30 open-source projects similar to apache/shiro, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Shiro alternative.
This project is a reference implementation and a collection of code samples for deploying the Apache Shiro security framework within Java-based web applications. It serves as a demonstration for implementing authentication, authorization, and user identity management. The implementation features distributed session management to coordinate user states across multiple server instances for high availability. It also includes samples for third-party OAuth2 integration, enabling external account authentication, and single sign-on support to grant access to multiple related applications. The proj
Hanko is an open-source identity provider and customer identity and access management system. It serves as a passkey authentication service and an OAuth and SAML SSO gateway, allowing applications to authenticate users and issue tokens via standard identity protocols. The project distinguishes itself through a strong focus on passwordless access using WebAuthn-based passkeys and email-based passcodes. It provides framework-agnostic authentication interfaces as customizable web components that can be embedded directly into web applications to handle login, registration, and profile management.
Spring Security is a comprehensive security framework for Java applications that provides authentication and authorization for both web and non-web environments. It functions as an implementation of authentication and authorization logic integrated with the Java runtime environment to protect sensitive resources from unauthorized access. The framework includes toolkits for implementing OpenID Connect and OAuth 2.0 authorization servers and clients, as well as tools for integrating SAML 2.0 identity providers to enable cross-domain single sign-on. It utilizes a role-based access control system
Quarkus is a Kubernetes-native Java framework designed for building high-performance, memory-efficient applications. It utilizes ahead-of-time native compilation to transform Java code into standalone, optimized binaries that eliminate the need for a virtual machine, enabling rapid startup and reduced memory consumption. By performing code augmentation during the build phase, it shifts heavy processing tasks away from runtime, ensuring that applications are optimized for cloud-native environments. The framework distinguishes itself through a unified approach to reactive and imperative program
Hazelcast is a distributed data platform that combines an in-memory data grid with a stream processing engine to support real-time analytics and event-driven applications. It functions as a partitioned, distributed key-value store that replicates data across cluster nodes to provide low-latency access and high availability. The platform also serves as a distributed SQL query engine, allowing users to execute standard SQL statements against both in-memory datasets and external data sources. What distinguishes Hazelcast is its use of a distributed consensus subsystem to maintain strongly consis
Authboss is a modular HTTP authentication framework for managing user identity, session lifecycles, and password security. It provides a system of identity access middleware to control route access and synchronize user identity across requests via standard web protocols. The framework is distinguished by a pluggable architecture that allows for the registration of independent modules to extend identity logic. It utilizes a hook-based event system to execute custom business logic during authentication state changes and employs a selector-verifier token pattern to protect against timing attacks
Grist is a relational spreadsheet platform that combines the flexibility of a spreadsheet with the power of a relational database. At its core, it manages structured data across multiple linked tables, using a relational database engine to organize information while providing a familiar grid interface. The platform supports Python-based formulas for complex calculations and data transformations, with automatic recalculation when referenced cells change. The system is designed for self-hosted deployment, storing data in either portable SQLite files or enterprise-grade PostgreSQL databases. It
mcp-context-forge is a Model Context Protocol federation gateway that unifies diverse AI tool servers and APIs into a single consistent interface for discovery and execution. It acts as a centralized proxy that aggregates multiple servers and APIs, allowing AI agents to access and invoke a unified set of tools, prompts, and resources. The project distinguishes itself through a multi-protocol translation bridge that converts communication between standard I/O, SSE, gRPC, and REST to enable interoperability between disparate tool servers. It includes a comprehensive LLM evaluation framework for
Logto is an open-source identity provider that serves as a centralized authentication and authorization server for web, mobile, and command-line applications. It implements the OpenID Connect and OAuth 2.1 standards to handle secure user sign-in and the issuance of identity tokens. The platform is specifically designed as a multi-tenant authentication framework for software-as-a-service environments, featuring built-in organization management and tenant isolation. It includes an enterprise single sign-on gateway to integrate external identity providers and supports role-based access control t
This project is an open-source identity provider and single sign-on platform that centralizes user authentication for multiple web applications and services. It functions as a multi-protocol authentication gateway, verifying user identities and issuing tokens through the CAS protocol as well as industry standards including SAML, OAuth2, and OpenID Connect. The system acts as a federated identity server, allowing authentication to be delegated to external third-party or corporate identity providers. It distinguishes itself through identity attribute governance, which manages which specific use
