Author: bdemers
Date: Mon Oct 24 14:33:52 2016
New Revision: 1766414
URL: http://svn.apache.org/viewvc?rev=1766414&view=rev
Log:
converted html to md
Modified:
shiro/site/publish/10-minute-tutorial.html
shiro/site/publish/about.html
shiro/site/publish/adoption.html
shiro/site/publish/architecture.html
shiro/site/publish/articles.html
shiro/site/publish/authentication-guide.html
shiro/site/publish/authentication.html
shiro/site/publish/authorization.html
shiro/site/publish/banner.html
shiro/site/publish/cachemanager.html
shiro/site/publish/caching.html
shiro/site/publish/cas.html
shiro/site/publish/codec.html
shiro/site/publish/command-line-hasher.html
shiro/site/publish/commercial-support.html
shiro/site/publish/configuration.html
shiro/site/publish/contribute.html
shiro/site/publish/core.html
shiro/site/publish/cryptography-features.html
shiro/site/publish/cryptography.html
shiro/site/publish/developer-resources.html
shiro/site/publish/developers.html
shiro/site/publish/documentation-help-block.html
shiro/site/publish/documentation.html
shiro/site/publish/events.html
shiro/site/publish/features-overview.html
shiro/site/publish/forums.html
shiro/site/publish/getting-started-block.html
shiro/site/publish/graduation-resolution.html
shiro/site/publish/guice.html
shiro/site/publish/guides.html
shiro/site/publish/how-to-contribute.html
shiro/site/publish/inclusionslibrary.html
shiro/site/publish/introduction.html
shiro/site/publish/issues.html
shiro/site/publish/java-annotations-list.html
shiro/site/publish/java-annotations.html
shiro/site/publish/java-authentication-guide.html
shiro/site/publish/java-authorization-guide.html
shiro/site/publish/java-cryptography-guide.html
shiro/site/publish/jsp-tag-library.html
shiro/site/publish/license.html
shiro/site/publish/mailing-lists.html
shiro/site/publish/navigation.html
shiro/site/publish/overview.html
shiro/site/publish/permissions.html
shiro/site/publish/powered-by-shiro.html
shiro/site/publish/privacy-policy.html
shiro/site/publish/realm.html
shiro/site/publish/reference.html
shiro/site/publish/securitymanager.html
shiro/site/publish/session-management-features.html
shiro/site/publish/session-management.html
shiro/site/publish/sessionmanager.html
shiro/site/publish/spring.html
shiro/site/publish/subject.html
shiro/site/publish/team.html
shiro/site/publish/terminology.html
shiro/site/publish/testing.html
shiro/site/publish/tools.html
shiro/site/publish/tutorial.html
shiro/site/publish/version-2-brainstorming.html
shiro/site/publish/web.html
shiro/site/publish/what-is-shiro.html
shiro/site/publish/wiki-todos.html
Modified: shiro/site/publish/10-minute-tutorial.html
URL:
http://svn.apache.org/viewvc/shiro/site/publish/10-minute-tutorial.html?rev=1766414&r1=1766413&r2=1766414&view=diff
==============================================================================
--- shiro/site/publish/10-minute-tutorial.html (original)
+++ shiro/site/publish/10-minute-tutorial.html Mon Oct 24 14:33:52 2016
@@ -78,10 +78,7 @@
<div id="content">
-
-
-<h1><a name="10MinuteTutorial-10MinuteTutorialonApacheShiro"></a>10 Minute
Tutorial on Apache Shiro</h1>
-
+ <h1><a
name="10MinuteTutorial-10MinuteTutorialonApacheShiro"></a>10 Minute Tutorial on
Apache Shiro</h1>
<div class="addthis_toolbox addthis_default_style">
<a class="addthis_button_compact"
href="http://www.addthis.com/bookmark.php?v=250&pubid=ra-4d66ef016022c3bd";>Share</a>
<span class="addthis_separator">|</span>
@@ -92,38 +89,18 @@
</div>
<script type="text/javascript">var addthis_config = {"data_track_clickback":
true};</script>
<script type="text/javascript"
src="http://s7.addthis.com/js/250/addthis_widget.js#pubid=ra-4d66ef016022c3bd";></script>
-
-
-<h2><a name="10MinuteTutorial-Introduction"></a>Introduction</h2>
-
-<p>Welcome to Apache Shiro's 10 Minute Tutoral! </p>
-
-<p>By going through this quick and simple tutorial you should fully understand
how a developer uses Shiro in their
- application. And you should be able to do it in under 10 minutes.</p>
-
-<h2><a name="10MinuteTutorial-Overview"></a>Overview</h2>
-
+<a name="10MinuteTutorial-Introduction"></a>
+<h2><a href="#introduction" name="introduction">Introduction</a></h2>
+<p>Welcome to Apache Shiro’s 10 Minute Tutoral!</p>
+<p>By going through this quick and simple tutorial you should fully understand
how a developer uses Shiro in their application. And you should be able to do
it in under 10 minutes.</p>
+<a name="10MinuteTutorial-Overview"></a>
+<h2><a href="#overview" name="overview">Overview</a></h2>
<p>What is Apache Shiro?</p>
-
-<p>Apache Shiro is a powerful and easy to use Java security framework that
offers developers an intuitive yet
- comprehensive solution to authentication, authorization, cryptography, and
session management.</p>
-
-<p>In practical terms, it achieves to manage all facets of your application's
security, while keeping out of the way as
- much as possible. It is built on sound interface-driven design and OO
principles, enabling custom behavior wherever
- you can imagine it. But with sensible defaults for everything, it is as
"hands off" as application security can be.
- At least that's what we strive for.</p>
-
+<p>Apache Shiro is a powerful and easy to use Java security framework that
offers developers an intuitive yet comprehensive solution to authentication,
authorization, cryptography, and session management.</p>
+<p>In practical terms, it achieves to manage all facets of your
application’s security, while keeping out of the way as much as possible.
It is built on sound interface-driven design and OO principles, enabling custom
behavior wherever you can imagine it. But with sensible defaults for
everything, it is as “hands off” as application security can be. At
least that’s what we strive for.</p>
<p>What can Apache Shiro do?</p>
-
-<p>A lot <img align="middle" class="emoticon"
src="https://cwiki.apache.org/confluence/images/icons/emoticons/smile.png";
- height="20" width="20" alt="" border="0">. But we don't want to
bloat the QuickStart. Please check out our
- <a href="features.html" title="Features">Features</a> page if you'd like
to see what it can do for you. Also, if
- you're curious on how we got started and why we exist, please see the <a
href="what-is-shiro.html"
-
title="What is Shiro">Shiro History and
- Mission</a> page.</p>
-
-<p>Ok. Now let's actually do something!</p>
-
+<p>A lot <img
src="https://cwiki.apache.org/confluence/images/icons/emoticons/smile.png"; />.
But we don’t want to bloat the QuickStart. Please check out our <a
href="features.html" title="Features">Features</a> page if you’d like to
see what it can do for you. Also, if you’re curious on how we got started
and why we exist, please see the <a href="what-is-shiro.html" title="What is
Shiro">Shiro History and Mission</a> page.</p>
+<p>Ok. Now let’s actually do something!</p>
<div class="panelMacro">
<table class="infoMacro">
<colgroup span="1">
@@ -141,167 +118,79 @@
<td colspan="1" rowspan="1">
<b>Note</b>
<br clear="none">
- Shiro can be run in any environment, from the simplest command
line application to the biggest enterprise web and clustered applications, but
we'll use the simplest possible example in a simple <tt>main</tt> method for
this QuickStart so you can get a feel for the API.
+ Shiro can be run in any environment, from the simplest command
line application to the biggest enterprise web and clustered applications, but
we'll use the simplest possible example in a simple `main` method for this
QuickStart so you can get a feel for the API.
</td>
</tr>
</tbody>
</table>
</div>
-
-<h2><a name="10MinuteTutorial-Download"></a>Download</h2>
-
+<a name="10MinuteTutorial-Download"></a>
+<h2><a href="#download" name="download">Download</a></h2>
<ol>
- <li>Ensure you have JDK 1.6+ and Maven 3.0.3+ installed.</li>
- <li>Download the lastest "Source Code Distribution" from the <a
href="download.html" title="Download">Download</a>
- page. In this example, we're using the 1.3.2 release distribution.
- </li>
- <li>Unzip the source package:
- <div class="code panel" style="border-width: 1px;">
- <div class="codeContent panelContent">
-<pre class="code-java">
-> unzip shiro-root-1.3.2-source-release.zip
-</pre>
- </div>
- </div>
- </li>
- <li>Enter the quickstart directory:
- <div class="code panel" style="border-width: 1px;">
- <div class="codeContent panelContent">
-<pre class="code-java">
-> cd shiro-root-1.3.2/samples/quickstart
-</pre>
- </div>
- </div>
- </li>
- <li>Run the QuickStart:
- <div class="code panel" style="border-width: 1px;">
- <div class="codeContent panelContent">
-<pre class="code-java">
-> mvn compile exec:java
-</pre>
- </div>
- </div>
- <p>This target will just print out some log messages to let you know
what is going on and then exit. While
- reading this quickstart, feel free to look at the code found under
<tt>samples/quickstart/src/main/java/Quickstart.java</tt>.
- Change that file and run the above <tt>mvn compile exec:java</tt>
command as often as you like.</p></li>
+ <li>Ensure you have JDK 1.6+ and Maven 3.0.3+ installed.</li>
+ <li>Download the lastest “Source Code Distribution” from the <a
href="download.html" title="Download">Download</a> page. In this example,
we’re using the 1.3.2 release distribution.</li>
+ <li>Unzip the source package:
+ <pre><code class="bash">$ unzip shiro-root-1.3.2-source-release.zip
+</code></pre>
+ </li>
+ <li>
+ <p>Enter the quickstart directory:</p>
+ <pre><code class="bash">$ cd shiro-root-1.3.2/samples/quickstart
+</code></pre>
+ </li>
+ <li>
+ <p>Run the QuickStart:</p>
+ <pre><code class="bash">$ mvn compile exec:java
+</code></pre>
+ </li>
</ol>
-
-
-<h2><a name="10MinuteTutorial-Quickstart.java"></a>Quickstart.java</h2>
-
-<p>The <tt>Quickstart.java</tt> file referenced above contains all the code
that will get you familiar with the API. Now
- lets break it down in chunks here so you can easily understand what is
going on.</p>
-
+<p>This target will just print out some log messages to let you know what is
going on and then exit. While reading this quickstart, feel free to look at the
code found under <code>samples/quickstart/src/main/java/Quickstart.java</code>.
