Modified: shiro/site/publish/authentication.html URL: http://svn.apache.org/viewvc/shiro/site/publish/authentication.html?rev=1766556&r1=1766555&r2=1766556&view=diff ============================================================================== --- shiro/site/publish/authentication.html (original) +++ shiro/site/publish/authentication.html Tue Oct 25 16:48:27 2016 @@ -35,6 +35,7 @@ <head> + <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta name="description" content="Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management."> <meta name="google-site-verification" content="QIax6uT5UX3enoU0G8Pz2pXbQ45KaQuHZ3nCh9V27mw"> @@ -50,29 +51,44 @@ <link rel="icon" type="image/vnd.microsoft.icon" href="./assets/images/favicon.ico"> <link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.6.3/css/font-awesome.min.css";> - <link rel="stylesheet" type="text/css" href="./assets/css/normalize.css"> - <link rel="stylesheet" type="text/css" href="./assets/css/confluence.css" media="screen"> + <!-- site styles and --> <link rel="stylesheet" type="text/css" href="./assets/css/style.css"> + <script type="text/javascript" src="./assets/js/shiro-site.js"></script> + <!-- github ribbon --> <link rel="stylesheet" href="./assets/css/gh-pages/gh-fork-ribbon.css" /> <!--[if lt IE 9]> <link rel="stylesheet" href="./assets/css/gh-pages/gh-fork-ribbon.ie.css" /> <![endif]--> + <script src="https://code.jquery.com/jquery-3.1.1.min.js"; integrity="sha256-hVVnYaiADRTO2PzUGmuLJr8BLUSjGIZsDYGmIJLv2b8=" crossorigin="anonymous"></script> + + <!-- bootstrap --> + <link rel="stylesheet" href="./assets/bootstrap/css/bootstrap.min.css"> + <link rel="stylesheet" href="./assets/bootstrap/css/bootstrap-theme.min.css"> + <script src="./assets/bootstrap/js/bootstrap.min.js"></script> + + + <!-- Google Analytics --> + <script> + (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ + (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), + m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m) + })(window,document,'script','https://www.google-analytics.com/analytics.js','ga'); + + ga('create', 'UA-XXXXX-Y', 'auto'); + ga('send', 'pageview'); + </script> + <!-- End Google Analytics --> + + + <!-- syntax highlighting --> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.7.0/styles/default.min.css"; integrity="sha256-Zd1icfZ72UBmsId/mUcagrmN7IN5Qkrvh75ICHIQVTk=" crossorigin="anonymous" /> <script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.7.0/highlight.min.js"; integrity="sha256-s63qpgPYoQk+wv3U6WZqioVJrwFNBTgD4dkeegLuwvo=" crossorigin="anonymous"></script> - - <script type="text/javascript" src="./assets/js/shiro-site.js"></script> - <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.8.0/jquery.min.js";></script> - <script type="text/javascript" src="./assets/js/jquery_googleanalytics/jquery.google-analytics.js"></script> <script>hljs.initHighlightingOnLoad();</script> + <script type="text/javascript"> - // initialize plugins - jQuery(function() { - //Google Analytics - jQuery.trackPage('UA-11551827-1'); - }); $( document ).ready(function() { addPageEditLink(); @@ -81,27 +97,97 @@ </head> <body> - <a class="github-fork-ribbon right-top" href="https://github.com/apache/shiro"; title="Fork me on GitHub">Fork me on GitHub</a> <div id="top-bar"></div> - <div class="wrapper"> + <div class="container" style="max-width: 1200px;"> + + <a class="github-fork-ribbon right-top" href="https://github.com/apache/shiro"; title="Fork me on GitHub">Fork me on GitHub</a> + + - <div id="header"> - <a href="./index.html"><div id="logo"></div></a> - <ul class="navigation"> + <div class="masthead"> + <p class="lead"> + <a href="./index.html"> + <img src="./assets/images/apache-shiro-logo.png" style="height:100px; width:auto; vertical-align: bottom; margin-top: 20px;"> + </a> + <span class="tagline">Simple. Java. Security.</span> + </p> + </div> + + + + <nav class="navbar navbar-default" role="navigation"> + <!-- Brand and toggle get grouped for better mobile display --> + <div class="navbar-header"> + <button type="button" class="navbar-toggle" data-toggle="collapse" + data-target="#navbar-collapse-1"> + <span class="sr-only">Toggle navigation</span> + <span class="icon-bar"></span> + <span class="icon-bar"></span> + <span class="icon-bar"></span> + </button> + </div> + + <!-- Collect the nav links, forms, and other content for toggling --> + <div class="collapse navbar-collapse" id="navbar-collapse-1"> + <ul class="nav navbar-nav"> <li><a href="./get-started.html">Get Started</a></li> <li><a href="./documentation.html">Docs</a></li> <li><a href="./web-features.html">Web Apps</a></li> - <li><a href="./integration.html">Integrations</a></li> + + <li class="dropdown"> + <a href="#" class="dropdown-toggle" data-toggle="dropdown"> + Integrations <b class="caret"></b> + </a> + + <ul class="dropdown-menu"> + <li><a href="./spring.html">Spring</a></li> + <li><a href="./guice.html">Guice</a></li> + <li class="divider"></li> + <li><a href="./integration.html">Third-Party Integrations</a></li> + </ul> + </li> + <li><a href="./features.html">Features</a></li> - <li><a href="./community.html">Community</a></li> + + <li class="dropdown"> + <a href="#" class="dropdown-toggle" data-toggle="dropdown"> + Community <b class="caret"></b> + </a> + <ul class="dropdown-menu"> + <li><a href="./forums.html">Community Forums</a></li> + <li><a href="./mailing-lists.html">Mailing Lists</a></li> + <li><a href="./articles.html">Articles</a></li> + <li><a href="./news.html">News</a></li> + <li><a href="./events.html">Events</a></li> + <li class="divider"></li> + <li><a href="./community.html">More</a></li> + </ul> + </li> + + </ul> + + <ul class="nav navbar-nav navbar-right"> + <li class="dropdown"> + <a href="http://www.apache.org/"; class="dropdown-toggle" data-toggle="dropdown"> + Apache Software Foundation <b class="caret"></b></a> + <ul class="dropdown-menu"> + <li><a href="http://www.apache.org/";>Apache Homepage</a></li> + <li><a href="http://www.apache.org/licenses/";>License</a></li> + <li><a href="http://www.apache.org/foundation/sponsorship.html";>Sponsorship</a></li> + <li><a href="http://www.apache.org/foundation/thanks.html";>Thanks</a></li> + <li><a href="http://www.apache.org/foundation/sponsorship.html";>Donate</a></li> + <li><a href="http://www.apache.org/security/";>Security</a></li> + </ul> + </li> </ul> </div> + <!-- /.navbar-collapse --> + </nav> - <div id="content"> - <!-- Work around for table styling until, all pages are updated. --> + <!-- Work around for table styling until, all pages are updated. --> <style> table, th, td { @@ -158,28 +244,10 @@ <ul> <li><strong>Principals</strong> are a Subject’s ‘identifying attributes’. Principals can be anything that identifies a Subject, such as a first name (given name), last name (surname or family name), a username, Social Security Number, etc. Of course things like family names are not very good at uniquely identifying a <code>Subject</code>, so the best principals to use for authentication are unique for an application - typically a username or email address.</li> </ul> -<div class="panelMacro"> - <table class="infoMacro"> - <colgroup span="1"> - <col span="1" width="24"> - <col span="1"> - </colgroup> - - - <tbody> - <tr> - <td colspan="1" rowspan="1" valign="top"> - <i class="fa fa-info-circle"></i> - </td> - - <td colspan="1" rowspan="1"> - <b>Primary Principal</b> - <br clear="none"> - While Shiro can represent any number of principals, Shiro expects an application to have exactly one 'Primary' principal - a single value that uniquely identifies the `Subject` within the application. This is typically a username, email address or globally unique user id in most applications. - </td> - </tr> - </tbody> - </table> +<div class="alert alert-info"> + <span class="glyphicon glyphicon-info-sign"></span> <strong>Primary Principal</strong> + <hr class="message-inner-separator"> + <p>While Shiro can represent any number of principals, Shiro expects an application to have exactly one 'Primary' principal - a single value that uniquely identifies the `Subject` within the application. This is typically a username, email address or globally unique user id in most applications.</p> </div> <ul> <li><strong>Credentials</strong> are usually secret values known only by the <code>Subject</code> which are used as supporting evidence that they in fact ‘own’ the claimed identity. Some common examples of credentials are passwords, biometric data such as fingerprints and retina scans, and X.509 certificates.