Security for Java Web Applications Using Apache Shiro
Ochoa, Javier (2014)
Lataukset:
Metropolia Ammattikorkeakoulu
2014
All rights reserved
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-2014120217892
https://urn.fi/URN:NBN:fi:amk-2014120217892
Tiivistelmä
Web applications have become a necessity to almost any organization worldwide, but these applications can considerably weak the corporation’s security network since they may be turned into security breaches by people with malicious intentions, causing damage to finances and to a company’s reputation.
Apache Shiro is a Java security framework built as a solution for developers to easily integrate security features such as authentication, authorization, cryptography, and session management, on any type of Java application. Its main objective is to reduce the complexity regarding to the management of an application’s security.
This study examined the integration and usability of Apache Shiro as a security framework for Java applications and it reached for an understanding of the framework where custom behavior was needed, instead of sensible defaults.
As practical work, a prototype was created to supply a security solution for a Java web application. The goal was to provide user management features requested, such as user role control access and the possibility of authentication through the use of user data stored within a rational database.
Besides the prototype being a success, this study has helped to gain a wider view of security and user management within Java web applications and further study will be placed to accomplish more reliable and secure applications.
Apache Shiro is a Java security framework built as a solution for developers to easily integrate security features such as authentication, authorization, cryptography, and session management, on any type of Java application. Its main objective is to reduce the complexity regarding to the management of an application’s security.
This study examined the integration and usability of Apache Shiro as a security framework for Java applications and it reached for an understanding of the framework where custom behavior was needed, instead of sensible defaults.
As practical work, a prototype was created to supply a security solution for a Java web application. The goal was to provide user management features requested, such as user role control access and the possibility of authentication through the use of user data stored within a rational database.
Besides the prototype being a success, this study has helped to gain a wider view of security and user management within Java web applications and further study will be placed to accomplish more reliable and secure applications.