Change that file and run the above <code>mvn compile exec:java</code> command
as often as you like.</p>
+<a name="10MinuteTutorial-Quickstart.java"></a>
+<h2>Quickstart.java</h2>
+<p>The <code>Quickstart.java</code> file referenced above contains all the
code that will get you familiar with the API. Now lets break it down in chunks
here so you can easily understand what is going on.</p>
<p>In almost all environments, you can obtain the currently executing user via
the following call:</p>
-
-<p></p>
-
-<div class="code panel" style="border-width: 1px;">
- <div class="codeContent panelContent">
-<pre class="code-java">
-Subject currentUser = SecurityUtils.getSubject();
-</pre>
- </div>
-</div>
-
-<p>Using <tt><a class="external-link"
-
href="static/current/apidocs/org/apache/shiro/SecurityUtils.html">SecurityUtils</a>.<a
- class="external-link"
href="static/current/apidocs/org/apache/shiro/SecurityUtils.html#getSubject()">getSubject()</a></tt>,
- we can obtain the currently executing <tt><a class="external-link"
-
href="static/current/apidocs/org/apache/shiro/subject/Subject.html">Subject</a></tt>.
- A <em>Subject</em> is just a security-specific "view" of an application
User. We actually wanted to call it 'User'
- since that "just makes sense", but we decided against it: too many
applications have existing APIs that already have
- their own User classes/frameworks, and we didn't want to conflict with
those. Also, in the security world, the term
- <tt>Subject</tt> is actually the recognized nomenclature. Ok, moving
on...</p>
-
-<p>The <tt>getSubject()</tt> call in a standalone application might return a
<tt>Subject</tt> based on user data in an
- application-specific location, and in a server environment (e.g. web app),
it acquires the <tt>Subject</tt> based on
- user data associated with current thread or incoming request.</p>
-
-<p>Now that you have a <tt>Subject</tt>, what can you do with it?</p>
-
-<p>If you want to make things available to the user during their current
session with the application, you can get their
- session:</p>
-
-<p></p>
-
-<div class="code panel" style="border-width: 1px;">
- <div class="codeContent panelContent">
-<pre class="code-java">
-Session session = currentUser.getSession();
-session.setAttribute( <span class="code-quote">"someKey"</span>, <span
class="code-quote">"aValue"</span> );
-</pre>
- </div>
-</div>
-
-<p>The <tt>Session</tt> is a Shiro-specific instance that provides most of
what you're used to with regular HttpSessions
- but with some extra goodies and one <b>big</b> difference: it does not
require an HTTP environment!</p>
-
-<p>If deploying inside a web application, by default the <tt>Session</tt> will
be <tt>HttpSession</tt> based. But, in a
- non-web environment, like this simple Quickstart, Shiro will automatically
use its Enterprise Session Management by
- default. This means you get to use the same API in your applications, in
any tier, regardless of deployment
- environment. This opens a whole new world of applications since any
application requiring sessions does not need to
- be forced to use the <tt>HttpSession</tt> or EJB Stateful Session Beans.
And, any client technology can now share
- session data.</p>
-
-<p>So now you can acquire a <tt>Subject</tt> and their <tt>Session</tt>. What
about the <em>really</em> useful stuff
- like checking if they are allowed to do things, like checking against
roles and permissions?</p>
-
-<p>Well, we can only do those checks for a known user. Our <tt>Subject</tt>
instance above represents the current user,
- but <em>who</em> is the current user? Well, they're anonymous - that is,
until they log in at least once. So, let's
- do that:</p>
-
-<div class="code panel" style="border-width: 1px;">
- <div class="codeContent panelContent">
-<pre class="code-java">
-<span class="code-keyword">if</span> ( !currentUser.isAuthenticated() ) {
- <span class="code-comment">//collect user principals and credentials in a
gui specific manner
-</span> <span class="code-comment">//such as username/password html form,
X509 certificate, OpenID, etc.
-</span> <span class="code-comment">//We'll use the username/password
example here since it is the most common.
-</span> <span class="code-comment">//(<span class="code-keyword">do</span>
you know what movie <span
- class="code-keyword">this</span> is from? ;)
-</span> UsernamePasswordToken token = <span class="code-keyword">new</span>
UsernamePasswordToken(<span
- class="code-quote">"lonestarr"</span>, <span
class="code-quote">"vespa"</span>);
- <span class="code-comment">//<span class="code-keyword">this</span> is all
you have to <span
- class="code-keyword">do</span> to support 'remember me' (no config
- built in!):
-</span> token.setRememberMe(<span class="code-keyword">true</span>);
+<pre><code class="java">Subject currentUser = SecurityUtils.getSubject();
+</code></pre>
+<p>Using <a
href="static/current/apidocs/org/apache/shiro/SecurityUtils.html"><code>SecurityUtils</code></a>.[getSubject()](static/current/apidocs/org/apache/shiro/SecurityUtils.html#getSubject()),
we can obtain the currently executing <a
href="static/current/apidocs/org/apache/shiro/subject/Subject.html"><code>Subject</code></a>.
A <em>Subject</em> is just a security-specific “view” of an
application User. We actually wanted to call it ‘User’ since that
“just makes sense”, but we decided against it: too many
applications have existing APIs that already have their own User
classes/frameworks, and we didn’t want to conflict with those. Also, in
the security world, the term <code>Subject</code> is actually the recognized
nomenclature. Ok, moving on…</p>
+<p>The <code>getSubject()</code> call in a standalone application might return
a <code>Subject</code> based on user data in an application-specific location,
and in a server environment (e.g. web app), it acquires the
<code>Subject</code> based on user data associated with current thread or
incoming request.</p>
+<p>Now that you have a <code>Subject</code>, what can you do with it?</p>
+<p>If you want to make things available to the user during their current
session with the application, you can get their session:</p>
+<pre><code class="java">Session session = currentUser.getSession();
+session.setAttribute( "someKey", "aValue" );
+</code></pre>
+<p>The <code>Session</code> is a Shiro-specific instance that provides most of
what you’re used to with regular HttpSessions but with some extra goodies
and one <strong>big</strong> difference: it does not require an HTTP
environment!</p>
+<p>If deploying inside a web application, by default the <code>Session</code>
will be <code>HttpSession</code> based. But, in a non-web environment, like
this simple Quickstart, Shiro will automatically use its Enterprise Session
Management by default. This means you get to use the same API in your
applications, in any tier, regardless of deployment environment. This opens a
whole new world of applications since any application requiring sessions does
not need to be forced to use the <code>HttpSession</code> or EJB Stateful
Session Beans. And, any client technology can now share session data.</p>
+<p>So now you can acquire a <code>Subject</code> and their
<code>Session</code>. What about the <em>really</em> useful stuff like checking
if they are allowed to do things, like checking against roles and
permissions?</p>
+<p>Well, we can only do those checks for a known user. Our
<code>Subject</code> instance above represents the current user, but
<em>who</em> is the current user? Well, they’re anonymous - that is,
until they log in at least once. So, let’s do that:</p>
+<pre><code class="java">if ( !currentUser.isAuthenticated() ) {
+ //collect user principals and credentials in a gui specific manner
+ //such as username/password html form, X509 certificate, OpenID, etc.
+ //We'll use the username/password example here since it is the most
common.
+ //(do you know what movie this is from? ;)
+ UsernamePasswordToken token = new
UsernamePasswordToken("lonestarr", "vespa");
+ //this is all you have to do to support 'remember me' (no config -
built in!):
+ token.setRememberMe(true);
currentUser.login(token);
}
-</pre>
- </div>
-</div>
-
-<p>That's it! It couldn't be easier.</p>
-
-<p>But what if their login attempt fails? You can catch all sorts of specific
exceptions that tell you exactly what
- happened and allows you to handle and react accordingly:</p>
-
-<div class="code panel" style="border-width: 1px;">
- <div class="codeContent panelContent">
-<pre class="code-java">
-<span class="code-keyword">try</span> {
+</code></pre>
+<p>That’s it! It couldn’t be easier.</p>
+<p>But what if their login attempt fails? You can catch all sorts of specific
exceptions that tell you exactly what happened and allows you to handle and
react accordingly:</p>
+<pre><code class="java">try {
currentUser.login( token );
- <span class="code-comment">//<span class="code-keyword">if</span> no
exception, that's it, we're done!
-</span>} <span class="code-keyword">catch</span> ( UnknownAccountException uae
) {
- <span class="code-comment">//username wasn't in the system, show them an
error message?
-</span>} <span class="code-keyword">catch</span> (
IncorrectCredentialsException ice ) {
- <span class="code-comment">//password didn't match, <span
class="code-keyword">try</span> again?
-</span>} <span class="code-keyword">catch</span> ( LockedAccountException lae
) {
- <span class="code-comment">//account <span class="code-keyword">for</span>
that username is locked - can't login. Show them a message?
-</span>}
- ... more types exceptions to check <span class="code-keyword">if</span>
you want ...
-} <span class="code-keyword">catch</span> ( AuthenticationException ae ) {
- <span class="code-comment">//unexpected condition - error?
-</span>}
-</pre>
- </div>
-</div>
-
-<p>There are many different types of exceptions you can check, or throw your
own for custom conditions Shiro might not
- account for. See the <a class="external-link"
-
href="static/current/apidocs/org/apache/shiro/authc/AuthenticationException.html">AuthenticationException
- JavaDoc</a> for more. </p>
-
+ //if no exception, that's it, we're done!
