Modified: shiro/site/publish/java-authorization-guide.html URL: http://svn.apache.org/viewvc/shiro/site/publish/java-authorization-guide.html?rev=1765607&r1=1765606&r2=1765607&view=diff ============================================================================== --- shiro/site/publish/java-authorization-guide.html (original) +++ shiro/site/publish/java-authorization-guide.html Wed Oct 19 14:24:58 2016 @@ -15,6 +15,7 @@ limitations under the License. --> <html> + <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta name="description" content="Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management."> @@ -29,6 +30,7 @@ <link rel="icon" type="image/vnd.microsoft.icon" href="./assets/images/favicon.ico"> + <link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.6.3/css/font-awesome.min.css";> <link rel="stylesheet" type="text/css" href="./assets/css/normalize.css"> <link rel="stylesheet" type="text/css" href="./assets/css/confluence.css" media="screen"> @@ -144,7 +146,29 @@ Authorization, or access control, is the <p>For more information on Users, aka Subjects, please check out the <a href="subject.html" title="Subject">Subject Documentation</a>.</p> -<div class="panelMacro"><table class="infoMacro"><colgroup span="1"><col span="1" width="24"><col span="1"></colgroup><tr><td colspan="1" rowspan="1" valign="top"><img align="middle" src="https://cwiki.apache.org/confluence/images/icons/emoticons/information.gif"; width="16" height="16" alt="" border="0"></td><td colspan="1" rowspan="1">Ultimately, your <a href="realm.html" title="Realm">Realm</a> implementation is what communicates with your data source (RDBMS, LDAP, etc). So your realm is what will tell Shiro whether or not roles or permissions exist. You have full control over how your authorization model works.</td></tr></table></div> +<div class="panelMacro"> + <table class="infoMacro"> + <colgroup span="1"> + <col span="1" width="24"> + <col span="1"> + </colgroup> + + + <tbody> + <tr> + <td colspan="1" rowspan="1" valign="top"> + <i class="fa fa-info-circle"></i> + </td> + + <td colspan="1" rowspan="1"> + <b>Note</b> + <br clear="none"> + Ultimately, your <a href="realm.html" title="Realm">Realm</a> implementation is what communicates with your data source (RDBMS, LDAP, etc). So your realm is what will tell Shiro whether or not roles or permissions exist. You have full control over how your authorization model works. + </td> + </tr> + </tbody> + </table> +</div> <h2><a name="JavaAuthorizationGuide-HowtoperformAuthorizationinJavawithShiro"></a>How to perform Authorization in Java with Shiro</h2> <p>Authorization in Shiro can be handled in four ways.</p> @@ -158,7 +182,7 @@ Authorization, or access control, is the <h4><a name="JavaAuthorizationGuide-RoleCheck"></a>Role Check</h4> <p>This is an example of how you do a role check programmatically in your application. We want to check if a user has the <em>administrator</em> role and if they do, then we'll show a special button, otherwise we won't show it.</p> -<p>First we get access to the current user, the <a href="subject.html" title="Subject">Subject</a>. Then we pass the <em>adminstrator</em> to the Subject's <tt><a class="external-link" href="static/current/apidocs/org/apache/shiro/subject/Subject.html#hasRole(java.lang.String)">.hasRole()</a></tt> method. It will return <tt>TRUE</tt> or <tt>FALSE</tt>. </p> +<p>First we get access to the current user, the <a href="subject.html" title="Subject">Subject</a>. Then we pass the <em>adminstrator</em> to the Subject's <tt><a class="external-link" href="static/current/apidocs/org/apache/shiro/subject/Subject.html\#hasRole(java.lang.String)">.hasRole()</a></tt> method. It will return <tt>TRUE</tt> or <tt>FALSE</tt>. </p> <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent"> <pre class="code-java"> @@ -183,7 +207,7 @@ Authorization, or access control, is the <h4><a name="JavaAuthorizationGuide-PermissionCheck"></a>Permission Check</h4> <p>This is an example of how you do security checks by permission. We want to check if a user has permission to print to laserjet3000n and if they do, then we'll show a print button, otherwise we won't show it. This is an example of an instance level permission or instance level authorization.</p> -<p>Again, first you get access to the current user, the <a href="subject.html" title="Subject">Subject</a>. Then you construct a <tt><a class="external-link" href="static/current/apidocs/org/apache/shiro/authz/Permission.html">Permission</a></tt> object or an instance that represents an action on a resource. In this case, the instance is named <tt>printerPermission</tt>, the resource is <em>laserjet3000n</em>, and the action is <em>print</em>. Then we pass <tt>printerPermission</tt> to the Subject's <tt><a class="external-link" href="static/current/apidocs/org/apache/shiro/subject/Subject.html#isPermitted(java.util.List)">.isPermitted()</a></tt> method. It will return true or false. </p> +<p>Again, first you get access to the current user, the <a href="subject.html" title="Subject">Subject</a>. Then you construct a <tt><a class="external-link" href="static/current/apidocs/org/apache/shiro/authz/Permission.html">Permission</a></tt> object or an instance that represents an action on a resource. In this case, the instance is named <tt>printerPermission</tt>, the resource is <em>laserjet3000n</em>, and the action is <em>print</em>. Then we pass <tt>printerPermission</tt> to the Subject's <tt><a class="external-link" href="static/current/apidocs/org/apache/shiro/subject/Subject.html\#isPermitted(java.util.List)">.isPermitted()</a></tt> method. It will return true or false. </p> <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent"> <pre class="code-java">
Modified: shiro/site/publish/java-cryptography-guide.html URL: http://svn.apache.org/viewvc/shiro/site/publish/java-cryptography-guide.html?rev=1765607&r1=1765606&r2=1765607&view=diff ============================================================================== --- shiro/site/publish/java-cryptography-guide.html (original) +++ shiro/site/publish/java-cryptography-guide.html Wed Oct 19 14:24:58 2016 @@ -15,6 +15,7 @@ limitations under the License. --> <html> + <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta name="description" content="Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management."> @@ -29,6 +30,7 @@ <link rel="icon" type="image/vnd.microsoft.icon" href="./assets/images/favicon.ico"> + <link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.6.3/css/font-awesome.min.css";> <link rel="stylesheet" type="text/css" href="./assets/css/normalize.css"> <link rel="stylesheet" type="text/css" href="./assets/css/confluence.css" media="screen"> @@ -131,9 +133,45 @@ Cryptography is the protecting of inform </div></div> <h2><a name="JavaCryptographyGuide-HashFeatures"></a>Hash Features</h2> -<div class="panelMacro"><table class="tipMacro"><colgroup span="1"><col span="1" width="24"><col span="1"></colgroup><tr><td colspan="1" rowspan="1" valign="top"><img align="middle" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif"; width="16" height="16" alt="" border="0"></td><td colspan="1" rowspan="1">Salts are important when hashing ...</td></tr></table></div> +<div class="panelMacro"> + <table class="tipMacro"> + <colgroup span="1"> + <col span="1" width="24"> + <col span="1"> + </colgroup> + <tbody><tr> + <td colspan="1" rowspan="1" valign="top"> + <i class="fa fa-check-square-o"></i> + </td> + <td colspan="1" rowspan="1"> + <b>Tip</b> + <br clear="none"> + Salts are important when hashing ... + </td> + </tr> + </tbody> + </table> +</div> -<div class="panelMacro"><table class="tipMacro"><colgroup span="1"><col span="1" width="24"><col span="1"></colgroup><tr><td colspan="1" rowspan="1" valign="top"><img align="middle" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif"; width="16" height="16" alt="" border="0"></td><td colspan="1" rowspan="1">Repeated hashes are important when hashing ...</td></tr></table></div> +<div class="panelMacro"> + <table class="tipMacro"> + <colgroup span="1"> + <col span="1" width="24"> + <col span="1"> + </colgroup> + <tbody><tr> + <td colspan="1" rowspan="1" valign="top"> + <i class="fa fa-check-square-o"></i> + </td> + <td colspan="1" rowspan="1"> + <b>Tip</b> + <br clear="none"> + Repeated hashes are important when hashing ... + </td> + </tr> + </tbody> + </table> +</div> <h3><a name="JavaCryptographyGuide-Shiro%27sHashInterface"></a>Shiro's Hash Interface</h3> <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent"> Modified: shiro/site/publish/jsp-tag-library.html URL: http://svn.apache.org/viewvc/shiro/site/publish/jsp-tag-library.html?rev=1765607&r1=1765606&r2=1765607&view=diff ============================================================================== --- shiro/site/publish/jsp-tag-library.html (original) +++ shiro/site/publish/jsp-tag-library.html Wed Oct 19 14:24:58 2016 @@ -15,6 +15,7 @@ limitations under the License. --> <html> + <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta name="description" content="Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management."> @@ -29,6 +30,7 @@ <link rel="icon" type="image/vnd.microsoft.icon" href="./assets/images/favicon.ico"> + <link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.6.3/css/font-awesome.min.css";> <link rel="stylesheet" type="text/css" href="./assets/css/normalize.css"> <link rel="stylesheet" type="text/css" href="./assets/css/confluence.css" media="screen"> Modified: shiro/site/publish/license.html URL: http://svn.apache.org/viewvc/shiro/site/publish/license.html?rev=1765607&r1=1765606&r2=1765607&view=diff ============================================================================== --- shiro/site/publish/license.html (original) +++ shiro/site/publish/license.html Wed Oct 19 14:24:58 2016 @@ -15,6 +15,7 @@ limitations under the License. --> <html> + <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta name="description" content="Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management."