Author: fpapon
Date: Mon Nov 18 20:13:10 2019
New Revision: 1869997
URL: http://svn.apache.org/viewvc?rev=1869997&view=rev
Log:
Publish release Shiro 1.4.2
Modified:
shiro/site/publish/10-minute-tutorial.html
shiro/site/publish/authentication.html
shiro/site/publish/documentation.html
shiro/site/publish/download.html
shiro/site/publish/java-authentication-guide.html
shiro/site/publish/news.html
shiro/site/publish/security-reports.html
shiro/site/publish/static/.htaccess
Modified: shiro/site/publish/10-minute-tutorial.html
URL:
http://svn.apache.org/viewvc/shiro/site/publish/10-minute-tutorial.html?rev=1869997&r1=1869996&r2=1869997&view=diff
==============================================================================
--- shiro/site/publish/10-minute-tutorial.html (original)
+++ shiro/site/publish/10-minute-tutorial.html Mon Nov 18 20:13:10 2019
@@ -253,14 +253,14 @@
<h2><a href="#download" name="download">Download</a></h2>
<ol>
<li>Ensure you have JDK 1.6+ and Maven 3.0.3+ installed.</li>
- <li>Download the lastest “Source Code Distribution” from the <a
href="download.html" title="Download">Download</a> page. In this example,
we’re using the 1.4.1 release distribution.</li>
+ <li>Download the lastest “Source Code Distribution” from the <a
href="download.html" title="Download">Download</a> page. In this example,
we’re using the 1.4.2 release distribution.</li>
<li>Unzip the source package:
- <pre><code class="bash">$ unzip shiro-root-1.4.1-source-release.zip
+ <pre><code class="bash">$ unzip shiro-root-1.4.2-source-release.zip
</code></pre>
</li>
<li>
<p>Enter the quickstart directory:</p>
- <pre><code class="bash">$ cd shiro-root-1.4.1/samples/quickstart
+ <pre><code class="bash">$ cd shiro-root-1.4.2/samples/quickstart
</code></pre>
</li>
<li>
Modified: shiro/site/publish/authentication.html
URL:
http://svn.apache.org/viewvc/shiro/site/publish/authentication.html?rev=1869997&r1=1869996&r2=1869997&view=diff
==============================================================================
--- shiro/site/publish/authentication.html (original)
+++ shiro/site/publish/authentication.html Mon Nov 18 20:13:10 2019
@@ -388,7 +388,7 @@ currentUser.login(token);
<img style="margin:0px auto;display:block"
src="assets/images/ShiroAuthenticationSequence.png"/>
<p><strong>Step 1</strong>: Application code invokes the
<code>Subject.login</code> method, passing in the constructed
<code>AuthenticationToken</code> instance representing the end-user’s
principals and credentials.</p>
<p><strong>Step 2</strong>: The <code>Subject</code> instance, typically a <a
href="static/current/apidocs/org/apache/shiro/subject/support/DelegatingSubject.html"><code>DelegatingSubject</code></a>
(or a subclass) delegates to the application’s
<code>SecurityManager</code> by calling
<code>securityManager.login(token)</code>, where the actual authentication work
begins.</p>
-<p><strong>Step 3</strong>: The <code>SecurityManager</code>, being a basic
‘umbrella’ component, receives the token and simply delegates to
its internal <a
href="static/current/apidocs/org/apache/shiro/authc/Authenticator.html"><code>Authenticator</code></a><code>instance
by calling</code>authenticator.<a
href="static/current/apidocs/org/apache/shiro/authc/Authenticator.html#authenticate-org.apache.shiro.authc.AuthenticationToken-"><code>authenticate(token)</code></a>.
This is almost always a <a
href="static/current/apidocs/org/apache/shiro/authc/pam/ModularRealmAuthenticator.html"><code>ModularRealmAuthenticator</code></a>
instance, which supports coordinating one or more <code>Realm</code> instances
during authentication. The <code>ModularRealmAuthenticator</code> essentially
provides a <a
href="https://en.wikipedia.org/wiki/Pluggable_Authentication_Modules";>PAM</a>-style
paradigm for Apache Shiro (where each <code>Realm</code> is a
‘module’ in PAM termino
logy).</p>
+<p><strong>Step 3</strong>: The <code>SecurityManager</code>, being a basic
‘umbrella’ component, receives the token and simply delegates to
its internal <a
href="static/current/apidocs/org/apache/shiro/authc/Authenticator.html"><code>Authenticator</code></a>
instance by calling <a
href="static/current/apidocs/org/apache/shiro/authc/Authenticator.html#authenticate-org.apache.shiro.authc.AuthenticationToken-"><code>authenticator.authenticate(token)</code></a>.