+} catch ( UnknownAccountException uae ) {
+ //username wasn't in the system, show them an error message?
+} catch ( IncorrectCredentialsException ice ) {
+ //password didn't match, try again?
+} catch ( LockedAccountException lae ) {
+ //account for that username is locked - can't login. Show them a
message?
+}
+ ... more types exceptions to check if you want ...
+} catch ( AuthenticationException ae ) {
+ //unexpected condition - error?
+}
+</code></pre>
+<p>There are many different types of exceptions you can check, or throw your
own for custom conditions Shiro might not account for. See the <a
href="static/current/apidocs/org/apache/shiro/authc/AuthenticationException.html">AuthenticationException
JavaDoc</a> for more.</p>
<div class="panelMacro">
<table class="tipMacro">
<colgroup span="1">
@@ -321,109 +210,41 @@ session.setAttribute( <span class="code-
</tbody>
</table>
</div>
-
<p>Ok, so by now, we have a logged in user. What else can we do?</p>
-
-<p>Let's say who they are:</p>
-
-<p></p>
-
-<div class="code panel" style="border-width: 1px;">
- <div class="codeContent panelContent">
-<pre class="code-java">
-<span class="code-comment">//print their identifying principal (in <span
class="code-keyword">this</span> <span
- class="code-keyword">case</span>, a username):
-</span>log.info( <span class="code-quote">"User ["</span> +
currentUser.getPrincipal() + <span class="code-quote">"] logged in
successfully."</span> );
-</pre>
- </div>
-</div>
-
+<p>Let’s say who they are:</p>
+<pre><code class="java">//print their identifying principal (in this case, a
username):
+log.info( "User [" + currentUser.getPrincipal() + "] logged in
successfully." );
+</code></pre>
<p>We can also test to see if they have specific role or not:</p>
-
-<p></p>
-
-<div class="code panel" style="border-width: 1px;">
- <div class="codeContent panelContent">
-<pre class="code-java">
-<span class="code-keyword">if</span> ( currentUser.hasRole( <span
class="code-quote">"schwartz"</span> ) ) {
- log.info(<span class="code-quote">"May the Schwartz be with you!"</span> );
-} <span class="code-keyword">else</span> {
- log.info( <span class="code-quote">"Hello, mere mortal."</span> );
+<pre><code class="java">if ( currentUser.hasRole( "schwartz" ) ) {
+ log.info("May the Schwartz be with you!" );
+} else {
+ log.info( "Hello, mere mortal." );
}
-</pre>
- </div>
-</div>
-
+</code></pre>
<p>We can also see if they have a permission to act on a certain type of
entity:</p>
-
-<p></p>
-
-<div class="code panel" style="border-width: 1px;">
- <div class="codeContent panelContent">
-<pre class="code-java">
-<span class="code-keyword">if</span> ( currentUser.isPermitted( <span
class="code-quote">"lightsaber:weild"</span> ) ) {
- log.info(<span class="code-quote">"You may use a lightsaber ring. Use it
wisely."</span>);
-} <span class="code-keyword">else</span> {
- log.info(<span class="code-quote">"Sorry, lightsaber rings are <span
class="code-keyword">for</span> schwartz masters only."</span>);
+<pre><code class="java">if ( currentUser.isPermitted(
"lightsaber:weild" ) ) {
+ log.info("You may use a lightsaber ring. Use it wisely.");
+} else {
+ log.info("Sorry, lightsaber rings are for schwartz masters
only.");
}
-</pre>
- </div>
-</div>
-
-<p>Also, we can perform an extremely powerful <em>instance-level</em>
permission check - the ability to see if the user
- has the ability to access a specific instance of a type:</p>
-
-<p></p>
-
-<div class="code panel" style="border-width: 1px;">
- <div class="codeContent panelContent">
-<pre class="code-java">
-<span class="code-keyword">if</span> ( currentUser.isPermitted( <span
class="code-quote">"winnebago:drive:eagle5"</span> ) ) {
- log.info(<span
- class="code-quote">"You are permitted to 'drive' the 'winnebago' with
license plate (id) 'eagle5'. "</span> +
- <span class="code-quote">"Here are the keys - have
fun!"</span>);
-} <span class="code-keyword">else</span> {
- log.info(<span class="code-quote">"Sorry, you aren't allowed to drive the
'eagle5' winnebago!"</span>);
+</code></pre>
+<p>Also, we can perform an extremely powerful <em>instance-level</em>
permission check - the ability to see if the user has the ability to access a
specific instance of a type:</p>
+<pre><code class="java">if ( currentUser.isPermitted(
"winnebago:drive:eagle5" ) ) {
+ log.info("You are permitted to 'drive' the
'winnebago' with license plate (id) 'eagle5'. " +
+ "Here are the keys - have fun!");
+} else {
+ log.info("Sorry, you aren't allowed to drive the 'eagle5'
winnebago!");
}
-</pre>
- </div>
-</div>
-
+</code></pre>
<p>Piece of cake, right?</p>
-
<p>Finally, when the user is done using the application, they can log out:</p>
-
-<p></p>
-
-<div class="code panel" style="border-width: 1px;">
- <div class="codeContent panelContent">
-<pre class="code-java">
-currentUser.logout(); <span class="code-comment">//removes all identifying
information and invalidates their session too.</span>
-</pre>
- </div>
-</div>
-
-<p>Well, that's the core to using Apache Shiro at the application-developer
level. And although there is some pretty
- sophisticated stuff going on under the hood to make this work so
elegantly, that's really all there is to it.</p>
-
-<p>But you might ask yourself, "But who is responsible for getting the user
data during a login (usernames and
- passwords, role and permissions, etc), and who actually performs those
security checks during runtime?" Well, you
- do, by implementing what Shiro calls a <a href="realm.html"
title="Realm">Realm</a> and plugging that <tt>Realm</tt>
- into Shiro's configuration. </p>
-
-<p>However, how you configure a <a href="realm.html" title="Realm">Realm</a>
is largely dependent upon your runtime
- environment. For example, if you run a standalone application, or if you
have a web based application, or a Spring
- or JEE container-based application, or combination thereof. That type of
configuration is outside the scope of this
- QuickStart, since its aim is to get you comfortable with the API and
Shiro's concepts.</p>
-
-<p>When you're ready to jump in with a little more detail, you'll definitely
want to read the <a
- href="java-authentication-guide.html" title="Java Authentication
Guide">Authentication Guide</a> and <a
- href="java-authorization-guide.html" title="Java Authorization
Guide">Authorization Guide</a>. Then can move
- onto other <a href="documentation.html"
title="Documentation">Documentation</a>, in particularly the <a
- href="reference.html" title="Reference">Reference Manual</a>, to
answer any other questions. You'll also
- probably want to join the user <a href="mailing-lists.html" title="Mailing
Lists">mailing list</a> - you'll find
- that we have a great community with people willing to help whenever
possible.</p>
-
+<pre><code class="java">currentUser.logout(); //removes all identifying
information and invalidates their session too.
+</code></pre>
+<p>Well, that’s the core to using Apache Shiro at the
application-developer level. And although there is some pretty sophisticated
stuff going on under the hood to make this work so elegantly, that’s
really all there is to it.</p>
+<p>But you might ask yourself, “But who is responsible for getting the
user data during a login (usernames and passwords, role and permissions, etc),
and who actually performs those security checks during runtime?” Well,
you do, by implementing what Shiro calls a <a href="realm.html"
title="Realm">Realm</a> and plugging that <code>Realm</code> into Shiro’s
configuration.</p>
+<p>However, how you configure a <a href="realm.html" title="Realm">Realm</a>
is largely dependent upon your runtime environment. For example, if you run a
standalone application, or if you have a web based application, or a Spring or
JEE container-based application, or combination thereof. That type of
configuration is outside the scope of this QuickStart, since its aim is to get
you comfortable with the API and Shiro’s concepts.</p>
+<p>When you’re ready to jump in with a little more detail, you’ll
definitely want to read the <a href="java-authentication-guide.html"
title="Java Authentication Guide">Authentication Guide</a> and <a
href="java-authorization-guide.html" title="Java Authorization
Guide">Authorization Guide</a>. Then can move onto other <a
href="documentation.html" title="Documentation">Documentation</a>, in
particularly the <a href="reference.html" title="Reference">Reference
Manual</a>, to answer any other questions. You’ll also probably want to
join the user <a href="mailing-lists.html" title="Mailing Lists">mailing
list</a> - you’ll find that we have a great community with people willing
to help whenever possible.</p>
<p>Thanks for following along. We hope you enjoy using Apache Shiro!</p>
</div>
Modified: shiro/site/publish/about.html
URL:
http://svn.apache.org/viewvc/shiro/site/publish/about.html?rev=1766414&r1=1766413&r2=1766414&view=diff
==============================================================================
--- shiro/site/publish/about.html (original)
+++ shiro/site/publish/about.html Mon Oct 24 14:33:52 2016
@@ -78,46 +78,23 @@
<div id="content">
- <h1><a name="About-AboutApacheShiro"></a>About Apache Shiro</h1>
-
-<p>Apache Shiro is is a top level open source project under the <a
class="external-link" href="http://www.apache.org";>Apache
- Software Foundation</a>. As a project, Shiro is an application security
framework that provides application
- developers very clean and simple ways of supporting four cornerstones of
security in their applications:
- authentication, authorization, enterprise session management and
cryptography. </p>
-
-<p>If you'd like to learn more about Shiro please visit the links below</p>
-
-<ul class="alternate">
- <li><b><a href="what-is-shiro.html" title="What is Shiro">What is
Shiro</a></b> - A deeper look into the project,
- its mission, and its history
- </li>
-</ul>
-
-
-<ul class="alternate">
- <li><b><a href="features.html" title="Features">Features</a></b> - Explore
the major features of the project</li>
-</ul>
-
-
-<ul class="alternate">
- <li><b><a href="news.html" title="News">News</a></b> - Stay up to date on
the latest Apache Shiro news</li>
-</ul>
-
-
-<ul class="alternate">
- <li><b><a href="events.html" title="Events">Events</a></b> - See what
Apache Shiro events are coming that you should
- consider attending
- </li>
+ <a name="About-AboutApacheShiro"></a>
+<h1><a href="#about-apache-shiro" name="about-apache-shiro">About Apache