> @@ -29,6 +30,7 @@ <link rel="icon" type="image/vnd.microsoft.icon" href="./assets/images/favicon.ico"> + <link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.6.3/css/font-awesome.min.css";> <link rel="stylesheet" type="text/css" href="./assets/css/normalize.css"> <link rel="stylesheet" type="text/css" href="./assets/css/confluence.css" media="screen"> Modified: shiro/site/publish/mailing-lists.html URL: http://svn.apache.org/viewvc/shiro/site/publish/mailing-lists.html?rev=1765607&r1=1765606&r2=1765607&view=diff ============================================================================== --- shiro/site/publish/mailing-lists.html (original) +++ shiro/site/publish/mailing-lists.html Wed Oct 19 14:24:58 2016 @@ -15,6 +15,7 @@ limitations under the License. --> <html> + <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta name="description" content="Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management."> @@ -29,6 +30,7 @@ <link rel="icon" type="image/vnd.microsoft.icon" href="./assets/images/favicon.ico"> + <link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.6.3/css/font-awesome.min.css";> <link rel="stylesheet" type="text/css" href="./assets/css/normalize.css"> <link rel="stylesheet" type="text/css" href="./assets/css/confluence.css" media="screen"> Modified: shiro/site/publish/navigation.html URL: http://svn.apache.org/viewvc/shiro/site/publish/navigation.html?rev=1765607&r1=1765606&r2=1765607&view=diff ============================================================================== --- shiro/site/publish/navigation.html (original) +++ shiro/site/publish/navigation.html Wed Oct 19 14:24:58 2016 @@ -15,6 +15,7 @@ limitations under the License. --> <html> + <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta name="description" content="Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management."> @@ -29,6 +30,7 @@ <link rel="icon" type="image/vnd.microsoft.icon" href="./assets/images/favicon.ico"> + <link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.6.3/css/font-awesome.min.css";> <link rel="stylesheet" type="text/css" href="./assets/css/normalize.css"> <link rel="stylesheet" type="text/css" href="./assets/css/confluence.css" media="screen"> Modified: shiro/site/publish/news.html URL: http://svn.apache.org/viewvc/shiro/site/publish/news.html?rev=1765607&r1=1765606&r2=1765607&view=diff ============================================================================== --- shiro/site/publish/news.html (original) +++ shiro/site/publish/news.html Wed Oct 19 14:24:58 2016 @@ -15,6 +15,7 @@ limitations under the License. --> <html> + <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta name="description" content="Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management."> @@ -29,6 +30,7 @@ <link rel="icon" type="image/vnd.microsoft.icon" href="./assets/images/favicon.ico"> + <link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.6.3/css/font-awesome.min.css";> <link rel="stylesheet" type="text/css" href="./assets/css/normalize.css"> <link rel="stylesheet" type="text/css" href="./assets/css/confluence.css" media="screen"> Modified: shiro/site/publish/overview.html URL: http://svn.apache.org/viewvc/shiro/site/publish/overview.html?rev=1765607&r1=1765606&r2=1765607&view=diff ============================================================================== --- shiro/site/publish/overview.html (original) +++ shiro/site/publish/overview.html Wed Oct 19 14:24:58 2016 @@ -15,6 +15,7 @@ limitations under the License. --> <html> + <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta name="description" content="Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management."> @@ -29,6 +30,7 @@ <link rel="icon" type="image/vnd.microsoft.icon" href="./assets/images/favicon.ico"> + <link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.6.3/css/font-awesome.min.css";> <link rel="stylesheet" type="text/css" href="./assets/css/normalize.css"> <link rel="stylesheet" type="text/css" href="./assets/css/confluence.css" media="screen"> Modified: shiro/site/publish/performing-a-release.html URL: http://svn.apache.org/viewvc/shiro/site/publish/performing-a-release.html?rev=1765607&r1=1765606&r2=1765607&view=diff ============================================================================== --- shiro/site/publish/performing-a-release.html (original) +++ shiro/site/publish/performing-a-release.html Wed Oct 19 14:24:58 2016 @@ -15,6 +15,7 @@ limitations under the License. --> <html> + <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta name="description" content="Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management."> @@ -29,6 +30,7 @@ <link rel="icon" type="image/vnd.microsoft.icon" href="./assets/images/favicon.ico"> + <link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.6.3/css/font-awesome.min.css";> <link rel="stylesheet" type="text/css" href="./assets/css/normalize.css"> <link rel="stylesheet" type="text/css" href="./assets/css/confluence.css" media="screen"> @@ -71,104 +73,35 @@ <div id="content"> - <h2><a name="PerformingaRelease-CreatetheReleaseandVote"></a>Create the Release and Vote</h2> + <p>This page has been moved. You are being redirected.</p> -<ol><li>Ensure you are using JDK 1.6 (1.7 will not work) and Maven 3.0.3 (or later) for the following steps.</li><li>Run Apache RAT to ensure that we're Apache compliant: -<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent"> -<pre class="code-java"> -> mvn apache-rat:check -</pre> -</div></div> -<p>Resolve any errors as necessary (usually amounts to placing the ASF license header at the top of files).</p></li><li>Execute the maven commands below to go through the release process. If there are any errors that you can't resolve, contact the <tt>[email protected]</tt> mailing list. -<div class="panelMacro"><table class="infoMacro"><colgroup span="1"><col span="1" width="24"><col span="1"></colgroup><tr><td colspan="1" rowspan="1" valign="top"><img align="middle" src="https://cwiki.apache.org/confluence/images/icons/emoticons/information.gif"; width="16" height="16" alt="" border="0"></td><td colspan="1" rowspan="1"><b>GPG Installed</b><br clear="none">This release process requires the <tt>gpg</tt> binary to be in your command $PATH and your code signing key configured for your account.</td></tr></table></div> -<p>Commands:</p> -<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent"> -<pre class="code-java"> -> mvn clean install -Pdocs,apache-release -> mvn release:prepare -DdryRun=<span class="code-keyword">true</span> -> mvn deploy -Pdocs -> mvn release:clean -> mvn release:prepare -Dusername=YOUR_ASF_USERNAME -Dpassword=YOUR_ASF_PASSWORD -> mvn release:perform -Dusername=YOUR_ASF_USERNAME -Dpassword=YOUR_ASF_PASSWORD -</pre> -</div></div></li><li>Log in to <a class="external-link" href="https://repository.apache.org";>https://repository.apache.org</a>. Navigate to "Staging Repositories" (on the left nav panel). Find the repository starting with 'org.apache.shiro' and <tt>close</tt> it.</li><li>Send out the VOTE email to the <tt>[email protected]</tt> mailing list. Here's a good template: -<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent"> -<pre class="code-java"> -This is a call to vote in favor of releasing Apache Shiro version 1.2.0. - -The 59 issues solved <span class="code-keyword">for</span> 1.2.0: - -https:<span class="code-comment">//issues.apache.org/jira/secure/IssueNavigator!executeAdvanced.jspa?jqlQuery=project+%3D+SHIRO+AND+fixVersion+%3D+%221.2.0%22+AND+%28status+%21%3D+Open+and+status+%21%3D+%22In+Progress%22%29+ORDER+BY+priority+DESC&runQuery=<span class="code-keyword">true</span>&clear=<span class="code-keyword">true</span> -</span> -The tag to be voted upon: -<GIT_URL_OF_THE_RELEASE_TAG> (e.g. https:<span class="code-comment">//github.com/apache/shiro/tree/1.2.0) -</span> -Staging repo <span class="code-keyword">for</span> binaries: -<URL_OF_THE_CLOSED_REPO_FROM_ABOVE_STEP> (e.g. https:<span class="code-comment">//repository.apache.org/content/repositories/orgapacheshiro-92/) -</span> -Project website (just <span class="code-keyword">for</span> informational purposes, not to be voted upon): -http:<span class="code-comment">//shiro.apache.org/ -</span>and maven <span class="code-keyword">static</span> generated site (<span class="code-keyword">for</span> informational purposes, not to be voted upon): -people.apache.org:/www/shiro.apache.org/<span class="code-keyword">static</span>/1.2.0 or http:<span class="code-comment">//shiro.apache.org/<span class="code-keyword">static</span>/1.2.0 (once it propagates to web servers) -</span> -Guide to testing staged releases: -http:<span class="code-comment">//maven.apache.org/guides/development/guide-testing-releases.html -</span> -Vote open <span class="code-keyword">for</span> 72 hours. Please <span class="code-keyword">do</span> examine the source and binaries before voting. - -[ ] +1 -[ ] +0 -[ ] -1 (please include reasoning) -</pre> -</div></div></li></ol> - - -<h2><a name="PerformingaRelease-AfteraSuccessfulVote"></a>After a Successful Vote</h2> - -<ol><li>Update the <a class="external-link" href="https://github.com/apache/shiro/blob/master/shiro.doap.rdf";>Shiro DOAP file in git</a> to include another release information chunk (<em>after</em> the other similar chunks): -<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent"> -<pre class="code-xml"> -<span class="code-tag"><release></span> - <span class="code-tag"><Version></span> - <span class="code-tag"><name></span>Apache Shiro VERSION<span class="code-tag"></name></span> - <span class="code-tag"><created></span>RELEASE_DATE<span class="code-tag"></created></span> - <span class="code-tag"><revision></span>VERSION<span class="code-tag"></revision></span> - <span class="code-tag"></Version></span> -<span class="code-tag"></release></span> -</pre> -</div></div> -<p><br clear="none" class="atl-forced-newline"> -With the appropriate <tt>RELEASE_DATE</tt> (e.g. 2011-10-01) and <tt>VERSION</tt> (e.g. 1.1.0). Save and commit the file to Git. -<br clear="none" class="atl-forced-newline"> -<br clear="none" class="atl-forced-newline"></p></li><li>Put