Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Spring security vs Apache Shiro [duplicate]

Tags:

security

spring

apache

spring-security

shiro

What I have researched so far most people are saying Apache Shiro is easy to use and easy to integrate with CAS (for SSO etc). Just to ask if anyone has experience using both of them and which one to use and why one is better than other?

like image 317
Java SE Avatar asked Jul 16 '12 08:07

Java SE

People also ask

Is Apache Shiro good?

Apache Shiro is a fantastic utility for managing my security measures in Java framework of my organization. It can effectively implement user authentication, server-end encryption, and client session management through its excellent API features.

What is the advantage of Spring Security?

Advantages of Spring Security Configuration support to Java Programming Language. Portable. Comprehensive support to tasks like authorization and authentication. Servlet API integration.

How does Apache Shiro work?

In Apache Shiro's terminology, a Realm is a DAO that points to a store of user credentials needed for authentication and authorization. To create a realm, we only need to implement the Realm interface. That can be tedious; however, the framework comes with default implementations that we can subclass from.

What is Spring Security in Java?

Spring Security is a powerful and highly customizable authentication and access-control framework. It is the de-facto standard for securing Spring-based applications. Spring Security is a framework that focuses on providing both authentication and authorization to Java applications.

2 Answers

Many of the Shiro developers use Spring for their applications, so Shiro works beautifully in Spring environments. The general feedback we've received thus far is that Shiro is also far easier to understand (for most people) than Spring Security.

If you want full Session clustering support across any web container however, only Shiro will support this easily. Shiro's crypto is also very simple/easy to use.

Choose which fits your mental model best - both will work great in Spring environments.

like image 197
Les Hazlewood Avatar answered Sep 21 '22 03:09

Les Hazlewood

I have recently had to evaluate both shiro and spring security. We went with spring security (in fact we extended spring security to use the shiro permission strings in a better way - with instance variables on annoations).

Spring Security

  • under active development.
  • has much more community support.
  • Spring security has extensions providing support for both Oauth and kerberos and SAML.

Shiro

  • Does not support saml or Oauth.
  • Makes no mention of supporting before and after security policies.
  • Active development seems limited, the website still contains erroneous information.
like image 33
NimChimpsky Avatar answered Sep 23 '22 03:09

NimChimpsky
Sign in to Comment

Related questions

Get Spring Security Principal in JSP EL expression
RestTemplate PATCH request
How to set 'Content-Disposition' and 'Filename' when using FileSystemResource to force a file download file?
Spring MVC - HttpMediaTypeNotAcceptableException
Spring Boot project shows the Login page
Spring boot ddl auto generator
Failed to auto-configure a DataSource: 'spring.datasource.url' is not specified
How to add multiple application.properties files in spring-boot?
Struts2 vs Spring 3 [closed]
spring autowired aop circular dependency
What is a Spring "stereotype"?
Hot swapping in Spring Boot
How to autowire field in static @BeforeClass?
Java Spring bean with private constructor
MultipartException: Current request is not a multipart request
Spring REST - create .zip file and send it to the client
Performance impact of using aop
Could not open ServletContext resource [/WEB-INF/applicationContext.xml]
How to consume Page<Entity> response using Spring RestTemplate
Update or SaveorUpdate in CRUDRespository, Is there any options available

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!