This is an automated email from the ASF dual-hosted git repository.
lprimak pushed a commit to branch asf-staging
in repository https://gitbox.apache.org/repos/asf/shiro-site.git
The following commit(s) were added to refs/heads/asf-staging by this push:
new 52ff599b2 fixed links
52ff599b2 is described below
commit 52ff599b2efebdf800530945fa3dbb8bd4a4a566
Author: lprimak <[email protected]>
AuthorDate: Sun Aug 25 15:41:33 2024 -0500
fixed links
---
.well-known/security.txt | 2 +-
architecture.html | 2 +-
cachemanager.html | 8 ++++----
caching.html | 10 +++++-----
feed.xml | 2 +-
testing.html | 2 +-
web.html | 50 ++++++++++++++++++++++++------------------------
webapp-tutorial.html | 6 +++---
8 files changed, 41 insertions(+), 41 deletions(-)
diff --git a/.well-known/security.txt b/.well-known/security.txt
index 74ed4d368..d30ad8510 100644
--- a/.well-known/security.txt
+++ b/.well-known/security.txt
@@ -1,5 +1,5 @@
Contact: mailto:[email protected]
-Expires: 2025-08-25T20:20:26Z
+Expires: 2025-08-25T20:41:16Z
Preferred-Languages: en
Canonical: https://shiro.apache.org/.well-known/security.txt
Policy: https://shiro.apache.org/security-reports.html
\ No newline at end of file
diff --git a/architecture.html b/architecture.html
index 1e330e531..44e9323fc 100644
--- a/architecture.html
+++ b/architecture.html
@@ -309,7 +309,7 @@ The <code>SessionDAO</code> performs <code>Session</code>
persistence (CRUD) ope
The <code>CacheManager</code> creates and manages <code>Cache</code> instance
lifecycles used by other Shiro components. Because Shiro can access many
back-end data sources for authentication, authorization and session management,
caching has always been a first-class architectural feature in the framework to
improve performance while using these data sources. Any of the modern
open-source and/or enterprise caching products can be plugged in to Shiro to
provide a fast and efficient user- [...]
</li>
<li>
-<p><strong>Cryptography</strong> (<a
href="static/current/apidocs/org/apache/shiro/crypto/package-summary.html">org.apache.shiro.crypto.*</a>)
+<p><strong>Cryptography</strong> (<a
href="static/current/apidocs/shiro-crypto-cipher/org/apache/shiro/crypto/cipher/package-summary.html">org.apache.shiro.crypto.cipher.*</a>)
Cryptography is a natural addition to an enterprise security framework.
Shiro’s <code>crypto</code> package contains easy-to-use and understand
representations of crytographic Ciphers, Hashes (aka digests) and different
codec implementations. All the classes in this package are carefully designed
to be very easy to use and easy to understand. Anyone who has used Java’s
native cryptography support knows it can be a challenging animal to tame.
Shiro’s crypto APIs simplify [...]
</li>
<li>
diff --git a/cachemanager.html b/cachemanager.html
index 7f1910e50..a48716141 100644
--- a/cachemanager.html
+++ b/cachemanager.html
@@ -213,13 +213,13 @@
<div class="ulist">
<ul>
<li>
-<p><a
href="static/current/apidocs/org/apache/shiro/cache/CacheManager.html"><code>CacheManager</code></a></p>
+<p><a
href="static/current/apidocs/shiro-cache/org/apache/shiro/cache/CacheManager.html"><code>CacheManager</code></a></p>
</li>
<li>
-<p><a
href="static/current/apidocs/org/apache/shiro/cache/Cache.html"><code>Cache</code></a></p>
+<p><a
href="static/current/apidocs/shiro-cache/org/apache/shiro/cache/Cache.html"><code>Cache</code></a></p>
</li>
<li>
-<p><a
href="static/current/apidocs/org/apache/shiro/cache/CacheManagerAware.html"><code>CacheManagerAware</code></a></p>
+<p><a
href="static/current/apidocs/shiro-cache/org/apache/shiro/cache/CacheManagerAware.html"><code>CacheManagerAware</code></a></p>
</li>
</ul>
</div>
@@ -246,7 +246,7 @@ securityManager.cacheManager = $cacheManager
</div>
</div>
<div class="paragraph">
-<p>We have an out-of-the-box <a
href="static/current/apidocs/org/apache/shiro/cache/ehcache/EhCacheManager.html"><code>EhCacheManager</code></a>
implementation, so you can use that today if you wanted.