Shiro</a></h1>
+<p>Apache Shiro is is a top level open source project under the <a
href="http://www.apache.org";>Apache Software Foundation</a>. As a project,
Shiro is an application security framework that provides application developers
very clean and simple ways of supporting four cornerstones of security in their
applications: authentication, authorization, enterprise session management and
cryptography.</p>
+<p>If you’d like to learn more about Shiro please visit the links
below</p>
+<ul>
+ <li>
+ <p><a href="what-is-shiro.html">What is Shiro</a> - A deeper look into the
project, its mission, and its history</p></li>
+ <li>
+ <p><a href="features.html">Features</a> - Explore the major features of the
project</p></li>
+ <li>
+ <p><a href="news.html">News</a> - Stay up to date on the latest Apache Shiro
news</p></li>
+ <li>
+ <p><a href="events.html">Events</a> - See what Apache Shiro events are
coming that you should consider attending</p></li>
+ <li>
+ <p><a href="license.html">License</a> - Review the license under which Shiro
is released - Apache Software License, Version 2.0</p></li>
</ul>
-
-<ul class="alternate">
- <li><b><a href="license.html" title="License">License</a></b> - Review the
license under which Shiro is released--
- Apache Software License, Version 2.0
- </li>
-</ul>
-
-
</div>
</div><!--END WRAPPER-->
Modified: shiro/site/publish/adoption.html
URL:
http://svn.apache.org/viewvc/shiro/site/publish/adoption.html?rev=1766414&r1=1766413&r2=1766414&view=diff
==============================================================================
--- shiro/site/publish/adoption.html (original)
+++ shiro/site/publish/adoption.html Mon Oct 24 14:33:52 2016
@@ -78,10 +78,9 @@
<div id="content">
- <h1><a name="Adoption-ApacheShiroAdoption"></a>Apache Shiro
Adoption</h1>
-
+ <a name="Adoption-ApacheShiroAdoption"></a>
+<h1><a href="#apache-shiro-adoption" name="apache-shiro-adoption">Apache Shiro
Adoption</a></h1>
<p>Are you using Shiro to build an application? List your name and company
here and let the world know!</p>
-
<p>The more people that adopt Shiro, the better it becomes, and the more you
benefit from it. Help adoption by letting others know how you use it.</p>
</div>
Modified: shiro/site/publish/architecture.html
URL:
http://svn.apache.org/viewvc/shiro/site/publish/architecture.html?rev=1766414&r1=1766413&r2=1766414&view=diff
==============================================================================
--- shiro/site/publish/architecture.html (original)
+++ shiro/site/publish/architecture.html Mon Oct 24 14:33:52 2016
@@ -78,109 +78,85 @@
<div id="content">
- <h1><a name="Architecture-ApacheShiroArchitecture"></a>Apache
Shiro Architecture</h1>
-
-<p>Apache Shiro's design goals are to simplify application security by being
intuitive and easy to use. Shiro's core design models how most people think
about application security - in the context of someone (or something)
interacting with an application.</p>
-
-<p>Software applications are usually designed based on user stories. That is,
you'll often design user interfaces or service APIs based on how a user would
(or should) interact with the software. For example, you might say, "If the
user interacting with my application is logged in, I will show them a button
they can click to view their account information. If they are not logged in, I
will show a sign-up button." </p>
-
-<p>This example statement indicates that applications are largely written to
satisfy user requirements and needs. Even if the 'user' is another software
system and not a human being, you still write code to reflect behavior based on
who (or what) is currently interacting with your software.</p>
-
+ <a name="Architecture-ApacheShiroArchitecture"></a>
+<h1><a href="#apache-shiro-architecture"
name="apache-shiro-architecture">Apache Shiro Architecture</a></h1>
+<p>Apache Shiro’s design goals are to simplify application security by
being intuitive and easy to use. Shiro’s core design models how most
people think about application security - in the context of someone (or
something) interacting with an application.</p>
+<p>Software applications are usually designed based on user stories. That is,
you’ll often design user interfaces or service APIs based on how a user
would (or should) interact with the software. For example, you might say,
“If the user interacting with my application is logged in, I will show
them a button they can click to view their account information. If they are not
logged in, I will show a sign-up button.”</p>
+<p>This example statement indicates that applications are largely written to
satisfy user requirements and needs. Even if the ‘user’ is another
software system and not a human being, you still write code to reflect behavior
based on who (or what) is currently interacting with your software.</p>
<p>Shiro reflects these concepts in its own design. By matching what is
already intuitive for software developers, Apache Shiro remains intuitive and
easy to use in practically any application.</p>
-
-<h2><a name="Architecture-HighLevelOverview"></a>High-Level Overview</h2>
-
-<p>At the highest conceptual level, Shiro's architecture has 3 primary
concepts: the <tt>Subject</tt>, <tt>SecurityManager</tt> and <tt>Realms</tt>.
The following diagram is a high-level overview of how these components
interact, and we'll cover each concept below:</p>
-
-<p><br clear="none" class="atl-forced-newline">
-<br clear="none" class="atl-forced-newline">
-<span class="image-wrap" style="display: block; text-align: center"><img
src="assets/images/ShiroBasicArchitecture.png" style="border: 0px solid
black"></span>
-<br clear="none" class="atl-forced-newline">
-<br clear="none" class="atl-forced-newline"></p>
-
-<ul><li><b>Subject</b>: As we've mentioned in our <a href="tutorial.html"
title="Tutorial">Tutorial</a>, the <tt>Subject</tt> is essentially a security
specific 'view' of the the currently executing user. Whereas the word 'User'
often implies a human being, a <tt>Subject</tt> can be a person, but it could
also represent a 3rd-party service, daemon account, cron job, or anything
similar - basically anything that is currently interacting with the software.
-<br clear="none" class="atl-forced-newline">
-<br clear="none" class="atl-forced-newline">
-<tt>Subject</tt> instances are all bound to (and require) a
<tt>SecurityManager</tt>. When you interact with a <tt>Subject</tt>, those
interactions translate to subject-specific interactions with the
<tt>SecurityManager</tt>.
-<br clear="none" class="atl-forced-newline">
-<br clear="none" class="atl-forced-newline"></li><li><b>SecurityManager</b>:
The <tt>SecurityManager</tt> is the heart of Shiro’s architecture and
acts as a sort of 'umbrella’ object that coordinates its internal
security components that together form an object graph. However, once the
SecurityManager and its internal object graph is configured for an application,
it is usually left alone and application developers spend almost all of their
time with the <tt>Subject</tt> API.
-<br clear="none" class="atl-forced-newline">
-<br clear="none" class="atl-forced-newline">
-We will talk about the <tt>SecurityManager</tt> in detail later on, but it is
important to realize that when you interact with a <tt>Subject</tt>, it is
really the <tt>SecurityManager</tt> behind the scenes that does all the heavy
lifting for any <tt>Subject</tt> security operation. This is reflected in the
basic flow diagram above.
-<br clear="none" class="atl-forced-newline">
-<br clear="none" class="atl-forced-newline"></li><li><b>Realms</b>: Realms
act as the ‘bridge’ or ‘connector’ between Shiro and
your application’s security data. When it comes time to actually interact
with security-related data like user accounts to perform authentication (login)
and authorization (access control), Shiro looks up many of these things from
one or more Realms configured for an application.
-<br clear="none" class="atl-forced-newline">
-<br clear="none" class="atl-forced-newline">
-In this sense a Realm is essentially a security-specific <a
class="external-link" href="https://en.wikipedia.org/wiki/Data_access_object";
rel="nofollow">DAO</a>: it encapsulates connection details for data sources and
makes the associated data available to Shiro as needed. When configuring Shiro,
you must specify at least one Realm to use for authentication and/or
authorization. The <tt>SecurityManager</tt> may be configured with multiple
Realms, but at least one is required.
-<br clear="none" class="atl-forced-newline">
-<br clear="none" class="atl-forced-newline">
-Shiro provides out-of-the-box Realms to connect to a number of security data
sources (aka directories) such as LDAP, relational databases (JDBC), text
configuration sources like INI and properties files, and more. You can plug-in
your own Realm implementations to represent custom data sources if the default
Realms do not meet your needs.
-<br clear="none" class="atl-forced-newline">
-<br clear="none" class="atl-forced-newline">
-Like other internal components, the Shiro <tt>SecurityManager</tt> manages how
Realms are used to acquire security and identity data to be represented as
<tt>Subject</tt> instances.</li></ul>
-
-
-<h2><a name="Architecture-DetailedArchitecture"></a>Detailed Architecture</h2>
-
-<p>The following diagram shows Shiro's core architectural concepts followed by
short summaries of each:</p>
-
-<p><span class="image-wrap" style="display: block; text-align: center"><img
src="assets/images/ShiroArchitecture.png" style="border: 0px solid
black"></span></p>
-
-<ul><li><b>Subject</b> (<tt><a class="external-link"
href="static/current/apidocs/org/apache/shiro/subject/Subject.html">org.apache.shiro.subject.Subject</a></tt>)<br
clear="none">
-A security-specific 'view' of the entity (user, 3rd-party service, cron job,
etc) currently interacting with the software.
-<br clear="none" class="atl-forced-newline">
-<br clear="none" class="atl-forced-newline"></li><li><b>SecurityManager</b>
(<tt><a class="external-link"
href="static/current/apidocs/org/apache/shiro/mgt/SecurityManager.html">org.apache.shiro.mgt.SecurityManager</a></tt>)<br
clear="none">
-As mentioned above, the <tt>SecurityManager</tt> is the heart of Shiro's
architecture. It is mostly an 'umbrella' object that coordinates its managed
components to ensure they work smoothly together. It also manages Shiro's view
of every application user, so it knows how to perform security operations per
user.
