Securing Spring Boot API using Apache Shiro

Eric Anicet
3 min readFeb 21, 2022

The purpose of this story is to explain how to secure a Spring Boot API using the Apache Shiro security framework.

What is Apache Shiro?

Apache Shiro is a powerful and flexible open-source security framework that cleanly handles authentication, authorization, enterprise session management and cryptography.

Apache Shiro’s first and foremost goal is to be easy to use and understand. Security can be very complex at times, even painful, but it doesn’t have to be. A framework should mask complexities where possible and expose a clean and intuitive API that simplifies the developer’s effort to make their application(s) secure. — https://shiro.apache.org/introduction.html

Why use Apache Shiro?

It is open source and free to use. Apache Shiro is a comprehensive application security framework with many features.

Apache Shiro Features

Shiro targets what the Shiro development team calls “the four cornerstones of application security” — Authentication, Authorization, Session Management, and Cryptography:

  • Authentication: Sometimes referred to as ‘login’, this…

--

--