Repository: shiro-site Updated Branches: refs/heads/master 9935ed5b5 -> cc367deac
Update java-authentication-guide.md.vtl Project: http://git-wip-us.apache.org/repos/asf/shiro-site/repo Commit: http://git-wip-us.apache.org/repos/asf/shiro-site/commit/cc367dea Tree: http://git-wip-us.apache.org/repos/asf/shiro-site/tree/cc367dea Diff: http://git-wip-us.apache.org/repos/asf/shiro-site/diff/cc367dea Branch: refs/heads/master Commit: cc367deac4332c98ed3b45b06eb6a87b38bea5f8 Parents: 9935ed5 Author: JaapD <[email protected]> Authored: Tue Nov 22 15:40:51 2016 +0100 Committer: GitHub <[email protected]> Committed: Tue Nov 22 15:40:51 2016 +0100 ---------------------------------------------------------------------- java-authentication-guide.md.vtl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/shiro-site/blob/cc367dea/java-authentication-guide.md.vtl ---------------------------------------------------------------------- diff --git a/java-authentication-guide.md.vtl b/java-authentication-guide.md.vtl index 056f784..4409553 100644 --- a/java-authentication-guide.md.vtl +++ b/java-authentication-guide.md.vtl @@ -123,7 +123,7 @@ So although many parts of the application can still perform user-specific logic For example, a check to see if a subject can access financial information should almost always depend on `isAuthenticated()`, not `isRemembered()`, to guarantee a verified identity. -He is a scenario to help illustrate why the the distinction between isAuthenticated and isRemembered is important. +Here is a scenario to help illustrate why the the distinction between isAuthenticated and isRemembered is important. Let's say you're using Amazon.com. You log in and you add some books to your shopping cart. A day goes by. Of course your user session has expired and you've been logged out. But Amazon "remembers" you, greets you by name, and is still giving you personalized book recommendations. To Amazon, `isRemembered()` would return `TRUE`. What happens if you try to use one of the credit cards on file or change your account information? While Amazon "remembers" you, `isRemembered() = TRUE`, it is not certain that you are in fact you, `isAuthenticated()=FALSE`. So before you can perform a sensitive action Amazon needs to verify your identity by forcing an authentication process which it does through a login screen. After the login, your identity has been verified and `isAuthenticated()=TRUE`.