This is almost always a <a
href="static/current/apidocs/org/apache/shiro/authc/pam/ModularRealmAuthenticator.html"><code>ModularRealmAuthenticator</code></a>
instance, which supports coordinating one or more <code>Realm</code> instances
during authentication. The <code>ModularRealmAuthenticator</code> essentially
provides a <a
href="https://en.wikipedia.org/wiki/Pluggable_Authentication_Modules";>PAM</a>-style
paradigm for Apache Shiro (where each <code>Realm</code> is a
‘module’ in PAM terminology).</p>
<p><strong>Step 4</strong>: If more than one <code>Realm</code> is configured
for the application, the <code>ModularRealmAuthenticator</code> instance will
initiate a multi-<code>Realm</code> authentication attempt utilizing its
configured <a
href="static/current/apidocs/org/apache/shiro/authc/pam/AuthenticationStrategy.html"><code>AuthenticationStrategy</code></a>.
Before, during and after the <code>Realms</code> are invoked for
authentication, the <code>AuthenticationStrategy</code> will be called to allow
it to react to each Realm’s results. We will cover
<code>AuthenticationStrategies</code> soon.</p>
<div class="alert alert-warning">
<span class="glyphicon glyphicon-warning-sign"></span>
<strong>Single-Realm Application</strong>
Modified: shiro/site/publish/documentation.html
URL:
http://svn.apache.org/viewvc/shiro/site/publish/documentation.html?rev=1869997&r1=1869996&r2=1869997&view=diff
==============================================================================
--- shiro/site/publish/documentation.html (original)
+++ shiro/site/publish/documentation.html Mon Nov 18 20:13:10 2019
@@ -249,11 +249,11 @@
</ul>
<a name="Documentation-CurrentRelease"></a>
<h3><a href="#current-release" name="current-release">Current Release</a></h3>
-<p>Apache Shiro 1.4.1 (<a href="download.html"
title="Download">Download</a>)</p>
+<p>Apache Shiro 1.4.2 (<a href="download.html"
title="Download">Download</a>)</p>
<ul>
- <li><a href="static/1.4.1/apidocs">API</a> (JavaDoc)</li>
- <li><a href="static/1.4.1/xref/">Browse Source</a> (XREF)</li>
- <li><a href="static/1.4.1/">Maven Static Site</a></li>
+ <li><a href="static/1.4.2/apidocs">API</a> (JavaDoc)</li>
+ <li><a href="static/1.4.2/xref/">Browse Source</a> (XREF)</li>
+ <li><a href="static/1.4.2/">Maven Static Site</a></li>
</ul>
<h2><a name="Lendahandwithdocumentation"></a>Lend a hand with documentation
</h2>
<p>While we hope this documentation helps you with the work you're doing with
Apache Shiro, the community is improving and expanding the documentation all
the time. If you'd like to help the Shiro project, please consider correcting,
expanding, or adding documentation where you see a need. Every little bit of
help you provide expands the community and in turn improves Shiro. </p>
Modified: shiro/site/publish/download.html
URL:
http://svn.apache.org/viewvc/shiro/site/publish/download.html?rev=1869997&r1=1869996&r2=1869997&view=diff
==============================================================================
--- shiro/site/publish/download.html (original)
