Spring security vs Apache Shiro

spring apache security spring-security shiro
Java SE picture Java SE · Jul 16, 2012 · Viewed 35.3k times · Source

What I have researched so far most people are saying Apache Shiro is easy to use and easy to integrate with CAS (for SSO etc). Just to ask if anyone has experience using both of them and which one to use and why one is better than other?

Answer

Les Hazlewood picture Les Hazlewood · Jul 24, 2012

Many of the Shiro developers use Spring for their applications, so Shiro works beautifully in Spring environments. The general feedback we've received thus far is that Shiro is also far easier to understand (for most people) than Spring Security.

If you want full Session clustering support across any web container however, only Shiro will support this easily. Shiro's crypto is also very simple/easy to use.

Choose which fits your mental model best - both will work great in Spring environments.

Related questions

Spring 4.0.0 basic authentication with RestTemplate

I am currently working on integration of a third party application with our local reporting system. I would like to implement REST calls with basic authentication but facing issues in Spring 4.0.0. I have a simple solution what works nicely: final …

Read More
Can not find the tag library descriptor for "http://tiles.apache.org/tags-tiles"

I am creating an application using Tiles, Spring and Hibernate. When when running, it is showing following error: Can not find the tag library descriptor for "http://tiles.apache.org/tags-tiles" All the jars are included and mapping is also …

Read More
Spring Integration or Apache HTTP Client

I have a spring application which requires to call REST based external API calls for some data. The data format from the API is JSON. My question is which one of the following options is better and light weight to …

Read More