UPDATE There is now a JSF 2.0 version of this library available in the
First, a small introduction. You can skip it and go straight to the
source code, if you want.
I started working with Apache Shiro when it was still called JSecurity, and I have to
say that it really rocks! I tried to use Spring Security (Acegi) in some projects, but the easiness and lean approach
of Shiro is unbeatable. For a quick introduction, here’s a quote from the project’s site:
Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management.
With Shiro’s easy-to-understand API, you can quickly and easily secure any application – from the smallest mobile applications to the largest web and enterprise applications.