Java SIG: Securing Applications with Apache Shiro



  • Abstract: Apache Shiro is a flexible open-source application security framework that cleanly handles four cornerstones of application security: authentication, authorization, enterprise session management and cryptography. In this presentation, we'll cover:

    -why you might want to use Shiro instead of alternatives like JAAS or Spring Security
    -the core architectural concepts of the framework
    -how to enable all four cornerstones for any application (standalone, mobile phone, web based, etc)
    -an overview of Shiro's innovative web support module and security filtering capabilities
    _a short Shiro-based application demo

    Speaker's Bio: Les Hazlewood ( is a founder and project lead for Apache Shiro and also the co-founder and CTO of Katasoft, an application security start-up. Prior to forming Katasoft, he was senior web architect at Bloomberg. Before that, he was an architect consultant for large-scale distributed systems at Delta Airlines and former CTO of a mid-size software engineering firm supporting educational and government agencies. Les has been actively involved in Open Source development for more than 8 years, committing or contributing to to projects like the Spring Framework, JBoss, OpenSpaces, and of course JSecurity, Apache Shiro's long-time predecessor. Les currently lives in Pacifica, CA and practices Kendo and studies Japanese when he's not programming.


    6:45-7:00 Doors open. Networking. Pizza.

    7:00-9:00 Presentations