+<p>We have an out-of-the-box <a
href="static/current/apidocs/shiro-cache/org/apache/shiro/cache/ehcache/EhCacheManager.html"><code>EhCacheManager</code></a>
implementation, so you can use that today if you wanted.
Otherwise, you can implement your own <code>CacheManager</code> (e.g. with
Coherence, etc.) and configure it as above, and you’ll be good to go.</p>
</div>
</div>
diff --git a/caching.html b/caching.html
index 027830281..50ce01140 100644
--- a/caching.html
+++ b/caching.html
@@ -231,7 +231,7 @@ end-user to configure any cache mechanism they prefer.</p>
<div class="ulist">
<ul>
<li>
-<p><a
href="static/current/apidocs/org/apache/shiro/cache/CacheManager.html"><code>CacheManager</code></a></p>
+<p><a
href="static/current/apidocs/shiro-cache/org/apache/shiro/cache/CacheManager.html"><code>CacheManager</code></a></p>
<div class="ulist">
<ul>
<li>
@@ -242,7 +242,7 @@ instances.</p>
</div>
</li>
<li>
-<p><a
href="static/current/apidocs/org/apache/shiro/cache/Cache.html"><code>Cache</code></a></p>
+<p><a
href="static/current/apidocs/shiro-cache/org/apache/shiro/cache/Cache.html"><code>Cache</code></a></p>
<div class="ulist">
<ul>
<li>
@@ -252,7 +252,7 @@ instances.</p>
</div>
</li>
<li>
-<p><a
href="static/current/apidocs/org/apache/shiro/cache/CacheManagerAware.html"><code>CacheManagerAware</code></a></p>
+<p><a
href="static/current/apidocs/shiro-cache/org/apache/shiro/cache/CacheManagerAware.html"><code>CacheManagerAware</code></a></p>
<div class="ulist">
<ul>
<li>
@@ -308,13 +308,13 @@ own.</p>
<h3
id="memoryconstrainedcachemanager"><code>MemoryConstrainedCacheManager</code></h3>
<div class="paragraph">
<p>The
-<a
href="static/current/apidocs/org/apache/shiro/cache/MemoryConstrainedCacheManager.html"><code>MemoryConstrainedCacheManager</code></a>
+<a
href="static/current/apidocs/shiro-cache/org/apache/shiro/cache/MemoryConstrainedCacheManager.html"><code>MemoryConstrainedCacheManager</code></a>
is a <code>CacheManager</code> implementation suitable for single-JVM
production
environments.
It is not clustered/distributed, so if your application spans across more than
one JVM (e.g. web app running on multiple web servers), and you want cache
entries to be accessible across JVMs, you will need to use a distributed cache
implement instead.</p>
</div>
<div class="paragraph">
-<p>The <code>MemoryConstrainedCacheManager</code> manages <a
href="static/current/apidocs/org/apache/shiro/cache/MapCache.html"><code>MapCache</code></a>
instances, one <code>MapCache</code> instance per named cache.
+<p>The <code>MemoryConstrainedCacheManager</code> manages <a
href="static/current/apidocs/shiro-cache/org/apache/shiro/cache/MapCache.html"><code>MapCache</code></a>
instances, one <code>MapCache</code> instance per named cache.