</li> @@ -234,24 +302,10 @@ currentUser.login(token); //No problems, continue on as expected... </code></pre> <p>If one of the existing exception classes do not meet your needs, custom <code>AuthenticationExceptions</code> can be created to represent specific failure scenarios.</p> -<div class="panelMacro"> - <table class="tipMacro"> - <colgroup span="1"> - <col span="1" width="24"> - <col span="1"> - </colgroup> - <tbody><tr> - <td colspan="1" rowspan="1" valign="top"> - <i class="fa fa-check-square-o"></i> - </td> - <td colspan="1" rowspan="1"> - <b>Login Failure Tip</b> - <br clear="none"> - While your code can react to specific exceptions and execute logic as necessary, a security best practice is to only show a generic failure message to an end user in the event of a failure, for example, "Incorrect username or password.". This ensures no specific information is available to hackers that may be attempting an attack vector. - </td> - </tr> - </tbody> - </table> +<div class="alert alert-success"> + <span class="glyphicon glyphicon-ok"></span> <strong>Login Failure Tip</strong> + <hr class="message-inner-separator"> + <p>While your code can react to specific exceptions and execute logic as necessary, a security best practice is to only show a generic failure message to an end user in the event of a failure, for example, "Incorrect username or password.". This ensures no specific information is available to hackers that may be attempting an attack vector.</p> </div> <a name="Authentication-Rememberedvs.Authenticated"></a> <h2>Remembered vs. Authenticated</h2> @@ -262,26 +316,10 @@ currentUser.login(token); <li> <p><strong>Authenticated</strong>: An authenticated <code>Subject</code> is one that has been successfully authenticated (i.e. the <code>login</code> method was invoked without throwing an exception) <em>during the Subject’s current session</em>. A subject is considered authenticated if <code>subject.</code><a href="static/current/apidocs/org/apache/shiro/subject/Subject.html#isAuthenticated--"><code>isAuthenticated()</code></a> returns <code>true</code>.</p></li> </ul> -<div class="panelMacro"> - <table class="noteMacro"> - <colgroup span="1"> - <col span="1" width="24"> - <col span="1"> - </colgroup> - <tbody> - <tr> - <td colspan="1" rowspan="1" valign="top"> - <i class="fa fa-warning"></i> - </td> - - <td colspan="1" rowspan="1"> - <b>Mutually Exclusive</b> - <br clear="none"> - Remembered and authenticated states are mutually exclusive - a <code>true</code> value for one indicates a <code>false</code> value for the other and vice versa. - </td> - </tr> - </tbody> - </table> +<div class="alert alert-warning"> + <span class="glyphicon glyphicon-warning-sign"></span> <strong>Mutually Exclusive</strong> + <hr class="message-inner-separator"> + <p>Remembered and authenticated states are mutually exclusive - a <code>true</code> value for one indicates a <code>false</code> value for the other and vice versa.</p> </div> <a name="Authentication-Whythedistinction%3F"></a> <h3><a href="#why-the-distinction-" name="why-the-distinction-">Why the distinction?</a></h3> @@ -304,26 +342,10 @@ currentUser.login(token); </code></pre> <p>When you call <code>logout</code>, any existing <code>Session</code> will be invalidated and any identity will be disassociated (e.g. in a web app, the RememberMe cookie will also be deleted).</p> <p>After a <code>Subject</code> logs-out, the <code>Subject</code> instance is considered anonymous again and, except for web applications, can be re-used for <code>login</code> again if desired.</p> -<div class="panelMacro"> - <table class="warningMacro"> - <colgroup span="1"> - <col span="1" width="24"> - <col span="1"> - </colgroup> - <tbody> - <tr> - <td colspan="1" rowspan="1" valign="top"> - <i class="fa fa-exclamation-circle"></i> - </td> - - <td colspan="1" rowspan="1"> - <b>Web Application Notice</b> - <br clear="none"> - Because remembered identity in web applications is often persisted with cookies, and cookies can only be deleted before a Response body is committed, it is highly recommended to redirect the end-user to a new view or page immediately after calling <code>subject.logout()</code>. This guarantees that any security-related cookies are deleted as expected. This is a limitation of how HTTP cookies function and not a limitation of Shiro. - </td> - </tr> - </tbody> - </table> +<div class="alert alert-danger"> + <span class="glyphicon glyphicon-exclamation-sign"></span> <strong>Web Application Notice</strong> + <hr class="message-inner-separator"> + <p>Because remembered identity in web applications is often persisted with cookies, and cookies can only be deleted before a Response body is committed, it is highly recommended to redirect the end-user to a new view or page immediately after calling <code>subject.logout()</code>. This guarantees that any security-related cookies are deleted as expected. This is a limitation of how HTTP cookies function and not a limitation of Shiro.</p> </div> <a name="Authentication-sequence"></a> <a name="Authentication-AuthenticationSequence"></a> @@ -335,26 +357,10 @@ currentUser.login(token); <p><strong>Step 2</strong>: The <code>Subject</code> instance, typically a <a href="static/current/apidocs/org/apache/shiro/subject/support/DelegatingSubject.html"><code>DelegatingSubject</code></a> (or a subclass) delegates to the application’s <code>SecurityManager</code> by calling <code>securityManager.login(token)</code>, where the actual authentication work begins.</p> <p><strong>Step 3</strong>: The <code>SecurityManager</code>, being a basic ‘umbrella’ component, receives the token and simply delegates to its internal <a href="static/current/apidocs/org/apache/shiro/authc/Authenticator.html"><code>Authenticator</code></a><code>instance by calling</code>authenticator.<a href="static/current/apidocs/org/apache/shiro/authc/Authenticator.html#authenticate-org.apache.shiro.authc.AuthenticationToken-"><code>authenticate(token)</code></a>. This is almost always a <a href="static/current/apidocs/org/apache/shiro/authc/pam/ModularRealmAuthenticator.html"><code>ModularRealmAuthenticator</code></a> instance, which supports coordinating one or more <code>Realm</code> instances during authentication. The <code>ModularRealmAuthenticator</code> essentially provides a <a href="https://en.wikipedia.org/wiki/Pluggable_Authentication_Modules";>PAM</a>-style paradigm for Apache Shiro (where each <code>Realm</code> is a ‘module’ in PAM termino logy).</p> <p><strong>Step 4</strong>: If more than one <code>Realm</code> is configured for the application, the <code>ModularRealmAuthenticator</code> instance will initiate a multi-<code>Realm</code> authentication attempt utilizing its configured <a href="static/current/apidocs/org/apache/shiro/authc/pam/AuthenticationStrategy.html"><code>AuthenticationStrategy</code></a>. Before, during and after the <code>Realms</code> are invoked for authentication, the <code>AuthenticationStrategy</code> will be called to allow it to react to each Realm’s results. We will cover <code>AuthenticationStrategies</code> soon.</p> -<div class="panelMacro"> - <table class="noteMacro"> - <colgroup span="1"> - <col span="1" width="24"> - <col span="1"> - </colgroup> - <tbody> - <tr> - <td colspan="1" rowspan="1" valign="top"> - <i class="fa fa-warning"></i> - </td> - - <td colspan="1" rowspan="1"> - <b>Single-Realm Application</b> - <br clear="none"> - If only a single Realm is configured, it is called directly - there is no need for an <code>AuthenticationStrategy</code> in a single-Realm application. - </td> - </tr> - </tbody> - </table> +<div class="alert alert-warning"> + <span class="glyphicon glyphicon-warning-sign"></span> <strong>Single-Realm Application</strong> + <hr class="message-inner-separator"> + <p>If only a single Realm is configured, it is called directly - there is no need for an <code>AuthenticationStrategy</code> in a single-Realm application.