-<br clear="none" class="atl-forced-newline">
-<br clear="none" class="atl-forced-newline"></li><li><b>Authenticator</b>
(<tt><a class="external-link"
href="static/current/apidocs/org/apache/shiro/authc/Authenticator.html">org.apache.shiro.authc.Authenticator</a></tt>)<br
clear="none">
-The <tt>Authenticator</tt> is the component that is responsible for executing
and reacting to authentication (log-in) attempts by users. When a user tries
to log-in, that logic is executed by the <tt>Authenticator</tt>. The
<tt>Authenticator</tt> knows how to coordinate with one or more <tt>Realms</tt>
that store relevant user/account information. The data obtained from these
<tt>Realms</tt> is used to verify the user's identity to guarantee the user
really is who they say they are.
-<br clear="none" class="atl-forced-newline">
-<br clear="none" class="atl-forced-newline">
- <ul><li><b>Authentication Strategy</b> (<tt><a class="external-link"
href="static/current/apidocs/org/apache/shiro/authc/pam/AuthenticationStrategy.html">org.apache.shiro.authc.pam.AuthenticationStrategy</a></tt>)<br
clear="none">
-If more than one <tt>Realm</tt> is configured, the
<tt>AuthenticationStrategy</tt> will coordinate the Realms to determine the
conditions under which an authentication attempt succeeds or fails (for
example, if one realm succeeds but others fail, is the attempt successful? Must
all realms succeed? Only the first?).
-<br clear="none" class="atl-forced-newline">
-<br clear="none" class="atl-forced-newline"></li></ul>
- </li><li><b>Authorizer</b> (<tt><a class="external-link"
href="static/current/apidocs/org/apache/shiro/authz/Authorizer.html">org.apache.shiro.authz.Authorizer</a></tt>)<br
clear="none">
-The <tt>Authorizer</tt> is the component responsible determining users' access
control in the application. It is the mechanism that ultimately says if a user
is allowed to do something or not. Like the <tt>Authenticator</tt>, the
<tt>Authorizer</tt> also knows how to coordinate with multiple back-end data
sources to access role and permission information. The <tt>Authorizer</tt>
uses this information to determine exactly if a user is allowed to perform a
given action.
-<br clear="none" class="atl-forced-newline">
-<br clear="none" class="atl-forced-newline"></li><li><b>SessionManager</b>
(<tt><a class="external-link"
href="static/current/apidocs/org/apache/shiro/session/mgt/SessionManager.html">org.apache.shiro.session.mgt.SessionManager</a></tt>)<br
clear="none">
-The <tt>SessionManager</tt> knows how to create and manage user
<tt>Session</tt> lifecycles to provide a robust Session experience for users in
all environments. This is a unique feature in the world of security frameworks
- Shiro has the ability to natively manage user Sessions in any environment,
even if there is no Web/Servlet or EJB container available. By default, Shiro
will use an existing session mechanism if available, (e.g. Servlet Container),
but if there isn't one, such as in a standalone application or non-web
environment, it will use its built-in enterprise session management to offer
the same programming experience. The <tt>SessionDAO</tt> exists to allow any
datasource to be used to persist sessions.
-<br clear="none" class="atl-forced-newline">
-<br clear="none" class="atl-forced-newline">
- <ul><li><b>SessionDAO</b> (<tt><a class="external-link"
href="static/current/apidocs/org/apache/shiro/session/mgt/eis/SessionDAO.html">org.apache.shiro.session.mgt.eis.SessionDAO</a></tt>)<br
clear="none">
-The <tt>SessionDAO</tt> performs <tt>Session</tt> persistence (CRUD)
operations on behalf of the <tt>SessionManager</tt>. This allows any data
store to be plugged in to the Session Management infrastructure.
-<br clear="none" class="atl-forced-newline">
-<br clear="none" class="atl-forced-newline"></li></ul>
- </li><li><b>CacheManager</b> (<tt><a class="external-link"
href="static/current/apidocs/org/apache/shiro/cache/CacheManager.html">org.apache.shiro.cache.CacheManager</a></tt>)<br
clear="none">
-The <tt>CacheManager</tt> creates and manages <tt>Cache</tt> instance
lifecycles used by other Shiro components. Because Shiro can access many
back-end data sources for authentication, authorization and session management,
caching has always been a first-class architectural feature in the framework to
improve performance while using these data sources. Any of the modern
open-source and/or enterprise caching products can be plugged in to Shiro to
provide a fast and efficient user-experience.
-<br clear="none" class="atl-forced-newline">
-<br clear="none" class="atl-forced-newline"></li><li><b>Cryptography</b>
(<tt><a class="external-link"
href="static/current/apidocs/org/apache/shiro/crypto/package-summary.html">org.apache.shiro.crypto.*</a></tt>)<br
clear="none">
-Cryptography is a natural addition to an enterprise security framework.
Shiro's <tt>crypto</tt> package contains easy-to-use and understand
representations of crytographic Ciphers, Hashes (aka digests) and different
codec implementations. All of the classes in this package are carefully
designed to be very easy to use and easy to understand. Anyone who has used
Java's native cryptography support knows it can be a challenging animal to
tame. Shiro's crypto APIs simplify the complicated Java mechanisms and make
cryptography easy to use for normal mortal human beings.
-<br clear="none" class="atl-forced-newline">
-<br clear="none" class="atl-forced-newline"></li><li><b>Realms</b> (<tt><a
class="external-link"
href="static/current/apidocs/org/apache/shiro/realm/Realm.html">org.apache.shiro.realm.Realm</a></tt>)<br
clear="none">
-As mentioned above, Realms act as the ‘bridge’ or
‘connector’ between Shiro and your application’s security
data. When it comes time to actually interact with security-related data like
user accounts to perform authentication (login) and authorization (access
control), Shiro looks up many of these things from one or more Realms
configured for an application. You can configure as many <tt>Realms</tt> as
you need (usually one per data source) and Shiro will coordinate with them as
necessary for both authentication and authorization.</li></ul>
-
-
-<h2><a name="Architecture-The%7B%7BSecurityManager%7D%7D"></a>The
<tt>SecurityManager</tt></h2>
-
-<p>Because Shiro's API encourages a <tt>Subject</tt>-centric programming
approach, most application developers will rarely, if ever, interact with the
<tt>SecurityManager</tt> directly (framework developers however might sometimes
find it useful). Even so, it is still important to know how the
<tt>SecurityManager</tt> functions, especially when configuring one for an
application.</p>
-
-<h2><a name="Architecture-Design"></a>Design</h2>
-
-<p>As stated previously, the application's <tt>SecurityManager</tt> performs
security operations and manages state for <em>all</em> application users. In
Shiro's default <tt>SecurityManager</tt> implementations, this includes:</p>
-
-<ul><li>Authentication</li><li>Authorization</li><li>Session
Management</li><li>Cache Management</li><li><a href="realm.html"
title="Realm">Realm</a> coordination</li><li>Event
propagation</li><li>"Remember Me" Services</li><li>Subject
creation</li><li>Logout<br clear="none">
-and more.</li></ul>
-
-
-<p>But this is a lot of functionality to try to manage in a single component.
And, making these things flexible and customizable would be very difficult if
everything were lumped into a single implementation class. </p>
-
-<p>To simplify configuration and enable flexible configuration/pluggability,
Shiro's implementations are all highly modular in design - so modular in fact,
that the SecurityManager implementation (and its class-hierarchy) does not do
much at all. Instead, the <tt>SecurityManager</tt> implementations mostly act
as a lightweight 'container' component, delegating almost all behavior to
nested/wrapped components. This 'wrapper' design is reflected in the detailed
architecture diagram above.</p>
-
-<p>While the components actually execute the logic, the
<tt>SecurityManager</tt> implementation knows how and when to coordinate the
components for the correct behavior.</p>
-
-<p>The <tt>SecurityManager</tt> implementations and are also JavaBeans
compatible, which allows you (or a configuration mechanism) to easily customize
the pluggable components via standard JavaBeans accessor/mutator methods
(get*/set*). This means the Shiro's architectural modularity can translate
into very easy configuration for custom behavior.</p>
-
+<a name="Architecture-HighLevelOverview"></a>
+<h2>High-Level Overview</h2>
+<p>At the highest conceptual level, Shiro’s architecture has 3 primary
concepts: the <code>Subject</code>, <code>SecurityManager</code> and
<code>Realms</code>. The following diagram is a high-level overview of how
these components interact, and we’ll cover each concept below:</p>
+<img style="margin:0px auto;display:block"
src="assets/images/ShiroBasicArchitecture.png"/>
+<ul>
+ <li>
+ <p><strong>Subject</strong>: As we’ve mentioned in our <a
href="tutorial.html">Tutorial</a>, the <code>Subject</code> is essentially a
security specific ‘view’ of the the currently executing user.