Each <code>MapCache</code> instance is backed by a Shiro <a
href="static/current/apidocs/org/apache/shiro/util/SoftHashMap.html"><code>SoftHashMap</code></a>
which can auto-resize itself based on an application’s runtime memory
constraints/needs (by leveraging JDK <a
href="https://docs.oracle.com/javase/7/docs/api/java/lang/ref/SoftReference.html";><code>SoftReference</code></a>
instances).</p>
</div>
<div class="paragraph">
diff --git a/feed.xml b/feed.xml
index cd01cf5f0..d7ae4ca67 100644
--- a/feed.xml
+++ b/feed.xml
@@ -4,7 +4,7 @@
<subtitle>Simple. Java. Security.</subtitle>
<link href="https://shiro.apache.org/"/>
<link rel="self" href="https://shiro.apache.org/feed.xml"; />
- <updated>2024-08-25T20:20:28Z</updated>
+ <updated>2024-08-25T20:41:19Z</updated>
<author>
<name>Les Hazlewood</name>
diff --git a/testing.html b/testing.html
index 66cb83c49..0e63d0ace 100644
--- a/testing.html
+++ b/testing.html
@@ -234,7 +234,7 @@
</ol>
</div>
<div class="paragraph">
-<p>Shiro has architectural components that perform this bind/unbind logic
automatically for a running application. For example, in a web application, the
root Shiro Filter performs this logic when <a
href="https://shiro.apache.org/static/current/apidocs/org/apache/shiro/web/servlet/AbstractShiroFilter.html#doFilterInternal(javax.servlet.ServletRequest,javax.servlet.ServletResponse,javax.servlet.FilterChain)">filtering
a request</a>. But as test environments and frameworks differ, we need [...]
+<p>Shiro has architectural components that perform this bind/unbind logic
automatically for a running application. For example, in a web application, the
root Shiro Filter performs this logic when <a
href="https://shiro.apache.org/static/current/apidocs/shiro-web/org/apache/shiro/web/servlet/AbstractShiroFilter.html#doFilterInternal(javax.servlet.ServletRequest,javax.servlet.ServletResponse,javax.servlet.FilterChain)">filtering
a request</a>. But as test environments and frameworks diffe [...]
</div>
</div>
</div>
diff --git a/web.html b/web.html
index 293b4e64b..bdee434cc 100644
--- a/web.html
+++ b/web.html
@@ -736,7 +736,7 @@ For example, let’s assume that there are the
following chain definitions:<
<p>Being able to react to path specific configuration, i.e. the
<code>[optional_configN]</code> part of a filter token, is a unique feature
available to Shiro filters.</p>
</div>
<div class="paragraph">
-<p>If you want to create your own <code>javax.servlet.Filter</code>
implementation that can also do this, make sure your filter subclasses <a
href="static/current/apidocs/org/apache/shiro/web/filter/PathMatchingFilter.html">org.apache.shiro.web.filter.PathMatchingFilter</a>.</p>
+<p>If you want to create your own <code>javax.servlet.Filter</code>
implementation that can also do this, make sure your filter subclasses <a
href="static/current/apidocs/shiro-web/org/apache/shiro/web/filter/PathMatchingFilter.html">org.apache.shiro.web.filter.PathMatchingFilter</a>.</p>
</div>
</td>
</tr>
@@ -791,7 +791,7 @@ authc.loginUrl = /login.jsp
</div>
</div>
<div class="paragraph">
-<p>The default Filter instances available automatically are defined by the <a
href="static/current/apidocs/org/apache/shiro/web/filter/mgt/DefaultFilter.html">DefaultFilter
enum</a> and the enum’s <code>name</code> field is the name available
for configuration. They are:</p>
+<p>The default Filter instances available automatically are defined by the <a
href="static/current/apidocs/shiro-web/org/apache/shiro/web/filter/mgt/DefaultFilter.html">DefaultFilter
enum</a> and the enum’s <code>name</code> field is the name available
for configuration. They are:</p>
</div>
<table class="tableblock frame-all grid-all stretch">
<colgroup>
@@ -807,55 +807,55 @@ authc.loginUrl = /login.jsp
<tbody>
<tr>
<td class="tableblock halign-left valign-top"><p
class="tableblock">anon</p></td>
-<td class="tableblock halign-left valign-top"><p class="tableblock"><a
href="static/current/apidocs/org/apache/shiro/web/filter/authc/AnonymousFilter.html">org.apache.shiro.web.filter.authc.AnonymousFilter</a></p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock"><a
href="static/current/apidocs/shiro-web/org/apache/shiro/web/filter/authc/AnonymousFilter.html">org.apache.shiro.web.filter.authc.AnonymousFilter</a></p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p
