Pairing Apache Shiro and Java EE 7

| by Nebrass Lamouchi Follow 1 Followers on May 30, 2016

About the Author

​Nebrass Lamouchi is a Java Developer & an OWASP Project Leader. He lives and works in Paris. He is a Java technology enthusiast, trainer and speaker. Recently, Nebrass joined the NetBeans Dream Team. He is the co-founder of the NetBeans Day France. He has been working on many projects, in many sectors, including Business Management, Petroleum, Banking, Medical & healthcare and Defence & Space. He holds an M.Sc in Information Systems Security from ISG Tunis, Tunisia. His twitter account.


When securing systems, two elements of security are important: authentication and authorization. Though the two terms mean different things, they are sometimes used interchangeably because of their respective roles in application security.

Get started with the fundamentals of web authentication and authorization using Apache Shiro Framework.

Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management.

Learn how to use Shiro in a JavaEE7 application and how to use it in a web application.

This book will help you find out what Shiro actually is, and will help you to secure your Java EE project from scratch and to understand the security philosophy.

You will learn the big picture and how to set up Apache Shiro, which will give you a better understanding of the fundamentals of the framework. You will be introduced to the authentication and authorization flows and the different possible models of security.

You will get everything you need to start with Shiro immediately with just essential information.

Free download

Please choose

To receive this eMag + white paper bundle, please answer the following questions:

Would you also like to receive...

Java Unit Testing: Top Tips
Finding it difficult to introduce unit testing and keep a growing unit test suite alive? This white paper describes unit testing best practices so you can maximize potential benefits and ensure that your unit testing practices are worth the effort.
Sponsored by Parasoft
Yes, please bundle this white paper with the book.
Note: By checking the box you grant InfoQ permission to share your contact info with this sponsor.

Table of contents

  • Preface
    • What is in an InfoQ mini-book?
    • Who this book is for 
    • What you need for this book
    • Conventions
    • Reader feedback
  • Introduction
    • Personal case
    • Professional experience
    • Motivation for writing this tutorial 
  • The Shiro Philosophy
    • What is Shiro?
    • Plan of the castle
    • Why not JAAS or Spring Security ?
  • Sample Technology Stack
    • Technologies
    • Apache Shiro
    • Java EE 7
    • Payara Server
    • NetBeans IDE
  • The Tutorial
    • Step 1: The project
    • Step 2: JPA entities
    • Step 3: Apache Shiro prime view
    • Step 4: Shiro: Getting serious
    • Step 5: Exposing Shiro operations as REST services 
  • What’s Next?
    • How to consume Shiro’s web services
    • What can you add to the implementation? 
    • Recommendations
  • Do It Now!
    • Additional reading