+++ shiro/site/publish/download.html Mon Nov 18 20:13:10 2019
@@ -286,7 +286,7 @@
<h1><a name="Download-DownloadApacheShiro"></a>Download Apache Shiro</h1>
-<p>Apache Shiro 1.4.1 is the current stable release (Java 1.6+ JVM).</p>
+<p>Apache Shiro 1.4.2 is the current stable release (Java 1.6+ JVM).</p>
<p>To download Shiro please follow the instructions below.</p>
@@ -302,11 +302,11 @@
<div>
<ul>
<li>
- <a href="#latest">Latest Stable Release (1.4.1)</a>
+ <a href="#latest">Latest Stable Release (1.4.2)</a>
<ul>
- <li><a href="#latestBinary">1.4.1 Binary Distribution</a></li>
- <li><a href="#latestSource">1.4.1 Source Code
Distribution</a></li>
- <li><a href="#latestGit">1.4.1 Git Source repository</a></li>
+ <li><a href="#latestBinary">1.4.2 Binary Distribution</a></li>
+ <li><a href="#latestSource">1.4.2 Source Code
Distribution</a></li>
+ <li><a href="#latestGit">1.4.2 Git Source repository</a></li>
</ul>
</li>
<li>
@@ -348,9 +348,9 @@
</div>
-<h2><a name="latest"></a>Latest Stable Release (1.4.1)</h2>
+<h2><a name="latest"></a>Latest Stable Release (1.4.2)</h2>
-<h3><a name="latestBinary"></a>1.4.1 Binary Distribution</h3>
+<h3><a name="latestBinary"></a>1.4.2 Binary Distribution</h3>
<p>Associated documentation can be found <a href="documentation.html"
title="Documentation">here</a></p>
@@ -374,7 +374,7 @@
<td style="white-space: nowrap;">
- <a
href="http://repo1.maven.org/maven2/org/apache/shiro/shiro-all/1.4.1/shiro-all-1.4.1.jar";>shiro-all</a>
+ <a
href="http://repo1.maven.org/maven2/org/apache/shiro/shiro-all/1.4.2/shiro-all-1.4.2.jar";>shiro-all</a>
</td>
<td>
@@ -391,14 +391,14 @@
<td style="white-space: nowrap;">
- <a
href="http://repo1.maven.org/maven2/org/apache/shiro/shiro-core/1.4.1/shiro-core-1.4.1.jar";>shiro-core</a>
+ <a
href="http://repo1.maven.org/maven2/org/apache/shiro/shiro-core/1.4.2/shiro-core-1.4.2.jar";>shiro-core</a>
</td>
<td>
<pre><code class="xml"><dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
- <version>1.4.1</version>
+ <version>1.4.2</version>
</dependency>
</code></pre>
</td>
@@ -412,14 +412,14 @@
<td style="white-space: nowrap;">
- <a
href="http://repo1.maven.org/maven2/org/apache/shiro/shiro-web/1.4.1/shiro-web-1.4.1.jar";>shiro-web</a>
+ <a
href="http://repo1.maven.org/maven2/org/apache/shiro/shiro-web/1.4.2/shiro-web-1.4.2.jar";>shiro-web</a>
</td>
<td>
<pre><code class="xml"><dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-web</artifactId>
- <version>1.4.1</version>
+ <version>1.4.2</version>
</dependency>
</code></pre>
</td>
@@ -431,14 +431,14 @@
<td style="white-space: nowrap;">
- <a
href="http://repo1.maven.org/maven2/org/apache/shiro/shiro-servlet-plugin/1.4.1/shiro-servlet-plugin-1.4.1.jar";>shiro-servlet-plugin</a>
+ <a
href="http://repo1.maven.org/maven2/org/apache/shiro/shiro-servlet-plugin/1.4.2/shiro-servlet-plugin-1.4.2.jar";>shiro-servlet-plugin</a>
</td>
<td>
<pre><code class="xml"><dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-servlet-plugin</artifactId>
- <version>1.4.1</version>
+ <version>1.4.2</version>
</dependency>
