What is a good security framework or API? [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers. 开发者_高级运维

---

We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.

Closed 7 years ago.

Improve this question

Is there a framework to be used when you build an application with security? (Preferably in Java.)

---

Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management. With Shiro’s easy-to-understand API, you can quickly and easily secure any application – from the smallest mobile applications to the largest web and enterprise applications. :http://shiro.apache.org/

jGuard is written in Java. Its goal is to provide a security framework based on JAAS (Java authentication and authorization security). This framework is written for web and standalone applications, to resolve simply, access control problems: http://sourceforge.net/projects/jguard/

The Bouncy Castle, we believe in encryption. That's something that's near and dear to our hearts. We believe so strongly in encryption, that we've gone to the effort to provide something for everybody, and we've now been doing it for over 10 years: http://www.jasypt.org/

---

Apache Shiro is probably the most feature-rich open-source security framework for Java when you take into account not just authentication and authorization (which it does extremely well), but also things like robust clusterable (and container independent) sessions and its simplification of cryptography.

It also works in any Java application, not just Spring applications, but it has great Spring integration out of the box. The documentation is really good and the API documentation is excellent by open-source standards. The user community is also extremely helpful.

But probably better than anything else: it is super easy to understand and use. Security APIs can be cumbersome and tricky to learn - Shiro probably has the cleanest and easiest to understand API out there.

---

Spring Security - http://static.springsource.org/spring-security/site/ - offers pretty much everything you can think of and works perfectly if you're already using Spring for IOC (inversion of control).