class="tableblock">authc</p></td>
-<td class="tableblock halign-left valign-top"><p class="tableblock"><a
href="static/current/apidocs/org/apache/shiro/web/filter/authc/FormAuthenticationFilter.html">org.apache.shiro.web.filter.authc.FormAuthenticationFilter</a></p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock"><a
href="static/current/apidocs/shiro-web/org/apache/shiro/web/filter/authc/FormAuthenticationFilter.html">org.apache.shiro.web.filter.authc.FormAuthenticationFilter</a></p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p
class="tableblock">authcBasic</p></td>
-<td class="tableblock halign-left valign-top"><p class="tableblock"><a
href="static/current/apidocs/org/apache/shiro/web/filter/authc/BasicHttpAuthenticationFilter.html">org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter</a></p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock"><a
href="static/current/apidocs/shiro-web/org/apache/shiro/web/filter/authc/BasicHttpAuthenticationFilter.html">org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter</a></p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p
class="tableblock">authcBearer</p></td>
-<td class="tableblock halign-left valign-top"><p class="tableblock"><a
href="static/current/apidocs/org/apache/shiro/web/filter/authc/BearerHttpAuthenticationFilter.html">org.apache.shiro.web.filter.authc.BearerHttpAuthenticationFilter</a></p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock"><a
href="static/current/apidocs/shiro-web/org/apache/shiro/web/filter/authc/BearerHttpAuthenticationFilter.html">org.apache.shiro.web.filter.authc.BearerHttpAuthenticationFilter</a></p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p
class="tableblock">invalidRequest</p></td>
-<td class="tableblock halign-left valign-top"><p class="tableblock"><a
href="static/current/apidocs/org/apache/shiro/web/filter/InvalidRequestFilter.html">org.apache.shiro.web.filter.InvalidRequestFilter</a></p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock"><a
href="static/current/apidocs/shiro-web/org/apache/shiro/web/filter/InvalidRequestFilter.html">org.apache.shiro.web.filter.InvalidRequestFilter</a></p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p
class="tableblock">logout</p></td>
-<td class="tableblock halign-left valign-top"><p class="tableblock"><a
href="static/current/apidocs/org/apache/shiro/web/filter/authc/LogoutFilter.html">org.apache.shiro.web.filter.authc.LogoutFilter</a></p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock"><a
href="static/current/apidocs/shiro-web/org/apache/shiro/web/filter/authc/LogoutFilter.html">org.apache.shiro.web.filter.authc.LogoutFilter</a></p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p
class="tableblock">noSessionCreation</p></td>
-<td class="tableblock halign-left valign-top"><p class="tableblock"><a
href="static/current/apidocs/org/apache/shiro/web/filter/session/NoSessionCreationFilter.html">org.apache.shiro.web.filter.session.NoSessionCreationFilter</a></p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock"><a
href="static/current/apidocs/shiro-web/org/apache/shiro/web/filter/session/NoSessionCreationFilter.html">org.apache.shiro.web.filter.session.NoSessionCreationFilter</a></p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p
class="tableblock">perms</p></td>
-<td class="tableblock halign-left valign-top"><p class="tableblock"><a
href="static/current/apidocs/org/apache/shiro/web/filter/authz/PermissionsAuthorizationFilter.html">org.apache.shiro.web.filter.authz.PermissionsAuthorizationFilter</a></p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock"><a
href="static/current/apidocs/shiro-web/org/apache/shiro/web/filter/authz/PermissionsAuthorizationFilter.html">org.apache.shiro.web.filter.authz.PermissionsAuthorizationFilter</a></p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p
class="tableblock">port</p></td>
-<td class="tableblock halign-left valign-top"><p class="tableblock"><a
href="static/current/apidocs/org/apache/shiro/web/filter/authz/PortFilter.html">org.apache.shiro.web.filter.authz.PortFilter</a></p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock"><a
href="static/current/apidocs/shiro-web/org/apache/shiro/web/filter/authz/PortFilter.html">org.apache.shiro.web.filter.authz.PortFilter</a></p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p
