Fork me on GitHub

Apache Shiro Authorization Features

Authorization, also called access control, is the process of determining access rights to resources in an application. In other words, determining “who has access to what.” Authorization is used to answer security questions like, “is the user allowed to edit accounts”, “is this user allowed to view this web page”, “does this user have access to this button?” These are all decisions determining what a user has access to and therefore all represent authorization checks.

Authorization is a critical element of any application but it can quickly become very complex. Shiro’s goal is to eliminate much of the complexity around authorization so that you can more easily build secure software. Below is a highlight of the Shiro authorization features.

Features

Related Content

Java Authorization Guide

Learn how Shiro handles access control in Java.
Read More >>

Authorization Docs

Full documentation on Apache Shiro's Authorization functionality.
Read More >>

Getting Started

Resources, guides and tutorials for new Shiro users.
Read More >>

Web App Tutorial

Step-by-step tutorial for securing a web application with Shiro.
Read More >>