Apache Shiro

What do you like best?

It is really easy to integrate. Very widely used security framework, which makes it reliable. You can understand how to implement without too much effort. We used it for authentication and authorization of API requests, which did a nice job. And some implementations are highly customizable.

What do you dislike?

Before using Shiro I had done some research, I compared Shiro and 2 other popular security frameworks. One point Shiro was behind was code quality. Their code quality was not as good as other candidates. And the iterations are not so fast, they are still developing but I guess with limited resource.

Recommendations to others considering the product:

If you need a fast implementation of security layer, Apache Shiro can be a very good solution. A mid level developer can handle the development quite good. Of course you need to consider your business and tech needs. For example there can be more suitable frameworks which can fit into your tech stack, maybe offer some extra features.

What problems are you solving with the product? What benefits have you realized?

We integrated our platform login with LDAP. I used Apache Shiro there, it was easy and convenient.

Also we implemented API requests auth operations with Apache Shiro.

We had very strict deadlines, integrating with Shiro earned us some time. It was good to solve auth features quick and nice. We also had to customize some interfaces of the framework, it was also doable, we were successfully able to add our logic on authentication.

Shiro supports resource based access control, which is cool, instead of role check we are able to check if action is permitted or not.