class="tableblock">rest</p></td>
-<td class="tableblock halign-left valign-top"><p class="tableblock"><a
href="static/current/apidocs/org/apache/shiro/web/filter/authz/HttpMethodPermissionFilter.html">org.apache.shiro.web.filter.authz.HttpMethodPermissionFilter</a></p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock"><a
href="static/current/apidocs/shiro-web/org/apache/shiro/web/filter/authz/HttpMethodPermissionFilter.html">org.apache.shiro.web.filter.authz.HttpMethodPermissionFilter</a></p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p
class="tableblock">roles</p></td>
-<td class="tableblock halign-left valign-top"><p class="tableblock"><a
href="static/current/apidocs/org/apache/shiro/web/filter/authz/RolesAuthorizationFilter.html">org.apache.shiro.web.filter.authz.RolesAuthorizationFilter</a></p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock"><a
href="static/current/apidocs/shiro-web/org/apache/shiro/web/filter/authz/RolesAuthorizationFilter.html">org.apache.shiro.web.filter.authz.RolesAuthorizationFilter</a></p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p
class="tableblock">ssl</p></td>
-<td class="tableblock halign-left valign-top"><p class="tableblock"><a
href="static/current/apidocs/org/apache/shiro/web/filter/authz/SslFilter.html">org.apache.shiro.web.filter.authz.SslFilter</a></p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock"><a
href="static/current/apidocs/shiro-web/org/apache/shiro/web/filter/authz/SslFilter.html">org.apache.shiro.web.filter.authz.SslFilter</a></p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p
class="tableblock">user</p></td>
-<td class="tableblock halign-left valign-top"><p class="tableblock"><a
href="static/current/apidocs/org/apache/shiro/web/filter/authc/UserFilter.html">org.apache.shiro.web.filter.authc.UserFilter</a></p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock"><a
href="static/current/apidocs/shiro-web/org/apache/shiro/web/filter/authc/UserFilter.html">org.apache.shiro.web.filter.authc.UserFilter</a></p></td>
</tr>
</tbody>
</table>
@@ -874,7 +874,7 @@ authc.loginUrl = /login.jsp
<p>This is a powerful concept because it is often more convenient to enable or
disable a filter based on certain requirements than to change the static filter
chain definition, which would be permanent and inflexible.</p>
</div>
<div class="paragraph">
-<p>Shiro accomplishes this via its <a
href="static/current/apidocs/org/apache/shiro/web/servlet/OncePerRequestFilter.html">OncePerRequestFilter</a>
abstract parent class. All of Shiro’s out-of-the-box Filter
implementations subclass this one and therefore are able to be enabled or
disabled without removing them from the filter chain. You can subclass this
class for your own filter implementations if you need this functionality as
well*.</p>
+<p>Shiro accomplishes this via its <a
href="static/current/apidocs/shiro-web/org/apache/shiro/web/servlet/OncePerRequestFilter.html">OncePerRequestFilter</a>
abstract parent class. All of Shiro’s out-of-the-box Filter
implementations subclass this one and therefore are able to be enabled or
disabled without removing them from the filter chain. You can subclass this
class for your own filter implementations if you need this functionality as
well*.</p>
</div>
<div class="paragraph">
<p>*https://issues.apache.org/jira/browse/SHIRO-224[SHIRO-224] will hopefully
enable this feature for any filter, not just those subclassing
<code>OncePerRequestFilter</code>. If this is important to you, please vote for
the issue.</p>
@@ -882,7 +882,7 @@ authc.loginUrl = /login.jsp
<div class="sect2">
<h3 id="general_enablingdisabling">General Enabling/Disabling</h3>
<div class="paragraph">
-<p>The <a
href="static/current/apidocs/org/apache/shiro/web/servlet/OncePerRequestFilter.html">OncePerRequestFilter</a>
(and all of its subclasses) supports enabling/disabling across all requests as
well as on a per-request basis.</p>
+<p>The <a
href="static/current/apidocs/shiro-web/org/apache/shiro/web/servlet/OncePerRequestFilter.html">OncePerRequestFilter</a>
(and all of its subclasses) supports enabling/disabling across all requests as
well as on a per-request basis.</p>
</div>
<div class="paragraph">
<p>General enabling or disabling of a filter for all requests is done by
