...

Read More »

Secure Encryption in Java

apache-shiro-logo

Last time I wrote about cryptography, I outlined Apache Shiro crypto API and shown how to use its two symmetric ciphers. I also wrote that “You do not need more to encrypt and decrypt sensitive data in your applications.” I learned more about cryptography and found out that you need to know more. What I wrote is true to some ...

Read More »

Apache Shiro : Application Security Made Easy

apache-shiro-logo

Considering that JAVA is over 10+ years old, the number of choices for application developers that need to build authentication and authorization into their applications is shockingly low. In JAVA & J2EE, the JAAS specification was an attempt to address security. While JAAS works for authentication, the authorization part is just too cumbersome to use. The EJB and Servlet specifications ...

Read More »
Do you want to know how to develop your skillset and become a ...

Subscribe to our newsletter to start Rocking right now!

To get you started we give you our best selling eBooks for FREE!
Get ready to Rock!
To download the books, please verify your email address by following the instructions found on the email we just sent you.

THANK YOU!

Close