Hi Nag, Tomcat Realms and Shiro Realms are similar at a high level, but the differ enough in their implementations that they are not interchangeable.
Shiro was designed from the ground up to be a security framework that works in any application environment. Tomcat is a servlet container. The two projects have very different core goals, and this is why you see two different implementations of a similar concept. Also, Apache projects are managed independently of one another - there is no guarantee or mandate that requires one project to use another. Of course, projects often help each other out with code contributions and ideas, but this is done as friendly discourse - not something that is required. Of course (although we are biased), our recommendation is to use Apache Shiro for your security needs because it is portable - if you use Tomcat one day and then decide to use Jetty or Glassfish or anything else another day, Shiro will still work. Tomcat Realm concepts are specific to Tomcat and only Tomcat. HTH, -- Les Hazlewood | @lhazlewood CTO, Stormpath | http://stormpath.com | @goStormpath | 888.391.5282 Stormpath wins GigaOM Structure Launchpad Award! http://bit.ly/MvZkMk On Sat, Nov 3, 2012 at 10:54 PM, chirnag <[email protected]>wrote: > My web apps run on Tomcat. > > Now I want to add security features to those. > I am looking for > - Authentication > - Single sign on > - Authorization > > I am exploring Shiro Vs Tomcat security. > It looks like Shiro and Tomcat works on similar lines - realms, > authorization etc. > > Is there any significant difference between the features offered by these > two solutions? I am further puzzled because both are from Apache. > > Thanks, > Nag > > > > -- > View this message in context: > http://shiro-developer.582600.n2.nabble.com/Shiro-comparision-with-Tomcat-realms-tp7577721.html > Sent from the Shiro Developer mailing list archive at Nabble.com. >