</p> </div> <p><strong>Step 5</strong>: Each configured <code>Realm</code> is consulted to see if it <a href="static/current/apidocs/org/apache/shiro/realm/Realm.html#supports-org.apache.shiro.authc.AuthenticationToken-"><code>supports</code></a> the submitted <code>AuthenticationToken</code>. If so, the supporting Realm’s <a href="static/current/apidocs/org/apache/shiro/realm/Realm.html#getAuthenticationInfo-org.apache.shiro.authc.AuthenticationToken-"><code>getAuthenticationInfo</code></a> method will be invoked with the submitted <code>token</code>. The <code>getAuthenticationInfo</code> method effectively represents a single authentication attempt for that particular <code>Realm</code>. We will cover the <code>Realm</code> authentication behavior shortly.</p> <h3><a href="#authenticator" name="authenticator">Authenticator</a></h3> @@ -380,28 +386,10 @@ securityManager.authenticator = $authent <li>after all of the Realms have been invoked</li> </ol> <p>Also an <code>AuthenticationStrategy</code> is responsible for aggregating the results from each successful Realm and ‘bundling’ them into a single <a href="static/current/apidocs/org/apache/shiro/authc/AuthenticationInfo.html"><code>AuthenticationInfo</code></a> representation. This final aggregate <code>AuthenticatinoInfo</code> instance is what is returned by the <code>Authenticator</code> instance and is what Shiro uses to represent the <code>Subject</code>’s final identity (aka Principals).</p> -<div class="panelMacro"> - <table class="infoMacro"> - <colgroup span="1"> - <col span="1" width="24"> - <col span="1"> - </colgroup> - - - <tbody> - <tr> - <td colspan="1" rowspan="1" valign="top"> - <i class="fa fa-info-circle"></i> - </td> - - <td colspan="1" rowspan="1"> - <b>Subject Identity 'View'</b> - <br clear="none"> - If you use more than one Realm in your application to acquire account data from multiple data sources, the <code>AuthenticationStrategy</code> is ultimately responsible for the final 'merged' view of the Subject's identity that is seen by the application. - </td> - </tr> - </tbody> - </table> +<div class="alert alert-info"> + <span class="glyphicon glyphicon-info-sign"></span> <strong>Subject Identity 'View'</strong> + <hr class="message-inner-separator"> + <p>If you use more than one Realm in your application to acquire account data from multiple data sources, the <code>AuthenticationStrategy</code> is ultimately responsible for the final 'merged' view of the Subject's identity that is seen by the application.</p> </div> <p>Shiro has 3 concrete <code>AuthenticationStrategy</code> implementations:</p> <table> @@ -435,24 +423,10 @@ securityManager.authenticator.authentica ... </code></pre> -<div class="panelMacro"> - <table class="tipMacro"> - <colgroup span="1"> - <col span="1" width="24"> - <col span="1"> - </colgroup> - <tbody><tr> - <td colspan="1" rowspan="1" valign="top"> - <i class="fa fa-check-square-o"></i> - </td> - <td colspan="1" rowspan="1"> - <b>Custom AuthenticationStrategy</b> - <br clear="none"> - If you wanted to create your own <code>AuthenticationStrategy</code> implementation yourself, you could use the <a class="external-link" href="static/current/apidocs/org/apache/shiro/authc/pam/AbstractAuthenticationStrategy.html"><code>org.apache.shiro.authc.pam.AbstractAuthenticationStrategy</code></a> as a starting point. The <code>AbstractAuthenticationStrategy</code> class automatically implements the 'bundling'/aggregation behavior of merging the results from each Realm into a single <code>AuthenticationInfo</code> instance. - </td> - </tr> - </tbody> - </table> +<div class="alert alert-success"> + <span class="glyphicon glyphicon-ok"></span> <strong>Custom AuthenticationStrategy</strong> + <hr class="message-inner-separator"> + <p>If you wanted to create your own <code>AuthenticationStrategy</code> implementation yourself, you could use the <a class="external-link" href="static/current/apidocs/org/apache/shiro/authc/pam/AbstractAuthenticationStrategy.html"><code>org.apache.shiro.authc.pam.AbstractAuthenticationStrategy</code></a> as a starting point. The <code>AbstractAuthenticationStrategy</code> class automatically implements the 'bundling'/aggregation behavior of merging the results from each Realm into a single <code>AuthenticationInfo</code> instance.</p> </div> <a name="Authentication-RealmAuthenticationOrder"></a> <h3><a href="#realm-authentication-order" name="realm-authentication-order">Realm Authentication Order</a></h3> @@ -484,26 +458,10 @@ barRealm = com.company.another.Realm securityManager.realms = $fooRealm, $barRealm, $blahRealm ... </code></pre> -<div class="panelMacro"> - <table class="noteMacro"> - <colgroup span="1"> - <col span="1" width="24"> - <col span="1"> - </colgroup> - <tbody> - <tr> - <td colspan="1" rowspan="1" valign="top"> - <i class="fa fa-warning"></i> - </td> - - <td colspan="1" rowspan="1"> - <b>Explicit Realm Inclusion</b> - <br clear="none"> - When you explicitly configure the <code>securityManager.realms</code> property, <em>only</em> the referenced realms will be configured on the <code>SecurityManager</code>. This means you could define 5 realms in INI, but only actually use 3 if 3 are referenced for the <code>realms</code> property. This is different than implicit realm ordering where all available realms will be used. - </td> - </tr> - </tbody> - </table> +<div class="alert alert-warning"> + <span class="glyphicon glyphicon-warning-sign"></span> <strong>Explicit Realm Inclusion</strong> + <hr class="message-inner-separator"> + <p>When you explicitly configure the <code>securityManager.realms</code> property, <em>only</em> the referenced realms will be configured on the <code>SecurityManager</code>. This means you could define 5 realms in INI, but only actually use 3 if 3 are referenced for the <code>realms</code> property. This is different than implicit realm ordering where all available realms will be used.</p> </div> <a name="Authentication-RealmAuthentication"></a> <h2><a href="#realm-authentication" name="realm-authentication">Realm Authentication</a></h2> @@ -512,27 +470,23 @@ securityManager.realms = $fooRealm, $bar <h2><a href="#lend-a-hand-with-documentation" name="lend-a-hand-with-documentation">Lend a hand with documentation</a></h2> <p>While we hope this documentation helps you with the work you’re doing with Apache Shiro, the community is improving and expanding the documentation all the time. If you’d like to help the Shiro project, please consider corrected, expanding, or adding documentation where you see a need. Every little bit of help you provide expands the community and in turn improves Shiro.</p> <p>The easiest way to contribute your documentation is to send it to the <a href="http://shiro-user.582556.n2.nabble.com/";>User Forum</a> or the <a href="mailing-lists.html" title="Mailing Lists">User Mailing List</a>.<br/><input type="hidden" id="ghEditPage" value="authentication.md.vtl"></input></p> - - </div> - - </div><!--END WRAPPER--> + +</div> - <div id="footer"> + <div class="footer-padding"></div> + <footer class="custom-footer"> <div class="wrapper"> <a href="http://www.apache.org/foundation/contributing.html";>Donate to the ASF</a> | <a href="http://www.apache.org/licenses/LICENSE-2.0.html";>License</a> <p>Copyright © 2008-2016 The Apache Software Foundation</p> - - <div class="editThisPage"> - </div> - + <div class="editThisPage"></div> <div class="footer-shield"></div> </div> <!--END FOOTER WRAPPER--> - </div> <!--END FOOTER--> + </footer> <!--END FOOTER--> </body> </html>
Modified: shiro/site/publish/authenticator.html URL: http://svn.apache.org/viewvc/shiro/site/publish/authenticator.html?rev=1766556&r1=1766555&r2=1766556&view=diff ============================================================================== --- shiro/site/publish/authenticator.html (original) +++ shiro/site/publish/authenticator.html Tue Oct 25 16:48:27 2016 @@ -35,6 +35,7 @@ <head> + <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta name="description" content="Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management."> <meta name="google-site-verification" content="QIax6uT5UX3enoU0G8Pz2pXbQ45KaQuHZ3nCh9V27mw"> @@ -50,29 +51,44 @@ <link rel="icon" type="image/vnd.microsoft.icon" href="./assets/images/favicon.ico"> <link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.6.3/css/font-awesome.min.css";> - <link rel="stylesheet" type="text/css" href="./assets/css/normalize.css"> - <link rel="stylesheet" type="text/css" href="./assets/css/confluence.css" media="screen"> + <!-- site styles and --> <link rel="stylesheet" type="text/css" href="./assets/css/style.css"> + <script type="text/javascript" src="./assets/js/shiro-site.js"></script> + <!-- github ribbon --> <link rel="stylesheet" href="./assets/css/gh-pages/gh-fork-ribbon.css" /> <!