Advanced Shiro
Naturally, we don't want the user to be subjected to an old-fashioned browser login prompt— we want to present the user with a nice login page that matches the rest of the application. For that purpose, we need form-based authentication.
Additionally, we don't want our users stored in a configuration file. We could store them in an LDAP server, but that's another moving part. So, to keep it simple, we will use database tables in our existing Sakila connection to store our users, roles, and permissions.
There are quite a few elements and arcane Shiro incantations required to make the whole thing work. This chapter cannot describe everything in detail—refer to the Shiro documentation and the following two blog posts for more information:
http://balusc.blogspot.sg/2013/01/apache-shiro-is-it-ready-for-java-ee-6.html (by Bauke Scholtz)
http://www.jobinesh.com/2013/02/securing-your-adf-applications-using.html (by Jobinesh Purushothaman)
User database
Users and roles belong to realms...
