Third-party Solution

Get a brief introduction to Apache Shiro Java security framework with a coding example.

We'll cover the following

Overview

In the lesson "Standards Basic Method," we learned how to configure and use the Basic authenticationIn Basic Authentication, username and password are provided when requesting an HTTP user agent. When we work with Basic Authentication, users include an encoded string in each request’s Authorization header. The request’s recipient uses the string to verify the user’s identity and rights to access a resource. method.

We always need to do some configuration on the server-side to define the authentication and authorization aspects. We can implement and configure the Security API within the application without making any changes to the runtime. Some runtime-specific configurations are necessary before introducing the Security API specification. That’s why many projects use the Apache Shiro solution.

Apache Shiro

Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management. It can be used to secure any application and requires Servlet Specification to be available in the runtime. Many projects still use this framework as they have not migrated to the Jakarta EE standard yet. In the following example, Apache Shiro is not integrated within the specifications but is an addition on top of it.

Create the project

The following example builds on top of the servlet specification, which is the only requirement for using Apache Shiro in a web application. For this reason, we can use the same pom.xml file we used in the previous lessons.

  • If you want to work within the Educative platform, simply use the project we’ve created at the end of this lesson. If you choose to work locally, you will need to create a Maven project shiro as described in "Introduction to Basic Authentication."

Add Maven dependencies

Get hands-on with 1200+ tech skills courses.