setting its <code>enabled</code> property to true or false. The default setting
is <code>true</code> since most filters inherently need to execute if they are
configured in a chain.</p>
@@ -920,7 +920,7 @@ ssl.enabled = false
<div class="sect2">
<h3 id="path_specific_enablingdisabling">Path-specific Enabling/Disabling</h3>
<div class="paragraph">
-<p>Shiro’s <a
href="static/current/apidocs/org/apache/shiro/web/filter/PathMatchingFilter.html">PathMatchingFilter</a>
(a subclass of <code>OncePerRequestFilter</code> has the ability to react to
configuration based on a <em>specific path</em> being filtered. This means you
can enable or disable a filter based on the path and the path-specific
configuration in addition to the incoming request and response.</p>
+<p>Shiro’s <a
href="static/current/apidocs/shiro-web/org/apache/shiro/web/filter/PathMatchingFilter.html">PathMatchingFilter</a>
(a subclass of <code>OncePerRequestFilter</code> has the ability to react to
configuration based on a <em>specific path</em> being filtered. This means you
can enable or disable a filter based on the path and the path-specific
configuration in addition to the incoming request and response.</p>
</div>
<div class="paragraph">
<p>If you need to be able to react to the matching path and the path-specific
configuration to determine if a filter is enabled or disabled, instead of
overriding <code>OncePerRequestFilter</code>
<code>isEnabled(request,response)</code> method, you would override the
<code>PathMatchingFilter</code>
<code>isEnabled(request,response,path,pathConfig)</code> method instead.</p>
@@ -989,7 +989,7 @@ invalidRequest.blockNonAscii = true
<div class="sect2">
<h3 id="http_strict_transport_security_hsts">HTTP Strict Transport Security
(HSTS)</h3>
<div class="paragraph">
-<p>The <a
href="static/current/apidocs/org/apache/shiro/web/filter/authz/SslFilter.html">SslFilter</a>
(and all of its subclasses) supports enabling/disabling HTTP Strict Transport
Security (HSTS).</p>
+<p>The <a
href="static/current/apidocs/shiro-web/org/apache/shiro/web/filter/authz/SslFilter.html">SslFilter</a>
(and all of its subclasses) supports enabling/disabling HTTP Strict Transport
Security (HSTS).</p>
</div>
<div class="paragraph">
<p>For example, in shiro.ini:</p>
@@ -1055,7 +1055,7 @@ It is essentially a bridge for Shiro’s session API
to the servlet containe
<div class="sect3">
<h4 id="defaultwebsessionmanager"><code>DefaultWebSessionManager</code></h4>
<div class="paragraph">
-<p>To enable native session management for your web application, you will need
to configure a native web-capable session manager to override the default
servlet container-based one. You can do that by configuring an instance of <a
href="static/current/apidocs/org/apache/shiro/web/session/mgt/DefaultWebSessionManager.html"><code>DefaultWebSessionManager</code></a>
on Shiro’s <code>SecurityManager</code>. For example, in
<code>shiro.ini</code>:</p>
+<p>To enable native session management for your web application, you will need
to configure a native web-capable session manager to override the default
servlet container-based one. You can do that by configuring an instance of <a
href="static/current/apidocs/shiro-web/org/apache/shiro/web/session/mgt/DefaultWebSessionManager.html"><code>DefaultWebSessionManager</code></a>
on Shiro’s <code>SecurityManager</code>. For example, in
<code>shiro.ini</code>:</p>
</div>
<div class="paragraph">
<p><strong>shiro.ini native web session management</strong></p>
@@ -1091,7 +1091,7 @@ securityManager.sessionManager =
$sessionManager</code></pre>
<p><code>sessionIdCookieEnabled</code> (a boolean)</p>
</li>
<li>
-<p><code>sessionIdCookie</code>, a <a
href="static/current/apidocs/org/apache/shiro/web/servlet/Cookie.html">Cookie</a>
instance.</p>
+<p><code>sessionIdCookie</code>, a <a
href="static/current/apidocs/shiro-web/org/apache/shiro/web/servlet/Cookie.html">Cookie</a>
instance.</p>
</li>
</ul>
</div>
@@ -1106,7 +1106,7 @@ securityManager.sessionManager =
$sessionManager</code></pre>
<div class="sect5">
<h6 id="session_cookie_configuration">Session Cookie Configuration</h6>
<div class="paragraph">
-<p>The DefaultWebSessionManager’s <code>sessionIdCookie</code> default
instance is a <a
href="static/current/apidocs/org/apache/shiro/web/servlet/SimpleCookie.html"><code>SimpleCookie</code></a>.