--[if lt IE 9]> <link rel="stylesheet" href="./assets/css/gh-pages/gh-fork-ribbon.ie.css" /> <![endif]--> + <script src="https://code.jquery.com/jquery-3.1.1.min.js"; integrity="sha256-hVVnYaiADRTO2PzUGmuLJr8BLUSjGIZsDYGmIJLv2b8=" crossorigin="anonymous"></script> + + <!-- bootstrap --> + <link rel="stylesheet" href="./assets/bootstrap/css/bootstrap.min.css"> + <link rel="stylesheet" href="./assets/bootstrap/css/bootstrap-theme.min.css"> + <script src="./assets/bootstrap/js/bootstrap.min.js"></script> + + + <!-- Google Analytics --> + <script> + (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ + (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), + m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m) + })(window,document,'script','https://www.google-analytics.com/analytics.js','ga'); + + ga('create', 'UA-XXXXX-Y', 'auto'); + ga('send', 'pageview'); + </script> + <!-- End Google Analytics --> + + + <!-- syntax highlighting --> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.7.0/styles/default.min.css"; integrity="sha256-Zd1icfZ72UBmsId/mUcagrmN7IN5Qkrvh75ICHIQVTk=" crossorigin="anonymous" /> <script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.7.0/highlight.min.js"; integrity="sha256-s63qpgPYoQk+wv3U6WZqioVJrwFNBTgD4dkeegLuwvo=" crossorigin="anonymous"></script> - - <script type="text/javascript" src="./assets/js/shiro-site.js"></script> - <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.8.0/jquery.min.js";></script> - <script type="text/javascript" src="./assets/js/jquery_googleanalytics/jquery.google-analytics.js"></script> <script>hljs.initHighlightingOnLoad();</script> + <script type="text/javascript"> - // initialize plugins - jQuery(function() { - //Google Analytics - jQuery.trackPage('UA-11551827-1'); - }); $( document ).ready(function() { addPageEditLink(); @@ -81,27 +97,97 @@ </head> <body> - <a class="github-fork-ribbon right-top" href="https://github.com/apache/shiro"; title="Fork me on GitHub">Fork me on GitHub</a> <div id="top-bar"></div> - <div class="wrapper"> + <div class="container" style="max-width: 1200px;"> + + <a class="github-fork-ribbon right-top" href="https://github.com/apache/shiro"; title="Fork me on GitHub">Fork me on GitHub</a> + + - <div id="header"> - <a href="./index.html"><div id="logo"></div></a> - <ul class="navigation"> + <div class="masthead"> + <p class="lead"> + <a href="./index.html"> + <img src="./assets/images/apache-shiro-logo.png" style="height:100px; width:auto; vertical-align: bottom; margin-top: 20px;"> + </a> + <span class="tagline">Simple. Java. Security.</span> + </p> + </div> + + + + <nav class="navbar navbar-default" role="navigation"> + <!-- Brand and toggle get grouped for better mobile display --> + <div class="navbar-header"> + <button type="button" class="navbar-toggle" data-toggle="collapse" + data-target="#navbar-collapse-1"> + <span class="sr-only">Toggle navigation</span> + <span class="icon-bar"></span> + <span class="icon-bar"></span> + <span class="icon-bar"></span> + </button> + </div> + + <!-- Collect the nav links, forms, and other content for toggling --> + <div class="collapse navbar-collapse" id="navbar-collapse-1"> + <ul class="nav navbar-nav"> <li><a href="./get-started.html">Get Started</a></li> <li><a href="./documentation.html">Docs</a></li> <li><a href="./web-features.html">Web Apps</a></li> - <li><a href="./integration.html">Integrations</a></li> + + <li class="dropdown"> + <a href="#" class="dropdown-toggle" data-toggle="dropdown"> + Integrations <b class="caret"></b> + </a> + + <ul class="dropdown-menu"> + <li><a href="./spring.html">Spring</a></li> + <li><a href="./guice.html">Guice</a></li> + <li class="divider"></li> + <li><a href="./integration.html">Third-Party Integrations</a></li> + </ul> + </li> + <li><a href="./features.html">Features</a></li> - <li><a href="./community.html">Community</a></li> + + <li class="dropdown"> + <a href="#" class="dropdown-toggle" data-toggle="dropdown"> + Community <b class="caret"></b> + </a> + <ul class="dropdown-menu"> + <li><a href="./forums.html">Community Forums</a></li> + <li><a href="./mailing-lists.html">Mailing Lists</a></li> + <li><a href="./articles.html">Articles</a></li> + <li><a href="./news.html">News</a></li> + <li><a href="./events.html">Events</a></li> + <li class="divider"></li> + <li><a href="./community.html">More</a></li> + </ul> + </li> + + </ul> + + <ul class="nav navbar-nav navbar-right"> + <li class="dropdown"> + <a href="http://www.apache.org/"; class="dropdown-toggle" data-toggle="dropdown"> + Apache Software Foundation <b class="caret"></b></a> + <ul class="dropdown-menu"> + <li><a href="http://www.apache.org/";>Apache Homepage</a></li> + <li><a href="http://www.apache.org/licenses/";>License</a></li> + <li><a href="http://www.apache.org/foundation/sponsorship.html";>Sponsorship</a></li> + <li><a href="http://www.apache.org/foundation/thanks.html";>Thanks</a></li> + <li><a href="http://www.apache.org/foundation/sponsorship.html";>Donate</a></li> + <li><a href="http://www.apache.org/security/";>Security</a></li> + </ul> + </li> </ul> </div> + <!-- /.navbar-collapse --> + </nav> - <div id="content"> - <p>TODO</p> + <p>TODO</p> <h2><a name="Lendahandwithdocumentation"></a>Lend a hand with documentation </h2> @@ -110,27 +196,23 @@ <p>The easiest way to contribute your documentation is to send it to the <a class="external-link" href="http://shiro-user.582556.n2.nabble.com/"; rel="nofollow">User Forum</a> or the <a href="mailing-lists.html" title="Mailing Lists">User Mailing List</a>.</p> <input type="hidden" id="ghEditPage" value="authenticator.html.vtl"></input> - - </div> + +</div> - </div><!--END WRAPPER--> - - <div id="footer"> + <div class="footer-padding"></div> + <footer class="custom-footer"> <div class="wrapper"> <a href="http://www.apache.org/foundation/contributing.html";>Donate to the ASF</a> | <a href="http://www.apache.org/licenses/LICENSE-2.0.html";>License</a> <p>Copyright © 2008-2016 The Apache Software Foundation</p> - - <div class="editThisPage"> - </div> - + <div class="editThisPage"></div> <div class="footer-shield"></div> </div> <!--END FOOTER WRAPPER--> - </div> <!--END FOOTER--> + </footer> <!--END FOOTER--> </body> </html> Modified: shiro/site/publish/authorization-features.html URL: http://svn.apache.org/viewvc/shiro/site/publish/authorization-features.html?rev=1766556&r1=1766555&r2=1766556&view=diff ============================================================================== --- shiro/site/publish/authorization-features.html (original) +++ shiro/site/publish/authorization-features.html Tue Oct 25 16:48:27 2016 @@ -35,6 +35,7 @@ <head> + <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta name="description" content="Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management."> <meta name="google-site-verification" content="QIax6uT5UX3enoU0G8Pz2pXbQ45KaQuHZ3nCh9V27mw"> @@ -50,29 +51,44 @@ <link rel="icon" type="image/vnd.microsoft.icon" href="./assets/images/favicon.ico"> <link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.6.3/css/font-awesome.min.css";> - <link rel="stylesheet" type="text/css" href="./assets/css/normalize.css"> - <link rel="stylesheet" type="text/css" href="./assets/css/confluence.css" media="screen"> + <!-- site styles and --> <link rel="stylesheet" type="text/css" href="./assets/css/style.css"> + <script type="text/javascript" src="./assets/js/shiro-site.js"></script> + <!-- github ribbon --> <link rel="stylesheet" href="./assets/css/gh-pages/gh-fork-ribbon.css" /> <!--[if lt IE 9]> <link rel="stylesheet" href="./assets/css/gh-pages/gh-fork-ribbon.ie.css" /> <![endif]--> + <script src="https://code.jquery.com/jquery-3.1.1.min.js"; integrity="sha256-hVVnYaiADRTO2PzUGmuLJr8BLUSjGIZsDYGmIJLv2b8=" crossorigin="anonymous"></script> + + <!-- bootstrap --> + <link rel="stylesheet" href="./assets/bootstrap/css/bootstrap.min.css"> + <link rel="stylesheet" href="./assets/bootstrap/css/bootstrap-theme.min.css"> + <script src="./assets/bootstrap/js/bootstrap.min.js"></script> + + + <!-- Google Analytics --> + <script> + (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ + (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), + m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m) + })(window,document,'script','https://www.google-analytics.com/analytics.js','ga'); + + ga('create', 'UA-XXXXX-Y', 'auto'); + ga('send', 'pageview'); + </script> + <!-- End Google Analytics --> + + + <!