Here are some articles written by and for members of the Apache Shiro community. Please post any errata to the user or dev mailing lists.
New to Shiro? Here are some great introductory articles:
- Application Security with Apache Shiro InfoQ article by Les Hazlewood, Apache Shiro PMC Chair.
- Apache Shiro Beginner's Webapp Tutorial: a step-by-step tutorial to enable Shiro in a web application on 19 November 2013 by Les Hazlewood
- What's new in Apache Shiro 1.2 on 13 March 2012 by Les Hazlewood.
- Introducing Apache Shiro by Nathan Good on IBM DeveloperWorks, 14 September 2010.
- An Introduction to Shiro (formerly JSecurity/Ki) - A Beginner's Tutorial by Bruce Phillips:
Once you've gotten your feet wet, you might find these useful too:
- How to Integrate Apache Shiro with JavaEE6 by czetsuya on 11 October 2012.
- Custom Apache Shiro JDBC Realm by Mehmet Celiksoy
- Spring MVC + Shiro + myBatis + JSR-303 Validation by Rob Hines et. al. on 2 April 2012.
- Securing ZK Applications with Apache Shiro by Ashish Dasnurkar on 6 March 2012.
- Apache Shiro - a blog series by Meri
- The New RBAC: Resource-Based Access Control by Les Hazlewood on 9 May 2011
- Securing Vaadin Applications with Apache Shiro by Eduard Neuwirt on 22 April 2011.
- HTTP Authentication and Security with Apache Shiro blog article by yamsellem on 18 April 2011.
- Using Shiro for Authorization via CDI Interceptors then Easily Test with Arquillian blog article by Hendy Irawan on 16 April 2011.
- Apache Shiro Support for Mule by Dan Diephouse on 10 January 2011.
- Apache Shiro on Google AppEngine by Trung on 13 December 2010.
- Apache Shiro tags for JSF - Securing Your JSF Pages by Deluan Quintão on 1 November 2010.