the distribution on the ASF web servers - <ol><li>SSH into people.apache.org and cd to to Shiro's distribution location: -<br clear="none" class="atl-forced-newline"> -<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent"> -<pre class="code-java">cd /www/www.apache.org/dist/shiro</pre> -</div></div></li><li>Create a subdirectory for the specific version number released: -<br clear="none" class="atl-forced-newline"> -<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent"> -<pre class="code-java">mkdir 1.2.1</pre> -</div></div></li><li>Acquire the source release .zip and it's verifying files (.md5, .sha1, .asc, .asc.md5, .asc.sha1) from <a class="external-link" href="https://repository.apache.org";>https://repository.apache.org</a> -<br clear="none" class="atl-forced-newline"> -<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent"> -<pre class="code-java">wget --no-check-certificate https:<span class="code-comment">//repository.apache.org/content/groups/<span class="code-keyword">public</span>/org/apache/shiro/shiro-root/<version>/shiro-root-<version>-source-release.zip -</span>wget --no-check-certificate https:<span class="code-comment">//repository.apache.org/content/groups/<span class="code-keyword">public</span>/org/apache/shiro/shiro-root/<version>/shiro-root-<version>-source-release.zip.md5 -</span>wget --no-check-certificate https:<span class="code-comment">//repository.apache.org/content/groups/<span class="code-keyword">public</span>/org/apache/shiro/shiro-root/<version>/shiro-root-<version>-source-release.zip.sha1 -</span>wget --no-check-certificate https:<span class="code-comment">//repository.apache.org/content/groups/<span class="code-keyword">public</span>/org/apache/shiro/shiro-root/<version>/shiro-root-<version>-source-release.zip.asc -</span>wget --no-check-certificate https:<span class="code-comment">//repository.apache.org/content/groups/<span class="code-keyword">public</span>/org/apache/shiro/shiro-root/<version>/shiro-root-<version>-source-release.zip.asc.md5 -</span>wget --no-check-certificate https:<span class="code-comment">//repository.apache.org/content/groups/<span class="code-keyword">public</span>/org/apache/shiro/shiro-root/<version>/shiro-root-<version>-source-release.zip.asc.sha1</span></pre> -</div></div></li></ol> - </li><li>Update the Shiro wiki's <a href="download.html" title="Download">Download</a> page to include a new entry for 1.2.1</li><li>Update the Shiro wiki's <a href="index.html" title="Index">Index</a> page and update the download 'block'.  This must be done via the Wiki Markup View so JavaScript can be edited.</li><li>Make an announcement as a Shiro blog article. You can look at <a class="external-link" href="2012/01/24/apache-shiro-120-released.html">a previous announcement</a> as an example.</li><li>Make the same announcement on the Shiro user list (subject: [ANNOUNCE] Apache Shiro <version> released) and CC the developer list.</li><li>Update the <a class="external-link" href="http://en.wikipedia.org/wiki/Apache_Shiro"; rel="nofollow">Apache Shiro Wikipedia page</a> to reflect the latest release information.</li><li>Update the 'current' symbolic link on people.apache.org to reference the latest static site documentation. For exampl e (replace <b>1.2.1</b> with the latest version): -<br clear="none" class="atl-forced-newline"> -<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent"> -<pre class="code-java"> -$ ssh people.apache.org -$ cd /www/apache.shiro.org/<span class="code-keyword">static</span> -$ rm current -$ ln -s 1.2.1 current -</pre> -</div></div></li></ol> +<div class="panelMacro"> + <table class="noteMacro"> + <colgroup span="1"> + <col span="1" width="24"> + <col span="1"> + </colgroup> + <tbody> + <tr> + <td colspan="1" rowspan="1" valign="top"> + <i class="fa fa-warning"></i> + </td> + + <td colspan="1" rowspan="1"> + <b>Redirection Notice</b> + <br clear="none"> + This page should redirect to <a href="https://cwiki.apache.org/confluence/display/SHIRO/Performing+a+Release"; title="https://cwiki.apache.org/confluence/display/SHIRO/Performing+a+Release";>https://cwiki.apache.org/confluence/display/SHIRO/Performing+a+Release</a>. + </td> + </tr> + </tbody> + </table> +</div> + +<script type="text/javascript"> + <!-- + window.location = "https://cwiki.apache.org/confluence/display/SHIRO/Performing+a+Release"; + //--> +</script> </div> Modified: shiro/site/publish/permissions.html URL: http://svn.apache.org/viewvc/shiro/site/publish/permissions.html?rev=1765607&r1=1765606&r2=1765607&view=diff ============================================================================== --- shiro/site/publish/permissions.html (original) +++ shiro/site/publish/permissions.html Wed Oct 19 14:24:58 2016 @@ -15,6 +15,7 @@ limitations under the License. --> <html> + <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta name="description" content="Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management."> @@ -29,6 +30,7 @@ <link rel="icon" type="image/vnd.microsoft.icon" href="./assets/images/favicon.ico"> + <link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.6.3/css/font-awesome.min.css";> <link rel="stylesheet" type="text/css" href="./assets/css/normalize.css"> <link rel="stylesheet" type="text/css" href="./assets/css/confluence.css" media="screen"> Modified: shiro/site/publish/powered-by-shiro.html URL: http://svn.apache.org/viewvc/shiro/site/publish/powered-by-shiro.html?rev=1765607&r1=1765606&r2=1765607&view=diff ============================================================================== --- shiro/site/publish/powered-by-shiro.html (original) +++ shiro/site/publish/powered-by-shiro.html Wed Oct 19 14:24:58 2016 @@ -15,6 +15,7 @@ limitations under the License. --> <html> + <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta name="description" content="Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management."> @@ -29,6 +30,7 @@ <link rel="icon" type="image/vnd.microsoft.icon" href="./assets/images/favicon.ico"> + <link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.6.3/css/font-awesome.min.css";> <link rel="stylesheet" type="text/css" href="./assets/css/normalize.css"> <link rel="stylesheet" type="text/css" href="./assets/css/confluence.css" media="screen"> Modified: shiro/site/publish/privacy-policy.html URL: http://svn.apache.org/viewvc/shiro/site/publish/privacy-policy.html?rev=1765607&r1=1765606&r2=1765607&view=diff ============================================================================== --- shiro/site/publish/privacy-policy.html (original) +++ shiro/site/publish/privacy-policy.html Wed Oct 19 14:24:58 2016 @@ -15,6 +15,7 @@ limitations under the License. --> <html> + <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta name="description" content="Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management."> @@ -29,6 +30,7 @@ <link rel="icon" type="image/vnd.microsoft.icon" href="./assets/images/favicon.ico"> + <link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.6.3/css/font-awesome.min.css";> <link rel="stylesheet" type="text/css" href="./assets/css/normalize.css"> <link rel="stylesheet" type="text/css" href="./assets/css/confluence.css" media="screen"> Modified: shiro/site/publish/quickstart.html URL: http://svn.apache.org/viewvc/shiro/site/publish/quickstart.html?rev=1765607&r1=1765606&r2=1765607&view=diff ============================================================================== --- shiro/site/publish/quickstart.html (original) +++ shiro/site/publish/quickstart.html Wed Oct 19 14:24:58 2016 @@ -15,6 +15,7 @@ limitations under the License. --> <html> + <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta name="description" content="Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management."> @@ -29,6 +30,7 @@ <link rel="icon" type="image/vnd.microsoft.icon" href="./assets/images/favicon.ico"> + <link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.6.3/css/font-awesome.min.css";> <link rel="stylesheet" type="text/css" href="./assets/css/normalize.css"> <link rel="stylesheet" type="text/css" href="./assets/css/confluence.css" media="screen"> @@ -73,7 +75,34 @@ <p>This page has been moved. You are being redirected.</p> -<p></p><div class="panelMacro"><table class="noteMacro"><colgroup span="1"><col span="1" width="24"><col span="1"></colgroup><tr><td colspan="1" rowspan="1" valign="top"><img align="middle" src="https://cwiki.apache.org/confluence/images/icons/emoticons/warning.gif"; width="16" height="16" alt="" border="0"></td><td colspan="1" rowspan="1"><b>Redirection Notice</b><br clear="none">This page should redirect to <a href="10-minute-tutorial.html" title="10 Minute Tutorial">10 Minute Tutorial</a>.</td></tr></table></div> +<div class="panelMacro"> + <table class="noteMacro"> + <colgroup span="1"> + <col span="1" width="24"> + <col span="1"> + </colgroup> + <tbody> + <tr> + <td colspan="1" rowspan="1" valign="top"> + <i class="fa fa-warning"></i> + </td> + + <td colspan="1" rowspan="1"> + <b>Redirection Notice</b> + <br clear="none"> + This page should redirect to <a href="10-minute-tutorial.html" title="10 Minute Tutorial">10 Minute Tutorial</a>. + </td> + </tr> + </tbody> + </table> +</div> + +<script type="text/javascript"> + <!-- + window.location = "10-minute-tutorial.html" + //--> +</script> + </div> Modified: shiro/site/publish/realm.html URL: http://svn.apache.org/viewvc/shiro/site/publish/realm.html?rev=1765607&r1=1765606&r2=1765607&view=diff ============================================================================== --- shiro/site/publish/realm.html (original) +++ shiro/site/publish/realm.html Wed Oct 19 14:24:58 2016 @@ -15,6 +15,7 @@ limitations under the License. --> <html> + <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta name="description" content="Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management."