-- syntax highlighting --> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.7.0/styles/default.min.css"; integrity="sha256-Zd1icfZ72UBmsId/mUcagrmN7IN5Qkrvh75ICHIQVTk=" crossorigin="anonymous" /> <script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.7.0/highlight.min.js"; integrity="sha256-s63qpgPYoQk+wv3U6WZqioVJrwFNBTgD4dkeegLuwvo=" crossorigin="anonymous"></script> - - <script type="text/javascript" src="./assets/js/shiro-site.js"></script> - <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.8.0/jquery.min.js";></script> - <script type="text/javascript" src="./assets/js/jquery_googleanalytics/jquery.google-analytics.js"></script> <script>hljs.initHighlightingOnLoad();</script> + <script type="text/javascript"> - // initialize plugins - jQuery(function() { - //Google Analytics - jQuery.trackPage('UA-11551827-1'); - }); $( document ).ready(function() { addPageEditLink(); @@ -81,27 +97,97 @@ </head> <body> - <a class="github-fork-ribbon right-top" href="https://github.com/apache/shiro"; title="Fork me on GitHub">Fork me on GitHub</a> <div id="top-bar"></div> - <div class="wrapper"> + <div class="container" style="max-width: 1200px;"> + + <a class="github-fork-ribbon right-top" href="https://github.com/apache/shiro"; title="Fork me on GitHub">Fork me on GitHub</a> + + - <div id="header"> - <a href="./index.html"><div id="logo"></div></a> - <ul class="navigation"> + <div class="masthead"> + <p class="lead"> + <a href="./index.html"> + <img src="./assets/images/apache-shiro-logo.png" style="height:100px; width:auto; vertical-align: bottom; margin-top: 20px;"> + </a> + <span class="tagline">Simple. Java. Security.</span> + </p> + </div> + + + + <nav class="navbar navbar-default" role="navigation"> + <!-- Brand and toggle get grouped for better mobile display --> + <div class="navbar-header"> + <button type="button" class="navbar-toggle" data-toggle="collapse" + data-target="#navbar-collapse-1"> + <span class="sr-only">Toggle navigation</span> + <span class="icon-bar"></span> + <span class="icon-bar"></span> + <span class="icon-bar"></span> + </button> + </div> + + <!-- Collect the nav links, forms, and other content for toggling --> + <div class="collapse navbar-collapse" id="navbar-collapse-1"> + <ul class="nav navbar-nav"> <li><a href="./get-started.html">Get Started</a></li> <li><a href="./documentation.html">Docs</a></li> <li><a href="./web-features.html">Web Apps</a></li> - <li><a href="./integration.html">Integrations</a></li> + + <li class="dropdown"> + <a href="#" class="dropdown-toggle" data-toggle="dropdown"> + Integrations <b class="caret"></b> + </a> + + <ul class="dropdown-menu"> + <li><a href="./spring.html">Spring</a></li> + <li><a href="./guice.html">Guice</a></li> + <li class="divider"></li> + <li><a href="./integration.html">Third-Party Integrations</a></li> + </ul> + </li> + <li><a href="./features.html">Features</a></li> - <li><a href="./community.html">Community</a></li> + + <li class="dropdown"> + <a href="#" class="dropdown-toggle" data-toggle="dropdown"> + Community <b class="caret"></b> + </a> + <ul class="dropdown-menu"> + <li><a href="./forums.html">Community Forums</a></li> + <li><a href="./mailing-lists.html">Mailing Lists</a></li> + <li><a href="./articles.html">Articles</a></li> + <li><a href="./news.html">News</a></li> + <li><a href="./events.html">Events</a></li> + <li class="divider"></li> + <li><a href="./community.html">More</a></li> + </ul> + </li> + + </ul> + + <ul class="nav navbar-nav navbar-right"> + <li class="dropdown"> + <a href="http://www.apache.org/"; class="dropdown-toggle" data-toggle="dropdown"> + Apache Software Foundation <b class="caret"></b></a> + <ul class="dropdown-menu"> + <li><a href="http://www.apache.org/";>Apache Homepage</a></li> + <li><a href="http://www.apache.org/licenses/";>License</a></li> + <li><a href="http://www.apache.org/foundation/sponsorship.html";>Sponsorship</a></li> + <li><a href="http://www.apache.org/foundation/thanks.html";>Thanks</a></li> + <li><a href="http://www.apache.org/foundation/sponsorship.html";>Donate</a></li> + <li><a href="http://www.apache.org/security/";>Security</a></li> + </ul> + </li> </ul> </div> + <!-- /.navbar-collapse --> + </nav> - <div id="content"> - + <!-- spacer allows enough room to display the header --> <div id="spacer" style="width: 0; height: 200px; float: left"></div> @@ -137,27 +223,23 @@ <p><strong>Pluggable data sources</strong> - Shiro uses pluggable data access objects, referred to as Realms, to connect to security data sources where you keep your access control information, like a LDAP or a relational database. To help you avoid building and maintaining integrations yourself, Shiro provides out-of-the-box realms for popular data sources like LDAP, Active Directory, Kerboros, and JDBC. If needed, you can also create your own realms to support specific functionality not included in the basic realms.</p></li> <li> <p><strong>Supports any data model</strong> - Shiro can support any data model for access control– it doesn’t force a model on you. Your realm implementation ultimately decides how your permissions and roles are grouped together and whether to return a “yes” or a “no” answer to Shiro. This feature allows you to architect your application in the manner you chose and Shiro will bend to support you.<br/><input type="hidden" id="ghEditPage" value="authorization-features.md"></input></p></li> -</ul> - </div> +</ul> +</div> - </div><!--END WRAPPER--> - - <div id="footer"> + <div class="footer-padding"></div> + <footer class="custom-footer"> <div class="wrapper"> <a href="http://www.apache.org/foundation/contributing.html";>Donate to the ASF</a> | <a href="http://www.apache.org/licenses/LICENSE-2.0.html";>License</a> <p>Copyright © 2008-2016 The Apache Software Foundation</p> - - <div class="editThisPage"> - </div> - + <div class="editThisPage"></div> <div class="footer-shield"></div> </div> <!--END FOOTER WRAPPER--> - </div> <!--END FOOTER--> + </footer> <!--END FOOTER--> </body> </html> Modified: shiro/site/publish/authorization.html URL: http://svn.apache.org/viewvc/shiro/site/publish/authorization.html?rev=1766556&r1=1766555&r2=1766556&view=diff ============================================================================== --- shiro/site/publish/authorization.html (original) +++ shiro/site/publish/authorization.html Tue Oct 25 16:48:27 2016 @@ -35,6 +35,7 @@ <head> + <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta name="description" content="Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management."> <meta name="google-site-verification" content="QIax6uT5UX3enoU0G8Pz2pXbQ45KaQuHZ3nCh9V27mw"> @@ -50,29 +51,44 @@ <link rel="icon" type="image/vnd.microsoft.icon" href="./assets/images/favicon.ico"> <link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.6.3/css/font-awesome.min.css";> - <link rel="stylesheet" type="text/css" href="./assets/css/normalize.css"> - <link rel="stylesheet" type="text/css" href="./assets/css/confluence.css" media="screen"> + <!-- site styles and --> <link rel="stylesheet" type="text/css" href="./assets/css/style.css"> + <script type="text/javascript" src="./assets/js/shiro-site.js"></script> + <!-- github ribbon --> <link rel="stylesheet" href="./assets/css/gh-pages/gh-fork-ribbon.css" /> <!--[if lt IE 9]> <link rel="stylesheet" href="./assets/css/gh-pages/gh-fork-ribbon.ie.css" /> <![endif]--> + <script src="https://code.jquery.com/jquery-3.1.1.min.js"; integrity="sha256-hVVnYaiADRTO2PzUGmuLJr8BLUSjGIZsDYGmIJLv2b8=" crossorigin="anonymous"></script> + + <!-- bootstrap --> + <link rel="stylesheet" href="./assets/bootstrap/css/bootstrap.min.css"> + <link rel="stylesheet" href="./assets/bootstrap/css/bootstrap-theme.min.css"> + <script src="./assets/bootstrap/js/bootstrap.min.js"></script> + + + <!-- Google Analytics --> + <script> + (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ + (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), + m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m) + })(window,document,'script','https://www.google-analytics.com/analytics.js','ga'); + + ga('create', 'UA-XXXXX-Y', 'auto'); + ga('send', 'pageview'); + </script> + <!-- End Google Analytics --> + + + <!