Apache Shiro is a Java security framework that performs authentication, authorization, cryptography, and session management. With Shiro’s API, you can secure any application – from the smallest mobile applications to the largest web and enterprise applications.
Authentication – Support logins across one or more pluggable data sources (LDAP, JDBC, ActiveDirectory, etc).
Authorization – Perform access control based on roles or fine-grained permissions, also using pluggable data sources.
Cryptography – Secure data with the easiest possible Cryptography APIs available, giving you power and simplicity beyond what Java provides by default.
Session Management – Use sessions in any environment, even outside web or EJB containers. Easily cluster sessions in large scale applications.
Web Integration – Save development time with innovative approaches that easily handle web-specific security out-of-the-box.