> @@ -29,6 +30,7 @@ <link rel="icon" type="image/vnd.microsoft.icon" href="./assets/images/favicon.ico"> + <link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.6.3/css/font-awesome.min.css";> <link rel="stylesheet" type="text/css" href="./assets/css/normalize.css"> <link rel="stylesheet" type="text/css" href="./assets/css/confluence.css" media="screen"> @@ -80,7 +82,25 @@ <p>Realms usually have a 1-to-1 correlation with a data source such as a relational database, LDAP directory, file system, or other similar resource. As such, implementations of the <tt>Realm</tt> interface use data source-specific APIs to discover authorization data (roles, permissions, etc), such as JDBC, File IO, Hibernate or JPA, or any other Data Access API. </p> -<div class="panelMacro"><table class="tipMacro"><colgroup span="1"><col span="1" width="24"><col span="1"></colgroup><tr><td colspan="1" rowspan="1" valign="top"><img align="middle" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif"; width="16" height="16" alt="" border="0"></td><td colspan="1" rowspan="1">A Realm is essentially a security-specific <a class="external-link" href="http://en.wikipedia.org/wiki/Data_Access_Object"; rel="nofollow">DAO</a></td></tr></table></div> +<div class="panelMacro"> + <table class="tipMacro"> + <colgroup span="1"> + <col span="1" width="24"> + <col span="1"> + </colgroup> + <tbody><tr> + <td colspan="1" rowspan="1" valign="top"> + <i class="fa fa-check-square-o"></i> + </td> + <td colspan="1" rowspan="1"> + <b>Tip</b> + <br clear="none"> + A Realm is essentially a security-specific <a class="external-link" href="http://en.wikipedia.org/wiki/Data_Access_Object"; rel="nofollow">DAO</a> + </td> + </tr> + </tbody> + </table> +</div> <p>Because most of these data sources usually store both authentication data (credentials such as passwords) as well as authorization data (such as roles or permissions), every Shiro <tt>Realm</tt> can perform <em>both</em> authentication and authorization operations.</p> @@ -104,11 +124,31 @@ securityManager.realms = $fooRealm, $bar </pre> </div></div> -<p>Explicit assignment is deterministic - you control exactly which realms are used as well as <em>the order</em> that they will be used for authentication and authorization. Realm ordering effects are described in detail in the Authentication chapter's <a href="authentication.html#Authentication-sequence">Authentication Sequence</a> section. </p> +<p>Explicit assignment is deterministic - you control exactly which realms are used as well as <em>the order</em> that they will be used for authentication and authorization. Realm ordering effects are described in detail in the Authentication chapter's <a href="authentication.html\#Authentication-sequence">Authentication Sequence</a> section. </p> <h3><a name="Realm-ImplicitAssignment"></a>Implicit Assignment</h3> -<div class="panelMacro"><table class="warningMacro"><colgroup span="1"><col span="1" width="24"><col span="1"></colgroup><tr><td colspan="1" rowspan="1" valign="top"><img align="middle" src="https://cwiki.apache.org/confluence/images/icons/emoticons/forbidden.gif"; width="16" height="16" alt="" border="0"></td><td colspan="1" rowspan="1"><b>Not Preferred</b><br clear="none">Implicit assignment can cause unexpected behavior if you change the order in which realms are defined. It is recommended that you avoid this approach and use Explicit Assignment, which has deterministic behavior. It is likely Implicit Assignment will be deprecated/removed from a future Shiro release.</td></tr></table></div> +<div class="panelMacro"> + <table class="warningMacro"> + <colgroup span="1"> + <col span="1" width="24"> + <col span="1"> + </colgroup> + <tbody> + <tr> + <td colspan="1" rowspan="1" valign="top"> + <i class="fa fa-exclamation-circle"></i> + </td> + + <td colspan="1" rowspan="1"> + <b>Not Preferred</b> + <br clear="none"> + Implicit assignment can cause unexpected behavior if you change the order in which realms are defined. It is recommended that you avoid this approach and use Explicit Assignment, which has deterministic behavior. It is likely Implicit Assignment will be deprecated/removed from a future Shiro release. + </td> + </tr> + </tbody> + </table> +</div> <p>If for some reason you don't want to explicitly configure the <tt>securityManager.realms</tt> property, you can allow Shiro to detect all configured realms and assign them to the <tt>securityManager</tt> directly.</p> @@ -134,23 +174,23 @@ securityManager.realms = $blahRealm, $fo </pre> </div></div> -<p>However, realize that with implicit assignment, just the order that the realms are defined directly affects how they are consulted during authentication and authorization attempts. If you change their definition order, you will change how the master <tt>Authenticator</tt>'s <a href="authentication.html#Authentication-sequence">Authentication Sequence</a> functions.</p> +<p>However, realize that with implicit assignment, just the order that the realms are defined directly affects how they are consulted during authentication and authorization attempts. If you change their definition order, you will change how the master <tt>Authenticator</tt>'s <a href="authentication.html\#Authentication-sequence">Authentication Sequence</a> functions.</p> <p>For this reason, and to ensure deterministic behavior, we recommend using Explicit Assignment instead of Implicit Assignment. <br clear="none"> <a name="Realm-authentication"></a></p> <h2><a name="Realm-RealmAuthentication"></a>Realm Authentication</h2> -<p>Once you understand Shiro's master <a href="authentication.html#Authentication-sequence">Authentication workflow</a>, it is important to know exactly what happens when the <tt>Authenticator</tt> interacts with a <tt>Realm</tt> during an authentication attempt.</p> +<p>Once you understand Shiro's master <a href="authentication.html\#Authentication-sequence">Authentication workflow</a>, it is important to know exactly what happens when the <tt>Authenticator</tt> interacts with a <tt>Realm</tt> during an authentication attempt.</p> <h3><a name="Realm-Supporting%7B%7BAuthenticationTokens%7D%7D"></a>Supporting <tt>AuthenticationTokens</tt></h3> -<p>As mentioned in the <a href="authentication.html#Authentication-sequence">authentication sequence</a>, just before a <tt>Realm</tt> is consulted to perform an authentication attempt, its <tt><a class="external-link" href="static/current/apidocs/org/apache/shiro/realm/Realm.html#supports(org.apache.shiro.authc.AuthenticationToken)">supports</a></tt> method is called. If the return value is <tt>true</tt>, only then will its <tt>getAuthenticationInfo(token)</tt> method be invoked.</p> +<p>As mentioned in the <a href="authentication.html\#Authentication-sequence">authentication sequence</a>, just before a <tt>Realm</tt> is consulted to perform an authentication attempt, its <tt><a class="external-link" href="static/current/apidocs/org/apache/shiro/realm/Realm.html\#supports(org.apache.shiro.authc.AuthenticationToken)">supports</a></tt> method is called. If the return value is <tt>true</tt>, only then will its <tt>getAuthenticationInfo(token)</tt> method be invoked.</p> <p>Typically a realm will check the type (interface or class) of the submitted token to see if it can process it. For example, a Realm that processes biometric data may not understand <tt>UsernamePasswordTokens</tt> at all, in which case it would return <tt>false</tt> from the <tt>supports</tt> method.</p> <h3><a name="Realm-Handlingsupported%7B%7BAuthenticationTokens%7D%7D"></a>Handling supported <tt>AuthenticationTokens</tt></h3> -<p>If a <tt>Realm</tt> <tt>supports</tt> a submitted <tt>AuthenticationToken</tt>, the <tt>Authenticator</tt> will call the Realm's <a class="external-link" href="static/current/apidocs/org/apache/shiro/realm/Realm.html#getAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken)">getAuthenticationInfo(token)</a> method. This effectively represents an authentication attempt with the <tt>Realm's</tt> backing data source. The method, in order:</p> +<p>If a <tt>Realm</tt> <tt>supports</tt> a submitted <tt>AuthenticationToken</tt>, the <tt>Authenticator</tt> will call the Realm's <a class="external-link" href="static/current/apidocs/org/apache/shiro/realm/Realm.html\#getAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken)">getAuthenticationInfo(token)</a> method. This effectively represents an authentication attempt with the <tt>Realm's</tt> backing data source. The method, in order:</p> <ol><li>Inspects the <tt>token</tt> for the identifying principal (account identifying information)</li><li>Based on the <tt>principal</tt>, looks up corresponding account data in the data source</li><li>Ensures that the token's supplied <tt>credentials</tt> matches those stored in the data store</li><li>If the credentials match, an <a class="external-link" href="static/current/apidocs/org/apache/shiro/authc/AuthenticationInfo.html">AuthenticationInfo</a> instance is returned that encapsulates the account data in a format Shiro understands</li><li>If the credentials DO NOT match, an <a class="external-link" href="static/current/apidocs/org/apache/shiro/authc/AuthenticationException.html">AuthenticationException</a> is thrown</li></ol> @@ -159,13 +199,55 @@ securityManager.realms = $blahRealm, $fo <p>The only thing required is that, if the credentials match for the given principal(s), that a non-null <tt>AuthenticationInfo</tt> instance is returned that represents Subject account information from that data source.</p> -<div class="panelMacro"><table class="infoMacro"><colgroup span="1"><col span="1" width="24"><col span="1"></colgroup><tr><td colspan="1" rowspan="1" valign="top"><img align="middle" src="https://cwiki.apache.org/confluence/images/icons/emoticons/information.gif"; width="16" height="16" alt="" border="0"></td><td colspan="1" rowspan="1"><b>Save Time</b><br clear="none">Implementing <tt><a class="external-link" href="static/current/apidocs/org/apache/shiro/realm/Realm.html">Realm</a></tt> interface directly might be time consuming and error prone. Most people choose to subclass the <a class="external-link" href="static/current/apidocs/org/apache/shiro/realm/AuthorizingRealm.html">AuthorizingRealm</a> abstract class instead of starting from scratch. This class implements common authentication and authorization workflow to save you time and effort.