-- syntax highlighting --> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.7.0/styles/default.min.css"; integrity="sha256-Zd1icfZ72UBmsId/mUcagrmN7IN5Qkrvh75ICHIQVTk=" crossorigin="anonymous" /> <script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.7.0/highlight.min.js"; integrity="sha256-s63qpgPYoQk+wv3U6WZqioVJrwFNBTgD4dkeegLuwvo=" crossorigin="anonymous"></script> - - <script type="text/javascript" src="./assets/js/shiro-site.js"></script> - <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.8.0/jquery.min.js";></script> - <script type="text/javascript" src="./assets/js/jquery_googleanalytics/jquery.google-analytics.js"></script> <script>hljs.initHighlightingOnLoad();</script> + <script type="text/javascript"> - // initialize plugins - jQuery(function() { - //Google Analytics - jQuery.trackPage('UA-11551827-1'); - }); $( document ).ready(function() { addPageEditLink(); @@ -81,27 +97,97 @@ </head> <body> - <a class="github-fork-ribbon right-top" href="https://github.com/apache/shiro"; title="Fork me on GitHub">Fork me on GitHub</a> <div id="top-bar"></div> - <div class="wrapper"> + <div class="container" style="max-width: 1200px;"> + + <a class="github-fork-ribbon right-top" href="https://github.com/apache/shiro"; title="Fork me on GitHub">Fork me on GitHub</a> + + - <div id="header"> - <a href="./index.html"><div id="logo"></div></a> - <ul class="navigation"> + <div class="masthead"> + <p class="lead"> + <a href="./index.html"> + <img src="./assets/images/apache-shiro-logo.png" style="height:100px; width:auto; vertical-align: bottom; margin-top: 20px;"> + </a> + <span class="tagline">Simple. Java. Security.</span> + </p> + </div> + + + + <nav class="navbar navbar-default" role="navigation"> + <!-- Brand and toggle get grouped for better mobile display --> + <div class="navbar-header"> + <button type="button" class="navbar-toggle" data-toggle="collapse" + data-target="#navbar-collapse-1"> + <span class="sr-only">Toggle navigation</span> + <span class="icon-bar"></span> + <span class="icon-bar"></span> + <span class="icon-bar"></span> + </button> + </div> + + <!-- Collect the nav links, forms, and other content for toggling --> + <div class="collapse navbar-collapse" id="navbar-collapse-1"> + <ul class="nav navbar-nav"> <li><a href="./get-started.html">Get Started</a></li> <li><a href="./documentation.html">Docs</a></li> <li><a href="./web-features.html">Web Apps</a></li> - <li><a href="./integration.html">Integrations</a></li> + + <li class="dropdown"> + <a href="#" class="dropdown-toggle" data-toggle="dropdown"> + Integrations <b class="caret"></b> + </a> + + <ul class="dropdown-menu"> + <li><a href="./spring.html">Spring</a></li> + <li><a href="./guice.html">Guice</a></li> + <li class="divider"></li> + <li><a href="./integration.html">Third-Party Integrations</a></li> + </ul> + </li> + <li><a href="./features.html">Features</a></li> - <li><a href="./community.html">Community</a></li> + + <li class="dropdown"> + <a href="#" class="dropdown-toggle" data-toggle="dropdown"> + Community <b class="caret"></b> + </a> + <ul class="dropdown-menu"> + <li><a href="./forums.html">Community Forums</a></li> + <li><a href="./mailing-lists.html">Mailing Lists</a></li> + <li><a href="./articles.html">Articles</a></li> + <li><a href="./news.html">News</a></li> + <li><a href="./events.html">Events</a></li> + <li class="divider"></li> + <li><a href="./community.html">More</a></li> + </ul> + </li> + + </ul> + + <ul class="nav navbar-nav navbar-right"> + <li class="dropdown"> + <a href="http://www.apache.org/"; class="dropdown-toggle" data-toggle="dropdown"> + Apache Software Foundation <b class="caret"></b></a> + <ul class="dropdown-menu"> + <li><a href="http://www.apache.org/";>Apache Homepage</a></li> + <li><a href="http://www.apache.org/licenses/";>License</a></li> + <li><a href="http://www.apache.org/foundation/sponsorship.html";>Sponsorship</a></li> + <li><a href="http://www.apache.org/foundation/thanks.html";>Thanks</a></li> + <li><a href="http://www.apache.org/foundation/sponsorship.html";>Donate</a></li> + <li><a href="http://www.apache.org/security/";>Security</a></li> + </ul> + </li> </ul> </div> + <!-- /.navbar-collapse --> + </nav> - <div id="content"> - <!-- Work around for table styling until, all pages are updated. --> + <!-- Work around for table styling until, all pages are updated. --> <style> table, th, td { @@ -212,28 +298,10 @@ </ul> <p>Most resources will support the typical CRUD (create, read, update, delete) actions, but any action that makes sense for a particular resource type is ok. The fundamental idea is that permission statements at a minimum are based on <em>Resources</em> and <em>Actions</em>.</p> <p>When looking at permissions, probably the most important thing to realize is that permission statements have no representation of <em>who</em> can perform the represented behavior. They are only statements of <em>what</em> can be done in an application.</p> -<div class="panelMacro"> - <table class="infoMacro"> - <colgroup span="1"> - <col span="1" width="24"> - <col span="1"> - </colgroup> - - - <tbody> - <tr> - <td colspan="1" rowspan="1" valign="top"> - <i class="fa fa-info-circle"></i> - </td> - - <td colspan="1" rowspan="1"> - <b>Permissions represent behavior only</b> - <br clear="none"> - Permission statements reflect behavior (actions associated with resource types) <em>only</em>. They do not reflect <em>who</em> is able to perform such behavior. - </td> - </tr> - </tbody> - </table> +<div class="alert alert-info"> + <span class="glyphicon glyphicon-info-sign"></span> <strong>Permissions represent behavior only</strong> + <hr class="message-inner-separator"> + <p>Permission statements reflect behavior (actions associated with resource types) <em>only</em>. They do not reflect <em>who</em> is able to perform such behavior.</p> </div> <p>Defining <em>who</em> (users) is allowed to do <em>what</em> (permissions) is an exercise of assigning permissions to users in some way. This is always done by the application’s data model and can vary greatly across applications.</p> <p>For example, permissions can be grouped in a Role and that Role could be associated with one or more User objects. Or some applications can have a Group of users and a Group can be assigned a Role, which by transitive association would mean that all the Users in that Group are implicitly granted the permissions in the Role.</p> @@ -250,52 +318,22 @@ <ul> <li><strong>Implicit Roles</strong>: Most people use roles as an <em>implicit</em> construct: where your application <em>implies</em> a set of behaviors (i.e. permissions) based on a role name only. With implicit roles, there is nothing at the software level that says “role X is allowed to perform behavior A, B and C”. Behavior is implied by a name alone.</li> </ul> -<div class="panelMacro"> - <table class="noteMacro"> - <colgroup span="1"> - <col span="1" width="24"> - <col span="1"> - </colgroup> - <tbody> - <tr> - <td colspan="1" rowspan="1" valign="top"> - <i class="fa fa-warning"></i> - </td> - - <td colspan="1" rowspan="1"> - <b>Potentially Brittle Security</b> - <br clear="none"> - While the simpler and most common approach, implicit roles potentially impose a lot of software maintenance and management problems. +<div class="alert alert-warning"> + <span class="glyphicon glyphicon-warning-sign"></span> <strong>Potentially Brittle Security</strong> + <hr class="message-inner-separator"> + <p>While the simpler and most common approach, implicit roles potentially impose a lot of software maintenance and management problems. <p>For example, what if you just want to add or remove a role, or redefine a role's behavior later? You'll have to go back into your source code and change all your role checks to reflect the change in your security model, every time such a change is required! Not to mention the operational costs this would incur (re-test, go through QA, shut down the app, upgrade the software with the new role checks, restart the app, etc).</p> -<p>This is probably ok for very simple applications (e.g. maybe there is an 'admin' role and 'everyone else'). But for more complicated or configurable applications, this can be a major major problem throughout the life of your application and drive a large maintenance cost for your software.</p> - </td> - </tr> - </tbody> - </table> +<p>This is probably ok for very simple applications (e.g. maybe there is an 'admin' role and 'everyone else'). But for more complicated or configurable applications, this can be a major major problem throughout the life of your application and drive a large maintenance cost for your software.