Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ


Choose your language

InfoQ Homepage Guides Pairing Apache Shiro and Java EE 7

Pairing Apache Shiro and Java EE 7


When securing systems, two elements of security are important: authentication and authorization. Though the two terms mean different things, they are sometimes used interchangeably because of their respective roles in application security.

Get started with the fundamentals of web authentication and authorization using Apache Shiro Framework.

Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management.

Learn how to use Shiro in a JavaEE7 application and how to use it in a web application.

This book will help you find out what Shiro actually is, and will help you to secure your Java EE project from scratch and to understand the security philosophy.

You will learn the big picture and how to set up Apache Shiro, which will give you a better understanding of the fundamentals of the framework. You will be introduced to the authentication and authorization flows and the different possible models of security.

You will get everything you need to start with Shiro immediately with just essential information.

Free download

Table of contents

  • Preface
    • What is in an InfoQ mini-book?
    • Who this book is for 
    • What you need for this book
    • Conventions
    • Reader feedback
  • Introduction
    • Personal case
    • Professional experience
    • Motivation for writing this tutorial 
  • The Shiro Philosophy
    • What is Shiro?
    • Plan of the castle
    • Why not JAAS or Spring Security ?
  • Sample Technology Stack
    • Technologies
    • Apache Shiro
    • Java EE 7
    • Payara Server
    • NetBeans IDE
  • The Tutorial
    • Step 1: The project
    • Step 2: JPA entities
    • Step 3: Apache Shiro prime view
    • Step 4: Shiro: Getting serious
    • Step 5: Exposing Shiro operations as REST services 
  • What’s Next?
    • How to consume Shiro’s web services
    • What can you add to the implementation? 
    • Recommendations
  • Do It Now!
    • Additional reading