Apache Shiro: Java security framework

Apache Shiro is a Java security framework that performs authentication, authorization, cryptography, and session management. With Shiro’s API, you can secure any application – from the smallest mobile applications to the largest web and enterprise applications.

Major features:

Authentication – Support logins across one or more pluggable data sources (LDAP, JDBC, ActiveDirectory, etc).

Authorization – Perform access control based on roles or fine-grained permissions, also using pluggable data sources.

Cryptography – Secure data with the easiest possible Cryptography APIs available, giving you power and simplicity beyond what Java provides by default.

Session Management – Use sessions in any environment, even outside web or EJB containers. Easily cluster sessions in large scale applications.

Web Integration – Save development time with innovative approaches that easily handle web-specific security out-of-the-box.