</td></tr></table></div> +<div class="panelMacro"> + <table class="infoMacro"> + <colgroup span="1"> + <col span="1" width="24"> + <col span="1"> + </colgroup> + + + <tbody> + <tr> + <td colspan="1" rowspan="1" valign="top"> + <i class="fa fa-info-circle"></i> + </td> + + <td colspan="1" rowspan="1"> + <b>Save Time</b> + <br clear="none"> + Implementing <tt><a class="external-link" href="static/current/apidocs/org/apache/shiro/realm/Realm.html">Realm</a></tt> interface directly might be time consuming and error prone. Most people choose to subclass the <a class="external-link" href="static/current/apidocs/org/apache/shiro/realm/AuthorizingRealm.html">AuthorizingRealm</a> abstract class instead of starting from scratch. This class implements common authentication and authorization workflow to save you time and effort. + </td> + </tr> + </tbody> + </table> +</div> <h3><a name="Realm-CredentialsMatching"></a>Credentials Matching</h3> <p>In the above realm authentication workflow, a Realm has to verify that the <a href="subject.html" title="Subject">Subject</a>'s submitted credentials (e.g. password) must match the credentials stored in the data store. If they match, authentication is considered successful, and the system has verified the end-user's identity.</p> -<div class="panelMacro"><table class="noteMacro"><colgroup span="1"><col span="1" width="24"><col span="1"></colgroup><tr><td colspan="1" rowspan="1" valign="top"><img align="middle" src="https://cwiki.apache.org/confluence/images/icons/emoticons/warning.gif"; width="16" height="16" alt="" border="0"></td><td colspan="1" rowspan="1"><b>Realm Credentials Matching</b><br clear="none">It is each Realm's responsibility to match submitted credentials with those stored in the Realm's backing data store, and not the <tt>Authenticator's</tt> responsibility. Each <tt>Realm</tt> has intimate knowledge of credentials format and storage and can perform detailed credentials matching, whereas the <tt>Authenticator</tt> is a generic workflow component.</td></tr></table></div> +<div class="panelMacro"> + <table class="noteMacro"> + <colgroup span="1"> + <col span="1" width="24"> + <col span="1"> + </colgroup> + <tbody> + <tr> + <td colspan="1" rowspan="1" valign="top"> + <i class="fa fa-warning"></i> + </td> + + <td colspan="1" rowspan="1"> + <b>Realm Credentials Matching</b> + <br clear="none"> + It is each Realm's responsibility to match submitted credentials with those stored in the Realm's backing data store, and not the <tt>Authenticator's</tt> responsibility. Each <tt>Realm</tt> has intimate knowledge of credentials format and storage and can perform detailed credentials matching, whereas the <tt>Authenticator</tt> is a generic workflow component. + </td> + </tr> + </tbody> + </table> +</div> <p>The credentials matching process is nearly identical in all applications and usually only differs by the data compared. To ensure this process is pluggable and customizable if necessary, the <a class="external-link" href="static/current/apidocs/org/apache/shiro/realm/AuthenticatingRealm.html">AuthenticatingRealm</a> and its subclasses support the concept of a <a class="external-link" href="static/current/apidocs/org/apache/shiro/authc/credential/CredentialsMatcher.html">CredentialsMatcher</a> to perform the credentials comparison.</p> Modified: shiro/site/publish/reference.html URL: http://svn.apache.org/viewvc/shiro/site/publish/reference.html?rev=1765607&r1=1765606&r2=1765607&view=diff ============================================================================== --- shiro/site/publish/reference.html (original) +++ shiro/site/publish/reference.html Wed Oct 19 14:24:58 2016 @@ -15,6 +15,7 @@ limitations under the License. --> <html> + <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta name="description" content="Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management."> @@ -29,6 +30,7 @@ <link rel="icon" type="image/vnd.microsoft.icon" href="./assets/images/favicon.ico"> + <link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.6.3/css/font-awesome.min.css";> <link rel="stylesheet" type="text/css" href="./assets/css/normalize.css"> <link rel="stylesheet" type="text/css" href="./assets/css/confluence.css" media="screen"> Modified: shiro/site/publish/securitymanager.html URL: http://svn.apache.org/viewvc/shiro/site/publish/securitymanager.html?rev=1765607&r1=1765606&r2=1765607&view=diff ============================================================================== --- shiro/site/publish/securitymanager.html (original) +++ shiro/site/publish/securitymanager.html Wed Oct 19 14:24:58 2016 @@ -15,6 +15,7 @@ limitations under the License. --> <html> + <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta name="description" content="Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management."> @@ -29,6 +30,7 @@ <link rel="icon" type="image/vnd.microsoft.icon" href="./assets/images/favicon.ico"> + <link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.6.3/css/font-awesome.min.css";> <link rel="stylesheet" type="text/css" href="./assets/css/normalize.css"> <link rel="stylesheet" type="text/css" href="./assets/css/confluence.css" media="screen"> @@ -113,7 +115,25 @@ <p>The <tt>SecurityManager</tt> implementations and are also JavaBeans compatible, which allows you (or a configuration mechanism) to easily customize the pluggable components via standard JavaBeans accessor/mutator methods (get*/set*). This means the Shiro's architectural modularity can translate into very easy configuration for custom behavior.</p> -<div class="panelMacro"><table class="tipMacro"><colgroup span="1"><col span="1" width="24"><col span="1"></colgroup><tr><td colspan="1" rowspan="1" valign="top"><img align="middle" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif"; width="16" height="16" alt="" border="0"></td><td colspan="1" rowspan="1"><b>Easy Configuration</b><br clear="none">Because of JavaBeans compatibility, it is very easy to configure the <tt>SecurityManager</tt> with custom components via any mechanism that supports JavaBeans-style configuration, such as <a href="spring.html" title="Spring">Spring</a>, Guice, JBoss, etc.</td></tr></table></div> +<div class="panelMacro"> + <table class="tipMacro"> + <colgroup span="1"> + <col span="1" width="24"> + <col span="1"> + </colgroup> + <tbody><tr> + <td colspan="1" rowspan="1" valign="top"> + <i class="fa fa-check-square-o"></i> + </td> + <td colspan="1" rowspan="1"> + <b>Easy Configuration</b> + <br clear="none"> + Because of JavaBeans compatibility, it is very easy to configure the <tt>SecurityManager</tt> with custom components via any mechanism that supports JavaBeans-style configuration, such as <a href="spring.html" title="Spring">Spring</a>, Guice, JBoss, etc. + </td> + </tr> + </tbody> + </table> +</div> <h3><a name="SecurityManager-ProgrammaticConfiguration"></a>Programmatic Configuration</h3> Modified: shiro/site/publish/session-management-features.html URL: http://svn.apache.org/viewvc/shiro/site/publish/session-management-features.html?rev=1765607&r1=1765606&r2=1765607&view=diff ============================================================================== --- shiro/site/publish/session-management-features.html (original) +++ shiro/site/publish/session-management-features.html Wed Oct 19 14:24:58 2016 @@ -15,6 +15,7 @@ limitations under the License. --> <html> + <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta name="description" content="Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management."> @@ -29,6 +30,7 @@ <link rel="icon" type="image/vnd.microsoft.icon" href="./assets/images/favicon.ico"> + <link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.6.3/css/font-awesome.min.css";> <link rel="stylesheet" type="text/css" href="./assets/css/normalize.css"> <link rel="stylesheet" type="text/css" href="./assets/css/confluence.css" media="screen"> Modified: shiro/site/publish/session-management.html URL: http://svn.apache.org/viewvc/shiro/site/publish/session-management.html?rev=1765607&r1=1765606&r2=1765607&view=diff ============================================================================== --- shiro/site/publish/session-management.html (original) +++ shiro/site/publish/session-management.html Wed Oct 19 14:24:58 2016 @@ -15,6 +15,7 @@ limitations under the License. --> <html> + <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta name="description" content="Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management."> @@ -29,6 +30,7 @@ <link rel="icon" type="image/vnd.microsoft.icon" href="./assets/images/favicon.ico"> + <link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.6.3/css/font-awesome.min.css";> <link rel="stylesheet" type="text/css" href="./assets/css/normalize.css"> <link rel="stylesheet" type="text/css" href="./assets/css/confluence.css" media="screen"> @@ -157,7 +159,7 @@ session.setAttribute( <span class="code- <ul><li>If the <tt>Subject</tt> already has a <tt>Session</tt>, the boolean argument is ignored and the <tt>Session</tt> is returned immediately</li><li>If the <tt>Subject</tt> does not yet have a <tt>Session</tt> and the <tt>create</tt> boolean argument is <tt>true</tt>, a new session will be created and returned.</li><li>If the <tt>Subject</tt> does not yet have a <tt>Session</tt> and the <tt>create</tt> boolean argument is <tt>false</tt>, a new session will not be created and <tt>null</tt> is returned.</li></ul> -<div class="panelMacro"><table class="tipMacro"><colgroup span="1"><col span="1" width="24"><col span="1"></colgroup><tr><td colspan="1" rowspan="1" valign="top"><img align="middle" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif"; width="16" height="16" alt="" border="0"></td><td colspan="1" rowspan="1"><b>Any Application</b><br clear="none"><tt>getSession</tt> calls work in any application, even non-web applications.</td></tr></table></div> +#tip('Any Application', '<tt>getSession</tt> calls work in any application, even non-web applications.') <p><tt>subject.getSession(false)</tt> can be used to good effect when developing framework code to ensure a Session isn't created unnecessarily.