Fork me on GitHub

Simple. Java. Security.

Related Content

Java Authentication Guide

Learn how Authentication in Java is performed in Shiro.
Read More >>

Authentication Docs

Full documentation on Shiro's Authentication functionality.
Read More >>

Getting Started

Resources, guides and tutorials for new Shiro users.
Read More >>

Web App Tutorial

Step-by-step tutorial for securing a web application with Shiro.
Read More >>

Apache Shiro Authorization Features

Authorization, also called access control, is the process of determining access rights to resources in an application. In other words, determining “who has access to what.” Authorization is used to answer security questions like, “is the user allowed to edit accounts”, “is this user allowed to view this web page”, “does this user have access to this button?” These are all decisions determining what a user has access to and therefore all represent authorization checks.

Authorization is a critical element of any application but it can quickly become very complex. Shiro’s goal is to eliminate much of the complexity around authorization so that you can more easily build secure software. Below is a highlight of the Shiro authorization features.

Features