Security-101 is a vendor-agnostic, foundational cybersecurity learning curriculum organized into modular, framework-aligned modules. It is designed to build core knowledge across multiple security domains without tying content to specific products or platforms, making it suitable for both beginners and professionals seeking a structured introduction to the field. The curriculum is built around established security frameworks, including the MITRE ATT&CK framework for standardized threat analysis and the NIST Cybersecurity Framework for incident response workflows. It covers a broad range of do
Higress is an AI API gateway and cloud-native traffic manager that functions as a Kubernetes ingress controller. It provides a centralized system for routing, securing, and optimizing traffic directed toward large language models, AI agents, and microservice architectures. The project distinguishes itself through deep AI orchestration, including the ability to host and manage Model Context Protocol servers that transform REST APIs into tools for AI agents. It features specialized AI infrastructure for model request proxying, protocol translation across multiple providers, and semantic-based c
This project provides containerized images for deploying a self-managed content collaboration and file sharing server. It enables the creation of private cloud storage and self-hosted file synchronization environments, allowing users to maintain data ownership and control over their infrastructure. The deployment model utilizes Docker images to simplify installation, scaling, and version updates. It distinguishes itself through a database-agnostic storage approach, supporting integration with PostgreSQL, MySQL, MariaDB, or SQLite, and employs volume mapping to ensure data persistence across c
Azure-zero-to-hero is a comprehensive learning path and technical curriculum designed for mastering cloud infrastructure, security, and deployment on Azure. It consists of a series of courses, guides, and training modules that provide a structured approach to learning the Azure ecosystem. The project provides practical walkthroughs and tutorials covering the orchestration of containerized applications via Kubernetes, the construction of CI/CD pipelines using Azure DevOps, and the provisioning of core infrastructure including virtual machines and virtual networks. It also includes dedicated tr
iBook is a self-hosted e-book library management system that allows individuals or organizations to set up and maintain their own digital collection. The platform provides durable storage for e-book files and their associated metadata, a RESTful API for library operations, static file serving for direct browser downloads, and a self-contained deployment model that runs on a user's own server. Beyond the core library functionality, iBook includes a freely accessible digital archive of technical and general e-books in EPUB and PDF formats, role-based access control for catalog and administrativ
Authboss is a modular authentication framework designed to manage user identity and account orchestration. It provides a comprehensive system for handling user registration, email verification, and the full lifecycle of user profiles. The framework distinguishes itself through a focused suite of security and identity tools, including multi-factor authentication via time-based passwords and SMS, and identity integration with external providers using OAuth1 and OAuth2 protocols. It also includes a dedicated account security manager that implements brute-force protection through credential-based
This platform is a comprehensive, white-label software suite designed for launching and managing on-demand food delivery services. It provides a unified ecosystem that connects customers, restaurant staff, and delivery riders through integrated mobile and web interfaces, supported by a centralized backend infrastructure that synchronizes data and business logic across all user roles. The system distinguishes itself through its focus on self-hosted deployment, granting operators full control over their data, backups, and server environments. It supports multi-vertical business models, allowing
Skateshop is a Next.js e-commerce storefront and subscription-based commerce platform. It provides a retail website featuring product catalogs, shopping carts, and checkout flows, paired with a retail store management dashboard for tracking inventory, orders, and payments. The project includes a subscription system to process recurring payments and manage tiered access to premium services. It also integrates a markdown blog engine for publishing technical content and an email marketing system to collect subscribers and distribute newsletters. The platform covers identity management through u
This project is a software-as-a-service application boilerplate and foundation designed to provide the core business infrastructure for building software services. It functions as a multi-tenant user management system that handles account creation, user authentication, and organizational team structures across multiple customer accounts. The kit integrates enterprise identity features, including a service for automating user and group management via the System for Cross-domain Identity Management standard. It also includes a billing implementation for managing recurring payments, one-time tra
LoopBack Next is a Node.js API framework used for building REST and multi-protocol APIs. It functions as an OpenAPI server implementation that can either generate machine-readable specifications from code or produce implementation controllers and models from existing specifications. The framework distinguishes itself through a central dependency injection container and a repository-pattern data access layer. This architecture decouples application logic from component construction and persistent storage, allowing for a pluggable system where data sources and business logic are isolated throug
