Pairing Apache Shiro and Java EE 7

| by Nebrass Lamouchi Follow 1 Followers on May 30, 2016

About the Author

​Nebrass Lamouchi is a Java Developer & an OWASP Project Leader. He lives and works in Paris. He is a Java technology enthusiast, trainer and speaker. Recently, Nebrass joined the NetBeans Dream Team. He is the co-founder of the NetBeans Day France. He has been working on many projects, in many sectors, including Business Management, Petroleum, Banking, Medical & healthcare and Defence & Space. He holds an M.Sc in Information Systems Security from ISG Tunis, Tunisia. His twitter account.


When securing systems, two elements of security are important: authentication and authorization. Though the two terms mean different things, they are sometimes used interchangeably because of their respective roles in application security.

Get started with the fundamentals of web authentication and authorization using Apache Shiro Framework.

Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management.

Learn how to use Shiro in a JavaEE7 application and how to use it in a web application.

This book will help you find out what Shiro actually is, and will help you to secure your Java EE project from scratch and to understand the security philosophy.

You will learn the big picture and how to set up Apache Shiro, which will give you a better understanding of the fundamentals of the framework. You will be introduced to the authentication and authorization flows and the different possible models of security.

You will get everything you need to start with Shiro immediately with just essential information.

Free download

Table of contents

  • Preface
    • What is in an InfoQ mini-book?
    • Who this book is for 
    • What you need for this book
    • Conventions
    • Reader feedback
  • Introduction
    • Personal case
    • Professional experience
    • Motivation for writing this tutorial 
  • The Shiro Philosophy
    • What is Shiro?
    • Plan of the castle
    • Why not JAAS or Spring Security ?
  • Sample Technology Stack
    • Technologies
    • Apache Shiro
    • Java EE 7
    • Payara Server
    • NetBeans IDE
  • The Tutorial
    • Step 1: The project
    • Step 2: JPA entities
    • Step 3: Apache Shiro prime view
    • Step 4: Shiro: Getting serious
    • Step 5: Exposing Shiro operations as REST services 
  • What’s Next?
    • How to consume Shiro’s web services
    • What can you add to the implementation? 
    • Recommendations
  • Do It Now!
    • Additional reading

Login to InfoQ to interact with what matters most to you.

Recover your password...


Follow your favorite topics and editors

Quick overview of most important highlights in the industry and on the site.


More signal, less noise

Build your own feed by choosing topics you want to read about and editors you want to hear from.


Stay up-to-date

Set up your notifications and don't miss out on content that matters to you