Java Authentication and Authorization with Apache Shiro

An airhacks.fm conversation with Benjamin Marwell (@bmarwell) about: Recent airhacks.fm episode with Ben: "#180 Trombones, Java, Large Scale WebSphere Liberty Deployments and 50.000 JVMs in Production" security library and authentication and authorization framework, using Apache Shiro for CLI applications, the Apache Shiro security manager, the Shiro realm is the source of information for login credentials validation, the "hello, world" Shiro application requires a single dependency, WebListener is used for authentication, the killer use cases of Apache Shiro are permissions, a role comprises multiple permissions, wildcard permissions are a colon-separated list, comparing Shiro to AWS permissions, Sonatype Nexus is using Shiro, using multiple realms at the same time with Apache Shiro and realm chaining, Shiro means Castle in Japanese, realms in Shiro and Jakarta EE, Apache Shiro Jakarta EE integration, Shiro is easier to use than JAAS or jaspic, Stormpath was started by Apache Shiro committers, MicroProfile secret injection with Apache Shiro, Jakarta Security Compatible Implementation: Soteria, Benjamin Marwell on twitter: @bmarwell, Benjamin's blog: https://blog.bmarwell.de