Whereas the word ‘User’ often implies a human being, a
<code>Subject</code> can be a person, but it could also represent a 3rd-party
service, daemon account, cron job, or anything similar - basically anything
that is currently interacting with the software.</p>
+ <p><code>Subject</code> instances are all bound to (and require) a
<code>SecurityManager</code>. When you interact with a <code>Subject</code>,
those interactions translate to subject-specific interactions with the
<code>SecurityManager</code>.</p>
+ </li>
+ <li>
+ <p><strong>SecurityManager</strong>: The <code>SecurityManager</code> is
the heart of Shiro’s architecture and acts as a sort of
’umbrella’ object that coordinates its internal security components
that together form an object graph. However, once the SecurityManager and its
internal object graph is configured for an application, it is usually left
alone and application developers spend almost all of their time with the
<code>Subject</code> API.</p>
+ <p>We will talk about the <code>SecurityManager</code> in detail later on,
but it is important to realize that when you interact with a
<code>Subject</code>, it is really the <code>SecurityManager</code> behind the
scenes that does all the heavy lifting for any <code>Subject</code> security
operation. This is reflected in the basic flow diagram above.</p>
+ </li>
+ <li>
+ <p><strong>Realms</strong>: Realms act as the ‘bridge’ or
‘connector’ between Shiro and your application’s security
data. When it comes time to actually interact with security-related data like
user accounts to perform authentication (login) and authorization (access
control), Shiro looks up many of these things from one or more Realms
configured for an application.</p>
+ <p>In this sense a Realm is essentially a security-specific <a
class="external-link" href="https://en.wikipedia.org/wiki/Data_access_object";
rel="nofollow">DAO</a>: it encapsulates connection details for data sources and
makes the associated data available to Shiro as needed. When configuring Shiro,
you must specify at least one Realm to use for authentication and/or
authorization. The <code>SecurityManager</code> may be configured with multiple
Realms, but at least one is required.</p>
+ <p>Shiro provides out-of-the-box Realms to connect to a number of security
data sources (aka directories) such as LDAP, relational databases (JDBC), text
configuration sources like INI and properties files, and more. You can plug-in
your own Realm implementations to represent custom data sources if the default
Realms do not meet your needs.</p>
+ <p>Like other internal components, the Shiro <code>SecurityManager</code>
manages how Realms are used to acquire security and identity data to be
represented as <code>Subject</code> instances.</li></ul></p>
+ </li>
+</ul>
+<a name="Architecture-DetailedArchitecture"></a>
+<h2><a href="#detailed-architecture" name="detailed-architecture">Detailed
Architecture</a></h2>
+<p>The following diagram shows Shiro’s core architectural concepts
followed by short summaries of each:</p>
+<img style="margin:0px auto;display:block"
src="assets/images/ShiroArchitecture.png"/>
+<ul>
+ <li>
+ <p><strong>Subject</strong> (<a
href="static/current/apidocs/org/apache/shiro/subject/Subject.html"><code>org.apache.shiro.subject.Subject</code></a>)<br/>A
security-specific ‘view’ of the entity (user, 3rd-party service,
cron job, etc) currently interacting with the software.</p></li>
+ <li>
+ <p><strong>SecurityManager</strong> (<a
href="static/current/apidocs/org/apache/shiro/mgt/SecurityManager.html">org.apache.shiro.mgt.SecurityManager</a>)<br/>As
mentioned above, the <code>SecurityManager</code> is the heart of
Shiro’s architecture. It is mostly an ‘umbrella’ object that
coordinates its managed components to ensure they work smoothly together. It
also manages Shiro’s view of every application user, so it knows how to
perform security operations per user.</p></li>
+ <li>
+ <p><strong>Authenticator</strong> (<a
href="static/current/apidocs/org/apache/shiro/authc/Authenticator.html">org.apache.shiro.authc.Authenticator</a>)<br/>The
<code>Authenticator</code> is the component that is responsible for executing
and reacting to authentication (log-in) attempts by users. When a user tries to
log-in, that logic is executed by the <code>Authenticator</code>. The
<code>Authenticator</code> knows how to coordinate with one or more
<code>Realms</code> that store relevant user/account information. The data
obtained from these <code>Realms</code> is used to verify the user’s
identity to guarantee the user really is who they say they are.</p>
+ <ul>
+ <li>
+ <p><strong>Authentication Strategy</strong> (<a
href="static/current/apidocs/org/apache/shiro/authc/pam/AuthenticationStrategy.html">org.apache.shiro.authc.pam.AuthenticationStrategy</a>)<br/>If
more than one <code>Realm</code> is configured, the
<code>AuthenticationStrategy</code> will coordinate the Realms to determine the
conditions under which an authentication attempt succeeds or fails (for
example, if one realm succeeds but others fail, is the attempt successful? Must
all realms succeed? Only the first?).</p></li>
+ </ul>
+ </li>
+ <li>
+ <p><strong>Authorizer</strong> (<a
href="static/current/apidocs/org/apache/shiro/authz/Authorizer.html">org.apache.shiro.authz.Authorizer</a>)<br/>The
<code>Authorizer</code> is the component responsible determining users’
access control in the application. It is the mechanism that ultimately says if
a user is allowed to do something or not. Like the <code>Authenticator</code>,
the <code>Authorizer</code> also knows how to coordinate with multiple back-end
data sources to access role and permission information. The
<code>Authorizer</code> uses this information to determine exactly if a user is
allowed to perform a given action.</p></li>
+ <li>
+ <p><strong>SessionManager</strong> (<a
href="static/current/apidocs/org/apache/shiro/session/mgt/SessionManager.html">org.apache.shiro.session.mgt.SessionManager</a>)<br/>The
<code>SessionManager</code> knows how to create and manage user
<code>Session</code> lifecycles to provide a robust Session experience for
users in all environments. This is a unique feature in the world of security
frameworks - Shiro has the ability to natively manage user Sessions in any
environment, even if there is no Web/Servlet or EJB container available. By
default, Shiro will use an existing session mechanism if available, (e.g.
Servlet Container), but if there isn’t one, such as in a standalone
application or non-web environment, it will use its built-in enterprise session
management to offer the same programming experience. The
<code>SessionDAO</code> exists to allow any datasource to be used to persist
sessions.</p>
+ <ul>
+ <li>
+ <p><strong>SessionDAO</strong> (<a
href="static/current/apidocs/org/apache/shiro/session/mgt/eis/SessionDAO.html">org.apache.shiro.session.mgt.eis.SessionDAO</a>)<br/>The
<code>SessionDAO</code> performs <code>Session</code> persistence (CRUD)
operations on behalf of the <code>SessionManager</code>. This allows any data
store to be plugged in to the Session Management infrastructure.</p></li>
+ </ul>
+ </li>
+ <li>
+ <p><strong>CacheManager</strong> (<a
href="static/current/apidocs/org/apache/shiro/cache/CacheManager.html">org.apache.shiro.cache.CacheManager</a>)<br/>The
<code>CacheManager</code> creates and manages <code>Cache</code> instance
lifecycles used by other Shiro components. Because Shiro can access many
back-end data sources for authentication, authorization and session management,
caching has always been a first-class architectural feature in the framework to
improve performance while using these data sources. Any of the modern
open-source and/or enterprise caching products can be plugged in to Shiro to
provide a fast and efficient user-experience.</p></li>
+ <li>
+ <p><strong>Cryptography</strong> (<a
href="static/current/apidocs/org/apache/shiro/crypto/package-summary.html">org.apache.shiro.crypto.*</a>)<br/>Cryptography
is a natural addition to an enterprise security framework. Shiro’s
<code>crypto</code> package contains easy-to-use and understand representations
of crytographic Ciphers, Hashes (aka digests) and different codec
implementations. All of the classes in this package are carefully designed to
be very easy to use and easy to understand. Anyone who has used Java’s
native cryptography support knows it can be a challenging animal to tame.
Shiro’s crypto APIs simplify the complicated Java mechanisms and make
cryptography easy to use for normal mortal human beings.</p></li>
+ <li>
+ <p><strong>Realms</strong> (<a
href="static/current/apidocs/org/apache/shiro/realm/Realm.html">org.apache.shiro.realm.Realm</a>)<br/>As
mentioned above, Realms act as the ‘bridge’ or
‘connector’ between Shiro and your application’s security
data. When it comes time to actually interact with security-related data like
user accounts to perform authentication (login) and authorization (access
control), Shiro looks up many of these things from one or more Realms
configured for an application. You can configure as many <code>Realms</code> as
you need (usually one per data source) and Shiro will coordinate with them as
necessary for both authentication and authorization.</p></li>
+</ul>
+<a name="Architecture-The%7B%7BSecurityManager%7D%7D"></a>
+<h2>The <code>SecurityManager</code></h2>
+<p>Because Shiro’s API encourages a <code>Subject</code>-centric
programming approach, most application developers will rarely, if ever,
interact with the <code>SecurityManager</code> directly (framework developers
however might sometimes find it useful). Even so, it is still important to know
how the <code>SecurityManager</code> functions, especially when configuring one
for an application.</p>
+<a name="Architecture-Design"></a>
+<h2><a href="#design" name="design">Design</a></h2>
+<p>As stated previously, the application’s <code>SecurityManager</code>
performs security operations and manages state for <em>all</em> application
users. In Shiro’s default <code>SecurityManager</code> implementations,
this includes:</p>
+<ul>
+ <li>Authentication</li>
+ <li>Authorization</li>
+ <li>Session Management</li>
+ <li>Cache Management</li>
+ <li><a href="realm.html">Realm</a> coordination</li>
+ <li>Event propagation</li>
+ <li>“Remember Me” Services</li>
+ <li>Subject creation</li>
+ <li>Logout and more.</li>
+</ul>
+<p>But this is a lot of functionality to try to manage in a single component.
And, making these things flexible and customizable would be very difficult if
everything were lumped into a single implementation class.</p>
+<p>To simplify configuration and enable flexible configuration/pluggability,
Shiro’s implementations are all highly modular in design - so modular in
fact, that the SecurityManager implementation (and its class-hierarchy) does
not do much at all. Instead, the <code>SecurityManager</code> implementations
mostly act as a lightweight ‘container’ component, delegating
almost all behavior to nested/wrapped components. This ‘wrapper’
design is reflected in the detailed architecture diagram above.</p>
+<p>While the components actually execute the logic, the
<code>SecurityManager</code> implementation knows how and when to coordinate
the components for the correct behavior.</p>
+<p>The <code>SecurityManager</code> implementations and are also JavaBeans
compatible, which allows you (or a configuration mechanism) to easily customize
the pluggable components via standard JavaBeans accessor/mutator methods
(get*/set*). This means the Shiro’s architectural modularity can
translate into very easy configuration for custom behavior.</p>
<div class="panelMacro">
<table class="tipMacro">
<colgroup span="1">
@@ -194,20 +170,17 @@ and more.</li></ul>
<td colspan="1" rowspan="1">
<b>Easy Configuration</b>
<br clear="none">
- Because of JavaBeans compatibility, it is very easy to
configure the <tt>SecurityManager</tt> with custom components via any mechanism
that supports JavaBeans-style configuration, such as <a href="spring.html"
title="Spring">Spring</a>, Guice, JBoss, etc.
