"Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management." So, should you be using it? Deluan Quintão' asserts that you should, suggesting that Shiro is a more intuitive approach than some of the alternatives, including the Spring approach

"I've used it in Java and Grails projects, and recently I've even been experimenting it with Google App Engine. It fits very well in almost any Java platform project that needs security."

Solving the Web Security Problem with Apache Shiro tags for Facelets