You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@shiro.apache.org by chirnag <na...@gmail.com> on 2012/11/04 06:54:41 UTC

Shiro comparision with Tomcat realms

My web apps run on Tomcat.

Now I want to add security features to those.
I am looking for
- Authentication
- Single sign on
- Authorization

I am exploring Shiro Vs Tomcat security.
It looks like Shiro and Tomcat works on similar lines - realms,
authorization etc.

Is there any significant difference between the features offered by these
two solutions? I am further puzzled because both are from Apache.

Thanks,
Nag



--
View this message in context: http://shiro-developer.582600.n2.nabble.com/Shiro-comparision-with-Tomcat-realms-tp7577721.html
Sent from the Shiro Developer mailing list archive at Nabble.com.

Re: Shiro comparision with Tomcat realms

Posted by Les Hazlewood <lh...@apache.org>.

Hi Nag,

Tomcat Realms and Shiro Realms are similar at a high level, but the differ
enough in their implementations that they are not interchangeable.

Shiro was designed from the ground up to be a security framework that works
in any application environment.  Tomcat is a servlet container.  The two
projects have very different core goals, and this is why you see two
different implementations of a similar concept.

Also, Apache projects are managed independently of one another - there is
no guarantee or mandate that requires one project to use another.  Of
course, projects often help each other out with code contributions and
ideas, but this is done as friendly discourse - not something that is
required.

Of course (although we are biased), our recommendation is to use Apache
Shiro for your security needs because it is portable - if you use Tomcat
one day and then decide to use Jetty or Glassfish or anything else another
day, Shiro will still work.  Tomcat Realm concepts are specific to Tomcat
and only Tomcat.

HTH,

--
Les Hazlewood | @lhazlewood
CTO, Stormpath | http://stormpath.com | @goStormpath | 888.391.5282
Stormpath wins GigaOM Structure Launchpad Award! http://bit.ly/MvZkMk

On Sat, Nov 3, 2012 at 10:54 PM, chirnag <na...@gmail.com>wrote:

> My web apps run on Tomcat.
>
> Now I want to add security features to those.
> I am looking for
> - Authentication
> - Single sign on
> - Authorization
>
> I am exploring Shiro Vs Tomcat security.
> It looks like Shiro and Tomcat works on similar lines - realms,
> authorization etc.
>
> Is there any significant difference between the features offered by these
> two solutions? I am further puzzled because both are from Apache.
>
> Thanks,
> Nag
>
>
>
> --
> View this message in context:
> http://shiro-developer.582600.n2.nabble.com/Shiro-comparision-with-Tomcat-realms-tp7577721.html
> Sent from the Shiro Developer mailing list archive at Nabble.com.
>