mall4j is a Java-based e-commerce platform and B2B2C commerce suite designed to manage retail operations across web, mobile, and H5 storefronts. It serves as an omnichannel backend and multi-tenant retail manager, providing the infrastructure to handle product catalogs, shopping carts, and order processing. The system is built on a Spring Boot microservice framework, featuring an omnichannel architecture that exposes a unified API gateway to power diverse client interfaces. It distinguishes itself through a B2B2C workflow that coordinates sales between administrators, merchants, and end consu
Tiny File Manager is a single-script PHP file manager that provides a complete web-based interface for browsing, uploading, editing, and managing files and folders on a server. All functionality is contained in one PHP file with no external dependencies beyond the web server, using constant-based configuration and session authentication for access control. The file manager distinguishes itself through a built-in browser-based code editor with syntax highlighting for over 150 programming languages, an embedded document preview proxy that displays office documents and PDFs through Google or Mic
Horizon is a realtime API server and RethinkDB backend designed to push database changes instantly to front-end clients. It utilizes a WebSocket data streaming API to synchronize data between the database and user interfaces without requiring manual polling. The project integrates an OAuth identity manager for verifying user identities through third-party providers and a role-based access control system to define granular permissions for viewing or modifying database documents. It is delivered as a containerized backend framework, allowing the server and its dependencies to be deployed as a p
Passport is a Node.js authentication middleware designed to manage user identities and session states within web applications. It functions as a request identity verifier that secures application routes by validating user credentials before granting access. The system utilizes a modular authentication strategy, allowing identity verification through interchangeable plugins. This architecture supports the creation of custom authentication strategies for local credentials and the integration of federated identity providers using external protocols. The framework provides capabilities for sessi
Authlogic is a Ruby authentication framework designed to manage user identities, session persistence, and secure password hashing. It provides a system for verifying user credentials against stored records using configurable identity fields. The framework distinguishes itself through its provider-based identity integration, allowing applications to connect authentication flows to external services including OAuth, OpenID Connect, LDAP, and various social media platforms. It also includes an extensibility model that executes custom user-defined code via hooks and callbacks during identity veri
Casdoor is a centralized identity and access management platform that functions as an OAuth 2.0 authorization server. It provides a comprehensive suite of services for managing user identities, authentication sessions, and access policies across both web and machine-to-machine applications. Built with a decoupled frontend-backend architecture in Go, the platform supports high-concurrency environments and offers a web-based management interface for administrative tasks. The platform distinguishes itself through its extensive support for federated identity management, allowing integration with
bbs-go is a community forum software written in Go. It functions as a gamified community platform and social network framework, providing tools for hosting public discussions, managing knowledge bases, and coordinating user identities. The platform is distinguished by an integrated gamification engine that tracks activity via daily check-ins and reward tasks to award experience points, levels, and badges. It also features a specialized identity and access manager that supports role-based access control and third-party identity federation, including Google Sign-In integration. The system cove
MediaCMS is a self-hosted media content management system designed for hosting, organizing, and distributing video, audio, images, and PDF files. It functions as a digital asset management platform that combines a transcoding pipeline with a server capable of delivering adaptive video streaming. The system is distinguished by its automated media transcoding pipeline, which converts uploaded files into multiple resolutions and codecs and generates automatic transcriptions. It integrates SAML and OAuth identity layers to connect external enterprise identity providers for managing user access an
Octelium is a zero-trust network access platform and identity-aware proxy designed to secure private HTTP, SSH, and SQL resources. It functions as a secure gateway that validates human and workload identities using OIDC, SAML, and FIDO2 passkeys before granting access to internal applications and SaaS APIs. The system is distinguished by its secretless access broker, which injects credentials—such as API keys, passwords, and AWS Sigv4 signatures—at the gateway level so users can access databases and cloud resources without managing secrets. It further specializes in AI gateway administration,
This project is a .NET identity stack and server framework used to build certified OpenID Connect and OAuth 2.0 identity providers. It provides the core logic required to issue and validate security tokens and manage user authentication across various grant types and protocol flows. The framework includes a protocol translation layer that bridges OpenID Connect and SAML to enable interoperability between different identity providers. It also supports a stateless mode of operation, which removes built-in validation and storage to allow for manual control over token and client verification. Th