</p> @@ -169,7 +171,7 @@ session.setAttribute( <span class="code- <p>The default <tt>SecurityManager</tt> implementation defaults to using a <tt><a class="external-link" href="static/current/apidocs/org/apache/shiro/mgt/DefaultSecurityManager.html">DefaultSessionManager</a></tt> out of the box. The <tt>DefaultSessionManager</tt> implementation provides all of the enterprise-grade session management features needed for an application, like Session validation, orphan cleanup, etc. This can be used in any application.</p> -<div class="panelMacro"><table class="infoMacro"><colgroup span="1"><col span="1" width="24"><col span="1"></colgroup><tr><td colspan="1" rowspan="1" valign="top"><img align="middle" src="https://cwiki.apache.org/confluence/images/icons/emoticons/information.gif"; width="16" height="16" alt="" border="0"></td><td colspan="1" rowspan="1"><b>Web Applications</b><br clear="none">Web applications use different <tt>SessionManager</tt> implementations. Please see the <a href="web.html" title="Web">Web</a> documentation for web-specific Session Management information.</td></tr></table></div> +#info('Web Applications', 'Web applications use different <tt>SessionManager</tt> implementations. Please see the <a href="web.html" title="Web">Web</a> documentation for web-specific Session Management information.') <p>Like all other components managed by the <tt>SecurityManager</tt>, the <tt>SessionManager</tt> can be acquired or set via JavaBeans-style getter/setter methods on all of Shiro's default <tt>SecurityManager</tt> implementations (<tt>getSessionManager()</tt>/<tt>setSessionManager()</tt>). Or for example, if using <tt>shiro.ini</tt> <a href="configuration.html" title="Configuration">Configuration</a>:</p> @@ -222,7 +224,7 @@ securityManager.sessionManager.sessionLi </pre> </div></div> -<div class="panelMacro"><table class="infoMacro"><colgroup span="1"><col span="1" width="24"><col span="1"></colgroup><tr><td colspan="1" rowspan="1" valign="top"><img align="middle" src="https://cwiki.apache.org/confluence/images/icons/emoticons/information.gif"; width="16" height="16" alt="" border="0"></td><td colspan="1" rowspan="1"><b>All Session Events</b><br clear="none"><tt>SessionListeners</tt> are notified when an event occurs for <em>any</em> session - not just for a particular session.</td></tr></table></div> +#info('All Session Events', '<tt>SessionListeners</tt> are notified when an event occurs for <em>any</em> session - not just for a particular session.') <p><a name="SessionManagement-sessionstorage"></a></p> <h3><a name="SessionManagement-SessionStorage"></a>Session Storage</h3> @@ -245,7 +247,7 @@ securityManager.sessionManager.sessionDA <p>However, as you might expect, Shiro already has some good <tt>SessionDAO</tt> implementations that you can use out of the box or subclass for your own needs.<br clear="none"> <a name="SessionManagement-websessionmanagersessiondao"></a></p> -<div class="panelMacro"><table class="noteMacro"><colgroup span="1"><col span="1" width="24"><col span="1"></colgroup><tr><td colspan="1" rowspan="1" valign="top"><img align="middle" src="https://cwiki.apache.org/confluence/images/icons/emoticons/warning.gif"; width="16" height="16" alt="" border="0"></td><td colspan="1" rowspan="1"><b>Web Applications</b><br clear="none">The above <tt>securityManager.sessionManager.sessionDAO = $sessionDAO</tt> assignment only works when using a Shiro native session manager. Web applications by default do not use a native session manager and instead retain the Servlet Container's default session manager which does not support a SessionDAO. If you would like to enable a SessionDAO in a web-based application for custom session storage or session clustering, you will have to first configure a native web session manager. For example: +#warning('Web Applications', 'The above <tt>securityManager.sessionManager.sessionDAO = $sessionDAO</tt> assignment only works when using a Shiro native session manager. Web applications by default do not use a native session manager and instead retain the Servlet Container's default session manager which does not support a SessionDAO. If you would like to enable a SessionDAO in a web-based application for custom session storage or session clustering, you will have to first configure a native web session manager. For example: <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent"> <pre class="code-java"> @@ -257,19 +259,18 @@ securityManager.sessionManager = $sessio # Configure a SessionDAO and then set it: securityManager.sessionManager.sessionDAO = $sessionDAO </pre> -</div></div></td></tr></table></div> - -<div class="panelMacro"><table class="warningMacro"><colgroup span="1"><col span="1" width="24"><col span="1"></colgroup><tr><td colspan="1" rowspan="1" valign="top"><img align="middle" src="https://cwiki.apache.org/confluence/images/icons/emoticons/forbidden.gif"; width="16" height="16" alt="" border="0"></td><td colspan="1" rowspan="1"><b>Configure a SessionDAO!</b><br clear="none">Shiro's default configuration native SessionManagers use <b><em>in-memory-only</em></b> Session storage. This is unsuitable for most production applications. Most production applications will want to either configure the provided EHCache support (see below) or provide their own <tt>SessionDAO</tt> implementation. +</div></div>') -<p>Note that web applications use a servlet-container-based SessionManager by default and do not have this issue. This is only an issue when using a Shiro native SessionManager.</p></td></tr></table></div> +#danger('Configure a SessionDAO!', 'Shiro''s default configuration native SessionManagers use <b><em>in-memory-only</em></b> Session storage. This is unsuitable for most production applications. Most production applications will want to either configure the provided EHCache support (see below) or provide their own <tt>SessionDAO</tt> implementation. +<p>Note that web applications use a servlet-container-based SessionManager by default and do not have this issue. This is only an issue when using a Shiro native SessionManager.</p>') <p><a name="SessionManagement-ehcachesessiondao"></a></p> <h4><a name="SessionManagement-EHCacheSessionDAO"></a>EHCache SessionDAO</h4> <p>EHCache is not enabled by default, but if you do not plan on implementing your own <tt>SessionDAO</tt>, it is <b>highly</b> recommended that you enable the EHCache support for Shiro's SessionManagement. The EHCache SessionDAO will store sessions in memory and support overflow to disk if memory becomes constrained. This is highly desirable for production applications to ensure that you don't randomly 'lose' sessions at runtime.</p> -<div class="panelMacro"><table class="tipMacro"><colgroup span="1"><col span="1" width="24"><col span="1"></colgroup><tr><td colspan="1" rowspan="1" valign="top"><img align="middle" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif"; width="16" height="16" alt="" border="0"></td><td colspan="1" rowspan="1"><b>Use EHCache as your default</b><br clear="none">If you're not writing a custom <tt>SessionDAO</tt>, definitely enable EHCache in your Shiro configuration. EHCache can also be beneficial beyond Sessions, caching authentication and authorization data as well. See the <a href="caching.html" title="Caching">Caching</a> documentation for more information.</td></tr></table></div> -<div class="panelMacro"><table class="tipMacro"><colgroup span="1"><col span="1" width="24"><col span="1"></colgroup><tr><td colspan="1" rowspan="1" valign="top"><img align="middle" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif"; width="16" height="16" alt="" border="0"></td><td colspan="1" rowspan="1"><b>Container-Independent Session Clustering</b><br clear="none">EHCache is also a nice choice if you quickly need container-independent session clustering. You can transparently plug in <a class="external-link" href="http://www.terracotta.org/"; rel="nofollow">TerraCotta</a> behind EHCache and have a container-independent clustered session cache. No more worrying about Tomcat, JBoss, Jetty, WebSphere or WebLogic specific session clustering ever again!</td></tr></table></div> +#tip('Use EHCache as your default', 'If you're not writing a custom <tt>SessionDAO</tt>, definitely enable EHCache in your Shiro configuration. EHCache can also be beneficial beyond Sessions, caching authentication and authorization data as well. See the <a href="caching.html" title="Caching">Caching</a> documentation for more information.') +#tip('Container-Independent Session Clustering', 'EHCache is also a nice choice if you quickly need container-independent session clustering. You can transparently plug in <a class="external-link" href="http://www.terracotta.org/"; rel="nofollow">TerraCotta</a> behind EHCache and have a container-independent clustered session cache. No more worrying about Tomcat, JBoss, Jetty, WebSphere or WebLogic specific session clustering ever again!') <p>Enabling EHCache for sessions is very easy. First, ensure that you have the <tt>shiro-ehcache-<version>.jar</tt> file in your classpath (see the <a href="download.html" title="Download">Download</a> page or use Maven or Ant+Ivy). </p> <p>Once in the classpath, this first <tt>shiro.ini</tt> example shows you how to use EHCache for all of Shiro's caching needs (not just Session support):</p> @@ -291,7 +292,7 @@ securityManager.cacheManager = $cacheMan <p>Then, when the <tt>SessionManager</tt> asks the <tt>EnterpriseCacheSessionDAO</tt> to persist a <tt>Session</tt>, it will use an EHCache-backed <tt><a class="external-link" href="static/current/apidocs/org/apache/shiro/cache/Cache.html">Cache</a></tt> implementation to store the Session data.