</p></p> </div> <ul> <li><strong>Excplict Roles</strong>: An explicit role however is essentially a named collection of actual permission statements. In this form, the application (and Shiro) knows <em>exactly</em> what it means to have a particular role or not. Because it is known the <em>exact</em> behavior that can be performed or not, there is no guessing or implying what a particular role can or can not do.</li> </ul> <p>The Shiro team advocates using permissions and explicit roles instead of the older implicit approach. You will have much greater control over your application’s security experience.</p> -<div class="panelMacro"> - <table class="tipMacro"> - <colgroup span="1"> - <col span="1" width="24"> - <col span="1"> - </colgroup> - <tbody><tr> - <td colspan="1" rowspan="1" valign="top"> - <i class="fa fa-check-square-o"></i> - </td> - <td colspan="1" rowspan="1"> - <b>Resource-Based Access Control</b> - <br clear="none"> - Be sure to read Les Hazlewood's article, <a class="external-link" href="https://stormpath.com/blog/new-rbac-resource-based-access-control"; rel="nofollow">The New RBAC: Resource-Based Access Control</a>, which covers in-depth the benefits of using permissions and explicit roles (and their positive impact on source code) instead of the older implicit role approach. - </td> - </tr> - </tbody> - </table> +<div class="alert alert-success"> + <span class="glyphicon glyphicon-ok"></span> <strong>Resource-Based Access Control</strong> + <hr class="message-inner-separator"> + <p>Be sure to read Les Hazlewood's article, <a class="external-link" href="https://stormpath.com/blog/new-rbac-resource-based-access-control"; rel="nofollow">The New RBAC: Resource-Based Access Control</a>, which covers in-depth the benefits of using permissions and explicit roles (and their positive impact on source code) instead of the older implicit role approach.</p> </div> <a name="Authorization-Users"></a> <h3><a href="#users" name="users">Users</a></h3> @@ -303,28 +341,10 @@ <p>Users (Subjects) are allowed to perform certain actions in your application through their association with roles or direct permissions. Your application’s data model defines exactly how a <code>Subject</code> is allowed to do something or not.</p> <p>For example, in your data model, perhaps you have an actual <code>User</code> class and you assign permissions directly to <code>User</code> instances. Or maybe you assign permissions only to <code>Roles</code> directly, and then assign Roles to <code>Users</code>, so by association, <code>Users</code> transitively ‘have’ the permissions assigned to their roles. Or you could represent these things with a ‘Group’ concept. It is up to you - use what makes sense for your application.</p> <p>Your data model defines exactly how authorization will function. Shiro relies on a <a href="realm.html" title="Realm">Realm</a> implementation to translate your data model association details into a format Shiro understands. We’ll cover how Realms do this a little later.</p> -<div class="panelMacro"> - <table class="infoMacro"> - <colgroup span="1"> - <col span="1" width="24"> - <col span="1"> - </colgroup> - - - <tbody> - <tr> - <td colspan="1" rowspan="1" valign="top"> - <i class="fa fa-info-circle"></i> - </td> - - <td colspan="1" rowspan="1"> - <b>Note</b> - <br clear="none"> - Ultimately, your <a href="realm.html" title="Realm">Realm</a> implementation is what communicates with your data source (RDBMS, LDAP, etc). So your realm is what will tell Shiro whether or not roles or permissions exist. You have full control over how your authorization model is structured and defined. - </td> - </tr> - </tbody> - </table> +<div class="alert alert-info"> + <span class="glyphicon glyphicon-info-sign"></span> <strong>Note</strong> + <hr class="message-inner-separator"> + <p>Ultimately, your <a href="realm.html" title="Realm">Realm</a> implementation is what communicates with your data source (RDBMS, LDAP, etc). So your realm is what will tell Shiro whether or not roles or permissions exist. You have full control over how your authorization model is structured and defined.</p> </div> <a name="Authorization-AuthorizingSubjects"></a> <h2><a href="#authorizing-subjects" name="authorizing-subjects">Authorizing Subjects</a></h2> @@ -727,26 +747,10 @@ public void updateAccount(Account accoun securityManager.authorizer.permissionResolver = $globalPermissionResolver ... </code></pre> -<div class="panelMacro"> - <table class="noteMacro"> - <colgroup span="1"> - <col span="1" width="24"> - <col span="1"> - </colgroup> - <tbody> - <tr> - <td colspan="1" rowspan="1" valign="top"> - <i class="fa fa-warning"></i> - </td> - - <td colspan="1" rowspan="1"> - <b>PermissionResolverAware</b> - <br clear="none"> - If you want to configure a global <code>PermissionResolver</code>, each <code>Realm</code> that is to receive the configured <code>PermissionResolver</code> <b><em>must</em></b> implement the <a class="external-link" href="static/current/apidocs/src-html/org/apache/shiro/authz/permission/PermissionResolverAware.html"><code>PermisionResolverAware</code></a> interface. This guarantees that the configured instance can be relayed to each <code>Realm</code> that supports such configuration. - </td> - </tr> - </tbody> - </table> +<div class="alert alert-warning"> + <span class="glyphicon glyphicon-warning-sign"></span> <strong>PermissionResolverAware</strong> + <hr class="message-inner-separator"> + <p>If you want to configure a global <code>PermissionResolver</code>, each <code>Realm</code> that is to receive the configured <code>PermissionResolver</code> <b><em>must</em></b> implement the <a class="external-link" href="static/current/apidocs/src-html/org/apache/shiro/authz/permission/PermissionResolverAware.html"><code>PermisionResolverAware</code></a> interface. This guarantees that the configured instance can be relayed to each <code>Realm</code> that supports such configuration.</p> </div> <p>If you don’t want to use a global <code>PermissionResolver</code> or you don’t want to be bothered with the <code>PermissionResolverAware</code> interface, you can always configure a realm with a <code>PermissionResolver</code> instance explicitly (assuming there is a JavaBeans-compatible setPermissionResolver method):</p> <pre><code class="java">permissionResolver = com.foo.bar.authz.MyPermissionResolver @@ -770,26 +774,10 @@ realm.permissionResolver = $permissionRe securityManager.authorizer.rolePermissionResolver = $globalRolePermissionResolver ... </code></pre> -<div class="panelMacro"> - <table class="noteMacro"> - <colgroup span="1"> - <col span="1" width="24"> - <col span="1"> - </colgroup> - <tbody> - <tr> - <td colspan="1" rowspan="1" valign="top"> - <i class="fa fa-warning"></i> - </td> - - <td colspan="1" rowspan="1"> - <b>RolePermissionResolverAware</b> - <br clear="none"> - If you want to configure a global <code>RolePermissionResolver</code>, each <code>Realm</code> that is to receive the configured <code>RolePermissionResolver</code> <b><em>must</em></b> implement the <a class="external-link" href="static/current/apidocs/org/apache/shiro/authz/permission/RolePermissionResolverAware.html"><code>RolePermisionResolverAware</code></a> interface. This guarantees that the configured global <code>RolePermissionResolver</code> instance can be relayed to each <code>Realm</code> that supports such configuration. - </td> - </tr> - </tbody> - </table> +<div class="alert alert-warning"> + <span class="glyphicon glyphicon-warning-sign"></span> <strong>RolePermissionResolverAware</strong> + <hr class="message-inner-separator"> + <p>If you want to configure a global <code>RolePermissionResolver</code>, each <code>Realm</code> that is to receive the configured <code>RolePermissionResolver</code> <b><em>must</em></b> implement the <a class="external-link" href="static/current/apidocs/org/apache/shiro/authz/permission/RolePermissionResolverAware.html"><code>RolePermisionResolverAware</code></a> interface. This guarantees that the configured global <code>RolePermissionResolver</code> instance can be relayed to each <code>Realm</code> that supports such configuration.