Apache Shiro
Simple yet powerful security
Security framework for authentication, authorization, and session management.
Installation
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>1.13.0</version>
</dependency>implementation 'org.apache.shiro:shiro-core:1.13.0'libraryDependencies += "org.apache.shiro" % "shiro-core" % "1.13.0"Key Features
- Authentication with multiple providers (OAuth2, LDAP, JDBC)
- Role-based and permission-based authorization
- Protection against CSRF, session fixation, and clickjacking
- Seamless integration with Spring Boot and Spring MVC
- Customizable security filters and handlers
Version History
6.2.1 (latest)
6.2.0
6.1.5
6.1.4
6.0.8
5.8.9
5.7.11
Frequently Asked Questions
How do I add basic authentication?
Add the dependency and Spring Boot auto-configures it. Use @EnableWebSecurity and configure HttpSecurity in a SecurityFilterChain bean.
Is it compatible with Spring Boot 3?
Yes, version 6.x is designed for Spring Boot 3 and requires Java 17+. Use 5.x for older Spring Boot versions.
How to handle JWT authentication?
Use spring-security-oauth2-resource-server for JWT validation. Configure it as a resource server in your security config.
Common error: 403 Forbidden on POST?
Usually a CSRF protection issue. Either include CSRF token in forms or disable CSRF for stateless APIs using http.csrf().disable().