src/site/content/features.adoc - shiro-site - Git at Google

 = Apache Shiro Features Overview
 :jbake-date: 2010-03-18 00:00:00
 :jbake-type: page
 :jbake-status: published
 :jbake-tags: documentation, overview, features
 :idprefix:
 :icons: font

 Apache Shiro aims to be the most comprehensive, but also the easiest to use Java security framework available. Here are some of the frameworks finer points:

 * The easiest to understand Java Security API anywhere. Class and Interface names are intuitive and _make sense_. Anything is pluggable but good defaults exist for everything.

 * Support link:authentication-features.html[authentication] ('logins') across one or more pluggable data sources (LDAP, JDBC, ActiveDirectory, etc).

 * Perform link:authorization-features.html[authorization] ('access control') based on roles or fine-grained link:permissions.html[permissions], also using pluggable data sources.

 * First-class link:caching.html[caching] support for enhanced application performance.

 * Built-in POJO-based Enterprise link:session-management-features.html[Session Management]. Use in both web and non-web environments or in any environment where Single Sign On (SSO) or clustered or distributed sessions are desired.

 * _Heterogeneous_ client session access. You are no longer forced to use only the <tt>httpSession</tt> or Stateful Session Beans, which often unnecessarily tie applications to specific environments. Flash applets, C# applications, Java Web Start, and Web Applications, etc. can now all share session state regardless of deployment environment.

 * Simple Single Sign-On (SSO) support piggybacking the above Enterprise Session Management. If sessions are federated across multiple applications, the user's authentication state can be shared too. Log in once to any application and the others all recognize that log-in.

 * Secure data with the easiest possible link:cryptography-features.html[Cryptography] APIs available, giving you power and simplicity beyond what Java provides by default for ciphers and hashes.

 * An incredibly robust yet _low-configuration_ web framework that can secure any url or resource, automatically handle logins and logouts, perform Remember Me services, and more.

 * Extremely low number of required dependencies. Standalone configuration requires only <tt>slf4j-api.jar</tt> and one of slf4j's binding .jars. Web configuration additionally requires <tt>commons-beanutils-core.jar</tt>. Feature-based dependencies (Ehcache caching, Quartz-based Session validation, Spring dependency injection, etc.) can be added when needed.

 == Want more information on what Shiro can do?

 Check out the specific features for each of Shiro's major components: link:authentication-features.html[Authentication], link:authorization-features.html[Authorization], link:session-management-features.html[Session Management], and link:cryptography-features.html[Cryptography].

 == Get Started in 10 Minutes with Shiro

 Try out Shiro for yourself with our link:10-minute-tutorial.html[10 Minute Tutorial]. And if you have any questions about Shiro, please check out our link:forums.html[community forum] or link:mailing-lists.html[user mailing list] for answers from the community.
	= Apache Shiro Features Overview
	:jbake-date: 2010-03-18 00:00:00
	:jbake-type: page
	:jbake-status: published
	:jbake-tags: documentation, overview, features
	:idprefix:
	:icons: font

	Apache Shiro aims to be the most comprehensive, but also the easiest to use Java security framework available. Here are some of the frameworks finer points:

	* The easiest to understand Java Security API anywhere. Class and Interface names are intuitive and _make sense_. Anything is pluggable but good defaults exist for everything.

	* Support link:authentication-features.html[authentication] ('logins') across one or more pluggable data sources (LDAP, JDBC, ActiveDirectory, etc).

	* Perform link:authorization-features.html[authorization] ('access control') based on roles or fine-grained link:permissions.html[permissions], also using pluggable data sources.

	* First-class link:caching.html[caching] support for enhanced application performance.

	* Built-in POJO-based Enterprise link:session-management-features.html[Session Management]. Use in both web and non-web environments or in any environment where Single Sign On (SSO) or clustered or distributed sessions are desired.

	* _Heterogeneous_ client session access. You are no longer forced to use only the <tt>httpSession</tt> or Stateful Session Beans, which often unnecessarily tie applications to specific environments. Flash applets, C# applications, Java Web Start, and Web Applications, etc. can now all share session state regardless of deployment environment.

	* Simple Single Sign-On (SSO) support piggybacking the above Enterprise Session Management. If sessions are federated across multiple applications, the user's authentication state can be shared too. Log in once to any application and the others all recognize that log-in.

	* Secure data with the easiest possible link:cryptography-features.html[Cryptography] APIs available, giving you power and simplicity beyond what Java provides by default for ciphers and hashes.

	* An incredibly robust yet _low-configuration_ web framework that can secure any url or resource, automatically handle logins and logouts, perform Remember Me services, and more.

	* Extremely low number of required dependencies. Standalone configuration requires only <tt>slf4j-api.jar</tt> and one of slf4j's binding .jars. Web configuration additionally requires <tt>commons-beanutils-core.jar</tt>. Feature-based dependencies (Ehcache caching, Quartz-based Session validation, Spring dependency injection, etc.) can be added when needed.

	== Want more information on what Shiro can do?

	Check out the specific features for each of Shiro's major components: link:authentication-features.html[Authentication], link:authorization-features.html[Authorization], link:session-management-features.html[Session Management], and link:cryptography-features.html[Cryptography].

	== Get Started in 10 Minutes with Shiro

	Try out Shiro for yourself with our link:10-minute-tutorial.html[10 Minute Tutorial]. And if you have any questions about Shiro, please check out our link:forums.html[community forum] or link:mailing-lists.html[user mailing list] for answers from the community.