</p> -<div class="panelMacro"><table class="infoMacro"><colgroup span="1"><col span="1" width="24"><col span="1"></colgroup><tr><td colspan="1" rowspan="1" valign="top"><img align="middle" src="https://cwiki.apache.org/confluence/images/icons/emoticons/information.gif"; width="16" height="16" alt="" border="0"></td><td colspan="1" rowspan="1"><b>Web Applications</b><br clear="none">Don't forget that assigning a <tt>SessionDAO</tt> is a feature when using Shiro native SessionManager implementations. Web applications by default use a Servlet container-based SessionManager which does not support a <tt>SessionDAO</tt>. Configure a native web SessionManager as <a href="#SessionManagement-websessionmanagersessiondao">explained above</a> if you want to use Ehcache-based session storage in a web application.</td></tr></table></div> +#info('Web Applications', 'Don't forget that assigning a <tt>SessionDAO</tt> is a feature when using Shiro native SessionManager implementations. Web applications by default use a Servlet container-based SessionManager which does not support a <tt>SessionDAO</tt>. Configure a native web SessionManager as <a href="#SessionManagement-websessionmanagersessiondao">explained above</a> if you want to use Ehcache-based session storage in a web application.') <p><a name="SessionManagement-ehcachesessioncacheconfiguration"></a></p> <h5><a name="SessionManagement-EHCacheSessionCacheConfiguration"></a>EHCache Session Cache Configuration</h5> @@ -415,7 +416,7 @@ securityManager.sessionManager.sessionVa <p>Sessions will still be validated when they are retrieved from the session data store, but this will disable Shiro's periodic validation.</p> -<div class="panelMacro"><table class="warningMacro"><colgroup span="1"><col span="1" width="24"><col span="1"></colgroup><tr><td colspan="1" rowspan="1" valign="top"><img align="middle" src="https://cwiki.apache.org/confluence/images/icons/emoticons/forbidden.gif"; width="16" height="16" alt="" border="0"></td><td colspan="1" rowspan="1"><b>Enable Session Validation <em>somewhere</em></b><br clear="none">If you turn off Shiro's session validation scheduler, you <em>MUST</em> perform periodic session validation via some other mechanism (cron job, etc.). This is the only way to guarantee Session orphans do not fill up the data store.</td></tr></table></div> +#danger('Enable Session Validation <em>somewhere</em>', 'If you turn off Shiro's session validation scheduler, you <em>MUST</em> perform periodic session validation via some other mechanism (cron job, etc.). This is the only way to guarantee Session orphans do not fill up the data store.') <h4><a name="SessionManagement-InvalidSessionDeletion"></a>Invalid Session Deletion</h4> @@ -457,10 +458,10 @@ securityManager.sessionManager.deleteInv <p>This gives you the flexibility of choosing the exact clustering mechanism that is suitable for <em>your</em> environment.</p> -<div class="panelMacro"><table class="noteMacro"><colgroup span="1"><col span="1" width="24"><col span="1"></colgroup><tr><td colspan="1" rowspan="1" valign="top"><img align="middle" src="https://cwiki.apache.org/confluence/images/icons/emoticons/warning.gif"; width="16" height="16" alt="" border="0"></td><td colspan="1" rowspan="1"><b>Cache Memory</b><br clear="none">Note that when enabling a distributed/enterprise cache to be your session clustering data store, one of the following two cases must be true: +#warning('Cache Memory', 'Note that when enabling a distributed/enterprise cache to be your session clustering data store, one of the following two cases must be true: <ul><li>The distributed cache has enough cluster-wide memory to retain <em>all</em> active/current sessions</li><li>If the distributed cache does not have enough cluster-wide memory to retain all active sessions, it must support disk overflow so sessions are not lost.<br clear="none"> Failure for the cache to support either of the two cases will result in sessions being randomly lost, which would likely be frustrating to end-users.</li></ul> -</td></tr></table></div> +') <h3><a name="SessionManagement-%7B%7BEnterpriseCacheSessionDAO%7D%7D"></a><tt>EnterpriseCacheSessionDAO</tt></h3> @@ -626,7 +627,7 @@ securityManager.subjectDAO.sessionStorag <p>This will prevent Shiro from using a Subject's session to store that Subject's state across requests/invocations/messages <em>for all Subjects</em>. Just be sure that you authenticate on every request so Shiro will know who the Subject is for any given request/invocation/message.</p> -<div class="panelMacro"><table class="noteMacro"><colgroup span="1"><col span="1" width="24"><col span="1"></colgroup><tr><td colspan="1" rowspan="1" valign="top"><img align="middle" src="https://cwiki.apache.org/confluence/images/icons/emoticons/warning.gif"; width="16" height="16" alt="" border="0"></td><td colspan="1" rowspan="1"><b>Shiro's Needs vs. Your Needs</b><br clear="none">This will disable Shiro's own implementations from using Sessions as a storage strategy. It <b>DOES NOT</b> disable Sessions entirely. A session will still be created if any of your own code explicitly calls <tt>subject.getSession()</tt> or <tt>subject.getSession(true)</tt>.</td></tr></table></div> +#warning('Shiro's Needs vs. Your Needs', 'This will disable Shiro's own implementations from using Sessions as a storage strategy. It <b>DOES NOT</b> disable Sessions entirely. A session will still be created if any of your own code explicitly calls <tt>subject.getSession()</tt> or <tt>subject.getSession(true)</tt>.') <h3><a name="SessionManagement-AHybridApproach"></a>A Hybrid Approach</h3> Modified: shiro/site/publish/sessionmanager.html URL: http://svn.apache.org/viewvc/shiro/site/publish/sessionmanager.html?rev=1765607&r1=1765606&r2=1765607&view=diff ============================================================================== --- shiro/site/publish/sessionmanager.html (original) +++ shiro/site/publish/sessionmanager.html Wed Oct 19 14:24:58 2016 @@ -15,6 +15,7 @@ limitations under the License. --> <html> + <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta name="description" content="Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management."> @@ -29,6 +30,7 @@ <link rel="icon" type="image/vnd.microsoft.icon" href="./assets/images/favicon.ico"> + <link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.6.3/css/font-awesome.min.css";> <link rel="stylesheet" type="text/css" href="./assets/css/normalize.css"> <link rel="stylesheet" type="text/css" href="./assets/css/confluence.css" media="screen"> Modified: shiro/site/publish/sharing-block-small.html URL: http://svn.apache.org/viewvc/shiro/site/publish/sharing-block-small.html?rev=1765607&r1=1765606&r2=1765607&view=diff ============================================================================== --- shiro/site/publish/sharing-block-small.html (original) +++ shiro/site/publish/sharing-block-small.html Wed Oct 19 14:24:58 2016 @@ -15,6 +15,7 @@ limitations under the License. --> <html> + <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta name="description" content="Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management."> @@ -29,6 +30,7 @@ <link rel="icon" type="image/vnd.microsoft.icon" href="./assets/images/favicon.ico"> + <link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.6.3/css/font-awesome.min.css";> <link rel="stylesheet" type="text/css" href="./assets/css/normalize.css"> <link rel="stylesheet" type="text/css" href="./assets/css/confluence.css" media="screen"> Modified: shiro/site/publish/sharing-block.html URL: http://svn.apache.org/viewvc/shiro/site/publish/sharing-block.html?rev=1765607&r1=1765606&r2=1765607&view=diff ============================================================================== --- shiro/site/publish/sharing-block.html (original) +++ shiro/site/publish/sharing-block.html Wed Oct 19 14:24:58 2016 @@ -15,6 +15,7 @@ limitations under the License. --> <html> + <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta name="description" content="Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management."> @@ -29,6 +30,7 @@ <link rel="icon" type="image/vnd.microsoft.icon" href="./assets/images/favicon.ico"> + <link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.6.3/css/font-awesome.min.css";> <link rel="stylesheet" type="text/css" href="./assets/css/normalize.css"> <link rel="stylesheet" type="text/css" href="./assets/css/confluence.css" media="screen"> Modified: shiro/site/publish/site.html URL: http://svn.apache.org/viewvc/shiro/site/publish/site.html?rev=1765607&r1=1765606&r2=1765607&view=diff ============================================================================== --- shiro/site/publish/site.html (original) +++ shiro/site/publish/site.html Wed Oct 19 14:24:58 2016 @@ -15,6 +15,7 @@ limitations under the License. --> <html> + <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta name="description" content="Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management."> @@ -29,6 +30,7 @@ <link rel="icon" type="image/vnd.microsoft.icon" href="./assets/images/favicon.ico"> + <link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.6.3/css/font-awesome.min.css";> <link rel="stylesheet" type="text/css" href="./assets/css/normalize.css"> <link rel="stylesheet" type="text/css" href="./assets/css/confluence.css" media="screen"> Modified: shiro/site/publish/siteheader.html URL: http://svn.apache.org/viewvc/shiro/site/publish/siteheader.html?rev=1765607&r1=1765606&r2=1765607&view=diff ============================================================================== --- shiro/site/publish/siteheader.html (original) +++ shiro/site/publish/siteheader.html Wed Oct 19 14:24:58 2016 @@ -15,6 +15,7 @@ limitations under the License. --> <html> + <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta name="description" content="Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management."> @@ -29,6 +30,7 @@ <link rel="icon" type="image/vnd.microsoft.icon" href="./assets/images/favicon.ico"> + <link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.6.3/css/font-awesome.min.css";> <link rel="stylesheet" type="text/css" href="./assets/css/normalize.css"> <link rel="stylesheet" type="text/css" href="./assets/css/confluence.css" media="screen"> Modified: shiro/site/publish/spring.html URL: http://svn.apache.org/viewvc/shiro/site/publish/spring.html?rev=1765607&r1=1765606&r2=1765607&view=diff ============================================================================== --- shiro/site/publish/spring.html (original) +++ shiro/site/publish/spring.html Wed Oct 19 14:24:58 2016 @@ -15,6 +15,7 @@ limitations under the License. --> <html> + <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta name="description" content="Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management."