This simple implementation allows JavaBeans-style property configuration for
all the relevant properties you would want to configure on an http Cookie.</p>
+<p>The DefaultWebSessionManager’s <code>sessionIdCookie</code> default
instance is a <a
href="static/current/apidocs/shiro-web/org/apache/shiro/web/servlet/SimpleCookie.html"><code>SimpleCookie</code></a>.
This simple implementation allows JavaBeans-style property configuration for
all the relevant properties you would want to configure on an http Cookie.</p>
</div>
<div class="paragraph">
<p>For example, you could set the Cookie domain:</p>
@@ -1119,7 +1119,7 @@ securityManager.sessionManager.sessionIdCookie.domain =
foo.com</code></pre>
</div>
</div>
<div class="paragraph">
-<p>See the <a
href="static/current/apidocs/org/apache/shiro/web/servlet/SimpleCookie.html">SimpleCookie
JavaDoc</a> for additional properties.</p>
+<p>See the <a
href="static/current/shiro-web/apidocs/org/apache/shiro/web/servlet/SimpleCookie.html">SimpleCookie
JavaDoc</a> for additional properties.</p>
</div>
<div class="paragraph">
<p>The cookie’s default name is <code>JSESSIONID</code> in accordance
with the servlet specification. Additionally, Shiro’s cookie supports the
<a
href="https://en.wikipedia.org/wiki/HTTP_cookie#HttpOnly_cookie";><code>HttpOnly</code></a>
and <a
href="https://en.wikipedia.org/wiki/HTTP_cookie#Same-site_cookie";><code>SameSite</code></a>
flags. The <code>sessionIdCookie</code> sets <code>HttpOnly</code> to
<code>true</code> and <code>SameSite</code> to <code>LAX</code> by defaul [...]
@@ -1208,7 +1208,7 @@ SecurityUtils.getSubject().login(token);
<div class="sect2">
<h3 id="form_based_login">Form-based Login</h3>
<div class="paragraph">
-<p>For web applications, the <code>authc</code> filter is by default a <a
href="static/current/apidocs/org/apache/shiro/web/filter/authc/FormAuthenticationFilter.html"><code>FormAuthenticationFilter</code></a>.
This supports reading the 'rememberMe' boolean as a form/request parameter. By
default, it expects the request param to be named <code>rememberMe</code>. Here
is an example shiro.ini config supporting this:</p>
+<p>For web applications, the <code>authc</code> filter is by default a <a
href="static/current/apidocs/shiro-web/org/apache/shiro/web/filter/authc/FormAuthenticationFilter.html"><code>FormAuthenticationFilter</code></a>.