</code></pre>
</td>
@@ -450,14 +450,14 @@
<td style="white-space: nowrap;">
- <a
href="http://repo1.maven.org/maven2/org/apache/shiro/shiro-jaxrs/1.4.1/shiro-jaxrs-1.4.1.jar";>shiro-jaxrs</a>
+ <a
href="http://repo1.maven.org/maven2/org/apache/shiro/shiro-jaxrs/1.4.2/shiro-jaxrs-1.4.2.jar";>shiro-jaxrs</a>
</td>
<td>
<pre><code class="xml"><dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-jaxrs</artifactId>
- <version>1.4.1</version>
+ <version>1.4.2</version>
</dependency>
</code></pre>
</td>
@@ -469,14 +469,14 @@
<td style="white-space: nowrap;">
- <a
href="http://repo1.maven.org/maven2/org/apache/shiro/shiro-aspectj/1.4.1/shiro-aspectj-1.4.1.jar";>shiro-aspectj</a>
+ <a
href="http://repo1.maven.org/maven2/org/apache/shiro/shiro-aspectj/1.4.2/shiro-aspectj-1.4.2.jar";>shiro-aspectj</a>
</td>
<td>
<pre><code class="xml"><dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-aspectj</artifactId>
- <version>1.4.1</version>
+ <version>1.4.2</version>
</dependency>
</code></pre>
</td>
@@ -488,14 +488,14 @@
<td style="white-space: nowrap;">
- <a
href="http://repo1.maven.org/maven2/org/apache/shiro/shiro-cas/1.4.1/shiro-cas-1.4.1.jar";>shiro-cas</a>
+ <a
href="http://repo1.maven.org/maven2/org/apache/shiro/shiro-cas/1.4.2/shiro-cas-1.4.2.jar";>shiro-cas</a>
</td>
<td>
<pre><code class="xml"><dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-cas</artifactId>
- <version>1.4.1</version>
+ <version>1.4.2</version>
</dependency>
</code></pre>
</td>
@@ -513,14 +513,14 @@
<td style="white-space: nowrap;">
- <a
href="http://repo1.maven.org/maven2/org/apache/shiro/shiro-ehcache/1.4.1/shiro-ehcache-1.4.1.jar";>shiro-ehcache</a>
+ <a
href="http://repo1.maven.org/maven2/org/apache/shiro/shiro-ehcache/1.4.2/shiro-ehcache-1.4.2.jar";>shiro-ehcache</a>
</td>
<td>
<pre><code class="xml"><dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-ehcache</artifactId>
- <version>1.4.1</version>
+ <version>1.4.2</version>
</dependency>
</code></pre>
</td>
@@ -532,14 +532,14 @@
<td style="white-space: nowrap;">
- <a
href="http://repo1.maven.org/maven2/org/apache/shiro/shiro-hazelcast/1.4.1/shiro-hazelcast-1.4.1.jar";>shiro-hazelcast</a>
+ <a
href="http://repo1.maven.org/maven2/org/apache/shiro/shiro-hazelcast/1.4.2/shiro-hazelcast-1.4.2.jar";>shiro-hazelcast</a>
</td>
<td>
<pre><code class="xml"><dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-hazelcast</artifactId>
- <version>1.4.1</version>
+ <version>1.4.2</version>
</dependency>
</code></pre>
</td>
@@ -551,14 +551,14 @@
<td style="white-space: nowrap;">
- <a
href="http://repo1.maven.org/maven2/org/apache/shiro/shiro-features/1.4.1/shiro-features-1.4.1-features.xml";>shiro-features</a>
+ <a
href="http://repo1.maven.org/maven2/org/apache/shiro/shiro-features/1.4.2/shiro-features-1.4.2-features.xml";>shiro-features</a>
</td>
<td>
<pre><code class="xml"><dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-features</artifactId>
- <version>1.4.1</version>
+ <version>1.4.2</version>
</dependency>
</code></pre>
</td>
@@ -570,14 +570,14 @@
<td style="white-space: nowrap;">
