Welcome to Apache Shiro

Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management. With Shiro’s easy-to-understand API, you can quickly and easily secure any application – from the smallest mobile applications to the largest web and enterprise applications.


Support logins across one or more pluggable data soucres (LDAP, JDBC, Active Directory...

Read More >>>


Perform access control based on roles or fine grained permissions, also using plug...

Read More >>>


Secure data with the easiest possible Cryptography API’s available, giving you...

Read More >>>

Session Management

Use sessions in any environment, even outside web or EJB containers. Easily...

Read More >>>

Web Integration

Save development time with innovative approaches that easily handle web specific...

Read More >>>


API’s giving you power and simplicty beyond what Java provides by default...

Read More >>>

Getting Started

Popular Guides

Java Authentication Guide

Learn how Shiro securely verifies identities.

Read More >>>

Java Authorization Guide

Learn how Shiro handles permissions, roles and users.

Read More >>>

Web App Tutorial

Step-by-step tutorial for securing a web application with Apache Shiro.

Read More >>>

Communities Using Shiro