</p> </div> <p>If you don’t want to use a global <code>RolePermissionResolver</code> or you don’t want to be bothered with the <code>RolePermissionResolverAware</code> interface, you can always configure a realm with a <code>RolePermissionResolver</code> instance explicitly (assuming there is a JavaBeans-compatible setRolePermissionResolver method):</p> <pre><code class="ini">rolePermissionResolver = com.foo.bar.authz.MyRolePermissionResolver @@ -809,27 +797,23 @@ authorizer = com.foo.bar.authz.CustomAut securityManager.authorizer = $authorizer </code></pre> <input type="hidden" id="ghEditPage" value="authorization.md.vtl"></input> - - </div> - - </div><!--END WRAPPER--> + +</div> - <div id="footer"> + <div class="footer-padding"></div> + <footer class="custom-footer"> <div class="wrapper"> <a href="http://www.apache.org/foundation/contributing.html";>Donate to the ASF</a> | <a href="http://www.apache.org/licenses/LICENSE-2.0.html";>License</a> <p>Copyright © 2008-2016 The Apache Software Foundation</p> - - <div class="editThisPage"> - </div> - + <div class="editThisPage"></div> <div class="footer-shield"></div> </div> <!--END FOOTER WRAPPER--> - </div> <!--END FOOTER--> + </footer> <!--END FOOTER--> </body> </html> Modified: shiro/site/publish/authorizer.html URL: http://svn.apache.org/viewvc/shiro/site/publish/authorizer.html?rev=1766556&r1=1766555&r2=1766556&view=diff ============================================================================== --- shiro/site/publish/authorizer.html (original) +++ shiro/site/publish/authorizer.html Tue Oct 25 16:48:27 2016 @@ -35,6 +35,7 @@ <head> + <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta name="description" content="Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management."> <meta name="google-site-verification" content="QIax6uT5UX3enoU0G8Pz2pXbQ45KaQuHZ3nCh9V27mw"> @@ -50,29 +51,44 @@ <link rel="icon" type="image/vnd.microsoft.icon" href="./assets/images/favicon.ico"> <link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.6.3/css/font-awesome.min.css";> - <link rel="stylesheet" type="text/css" href="./assets/css/normalize.css"> - <link rel="stylesheet" type="text/css" href="./assets/css/confluence.css" media="screen"> + <!-- site styles and --> <link rel="stylesheet" type="text/css" href="./assets/css/style.css"> + <script type="text/javascript" src="./assets/js/shiro-site.js"></script> + <!-- github ribbon --> <link rel="stylesheet" href="./assets/css/gh-pages/gh-fork-ribbon.css" /> <!--[if lt IE 9]> <link rel="stylesheet" href="./assets/css/gh-pages/gh-fork-ribbon.ie.css" /> <![endif]--> + <script src="https://code.jquery.com/jquery-3.1.1.min.js"; integrity="sha256-hVVnYaiADRTO2PzUGmuLJr8BLUSjGIZsDYGmIJLv2b8=" crossorigin="anonymous"></script> + + <!-- bootstrap --> + <link rel="stylesheet" href="./assets/bootstrap/css/bootstrap.min.css"> + <link rel="stylesheet" href="./assets/bootstrap/css/bootstrap-theme.min.css"> + <script src="./assets/bootstrap/js/bootstrap.min.js"></script> + + + <!-- Google Analytics --> + <script> + (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ + (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), + m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m) + })(window,document,'script','https://www.google-analytics.com/analytics.js','ga'); + + ga('create', 'UA-XXXXX-Y', 'auto'); + ga('send', 'pageview'); + </script> + <!-- End Google Analytics --> + + + <!-- syntax highlighting --> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.7.0/styles/default.min.css"; integrity="sha256-Zd1icfZ72UBmsId/mUcagrmN7IN5Qkrvh75ICHIQVTk=" crossorigin="anonymous" /> <script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.7.0/highlight.min.js"; integrity="sha256-s63qpgPYoQk+wv3U6WZqioVJrwFNBTgD4dkeegLuwvo=" crossorigin="anonymous"></script> - - <script type="text/javascript" src="./assets/js/shiro-site.js"></script> - <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.8.0/jquery.min.js";></script> - <script type="text/javascript" src="./assets/js/jquery_googleanalytics/jquery.google-analytics.js"></script> <script>hljs.initHighlightingOnLoad();</script> + <script type="text/javascript"> - // initialize plugins - jQuery(function() { - //Google Analytics - jQuery.trackPage('UA-11551827-1'); - }); $( document ).ready(function() { addPageEditLink(); @@ -81,27 +97,97 @@ </head> <body> - <a class="github-fork-ribbon right-top" href="https://github.com/apache/shiro"; title="Fork me on GitHub">Fork me on GitHub</a> <div id="top-bar"></div> - <div class="wrapper"> + <div class="container" style="max-width: 1200px;"> + + <a class="github-fork-ribbon right-top" href="https://github.com/apache/shiro"; title="Fork me on GitHub">Fork me on GitHub</a> + + - <div id="header"> - <a href="./index.html"><div id="logo"></div></a> - <ul class="navigation"> + <div class="masthead"> + <p class="lead"> + <a href="./index.html"> + <img src="./assets/images/apache-shiro-logo.png" style="height:100px; width:auto; vertical-align: bottom; margin-top: 20px;"> + </a> + <span class="tagline">Simple. Java. Security.</span> + </p> + </div> + + + + <nav class="navbar navbar-default" role="navigation"> + <!-- Brand and toggle get grouped for better mobile display --> + <div class="navbar-header"> + <button type="button" class="navbar-toggle" data-toggle="collapse" + data-target="#navbar-collapse-1"> + <span class="sr-only">Toggle navigation</span> + <span class="icon-bar"></span> + <span class="icon-bar"></span> + <span class="icon-bar"></span> + </button> + </div> + + <!-- Collect the nav links, forms, and other content for toggling --> + <div class="collapse navbar-collapse" id="navbar-collapse-1"> + <ul class="nav navbar-nav"> <li><a href="./get-started.html">Get Started</a></li> <li><a href="./documentation.html">Docs</a></li> <li><a href="./web-features.html">Web Apps</a></li> - <li><a href="./integration.html">Integrations</a></li> + + <li class="dropdown"> + <a href="#" class="dropdown-toggle" data-toggle="dropdown"> + Integrations <b class="caret"></b> + </a> + + <ul class="dropdown-menu"> + <li><a href="./spring.html">Spring</a></li> + <li><a href="./guice.html">Guice</a></li> + <li class="divider"></li> + <li><a href="./integration.html">Third-Party Integrations</a></li> + </ul> + </li> + <li><a href="./features.html">Features</a></li> - <li><a href="./community.html">Community</a></li> + + <li class="dropdown"> + <a href="#" class="dropdown-toggle" data-toggle="dropdown"> + Community <b class="caret"></b> + </a> + <ul class="dropdown-menu"> + <li><a href="./forums.html">Community Forums</a></li> + <li><a href="./mailing-lists.html">Mailing Lists</a></li> + <li><a href="./articles.html">Articles</a></li> + <li><a href="./news.html">News</a></li> + <li><a href="./events.html">Events</a></li> + <li class="divider"></li> + <li><a href="./community.html">More</a></li> + </ul> + </li> + + </ul> + + <ul class="nav navbar-nav navbar-right"> + <li class="dropdown"> + <a href="http://www.apache.org/"; class="dropdown-toggle" data-toggle="dropdown"> + Apache Software Foundation <b class="caret"></b></a> + <ul class="dropdown-menu"> + <li><a href="http://www.apache.org/";>Apache Homepage</a></li> + <li><a href="http://www.apache.org/licenses/";>License</a></li> + <li><a href="http://www.apache.org/foundation/sponsorship.html";>Sponsorship</a></li> + <li><a href="http://www.apache.org/foundation/thanks.html";>Thanks</a></li> + <li><a href="http://www.apache.org/foundation/sponsorship.html";>Donate</a></li> + <li><a href="http://www.apache.org/security/";>Security</a></li> + </ul> + </li> </ul> </div> + <!-- /.navbar-collapse --> + </nav> - <div id="content"> - <p>TODO</p> + <p>TODO</p> <h2><a name="Lendahandwithdocumentation"></a>Lend a hand with documentation </h2> @@ -110,27 +196,23 @@ <p>The easiest way to contribute your documentation is to send it to the <a class="external-link" href="http://shiro-user.582556.n2.nabble.com/"; rel="nofollow">User Forum</a> or the <a href="mailing-lists.html" title="Mailing Lists">User Mailing List</a>.</p> <input type="hidden" id="ghEditPage" value="authorizer.html.vtl"></input> - - </div> + +</div> - </div><!--END WRAPPER--> - - <div id="footer"> + <div class="footer-padding"></div> + <footer class="custom-footer"> <div class="wrapper"> <a href="http://www.apache.org/foundation/contributing.html";>Donate to the ASF</a> | <a href="http://www.apache.org/licenses/LICENSE-2.0.html";>License</a> <p>Copyright © 2008-2016 The Apache Software Foundation</p> - - <div class="editThisPage"> - </div> - + <div class="editThisPage"></div> <div class="footer-shield"></div> </div> <!--END FOOTER WRAPPER--> - </div> <!--END FOOTER--> + </footer> <!--END FOOTER--> </body> </html>
