Apache Shiro basics
Shiro is a project with a long history—it started life as JSecurity back in 2003 when there were really few options for Java security. It provides four main pieces of functionality:
Authentication
Authorization
Cryptography
Session management
We'll be using the authentication part (determining who the user is) and the authorization part (determining what the user can do). For the purposes of this book, we will not be using the cryptography (encrypting and decrypting data) or the session management (we rely on standard JSF and ADF functionality for our session data).
Getting the software
You can download the Shiro software from http://shiro.apache.org. You'll want the Latest Stable Release, Binary Distribution. Download the shiro-core and shiro-web JAR files.
Because you don't want your application to depend on a directory outside the application structure, create a directory called extjars in the application directory and place your JAR files there.
The Shiro code uses Simple...
