jjwt
Apache Shiro
Our great sponsors
jjwt | Apache Shiro | |
---|---|---|
4 | 4 | |
9,847 | 4,257 | |
1.4% | 0.5% | |
8.3 | 9.5 | |
1 day ago | 1 day ago | |
Java | Java | |
Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
jjwt
- Java JWT: JSON Web Token for Java and Android
-
A simple to use Java 8 JWT Library. Verify, Sign, Encode, Decode all day.
How does this compare to JJWT?
-
Null ECDSA Signatures - Proof of concept for bypassing JWT signature checks using CVE-2022-21449
Note that this PoC uses DER signature which is accepted by the jjwt library as fallback (see https://github.com/jwtk/jjwt/blob/master/impl/src/main/java/io/jsonwebtoken/impl/crypto/EllipticCurveSignatureValidator.java ), but that is not a standard. Standard is JOSE format.
-
JWT authentication in Spring Security and Angular
There are many open-source JWT implementations available for all languages. In this blog post, we use Java jjwt library in this blog post.
Apache Shiro
-
Serverless Apache Zeppelin on AWS
The only missing feature in this architecture is the login and logout capability. In this case, Apache Zeppelin provides Shiro for notebook authentication. Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management. Here, you can find a step-by-step guide about how Shiro works. This example uses the default configuration.
-
Reaper 3.0 for Apache Cassandra is available
Shiro 1.8.0
- Apache Shiro
-
Libraries, Frameworks and Technologies you would NOT recommend
Apache Shiro is another security framework. I haven't tried it out myself, but I was sorely tempted to when trying to set up Spring Security.
What are some alternatives?
jwt-java - JSON Web Token implementation for Java according to RFC 7519. Easily create, parse and validate JSON Web Tokens using a fluent API.
Keycloak - Open Source Identity and Access Management For Modern Applications and Services
Nimbus JOSE+JWT - JSON Web Token (JWT) implementation for Java with support for signatures (JWS), encryption (JWE) and web keys (JWK).
Spring Security - Spring Security
pac4j - Security engine for Java (authentication, authorization, multi frameworks): OAuth, CAS, SAML, OpenID Connect, LDAP, JWT...
Bouncy Castle - Bouncy Castle Java Distribution (Mirror)
jCasbin - An authorization library that supports access control models like ACL, RBAC, ABAC in Java
java-jwt-benchmark - Project for benchmarking popular Json Web Token (JWT) frameworks for Java using JMH.
OACC Framework - OACC (Object ACcess Control) is an advanced Java Application Security Framework