- <a
href="http://repo1.maven.org/maven2/org/apache/shiro/shiro-guice/1.4.1/shiro-guice-1.4.1.jar";>shiro-guice</a>
+ <a
href="http://repo1.maven.org/maven2/org/apache/shiro/shiro-guice/1.4.2/shiro-guice-1.4.2.jar";>shiro-guice</a>
</td>
<td>
<pre><code class="xml"><dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-guice</artifactId>
- <version>1.4.1</version>
+ <version>1.4.2</version>
</dependency>
</code></pre>
</td>
@@ -589,14 +589,14 @@
<td style="white-space: nowrap;">
- <a
href="http://repo1.maven.org/maven2/org/apache/shiro/shiro-quartz/1.4.1/shiro-quartz-1.4.1.jar";>shiro-quartz</a>
+ <a
href="http://repo1.maven.org/maven2/org/apache/shiro/shiro-quartz/1.4.2/shiro-quartz-1.4.2.jar";>shiro-quartz</a>
</td>
<td>
<pre><code class="xml"><dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-quartz</artifactId>
- <version>1.4.1</version>
+ <version>1.4.2</version>
</dependency>
</code></pre>
</td>
@@ -608,14 +608,14 @@
<td style="white-space: nowrap;">
- <a
href="http://repo1.maven.org/maven2/org/apache/shiro/shiro-spring/1.4.1/shiro-spring-1.4.1.jar";>shiro-spring</a>
+ <a
href="http://repo1.maven.org/maven2/org/apache/shiro/shiro-spring/1.4.2/shiro-spring-1.4.2.jar";>shiro-spring</a>
</td>
<td>
<pre><code class="xml"><dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
- <version>1.4.1</version>
+ <version>1.4.2</version>
</dependency>
</code></pre>
</td>
@@ -627,14 +627,14 @@
<td style="white-space: nowrap;">
- <a
href="http://repo1.maven.org/maven2/org/apache/shiro/shiro-spring-boot-starter/1.4.1/shiro-spring-boot-starter-1.4.1.jar";>shiro-spring-boot-starter</a>
+ <a
href="http://repo1.maven.org/maven2/org/apache/shiro/shiro-spring-boot-starter/1.4.2/shiro-spring-boot-starter-1.4.2.jar";>shiro-spring-boot-starter</a>
</td>
<td>
<pre><code class="xml"><dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring-boot-starter</artifactId>
- <version>1.4.1</version>
+ <version>1.4.2</version>
</dependency>
</code></pre>
</td>
@@ -646,14 +646,14 @@
<td style="white-space: nowrap;">
- <a
href="http://repo1.maven.org/maven2/org/apache/shiro/shiro-spring-boot-web-starter/1.4.1/shiro-spring-boot-web-starter-1.4.1.jar";>shiro-spring-boot-web-starter</a>
+ <a
href="http://repo1.maven.org/maven2/org/apache/shiro/shiro-spring-boot-web-starter/1.4.2/shiro-spring-boot-web-starter-1.4.2.jar";>shiro-spring-boot-web-starter</a>
</td>
<td>
<pre><code class="xml"><dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring-boot-web-starter</artifactId>
- <version>1.4.1</version>
+ <version>1.4.2</version>
</dependency>
</code></pre>
</td>
@@ -665,7 +665,7 @@
<td style="white-space: nowrap;">
- <a
href="http://repo1.maven.org/maven2/org/apache/shiro/tools/shiro-tools-hasher/1.4.1/shiro-tools-hasher-1.4.1-cli.jar";>shiro-tools-hasher</a>
+ <a
href="http://repo1.maven.org/maven2/org/apache/shiro/tools/shiro-tools-hasher/1.4.2/shiro-tools-hasher-1.4.2-cli.jar";>shiro-tools-hasher</a>
</td>
<td>
@@ -675,28 +675,28 @@
<td>A command-line program to perform hashing (MD5, SHA, etc) for
files, streams and passwords.