This supports reading the 'rememberMe' boolean as a form/request parameter. By
default, it expects the request param to be named <code>rememberMe</code>. Here
is an example shiro.ini config supporting this:</p>
</div>
<div class="listingblock">
<div class="content">
@@ -1267,7 +1267,7 @@ securityManager.rememberMeManager.cookie.maxAge = blah
</div>
</div>
<div class="paragraph">
-<p>See the <a
href="static/current/apidocs/org/apache/shiro/web/mgt/CookieRememberMeManager.html"><code>CookieRememberMeManager</code></a>
and the supporting <a
href="static/current/apidocs/src-html/org/apache/shiro/web/servlet/SimpleCookie.html"><code>SimpleCookie</code></a>
JavaDoc for configuration properties.</p>
+<p>See the <a
href="static/current/apidocs/shiro-web/org/apache/shiro/web/mgt/CookieRememberMeManager.html"><code>CookieRememberMeManager</code></a>
and the supporting <a
href="static/current/apidocs/src-html/org/apache/shiro/web/servlet/SimpleCookie.html"><code>SimpleCookie</code></a>
JavaDoc for configuration properties.</p>
</div>
</div>
<div class="sect2">
diff --git a/webapp-tutorial.html b/webapp-tutorial.html
index 985b340d5..48456a670 100644
--- a/webapp-tutorial.html
+++ b/webapp-tutorial.html
@@ -927,7 +927,7 @@ shiro.loginUrl = /login.jsp
<p>This is a special configuration directive that tells Shiro "For any of
Shiro’s <a
href="https://shiro.apache.org/web.html#Web-DefaultFilters";>default filters</a>
that have a <code>loginUrl</code> property, I want that property value to be
set to <code>/login.jsp</code>."</p>
</div>
<div class="paragraph">
-<p>This allows Shiro’s default <code>authc</code> filter (by default, a
<a
href="https://shiro.apache.org/static/current/apidocs/org/apache/shiro/web/filter/authc/FormAuthenticationFilter.html";><code>FormAuthenticationFilter</code></a>)
to know about the login page. This is necessary for the
<code>FormAuthenticationFilter</code> to work correctly.</p>
+<p>This allows Shiro’s default <code>authc</code> filter (by default, a
<a
href="https://shiro.apache.org/static/current/apidocs/web/org/apache/shiro/web/filter/authc/FormAuthenticationFilter.html";><code>FormAuthenticationFilter</code></a>)
to know about the login page. This is necessary for the
<code>FormAuthenticationFilter</code> to work correctly.</p>
</div>
</div>
<div class="sect3">
@@ -990,7 +990,7 @@ shiro.loginUrl = /login.jsp
</ol>
</div>
<div class="paragraph">
-<p>Our login.jsp form just uses the default <code>username</code>,
<code>password</code>, and <code>rememberMe</code> form field names. These
names are configurable if you wish to change them - see the <a
href="https://shiro.apache.org/static/current/apidocs/org/apache/shiro/web/filter/authc/FormAuthenticationFilter.html";><code>FormAuthenticationFilter</code>
JavaDoc</a> for information.</p>
+<p>Our login.jsp form just uses the default <code>username</code>,
<code>password</code>, and <code>rememberMe</code> form field names. These
names are configurable if you wish to change them - see the <a
href="https://shiro.apache.org/static/current/apidocs/web/org/apache/shiro/web/filter/authc/FormAuthenticationFilter.html";><code>FormAuthenticationFilter</code>
JavaDoc</a> for information.</p>
</div>
</div>
<div class="sect2">
@@ -1357,7 +1357,7 @@ shiro.loginUrl = /login.jsp
<p>An exercise left to the reader (not a defined step) is to create a new
section of the website and restrict URL access to that section of the website
based on what role is assigned to the current user.</p>
</div>
<div class="paragraph">
-<p>Hint: Create a <a
href="https://shiro.apache.org/web.html#Web-FilterChainDefinitions";>filter
chain definition</a> for that new part of the webapp using the <a
href="https://shiro.apache.org/static/current/apidocs/org/apache/shiro/web/filter/authz/RolesAuthorizationFilter.html";><code>roles</code>
filter</a></p>
+<p>Hint: Create a <a
href="https://shiro.apache.org/web.html#Web-FilterChainDefinitions";>filter
chain definition</a> for that new part of the webapp using the <a
href="https://shiro.apache.org/static/current/apidocs/web/org/apache/shiro/web/filter/authz/RolesAuthorizationFilter.html";><code>roles</code>
filter</a></p>
</div>
</div>
<div class="sect2">