+ Because of JavaBeans compatibility, it is very easy to
configure the `SecurityManager` with custom components via any mechanism that
supports JavaBeans-style configuration, such as <a href="spring.html"
title="Spring">Spring</a>, Guice, JBoss, etc.
</td>
</tr>
</tbody>
</table>
</div>
-
-<p>We will cover <a href="configuration.html"
title="Configuration">Configuration</a> next.</p>
-
-<h2><a name="Architecture-Lendahandwithdocumentation"></a>Lend a hand with
documentation </h2>
-
-<p>While we hope this documentation helps you with the work you're doing with
Apache Shiro, the community is improving and expanding the documentation all
the time. If you'd like to help the Shiro project, please consider corrected,
expanding, or adding documentation where you see a need. Every little bit of
help you provide expands the community and in turn improves Shiro. </p>
-
-<p>The easiest way to contribute your documentation is to send it to the <a
class="external-link" href="http://shiro-user.582556.n2.nabble.com/";
rel="nofollow">User Forum</a> or the <a href="mailing-lists.html"
title="Mailing Lists">User Mailing List</a>.</p>
+<p>We will cover <a href="configuration.html">Configuration</a> next.</p>
+<a name="Architecture-Lendahandwithdocumentation"></a>
+<h2><a href="#lend-a-hand-with-documentation"
name="lend-a-hand-with-documentation">Lend a hand with documentation</a></h2>
+<p>While we hope this documentation helps you with the work you’re doing
with Apache Shiro, the community is improving and expanding the documentation
all the time. If you’d like to help the Shiro project, please consider
corrected, expanding, or adding documentation where you see a need. Every
little bit of help you provide expands the community and in turn improves
Shiro.</p>
+<p>The easiest way to contribute your documentation is to send it to the <a
href="http://shiro-user.582556.n2.nabble.com/";>User Forum</a> or the <a
href="mailing-lists.html">User Mailing List</a>.</p>
</div>
Modified: shiro/site/publish/articles.html
URL:
http://svn.apache.org/viewvc/shiro/site/publish/articles.html?rev=1766414&r1=1766413&r2=1766414&view=diff
==============================================================================
--- shiro/site/publish/articles.html (original)
+++ shiro/site/publish/articles.html Mon Oct 24 14:33:52 2016
@@ -78,70 +78,74 @@
<div id="content">
- <h1><a name="Articles-ApacheShiroArticles"></a>Apache Shiro
Articles</h1>
-
-<p>Here are some articles written by and for members of the Apache Shiro
community. Please post any errata to the user or dev <a
href="mailing-lists.html" title="Mailing Lists">mailing lists</a>.</p>
-
-<h2><a name="Articles-IntroductoryArticles"></a>Introductory Articles</h2>
+ <a name="Articles-ApacheShiroArticles"></a>
+<h1><a href="#apache-shiro-articles" name="apache-shiro-articles">Apache Shiro
Articles</a></h1>
+<p>Here are some articles written by and for members of the Apache Shiro
community. Please post any errata to the user or dev <a
href="mailing-lists.html" title="Mailing Lists">mailing lists</a>.</p>
+<a name="Articles-IntroductoryArticles"></a>
+<h2><a href="#introductory-articles" name="introductory-articles">Introductory
Articles</a></h2>
<p>New to Shiro? Here are some great introductory articles:</p>
-
-<ul class="alternate" type="square"><li><b><a class="external-link"
href="https://www.infoq.com/articles/apache-shiro"; rel="nofollow">Application
Security with Apache Shiro</a></b> InfoQ article by Les Hazlewood, Apache Shiro
PMC Chair.</li></ul>
-
-<ul class="alternate" type="square"><li><b><a href="webapp-tutorial.html"
title="Apache Shiro Beginner's Webapp Tutorial">Apache Shiro Beginner's Webapp
Tutorial</a>: a step-by-step tutorial to enable Shiro in a web application</b>
on 19 November 2013 by Les Hazlewood</li></ul>
-
-<ul class="alternate" type="square"><li><b><a class="external-link"
href="https://stormpath.com/blog/whats-new-apache-shiro-12";
rel="nofollow">What's new in Apache Shiro 1.2</a></b> on 13 March 2012 by Les
Hazlewood.</li></ul>
-
-<ul class="alternate" type="square"><li><b><a class="external-link"
href="http://www.ibm.com/developerworks/web/library/wa-apacheshiro/";
rel="nofollow">Introducing Apache Shiro</a></b> by Nathan Good on IBM
DeveloperWorks, 14 September 2010.</li></ul>
-
-<ul class="alternate" type="square"><li><b>An Introduction to Shiro (formerly
JSecurity/Ki) - A Beginner's Tutorial</b> by <a class="external-link"
href="http://www.brucephillips.name"; rel="nofollow">Bruce Phillips</a>:
- <ul class="alternate" type="square"><li><a class="external-link"
href="http://www.brucephillips.name/blog/index.cfm/2009/4/5/An-Introduction-to-Ki-formerly-JSecurity--A-Beginners--Tutorial-Part-1";
rel="nofollow">Part 1</a></li><li><a class="external-link"
href="http://www.brucephillips.name/blog/index.cfm/2009/4/5/An-Introduction-to-Ki-formerly-JSecurity--A-Beginners--Tutorial-Part-2";
rel="nofollow">Part 2</a></li><li><a class="external-link"
href="http://www.brucephillips.name/blog/index.cfm/2009/4/5/An-Introduction-to-Ki-formerly-JSecurity--A-Beginners--Tutorial-Part-3";
rel="nofollow">Part 3</a></li><li><a class="external-link"
href="http://www.brucephillips.name/blog/index.cfm/2009/4/5/An-Introduction-to-Ki-formerly-JSecurity--A-Beginners--Tutorial-Part-4";
rel="nofollow">Part 4</a></li><li><a class="external-link"
href="http://www.brucephillips.name/blog/index.cfm/2009/5/1/An-Introduction-to-Ki-formerly-JSecurity--A-Beginners-Tutorial-Part-5";
rel="nofollow">Part 5</a></li></ul>
- </li></ul>
-
-<h2><a name="Articles-AdditionalArticles"></a>Additional Articles</h2>
-<p>Once you've gotten your feet wet, you might find these useful too:</p>
-
-<ul class="alternate" type="square"><li><b><a class="external-link"
href="http://czetsuya-tech.blogspot.com/2012/10/how-to-integrate-apache-shiro-with.html?spref=tw";
rel="nofollow">How to Integrate Apache Shiro with JavaEE6</a></b> by czetsuya
on 11 October 2012.</li></ul>
-
-
-<ul class="alternate" type="square"><li><b><a class="external-link"
href="https://mehmetceliksoy.wordpress.com/2015/06/28/shiro-jdbc-realm/";
rel="nofollow">Custom Apache Shiro JDBC Realm</a></b> by Mehmet
Celiksoy</li></ul>
-
-
-<ul class="alternate" type="square"><li><b><a class="external-link"
href="https://bubba-h57.github.io/H57_Shiro/"; rel="nofollow">Spring MVC + Shiro
+ myBatis + JSR-303 Validation</a></b> by Rob Hines et. al. on 2 April
2012.</li></ul>
-
-
-<ul class="alternate" type="square"><li><b><a class="external-link"
href="https://www.zkoss.org/wiki/Small_Talks/2012/March/Securing_ZK_Applications_With_Apache_Shiro";
rel="nofollow">Securing ZK Applications with Apache Shiro</a></b> by Ashish
Dasnurkar on 6 March 2012.</li></ul>
-
-
-<ul class="alternate" type="square"><li><b>Facebook Login with Apache
Shiro</b> by Mike Warren on 28 November 2011
- <ul class="alternate" type="square"><li><a class="external-link"
href="https://mrdwnotes.wordpress.com/2011/11/28/using-apache-shiro-security-to-allow-login-via-facebook-part-1/";
rel="nofollow">Part 1</a></li><li><a class="external-link"
href="https://mrdwnotes.wordpress.com/2011/11/28/using-apache-shiro-security-to-allow-login-via-facebook-part-2/";
rel="nofollow">Part 2</a></li></ul>
- </li></ul>
-
-
-<ul class="alternate" type="square"><li><b>Apache Shiro - a blog series by
Meri</b>
- <ul class="alternate" type="square"><li><a class="external-link"
href="http://meri-stuff.blogspot.com/2011/03/apache-shiro-part-1-basics.html";
rel="nofollow">Part 1 - Basics</a> on 27 March 2011</li><li><a
class="external-link"
href="http://meri-stuff.blogspot.com/2011/04/apache-shiro-part-2-realms-database-and.html";
rel="nofollow">Part 2 - Realms, Database and PGP Certificates</a> on 18 April
2011</li><li><a class="external-link"
href="http://meri-stuff.blogspot.com/2011/12/apache-shiro-part-3-cryptography.html";
rel="nofollow">Part 3 - Cryptography</a> on 4 December 2011</li></ul>
- </li></ul>
-
-
-<ul class="alternate" type="square"><li><b><a class="external-link"
href="https://stormpath.com/blog/new-rbac-resource-based-access-control";
rel="nofollow">The New RBAC: Resource-Based Access Control</a></b> by Les
Hazlewood on 9 May 2011</li></ul>
-
-
-<ul class="alternate" type="square"><li><b><a class="external-link"
href="http://blog.xebia.com/author/yamsellem/"; rel="nofollow">HTTP