Note that this is a command line program and not intended
to be used as a Maven/program
dependency. It is intended to be downloaded and executed:
- <pre><code class='bash'> java -jar
shiro-tools-hasher-1.4.1-cli.jar</code></pre></td>
+ <pre><code class='bash'> java -jar
shiro-tools-hasher-1.4.2-cli.jar</code></pre></td>
</tr>
</tbody>
</table>
-<h3><a name="latestSource"></a>1.4.1 Source Code Distribution</h3>
+<h3><a name="latestSource"></a>1.4.2 Source Code Distribution</h3>
<p>The source bundle requires JDK 1.6 and Maven 3.0.3+ to build:</p>
-<p><a class="external-link"
href="http://www.apache.org/dyn/closer.cgi/shiro/1.4.1/shiro-root-1.4.1-source-release.zip";>zip</a>
+<p><a class="external-link"
href="http://www.apache.org/dyn/closer.cgi/shiro/1.4.2/shiro-root-1.4.2-source-release.zip";>zip</a>
(<a class="external-link"
-
href="http://www.apache.org/dyn/closer.cgi/shiro/1.4.1/shiro-root-1.4.1-source-release.zip.asc";>pgp</a>,
<a
+
href="http://www.apache.org/dyn/closer.cgi/shiro/1.4.2/shiro-root-1.4.2-source-release.zip.asc";>pgp</a>,
<a
class="external-link"
-
href="http://www.apache.org/dyn/closer.cgi/shiro/1.4.1/shiro-root-1.4.1-source-release.zip.sha512";>sha512</a>)
+
href="http://www.apache.org/dyn/closer.cgi/shiro/1.4.2/shiro-root-1.4.2-source-release.zip.sha512";>sha512</a>)
</p>
-<h3><a name="latestGit"></a>1.4.1 Git Source repository</h3>
+<h3><a name="latestGit"></a>1.4.2 Git Source repository</h3>
<p>The source can be cloned anonymously from Git with this command:</p>
<pre><code style="bash">git clone https://github.com/apache/shiro.git
-git checkout shiro-root-1.4.1 -b shiro-root-1.4.1
+git checkout shiro-root-1.4.2 -b shiro-root-1.4.2
</code>
</pre>
Modified: shiro/site/publish/java-authentication-guide.html
URL:
http://svn.apache.org/viewvc/shiro/site/publish/java-authentication-guide.html?rev=1869997&r1=1869996&r2=1869997&view=diff
==============================================================================
--- shiro/site/publish/java-authentication-guide.html (original)
+++ shiro/site/publish/java-authentication-guide.html Mon Nov 18 20:13:10 2019
@@ -318,7 +318,7 @@ currentUser.login(token);
</div>
<a name="JavaAuthenticationGuide-%22RememberMe%22Support"></a>
<h2>“Remember Me” Support</h2>
-<p>As shown in the example above, Shiro supports the notion of “remember
me” in adition to the normal login process. Â </p>
+<p>As shown in the example above, Shiro supports the notion of “remember
me” in addition to the normal login process. Â </p>
<p>In Shiro, the Subject object supports two methods : <a
href="static/current/apidocs/org/apache/shiro/subject/Subject.html#isRemembered--"><code>isRemembered()</code></a>
and <a
href="static/current/apidocs/org/apache/shiro/subject/Subject.html#isAuthenticated--"><code>isAuthenticated()</code></a>.</p>
<p>A “remembered” subject has an identity (it is not anonymous)
and their identifying attributes,referred to as principals, are remembered from
a successful authentication during a previous session.</p>
<p>An authenticated subject has proved their identity <em>during their current
session</em>.</p>
@@ -332,7 +332,7 @@ currentUser.login(token);
<p>In shiro it is very important to note that a remembered subject is not an
authenticated subject. A check against <code>isAuthenticated()</code> is a much
more strict check because authentication is the process of proving you are who
you say you are. When a user is only remembered, the remembered identity gives
the system an idea who that user probably is, but in reality, has no way of
absolutely guaranteeing if the remembered Subject represents the user currently
using the application. Once the subject is authenticated, they are no longer
considered only remembered because their identity would have been verified
during the current session.</p>
<p>So although many parts of the application can still perform user-specific
logic based on the remembered principals, such as customized views, it should
never perform highly-sensitive operations until the user has legitimately
verified their identity by executing a successful authentication attempt.</p>
<p>For example, a check to see if a subject can access financial information
should almost always depend on <code>isAuthenticated()</code>, not
<code>isRemembered()</code>, to guarantee a verified identity.</p>
-<p>Here is a scenario to help illustrate why the the distinction between
isAuthenticated and isRemembered is important.</p>
+<p>Here is a scenario to help illustrate why the distinction between
isAuthenticated and isRemembered is important.</p>
<p>Let’s say you’re using Amazon.com. You log in and you add some