> @@ -29,6 +30,7 @@ <link rel="icon" type="image/vnd.microsoft.icon" href="./assets/images/favicon.ico"> + <link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.6.3/css/font-awesome.min.css";> <link rel="stylesheet" type="text/css" href="./assets/css/normalize.css"> <link rel="stylesheet" type="text/css" href="./assets/css/confluence.css" media="screen"> Modified: shiro/site/publish/subject.html URL: http://svn.apache.org/viewvc/shiro/site/publish/subject.html?rev=1765607&r1=1765606&r2=1765607&view=diff ============================================================================== --- shiro/site/publish/subject.html (original) +++ shiro/site/publish/subject.html Wed Oct 19 14:24:58 2016 @@ -15,6 +15,7 @@ limitations under the License. --> <html> + <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta name="description" content="Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management."> @@ -29,6 +30,7 @@ <link rel="icon" type="image/vnd.microsoft.icon" href="./assets/images/favicon.ico"> + <link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.6.3/css/font-awesome.min.css";> <link rel="stylesheet" type="text/css" href="./assets/css/normalize.css"> <link rel="stylesheet" type="text/css" href="./assets/css/confluence.css" media="screen"> @@ -220,8 +222,27 @@ currentUser.logout(); <span class="code- <p>A new feature added in Shiro 1.0 is the ability to construct custom/ad-hoc subject instances for use in special situations.</p> -<div class="panelMacro"><table class="noteMacro"><colgroup span="1"><col span="1" width="24"><col span="1"></colgroup><tr><td colspan="1" rowspan="1" valign="top"><img align="middle" src="https://cwiki.apache.org/confluence/images/icons/emoticons/warning.gif"; width="16" height="16" alt="" border="0"></td><td colspan="1" rowspan="1"><b>Special Use Only!</b><br clear="none">You should almost always acquire the currently executing Subject by calling <tt>SecurityUtils.getSubject();</tt><br clear="none"> -Creating custom <tt>Subject</tt> instances should only be done in special cases.</td></tr></table></div> +<div class="panelMacro"> + <table class="noteMacro"> + <colgroup span="1"> + <col span="1" width="24"> + <col span="1"> + </colgroup> + <tbody> + <tr> + <td colspan="1" rowspan="1" valign="top"> + <i class="fa fa-warning"></i> + </td> + + <td colspan="1" rowspan="1"> + <b>Special Use Only!</b> + <br clear="none"> + You should almost always acquire the currently executing Subject by calling <tt>SecurityUtils.getSubject();</tt><br clear="none">Creating custom <tt>Subject</tt> instances should only be done in special cases. + </td> + </tr> + </tbody> + </table> +</div> <p>Some 'special cases' when this can be useful:</p> @@ -235,7 +256,25 @@ This practice is encouraged because it e <br clear="none" class="atl-forced-newline"></li><li>Daemon/background process work - when a daemon or background process executes, it might need to execute as a particular user.</li></ul> -<div class="panelMacro"><table class="tipMacro"><colgroup span="1"><col span="1" width="24"><col span="1"></colgroup><tr><td colspan="1" rowspan="1" valign="top"><img align="middle" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif"; width="16" height="16" alt="" border="0"></td><td colspan="1" rowspan="1">If you already have access to a <tt>Subject</tt> instance and want it to be available to other threads, you should use the <tt>Subject.associateWith</tt>* methods instead of creating a new Subject instance.</td></tr></table></div> +<div class="panelMacro"> + <table class="tipMacro"> + <colgroup span="1"> + <col span="1" width="24"> + <col span="1"> + </colgroup> + <tbody><tr> + <td colspan="1" rowspan="1" valign="top"> + <i class="fa fa-check-square-o"></i> + </td> + <td colspan="1" rowspan="1"> + <b>Tip</b> + <br clear="none"> + If you already have access to a <tt>Subject</tt> instance and want it to be available to other threads, you should use the <tt>Subject.associateWith</tt>* methods instead of creating a new Subject instance. + </td> + </tr> + </tbody> + </table> +</div> <p>Ok, so assuming you still need to create custom subject instances, let's see how to do it:</p> @@ -365,7 +404,27 @@ Subject subject = builder.buildSubject() <p>While the <tt>Subject.execute</tt>* methods automatically clean up the thread state after they return, there might be some scenarios where you want to manage the <tt>ThreadState</tt> yourself. This is almost always done in framework-level development when integrating w/ Shiro and is rarely used even in bootstrap/daemon scenarios (where the <tt>Subject.execute(callable)</tt> example above is more frequent).</p> -<div class="panelMacro"><table class="noteMacro"><colgroup span="1"><col span="1" width="24"><col span="1"></colgroup><tr><td colspan="1" rowspan="1" valign="top"><img align="middle" src="https://cwiki.apache.org/confluence/images/icons/emoticons/warning.gif"; width="16" height="16" alt="" border="0"></td><td colspan="1" rowspan="1"><b>Guarantee Cleanup</b><br clear="none">The most important thing about this mechanism is that you must <em>always</em> guarantee the current thread is cleaned up after logic is executed to ensure there is no thread state corruption in a reusable or pooled thread environment.</td></tr></table></div> +<div class="panelMacro"> + <table class="noteMacro"> + <colgroup span="1"> + <col span="1" width="24"> + <col span="1"> + </colgroup> + <tbody> + <tr> + <td colspan="1" rowspan="1" valign="top"> + <i class="fa fa-warning"></i> + </td> + + <td colspan="1" rowspan="1"> + <b>Guarantee Cleanup</b> + <br clear="none"> + The most important thing about this mechanism is that you must <em>always</em> guarantee the current thread is cleaned up after logic is executed to ensure there is no thread state corruption in a reusable or pooled thread environment. + </td> + </tr> + </tbody> + </table> +</div> <p>Guaranteeing cleanup is best done in a <tt>try/finally</tt> block:</p> @@ -386,7 +445,27 @@ threadState.bind(); <p>Interestingly enough, this is exactly what the <tt>Subject.execute</tt>* methods do - they just perform this logic automatically before and after <tt>Callable</tt> or <tt>Runnable</tt> execution. It is also nearly identical logic performed by Shiro's <tt>ShiroFilter</tt> for web applications (<tt>ShiroFilter</tt> uses web-specific <tt>ThreadState</tt> implementations outside the scope of this section).</p> -<div class="panelMacro"><table class="warningMacro"><colgroup span="1"><col span="1" width="24"><col span="1"></colgroup><tr><td colspan="1" rowspan="1" valign="top"><img align="middle" src="https://cwiki.apache.org/confluence/images/icons/emoticons/forbidden.gif"; width="16" height="16" alt="" border="0"></td><td colspan="1" rowspan="1"><b>Web Use</b><br clear="none">Don't use the above <tt>ThreadState</tt> code example in a thread that is processing a web request. Web-specific ThreadState implementations are used during web requests instead. Instead, ensure the <tt>ShiroFilter</tt> intercepts web requests to ensure Subject building/binding/cleanup is done properly.</td></tr></table></div> +<div class="panelMacro"> + <table class="warningMacro"> + <colgroup span="1"> + <col span="1" width="24"> + <col span="1"> + </colgroup> + <tbody> + <tr> + <td colspan="1" rowspan="1" valign="top"> + <i class="fa fa-exclamation-circle"></i> + </td> + + <td colspan="1" rowspan="1"> + <b>Web Use</b> + <br clear="none"> + Don't use the above <tt>ThreadState</tt> code example in a thread that is processing a web request. Web-specific ThreadState implementations are used during web requests instead. Instead, ensure the <tt>ShiroFilter</tt> intercepts web requests to ensure Subject building/binding/cleanup is done properly. + </td> + </tr> + </tbody> + </table> +</div> <h4><a name="Subject-ADifferentThread"></a>A Different Thread</h4> @@ -420,7 +499,25 @@ Executor executor = <span class="code-ke </pre> </div></div> -<div class="panelMacro"><table class="tipMacro"><colgroup span="1"><col span="1" width="24"><col span="1"></colgroup><tr><td colspan="1" rowspan="1" valign="top"><img align="middle" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif"; width="16" height="16" alt="" border="0"></td><td colspan="1" rowspan="1"><b>Automatic Cleanup</b><br clear="none">The <tt>associateWith</tt>* methods perform necessary thread cleanup automatically to ensure threads remain clean in a pooled environment.</td></tr></table></div> +<div class="panelMacro"> + <table class="tipMacro"> + <colgroup span="1"> + <col span="1" width="24"> + <col span="1"> + </colgroup> + <tbody><tr> + <td colspan="1" rowspan="1" valign="top"> + <i class="fa fa-check-square-o"></i> + </td> + <td colspan="1" rowspan="1"> + <b>Automatic Cleanup</b> + <br clear="none"> + The <tt>associateWith</tt>* methods perform necessary thread cleanup automatically to ensure threads remain clean in a pooled environment. + </td> + </tr> + </tbody> + </table> +</div> <h2><a name="Subject-Lendahandwithdocumentation"></a>Lend a hand with documentation </h2>
![https://cwiki.apache.org/confluence/images/icons/emoticons/information.gif"](https://cwiki.apache.org/confluence/images/icons/emoticons/information.gif"){kind=link}
![https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif"](https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif"){kind=link}
![https://cwiki.apache.org/confluence/images/icons/emoticons/warning.gif"](https://cwiki.apache.org/confluence/images/icons/emoticons/warning.gif"){kind=link}
![https://cwiki.apache.org/confluence/images/icons/emoticons/forbidden.gif"](https://cwiki.apache.org/confluence/images/icons/emoticons/forbidden.gif"){kind=link}