Authentication and Security with Apache Shiro</a></b> blog article by yamsellem
on 18 April 2011.</li></ul>
-
-
-<ul class="alternate" type="square"><li><b><a class="external-link"
href="http://spring-java-ee.blogspot.com/2011/04/using-shiro-for-authorization-via-cdi.html";
rel="nofollow">Using Shiro for Authorization via CDI Interceptors then Easily
Test with Arquillian</a></b> blog article by Hendy Irawan on 16 April
2011.</li></ul>
-
-
-<ul class="alternate" type="square"><li><b><a class="external-link"
href="http://blogs.mulesoft.com/dev/mule-dev/apache-shiro-support-for-mule/";
rel="nofollow">Apache Shiro Support for Mule</a></b> by Dan Diephouse on 10
January 2011.</li></ul>
-
-
-<ul class="alternate" type="square"><li><b><a class="external-link"
href="http://www.gdevelop.com/blog/2010/12/apache-shiro-on-appengine";
rel="nofollow">Apache Shiro on Google AppEngine</a></b> by Trung on 13 December
2010.</li></ul>
-
-
-<ul class="alternate" type="square"><li><b><a class="external-link"
href="http://techbeats.deluan.com/apache-shiro-tags-for-jsffacelets";
rel="nofollow">Apache Shiro tags for JSF - Securing Your JSF Pages</a></b> by
Deluan Quintão on 1 November 2010.</li></ul>
-
-
-<ul class="alternate" type="square"><li><b>Shiro DevNexus 2009
Presentation</b> by Jeremy Haile: (<a
href="assets/images/articles/Ki-DevNexus-2009.pdf?version=1&modificationDate=1246602947000">PDF</a>)
(<a
href="assets/images/articles/Ki-DevNexus-2009.key.zip?version=1&modificationDate=1246602947000">Keynote</a>)
(<a
href="assets/images/articles/Ki-DevNexus-2009.ppt.zip?version=1&modificationDate=1246602947000">Powerpoint</a>)</li></ul>
-
+<ul>
+ <li>
+ <p><strong><a href="https://www.infoq.com/articles/apache-shiro";>Application
Security with Apache Shiro</a></strong> InfoQ article by Les Hazlewood, Apache
Shiro PMC Chair.</p></li>
+ <li>
+ <p><strong><a href="webapp-tutorial.html" title="Apache Shiro Beginner's
Webapp Tutorial">Apache Shiro Beginner’s Webapp Tutorial</a>: a
step-by-step tutorial to enable Shiro in a web application</strong> on 19
November 2013 by Les Hazlewood</p></li>
+ <li>
+ <p><strong><a
href="https://stormpath.com/blog/whats-new-apache-shiro-12";>What’s new in
Apache Shiro 1.2</a></strong> on 13 March 2012 by Les Hazlewood.</p></li>
+ <li>
+ <p><strong><a
href="http://www.ibm.com/developerworks/web/library/wa-apacheshiro/";>Introducing
Apache Shiro</a></strong> by Nathan Good on IBM DeveloperWorks, 14 September
2010.</p></li>
+ <li>
+ <p><strong>An Introduction to Shiro (formerly JSecurity/Ki) - A
Beginner’s Tutorial</strong> by <a
href="http://www.brucephillips.name";>Bruce Phillips</a>:</p>
+ <ul>
+ <li><a
href="http://www.brucephillips.name/blog/index.cfm/2009/4/5/An-Introduction-to-Ki-formerly-JSecurity--A-Beginners--Tutorial-Part-1";>Part
1</a></li>
+ <li><a
href="http://www.brucephillips.name/blog/index.cfm/2009/4/5/An-Introduction-to-Ki-formerly-JSecurity--A-Beginners--Tutorial-Part-2";>Part
2</a></li>
+ <li><a
href="http://www.brucephillips.name/blog/index.cfm/2009/4/5/An-Introduction-to-Ki-formerly-JSecurity--A-Beginners--Tutorial-Part-3";>Part
3</a></li>
+ <li><a
href="http://www.brucephillips.name/blog/index.cfm/2009/4/5/An-Introduction-to-Ki-formerly-JSecurity--A-Beginners--Tutorial-Part-4";>Part
4</a></li>
+ <li><a
href="http://www.brucephillips.name/blog/index.cfm/2009/5/1/An-Introduction-to-Ki-formerly-JSecurity--A-Beginners-Tutorial-Part-5";>Part
5</a></li>
+ </ul>
+ </li>
+</ul>
+<a name="Articles-AdditionalArticles"></a>
+<h2><a href="#additional-articles" name="additional-articles">Additional
Articles</a></h2>
+<p>Once you’ve gotten your feet wet, you might find these useful too:</p>
+<ul>
+ <li>
+ <p><strong><a
href="http://czetsuya-tech.blogspot.com/2012/10/how-to-integrate-apache-shiro-with.html?spref=tw";>How
to Integrate Apache Shiro with JavaEE6</a></strong> by czetsuya on 11 October
2012.</p></li>
+ <li>
+ <p><strong><a
href="https://mehmetceliksoy.wordpress.com/2015/06/28/shiro-jdbc-realm/";>Custom
Apache Shiro JDBC Realm</a></strong> by Mehmet Celiksoy</p></li>
+ <li>
+ <p><strong><a href="https://bubba-h57.github.io/H57_Shiro/";>Spring MVC +
Shiro + myBatis + JSR-303 Validation</a></strong> by Rob Hines et. al. on 2
April 2012.</p></li>
+ <li>
+ <p><strong><a
href="https://www.zkoss.org/wiki/Small_Talks/2012/March/Securing_ZK_Applications_With_Apache_Shiro";>Securing
ZK Applications with Apache Shiro</a></strong> by Ashish Dasnurkar on 6 March
2012.</p></li>
+ <li>
+ <p><strong>Facebook Login with Apache Shiro</strong> by Mike Warren on 28
November 2011</p>
+ <ul>
+ <li><a
href="https://mrdwnotes.wordpress.com/2011/11/28/using-apache-shiro-security-to-allow-login-via-facebook-part-1/";>Part
1</a></li>
+ <li><a
href="https://mrdwnotes.wordpress.com/2011/11/28/using-apache-shiro-security-to-allow-login-via-facebook-part-2/";>Part
2</a></li>
+ </ul>
+ </li>
+ <li>
+ <p><strong>Apache Shiro - a blog series by Meri</strong></p>
+ <ul>
+ <li><a
href="http://meri-stuff.blogspot.com/2011/03/apache-shiro-part-1-basics.html";>Part
1 - Basics</a> on 27 March 2011</li>
+ <li><a
href="http://meri-stuff.blogspot.com/2011/04/apache-shiro-part-2-realms-database-and.html";>Part
2 - Realms, Database and PGP Certificates</a> on 18 April 2011</li>
+ <li><a
href="http://meri-stuff.blogspot.com/2011/12/apache-shiro-part-3-cryptography.html";>Part
3 - Cryptography</a> on 4 December 2011</li>
+ </ul>
+ </li>
+ <li>
+ <p><strong><a
href="https://stormpath.com/blog/new-rbac-resource-based-access-control";>The
New RBAC: Resource-Based Access Control</a></strong> by Les Hazlewood on 9 May
2011</p></li>
+ <li>
+ <p><strong><a href="http://blog.xebia.com/author/yamsellem/";>HTTP
Authentication and Security with Apache Shiro</a></strong> blog article by
yamsellem on 18 April 2011.</p></li>
+ <li>
+ <p><strong><a
href="http://spring-java-ee.blogspot.com/2011/04/using-shiro-for-authorization-via-cdi.html";>Using
Shiro for Authorization via CDI Interceptors then Easily Test with
Arquillian</a></strong> blog article by Hendy Irawan on 16 April 2011.</p></li>
+ <li>
+ <p><strong><a
href="http://blogs.mulesoft.com/dev/mule-dev/apache-shiro-support-for-mule/";>Apache
Shiro Support for Mule</a></strong> by Dan Diephouse on 10 January
2011.</p></li>
+ <li>
+ <p><strong><a
href="http://www.gdevelop.com/blog/2010/12/apache-shiro-on-appengine";>Apache
Shiro on Google AppEngine</a></strong> by Trung on 13 December 2010.</p></li>
+ <li>
+ <p><strong><a
href="http://techbeats.deluan.com/apache-shiro-tags-for-jsffacelets";>Apache
Shiro tags for JSF - Securing Your JSF Pages</a></strong> by Deluan Quintão on
1 November 2010.</p></li>
+ <li>
+ <p><strong>Shiro DevNexus 2009 Presentation</strong> by Jeremy Haile: (<a
href="assets/images/articles/Ki-DevNexus-2009.pdf?version=1&modificationDate=1246602947000">PDF</a>)
(<a
href="assets/images/articles/Ki-DevNexus-2009.key.zip?version=1&modificationDate=1246602947000">Keynote</a>)
(<a
href="assets/images/articles/Ki-DevNexus-2009.ppt.zip?version=1&modificationDate=1246602947000">Powerpoint</a>)</p></li>
+</ul>
</div>
Modified: shiro/site/publish/authentication-guide.html
URL:
http://svn.apache.org/viewvc/shiro/site/publish/authentication-guide.html?rev=1766414&r1=1766413&r2=1766414&view=diff
==============================================================================
--- shiro/site/publish/authentication-guide.html (original)
+++ shiro/site/publish/authentication-guide.html Mon Oct 24 14:33:52 2016
@@ -80,8 +80,6 @@
<p>This page has been moved. You are being redirected.</p>
-<p></p>
-
<div class="panelMacro">
<table class="noteMacro">
<colgroup span="1">
@@ -97,7 +95,7 @@
<td colspan="1" rowspan="1">
<b>Redirection Notice</b>
<br clear="none">
- This page should redirect to <a
href="java-authentication-guide.html" title="Java Authentication Guide">Java
Authentication Guide</a>.
+ This page should redirect to <a
href="java-authentication-guide.html" title="Authentication
Guide">Authentication Guide</a>.
</td>
</tr>
</tbody>
@@ -105,9 +103,9 @@
</div>
<script type="text/javascript">
-<!--
-window.location = "java-authentication-guide.html"
-//-->
+ <!--
+ window.location = "java-authentication-guide.html"
+ //-->
</script>
![https://cwiki.apache.org/confluence/images/icons/emoticons/smile.png"](https://cwiki.apache.org/confluence/images/icons/emoticons/smile.png"){kind=link}