Securing Spring Boot API using Apache Shiro
The purpose of this story is to explain how to secure a Spring Boot API using the Apache Shiro security framework.
What is Apache Shiro?
Apache Shiro is a powerful and flexible open-source security framework that cleanly handles authentication, authorization, enterprise session management and cryptography.
Apache Shiro’s first and foremost goal is to be easy to use and understand. Security can be very complex at times, even painful, but it doesn’t have to be. A framework should mask complexities where possible and expose a clean and intuitive API that simplifies the developer’s effort to make their application(s) secure. — https://shiro.apache.org/introduction.html
Why use Apache Shiro?
It is open source and free to use. Apache Shiro is a comprehensive application security framework with many features.
Shiro targets what the Shiro development team calls “the four cornerstones of application security” — Authentication, Authorization, Session Management, and Cryptography:
- Authentication: Sometimes referred to as ‘login’, this…