What is a good security framework or API? [closed]

Question

Is there a framework to be used when you build an application with security? (Preferably in Java.)

Answer 1

Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management. With Shiro’s easy-to-understand API, you can quickly and easily secure any application – from the smallest mobile applications to the largest web and enterprise applications. :http://shiro.apache.org/

jGuard is written in Java. Its goal is to provide a security framework based on JAAS (Java authentication and authorization security). This framework is written for web and standalone applications, to resolve simply, access control problems: http://sourceforge.net/projects/jguard/

The Bouncy Castle, we believe in encryption. That's something that's near and dear to our hearts. We believe so strongly in encryption, that we've gone to the effort to provide something for everybody, and we've now been doing it for over 10 years: http://www.jasypt.org/

Answer 2

Apache Shiro is probably the most feature-rich open-source security framework for Java when you take into account not just authentication and authorization (which it does extremely well), but also things like robust clusterable (and container independent) sessions and its simplification of cryptography.

It also works in any Java application, not just Spring applications, but it has great Spring integration out of the box. The documentation is really good and the API documentation is excellent by open-source standards. The user community is also extremely helpful.

But probably better than anything else: it is super easy to understand and use. Security APIs can be cumbersome and tricky to learn - Shiro probably has the cleanest and easiest to understand API out there.