books to your shopping cart. A day goes by. Of course your user session has
expired and you’ve been logged out. But Amazon “remembers”
you, greets you by name, and is still giving you personalized book
recommendations. To Amazon, <code>isRemembered()</code> would return
<code>TRUE</code>. What happens if you try to use one of the credit cards on
file or change your account information? While Amazon “remembers”
you, <code>isRemembered() = TRUE</code>, it is not certain that you are in fact
you, <code>isAuthenticated()=FALSE</code>. So before you can perform a
sensitive action Amazon needs to verify your identity by forcing an
authentication process which it does through a login screen. After the login,
your identity has been verified and <code>isAuthenticated()=TRUE</code>.</p>
<p>This scenario happens very often over the web so the functionality is built
into Shiro helping you easily make the distinction yourself.</p>
<a name="JavaAuthenticationGuide-LoggingOut"></a>
Modified: shiro/site/publish/news.html
URL:
http://svn.apache.org/viewvc/shiro/site/publish/news.html?rev=1869997&r1=1869996&r2=1869997&view=diff
==============================================================================
--- shiro/site/publish/news.html (original)
+++ shiro/site/publish/news.html Mon Nov 18 20:13:10 2019
@@ -237,6 +237,35 @@ For more information on Shiro, please re
<div class="blog-post-listing">
<div class="logo-heading-block">
+ <a class="blogHeading" id="1.4.2-released"
href="#1.4.2-released">Apache Shiro 1.4.2 Released</a>
+ </div>
+
+ <div class="news-content">
+ <p>The Shiro team is pleased to announce the release of Apache Shiro
version 1.4.2. This is a feature release for 1.x.</p>
+
+ <p>This release includes 1 issue resolved since the 1.4.1 release and
is available for Download now.</p>
+
+ <p>Of Note:
+ <ul>
+ <li>Updates the default Cipher mode to GCM in AesCipherService (<a
href="security-reports.html">CVE-2019-12422</a>)</li>
+ </ul>
+
+ You can learn more on <a
href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310950&version=12345454";
target="_blank">Jira</a>
+ </p>
+
+ <p>Release binaries (.jars) are also available through Maven Central
and source bundles through Apache distribution mirrors.</p>
+
+ <p>For more information on <a href="documentation.html">Shiro, please
read the documentation.</a></p>
+
+ <p>Enjoy!</p>
+
+ <p>The Apache Shiro Team</p>
+ </div>
+</div>
+
+<div class="blog-post-listing">
+
+ <div class="logo-heading-block">
<a class="blogHeading" id="1.4.1-released"
href="#1.4.1-released">Apache Shiro 1.4.1 Released</a>
</div>
Modified: shiro/site/publish/security-reports.html
URL:
http://svn.apache.org/viewvc/shiro/site/publish/security-reports.html?rev=1869997&r1=1869996&r2=1869997&view=diff
==============================================================================
--- shiro/site/publish/security-reports.html (original)
+++ shiro/site/publish/security-reports.html Mon Nov 18 20:13:10 2019
@@ -235,6 +235,8 @@
</ul>
<p>A <a href="http://www.apache.org/security/committers.html";>more detailed
description of the process</a> has been written for committers. Reporters of
security vulnerabilities may also find it useful.</p>
<h2><a href="#apache-shiro-vulnerability-reports"
name="apache-shiro-vulnerability-reports">Apache Shiro Vulnerability
Reports</a></h2>
+<h3><a
href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12422";>CVE-2019-12422</a></h3>
+<p>Apache Shiro before 1.4.2, when using the default “remember me”
configuration, cookies could be susceptible to a padding attack.</p>
<h3><a
href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6802";>CVE-2016-6802</a></h3>
<p>Apache Shiro before 1.3.2 allows attackers to bypass intended servlet
filters and gain access by leveraging use of a non-root servlet context
path.</p>
<h3><a
href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4437";>CVE-2016-4437</a></h3>
Modified: shiro/site/publish/static/.htaccess
URL:
http://svn.apache.org/viewvc/shiro/site/publish/static/.htaccess?rev=1869997&r1=1869996&r2=1869997&view=diff
==============================================================================
--- shiro/site/publish/static/.htaccess (original)
+++ shiro/site/publish/static/.htaccess Mon Nov 18 20:13:10 2019
@@ -40,6 +40,6 @@ RedirectMatch /static/1.2.1/shiro-featur
RedirectMatch /static/(.*)/tools(.*) /static/$1/shiro-tools/$2
-RedirectMatch /static/current(.*) /static/1.4.1$1
-RedirectMatch /static/latest(.*) /static/1.4.1$1
+RedirectMatch /static/current(.*) /static/1.4.2$1
+RedirectMatch /static/latest(.*) /static/1.4.2$1
