Here are some articles written by and for members of the Apache Shiro community. Please post any errata to the user or dev mailing lists.
New to Shiro? Here are some great introductory articles:
Application Security with Apache Shiro InfoQ article by Les Hazlewood, Apache Shiro PMC Chair.
Apache Shiro Beginner’s Webapp Tutorial: a step-by-step tutorial to enable Shiro in a web application on 19 November 2013 by Les Hazlewood
What’s new in Apache Shiro 1.2 on 13 March 2012 by Les Hazlewood.
Introducing Apache Shiro by Nathan Good on IBM DeveloperWorks, 14 September 2010 [archive.org].
An Introduction to Shiro (formerly JSecurity/Ki) - A Beginner’s Tutorial by Bruce Phillips:
Once you’ve gotten your feet wet, you might find these useful too:
How to use Shiro with JDBC on JavaEE and Glassfish by czetsuya from October 2012.
Custom Apache Shiro JDBC Realm by Mehmet Celiksoy
Securing ZK Applications with Apache Shiro by Ashish Dasnurkar on 6 March 2012.
Facebook Login with Apache Shiro by Mike Warren on 28 November 2011
Apache Shiro - a blog series by Meri
The New RBAC: Resource-Based Access Control by Les Hazlewood on 9 May 2011
HTTP Authentication and Security with Apache Shiro blog article by yamsellem on 18 April 2011.
Using Shiro for Authorization via CDI Interceptors then Easily Test with Arquillian blog article by Hendy Irawan on 16 April 2011.
Apache Shiro Support for Mule by Dan Diephouse on 10 January 2011.
Apache Shiro tags for JSF - Securing Your JSF Pages by Deluan Quintão on 1 November 2010.